diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:51:29 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:53:04 +0300 |
commit | c67ef227fe09ebd2213c47709a37a70784232b12 (patch) | |
tree | 5fd573a5df398965aa7e7f88b42a8db2144e8a0e | |
parent | 53fdac2b0aee16e297ce86b473c56547ff1330ac (diff) | |
download | openbmc-c67ef227fe09ebd2213c47709a37a70784232b12.tar.xz |
subtree updates
poky: 387ab5f18b..eaf8ce9d39:
Alejandro Hernandez Samaniego (1):
rootfs.py: dont try to list installed packages for baremetal images
Alex Stewart (1):
maintainers: update opkg maintainer
Alexander Kanavin (26):
devtool/upgrade: correctly clean up when recipe filename isn't yet known
devtool/upgrade: catch bb.fetch2.decodeurl errors
scripts/oe-setup-builddir: make it known where configurations come from
bluez5: update 5.64 -> 5.65
libwpe: upgrade 1.12.0 -> 1.12.2
ell: upgrade 0.49 -> 0.50
iso-codes: upgrade 4.10.0 -> 4.11.0
libcap: upgrade 2.64 -> 2.65
libwebp: upgrade 1.2.2 -> 1.2.3
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
webkitgtk: upgrade 2.36.4 -> 2.36.5
weston: upgrade 10.0.1 -> 10.0.2
tzdata: upgrade 2022a -> 2022b
xz: update 5.2.5 -> 5.2.6
gdk-pixbuf: upgrade 2.42.6 -> 2.42.8
gdk-pixbuf: update 2.42.8 -> 2.42.9
epiphany: upgrade 42.3 -> 42.4
glib-networking: upgrade 2.72.1 -> 2.72.2
libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
libwebp: upgrade 1.2.3 -> 1.2.4
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
bind: upgrade 9.18.4 -> 9.18.5
lighttpd: upgrade 1.4.65 -> 1.4.66
rpm: update 4.17.0 -> 4.17.1
tzdata: update to 2022d
Alexandre Belloni (3):
ruby: drop capstone support
runqemu: display host uptime when starting
oeqa/runtime/dnf: fix typo
Andrei Gherzan (4):
linux-yocto: Fix COMPATIBLE_MACHINE regex match
shadow: Enable subid support
rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
shadow: Avoid nss warning/error with musl
Anuj Mittal (1):
poky.conf: add ubuntu-22.04 to tested distros
Aryaman Gupta (2):
bitbake: bitbake: runqueue: add cpu/io pressure regulation
bitbake: bitbake: runqueue: add memory pressure regulation
Awais Belal (1):
kernel-fitimage.bbclass: only package unique DTBs
Beniamin Sandu (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Bertrand Marquis (1):
sysvinit-inittab/start_getty: Fix respawn too fast
Bruce Ashfield (16):
lttng-modules: fix 5.19+ build
lttng-modules: fix build against mips and v5.19 kernel
lttng-modules: replace mips compaction fix with upstream change
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.15: update to v5.15.62
linux-yocto/5.10: update to v5.10.136
linux-yocto/5.10: update to v5.10.137
linux-yocto/5.10: update to v5.10.141
linux-yocto/5.10: update to v5.10.143
linux-yocto/5.15: update to v5.15.63
linux-yocto/5.15: update to v5.15.65
linux-yocto/5.15: update to v5.15.68
linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
kernel-yocto: allow patch author date to be commit date
kern-tools: fix queue processing in relative TOPDIR configurations
kern-tools: allow 'y' or 'm' to avoid config audit warnings
Changqing Li (1):
apt: fix nativesdk-apt build failure during the second time build
Chee Yang Lee (1):
sqlite: add CVE-2022-35737 patch to SRC_URI
Daiane Angolini (1):
python3-pip: Fix RDEPENDS after the update
Daniel McGregor (1):
coreutils: add openssl PACKAGECONFIG
Denys Dmytriyenko (1):
glibc-locale: explicitly remove empty dirs in ${libdir}
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220708 -> 20220913
linux-firmware: package new Qualcomm firmware
Enrico Scholz (5):
npm: replace 'npm pack' call by 'tar czf'
npm: return content of 'package.json' in 'npm_pack'
npm: take 'version' directly from 'package.json'
lib:npm_registry: initial checkin
npm: use npm_registry to cache package
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Florin Diaconescu (4):
expat: upgrade 2.4.7 -> 2.4.8
expat: upgrade 2.4.8 -> 2.4.9
rsync: update 3.2.3 -> 3.2.4
rsync: update 3.2.4 -> 3.2.5
Gennaro Iorio (1):
bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls
He Zhe (3):
lttng-tools: Disable on qemuriscv32
stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
lttng-tools: Disable on riscv32
Hitendra Prajapati (5):
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
zlib: CVE-2022-37434 a heap-based buffer over-read
libtiff: CVE-2022-34526 A stack overflow was discovered
Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow"
Jacob Kroon (1):
bitbake: bitbake-user-manual: Correct description of the ??= operator
Jon Mason (2):
ref-manual: add numa to machine features
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
Jose Quaresma (7):
archiver.bbclass: remove unsed do_deploy_archives[dirs]
create-spdx: ignore packing control files from ipk and deb
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain
bitbake: bb/utils: remove: check the path again the expand python glob
bitbake: bb/utils: movefile: use the logger for printing
Joshua Watt (4):
bitbake: utils: Pass lock argument in fileslocked
classes: cve-check: Get shared database lock
oeqa: qemurunner: Report UNIX Epoch timestamp on login
bitbake: siggen: Fix insufficent entropy in sigtask file names
Kai Kang (1):
packagegroup-self-hosted: update for strace
Khem Raj (15):
libxml2: Ignore CVE-2016-3709
connman: Backports for security fixes
cracklib: Drop using register keyword
tcp-wrappers: Fix implicit-function-declaration warnings
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
apr: Cache configure tests which use AC_TRY_RUN
autoconf: Fix strict prototype errors in generated tests
autoconf: Update K & R stype functions
webkitgtk: Upgrade to 2.36.6 minor update
webkitgtk: Update to 2.36.7
rpm: Remove -Wimplicit-function-declaration warnings
Kristian Amlie (1):
externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config nodes
Mark Hatle (1):
runqemu: Add missing space on default display option
Martin Beeger (1):
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
Martin Jansa (2):
libxml2: Port gentest.py to Python-3
create-pull-request: don't switch the git remote protocol to git://
Mateusz Marciniec (1):
util-linux: Remove --enable-raw from EXTRA_OECONF
Michael Opdenacker (7):
migration guides: add missing release notes
bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format
poky.yaml.in: update version requirements
migration-guides: add 4.0.4 release notes
dev-manual: fix reference to BitBake user manual
Mihai Lindner (1):
create-spdx: Fix supplier field
Mikko Rapeli (7):
boost: fix install of fiber shared libraries
bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit
u-boot: switch from append to += in SRC_URI
glibc-tests: use += instead of :append
go-native: switch from SRC_URI:append to SRC_URI +=
python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
Ming Liu (1):
meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
Mingli Yu (1):
busybox: add devmem 128-bit support
Neil Horman (1):
bitbake: Fix npm to use https rather than http
Ola x Nilsson (1):
bitbake: ConfHandler: Remove lingering close
Otavio Salvador (1):
bitbake: toaster: fix kirkstone version
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to fail
Pavel Zhukov (4):
package_rpm: Do not replace square brackets in %files
parselogs: Ignore xf86OpenConsole error
core-image.bbclass: Exclude openssh complementary packages
bitbake: gitsm: Error out if submodule refers to parent repo
Peter Bergin (1):
rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable
Peter Kjellerstedt (1):
cairo: Adapt the license information based on what is being built
Peter Marko (1):
create-spdx: handle links to inaccessible locations
Rajesh Dangi (2):
linux-yocto/5.15: update genericx86* machines to v5.15.59
linux-yocto/5.10: update genericx86* machines to v5.10.135
Randy MacLeod (1):
vim: update from 9.0.0063 to 9.0.0115
Rasmus Villemoes (1):
bitbake.conf: set BB_DEFAULT_UMASK using ??=
Richard Purdie (25):
nativesdk: Clear TUNE_FEATURES
selftest/wic: Tweak test case to not depend on kernel size
bitbake: runqueue: Change pressure file warning to a note
perf: Fix reproducibility issues with 5.19 onwards
vim: Upgrade 9.0.0115 -> 9.0.0242
vim: Upgrade 9.0.0242 -> 9.0.0341
pseudo: Update to include recent upstream minor fixes
bitbake: runqueue: Fix unihash cache mismatch issues
bitbake: cooker: Drop sre_constants usage
bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
bitbake: fetch2: Ensure directory exists before creating symlink
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
vim: Upgrade 9.0.0341 -> 9.0.0453
build-appliance-image: Update to kirkstone head revision
libpng: upgrade 1.6.37 -> 1.6.38
vim: Upgrade 9.0.453 -> 9.0.541
perf: Fix for recent kernel upgrades
vim: Upgrade 9.0.0541 -> 9.0.0598
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: runqueue: Drop deadlock breaking force fail
bitbake: bitbake: Add copyright headers where missing
bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
Robert Joslyn (2):
curl: Backport patch for CVE-2022-35252
tzdata: Update from 2022b to 2022c
Roland Hieber (1):
devtool: error out when workspace is using old override syntax
Ross Burton (8):
oeqa/qemurunner: add run_serial() comment
oeqa/selftest: rename git.py to intercept.py
oeqa/gotoolchain: put writable files in the Go module cache
oeqa/gotoolchain: set CGO_ENABLED=1
wic: add target tools to PATH when executing native commands
wic/bootimg-efi: use cross objcopy when building unified kernel image
wic: depend on cross-binutils
cve-check: close cursors as soon as possible
Ruiqiang Hao (2):
gcc: add arm-v9 support
tune-neoversen2: support tune-neoversen2 base on armv9a
Sakib Sajal (9):
qemu: fix CVE-2021-3507
qemu: fix CVE-2021-3929
qemu: fix CVE-2021-4158
qemu: fix CVE-2022-0358
qemu: fix CVE-2022-0216
u-boot: fix CVE-2022-33103
u-boot: fix CVE-2022-30552
u-boot: fix CVE-2022-33967
go: update v1.17.12 -> v1.17.13
Samuli Piippo (2):
Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
gcc-cross-canadian: add default plugin linker
Shubham Kulkarni (1):
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
Steve Sakoman (3):
lttng-modules: fix build for kernel 5.10.137
poky.conf: bump version for 4.0.4
system-requirements.rst: Add Ubuntu 22.04 to list of supported distros
Sundeep KOKKONDA (1):
glibc: stable 2.35 branch updates.
Teoh Jay Shen (3):
go: fix CVE-2022-27664
inetutils: fix CVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd
bind: upgrade 9.18.6 -> 9.18.7
Ulrich Ölmann (1):
scripts/runqemu.README: fix typos and trailing whitespaces
Xiangyu Chen (1):
ltp: Fix pread02 case trigger the glibc overflow detection
Yang Xu (1):
insane.bbclass: Skip patches not in oe-core by full path
Yongxin Liu (1):
grub2: fix several CVEs
ghassaneben (1):
sqlite: fix CVE-2022-35737
niko.mauno@vaisala.com (2):
systemd: Fix unwritable /var/lock when no sysvinit handling
systemd: Add 'no-dns-fallback' PACKAGECONFIG option
pgowda (3):
binutils : CVE-2022-38533
binutils: fix CVE-2022-38126
binutils : Fix CVE-2022-38127
wangmy (10):
libcap: upgrade 2.63 -> 2.64
libtasn1: upgrade 4.18.0 -> 4.19.0
liburcu: upgrade 0.13.1 -> 0.13.2
libwpe: upgrade 1.12.2 -> 1.12.3
libatomic-ops: upgrade 7.6.12 -> 7.6.14
lz4: upgrade 1.9.3 -> 1.9.4
cracklib: upgrade 2.9.7 -> 2.9.8
vala: upgrade 0.56.2 -> 0.56.3
lighttpd: upgrade 1.4.64 -> 1.4.65
bind: upgrade 9.18.5 -> 9.18.6
meta-raspberrypi: 0135a02ea5..dacad9302a:
Lluis Campos (1):
rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`
Vinicius Aquino (1):
raspberrypi-firmware: Update to 20220830 snapshot
meta-openembedded: acbe748798..744a4b6eda:
Changqing Li (2):
fuse3: support ptest
fuse3: fix ptest test_passthrough_hp failure
Chen Qi (1):
polkit: refresh patch
Enrico Scholz (1):
nodejs-oe-cache-native: initial checkin
Hitendra Prajapati (1):
wireshark: CVE-2022-3190 Infinite loop in legacy style dissector
Hitomi Hasegawa (1):
libsdl: add CVE-2019-14906 to allowlist
Jose Quaresma (2):
wireguard-module: 1.0.20210219 -> 1.0.20220627
wireguard-tools: Add a new package for wg-quick
Justin Bronder (1):
lmdb: only set SONAME on the shared library
Khem Raj (5):
audit: Upgrade to 3.0.8 and fix build with linux 5.17+
ntpsec: Add -D_GNU_SOURCE and fix building with devtool
gd: Fix build with clang-15
safec: Remove unused variable 'len'
audit: Revert the tweak done in configure step in do_install
Lei Maohui (1):
xrdp: Fix buildpaths warning.
Martin Jansa (1):
libcec: fix runtime dependencies for ${PN}-examples
Mingli Yu (1):
postgresql: make sure pam conf installed when pam enabled
Ovidiu Panait (1):
net-snmp: upgrade 5.9.1 -> 5.9.3
Richard Purdie (1):
lmdb: Don't inherit base
Sakib Sajal (1):
minicoredumper: retry elf parsing as long as needed
Saul Wold (10):
libipc-signal-perl: Fix LICENSE string
libdigest-hmac-perl: Fix LICENSE string
libio-socket-ssl-perl: Fix LICENSE string
libdigest-sha1-perl: Fix LICENSE string
libmime-types-perl: Fix LICENSE string
libauthen-sasl-perl: Fix LICENSE string
libnet-ldap-perl: Fix LICENSE string
libxml-libxml-perl: Fix LICENSE string
libnet-telnet-perl: Fix LICENSE string
libproc-waitstat-perl: Fix LICENSE string
Steffen Olsen (1):
postgreql: Fix pg_config not working after buildpaths patch
Wang Mingyu (3):
php: upgrade 8.1.8 -> 8.1.9
postgresql: upgrade 14.4 -> 14.5
tcpreplay: upgrade 4.4.1 -> 4.4.2
Yi Zhao (6):
libldb: upgrade 2.3.3 -> 2.3.4
samba: upgrade 4.14.13 -> 4.14.14
samba: fix buildpaths issue
frr: Security fix CVE-2022-37035
open-vm-tools: Security fix CVE-2022-31676
frr: Security fix CVE-2022-37032
wangmy (2):
php: upgrade 8.1.9 -> 8.1.10
dnsmasq: upgrade 2.86 -> 2.87
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I02f0e5b5dcf292a12933c694a10d0946b0edcbc4
354 files changed, 11491 insertions, 1578 deletions
diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch new file mode 100644 index 0000000000..2207408bd2 --- /dev/null +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch @@ -0,0 +1,45 @@ +From cee6de8d6619aeeb70f3318dfd35f2fdf5e43848 Mon Sep 17 00:00:00 2001 +From: Luis Henriques <luis-henrix@users.noreply.github.com> +Date: Sat, 20 Nov 2021 10:09:25 +0000 +Subject: [PATCH] test/test_syscalls.c: allow EBADF in fcheck_stat() (#631) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Test test/test_examples.py::test_passthrough_hp[False] fails because, on +kernels >= 5.14, fstat() will return -EBADF: + +3 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +4 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +5 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +9 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +... + +This patch simply whitelists the EBADF errno code. + +Signed-off-by: Luís Henriques <lhenriques@suse.de> +Co-authored-by: Luís Henriques <lhenriques@suse.de> + +Upstream-Status: Backport [https://github.com/libfuse/libfuse/commit/cee6de8d6619aeeb70f3318dfd35f2fdf5e43848] +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + test/test_syscalls.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/test_syscalls.c b/test/test_syscalls.c +index 160a2ac..65292ed 100644 +--- a/test/test_syscalls.c ++++ b/test/test_syscalls.c +@@ -277,7 +277,8 @@ static int fcheck_stat(int fd, int flags, struct stat *st) + if (flags & O_PATH) { + // With O_PATH fd, the server does not have to keep + // the inode alive so FUSE inode may be stale or bad +- if (errno == ESTALE || errno == EIO || errno == ENOENT) ++ if (errno == ESTALE || errno == EIO || ++ errno == ENOENT || errno == EBADF) + return 0; + } + PERROR("fstat"); +-- +2.25.1 + diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb index e0cf2092a6..0f379afb92 100644 --- a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://GPL2.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://LICENSE;md5=a55c12a2d7d742ecb41ca9ae0a6ddc66" SRC_URI = "https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.xz \ + file://0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch \ " SRC_URI[sha256sum] = "b2e283485d47404ac896dd0bb7f7ba81e1470838e677e45f659804c3a3b69666" @@ -35,7 +36,28 @@ RDEPENDS:${PN}-ptest += " \ do_install_ptest() { install -d ${D}${PTEST_PATH}/test + install -d ${D}${PTEST_PATH}/example + install -d ${D}${PTEST_PATH}/util cp -rf ${S}/test/* ${D}${PTEST_PATH}/test/ + + example_excutables=`find ${B}/example -type f -executable` + util_excutables=`find ${B}/util -type f -executable` + test_excutables=`find ${B}/test -type f -executable` + + for e in $example_excutables + do + cp -rf $e ${D}${PTEST_PATH}/example/ + done + + for e in $util_excutables + do + cp -rf $e ${D}${PTEST_PATH}/util/ + done + + for e in $test_excutables + do + cp -rf $e ${D}${PTEST_PATH}/test + done } DEPENDS = "udev" @@ -49,10 +71,6 @@ RRECOMMENDS:${PN}:class-target = "kernel-module-fuse fuse3-utils" FILES:${PN} += "${libdir}/libfuse3.so.*" FILES:${PN}-dev += "${libdir}/libfuse3*.la" -EXTRA_OEMESON += " \ - -Dexamples=false \ -" - # Forbid auto-renaming to libfuse3-utils FILES:fuse3-utils = "${bindir} ${base_sbindir}" DEBIAN_NOAUTONAME:fuse3-utils = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch new file mode 100644 index 0000000000..90ee317860 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch @@ -0,0 +1,38 @@ +From 059b517f9ef6cbdc696e0983ce255b1728042827 Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Thu, 25 Aug 2022 16:46:04 +0800 +Subject: [PATCH] smbtorture: skip test case tfork_cmd_send + +The test case tfork_cmd_send fails on target as it requires a script +located in the source directory: + +$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send +test: tfork_cmd_send +/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh: +Failed to exec child - No such file or directory + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + lib/util/tests/tfork.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c +index 70ae975..4826ce6 100644 +--- a/lib/util/tests/tfork.c ++++ b/lib/util/tests/tfork.c +@@ -839,10 +839,6 @@ struct torture_suite *torture_local_tfork(TALLOC_CTX *mem_ctx) + "tfork_threads", + test_tfork_threads); + +- torture_suite_add_simple_test(suite, +- "tfork_cmd_send", +- test_tfork_cmd_send); +- + torture_suite_add_simple_test(suite, + "tfork_event_file_handle", + test_tfork_event_file_handle); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index 49e93fc536..53526a26b6 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -21,6 +21,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0004-Add-options-to-configure-the-use-of-libbsd.patch \ file://0005-samba-build-dnsserver_common-code.patch \ file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ + file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \ " SRC_URI:append:libc-musl = " \ @@ -31,7 +32,7 @@ SRC_URI:append:libc-musl = " \ file://samba-fix-musl-lib-without-innetgr.patch \ " -SRC_URI[sha256sum] = "e1df792818a17d8d21faf33580d32939214694c92b84fb499464210d86a7ff75" +SRC_URI[sha256sum] = "abd5e9e6aa45e55114b188ba189ebdfc8fd3d7718d43f749e477ce7f791e5519" UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.14(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb index ce2ba65526..d80bdd87ab 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb @@ -1,8 +1,8 @@ require wireguard.inc -SRCREV = "122f06bfd8fc7b06a0899fa9adc4ce8e06900d98" +SRCREV = "18fbcd68a35a892527345dc5679d0b2d860ee004" -SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;branch=master" +SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;protocol=https;branch=master" inherit module kernel-module-split diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb index 0c686aae2a..20435338c3 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb @@ -16,11 +16,19 @@ do_install () { install } +PACKAGES += "${PN}-wg-quick" + FILES:${PN} = " \ + ${bindir}/wg \ ${sysconfdir} \ +" +FILES:${PN}-wg-quick = " \ + ${bindir}/wg-quick \ ${systemd_system_unitdir} \ - ${bindir} \ " -RDEPENDS:${PN} = "bash" -RRECOMMENDS:${PN} = "kernel-module-wireguard" +RDEPENDS:${PN}-wg-quick = "${PN} bash" +RRECOMMENDS:${PN} = " \ + kernel-module-wireguard \ + ${PN}-wg-quick \ + " diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch new file mode 100644 index 0000000000..672bc9514a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch @@ -0,0 +1,42 @@ +From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Thu, 21 Jul 2022 08:11:58 -0400 +Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is + expected + +Ensure that if the capability length specified is enough data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2022-37032 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bgpd/bgp_packet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..bcd47e32d 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt, + "%s CAPABILITY has action: %d, code: %u, length %u", + peer->host, action, hdr->code, hdr->length); + ++ if (hdr->length < sizeof(struct capability_mp_data)) { ++ zlog_info( ++ "%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d", ++ peer->host, sizeof(struct capability_mp_data), ++ hdr->length); ++ return BGP_Stop; ++ } ++ + /* Capability length check. */ + if ((pnt + hdr->length + 3) > end) { + zlog_info("%s Capability length error", peer->host); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch new file mode 100644 index 0000000000..3d18d0b90d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch @@ -0,0 +1,151 @@ +From db24300d56ad5831d9f6e4545ff2999b99e71bac Mon Sep 17 00:00:00 2001 +From: Mark Stapp <mstapp@nvidia.com> +Date: Thu, 8 Sep 2022 16:14:36 -0400 +Subject: [PATCH] bgpd: avoid notify race between io and main pthreads + +The "bgp_notify_" apis in bgp_packet.c generate a notification +to a peer, usually during error handling. The io pthread wants +to send notifications in a couple of cases during early +received-packet validation - but the existing api interacts +with the peer struct itself, and that's not safe. + +Add a new api for use by the io pthread, and adjust the main +notify api so that it can avoid touching the peer struct. + +Signed-off-by: Mark Stapp <mstapp@nvidia.com> + +CVE: CVE-2022-37035 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bgpd/bgp_io.c | 17 ++++++++--------- + bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++---- + bgpd/bgp_packet.h | 2 ++ + 3 files changed, 38 insertions(+), 13 deletions(-) + +diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c +index 9b5a31f28..c736d02db 100644 +--- a/bgpd/bgp_io.c ++++ b/bgpd/bgp_io.c +@@ -37,7 +37,7 @@ + #include "bgpd/bgp_debug.h" // for bgp_debug_neighbor_events, bgp_type_str + #include "bgpd/bgp_errors.h" // for expanded error reference information + #include "bgpd/bgp_fsm.h" // for BGP_EVENT_ADD, bgp_event +-#include "bgpd/bgp_packet.h" // for bgp_notify_send_with_data, bgp_notify... ++#include "bgpd/bgp_packet.h" // for bgp_notify_io_invalid... + #include "bgpd/bgp_trace.h" // for frrtraces + #include "bgpd/bgpd.h" // for peer, BGP_MARKER_SIZE, bgp_master, bm + /* clang-format on */ +@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer) + return false; + + if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) { +- bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_NOT_SYNC); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0); + return false; + } + +@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer) + zlog_debug("%s unknown message type 0x%02x", peer->host, + type); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, +- 1); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1); + return false; + } + +@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer) + + uint16_t nsize = htons(size); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESLEN, +- (unsigned char *)&nsize, 2); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESLEN, ++ (unsigned char *)&nsize, 2); + return false; + } + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..a5ce5a527 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -736,8 +736,9 @@ static void bgp_write_notify(struct peer *peer) + * @param data Data portion + * @param datalen length of data portion + */ +-void bgp_notify_send_with_data(struct peer *peer, uint8_t code, +- uint8_t sub_code, uint8_t *data, size_t datalen) ++static void bgp_notify_send_internal(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, ++ size_t datalen, bool use_curr) + { + struct stream *s; + +@@ -769,8 +770,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + * If possible, store last packet for debugging purposes. This check is + * in place because we are sometimes called with a doppelganger peer, + * who tends to have a plethora of fields nulled out. ++ * ++ * Some callers should not attempt this - the io pthread for example ++ * should not touch internals of the peer struct. + */ +- if (peer->curr) { ++ if (use_curr && peer->curr) { + size_t packetsize = stream_get_endp(peer->curr); + assert(packetsize <= peer->max_packet_size); + memcpy(peer->last_reset_cause, peer->curr->data, packetsize); +@@ -853,7 +857,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + */ + void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) + { +- bgp_notify_send_with_data(peer, code, sub_code, NULL, 0); ++ bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); ++} ++ ++/* ++ * Enqueue notification; called from the main pthread, peer object access is ok. ++ */ ++void bgp_notify_send_with_data(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, size_t datalen) ++{ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); ++} ++ ++/* ++ * For use by the io pthread, queueing a notification but avoiding access to ++ * the peer object. ++ */ ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen) ++{ ++ /* Avoid touching the peer object */ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); + } + + /* +diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h +index 280d3ec17..898f88ff5 100644 +--- a/bgpd/bgp_packet.h ++++ b/bgpd/bgp_packet.h +@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *); + extern void bgp_notify_send(struct peer *, uint8_t, uint8_t); + extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t, + uint8_t *, size_t); ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen); + extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, + uint8_t orf_type, uint8_t when_to_refresh, + int remove, uint8_t subtype); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 96be49b53f..658731567d 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ + file://CVE-2022-37035.patch \ + file://CVE-2022-37032.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch index 4cd7290447..0eeddf752c 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch @@ -1,7 +1,8 @@ -From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001 +From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Fri, 29 Jan 2021 08:49:15 +0000 -Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit +Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and + 64bit With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves differently between 32bit and 64bit system as the openssl lib resides under @@ -15,12 +16,13 @@ So add the patch to fix the gap between 32bit and 64bit system. Upstream-Status: Inappropriate [configuration specific] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + --- m4/ac_add_search_path.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4 -index 8e0a819..961f587 100644 +index 8e0a819..e9585bc 100644 --- a/m4/ac_add_search_path.m4 +++ b/m4/ac_add_search_path.m4 @@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables @@ -34,6 +36,3 @@ index 8e0a819..961f587 100644 fi if test -d $1/include; then CPPFLAGS="-I$1/include $CPPFLAGS" --- -2.29.2 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch index 05a47f61ce..f8a52a63f5 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch @@ -1,4 +1,4 @@ -From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001 +From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001 From: Li xin <lixin.fnst@cn.fujitsu.com> Date: Fri, 21 Aug 2015 18:23:13 +0900 Subject: [PATCH] config_os_headers: Error Fix @@ -19,7 +19,7 @@ Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index f07d512..2363b42 100644 +index 01c3376..6edd85f 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -395,8 +395,8 @@ then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch index 22e591556a..a7881a8713 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch @@ -1,4 +1,4 @@ -From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001 +From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 22 Jul 2016 18:34:39 +0000 Subject: [PATCH] get_pid_from_inode: Include limit.h @@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 1 insertion(+) diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c -index aee907d..7abaec2 100644 +index 5788e1d..ea380a6 100644 --- a/agent/mibgroup/util_funcs/get_pid_from_inode.c +++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c @@ -6,6 +6,7 @@ @@ -23,5 +23,5 @@ index aee907d..7abaec2 100644 #include <ctype.h> +#include <limits.h> #include <stdio.h> - #if HAVE_STDLIB_H + #ifdef HAVE_STDLIB_H #include <stdlib.h> diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch deleted file mode 100644 index 4fc9e54b49..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 94ca941e06bef157bf0e13251f8ca1471daa9393 Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> -Date: Fri, 27 Aug 2021 14:21:45 +0300 -Subject: [PATCH] snmpd: always exit after displaying usage - -Currently, viewing the help text with -h results in snmpd being started -in the background, whereas this does not happen with --help. Similarly, -when an error is detected in command line syntax, the help text is -displayed but sometimes snmpd gets started anyway, depending on the -execution path. - -This patch makes snmpd consistently terminate whenever the usage -function gets called. It also removes the goto statements no longer -needed. - -Upstream-Status: Backport -[https://github.com/net-snmp/net-snmp/commit/94ca941e06bef157bf0e13251f8ca1471daa9393] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - agent/snmpd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/agent/snmpd.c b/agent/snmpd.c -index f5aab0af8..90de12d99 100644 ---- a/agent/snmpd.c -+++ b/agent/snmpd.c -@@ -289,6 +289,8 @@ usage(char *prog) - " -S d|i|0-7\t\tuse -Ls <facility> instead\n" - "\n" - ); -+ SOCK_CLEANUP; -+ exit(1); - } - - static void -@@ -494,7 +496,6 @@ main(int argc, char *argv[]) - case '-': - if (strcasecmp(optarg, "help") == 0) { - usage(argv[0]); -- goto out; - } - if (strcasecmp(optarg, "version") == 0) { - version(); -@@ -783,7 +784,6 @@ main(int argc, char *argv[]) - fprintf(stderr, "%s: Illegal argument -X:" - "AgentX support not compiled in.\n", argv[0]); - usage(argv[0]); -- goto out; - #endif - break; - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch index 42352a6b00..af6334f726 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch @@ -1,4 +1,4 @@ -From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001 +From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 18 Sep 2015 00:28:45 -0400 Subject: [PATCH] snmplib/keytools.c: Don't check for return from @@ -17,7 +17,7 @@ Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/snmplib/keytools.c b/snmplib/keytools.c -index 129a7c0..2fc1efc 100644 +index 14a452a..fb1694b 100644 --- a/snmplib/keytools.c +++ b/snmplib/keytools.c @@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch deleted file mode 100644 index c973bde721..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001 -From: Wenlin Kang <wenlin.kang@windriver.com> -Date: Wed, 24 May 2017 16:45:34 +0800 -Subject: [PATCH] configure: fix a cc check issue. - -When has "." in cc value, the expression -$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);' -can't get corretly the cc's value. - -Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> - ---- - configure.d/config_project_perl_python | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python -index 475c843..22d2ad3 100644 ---- a/configure.d/config_project_perl_python -+++ b/configure.d/config_project_perl_python -@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then - if test "x$enable_perl_cc_checks" != "xno" ; then - AC_MSG_CHECKING([for Perl cc]) - changequote(, ) -- PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'` -+ PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'` - changequote([, ]) - if test "x$PERLCC" != "x" ; then - AC_MSG_RESULT([$PERLCC]) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch index bfddc63dd7..6e224188a4 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch @@ -1,4 +1,4 @@ -From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001 +From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001 From: Wenlin Kang <wenlin.kang@windriver.com> Date: Wed, 24 May 2017 17:10:20 +0800 Subject: [PATCH] configure: fix incorrect variable @@ -14,10 +14,10 @@ Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in -index 912f6b2..a53d1b2 100644 +index f1cbbf5..1545be3 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt +@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt # # override LD_RUN_PATH to avoid dependencies on the build directory perlmodules: perlmakefiles subdirs diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch index 26dd014ce4..409c1e03c8 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch @@ -1,4 +1,4 @@ -From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001 +From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001 From: "Roy.Li" <rongqing.li@windriver.com> Date: Fri, 16 Jan 2015 14:14:01 +0800 Subject: [PATCH] net-snmp: fix "libtool --finish" @@ -20,11 +20,11 @@ Signed-off-by: Roy.Li <rongqing.li@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.top b/Makefile.top -index 6315401..fc0ee06 100644 +index a962c54..1ba5607 100644 --- a/Makefile.top +++ b/Makefile.top @@ -89,7 +89,7 @@ LIBREVISION = 0 - LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o + LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o LIB_EXTENSION = la LIB_VERSION = -LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch index 022eb958f3..35e93d636e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch @@ -1,4 +1,4 @@ -From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001 +From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001 From: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Date: Wed, 9 Jun 2021 15:47:30 +0900 Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP @@ -7,6 +7,7 @@ Upstream-Status: Pending Signed-off-by: Marian Florea <marian.florea@windriver.com> Signed-off-by: Li Zhou <li.zhou@windriver.com> +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> --- agent/snmpd.c | 1 + @@ -14,19 +15,19 @@ Signed-off-by: Li Zhou <li.zhou@windriver.com> 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/agent/snmpd.c b/agent/snmpd.c -index 1af439f..355b510 100644 +index 90de12d..1ccc4db 100644 --- a/agent/snmpd.c +++ b/agent/snmpd.c -@@ -1208,6 +1208,7 @@ receive(void) - snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", - netsnmp_get_version()); - update_config(); -+ snmp_store(app_name); - send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); - #if HAVE_SIGPROCMASK - ret = sigprocmask(SIG_UNBLOCK, &set, NULL); +@@ -1169,6 +1169,7 @@ snmpd_reconfig(void) + snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", + netsnmp_get_version()); + update_config(); ++ snmp_store(app_name); + send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); + #ifdef HAVE_SIGPROCMASK + ret = sigprocmask(SIG_UNBLOCK, &set, NULL); diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c -index 29c2a0f..ada961c 100644 +index 7b1746b..4a17e0d 100644 --- a/snmplib/snmpv3.c +++ b/snmplib/snmpv3.c @@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg, @@ -41,6 +42,3 @@ index 29c2a0f..ada961c 100644 engineBoots = 1; } --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch index f1ebe2bb61..c5a453abe2 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch @@ -1,4 +1,4 @@ -From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001 +From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001 From: Chong Lu <Chong.Lu@windriver.com> Date: Thu, 28 May 2020 09:46:34 -0500 Subject: [PATCH] net-snmp: add knob whether nlist.h are checked @@ -15,7 +15,7 @@ Signed-off-by: Chong Lu <Chong.Lu@windriver.com> 1 file changed, 2 insertions(+) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index 76ef58a..f07d512 100644 +index b9c8c31..01c3376 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch index 2941a36092..c382c02d89 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch @@ -1,4 +1,4 @@ -From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001 +From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> Date: Thu, 22 Jun 2017 10:25:08 +0800 Subject: [PATCH] net-snmp: fix for --disable-des @@ -15,7 +15,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> 1 file changed, 2 insertions(+) diff --git a/snmplib/scapi.c b/snmplib/scapi.c -index 00c9174..c6875e1 100644 +index 54fdd5c..0f7e931 100644 --- a/snmplib/scapi.c +++ b/snmplib/scapi.c @@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support); diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch index 807983f612..09ca532a7f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch @@ -1,4 +1,4 @@ -From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001 +From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> Date: Wed, 14 Jan 2015 15:10:06 +0800 Subject: [PATCH] testing: add the output format for ptest diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch index bf1e7bedf2..c0b51c51e3 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch @@ -1,4 +1,4 @@ -From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001 +From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001 From: "douglas.royds" <douglas.royds@taitradio.com> Date: Wed, 21 Nov 2018 13:52:18 +1300 Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for @@ -13,7 +13,7 @@ set in the environment to "yes" or "no" as appropriate for the target platform. 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4 -index 6f23c8e..8cea75a 100644 +index b6864d9..07ca922 100644 --- a/configure.d/config_os_misc4 +++ b/configure.d/config_os_misc4 @@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 30c0ce74cb..7af5147566 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -21,15 +21,13 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://0001-config_os_headers-Error-Fix.patch \ file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ file://0001-get_pid_from_inode-Include-limit.h.patch \ - file://0002-configure-fix-a-cc-check-issue.patch \ file://0004-configure-fix-incorrect-variable.patch \ file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ - file://0001-snmpd-always-exit-after-displaying-usage.patch \ " -SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f" +SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/" diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index 136c65d8fd..a8ff21a125 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -3,8 +3,9 @@ HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" SECTION = "net" # GPLv3 was added in version 2.41 as license option LICENSE = "GPL-2.0-only | GPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504 \ + " #at least versions 2.69 and prior are moved to the archive folder on the server SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch deleted file mode 100644 index 6bd734d756..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 31 Mar 2022 21:35:20 +0100 -Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934 - refers. - -CVE: CVE-2022-0934 - -Upstream-Status: Backport -[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - CHANGELOG | 3 +++ - src/rfc3315.c | 48 +++++++++++++++++++++++++++--------------------- - 2 files changed, 30 insertions(+), 21 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 5e54df9..a28da2a 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,4 +1,7 @@ - version 2.86 -+ Fix write-after-free error in DHCPv6 server code. -+ CVE-2022-0934 refers. -+ - Handle DHCPREBIND requests in the DHCPv6 server code. - Thanks to Aichun Li for spotting this omission, and the initial - patch. -diff --git a/src/rfc3315.c b/src/rfc3315.c -index 5c2ff97..6ecfeeb 100644 ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -33,9 +33,9 @@ struct state { - unsigned int mac_len, mac_type; - }; - --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now); --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now); -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now); - static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts); - static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string); - static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string); -@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if - } - - /* This cost me blood to write, it will probably cost you blood to understand - srk. */ --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now) - { - void *end = inbuff + sz; - void *opts = inbuff + 34; -- int msg_type = *((unsigned char *)inbuff); -+ int msg_type = *inbuff; - unsigned char *outmsgtypep; - void *opt; - struct dhcp_vendor *vendor; -@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, - return 1; - } - --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now) -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now) - { - void *opt; -- int i, o, o1, start_opts; -+ int i, o, o1, start_opts, start_msg; - struct dhcp_opt *opt_cfg; - struct dhcp_netid *tagif; - struct dhcp_config *config = NULL; - struct dhcp_netid known_id, iface_id, v6_id; -- unsigned char *outmsgtypep; -+ unsigned char outmsgtype; - struct dhcp_vendor *vendor; - struct dhcp_context *context_tmp; - struct dhcp_mac *mac_opt; -@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - v6_id.next = state->tags; - state->tags = &v6_id; - -- /* copy over transaction-id, and save pointer to message type */ -- if (!(outmsgtypep = put_opt6(inbuff, 4))) -+ start_msg = save_counter(-1); -+ /* copy over transaction-id */ -+ if (!put_opt6(inbuff, 4)) - return 0; - start_opts = save_counter(-1); -- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; -- -+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16; -+ - /* We're going to be linking tags from all context we use. - mark them as unused so we don't link one twice and break the list */ - for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current) -@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) - - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - o1 = new_opt6(OPTION6_STATUS_CODE); - put_opt6_short(DHCP6USEMULTI); - put_opt6_string("Use multicast"); -@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - struct dhcp_netid *solicit_tags; - struct dhcp_context *c; - -- *outmsgtypep = DHCP6ADVERTISE; -+ outmsgtype = DHCP6ADVERTISE; - - if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - o = new_opt6(OPTION6_RAPID_COMMIT); - end_opt6(o); -@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int start = save_counter(-1); - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - - log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); -@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int address_assigned = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); - -@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int good_addr = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPCONFIRM", NULL, NULL); - -@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); - if (ignore) - return 0; -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - tagif = add_options(state, 1); - break; - } -@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6RELEASE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPRELEASE", NULL, NULL); - -@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6DECLINE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPDECLINE", NULL, NULL); - -@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - } - - } -- -+ -+ /* Fill in the message type. Note that we store the offset, -+ not a direct pointer, since the packet memory may have been -+ reallocated. */ -+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype; -+ - log_tags(tagif, state->xid); - log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1)); - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb deleted file mode 100644 index 0f7880ce8c..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb +++ /dev/null @@ -1,8 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512" -SRC_URI += "\ - file://lua.patch \ - file://CVE-2022-0934.patch \ -" - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb new file mode 100644 index 0000000000..793b61d712 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb @@ -0,0 +1,7 @@ +require dnsmasq.inc + +SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284" +SRC_URI += "\ + file://lua.patch \ +" + diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb index 6dd3ec3a9a..af5f0427d4 100644 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb @@ -32,8 +32,8 @@ LIC_FILES_CHKSUM = "file://pyldb.h;endline=24;md5=dfbd238cecad76957f7f860fbe9ada file://man/ldb.3.xml;beginline=261;endline=262;md5=137f9fd61040c1505d1aa1019663fd08 \ file://tools/ldbdump.c;endline=19;md5=a7d4fc5d1f75676b49df491575a86a42" -SRC_URI[md5sum] = "6824f69ea3bb58cb8a3be4c179e7569a" -SRC_URI[sha256sum] = "9ef39700ff05b3e8f5801d2a39fe1ba023218650f81c9d377caca22f49076807" +SRC_URI[md5sum] = "b01d6913a06901c22c5bc6caedc548ac" +SRC_URI[sha256sum] = "f2e88dcab7b6007d92724b62f8a16e7c6e77275885c60eb4f87097e4aa4082c1" inherit pkgconfig waf-samba diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch new file mode 100644 index 0000000000..98c62eed49 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch @@ -0,0 +1,29 @@ +From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 20:54:17 -0700 +Subject: [PATCH] wscript: Widen the search for tags + +Default is to look for annotated tags, howveer when using devtool we +create our own git tree from release tarballs which will have tags but +they are not annotated, therefore broaden the search to include all tags + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + wscript | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wscript b/wscript +index 879ded1..dff835d 100644 +--- a/wscript ++++ b/wscript +@@ -177,7 +177,7 @@ def configure(ctx): + if build_desc: + build_desc = ' ' + build_desc + if ctx.env.BIN_GIT: +- cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty") ++ cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty") + git_short_hash = ctx.cmd_and_log(cmd).strip() + git_short_hash = '-'.join(git_short_hash.split('-')[1:]) + diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb index 3efac7d983..bed0e2e108 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb @@ -16,7 +16,9 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \ file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \ file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \ file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \ - file://volatiles.ntpsec" + file://volatiles.ntpsec \ + file://0001-wscript-Widen-the-search-for-tags.patch \ + " SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a" @@ -54,7 +56,7 @@ export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}" export pyext_PATTERN = "%s.so" export PYTHON_LDFLAGS = "-lpthread -ldl" -CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}" +CFLAGS:append = " -I${PYTHON_INCLUDE_DIR} -D_GNU_SOURCE" EXTRA_OECONF = "--cross-compiler='${CC}' \ --cross-cflags='${CFLAGS}' \ diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch new file mode 100644 index 0000000000..4140c46d07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch @@ -0,0 +1,43 @@ +From 70a74758bfe0042c27f15ce590fb21a2bc54d745 Mon Sep 17 00:00:00 2001 +From: John Wolfe <jwolfe@vmware.com> +Date: Sun, 21 Aug 2022 07:56:49 -0700 +Subject: [PATCH] Properly check authorization on incoming guestOps requests. + +Fix public pipe request checks. Only a SessionRequest type should +be accepted on the public pipe. + +CVE: CVE-2022-31676 + +Upstream-Status: Backport +[https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c +index db7159ee..6c672601 100644 +--- a/open-vm-tools/vgauth/serviceImpl/proto.c ++++ b/open-vm-tools/vgauth/serviceImpl/proto.c +@@ -1,5 +1,5 @@ + /********************************************************* +- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. ++ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published +@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, + VGAuthError err; + gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); + ++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { ++ return VGAUTH_E_PERMISSION_DENIED; ++ } ++ + switch (req->reqType) { + /* + * This comes over the public connection; alwsys let it through. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 1c3545f960..4670a85a67 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \ file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ + file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \ " UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb index 56db66b8eb..165a0e735b 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" -SRC_URI[sha256sum] = "cb67b6491a618867fc4f9848f586019f1bb2ebd149f393afac5544ee55e4544f" +SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch new file mode 100644 index 0000000000..0b987700f5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch @@ -0,0 +1,145 @@ +From 4585d515b962f3b3a5e81caa64e13e8d9ed2e431 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 26 Sep 2022 12:47:00 +0530 +Subject: [PATCH] CVE-2022-3190 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/67326401a595fffbc67eeed48eb6c55d66a55f67] +CVE : CVE-2022-3190 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++------------- + 1 file changed, 56 insertions(+), 52 deletions(-) + +diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c +index ed77dfd..b15b0d4 100644 +--- a/epan/dissectors/packet-f5ethtrailer.c ++++ b/epan/dissectors/packet-f5ethtrailer.c +@@ -2741,69 +2741,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d + static gint + dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + { +- proto_tree *type_tree = NULL; +- proto_item *ti = NULL; + guint offset = 0; +- guint processed = 0; +- f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; +- guint8 type; +- guint8 len; +- guint8 ver; + + /* While we still have data in the trailer. For old format trailers, this needs + * type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes). + * All old format trailers are at least 4 bytes long, so just check for length of magic. + */ +- while (tvb_reported_length_remaining(tvb, offset)) { +- type = tvb_get_guint8(tvb, offset); +- len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; +- ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); +- +- if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW +- && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE +- && ver <= F5TRAILER_VER_MAX) { +- /* Parse out the specified trailer. */ +- switch (type) { +- case F5TYPE_LOW: +- ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); +- +- processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_low = 1; +- } +- break; +- case F5TYPE_MED: +- ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); +- +- processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_med = 1; +- } +- break; +- case F5TYPE_HIGH: +- ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); +- +- processed = +- dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_high = 1; +- } +- break; ++ while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) { ++ /* length field does not include the type and length bytes. Add them back in */ ++ guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; ++ if (len > tvb_reported_length_remaining(tvb, offset) ++ || len < F5_MIN_SANE || len > F5_MAX_SANE) { ++ /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */ ++ return offset; ++ } ++ guint8 type = tvb_get_guint8(tvb, offset); ++ guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); ++ ++ /* Parse out the specified trailer. */ ++ proto_tree *type_tree = NULL; ++ proto_item *ti = NULL; ++ f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; ++ guint processed = 0; ++ ++ switch (type) { ++ case F5TYPE_LOW: ++ ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); ++ ++ processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_low = 1; + } +- if (processed == 0) { +- proto_item_set_len(ti, 1); +- return offset; ++ break; ++ case F5TYPE_MED: ++ ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); ++ ++ processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_med = 1; ++ } ++ break; ++ case F5TYPE_HIGH: ++ ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); ++ ++ processed = ++ dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_high = 1; + } ++ break; ++ default: ++ /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/ ++ return offset; ++ } ++ if (processed == 0) { ++ /* couldn't process trailer - bali out */ ++ proto_item_set_len(ti, 1); ++ return offset; + } + offset += processed; + } +-return offset; ++ return offset; + } /* dissect_old_trailer() */ + + /*---------------------------------------------------------------------------*/ +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 38fdbce892..1a4aedc139 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb @@ -15,6 +15,7 @@ SRC_URI += " \ file://0002-flex-Remove-line-directives.patch \ file://0003-bison-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ + file://CVE-2022-3190.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch new file mode 100644 index 0000000000..4fd36ab8ab --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch @@ -0,0 +1,42 @@ +From b1d7cc6495c541cdd99399b4d1a835997376dcbf Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 23:42:33 -0700 +Subject: [PATCH] strpbrk_s: Remove unused variable len + +Fixes +error: variable 'len' set but not used [-Werror,-Wunused-but-set-variable] + +Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/123] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/extstr/strpbrk_s.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/extstr/strpbrk_s.c b/src/extstr/strpbrk_s.c +index 5bb7a0f8..2cf8a8be 100644 +--- a/src/extstr/strpbrk_s.c ++++ b/src/extstr/strpbrk_s.c +@@ -79,7 +79,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + #endif + { + char *ps; +- rsize_t len; + + CHK_SRC_NULL("strpbrk_s", firstp) + *firstp = NULL; +@@ -121,7 +120,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + while (*dest && dmax) { + + ps = src; +- len = slen; + while (*ps) { + + /* check for a match with the substring */ +@@ -130,7 +128,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + return RCNEGATE(EOK); + } + ps++; +- len--; + } + dest++; + dmax--; diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb index 5ffe7d7528..9dd6f1c7cc 100644 --- a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb @@ -9,7 +9,8 @@ inherit autotools pkgconfig S = "${WORKDIR}/git" SRCREV = "f9add9245b97c7bda6e28cceb0ee37fb7e254fd8" SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \ -" + file://0001-strpbrk_s-Remove-unused-variable-len.patch \ + " COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64|mips).*-linux' diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch new file mode 100644 index 0000000000..312809d1d2 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch @@ -0,0 +1,22 @@ +From b4d418bf3f78748d84e3cfb110833443eef34284 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@cold-front.org> +Date: Thu, 25 Aug 2022 17:22:20 -0400 +Subject: [PATCH] make: set soname on liblmdb + +--- + libraries/liblmdb/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile +index 1ec74e6..ea08cd6 100644 +--- a/libraries/liblmdb/Makefile ++++ b/libraries/liblmdb/Makefile +@@ -66,7 +66,7 @@ liblmdb.a: mdb.o midl.o + + liblmdb$(SOEXT): mdb.lo midl.lo + # $(CC) $(LDFLAGS) -pthread -shared -Wl,-Bsymbolic -o $@ mdb.o midl.o $(SOLIBS) +- $(CC) $(LDFLAGS) -pthread -shared -o $@ mdb.lo midl.lo $(SOLIBS) ++ $(CC) $(LDFLAGS) -pthread -shared -Wl,-soname,$@ -o $@ mdb.lo midl.lo $(SOLIBS) + + mdb_stat: mdb_stat.o liblmdb.a + mdb_copy: mdb_copy.o liblmdb.a diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb index b58a36c446..a76d388d70 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb @@ -11,16 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972" SRC_URI = "git://github.com/LMDB/lmdb.git;nobranch=1;protocol=https \ file://run-ptest \ file://0001-Makefile-use-libprefix-instead-of-libdir.patch \ + file://0001-make-set-soname-on-liblmdb.patch;patchdir=../.. \ " SRCREV = "8ad7be2510414b9506ec9f9e24f24d04d9b04a1a" -inherit base ptest +inherit ptest S = "${WORKDIR}/git/libraries/liblmdb" -LDFLAGS += "-Wl,-soname,lib${PN}.so.${PV}" - do_compile() { oe_runmake CC="${CC}" SOEXT=".so.${PV}" LDFLAGS="${LDFLAGS}" } diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch index 101a748776..52ca276da6 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -30,7 +30,16 @@ diff --git a/src/common/config_info.c b/src/common/config_info.c index e72e729..b482c20 100644 --- a/src/common/config_info.c +++ b/src/common/config_info.c -@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) +@@ -38,7 +38,7 @@ + int i = 0; + + /* Adjust this to match the number of items filled below */ +- *configdata_len = 23; ++ *configdata_len = 14; + configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData)); + + configdata[i].name = pstrdup("BINDIR"); +@@ -123,74 +123,6 @@ configdata[i].setting = pstrdup(path); i++; diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index 2256bccece..4a576d7172 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 07e605015fad0621c3e67133ff9330a5c6318daa Mon Sep 17 00:00:00 2001 +From 258c6bd2ad96f2c42f1cb5f4c84e4ca5865059f0 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@windriver.com> Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 04ef7be..0eb595b 100644 +index ffe878e..c39799b 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [14.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index bef33e6bb4..60d44ce979 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -205,7 +205,7 @@ do_install:append() { # multiple server config directory install -d -m 700 ${D}${sysconfdir}/default/${BPN} - if [ "${@d.getVar('enable_pam')}" = "pam" ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/pam.d install -m 644 ${WORKDIR}/postgresql.pam ${D}${sysconfdir}/pam.d/postgresql fi diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb index 1daab22f92..1551d34053 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb @@ -11,7 +11,7 @@ SRC_URI += "\ file://0001-config_info.c-not-expose-build-info.patch \ " -SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a" +SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" CVE_CHECK_IGNORE += "\ CVE-2017-8806 \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache new file mode 100755 index 0000000000..f596207648 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache @@ -0,0 +1,77 @@ +#!/usr/bin/env node + +/// Usage: oe-npm-cache <cache-dir> <type> <key> <file-name> +/// <type> ... meta - metainformation about package +/// tgz - tarball + +const process = require("node:process"); + +module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); + +const cacache = require('cacache') +const fs = require('fs') + +// argv[0] is 'node', argv[1] is this script +const cache_dir = process.argv[2] +const type = process.argv[3] +const key = process.argv[4] +const file = process.argv[5] + +const data = fs.readFileSync(file) + +// metadata content is highly nodejs dependent; when cache entries are not +// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' +// (CachePolicy::satisfies()) +const xlate = { + 'meta': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + }, + resHeaders: { + "content-type": "application/json", + "status": 200, + }, + options: { + compress: true, + } + }; + }, + }, + + 'tgz': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': '*/*', + }, + resHeaders: { + "content-type": "application/octet-stream", + "status": 200, + }, + options: { + compress: true, + }, + }; + }, + }, +}; + +const info = xlate[type]; +let opts = {} + +if (info.metadata) { + opts['metadata'] = info.metadata(); +} + +cacache.put(cache_dir, info.key_prefix + key, data, opts) + .then(integrity => { + console.log(`Saved content of ${key} (${file}).`); +}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb new file mode 100644 index 0000000000..a61dd5018f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "OE helper for manipulating npm cache" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "\ + file://oe-npm-cache \ +" + +inherit native + +B = "${WORKDIR}/build" + +do_configure() { + sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' +} + +do_install() { + install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache +} + +RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb index d5cf7d8b21..624ab2621a 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01" +SRC_URI[sha256sum] = "2de8e0402285f7c56887defe651922308aded58ba60befcf3b77720209e31f10" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb index cd586897a4..599416cb2a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb @@ -29,6 +29,9 @@ EXTRA_OECMAKE += "${PLATFORM_CMAKE_FLAGS}" PACKAGE_BEFORE_PN += "${PN}-examples-python ${PN}-examples" FILES:${PN}-examples-python = "${bindir}/py*" FILES:${PN}-examples = "${bindir}" +# cec-client doesn't link with libcec, but uses LibCecInitialise to dlopen libcec, so do_package +# cannot add the runtime dependency automatically +RDEPENDS:${PN}-examples = "${PN}" RDEPENDS:${PN}-examples-python = "python3-${BPN} python3-core" # Create the wrapper for python3 diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch index fa273d4503..218c860fbd 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch @@ -1,4 +1,4 @@ -From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001 +From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001 From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> Date: Sun, 15 May 2022 05:04:10 +0000 Subject: [PATCH] Make netgroup support optional @@ -37,12 +37,12 @@ Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac -index 59858df..5a7fc11 100644 +index 18e4223..0f87ea0 100644 --- a/configure.ac +++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) +@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + CC="$PTHREAD_CC" + AC_CHECK_FUNCS([pthread_condattr_setclock]) -AC_CHECK_FUNCS(clearenv fdatasync) +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) @@ -50,7 +50,7 @@ index 59858df..5a7fc11 100644 if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" diff --git a/meson.build b/meson.build -index 733bbff..d840926 100644 +index 7506231..2d9d67a 100644 --- a/meson.build +++ b/meson.build @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) @@ -164,10 +164,10 @@ index 056d9a8..36c2f3d 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 5027815..bcb040c 100644 +index 11e91c0..9ee0391 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); @@ -175,7 +175,7 @@ index 5027815..bcb040c 100644 JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, { is_in_netgroup = true; } @@ -233,7 +233,7 @@ index 3701ba1..e1d211e 100644 return g_test_run (); } diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index f97e0e0..fc52149 100644 +index 2103b17..b187a2f 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -137,12 +137,14 @@ test_get_admin_identities (void) diff --git a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb index 9085c6d2fe..4ec0dc6ca3 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb @@ -82,3 +82,6 @@ do_configure:prepend() { } BBCLASSEXTEND = "native nativesdk" + +#CVE-2019-14906 is a RHEL specific vulnerability. +CVE_CHECK_IGNORE += "CVE-2019-14906" diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch new file mode 100644 index 0000000000..8d5b8b6cbb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch @@ -0,0 +1,128 @@ +From 7a8c6a06c86e133e4346b1dc66483bd8d0d3c716 Mon Sep 17 00:00:00 2001 +From: John Ogness <john.ogness@linutronix.de> +Date: Tue, 24 Aug 2021 21:10:43 +0200 +Subject: [PATCH] minicoredumper: retry elf parsing as long as needed + +As was reported in github issue #2 ("maximum number of tries +insufficient, in rare cases, for elf parse"), the number of retries +for parsing a process may be insufficient. Rather than setting an +upper limit on the maximum number of retries, track the number of +headers seen. As long as the number of seen headers is greater than +the previous try, try again. + +In order to avoid introducing any new issues, preserve the behavior +of retrying at least 10 times, even if no new headers are seen. + +Reported-by: github.com/ssajal-wr +Signed-off-by: John Ogness <john.ogness@linutronix.de> + +Upstream-Status: Backport [7a8c6a06c86e133e4346b1dc66483bd8d0d3c716] + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + src/minicoredumper/corestripper.c | 30 +++++++++++++++++++++++------- + 1 file changed, 23 insertions(+), 7 deletions(-) + +diff --git a/src/minicoredumper/corestripper.c b/src/minicoredumper/corestripper.c +index d96d1df..c96b350 100644 +--- a/src/minicoredumper/corestripper.c ++++ b/src/minicoredumper/corestripper.c +@@ -761,7 +761,7 @@ static int init_log(struct dump_info *di) + typedef int elf_parse_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr); + + static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, +- elf_parse_cb *callback) ++ elf_parse_cb *callback, size_t *phnum_found) + { + GElf_Ehdr ehdr_mem; + GElf_Ehdr *ehdr; +@@ -770,6 +770,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + size_t phnum; + size_t cnt; + ++ if (phnum_found) ++ *phnum_found = 0; ++ + /* start from beginning of core */ + if (lseek64(di->elf_fd, 0, SEEK_SET) == -1) { + info("lseek failed: %s", strerror(errno)); +@@ -809,6 +812,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + goto out; + } + ++ if (phnum_found) ++ *phnum_found = phnum; ++ + for (cnt = 0; cnt < phnum; cnt++) { + GElf_Phdr phdr_mem; + GElf_Phdr *phdr; +@@ -891,7 +897,7 @@ static int vma_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr) + /* + * Tries to parse the found ELF headers and reads all vmas from it. + */ +-static int parse_vma_info(struct dump_info *di) ++static int parse_vma_info(struct dump_info *di, size_t *phnum_found) + { + unsigned long min_off = ULONG_MAX; + unsigned long max_len = 0; +@@ -911,7 +917,7 @@ static int parse_vma_info(struct dump_info *di) + memset(&type, 0, sizeof(type)); + type.p_type = PT_LOAD; + type.p_flags = PF_R; +- if (do_elf_ph_parse(di, &type, vma_cb) != 0) ++ if (do_elf_ph_parse(di, &type, vma_cb, phnum_found) != 0) + return -1; + + for (v = di->vma; v; v = v->next) { +@@ -1614,8 +1620,10 @@ int add_core_data(struct dump_info *di, off64_t dest_offset, size_t len, + */ + static int init_src_core(struct dump_info *di, int src) + { ++ size_t last_phnum = 0; + int tries = 0; + int ret = -1; ++ size_t phnum; + size_t len; + char *buf; + long pos; +@@ -1642,7 +1650,7 @@ again: + goto out; + + /* try to elf-parse the core to read vma info */ +- ret = parse_vma_info(di); ++ ret = parse_vma_info(di, &phnum); + + /* restore our position */ + if (lseek64(di->elf_fd, pos, SEEK_SET) == -1) +@@ -1653,9 +1661,17 @@ again: + + tries++; + +- /* maybe try again */ +- if (tries < 10) ++ if (phnum > last_phnum) { ++ /* new headers found, keep trying */ ++ last_phnum = phnum; + goto again; ++ } else if (tries < 10) { ++ /* ++ * even if no new headers are found, ++ * retry at least 10 times ++ */ ++ goto again; ++ } + + goto out; + } +@@ -2106,7 +2122,7 @@ static int dump_stacks(struct dump_info *di) + /* find and set the first task */ + memset(&type, 0, sizeof(type)); + type.p_type = PT_NOTE; +- do_elf_ph_parse(di, &type, note_cb); ++ do_elf_ph_parse(di, &type, note_cb, NULL); + } + + if (di->first_pid) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb index bf99152942..0b934ee2d8 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https;branch=master \ file://0001-replace-pthread_mutexattr_setrobust_np-with-pthread_.patch \ file://minicoredumper.service \ file://minicoredumper.init \ + file://0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch index 740bcb5a7f..b023c80ae4 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch @@ -18,11 +18,9 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> bindings/swig/src/auditswig.i | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) -diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am -index dd9d934..61b486d 100644 --- a/bindings/swig/python3/Makefile.am +++ b/bindings/swig/python3/Makefile.am -@@ -22,6 +22,7 @@ +@@ -23,6 +23,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) @@ -30,7 +28,7 @@ index dd9d934..61b486d 100644 LIBS = $(top_builddir)/lib/libaudit.la SWIG_FLAGS = -python -py3 -modern SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/li _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la nodist__audit_la_SOURCES = audit_wrap.c audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i @@ -39,8 +37,6 @@ index dd9d934..61b486d 100644 CLEANFILES = audit.py* audit_wrap.c *~ -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 21aafca..dd0f62c 100644 --- a/bindings/swig/src/auditswig.i +++ b/bindings/swig/src/auditswig.i @@ -39,7 +39,7 @@ signed @@ -48,10 +44,7 @@ index 21aafca..dd0f62c 100644 typedef unsigned __u32; typedef unsigned uid_t; -%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" ++%include "../lib/audit.h" #define __extension__ /*nothing*/ %include <stdint.i> %include "../lib/libaudit.h" --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb index d77aec2964..c17899d4f6 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb @@ -15,7 +15,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;proto " S = "${WORKDIR}/git" -SRCREV = "f60b2d8f55c74be798a7f5bcbd6c587987f2578a" +SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc" inherit autotools python3native update-rc.d systemd @@ -71,7 +71,14 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h +} + do_install:append() { + sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch new file mode 100644 index 0000000000..5ac5170721 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch @@ -0,0 +1,115 @@ +From 6379331cd0647fc6f149f55e4505a9a92e4f159f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 22:43:26 -0700 +Subject: [PATCH] Fix deprecared function prototypes + +Fixes following errors: +error: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Werror,-Wdeprecated-non-prototype] + +Upstream-Status: Submitted [https://github.com/libgd/libgd/pull/835] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/gd_nnquant.c | 32 +++++++------------------------- + src/gd_tiff.c | 4 +--- + 2 files changed, 8 insertions(+), 28 deletions(-) + +diff --git a/src/gd_nnquant.c b/src/gd_nnquant.c +index 8b9aa794..013f7160 100644 +--- a/src/gd_nnquant.c ++++ b/src/gd_nnquant.c +@@ -112,12 +112,7 @@ typedef struct { + + /* Initialise network in range (0,0,0,0) to (255,255,255,255) and set parameters + ----------------------------------------------------------------------- */ +-static void initnet(nnq, thepic, len, sample, colours) +-nn_quant *nnq; +-unsigned char *thepic; +-int len; +-int sample; +-int colours; ++static void initnet(nn_quant *nnq, unsigned char *thepic, int len, int sample, int colours) + { + register int i; + register int *p; +@@ -163,9 +158,7 @@ static void unbiasnet(nn_quant *nnq) + } + + /* Output colormap to unsigned char ptr in RGBA format */ +-static void getcolormap(nnq, map) +-nn_quant *nnq; +-unsigned char *map; ++static void getcolormap(nn_quant *nnq, unsigned char *map) + { + int i,j; + for(j=0; j < nnq->netsize; j++) { +@@ -232,9 +225,7 @@ static void inxbuild(nn_quant *nnq) + + /* Search for ABGR values 0..255 (after net is unbiased) and return colour index + ---------------------------------------------------------------------------- */ +-static unsigned int inxsearch(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al, b, g, r; ++static unsigned int inxsearch(nn_quant *nnq, int al, int b, int g, int r) + { + register int i, j, dist, a, bestd; + register int *p; +@@ -306,9 +297,7 @@ register int al, b, g, r; + + /* Search for biased ABGR values + ---------------------------- */ +-static int contest(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al,b,g,r; ++static int contest(nn_quant *nnq, int al, int b, int g, int r) + { + /* finds closest neuron (min dist) and updates freq */ + /* finds best neuron (min dist-bias) and returns position */ +@@ -362,9 +351,7 @@ register int al,b,g,r; + /* Move neuron i towards biased (a,b,g,r) by factor alpha + ---------------------------------------------------- */ + +-static void altersingle(nnq, alpha,i,al,b,g,r) +-nn_quant *nnq; +-register int alpha,i,al,b,g,r; ++static void altersingle(nn_quant *nnq, int alpha, int i,int al, int b, int g, int r) + { + register int *n; + +@@ -382,10 +369,7 @@ register int alpha,i,al,b,g,r; + /* Move adjacent neurons by precomputed alpha*(1-((i-j)^2/[r]^2)) in radpower[|i-j|] + --------------------------------------------------------------------------------- */ + +-static void alterneigh(nnq, rad,i,al,b,g,r) +-nn_quant *nnq; +-int rad,i; +-register int al,b,g,r; ++static void alterneigh(nn_quant *nnq, int rad, int i, int al,int b,int g, int r) + { + register int j,k,lo,hi,a; + register int *p, *q; +@@ -429,9 +413,7 @@ register int al,b,g,r; + /* Main Learning Loop + ------------------ */ + +-static void learn(nnq, verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ +-nn_quant *nnq; +-int verbose; ++static void learn(nn_quant *nnq, int verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ + { + register int i,j,al,b,g,r; + int radius,rad,alpha,step,delta,samplepixels; +diff --git a/src/gd_tiff.c b/src/gd_tiff.c +index 7f72b610..3d90e61a 100644 +--- a/src/gd_tiff.c ++++ b/src/gd_tiff.c +@@ -446,9 +446,7 @@ BGD_DECLARE(void) gdImageTiffCtx(gdImagePtr image, gdIOCtx *out) + } + + /* Check if we are really in 8bit mode */ +-static int checkColorMap(n, r, g, b) +-int n; +-uint16_t *r, *g, *b; ++static int checkColorMap(int n, uint16_t *r, uint16_t *g, uint16_t *b) + { + while (n-- > 0) + if (*r++ >= 256 || *g++ >= 256 || *b++ >= 256) diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb index 9d4ee1fe4b..cc2c1571e6 100644 --- a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1" DEPENDS = "freetype libpng jpeg zlib tiff" SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1;protocol=https \ + file://0001-Fix-deprecared-function-prototypes.patch \ " SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc" diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb index 7ec6ae15f6..947ca75388 100644 --- a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb @@ -49,6 +49,7 @@ do_configure:prepend() { do_compile:prepend() { sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in + echo "" > ${B}/xrdp_configure_options.h } do_install:append() { diff --git a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb index 8545eb50f7..a9eec69502 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb @@ -5,7 +5,7 @@ protocols should be able to share." HOMEPAGE = "http://search.cpan.org/dist/Authen-SASL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://lib/Authen/SASL/Perl.pm;beginline=1;endline=3;md5=17123315bbcda19f484c07227594a609" DEPENDS = "perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb index 51a2ad3498..43b7f4d5a9 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Keyed-Hashing for Message Authentication" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-HMAC-1.03/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=13;endline=17;md5=da980cdc026faa065e5d5004115334e6" RDEPENDS:${PN} = "libdigest-sha1-perl perl-module-extutils-makemaker perl-module-digest-md5" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb index cd63675128..df89c9bcdb 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Digest::SHA1 - Perl interface to the SHA-1 algorithm" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-SHA1-2.13/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=10;endline=14;md5=ff5867ebb4bc1103a7a416aef2fce00a" SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Digest-SHA1-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb index 1d04f0054f..6249fd1d78 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb @@ -9,7 +9,7 @@ mod_perl." HOMEPAGE = "http://search.cpan.org/dist/IO-Socket-SSL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=12;endline=12;md5=963ce28228347875ace682de56eef8e8" RDEPENDS:${PN} += "\ diff --git a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb index 389be2c16c..203db7b10c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb @@ -5,7 +5,7 @@ dealing with signals." HOMEPAGE = "http://search.cpan.org/~rosch/IPC-Signal-1.00/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=16;endline=18;md5=f36550f59a0ae5e6e3b0be6a4da60d26" S = "${WORKDIR}/IPC-Signal-${PV}" diff --git a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb index 2c06728ed2..d1f6f8c59c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb @@ -8,7 +8,7 @@ one known mime type." HOMEPAGE = "http://search.cpan.org/~markov/MIME-Types-${PV}" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=11;endline=11;md5=963ce28228347875ace682de56eef8e8" SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/MIME-Types-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb index 293f421205..dcc5ea88b1 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb @@ -6,7 +6,7 @@ deleting or modifying entries." SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=3;endline=5;md5=4d6588c2fa0d38ae162f6314d201d89e" SRC_URI = "${CPAN_MIRROR}/authors/id/M/MA/MARSCHAP/perl-ldap-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb index d7d4201048..d1365f269c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb @@ -11,7 +11,7 @@ shell." HOMEPAGE = "http://search.cpan.org/dist/Net-Telnet/" SECTION = "Development/Libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=4;endline=7;md5=e94ab3b72335e3cdadd6c1ff736dd714" SRC_URI = "http://search.cpan.org/CPAN/authors/id/J/JR/JROGERS/Net-Telnet-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb index ffd87ed0b5..643a704a1d 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb @@ -5,7 +5,7 @@ on wait status values." HOMEPAGE = "http://search.cpan.org/~rosch/Proc-WaitStat/" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=21;endline=23;md5=f36550f59a0ae5e6e3b0be6a4da60d26" RDEPENDS:${PN} += "perl libipc-signal-perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb index c2898a9012..c2ea47ae5b 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb @@ -8,7 +8,7 @@ your programs." HOMEPAGE = "http://search.cpan.org/dist/XML-LibXML-1.99/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" DEPENDS += "libxml2 \ libxml-sax-perl-native \ zlib \ diff --git a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb index 413ca4d527..6fb3a1bcc3 100644 --- a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb +++ b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb @@ -62,7 +62,7 @@ CMDLINE = " \ " do_compile() { - echo "${@' '.join('${CMDLINE}'.split())}" > "${WORKDIR}/cmdline.txt" + echo "${@' '.join(d.getVar('CMDLINE').split())}" > "${WORKDIR}/cmdline.txt" } do_deploy() { diff --git a/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc b/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc index e5974e49d0..a7404400e3 100644 --- a/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc +++ b/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc @@ -1,9 +1,9 @@ -RPIFW_DATE ?= "20220331" +RPIFW_DATE ?= "20220830" RPIFW_SRC_URI ?= "https://archive.raspberrypi.com/debian/pool/main/r/raspberrypi-firmware/raspberrypi-firmware_1.${RPIFW_DATE}.orig.tar.xz" RPIFW_S ?= "${WORKDIR}/raspberrypi-firmware-1.${RPIFW_DATE}" SRC_URI = "${RPIFW_SRC_URI}" -SRC_URI[sha256sum] = "8758f10797bd52a7373cc5b39bd46d0d9f882d501ccb9535a72a3fe8a8d329c3" +SRC_URI[sha256sum] = "2b27e4b3c4d2664a0a1d0dd8602bd80ea41dd006eb0ad9c67d7b659c9c8bb4e5" PV = "${RPIFW_DATE}" diff --git a/poky/bitbake/bin/bitbake-prserv b/poky/bitbake/bin/bitbake-prserv index 323df66dd0..5be42f3ce5 100755 --- a/poky/bitbake/bin/bitbake-prserv +++ b/poky/bitbake/bin/bitbake-prserv @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/bin/bitbake-worker b/poky/bitbake/bin/bitbake-worker index 9d850ec77c..2f3e9f72f9 100755 --- a/poky/bitbake/bin/bitbake-worker +++ b/poky/bitbake/bin/bitbake-worker @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/bin/git-make-shallow b/poky/bitbake/bin/git-make-shallow index 1d00fbf183..d0532c5ab8 100755 --- a/poky/bitbake/bin/git-make-shallow +++ b/poky/bitbake/bin/git-make-shallow @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst index f9d9e617f3..9c269ca837 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst @@ -688,6 +688,8 @@ Here is an example URL:: It can also be used when setting mirrors definitions using the :term:`PREMIRRORS` variable. +.. _crate-fetcher: + Crate Fetcher (``crate://``) ---------------------------- @@ -704,6 +706,80 @@ Here is an example URL:: SRC_URI = "crate://crates.io/glob/0.2.11" +.. _npm-fetcher: + +NPM Fetcher (``npm://``) +------------------------ + +This submodule fetches source code from an +`NPM <https://en.wikipedia.org/wiki/Npm_(software)>`__ +Javascript package registry. + +The format for the :term:`SRC_URI` setting must be:: + + SRC_URI = "npm://some.registry.url;ParameterA=xxx;ParameterB=xxx;..." + +This fetcher supports the following parameters: + +- *"package":* The NPM package name. This is a mandatory parameter. + +- *"version":* The NPM package version. This is a mandatory parameter. + +- *"downloadfilename":* Specifies the filename used when storing the downloaded file. + +- *"destsuffix":* Specifies the directory to use to unpack the package (default: ``npm``). + +Note that NPM fetcher only fetches the package source itself. The dependencies +can be fetched through the `npmsw-fetcher`_. + +Here is an example URL with both fetchers:: + + SRC_URI = " \ + npm://registry.npmjs.org/;package=cute-files;version=${PV} \ + npmsw://${THISDIR}/${BPN}/npm-shrinkwrap.json \ + " + +See :yocto_docs:`Creating Node Package Manager (NPM) Packages +</dev-manual/common-tasks.html#creating-node-package-manager-npm-packages>` +in the Yocto Project manual for details about using +:yocto_docs:`devtool <https://docs.yoctoproject.org/ref-manual/devtool-reference.html>` +to automatically create a recipe from an NPM URL. + +.. _npmsw-fetcher: + +NPM shrinkwrap Fetcher (``npmsw://``) +------------------------------------- + +This submodule fetches source code from an +`NPM shrinkwrap <https://docs.npmjs.com/cli/v8/commands/npm-shrinkwrap>`__ +description file, which lists the dependencies +of an NPM package while locking their versions. + +The format for the :term:`SRC_URI` setting must be:: + + SRC_URI = "npmsw://some.registry.url;ParameterA=xxx;ParameterB=xxx;..." + +This fetcher supports the following parameters: + +- *"dev":* Set this parameter to ``1`` to install "devDependencies". + +- *"destsuffix":* Specifies the directory to use to unpack the dependencies + (``${S}`` by default). + +Note that the shrinkwrap file can also be provided by the recipe for +the package which has such dependencies, for example:: + + SRC_URI = " \ + npm://registry.npmjs.org/;package=cute-files;version=${PV} \ + npmsw://${THISDIR}/${BPN}/npm-shrinkwrap.json \ + " + +Such a file can automatically be generated using +:yocto_docs:`devtool <https://docs.yoctoproject.org/ref-manual/devtool-reference.html>` +as described in the :yocto_docs:`Creating Node Package Manager (NPM) Packages +</dev-manual/common-tasks.html#creating-node-package-manager-npm-packages>` +section of the Yocto Project. + Other Fetchers -------------- @@ -713,8 +789,6 @@ Fetch submodules also exist for the following: - Mercurial (``hg://``) -- npm (``npm://``) - - OSC (``osc://``) - Secure FTP (``sftp://``) diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst index af4b135867..337821612c 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst @@ -195,22 +195,45 @@ value. However, if ``A`` is not set, the variable is set to "aval". Setting a weak default value (??=) ---------------------------------- -It is possible to use a "weaker" assignment than in the previous section -by using the "??=" operator. This assignment behaves identical to "?=" -except that the assignment is made at the end of the parsing process -rather than immediately. Consequently, when multiple "??=" assignments -exist, the last one is used. Also, any "=" or "?=" assignment will -override the value set with "??=". Here is an example:: - - A ??= "somevalue" - A ??= "someothervalue" - -If ``A`` is set before the above statements are -parsed, the variable retains its value. If ``A`` is not set, the -variable is set to "someothervalue". - -Again, this assignment is a "lazy" or "weak" assignment because it does -not occur until the end of the parsing process. +The weak default value of a variable is the value which that variable +will expand to if no value has been assigned to it via any of the other +assignment operators. The "??=" operator takes effect immediately, replacing +any previously defined weak default value. Here is an example:: + + W ??= "x" + A := "${W}" # Immediate variable expansion + W ??= "y" + B := "${W}" # Immediate variable expansion + W ??= "z" + C = "${W}" + W ?= "i" + +After parsing we will have:: + + A = "x" + B = "y" + C = "i" + W = "i" + +Appending and prepending non-override style will not substitute the weak +default value, which means that after parsing:: + + W ??= "x" + W += "y" + +we will have:: + + W = " y" + +On the other hand, override-style appends/prepends/removes are applied after +any active weak default value has been substituted:: + + W ??= "x" + W:append = "y" + +After parsing we will have:: + + W = "xy" Immediate variable expansion (:=) --------------------------------- diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst index af4ff9805c..12aef3cbb7 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst @@ -401,7 +401,7 @@ overview of their function and contents. Example usage:: - BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687" + BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" :term:`BB_INVALIDCONF` Used in combination with the ``ConfigParsed`` event to trigger diff --git a/poky/bitbake/lib/bb/COW.py b/poky/bitbake/lib/bb/COW.py index 23c22b65ef..76bc08a3ea 100644 --- a/poky/bitbake/lib/bb/COW.py +++ b/poky/bitbake/lib/bb/COW.py @@ -3,6 +3,8 @@ # # Copyright (C) 2006 Tim Ansell # +# SPDX-License-Identifier: GPL-2.0-only +# # Please Note: # Be careful when using mutable types (ie Dict and Lists) - operations involving these are SLOW. # Assign a file to __warn__ to get warnings about slow operations. diff --git a/poky/bitbake/lib/bb/asyncrpc/__init__.py b/poky/bitbake/lib/bb/asyncrpc/__init__.py index c2f2b3c00b..9a85e9965b 100644 --- a/poky/bitbake/lib/bb/asyncrpc/__init__.py +++ b/poky/bitbake/lib/bb/asyncrpc/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/asyncrpc/client.py b/poky/bitbake/lib/bb/asyncrpc/client.py index 34960197d1..fa042bbe87 100644 --- a/poky/bitbake/lib/bb/asyncrpc/client.py +++ b/poky/bitbake/lib/bb/asyncrpc/client.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # @@ -29,7 +31,17 @@ class AsyncClient(object): async def connect_unix(self, path): async def connect_sock(): - return await asyncio.open_unix_connection(path) + # AF_UNIX has path length issues so chdir here to workaround + cwd = os.getcwd() + try: + os.chdir(os.path.dirname(path)) + # The socket must be opened synchronously so that CWD doesn't get + # changed out from underneath us so we pass as a sock into asyncio + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0) + sock.connect(os.path.basename(path)) + finally: + os.chdir(cwd) + return await asyncio.open_unix_connection(sock=sock) self._connect_sock = connect_sock @@ -148,14 +160,8 @@ class Client(object): setattr(self, m, self._get_downcall_wrapper(downcall)) def connect_unix(self, path): - # AF_UNIX has path length issues so chdir here to workaround - cwd = os.getcwd() - try: - os.chdir(os.path.dirname(path)) - self.loop.run_until_complete(self.client.connect_unix(os.path.basename(path))) - self.loop.run_until_complete(self.client.connect()) - finally: - os.chdir(cwd) + self.loop.run_until_complete(self.client.connect_unix(path)) + self.loop.run_until_complete(self.client.connect()) @property def max_chunk(self): diff --git a/poky/bitbake/lib/bb/asyncrpc/serv.py b/poky/bitbake/lib/bb/asyncrpc/serv.py index b4cffff213..e14df18e71 100644 --- a/poky/bitbake/lib/bb/asyncrpc/serv.py +++ b/poky/bitbake/lib/bb/asyncrpc/serv.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/codeparser.py b/poky/bitbake/lib/bb/codeparser.py index 3b3c3b41ff..9d66d3ae41 100644 --- a/poky/bitbake/lib/bb/codeparser.py +++ b/poky/bitbake/lib/bb/codeparser.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/compress/_pipecompress.py b/poky/bitbake/lib/bb/compress/_pipecompress.py index 5de17a82e2..4a403d62cf 100644 --- a/poky/bitbake/lib/bb/compress/_pipecompress.py +++ b/poky/bitbake/lib/bb/compress/_pipecompress.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # # Helper library to implement streaming compression and decompression using an diff --git a/poky/bitbake/lib/bb/compress/lz4.py b/poky/bitbake/lib/bb/compress/lz4.py index 0f6bc51a5b..88b0989322 100644 --- a/poky/bitbake/lib/bb/compress/lz4.py +++ b/poky/bitbake/lib/bb/compress/lz4.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/compress/zstd.py b/poky/bitbake/lib/bb/compress/zstd.py index 50c42133fb..cdbbe9d60f 100644 --- a/poky/bitbake/lib/bb/compress/zstd.py +++ b/poky/bitbake/lib/bb/compress/zstd.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py index 6da9291f9c..2adf4d297d 100644 --- a/poky/bitbake/lib/bb/cooker.py +++ b/poky/bitbake/lib/bb/cooker.py @@ -13,7 +13,6 @@ import sys, os, glob, os.path, re, time import itertools import logging import multiprocessing -import sre_constants import threading from io import StringIO, UnsupportedOperation from contextlib import closing @@ -1907,7 +1906,7 @@ class CookerCollectFiles(object): try: re.compile(mask) bbmasks.append(mask) - except sre_constants.error: + except re.error: collectlog.critical("BBMASK contains an invalid regular expression, ignoring: %s" % mask) # Then validate the combined regular expressions. This should never @@ -1915,7 +1914,7 @@ class CookerCollectFiles(object): bbmask = "|".join(bbmasks) try: bbmask_compiled = re.compile(bbmask) - except sre_constants.error: + except re.error: collectlog.critical("BBMASK is not a valid regular expression, ignoring: %s" % bbmask) bbmask = None diff --git a/poky/bitbake/lib/bb/daemonize.py b/poky/bitbake/lib/bb/daemonize.py index 4957bfd4b8..7689404436 100644 --- a/poky/bitbake/lib/bb/daemonize.py +++ b/poky/bitbake/lib/bb/daemonize.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/event.py b/poky/bitbake/lib/bb/event.py index df020551e3..97668601a1 100644 --- a/poky/bitbake/lib/bb/event.py +++ b/poky/bitbake/lib/bb/event.py @@ -132,8 +132,14 @@ def print_ui_queue(): if not _uiready: from bb.msg import BBLogFormatter # Flush any existing buffered content - sys.stdout.flush() - sys.stderr.flush() + try: + sys.stdout.flush() + except: + pass + try: + sys.stderr.flush() + except: + pass stdout = logging.StreamHandler(sys.stdout) stderr = logging.StreamHandler(sys.stderr) formatter = BBLogFormatter("%(levelname)s: %(message)s") diff --git a/poky/bitbake/lib/bb/exceptions.py b/poky/bitbake/lib/bb/exceptions.py index ecbad59970..801db9c82f 100644 --- a/poky/bitbake/lib/bb/exceptions.py +++ b/poky/bitbake/lib/bb/exceptions.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/fetch2/__init__.py b/poky/bitbake/lib/bb/fetch2/__init__.py index ac557176d7..a31406263f 100644 --- a/poky/bitbake/lib/bb/fetch2/__init__.py +++ b/poky/bitbake/lib/bb/fetch2/__init__.py @@ -1097,6 +1097,8 @@ def try_mirror_url(fetch, origud, ud, ld, check = False): def ensure_symlink(target, link_name): if not os.path.exists(link_name): + dirname = os.path.dirname(link_name) + bb.utils.mkdirhier(dirname) if os.path.islink(link_name): # Broken symbolic link os.unlink(link_name) diff --git a/poky/bitbake/lib/bb/fetch2/gitsm.py b/poky/bitbake/lib/bb/fetch2/gitsm.py index c5c23d5260..25d5db0e5b 100644 --- a/poky/bitbake/lib/bb/fetch2/gitsm.py +++ b/poky/bitbake/lib/bb/fetch2/gitsm.py @@ -88,7 +88,7 @@ class GitSM(Git): subrevision[m] = module_hash.split()[2] # Convert relative to absolute uri based on parent uri - if uris[m].startswith('..'): + if uris[m].startswith('..') or uris[m].startswith('./'): newud = copy.copy(ud) newud.path = os.path.realpath(os.path.join(newud.path, uris[m])) uris[m] = Git._get_repo_url(self, newud) @@ -115,6 +115,9 @@ class GitSM(Git): # This has to be a file reference proto = "file" url = "gitsm://" + uris[module] + if "{}{}".format(ud.host, ud.path) in url: + raise bb.fetch2.FetchError("Submodule refers to the parent repository. This will cause deadlock situation in current version of Bitbake." \ + "Consider using git fetcher instead.") url += ';protocol=%s' % proto url += ";name=%s" % module diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py index 8f7c10ac9b..8a179a339a 100644 --- a/poky/bitbake/lib/bb/fetch2/npm.py +++ b/poky/bitbake/lib/bb/fetch2/npm.py @@ -156,7 +156,7 @@ class Npm(FetchMethod): raise ParameterError("Invalid 'version' parameter", ud.url) # Extract the 'registry' part of the url - ud.registry = re.sub(r"^npm://", "http://", ud.url.split(";")[0]) + ud.registry = re.sub(r"^npm://", "https://", ud.url.split(";")[0]) # Using the 'downloadfilename' parameter as local filename # or the npm package name. diff --git a/poky/bitbake/lib/bb/fetch2/osc.py b/poky/bitbake/lib/bb/fetch2/osc.py index eb0f82c8e6..bf4c2f0511 100644 --- a/poky/bitbake/lib/bb/fetch2/osc.py +++ b/poky/bitbake/lib/bb/fetch2/osc.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # """ diff --git a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py index ee9bd760ce..68415735fd 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py @@ -178,10 +178,10 @@ def feeder(lineno, s, fn, root, statements, eof=False): if s and s[0] == '#': if len(__residue__) != 0 and __residue__[0][0] != "#": - bb.fatal("There is a comment on line %s of file %s (%s) which is in the middle of a multiline expression.\nBitbake used to ignore these but no longer does so, please fix your metadata as errors are likely as a result of this change." % (lineno, fn, s)) + bb.fatal("There is a comment on line %s of file %s:\n'''\n%s\n'''\nwhich is in the middle of a multiline expression. This syntax is invalid, please correct it." % (lineno, fn, s)) if len(__residue__) != 0 and __residue__[0][0] == "#" and (not s or s[0] != "#"): - bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s)) + bb.fatal("There is a confusing multiline partially commented expression on line %s of file %s:\n%s\nPlease clarify whether this is all a comment or should be parsed." % (lineno - len(__residue__), fn, "\n".join(__residue__))) if s and s[-1] == '\\': __residue__.append(s[:-1]) diff --git a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py index b895d5b5ef..451e68dd66 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py @@ -125,16 +125,21 @@ def handle(fn, data, include): s = f.readline() if not s: break + origlineno = lineno + origline = s w = s.strip() # skip empty lines if not w: continue s = s.rstrip() while s[-1] == '\\': - s2 = f.readline().rstrip() + line = f.readline() + origline += line + s2 = line.rstrip() lineno = lineno + 1 if (not s2 or s2 and s2[0] != "#") and s[0] == "#" : - bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s)) + bb.fatal("There is a confusing multiline, partially commented expression starting on line %s of file %s:\n%s\nPlease clarify whether this is all a comment or should be parsed." % (origlineno, fn, origline)) + s = s[:-1] + s2 # skip comments if s[0] == '#': @@ -147,8 +152,6 @@ def handle(fn, data, include): if oldfile: data.setVar('FILE', oldfile) - f.close() - for f in confFilters: f(fn, data) diff --git a/poky/bitbake/lib/bb/process.py b/poky/bitbake/lib/bb/process.py index be2c15a188..4c7b6d39df 100644 --- a/poky/bitbake/lib/bb/process.py +++ b/poky/bitbake/lib/bb/process.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index f34f1568e2..48e25401ba 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -24,6 +24,7 @@ import pickle from multiprocessing import Process import shlex import pprint +import time bblogger = logging.getLogger("BitBake") logger = logging.getLogger("BitBake.RunQueue") @@ -159,6 +160,55 @@ class RunQueueScheduler(object): self.buildable.append(tid) self.rev_prio_map = None + self.is_pressure_usable() + + def is_pressure_usable(self): + """ + If monitoring pressure, return True if pressure files can be open and read. For example + openSUSE /proc/pressure/* files have readable file permissions but when read the error EOPNOTSUPP (Operation not supported) + is returned. + """ + if self.rq.max_cpu_pressure or self.rq.max_io_pressure or self.rq.max_memory_pressure: + try: + with open("/proc/pressure/cpu") as cpu_pressure_fds, \ + open("/proc/pressure/io") as io_pressure_fds, \ + open("/proc/pressure/memory") as memory_pressure_fds: + + self.prev_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1] + self.prev_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1] + self.prev_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1] + self.prev_pressure_time = time.time() + self.check_pressure = True + except: + bb.note("The /proc/pressure files can't be read. Continuing build without monitoring pressure") + self.check_pressure = False + else: + self.check_pressure = False + + def exceeds_max_pressure(self): + """ + Monitor the difference in total pressure at least once per second, if + BB_PRESSURE_MAX_{CPU|IO|MEMORY} are set, return True if above threshold. + """ + if self.check_pressure: + with open("/proc/pressure/cpu") as cpu_pressure_fds, \ + open("/proc/pressure/io") as io_pressure_fds, \ + open("/proc/pressure/memory") as memory_pressure_fds: + # extract "total" from /proc/pressure/{cpu|io} + curr_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1] + curr_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1] + curr_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1] + exceeds_cpu_pressure = self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure + exceeds_io_pressure = self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure + exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure + now = time.time() + if now - self.prev_pressure_time > 1.0: + self.prev_cpu_pressure = curr_cpu_pressure + self.prev_io_pressure = curr_io_pressure + self.prev_memory_pressure = curr_memory_pressure + self.prev_pressure_time = now + return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure) + return False def next_buildable_task(self): """ @@ -172,6 +222,12 @@ class RunQueueScheduler(object): if not buildable: return None + # Bitbake requires that at least one task be active. Only check for pressure if + # this is the case, otherwise the pressure limitation could result in no tasks + # being active and no new tasks started thereby, at times, breaking the scheduler. + if self.rq.stats.active and self.exceeds_max_pressure(): + return None + # Filter out tasks that have a max number of threads that have been exceeded skip_buildable = {} for running in self.rq.runq_running.difference(self.rq.runq_complete): @@ -1699,6 +1755,9 @@ class RunQueueExecute: self.number_tasks = int(self.cfgData.getVar("BB_NUMBER_THREADS") or 1) self.scheduler = self.cfgData.getVar("BB_SCHEDULER") or "speed" + self.max_cpu_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_CPU") + self.max_io_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_IO") + self.max_memory_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_MEMORY") self.sq_buildable = set() self.sq_running = set() @@ -1733,6 +1792,29 @@ class RunQueueExecute: if self.number_tasks <= 0: bb.fatal("Invalid BB_NUMBER_THREADS %s" % self.number_tasks) + lower_limit = 1.0 + upper_limit = 1000000.0 + if self.max_cpu_pressure: + self.max_cpu_pressure = float(self.max_cpu_pressure) + if self.max_cpu_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_CPU %s, minimum value is %s." % (self.max_cpu_pressure, lower_limit)) + if self.max_cpu_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_CPU is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_cpu_pressure)) + + if self.max_io_pressure: + self.max_io_pressure = float(self.max_io_pressure) + if self.max_io_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_IO %s, minimum value is %s." % (self.max_io_pressure, lower_limit)) + if self.max_io_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_IO is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure)) + + if self.max_memory_pressure: + self.max_memory_pressure = float(self.max_memory_pressure) + if self.max_memory_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_MEMORY %s, minimum value is %s." % (self.max_memory_pressure, lower_limit)) + if self.max_memory_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_MEMORY is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure)) + # List of setscene tasks which we've covered self.scenequeue_covered = set() # List of tasks which are covered (including setscene ones) @@ -2172,10 +2254,9 @@ class RunQueueExecute: # No more tasks can be run. If we have deferred setscene tasks we should run them. if self.sq_deferred: - tid = self.sq_deferred.pop(list(self.sq_deferred.keys())[0]) - logger.warning("Runqeueue deadlocked on deferred tasks, forcing task %s" % tid) - if tid not in self.runq_complete: - self.sq_task_failoutright(tid) + deferred_tid = list(self.sq_deferred.keys())[0] + blocking_tid = self.sq_deferred.pop(deferred_tid) + logger.warning("Runqeueue deadlocked on deferred tasks, forcing task %s blocked by %s" % (deferred_tid, blocking_tid)) return True if self.failed_tids: @@ -2299,6 +2380,9 @@ class RunQueueExecute: self.rqdata.runtaskentries[hashtid].unihash = unihash bb.parse.siggen.set_unihash(hashtid, unihash) toprocess.add(hashtid) + if torehash: + # Need to save after set_unihash above + bb.parse.siggen.save_unitaskhashes() # Work out all tasks which depend upon these total = set() @@ -2438,11 +2522,14 @@ class RunQueueExecute: if update_tasks: self.sqdone = False - for tid in [t[0] for t in update_tasks]: - h = pending_hash_index(tid, self.rqdata) - if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]: - self.sq_deferred[tid] = self.sqdata.hashes[h] - bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h])) + for mc in sorted(self.sqdata.multiconfigs): + for tid in sorted([t[0] for t in update_tasks]): + if mc_from_tid(tid) != mc: + continue + h = pending_hash_index(tid, self.rqdata) + if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]: + self.sq_deferred[tid] = self.sqdata.hashes[h] + bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h])) update_scenequeue_data([t[0] for t in update_tasks], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False) for (tid, harddepfail, origvalid) in update_tasks: diff --git a/poky/bitbake/lib/bb/siggen.py b/poky/bitbake/lib/bb/siggen.py index 9fa568f614..9a20fc8e5f 100644 --- a/poky/bitbake/lib/bb/siggen.py +++ b/poky/bitbake/lib/bb/siggen.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # @@ -419,7 +421,7 @@ class SignatureGeneratorBasic(SignatureGenerator): bb.error("Taskhash mismatch %s versus %s for %s" % (computed_taskhash, self.taskhash[tid], tid)) sigfile = sigfile.replace(self.taskhash[tid], computed_taskhash) - fd, tmpfile = tempfile.mkstemp(dir=os.path.dirname(sigfile), prefix="sigtask.") + fd, tmpfile = bb.utils.mkstemp(dir=os.path.dirname(sigfile), prefix="sigtask.") try: with bb.compress.zstd.open(fd, "wt", encoding="utf-8", num_threads=1) as f: json.dump(data, f, sort_keys=True, separators=(",", ":"), cls=SetEncoder) diff --git a/poky/bitbake/lib/bb/tests/compression.py b/poky/bitbake/lib/bb/tests/compression.py index d3ddf67f1c..95af3f96d7 100644 --- a/poky/bitbake/lib/bb/tests/compression.py +++ b/poky/bitbake/lib/bb/tests/compression.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/tests/cooker.py b/poky/bitbake/lib/bb/tests/cooker.py index c82d4b7b81..9e524ae345 100644 --- a/poky/bitbake/lib/bb/tests/cooker.py +++ b/poky/bitbake/lib/bb/tests/cooker.py @@ -1,6 +1,8 @@ # # BitBake Tests for cooker.py # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/tests/parse.py b/poky/bitbake/lib/bb/tests/parse.py index 2898f9bb14..1a3b74934d 100644 --- a/poky/bitbake/lib/bb/tests/parse.py +++ b/poky/bitbake/lib/bb/tests/parse.py @@ -194,3 +194,26 @@ deltask ${EMPTYVAR} self.assertTrue('addtask ignored: " do_patch"' in stdout) #self.assertTrue('dependent task do_foo for do_patch does not exist' in stdout) + broken_multiline_comment = """ +# First line of comment \\ +# Second line of comment \\ + +""" + def test_parse_broken_multiline_comment(self): + f = self.parsehelper(self.broken_multiline_comment) + with self.assertRaises(bb.BBHandledException): + d = bb.parse.handle(f.name, self.d)[''] + + + comment_in_var = """ +VAR = " \\ + SOMEVAL \\ +# some comment \\ + SOMEOTHERVAL \\ +" +""" + def test_parse_comment_in_var(self): + f = self.parsehelper(self.comment_in_var) + with self.assertRaises(bb.BBHandledException): + d = bb.parse.handle(f.name, self.d)[''] + diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py index d11da978d7..92d44c5260 100644 --- a/poky/bitbake/lib/bb/utils.py +++ b/poky/bitbake/lib/bb/utils.py @@ -28,6 +28,8 @@ import signal import collections import copy import ctypes +import random +import tempfile from subprocess import getstatusoutput from contextlib import contextmanager from ctypes import cdll @@ -429,12 +431,14 @@ def better_eval(source, locals, extraglobals = None): return eval(source, ctx, locals) @contextmanager -def fileslocked(files): +def fileslocked(files, *args, **kwargs): """Context manager for locking and unlocking file locks.""" locks = [] if files: for lockfile in files: - locks.append(bb.utils.lockfile(lockfile)) + l = bb.utils.lockfile(lockfile, *args, **kwargs) + if l is not None: + locks.append(l) try: yield @@ -692,8 +696,8 @@ def remove(path, recurse=False, ionice=False): return if recurse: for name in glob.glob(path): - if _check_unsafe_delete_path(path): - raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % path) + if _check_unsafe_delete_path(name): + raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % name) # shutil.rmtree(name) would be ideal but its too slow cmd = [] if ionice: @@ -751,7 +755,7 @@ def movefile(src, dest, newmtime = None, sstat = None): if not sstat: sstat = os.lstat(src) except Exception as e: - print("movefile: Stating source file failed...", e) + logger.warning("movefile: Stating source file failed...", e) return None destexists = 1 @@ -779,7 +783,7 @@ def movefile(src, dest, newmtime = None, sstat = None): os.unlink(src) return os.lstat(dest) except Exception as e: - print("movefile: failed to properly create symlink:", dest, "->", target, e) + logger.warning("movefile: failed to properly create symlink:", dest, "->", target, e) return None renamefailed = 1 @@ -796,7 +800,7 @@ def movefile(src, dest, newmtime = None, sstat = None): except Exception as e: if e.errno != errno.EXDEV: # Some random error. - print("movefile: Failed to move", src, "to", dest, e) + logger.warning("movefile: Failed to move", src, "to", dest, e) return None # Invalid cross-device-link 'bind' mounted or actually Cross-Device @@ -808,13 +812,13 @@ def movefile(src, dest, newmtime = None, sstat = None): bb.utils.rename(destpath + "#new", destpath) didcopy = 1 except Exception as e: - print('movefile: copy', src, '->', dest, 'failed.', e) + logger.warning('movefile: copy', src, '->', dest, 'failed.', e) return None else: #we don't yet handle special, so we need to fall back to /bin/mv a = getstatusoutput("/bin/mv -f " + "'" + src + "' '" + dest + "'") if a[0] != 0: - print("movefile: Failed to move special file:" + src + "' to '" + dest + "'", a) + logger.warning("movefile: Failed to move special file:" + src + "' to '" + dest + "'", a) return None # failure try: if didcopy: @@ -822,7 +826,7 @@ def movefile(src, dest, newmtime = None, sstat = None): os.chmod(destpath, stat.S_IMODE(sstat[stat.ST_MODE])) # Sticky is reset on chown os.unlink(src) except Exception as e: - print("movefile: Failed to chown/chmod/unlink", dest, e) + logger.warning("movefile: Failed to chown/chmod/unlink", dest, e) return None if newmtime: @@ -1754,3 +1758,22 @@ def is_local_uid(uid=''): if str(uid) == line_split[2]: return True return False + +def mkstemp(suffix=None, prefix=None, dir=None, text=False): + """ + Generates a unique filename, independent of time. + + mkstemp() in glibc (at least) generates unique file names based on the + current system time. When combined with highly parallel builds, and + operating over NFS (e.g. shared sstate/downloads) this can result in + conflicts and race conditions. + + This function adds additional entropy to the file name so that a collision + is independent of time and thus extremely unlikely. + """ + entropy = "".join(random.choices("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890", k=20)) + if prefix: + prefix = prefix + entropy + else: + prefix = tempfile.gettempprefix() + entropy + return tempfile.mkstemp(suffix=suffix, prefix=prefix, dir=dir, text=text) diff --git a/poky/bitbake/lib/bblayers/__init__.py b/poky/bitbake/lib/bblayers/__init__.py index 4e7c09da04..78efd29750 100644 --- a/poky/bitbake/lib/bblayers/__init__.py +++ b/poky/bitbake/lib/bblayers/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/action.py b/poky/bitbake/lib/bblayers/action.py index 6723e2c605..454c251410 100644 --- a/poky/bitbake/lib/bblayers/action.py +++ b/poky/bitbake/lib/bblayers/action.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/common.py b/poky/bitbake/lib/bblayers/common.py index 6c76ef3505..f7b9cee371 100644 --- a/poky/bitbake/lib/bblayers/common.py +++ b/poky/bitbake/lib/bblayers/common.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/layerindex.py b/poky/bitbake/lib/bblayers/layerindex.py index 7936516209..0ac8fd2ec7 100644 --- a/poky/bitbake/lib/bblayers/layerindex.py +++ b/poky/bitbake/lib/bblayers/layerindex.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/query.py b/poky/bitbake/lib/bblayers/query.py index 525d4f0d47..9142ec4474 100644 --- a/poky/bitbake/lib/bblayers/query.py +++ b/poky/bitbake/lib/bblayers/query.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/__init__.py b/poky/bitbake/lib/prserv/__init__.py index 9961040b58..38ced818ad 100644 --- a/poky/bitbake/lib/prserv/__init__.py +++ b/poky/bitbake/lib/prserv/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/client.py b/poky/bitbake/lib/prserv/client.py index a3f19ddafc..69ab7a4ac9 100644 --- a/poky/bitbake/lib/prserv/client.py +++ b/poky/bitbake/lib/prserv/client.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/db.py b/poky/bitbake/lib/prserv/db.py index 2710d4a225..b4bda7078c 100644 --- a/poky/bitbake/lib/prserv/db.py +++ b/poky/bitbake/lib/prserv/db.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/serv.py b/poky/bitbake/lib/prserv/serv.py index 0a20b927c7..c686b2065c 100644 --- a/poky/bitbake/lib/prserv/serv.py +++ b/poky/bitbake/lib/prserv/serv.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/toaster/manage.py b/poky/bitbake/lib/toaster/manage.py index ae32619d12..f8de49c264 100755 --- a/poky/bitbake/lib/toaster/manage.py +++ b/poky/bitbake/lib/toaster/manage.py @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml index ed86114ebe..20fcc01767 100644 --- a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml +++ b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml @@ -42,7 +42,7 @@ <!-- Releases available --> <object model="orm.release" pk="1"> <field type="CharField" name="name">kirkstone</field> - <field type="CharField" name="description">Yocto Project 3.5 "Kirkstone"</field> + <field type="CharField" name="description">Yocto Project 4.0 "Kirkstone"</field> <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">1</field> <field type="CharField" name="branch_name">kirkstone</field> <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=kirkstone">Yocto Project Kirkstone branch</a>.</field> diff --git a/poky/documentation/brief-yoctoprojectqs/index.rst b/poky/documentation/brief-yoctoprojectqs/index.rst index a982eae207..cef91c6476 100644 --- a/poky/documentation/brief-yoctoprojectqs/index.rst +++ b/poky/documentation/brief-yoctoprojectqs/index.rst @@ -64,6 +64,7 @@ following requirements: - tar &MIN_TAR_VERSION; or greater - Python &MIN_PYTHON_VERSION; or greater. - gcc &MIN_GCC_VERSION; or greater. + - GNU make &MIN_MAKE_VERSION; or greater If your build host does not meet any of these three listed version requirements, you can take steps to prepare the system so that you diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst index b228c75aab..fbe8a29896 100644 --- a/poky/documentation/dev-manual/common-tasks.rst +++ b/poky/documentation/dev-manual/common-tasks.rst @@ -2562,7 +2562,7 @@ Recipe Syntax Understanding recipe file syntax is important for writing recipes. The following list overviews the basic items that make up a BitBake recipe file. For more complete BitBake syntax descriptions, see the -":doc:`bitbake-user-manual/bitbake-user-manual-metadata`" +":doc:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata`" chapter of the BitBake User Manual. - *Variable Assignments and Manipulations:* Variable assignments allow diff --git a/poky/documentation/migration-guides/release-3.4.rst b/poky/documentation/migration-guides/release-3.4.rst index 81476c4adb..66023108c7 100644 --- a/poky/documentation/migration-guides/release-3.4.rst +++ b/poky/documentation/migration-guides/release-3.4.rst @@ -7,4 +7,6 @@ Release 3.4 (honister) release-notes-3.4 release-notes-3.4.1 release-notes-3.4.2 + release-notes-3.4.3 + release-notes-3.4.4 diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index 7062f9d241..9f67daaffb 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -5,3 +5,7 @@ Release 4.0 (kirkstone) migration-4.0 release-notes-4.0 + release-notes-4.0.1 + release-notes-4.0.2 + release-notes-4.0.3 + release-notes-4.0.4 diff --git a/poky/documentation/migration-guides/release-notes-3.4.3.rst b/poky/documentation/migration-guides/release-notes-3.4.3.rst new file mode 100644 index 0000000000..5e118d9b02 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-3.4.3.rst @@ -0,0 +1,197 @@ +Release notes for 3.4.3 (honister) +---------------------------------- + +Security Fixes in 3.4.3 +~~~~~~~~~~~~~~~~~~~~~~~ + +- ghostscript: fix :cve:`2021-3781` +- ghostscript: fix :cve:`2021-45949` +- tiff: Add backports for two CVEs from upstream (:cve:`2022-0561` & :cve:`2022-0562`) +- gcc : Fix :cve:`2021-46195` +- virglrenderer: fix `CVE-2022-0135 <https://security-tracker.debian.org/tracker/CVE-2022-0135>`__ and `CVE-2022-0175 <https://security-tracker.debian.org/tracker/CVE-2022-0175>`__ +- binutils: Add fix for :cve:`2021-45078` + + +Fixes in 3.4.3 +~~~~~~~~~~~~~~ + +- Revert "cve-check: add lockfile to task" +- asciidoc: update git repository +- bitbake: build: Tweak exception handling for setscene tasks +- bitbake: contrib: Fix hash server Dockerfile dependencies +- bitbake: cooker: Improve parsing failure from handled exception usability +- bitbake: data_smart: Fix overrides file/line message additions +- bitbake: fetch2: ssh: username and password are optional +- bitbake: tests/fetch: Handle upstream master -> main branch change +- bitbake: utils: Ensure shell function failure in python logging is correct +- build-appliance-image: Update to honister head revision +- build-appliance-image: Update to honister head revision +- coreutils: remove obsolete ignored CVE list +- crate-fetch: fix setscene failures +- cups: Add --with-dbusdir to EXTRA_OECONF for deterministic build +- cve-check: create directory of CVE_CHECK_MANIFEST before copy +- cve-check: get_cve_info should open the database read-only +- default-distrovars.inc: Switch connectivity check to a yoctoproject.org page +- depmodwrapper-cross: add config directory option +- devtool: deploy-target: Remove stripped binaries in pseudo context +- devtool: explicitly set main or master branches in upgrades when available +- docs: fix hardcoded link warning messages +- documentation: conf.py: update for 3.4.2 +- documentation: prepare for 3.4.3 release +- expat: Upgrade to 2.4.7 +- gcc-target: fix glob to remove gcc-<version> binary +- gcsections: add nativesdk-cairo to exclude list +- go: update to 1.16.15 +- gst-devtools: 1.18.5 -> 1.18.6 +- gst-examples: 1.18.5 -> 1.18.6 +- gstreamer1.0-libav: 1.18.5 -> 1.18.6 +- gstreamer1.0-omx: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-bad: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-base: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-good: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-ugly: 1.18.5 -> 1.18.6 +- gstreamer1.0-python: 1.18.5 -> 1.18.6 +- gstreamer1.0-rtsp-server: 1.18.5 -> 1.18.6 +- gstreamer1.0-vaapi: 1.18.5 -> 1.18.6 +- gstreamer1.0: 1.18.5 -> 1.18.6 +- harfbuzz: upgrade 2.9.0 -> 2.9.1 +- initramfs-framework: unmount automounts before switch_root +- kernel-devsrc: do not copy Module.symvers file during install +- libarchive : update to 3.5.3 +- libpcap: Disable DPDK explicitly +- libxml-parser-perl: Add missing RDEPENDS +- linux-firmware: upgrade 20211216 -> 20220209 +- linux-yocto/5.10: Fix ramoops/ftrace +- linux-yocto/5.10: features/zram: remove CONFIG_ZRAM_DEF_COMP +- linux-yocto/5.10: fix dssall build error with binutils 2.3.8 +- linux-yocto/5.10: ppc/riscv: fix build with binutils 2.3.8 +- linux-yocto/5.10: update genericx86* machines to v5.10.99 +- linux-yocto/5.10: update to v5.10.103 +- mc: fix build if ncurses have been configured without wide characters +- oeqa/buildtools: Switch to our webserver instead of example.com +- patch.py: Prevent git repo reinitialization +- perl: Improve and update module RPDEPENDS +- poky.conf: bump version for 3.4.3 honister release +- qemuboot: Fix build error if UNINATIVE_LOADER is unset +- quilt: Disable external sendmail for deterministic build +- recipetool: Fix circular reference in SRC_URI +- releases: update to include 3.3.5 +- releases: update to include 3.4.2 +- rootfs-postcommands: amend systemd_create_users add user to group check +- ruby: update 3.0.2 -> 3.0.3 +- scripts/runqemu-ifdown: Don't treat the last iptables command as special +- sdk: fix search for dynamic loader +- selftest: recipetool: Correct the URI for socat +- sstate: inside the threadedpool don't write to the shared localdata +- uninative: Upgrade to 3.5 +- util-linux: upgrade to 2.37.4 +- vim: Update to 8.2.4524 for further CVE fixes +- wic: Use custom kernel path if provided +- wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 +- zip: modify when match.S is built + +Contributors to 3.4.3 +~~~~~~~~~~~~~~~~~~~~~ + +- Alexander Kanavin +- Anuj Mittal +- Bill Pittman +- Bruce Ashfield +- Chee Yang Lee +- Christian Eggers +- Daniel Gomez +- Daniel Müller +- Daniel Wagenknecht +- Florian Amstutz +- Joe Slater +- Jose Quaresma +- Justin Bronder +- Lee Chee Yang +- Michael Halstead +- Michael Opdenacker +- Oleksandr Ocheretnyi +- Oleksandr Suvorov +- Pavel Zhukov +- Peter Kjellerstedt +- Richard Purdie +- Robert Yang +- Ross Burton +- Sakib Sajal +- Saul Wold +- Sean Anderson +- Stefan Herbrechtsmeier +- Tamizharasan Kumar +- Tean Cunningham +- Zoltán Böszörményi +- pgowda +- wangmy + +Repositories / Downloads for 3.4.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/poky/ +- Branch: :yocto_git:`honister </poky/log/?h=honister>` +- Tag: `yocto-3.4.3 <https://git.yoctoproject.org/poky/tag/?h=yocto-3.4.3>`__ +- Git Revision: :yocto_git:`ee68ae307fd951b9de6b31dc6713ea29186b7749 </poky/commit/?id=ee68ae307fd951b9de6b31dc6713ea29186b7749>` +- Release Artefact: poky-ee68ae307fd951b9de6b31dc6713ea29186b7749 +- sha: 92c3d73c3e74f0e1d5c2ab2836ce3a3accbe47772cea70df3755845e0db1379b +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/poky-ee68ae307fd951b9de6b31dc6713ea29186b7749.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/poky-ee68ae307fd951b9de6b31dc6713ea29186b7749.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`honister </openembedded-core/log/?h=honister>` +- Tag: :oe_git:`yocto-3.4.3 </openembedded-core/tag/?h=yocto-3.4.3>` +- Git Revision: :oe_git:`ebca8f3ac9372b7ebb3d39e8f7f930b63b481448 </openembedded-core/commit/?id=ebca8f3ac9372b7ebb3d39e8f7f930b63b481448>` +- Release Artefact: oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448 +- sha: f28e503f6f6c0bcd9192dbd528f8e3c7bcea504c089117e0094d9a4f315f4b9f +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/meta-mingw +- Branch: :yocto_git:`honister </meta-mingw/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.3 </meta-mingw/tag/?h=yocto-3.4.3>` +- Git Revision: :yocto_git:`f5d761cbd5c957e4405c5d40b0c236d263c916a8 </meta-mingw/commit/?id=f5d761cbd5c957e4405c5d40b0c236d263c916a8>` +- Release Artefact: meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8 +- sha: d4305d638ef80948584526c8ca386a8cf77933dffb8a3b8da98d26a5c40fcc11 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/meta-gplv2 +- Branch: :yocto_git:`honister </meta-gplv2/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.3 </meta-gplv2/tag/?h=yocto-3.4.3>` +- Git Revision: :yocto_git:`f04e4369bf9dd3385165281b9fa2ed1043b0e400 </meta-gplv2/commit/?id=f04e4369bf9dd3385165281b9fa2ed1043b0e400>` +- Release Artefact: meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400 +- sha: ef8e2b1ec1fb43dbee4ff6990ac736315c7bc2d8c8e79249e1d337558657d3fe +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`1.52 </bitbake/log/?h=1.52>` +- Tag: :oe_git:`yocto-3.4.3 </bitbake/tag/?h=yocto-3.4.3>` +- Git Revision: :oe_git:`43dcb2b2a2b95a5c959be57bca94fb7190ea6257 </bitbake/commit/?id=43dcb2b2a2b95a5c959be57bca94fb7190ea6257>` +- Release Artefact: bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257 +- sha: 92497ff97fed81dcc6d3e202969fb63ca983a8f5d9d91cafc6aee88312f79cf9 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/yocto-docs +- Branch: :yocto_git:`honister </yocto-docs/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.3 </yocto-docs/tag/?h=yocto-3.4.3>` +- Git Revision: :yocto_git:`15f46f97d9cad558c19fc1dc19cfbe3720271d04 </yocto-docs/commit/?15f46f97d9cad558c19fc1dc19cfbe3720271d04>` diff --git a/poky/documentation/migration-guides/release-notes-3.4.4.rst b/poky/documentation/migration-guides/release-notes-3.4.4.rst new file mode 100644 index 0000000000..91beba0062 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-3.4.4.rst @@ -0,0 +1,155 @@ +Release notes for 3.4.4 (honister) +---------------------------------- + +Security Fixes in 3.4.4 +~~~~~~~~~~~~~~~~~~~~~~~ + +- tiff: fix :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909` and :cve:`2022-0924` +- xz: fix `CVE-2022-1271 <https://security-tracker.debian.org/tracker/CVE-2022-1271>`__ +- unzip: fix `CVE-2021-4217 <https://security-tracker.debian.org/tracker/CVE-2021-4217>`__ +- zlib: fix :cve:`2018-25032` +- grub: ignore :cve:`2021-46705` + +Fixes in 3.4.4 +~~~~~~~~~~~~~~ + +- alsa-tools: Ensure we install correctly +- bitbake.conf: mark all directories as safe for git to read +- bitbake: knotty: display active tasks when printing keepAlive() message +- bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes +- bitbake: server/process: Disable gc around critical section +- bitbake: server/xmlrpcserver: Add missing xmlrpcclient import +- bitbake: toaster: Fix IMAGE_INSTALL issues with _append vs :append +- bitbake: toaster: fixtures replace gatesgarth +- build-appliance-image: Update to honister head revision +- conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py +- conf/machine: fix QEMU x86 sound options +- devupstream: fix handling of SRC_URI +- documentation: update for 3.4.4 release +- externalsrc/devtool: Fix to work with fixed export funcition flags handling +- gmp: add missing COPYINGv3 +- gnu-config: update SRC_URI +- libxml2: fix CVE-2022-23308 regression +- libxml2: move to gitlab.gnome.org +- libxml2: update to 2.9.13 +- libxshmfence: Correct LICENSE to HPND +- license_image.bbclass: close package.manifest file +- linux-firmware: correct license for ar3k firmware +- linux-firmware: upgrade 20220310 -> 20220411 +- linux-yocto-rt/5.10: update to -rt61 +- linux-yocto/5.10: cfg/debug: add configs for kcsan +- linux-yocto/5.10: split vtpm for more granular inclusion +- linux-yocto/5.10: update to v5.10.109 +- linux-yocto: nohz_full boot arg fix +- oe-pkgdata-util: Adapt to the new variable override syntax +- oeqa/selftest/devtool: ensure Git username is set before upgrade tests +- poky.conf: bump version for 3.4.4 release +- pseudo: Add patch to workaround paths with crazy lengths +- pseudo: Fix handling of absolute links +- sanity: Add warning for local hasheqiv server with remote sstate mirrors +- scripts/runqemu: Fix memory limits for qemux86-64 +- shadow-native: Simplify and fix syslog disable patch +- tiff: Add marker for CVE-2022-1056 being fixed +- toaster: Fix broken overrides usage +- u-boot: Inherit pkgconfig +- uninative: Upgrade to 3.6 with gcc 12 support +- vim: Upgrade 8.2.4524 -> 8.2.4681 +- virglrenderer: update SRC_URI +- webkitgtk: update to 2.32.4 +- wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 + +Known Issues +~~~~~~~~~~~~ + +There were a couple of known autobuilder intermittent bugs that occurred during release testing but these are not regressions in the release. + +Contributors to 3.4.4 +~~~~~~~~~~~~~~~~~~~~~ + +- Alexandre Belloni +- Anuj Mittal +- Bruce Ashfield +- Chee Yang Lee +- Dmitry Baryshkov +- Joe Slater +- Konrad Weihmann +- Martin Jansa +- Michael Opdenacker +- Minjae Kim +- Peter Kjellerstedt +- Ralph Siemsen +- Richard Purdie +- Ross Burton +- Tim Orling +- wangmy +- zhengruoqin + +Repositories / Downloads for 3.4.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/poky/ +- Branch: :yocto_git:`honister </poky/log/?h=honister>` +- Tag: `yocto-3.4.4 <https://git.yoctoproject.org/poky/tag/?h=yocto-3.4.4>`__ +- Git Revision: :yocto_git:`780eeec8851950ee6ac07a2a398ba937206bd2e4 </poky/commit/?id=780eeec8851950ee6ac07a2a398ba937206bd2e4>` +- Release Artefact: poky-780eeec8851950ee6ac07a2a398ba937206bd2e4 +- sha: 09558927064454ec2492da376156b716d9fd14aae57196435d742db7bfdb4b95 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/poky-780eeec8851950ee6ac07a2a398ba937206bd2e4.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/poky-780eeec8851950ee6ac07a2a398ba937206bd2e4.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`honister </openembedded-core/log/?h=honister>` +- Tag: :oe_git:`yocto-3.4.4 </openembedded-core/tag/?h=yocto-3.4.4>` +- Git Revision: :oe_git:`1a6f5e27249afb6fb4d47c523b62b5dd2482a69d </openembedded-core/commit/?id=1a6f5e27249afb6fb4d47c523b62b5dd2482a69d>` +- Release Artefact: oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d +- sha: b8354ca457756384139a579b9e51f1ba854013c99add90c0c4c6ef68421fede5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/meta-mingw +- Branch: :yocto_git:`honister </meta-mingw/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.4 </meta-mingw/tag/?h=yocto-3.4.4>` +- Git Revision: :yocto_git:`f5d761cbd5c957e4405c5d40b0c236d263c916a8 </meta-mingw/commit/?id=f5d761cbd5c957e4405c5d40b0c236d263c916a8>` +- Release Artefact: meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8 +- sha: d4305d638ef80948584526c8ca386a8cf77933dffb8a3b8da98d26a5c40fcc11 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/meta-gplv2 +- Branch: :yocto_git:`honister </meta-gplv2/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.4 </meta-gplv2/tag/?h=yocto-3.4.4>` +- Git Revision: :yocto_git:`f04e4369bf9dd3385165281b9fa2ed1043b0e400 </meta-gplv2/commit/?id=f04e4369bf9dd3385165281b9fa2ed1043b0e400>` +- Release Artefact: meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400 +- sha: ef8e2b1ec1fb43dbee4ff6990ac736315c7bc2d8c8e79249e1d337558657d3fe +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`1.52 </bitbake/log/?h=1.52>` +- Tag: :oe_git:`yocto-3.4.4 </bitbake/tag/?h=yocto-3.4.3>` +- Git Revision: :oe_git:`c2d8f9b2137bd4a98eb0f51519493131773e7517 </bitbake/commit/?id=c2d8f9b2137bd4a98eb0f51519493131773e7517>` +- Release Artefact: bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517 +- sha: a8b6217f2d63975bbf49f430e11046608023ee2827faa893b15d9a0d702cf833 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/yocto-docs +- Branch: :yocto_git:`honister </yocto-docs/log/?h=honister>` +- Tag: :yocto_git:`yocto-3.4.4 </yocto-docs/tag/?h=yocto-3.4.4>` +- Git Revision: :yocto_git:`5ead7d39aaf9044078dff27f462e29a8e31d89e4 </yocto-docs/commit/?5ead7d39aaf9044078dff27f462e29a8e31d89e4>` diff --git a/poky/documentation/migration-guides/release-notes-4.0.1.rst b/poky/documentation/migration-guides/release-notes-4.0.1.rst new file mode 100644 index 0000000000..81da6e5f2d --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.1.rst @@ -0,0 +1,248 @@ +Release notes for 4.0.1 (kirkstone) +----------------------------------- + +Security Fixes in 4.0.1 +~~~~~~~~~~~~~~~~~~~~~~~ + +- linux-yocto/5.15: fix :cve:`2022-28796` +- python3: ignore :cve:`2015-20107` +- e2fsprogs: fix :cve:`2022-1304` +- lua: fix :cve:`2022-28805` +- busybox: fix :cve:`2022-28391` + +Fixes in 4.0.1 +~~~~~~~~~~~~~~ + +- abi_version/sstate: Bump hashequiv and sstate versions due to git changes +- apt: add apt selftest to test signed package feeds +- apt: upgrade 2.4.4 -> 2.4.5 +- arch-armv8-2a.inc: fix a typo in TUNEVALID variable +- babeltrace: Disable warnings as errors +- base: Avoid circular references to our own scripts +- base: Drop git intercept +- build-appliance-image: Update to kirkstone head revision +- build-appliance: Switch to kirkstone branch +- buildtools-tarball: Only add cert envvars if certs are included +- busybox: Use base_bindir instead of hardcoding /bin path +- cases/buildepoxy.py: fix typo +- create-spdx: delete virtual/kernel dependency to fix FreeRTOS build +- create-spdx: fix error when symlink cannot be created +- cve-check: add JSON format to summary output +- cve-check: fix symlinks where link and output path are equal +- cve-check: no need to depend on the fetch task +- cve-update-db-native: let the user to drive the update interval +- cve-update-db-native: update the CVE database once a day only +- cve_check: skip remote patches that haven't been fetched when searching for CVE tags +- dev-manual: add command used to add the signed-off-by line. +- devshell.bbclass: Allow devshell & pydevshell to use the network +- docs: conf.py: fix cve extlinks caption for sphinx <4.0 +- docs: migration-guides: migration-3.4: mention that hardcoded password are supported if hashed +- docs: migration-guides: release-notes-4.0: fix risc-v typo +- docs: migration-guides: release-notes-4.0: replace kernel placeholder with correct recipe name +- docs: ref-manual: variables: add hashed password example in EXTRA_USERS_PARAMS +- docs: set_versions.py: add information about obsolescence of a release +- docs: set_versions.py: fix latest release of a branch being shown twice in switchers.js +- docs: set_versions.py: fix latest version of an active release shown as obsolete +- docs: set_versions.py: mark as obsolete only branches and old tags from obsolete releases +- docs: sphinx-static: switchers.js.in: do not mark branches as outdated +- docs: sphinx-static: switchers.js.in: fix broken switcher for branches +- docs: sphinx-static: switchers.js.in: improve obsolete version detection +- docs: sphinx-static: switchers.js.in: remove duplicate for outdated versions +- docs: sphinx-static: switchers.js.in: rename all_versions to switcher_versions +- docs: update Bitbake objects.inv location for master branch +- documentation/brief-yoctoprojectqs: add directory for local.conf +- gcompat: Fix build when usrmerge distro feature is enabled +- git: correct license +- git: upgrade 2.35.2 -> 2.35.3 +- glib: upgrade 2.72.0 -> 2.72.1 +- glibc: ptest: Fix glibc-tests package issue +- gnupg: Disable FORTIFY_SOURCES on mips +- go.bbclass: disable the use of the default configuration file +- gstreamer1.0-plugins-bad: drop patch +- gstreamer1.0-plugins-good: Fix libsoup dependency +- gstreamer1.0: Minor documentation addition +- install/devshell: Introduce git intercept script due to fakeroot issues +- kernel-yocto.bbclass: Fixup do_kernel_configcheck usage of KMETA +- libc-glibc: Use libxcrypt to provide virtual/crypt +- libgit2: upgrade 1.4.2 -> 1.4.3 +- libsoup: upgrade 3.0.5 -> 3.0.6 +- libusb1: upgrade 1.0.25 -> 1.0.26 +- linux-firmware: correct license for ar3k firmware +- linux-firmware: upgrade 20220310 -> 20220411 +- linux-yocto/5.10: base: enable kernel crypto userspace API +- linux-yocto/5.10: update to v5.10.112 +- linux-yocto/5.15: arm: poky-tiny cleanup and fixes +- linux-yocto/5.15: base: enable kernel crypto userspace API +- linux-yocto/5.15: fix -standard kernel build issue +- linux-yocto/5.15: fix ppc boot +- linux-yocto/5.15: fix qemuarm graphical boot +- linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context +- linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction +- linux-yocto/5.15: update to v5.15.36 +- linux-yocto: enable powerpc-debug fragment +- mdadm: Drop clang specific cflags +- migration-3.4: add missing entry on EXTRA_USERS_PARAMS +- migration-guides: add release notes for 4.0 +- migration-guides: complete migration guide for 4.0 +- migration-guides: release-notes-4.0: mention LTS release +- migration-guides: release-notes-4.0: update 'Repositories / Downloads' section +- migration-guides: stop including documents with ".. include" +- musl: Fix build when usrmerge distro feature is enabled +- ncurses: use COPYING file +- neard: Switch SRC_URI to git repo +- oeqa/selftest: add test for git working correctly inside pseudo +- openssl: minor security upgrade 3.0.2 -> 3.0.3 +- package.bbclass: Prevent perform_packagecopy from removing /sysroot-only +- package: Ensure we track whether PRSERV was active or not +- package_manager: fix missing dependency on gnupg when signing deb package feeds +- poky-tiny: enable qemuarmv5/qemuarm64 and cleanups +- poky.conf: bump version for 4.0.1 release +- qemu.bbclass: Extend ppc/ppc64 extra options +- qemuarm64: use virtio pci interfaces +- qemuarmv5: use arm-versatile-926ejs KMACHINE +- ref-manual: Add XZ_THREADS and XZ_MEMLIMIT +- ref-manual: add KERNEL_DEBUG_TIMESTAMPS +- ref-manual: add ZSTD_THREADS +- ref-manual: add a note about hard-coded passwords +- ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS* +- ref-manual: add mention of vendor filtering to CVE_PRODUCT +- ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE +- releases: update for yocto 4.0 +- rootfs-postcommands: fix symlinks where link and output path are equal +- ruby: upgrade 3.1.1 -> 3.1.2 +- sanity: skip make 4.2.1 warning for debian +- scripts/git: Ensure we don't have circular references +- scripts: Make git intercept global +- seatd: Disable overflow warning as error on ppc64/musl +- selftest/lic_checksum: Add test for filename containing space +- set_versions: update for 4.0 release +- staging: Ensure we filter out ourselves +- strace: fix ptest failure in landlock +- subversion: upgrade to 1.14.2 +- systemd-boot: remove outdated EFI_LD comment +- systemtap: Fix build with gcc-12 +- terminal.py: Restore error output from Terminal +- u-boot: Correct the SRC_URI +- u-boot: Inherit pkgconfig +- update_udev_hwdb: fix multilib issue with systemd +- util-linux: Create u-a symlink for findfs utility +- virgl: skip headless test on alma 8.6 +- webkitgtk: adjust patch status +- wic: do not use PARTLABEL for msdos partition tables +- wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 +- xserver-xorg: Fix build with gcc12 +- yocto-bsps: update to v5.15.36 + +Contributors to 4.0.1 +~~~~~~~~~~~~~~~~~~~~~ + +- Abongwa Amahnui Bonalais +- Alexander Kanavin +- Bruce Ashfield +- Carlos Rafael Giani +- Chen Qi +- Davide Gardenal +- Dmitry Baryshkov +- Ferry Toth +- Henning Schild +- Jon Mason +- Justin Bronder +- Kai Kang +- Khem Raj +- Konrad Weihmann +- Lee Chee Yang +- Marta Rybczynska +- Martin Jansa +- Matt Madison +- Michael Halstead +- Michael Opdenacker +- Naveen Saini +- Nicolas Dechesne +- Paul Eggleton +- Paul Gortmaker +- Paulo Neves +- Peter Kjellerstedt +- Peter Marko +- Pgowda +- Portia +- Quentin Schulz +- Rahul Kumar +- Richard Purdie +- Robert Joslyn +- Robert Yang +- Roland Hieber +- Ross Burton +- Russ Dill +- Steve Sakoman +- wangmy +- zhengruoqin + +Repositories / Downloads for 4.0.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.1 </poky/tag/?h=yocto-4.0.1>` +- Git Revision: :yocto_git:`8c489602f218bcf21de0d3c9f8cf620ea5f06430 </poky/commit/?id=8c489602f218bcf21de0d3c9f8cf620ea5f06430>` +- Release Artefact: poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430 +- sha: 65c545a316bd8efb13ae1358eeccc8953543be908008103b51f7f90aed960d00 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.1 </openembedded-core/tag/?h=yocto-4.0>` +- Git Revision: :oe_git:`cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee </openembedded-core/commit/?id=cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee>` +- Release Artefact: oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee +- sha: 43981b8fad82f601618a133dffbec839524f0d0a055efc3d8f808cbfd811ab17 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.1 </meta-mingw/tag/?h=yocto-4.0.1>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.1 </meta-gplv2/tag/?h=yocto-4.0.1>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-mingw/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0 </bitbake/tag/?h=yocto-4.0>` +- Git Revision: :oe_git:`59c16ae6c55c607c56efd2287537a1b97ba2bf52 </bitbake/commit/?id=59c16ae6c55c607c56efd2287537a1b97ba2bf52>` +- Release Artefact: bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52 +- sha: 3ae466c31f738fc45c3d7c6f665952d59f01697f2667ea42f0544d4298dd6ef0 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.1 </yocto-docs/tag/?h=yocto-4.0>` +- Git Revision: :yocto_git:`4ec9df3336a425719a9a35532504731ce56984ca </yocto-docs/commit/?id=4ec9df3336a425719a9a35532504731ce56984ca>` diff --git a/poky/documentation/migration-guides/release-notes-4.0.2.rst b/poky/documentation/migration-guides/release-notes-4.0.2.rst new file mode 100644 index 0000000000..cb10068b8d --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.2.rst @@ -0,0 +1,296 @@ +Release notes for Yocto-4.0.2 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- libxslt: Mark :cve:`2022-29824` as not applying +- tiff: Add jbig PACKAGECONFIG and clarify IGNORE :cve:`2022-1210` +- tiff: mark :cve:`2022-1622` and :cve:`2022-1623` as invalid +- pcre2:fix :cve:`2022-1586` Out-of-bounds read +- curl: fix :cve:`2022-22576`, :cve:`2022-27775`, :cve:`2022-27776`, :cve:`2022-27774`, :cve:`2022-30115`, :cve:`2022-27780`, :cve:`2022-27781`, :cve:`2022-27779` and :cve:`2022-27782` +- qemu: fix :cve:`2021-4206` and :cve:`2021-4207` +- freetype: fix :cve:`2022-27404`, :cve:`2022-27405` and :cve:`2022-27406` + +Fixes in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~ + +- alsa-plugins: fix libavtp vs. avtp packageconfig +- archiver: don't use machine variables in shared recipes +- archiver: use bb.note instead of echo +- baremetal-image: fix broken symlink in do_rootfs +- base-passwd: Disable shell for default users +- bash: submit patch upstream +- bind: upgrade 9.18.1 -> 9.18.2 +- binutils: Bump to latest 2.38 release branch +- bitbake.conf: Make TCLIBC and TCMODE lazy assigned +- bitbake: build: Add clean_stamp API function to allow removal of task stamps +- bitbake: data: Do not depend on vardepvalueexclude flag +- bitbake: fetch2/osc: Small fixes for osc fetcher +- bitbake: server/process: Fix logging issues where only the first message was displayed +- build-appliance-image: Update to kirkstone head revision +- buildhistory.bbclass: fix shell syntax when using dash +- cairo: Add missing GPLv3 license checksum entry +- classes: rootfs-postcommands: add skip option to overlayfs_qa_check +- cronie: upgrade 1.6.0 -> 1.6.1 +- cups: upgrade 2.4.1 -> 2.4.2 +- cve-check.bbclass: Added do_populate_sdk[recrdeptask]. +- cve-check: Add helper for symlink handling +- cve-check: Allow warnings to be disabled +- cve-check: Fix report generation +- cve-check: Only include installed packages for rootfs manifest +- cve-check: add support for Ignored CVEs +- cve-check: fix return type in check_cves +- cve-check: move update_symlinks to a library +- cve-check: write empty fragment files in the text mode +- cve-extra-exclusions: Add kernel CVEs +- cve-update-db-native: make it possible to disable database updates +- devtool: Fix _copy_file() TypeError +- e2fsprogs: add alternatives handling of lsattr as well +- e2fsprogs: update upstream status +- efivar: add musl libc compatibility +- epiphany: upgrade 42.0 -> 42.2 +- ffmpeg: upgrade 5.0 -> 5.0.1 +- fribidi: upgrade 1.0.11 -> 1.0.12 +- gcc-cross-canadian: Add nativesdk-zstd dependency +- gcc-source: Fix incorrect task dependencies from ${B} +- gcc: Upgrade to 11.3 release +- gcc: depend on zstd-native +- git: fix override syntax in RDEPENDS +- glib-2.0: upgrade 2.72.1 -> 2.72.2 +- glibc: Drop make-native dependency +- go: upgrade 1.17.8 -> 1.17.10 +- gst-devtools: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0: upgrade 1.20.1 -> 1.20.2 +- gtk+3: upgrade 3.24.33 -> 3.24.34 +- gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2 +- image.bbclass: allow overriding dependency on virtual/kernel:do_deploy +- insane.bbclass: make sure to close .patch files +- iso-codes: upgrade 4.9.0 -> 4.10.0 +- kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task +- libcgroup: upgrade 2.0.1 -> 2.0.2 +- liberror-perl: Update sstate/equiv versions to clean cache +- libinput: upgrade 1.19.3 -> 1.19.4 +- libpcre2: upgrade 10.39 -> 10.40 +- librepo: upgrade 1.14.2 -> 1.14.3 +- libseccomp: Add missing files for ptests +- libseccomp: Correct LIC_FILES_CHKSUM +- libxkbcommon: upgrade 1.4.0 -> 1.4.1 +- libxml2: Upgrade 2.9.13 -> 2.9.14 +- license.bbclass: Bound beginline and endline in copy_license_files() +- license_image.bbclass: Make QA errors fail the build +- linux-firmware: add support for building snapshots +- linux-firmware: package new Qualcomm firmware +- linux-firmware: replace mkdir by install +- linux-firmware: split ath3k firmware +- linux-firmware: upgrade to 20220610 +- linux-yocto/5.10: update to v5.10.119 +- linux-yocto/5.15: Enable MDIO bus config +- linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default +- linux-yocto/5.15: cfg/xen: Move x86 configs to separate file +- linux-yocto/5.15: update to v5.15.44 +- local.conf.sample: Update sstate url to new 'all' path +- logrotate: upgrade 3.19.0 -> 3.20.1 +- lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel +- lttng-modules: fix build against 5.18-rc7+ +- lttng-modules: fix shell syntax +- lttng-ust: upgrade 2.13.2 -> 2.13.3 +- lzo: Add further info to a patch and mark as Inactive-Upstream +- makedevs: Don't use COPYING.patch just to add license file into ${S} +- manuals: switch to the sstate mirror shared between all versions +- mesa.inc: package 00-radv-defaults.conf +- mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again +- mesa: upgrade to 22.0.3 +- meson.bbclass: add cython binary to cross/native toolchain config +- mmc-utils: upgrade to latest revision +- mobile-broadband-provider-info: upgrade 20220315 -> 20220511 +- ncurses: update to patchlevel 20220423 +- oeqa/selftest/cve_check: add tests for Ignored and partial reports +- oeqa/selftest/cve_check: add tests for recipe and image reports +- oescripts: change compare logic in OEListPackageconfigTests +- openssl: Backport fix for ptest cert expiry +- overlayfs: add docs about skipping QA check & service dependencies +- ovmf: Fix native build with gcc-12 +- patch.py: make sure that patches/series file exists before quilt pop +- pciutils: avoid lspci conflict with busybox +- perl: Add dependency on make-native to avoid race issues +- perl: Fix build with gcc-12 +- poky.conf: bump version for 4.0.2 +- popt: fix override syntax in RDEPENDS +- pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE +- python3: Ensure stale empty python module directories don't break the build +- python3: Remove problematic paths from sysroot files +- python3: fix reproducibility issue with python3-core +- python3: use built-in distutils for ptest, rather than setuptools' 'fork' +- python: Avoid shebang overflow on python-config.py +- rootfs-postcommands.bbclass: correct comments +- rootfs.py: close kernel_abi_ver_file +- rootfs.py: find .ko.zst kernel modules +- rust-common: Drop LLVM_TARGET and simplify +- rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets +- rust-common: Fix for target definitions returning 'NoneType' for arm +- rust-common: Fix native signature dependency issues +- rust-common: Fix sstate signatures between arm hf and non-hf +- sanity: Don't warn about make 4.2.1 for mint +- sanity: Switch to make 4.0 as a minimum version +- sed: Specify shell for "nobody" user in run-ptest +- selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES +- selftest/multiconfig: Test that multiconfigs in separate layers works +- sqlite3: upgrade to 3.38.5 +- staging.bbclass: process direct dependencies in deterministic order +- staging: Fix rare sysroot corruption issue +- strace: Don't run ptest as "nobody" +- systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch +- systemd: Correct path returned in sd_path_lookup() +- systemd: Document future actions needed for set of musl patches +- systemd: Drop 0001-test-parse-argument-Include-signal.h.patch +- systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch +- systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch +- systemd: Drop redundant musl patches +- systemd: Fix build regression with latest update +- systemd: Remove __compare_fn_t type in musl-specific patch +- systemd: Update patch status +- systemd: systemd-systemctl: Support instance conf files during enable +- systemd: update ``0008-add-missing-FTW_-macros-for-musl.patch`` +- systemd: upgrade 250.4 -> 250.5 +- uboot-sign: Fix potential index error issues +- valgrind: submit arm patches upstream +- vim: Upgrade to 8.2.5083 +- webkitgtk: upgrade to 2.36.3 +- wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions +- xwayland: upgrade 22.1.0 -> 22.1.1 +- xxhash: fix build with gcc 12 +- zip/unzip: mark all submittable patches as Inactive-Upstream + +Known Issues in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- There were build failures at the autobuilder due to a known scp issue on Fedora-36 hosts. + +Contributors to Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alex Kiernan +- Alexander Kanavin +- Aryaman Gupta +- Bruce Ashfield +- Claudius Heine +- Davide Gardenal +- Dmitry Baryshkov +- Ernst Sjöstrand +- Felix Moessbauer +- Gunjan Gupta +- He Zhe +- Hitendra Prajapati +- Jack Mitchell +- Jeremy Puhlman +- Jiaqing Zhao +- Joerg Vehlow +- Jose Quaresma +- Kai Kang +- Khem Raj +- Konrad Weihmann +- Marcel Ziswiler +- Markus Volk +- Marta Rybczynska +- Martin Jansa +- Michael Opdenacker +- Mingli Yu +- Naveen Saini +- Nick Potenski +- Paulo Neves +- Pavel Zhukov +- Peter Kjellerstedt +- Rasmus Villemoes +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Samuli Piippo +- Sean Anderson +- Stefan Wiehler +- Steve Sakoman +- Sundeep Kokkonda +- Tomasz Dziendzielski +- Xiaobing Luo +- Yi Zhao +- leimaohui +- wangmy + +Repositories / Downloads for Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.2 </poky/log/?h=yocto-4.0.2>` +- Git Revision: :yocto_git:`a5ea426b1da472fc8549459fff3c1b8c6e02f4b5 </poky/commit/?id=a5ea426b1da472fc8549459fff3c1b8c6e02f4b5>` +- Release Artefact: poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5 +- sha: 474ddfacfed6661be054c161597a1a5273188dfe021b31d6156955d93c6b7359 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.2 </openembedded-core/log/?h=yocto-4.0.2>` +- Git Revision: :oe_git:`eea52e0c3d24c79464f4afdbc3c397e1cb982231 </openembedded-core/commit/?id=eea52e0c3d24c79464f4afdbc3c397e1cb982231>` +- Release Artefact: oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231 +- sha: 252d5c2c2db7e14e7365fcc69d32075720b37d629894bae36305eba047a39907 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.2 </meta-mingw/log/?h=yocto-4.0.2>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.2 </meta-gplv2/log/?h=yocto-4.0.2>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.2 </bitbake/log/?h=yocto-4.0.2>` +- Git Revision: :oe_git:`b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 </bitbake/commit/?id=b8fd6f5d9959d27176ea016c249cf6d35ac8ba03>` +- Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 +- sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.2 </yocto-docs/log/?h=yocto-4.0.2>` +- Git Revision: :yocto_git:`662294dccd028828d5c7e9fd8f5c8e14df53df4b </yocto-docs/commit/?id=662294dccd028828d5c7e9fd8f5c8e14df53df4b>` diff --git a/poky/documentation/migration-guides/release-notes-4.0.3.rst b/poky/documentation/migration-guides/release-notes-4.0.3.rst new file mode 100644 index 0000000000..e2a212cb62 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.3.rst @@ -0,0 +1,314 @@ +Release notes for Yocto-4.0.3 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils: fix :cve:`2019-1010204` +- busybox: fix :cve:`2022-30065` +- cups: ignore :cve:`2022-26691` +- curl: Fix :cve:`2022-32205`, :cve:`2022-32206`, :cve:`2022-32207` and :cve:`2022-32208` +- dpkg: fix :cve:`2022-1664` +- ghostscript: fix :cve:`2022-2085` +- harfbuzz: fix :cve:`2022-33068` +- libtirpc: fix :cve:`2021-46828` +- lua: fix :cve:`2022-33099` +- nasm: ignore :cve:`2020-18974` +- qemu: fix :cve:`2022-35414` +- qemu: ignore :cve:`2021-20255` and :cve:`2019-12067` +- tiff: fix :cve:`2022-1354`, :cve:`2022-1355`, :cve:`2022-2056`, :cve:`2022-2057` and :cve:`2022-2058` +- u-boot: fix :cve:`2022-34835` +- unzip: fix :cve:`2022-0529` and :cve:`2022-0530` + + +Fixes in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~ + +- alsa-state: correct license +- at: take tarballs from debian +- base.bbclass: Correct the test for obsolete license exceptions +- base/reproducible: Change Source Date Epoch generation methods +- bin_package: install into base_prefix +- bind: Remove legacy python3 PACKAGECONFIG code +- bind: upgrade to 9.18.4 +- binutils: stable 2.38 branch updates +- build-appliance-image: Update to kirkstone head revision +- cargo_common.bbclass: enable bitbake vendoring for externalsrc +- coreutils: Tweak packaging variable names for coreutils-dev +- curl: backport openssl fix CN check error code +- cve-check: hook cleanup to the BuildCompleted event, not CookerExit +- cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) +- devtool: finish: handle patching when S points to subdir of a git repo +- devtool: ignore pn- overrides when determining SRC_URI overrides +- docs: BB_HASHSERVE_UPSTREAM: update to new host +- dropbear: break dependency on base package for -dev package +- efivar: fix import functionality +- encodings: update to 1.0.6 +- epiphany: upgrade to 42.3 +- externalsrc.bbclass: support crate fetcher on externalsrc +- font-util: update 1.3.2 -> 1.3.3 +- gcc-runtime: Fix build when using gold +- gcc-runtime: Fix missing MLPREFIX in debug mappings +- gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so +- gcc: Backport a fix for gcc bug 105039 +- git: upgrade to v2.35.4 +- glib-2.0: upgrade to 2.72.3 +- glib-networking: upgrade to 2.72.1 +- glibc : stable 2.35 branch updates +- glibc-tests: Avoid reproducibility issues +- glibc-tests: not clear BBCLASSEXTEND +- glibc: revert one upstream change to work around broken DEBUG_BUILD build +- glibc: stable 2.35 branch updates +- gnupg: upgrade to 2.3.7 +- go: upgrade to v1.17.12 +- gobject-introspection-data: Disable cache for g-ir-scanner +- gperf: Add a patch to work around reproducibility issues +- gperf: Switch to upstream patch +- gst-devtools: upgrade to 1.20.3 +- gstreamer1.0-libav: upgrade to 1.20.3 +- gstreamer1.0-omx: upgrade to 1.20.3 +- gstreamer1.0-plugins-bad: upgrade to 1.20.3 +- gstreamer1.0-plugins-base: upgrade to 1.20.3 +- gstreamer1.0-plugins-good: upgrade to 1.20.3 +- gstreamer1.0-plugins-ugly: upgrade to 1.20.3 +- gstreamer1.0-python: upgrade to 1.20.3 +- gstreamer1.0-rtsp-server: upgrade to 1.20.3 +- gstreamer1.0-vaapi: upgrade to 1.20.3 +- gstreamer1.0: upgrade to 1.20.3 +- gtk-doc: Remove hardcoded buildpath +- harfbuzz: Fix compilation with clang +- initramfs-framework: move storage mounts to actual rootfs +- initscripts: run umountnfs as a KILL script +- insane.bbclass: host-user-contaminated: Correct per package home path +- insane: Fix buildpaths test to work with special devices +- kernel-arch: Fix buildpaths leaking into external module compiles +- kernel-devsrc: fix reproducibility and buildpaths QA warning +- kernel-devsrc: ppc32: fix reproducibility +- kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set +- kernel.bbclass: pass LD also in savedefconfig +- libffi: fix native build being not portable +- libgcc: Fix standalone target builds with usrmerge distro feature +- libmodule-build-perl: Use env utility to find perl interpreter +- libsoup: upgrade to 3.0.7 +- libuv: upgrade to 1.44.2 +- linux-firmware: upgrade to 20220708 +- linux-firwmare: restore WHENCE_CHKSUM variable +- linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge) +- linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning +- linux-yocto/5.10: fix buildpaths issue with gen-mach-types +- linux-yocto/5.10: fix buildpaths issue with pnmtologo +- linux-yocto/5.10: update to v5.10.135 +- linux-yocto/5.15: drop obselete GPIO sysfs ABI +- linux-yocto/5.15: fix build_OID_registry buildpaths warning +- linux-yocto/5.15: fix buildpaths issue with gen-mach-types +- linux-yocto/5.15: fix buildpaths issue with pnmtologo +- linux-yocto/5.15: fix qemuppc buildpaths warning +- linux-yocto/5.15: fix reproducibility issues +- linux-yocto/5.15: update to v5.15.59 +- log4cplus: upgrade to 2.0.8 +- lttng-modules: Fix build failure for kernel v5.15.58 +- lttng-modules: upgrade to 2.13.4 +- lua: Fix multilib buildpath reproducibility issues +- mkfontscale: upgrade to 1.2.2 +- oe-selftest-image: Ensure the image has sftp as well as dropbear +- oe-selftest: devtool: test modify git recipe building from a subdir +- oeqa/runtime/scp: Disable scp test for dropbear +- oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled +- oeqa/sdk: drop the nativesdk-python 2.x test +- openssh: Add openssh-sftp-server to openssh RDEPENDS +- openssh: break dependency on base package for -dev package +- openssl: update to 3.0.5 +- package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo +- package.bbclass: Fix base directory for debugsource files when using externalsrc +- package.bbclass: Fix kernel source handling when not using externalsrc +- package_manager/ipk: do not pipe stderr to stdout +- packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation +- patch: handle if S points to a subdirectory of a git repo +- perf: fix reproducibility in 5.19+ +- perf: fix reproduciblity in older releases of Linux +- perf: sort-pmuevents: really keep array terminators +- perl: don't install Makefile.old into perl-ptest +- poky.conf: bump version for 4.0.3 +- pulseaudio: add m4-native to DEPENDS +- python3: Backport patch to fix an issue in subinterpreters +- qemu: Add PACKAGECONFIG for brlapi +- qemu: Avoid accidental librdmacm linkage +- qemu: Avoid accidental libvdeplug linkage +- qemu: Fix slirp determinism issue +- qemu: add PACKAGECONFIG for capstone +- recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG +- ref-manual: variables: remove sphinx directive from literal block +- rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} +- ruby: add PACKAGECONFIG for capstone +- rust: fix issue building cross-canadian tools for aarch64 on x86_64 +- sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity +- selftest/runtime_test/virgl: Disable for all almalinux +- sstatesig: Include all dependencies in SPDX task signatures +- strace: set COMPATIBLE_HOST for riscv32 +- systemd: Added base_bindir into pkg_postinst:udev-hwdb. +- udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist +- udev-extraconf/mount.sh: add LABELs to mountpoints +- udev-extraconf/mount.sh: ignore lvm in automount +- udev-extraconf/mount.sh: only mount devices on hotplug +- udev-extraconf/mount.sh: save mount name in our tmp filecache +- udev-extraconf: fix some systemd automount issues +- udev-extraconf: force systemd-udevd to use shared MountFlags +- udev-extraconf: let automount base directory configurable +- udev-extraconf:mount.sh: fix a umount issue +- udev-extraconf:mount.sh: fix path mismatching issues +- vala: Fix on target wrapper buildpaths issue +- vala: upgrade to 0.56.2 +- vim: upgrade to 9.0.0063 +- waffle: correctly request wayland-scanner executable +- webkitgtk: upgrade to 2.36.4 +- weston: upgrade to 10.0.1 +- wic/plugins/rootfs: Fix NameError for 'orig_path' +- wic: fix WicError message +- wireless-regdb: upgrade to 2022.06.06 +- xdpyinfo: upgrade to 1.3.3 +- xev: upgrade to 1.2.5 +- xf86-input-synaptics: upgrade to 1.9.2 +- xmodmap: upgrade to 1.0.11 +- xorg-app: Tweak handling of compression changes in SRC_URI +- xserver-xorg: upgrade to 21.1.4 +- xwayland: upgrade to 22.1.3 +- yocto-bsps/5.10: fix buildpaths issue with gen-mach-types +- yocto-bsps/5.10: fix buildpaths issue with pnmtologo +- yocto-bsps/5.15: fix buildpaths issue with gen-mach-types +- yocto-bsps/5.15: fix buildpaths issue with pnmtologo +- yocto-bsps: buildpaths fixes +- yocto-bsps: update to v5.10.130 +- yocto-bsps: buildpaths fixes +- yocto-bsps: update to v5.15.54 + + +Known Issues in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Ahmed Hossam +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alexander Kanavin +- Bruce Ashfield +- Chanho Park +- Christoph Lauer +- David Bagonyi +- Dmitry Baryshkov +- He Zhe +- Hitendra Prajapati +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Khem Raj +- Lee Chee Yang +- Lucas Stach +- Markus Volk +- Martin Jansa +- Maxime Roussin-Bélanger +- Michael Opdenacker +- Mihai Lindner +- Ming Liu +- Mingli Yu +- Muhammad Hamza +- Naveen +- Pascal Bach +- Paul Eggleton +- Pavel Zhukov +- Peter Bergin +- Peter Kjellerstedt +- Peter Marko +- Pgowda +- Raju Kumar Pothuraju +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Sakib Sajal +- Shruthi Ravichandran +- Steve Sakoman +- Sundeep Kokkonda +- Thomas Roos +- Tom Hochstein +- Wentao Zhang +- Yi Zhao +- Yue Tao +- gr embeter +- leimaohui +- wangmy + + +Repositories / Downloads for Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.3 </poky/log/?h=yocto-4.0.3>` +- Git Revision: :yocto_git:`387ab5f18b17c3af3e9e30dc58584641a70f359f </poky/commit/?id=387ab5f18b17c3af3e9e30dc58584641a70f359f>` +- Release Artefact: poky-387ab5f18b17c3af3e9e30dc58584641a70f359f +- sha: fe674186bdb0684313746caa9472134fc19e6f1443c274fe02c06cb1e675b404 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.3 </openembedded-core/log/?h=yocto-4.0.3>` +- Git Revision: :oe_git:`2cafa6ed5f0aa9df5a120b6353755d56c7c7800d </openembedded-core/commit/?id=2cafa6ed5f0aa9df5a120b6353755d56c7c7800d>` +- Release Artefact: oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d +- sha: 5181d3e8118c6112936637f01a07308b715e0e3d12c7eba338556747dfcabe92 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.3 </meta-mingw/log/?h=yocto-4.0.3>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.3 </meta-gplv2/log/?h=yocto-4.0.3>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.3 </bitbake/log/?h=yocto-4.0.3>` +- Git Revision: :oe_git:`b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 </bitbake/commit/?id=b8fd6f5d9959d27176ea016c249cf6d35ac8ba03>` +- Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 +- sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.3 </yocto-docs/log/?h=yocto-4.0.3>` +- Git Revision: :yocto_git:`d9b3dcf65ef25c06f552482aba460dd16862bf96 </yocto-docs/commit/?id=d9b3dcf65ef25c06f552482aba460dd16862bf96>` + diff --git a/poky/documentation/migration-guides/release-notes-4.0.4.rst b/poky/documentation/migration-guides/release-notes-4.0.4.rst new file mode 100644 index 0000000000..2623a1dca7 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.4.rst @@ -0,0 +1,299 @@ +Release notes for Yocto-4.0.4 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils : fix :cve:`2022-38533` +- curl: fix :cve:`2022-35252` +- sqlite: fix :cve:`2022-35737` +- grub2: fix :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734` and :cve:`2022-28735` +- u-boot: fix :cve:`2022-30552` and :cve:`2022-33967` +- libxml2: Ignore :cve:`2016-3709` +- libtiff: fix :cve:`2022-34526` +- zlib: fix :cve:`2022-37434` +- gnutls: fix :cve:`2022-2509` +- u-boot: fix :cve:`2022-33103` +- qemu: fix :cve:`2021-3507`, :cve:`2021-3929`, :cve:`2021-4158`, :cve:`2022-0216` and :cve:`2022-0358` + + +Fixes in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~ + +- apr: Cache configure tests which use AC_TRY_RUN +- apr: Use correct strerror_r implementation based on libc type +- apt: fix nativesdk-apt build failure during the second time build +- archiver.bbclass: remove unsed do_deploy_archives[dirs] +- archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source +- autoconf: Fix strict prototype errors in generated tests +- autoconf: Update K & R stype functions +- bind: upgrade to 9.18.5 +- bitbake.conf: set BB_DEFAULT_UMASK using ??= +- bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests +- bitbake: ConfHandler: Remove lingering close +- bitbake: bb/utils: movefile: use the logger for printing +- bitbake: bb/utils: remove: check the path again the expand python glob +- bitbake: bitbake-user-manual: Correct description of the ??= operator +- bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format +- bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain +- bitbake: bitbake: runqueue: add cpu/io pressure regulation +- bitbake: bitbake: runqueue: add memory pressure regulation +- bitbake: cooker: Drop sre_constants usage +- bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher +- bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers +- bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit +- bitbake: fetch2: Ensure directory exists before creating symlink +- bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls +- bitbake: runqueue: Change pressure file warning to a note +- bitbake: runqueue: Fix unihash cache mismatch issues +- bitbake: toaster: fix kirkstone version +- bitbake: utils: Pass lock argument in fileslocked +- bluez5: upgrade to 5.65 +- boost: fix install of fiber shared libraries +- cairo: Adapt the license information based on what is being built +- classes: cve-check: Get shared database lock +- cmake: remove CMAKE_ASM_FLAGS variable in toolchain file +- connman: Backports for security fixes +- core-image.bbclass: Exclude openssh complementary packages +- cracklib: Drop using register keyword +- cracklib: upgrade to 2.9.8 +- create-spdx: Fix supplier field +- create-spdx: handle links to inaccessible locations +- create-spdx: ignore packing control files from ipk and deb +- cve-check: Don't use f-strings +- cve-check: close cursors as soon as possible +- devtool/upgrade: catch bb.fetch2.decodeurl errors +- devtool/upgrade: correctly clean up when recipe filename isn't yet known +- devtool: error out when workspace is using old override syntax +- ell: upgrade to 0.50 +- epiphany: upgrade to 42.4 +- externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. +- gcc-multilib-config: Fix i686 toolchain relocation issues +- gcr: Define _GNU_SOURCE +- gdk-pixbuf: upgrade to 2.42.9 +- glib-networking: upgrade to 2.72.2 +- go: upgrade to v1.17.13 +- insane.bbclass: Skip patches not in oe-core by full path +- iso-codes: upgrade to 4.11.0 +- kernel-fitimage.bbclass: add padding algorithm property in config nodes +- kernel-fitimage.bbclass: only package unique DTBs +- kernel: Always set CC and LD for the kernel build +- kernel: Use consistent make flags for menuconfig +- lib:npm_registry: initial checkin +- libatomic-ops: upgrade to 7.6.14 +- libcap: upgrade to 2.65 +- libjpeg-turbo: upgrade to 2.1.4 +- libpam: use /run instead of /var/run in systemd tmpfiles +- libtasn1: upgrade to 4.19.0 +- liburcu: upgrade to 0.13.2 +- libwebp: upgrade to 1.2.4 +- libwpe: upgrade to 1.12.3 +- libxml2: Port gentest.py to Python-3 +- lighttpd: upgrade to 1.4.66 +- linux-yocto/5.10: update genericx86* machines to v5.10.135 +- linux-yocto/5.10: update to v5.10.137 +- linux-yocto/5.15: update genericx86* machines to v5.15.59 +- linux-yocto/5.15: update to v5.15.62 +- linux-yocto: Fix COMPATIBLE_MACHINE regex match +- linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS +- lttng-modules: fix 5.19+ build +- lttng-modules: fix build against mips and v5.19 kernel +- lttng-modules: fix build for kernel 5.10.137 +- lttng-modules: replace mips compaction fix with upstream change +- lz4: upgrade to 1.9.4 +- maintainers: update opkg maintainer +- meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE +- migration guides: add missing release notes +- mobile-broadband-provider-info: upgrade to 20220725 +- nativesdk: Clear TUNE_FEATURES +- npm: replace 'npm pack' call by 'tar czf' +- npm: return content of 'package.json' in 'npm_pack' +- npm: take 'version' directly from 'package.json' +- npm: use npm_registry to cache package +- oeqa/gotoolchain: put writable files in the Go module cache +- oeqa/gotoolchain: set CGO_ENABLED=1 +- oeqa/parselogs: add qemuarmv5 arm-charlcd masking +- oeqa/qemurunner: add run_serial() comment +- oeqa/selftest: rename git.py to intercept.py +- oeqa: qemurunner: Report UNIX Epoch timestamp on login +- package_rpm: Do not replace square brackets in %files +- packagegroup-self-hosted: update for strace +- parselogs: Ignore xf86OpenConsole error +- perf: Fix reproducibility issues with 5.19 onwards +- pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses +- poky.conf: add ubuntu-22.04 to tested distros +- poky.conf: bump version for 4.0.4 +- pseudo: Update to include recent upstream minor fixes +- python3-pip: Fix RDEPENDS after the update +- ref-manual: add numa to machine features +- relocate_sdk.py: ensure interpreter size error causes relocation to fail +- rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable +- rootfs.py: dont try to list installed packages for baremetal images +- rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils +- ruby: drop capstone support +- runqemu: Add missing space on default display option +- runqemu: display host uptime when starting +- sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct +- scripts/oe-setup-builddir: make it known where configurations come from +- scripts/runqemu.README: fix typos and trailing whitespaces +- selftest/wic: Tweak test case to not depend on kernel size +- shadow: Avoid nss warning/error with musl +- shadow: Enable subid support +- system-requirements.rst: Add Ubuntu 22.04 to list of supported distros +- systemd: Add 'no-dns-fallback' PACKAGECONFIG option +- systemd: Fix unwritable /var/lock when no sysvinit handling +- sysvinit-inittab/start_getty: Fix respawn too fast +- tcp-wrappers: Fix implicit-function-declaration warnings +- tzdata: upgrade to 2022b +- util-linux: Remove --enable-raw from EXTRA_OECONF +- vala: upgrade to 0.56.3 +- vim: Upgrade to 9.0.0453 +- watchdog: Include needed system header for function decls +- webkitgtk: upgrade to 2.36.5 +- weston: upgrade to 10.0.2 +- wic/bootimg-efi: use cross objcopy when building unified kernel image +- wic: add target tools to PATH when executing native commands +- wic: depend on cross-binutils +- wireless-regdb: upgrade to 2022.08.12 +- wpebackend-fdo: upgrade to 1.12.1 +- xinetd: Pass missing -D_GNU_SOURCE +- xz: update to 5.2.6 + + +Known Issues in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Stewart +- Alexander Kanavin +- Alexandre Belloni +- Andrei Gherzan +- Anuj Mittal +- Aryaman Gupta +- Awais Belal +- Beniamin Sandu +- Bertrand Marquis +- Bruce Ashfield +- Changqing Li +- Chee Yang Lee +- Daiane Angolini +- Enrico Scholz +- Ernst Sjöstrand +- Gennaro Iorio +- Hitendra Prajapati +- Jacob Kroon +- Jon Mason +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Khem Raj +- Kristian Amlie +- LUIS ENRIQUEZ +- Mark Hatle +- Martin Beeger +- Martin Jansa +- Mateusz Marciniec +- Michael Opdenacker +- Mihai Lindner +- Mikko Rapeli +- Ming Liu +- Niko Mauno +- Ola x Nilsson +- Otavio Salvador +- Paul Eggleton +- Pavel Zhukov +- Peter Bergin +- Peter Kjellerstedt +- Peter Marko +- Rajesh Dangi +- Randy MacLeod +- Rasmus Villemoes +- Richard Purdie +- Robert Joslyn +- Roland Hieber +- Ross Burton +- Sakib Sajal +- Shubham Kulkarni +- Steve Sakoman +- Ulrich Ölmann +- Yang Xu +- Yongxin Liu +- ghassaneben +- pgowda +- wangmy + +Repositories / Downloads for Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.4 </poky/log/?h=yocto-4.0.4>` +- Git Revision: :yocto_git:`d64bef1c7d713b92a51228e5ade945835e5a94a4 </poky/commit/?id=d64bef1c7d713b92a51228e5ade945835e5a94a4>` +- Release Artefact: poky-d64bef1c7d713b92a51228e5ade945835e5a94a4 +- sha: b5e92506b31f88445755bad2f45978b747ad1a5bea66ca897370542df5f1e7db +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.4 </openembedded-core/log/?h=yocto-4.0.4>` +- Git Revision: :oe_git:`f7766da462905ec67bf549d46b8017be36cd5b2a </openembedded-core/commit/?id=f7766da462905ec67bf549d46b8017be36cd5b2a>` +- Release Artefact: oecore-f7766da462905ec67bf549d46b8017be36cd5b2a +- sha: ce0ac011474db5e5f0bb1be3fb97f890a02e46252a719dbcac5813268e48ff16 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.4 </meta-mingw/log/?h=yocto-4.0.4>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.4 </meta-gplv2/log/?h=yocto-4.0.4>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.4 </bitbake/log/?h=yocto-4.0.4>` +- Git Revision: :oe_git:`ac576d6fad6bba0cfea931883f25264ea83747ca </bitbake/commit/?id=ac576d6fad6bba0cfea931883f25264ea83747ca>` +- Release Artefact: bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca +- sha: 526c2768874eeda61ade8c9ddb3113c90d36ef44a026d6690f02de6f3dd0ea12 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.4 </yocto-docs/log/?h=yocto-4.0.4>` +- Git Revision: :yocto_git:`f632dad24c39778f948014029e74db3c871d9d21 </yocto-docs/commit/?id=f632dad24c39778f948014029e74db3c871d9d21>` diff --git a/poky/documentation/poky.yaml.in b/poky/documentation/poky.yaml.in index 1e1d6c83ed..6b942f0959 100644 --- a/poky/documentation/poky.yaml.in +++ b/poky/documentation/poky.yaml.in @@ -44,4 +44,5 @@ PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml" MIN_PYTHON_VERSION : "3.6.0" MIN_TAR_VERSION : "1.28" MIN_GIT_VERSION : "1.8.3.1" -MIN_GCC_VERSION : "5.0" +MIN_GCC_VERSION : "7.5" +MIN_MAKE_VERSION : "4.0" diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst index f7abb417ba..89aeb989c1 100644 --- a/poky/documentation/ref-manual/features.rst +++ b/poky/documentation/ref-manual/features.rst @@ -62,6 +62,8 @@ Project metadata: - *keyboard:* Hardware has a keyboard +- *numa:* Hardware has non-uniform memory access + - *pcbios:* Support for booting through BIOS - *pci:* Hardware has a PCI bus diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index 04f9efaa23..caafccb631 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -41,6 +41,8 @@ distributions: - Ubuntu 20.04 (LTS) +- Ubuntu 22.04 (LTS) + - Fedora 34 - Fedora 35 diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 50ce6ec36d..5b9e5d76cc 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" #DISTRO_VERSION = "3.4+snapshot-${METADATA_REVISION}" -DISTRO_VERSION = "4.0.3" +DISTRO_VERSION = "4.0.4" DISTRO_CODENAME = "kirkstone" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" @@ -38,6 +38,7 @@ SANITY_TESTED_DISTROS ?= " \ ubuntu-18.04 \n \ ubuntu-20.04 \n \ ubuntu-21.10 \n \ + ubuntu-22.04 \n \ fedora-34 \n \ fedora-35 \n \ centos-7 \n \ diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend index bec8319c34..1f49fd106c 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "2883e69e202dc7948c99a7828e192b2b42c2d90a" -SRCREV_machine:genericx86-64 ?= "2883e69e202dc7948c99a7828e192b2b42c2d90a" +SRCREV_machine:genericx86 ?= "d09b184cbc0321794bda715ab560dec077a048d0" +SRCREV_machine:genericx86-64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" SRCREV_machine:edgerouter ?= "7c9332d91089ee63581be6cd3e7197c9d3e9a883" SRCREV_machine:beaglebone-yocto ?= "3c44f12b9de336579d00ac0105852f4cbf7e8b7d" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.10.130" -LINUX_VERSION:genericx86-64 = "5.10.130" +LINUX_VERSION:genericx86 = "5.10.135" +LINUX_VERSION:genericx86-64 = "5.10.135" LINUX_VERSION:edgerouter = "5.10.130" LINUX_VERSION:beaglebone-yocto = "5.10.130" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend index a5c0ecdbd9..e6826203e3 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" -SRCREV_machine:genericx86-64 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" +SRCREV_machine:genericx86 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" +SRCREV_machine:genericx86-64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" SRCREV_machine:edgerouter ?= "90f1ee6589264545f548d731c2480b08a007230f" SRCREV_machine:beaglebone-yocto ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.15.54" -LINUX_VERSION:genericx86-64 = "5.15.54" +LINUX_VERSION:genericx86 = "5.15.59" +LINUX_VERSION:genericx86-64 = "5.15.59" LINUX_VERSION:edgerouter = "5.15.54" LINUX_VERSION:beaglebone-yocto = "5.15.54" diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 33070cd17f..dca4271a69 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -69,7 +69,6 @@ SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_SRC}/mirror" do_dumpdata[dirs] = "${ARCHIVER_OUTDIR}" do_ar_recipe[dirs] = "${ARCHIVER_OUTDIR}" do_ar_original[dirs] = "${ARCHIVER_OUTDIR} ${ARCHIVER_WORKDIR}" -do_deploy_archives[dirs] = "${WORKDIR}" # This is a convenience for the shell script to use it @@ -460,7 +459,9 @@ def create_diff_gz(d, src_orig, src, ar_outdir): def is_work_shared(d): pn = d.getVar('PN') - return bb.data.inherits_class('kernel', d) or pn.startswith('gcc-source') + return pn.startswith('gcc-source') or \ + bb.data.inherits_class('kernel', d) or \ + (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR')) # Run do_unpack and do_patch python do_unpack_and_patch() { diff --git a/poky/meta/classes/core-image.bbclass b/poky/meta/classes/core-image.bbclass index 84fd3eeb38..740a6c1d3d 100644 --- a/poky/meta/classes/core-image.bbclass +++ b/poky/meta/classes/core-image.bbclass @@ -59,6 +59,10 @@ FEATURE_PACKAGES_hwcodecs = "${MACHINE_HWCODECS}" # IMAGE_FEATURES_REPLACES_foo = 'bar1 bar2' # Including image feature foo would replace the image features bar1 and bar2 IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" +# Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear +# is installed # to avoid openssh-dropbear conflict +# see [Yocto #14858] for more information +PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass index 37b6b569a1..d735f20c20 100644 --- a/poky/meta/classes/create-spdx.bbclass +++ b/poky/meta/classes/create-spdx.bbclass @@ -210,7 +210,7 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv filepath = Path(subdir) / file filename = str(filepath.relative_to(topdir)) - if filepath.is_file() and not filepath.is_symlink(): + if not filepath.is_symlink() and filepath.is_file(): spdx_file = oe.spdx.SPDXFile() spdx_file.SPDXID = get_spdxid(file_counter) for t in get_types(filepath): @@ -445,7 +445,7 @@ python do_create_spdx() { recipe.name = d.getVar("PN") recipe.versionInfo = d.getVar("PV") recipe.SPDXID = oe.sbom.get_recipe_spdxid(d) - recipe.packageSupplier = d.getVar("SPDX_SUPPLIER") + recipe.supplier = d.getVar("SPDX_SUPPLIER") if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d): recipe.annotations.append(create_annotation(d, "isNative")) @@ -555,7 +555,7 @@ python do_create_spdx() { spdx_package.name = pkg_name spdx_package.versionInfo = d.getVar("PV") spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses) - spdx_package.packageSupplier = d.getVar("SPDX_SUPPLIER") + spdx_package.supplier = d.getVar("SPDX_SUPPLIER") package_doc.packages.append(spdx_package) @@ -571,6 +571,7 @@ python do_create_spdx() { pkgdest / package, lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter), lambda filepath: ["BINARY"], + ignore_top_level_dirs=['CONTROL', 'DEBIAN'], archive=archive, ) @@ -895,7 +896,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages): image.name = d.getVar("PN") image.versionInfo = d.getVar("PV") image.SPDXID = rootfs_spdxid - image.packageSupplier = d.getVar("SPDX_SUPPLIER") + image.supplier = d.getVar("SPDX_SUPPLIER") doc.packages.append(image) diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index da7f93371c..16466586a7 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -139,17 +139,18 @@ python do_cve_check () { """ from oe.cve_check import get_patched_cves - if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): - try: - patched_cves = get_patched_cves(d) - except FileNotFoundError: - bb.fatal("Failure in searching patches") - ignored, patched, unpatched, status = check_cves(d, patched_cves) - if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): - cve_data = get_cve_info(d, patched + unpatched + ignored) - cve_write_data(d, patched, unpatched, ignored, cve_data, status) - else: - bb.note("No CVE database found, skipping CVE check") + with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True): + if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): + try: + patched_cves = get_patched_cves(d) + except FileNotFoundError: + bb.fatal("Failure in searching patches") + ignored, patched, unpatched, status = check_cves(d, patched_cves) + if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): + cve_data = get_cve_info(d, patched + unpatched + ignored) + cve_write_data(d, patched, unpatched, ignored, cve_data, status) + else: + bb.note("No CVE database found, skipping CVE check") } @@ -290,7 +291,8 @@ def check_cves(d, patched_cves): vendor = "%" # Find all relevant CVE IDs. - for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): + cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)) + for cverow in cve_cursor: cve = cverow[0] if cve in cve_ignore: @@ -309,7 +311,8 @@ def check_cves(d, patched_cves): vulnerable = False ignored = False - for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): + product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)) + for row in product_cursor: (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) if cve in cve_ignore: @@ -353,10 +356,12 @@ def check_cves(d, patched_cves): bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) cves_unpatched.append(cve) break + product_cursor.close() if not vulnerable: bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) patched_cves.add(cve) + cve_cursor.close() if not cves_in_product: bb.note("No CVE records found for product %s, pn %s" % (product, pn)) @@ -381,14 +386,15 @@ def get_cve_info(d, cves): conn = sqlite3.connect(db_file, uri=True) for cve in cves: - for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): + cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)) + for row in cursor: cve_data[row[0]] = {} cve_data[row[0]]["summary"] = row[1] cve_data[row[0]]["scorev2"] = row[2] cve_data[row[0]]["scorev3"] = row[3] cve_data[row[0]]["modified"] = row[4] cve_data[row[0]]["vector"] = row[5] - + cursor.close() conn.close() return cve_data diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 90792a737b..8136d25cb1 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -90,16 +90,18 @@ python () { # Since configure will likely touch ${S}, ensure only we lock so one task has access at a time d.appendVarFlag(task, "lockfiles", " ${S}/singletask.lock") - for funcname in [task, "base_" + task, "kernel_" + task]: + for v in d.keys(): + cleandirs = d.getVarFlag(v, "cleandirs", False) + if cleandirs: # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean) - cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(funcname, 'cleandirs', False) or '') + cleandirs = oe.recipeutils.split_var_value(cleandirs) setvalue = False for cleandir in cleandirs[:]: if oe.path.is_path_parent(externalsrc, d.expand(cleandir)): cleandirs.remove(cleandir) setvalue = True if setvalue: - d.setVarFlag(funcname, 'cleandirs', ' '.join(cleandirs)) + d.setVarFlag(v, 'cleandirs', ' '.join(cleandirs)) fetch_tasks = ['do_fetch', 'do_unpack'] # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one diff --git a/poky/meta/classes/image_types_wic.bbclass b/poky/meta/classes/image_types_wic.bbclass index e3863c88a9..5374d6125e 100644 --- a/poky/meta/classes/image_types_wic.bbclass +++ b/poky/meta/classes/image_types_wic.bbclass @@ -84,6 +84,8 @@ do_image_wic[deptask] += "do_image_complete" WKS_FILE_DEPENDS_DEFAULT = '${@bb.utils.contains_any("BUILD_ARCH", [ 'x86_64', 'i686' ], "syslinux-native", "",d)}' WKS_FILE_DEPENDS_DEFAULT += "bmap-tools-native cdrtools-native btrfs-tools-native squashfs-tools-native e2fsprogs-native" +# Unified kernel images need objcopy +WKS_FILE_DEPENDS_DEFAULT += "virtual/${TARGET_PREFIX}binutils" WKS_FILE_DEPENDS_BOOTLOADERS = "" WKS_FILE_DEPENDS_BOOTLOADERS:x86 = "syslinux grub-efi systemd-boot os-release" WKS_FILE_DEPENDS_BOOTLOADERS:x86-64 = "syslinux grub-efi systemd-boot os-release" diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index f3f80334f6..0d93d50e58 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -1196,11 +1196,12 @@ python do_qa_patch() { import re from oe import patch + coremeta_path = os.path.join(d.getVar('COREBASE'), 'meta', '') for url in patch.src_patches(d): (_, _, fullpath, _, _, _) = bb.fetch.decodeurl(url) # skip patches not in oe-core - if '/meta/' not in fullpath: + if not os.path.abspath(fullpath).startswith(coremeta_path): continue kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | re.MULTILINE) diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass index 7e09b075ff..983392c23a 100644 --- a/poky/meta/classes/kernel-fitimage.bbclass +++ b/poky/meta/classes/kernel-fitimage.bbclass @@ -148,7 +148,7 @@ fitimage_emit_section_kernel() { kernel-$2 { description = "Linux kernel"; data = /incbin/("$3"); - type = "kernel"; + type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "$4"; @@ -346,6 +346,7 @@ fitimage_emit_section_config() { conf_csum="${FIT_HASH_ALG}" conf_sign_algo="${FIT_SIGN_ALG}" + conf_padding_algo="${FIT_PAD_ALG}" if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" fi @@ -465,6 +466,7 @@ EOF signature-1 { algo = "$conf_csum,$conf_sign_algo"; key-name-hint = "$conf_sign_keyname"; + padding = "$conf_padding_algo"; $sign_line }; EOF @@ -527,6 +529,10 @@ fitimage_assemble() { fi DTB=$(echo "$DTB" | tr '/' '_') + + # Skip DTB if we've picked it up previously + echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue + DTBS="$DTBS $DTB" fitimage_emit_section_dtb $1 $DTB $DTB_PATH done @@ -536,6 +542,10 @@ fitimage_assemble() { dtbcount=1 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do DTB=$(echo "$DTB" | tr '/' '_') + + # Skip DTB if we've picked it up previously + echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue + DTBS="$DTBS $DTB" fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" done diff --git a/poky/meta/classes/kernel-uboot.bbclass b/poky/meta/classes/kernel-uboot.bbclass index 2facade818..1bc98e042d 100644 --- a/poky/meta/classes/kernel-uboot.bbclass +++ b/poky/meta/classes/kernel-uboot.bbclass @@ -2,6 +2,9 @@ FIT_KERNEL_COMP_ALG ?= "gzip" FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz" +# Kernel image type passed to mkimage (i.e. kernel kernel_noload...) +UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel" + uboot_prep_kimage() { if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux" diff --git a/poky/meta/classes/kernel-uimage.bbclass b/poky/meta/classes/kernel-uimage.bbclass index cedb4fa070..2e661ea916 100644 --- a/poky/meta/classes/kernel-uimage.bbclass +++ b/poky/meta/classes/kernel-uimage.bbclass @@ -30,6 +30,6 @@ do_uboot_mkimage() { awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` fi - uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage + uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage rm -f linux.bin } diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass index afccffcf17..e8046bb8f6 100644 --- a/poky/meta/classes/kernel-yocto.bbclass +++ b/poky/meta/classes/kernel-yocto.bbclass @@ -322,7 +322,11 @@ do_patch() { meta_dir=$(kgit --meta) (cd ${meta_dir}; ln -sf patch.queue series) if [ -f "${meta_dir}/series" ]; then - kgit-s2q --gen -v --patches .kernel-meta/ + kgit_extra_args="" + if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then + kgit_extra_args="--commit-sha author" + fi + kgit-s2q --gen -v $kgit_extra_args --patches .kernel-meta/ if [ $? -ne 0 ]; then bberror "Could not apply patches for ${KMACHINE}." bbfatal_log "Patch failures can be resolved in the linux source directory ${S})" diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass index c29bd3d5f3..8dff68612d 100644 --- a/poky/meta/classes/kernel.bbclass +++ b/poky/meta/classes/kernel.bbclass @@ -231,8 +231,9 @@ UBOOT_LOADADDRESS ?= "${UBOOT_ENTRYPOINT}" # Some Linux kernel configurations need additional parameters on the command line KERNEL_EXTRA_ARGS ?= "" -EXTRA_OEMAKE = " HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"" -EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}" PAHOLE=false" +EXTRA_OEMAKE += ' CC="${KERNEL_CC}" LD="${KERNEL_LD}"' +EXTRA_OEMAKE += ' HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"' +EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}" PAHOLE=false' KERNEL_ALT_IMAGETYPE ??= "" @@ -375,7 +376,7 @@ kernel_do_compile() { use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio fi for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do - oe_runmake ${typeformake} CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd + oe_runmake ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd done } @@ -407,7 +408,7 @@ do_compile_kernelmodules() { bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then - oe_runmake -C ${B} ${PARALLEL_MAKE} modules CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} + oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} # Module.symvers gets updated during the # building of the kernel modules. We need to @@ -591,7 +592,7 @@ sysroot_stage_all () { : } -KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} CC="${KERNEL_CC}" LD="${KERNEL_LD}" O=${B} olddefconfig || oe_runmake -C ${S} O=${B} CC="${KERNEL_CC}" LD="${KERNEL_LD}" oldnoconfig" +KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig" python check_oldest_kernel() { oldest_kernel = d.getVar('OLDEST_KERNEL') @@ -629,14 +630,15 @@ kernel_do_configure() { do_savedefconfig() { bbplain "Saving defconfig to:\n${B}/defconfig" - oe_runmake -C ${B} LD='${KERNEL_LD}' savedefconfig + oe_runmake -C ${B} savedefconfig } do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure inherit cml1 -KCONFIG_CONFIG_COMMAND:append = " PAHOLE=false LD='${KERNEL_LD}' HOSTLDFLAGS='${BUILD_LDFLAGS}'" +# Need LD, HOSTLDFLAGS and more for config operations +KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}" EXPORT_FUNCTIONS do_compile do_transform_kernel do_transform_bundled_initramfs do_install do_configure diff --git a/poky/meta/classes/nativesdk.bbclass b/poky/meta/classes/nativesdk.bbclass index f8e9607513..e46739e325 100644 --- a/poky/meta/classes/nativesdk.bbclass +++ b/poky/meta/classes/nativesdk.bbclass @@ -55,6 +55,7 @@ TARGET_CXXFLAGS = "${BUILDSDK_CXXFLAGS}" TARGET_LDFLAGS = "${BUILDSDK_LDFLAGS}" TARGET_FPU = "" EXTRA_OECONF_GCC_FLOAT = "" +TUNE_FEATURES = "" CPPFLAGS = "${BUILDSDK_CPPFLAGS}" CFLAGS = "${BUILDSDK_CFLAGS}" diff --git a/poky/meta/classes/npm.bbclass b/poky/meta/classes/npm.bbclass index ba50fcac20..8379c7b988 100644 --- a/poky/meta/classes/npm.bbclass +++ b/poky/meta/classes/npm.bbclass @@ -19,7 +19,7 @@ inherit python3native -DEPENDS:prepend = "nodejs-native " +DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native " RDEPENDS:${PN}:append:class-target = " nodejs" EXTRA_OENPM = "" @@ -46,6 +46,7 @@ NPM_ARCH ?= "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}" NPM_PACKAGE = "${WORKDIR}/npm-package" NPM_CACHE = "${WORKDIR}/npm-cache" NPM_BUILD = "${WORKDIR}/npm-build" +NPM_REGISTRY = "${WORKDIR}/npm-registry" def npm_global_configs(d): """Get the npm global configuration""" @@ -57,13 +58,36 @@ def npm_global_configs(d): configs.append(("cache", d.getVar("NPM_CACHE"))) return configs +## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for +## 'ignore-scripts' which prevents this behavior has been removed +## from nodejs 16. Use simple 'tar' instead of. def npm_pack(env, srcdir, workdir): - """Run 'npm pack' on a specified directory""" - import shlex - cmd = "npm pack %s" % shlex.quote(srcdir) - args = [("ignore-scripts", "true")] - tarball = env.run(cmd, args=args, workdir=workdir).strip("\n") - return os.path.join(workdir, tarball) + """Emulate 'npm pack' on a specified directory""" + import subprocess + import os + import json + + src = os.path.join(srcdir, 'package.json') + with open(src) as f: + j = json.load(f) + + # base does not really matter and is for documentation purposes + # only. But the 'version' part must exist because other parts of + # the bbclass rely on it. + base = j['name'].split('/')[-1] + tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version'])); + + # TODO: real 'npm pack' does not include directories while 'tar' + # does. But this does not seem to matter... + subprocess.run(['tar', 'czf', tarball, + '--exclude', './node-modules', + '--exclude-vcs', + '--transform', 's,^\./,package/,', + '--mtime', '1985-10-26T08:15:00.000Z', + '.'], + check = True, cwd = srcdir) + + return (tarball, j) python npm_do_configure() { """ @@ -86,27 +110,24 @@ python npm_do_configure() { from bb.fetch2.npm import npm_unpack from bb.fetch2.npmsw import foreach_dependencies from bb.progress import OutOfProgressHandler + from oe.npm_registry import NpmRegistry bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True) bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True) env = NpmEnvironment(d, configs=npm_global_configs(d)) + registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE')) - def _npm_cache_add(tarball): - """Run 'npm cache add' for a specified tarball""" - cmd = "npm cache add %s" % shlex.quote(tarball) - env.run(cmd) + def _npm_cache_add(tarball, pkg): + """Add tarball to local registry and register it in the + cache""" + registry.add_pkg(tarball, pkg) def _npm_integrity(tarball): """Return the npm integrity of a specified tarball""" sha512 = bb.utils.sha512_file(tarball) return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode() - def _npm_version(tarball): - """Return the version of a specified tarball""" - regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz" - return re.search(regex, tarball).group(1) - def _npmsw_dependency_dict(orig, deptree): """ Return the sub dictionary in the 'orig' dictionary corresponding to the @@ -163,11 +184,11 @@ python npm_do_configure() { with tempfile.TemporaryDirectory() as tmpdir: # Add the dependency to the npm cache destdir = os.path.join(d.getVar("S"), destsuffix) - tarball = npm_pack(env, destdir, tmpdir) - _npm_cache_add(tarball) + (tarball, pkg) = npm_pack(env, destdir, tmpdir) + _npm_cache_add(tarball, pkg) # Add its signature to the cached shrinkwrap dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree) - dep["version"] = _npm_version(tarball) + dep["version"] = pkg['version'] dep["integrity"] = _npm_integrity(tarball) if params.get("dev", False): dep["dev"] = True @@ -184,7 +205,7 @@ python npm_do_configure() { # Configure the main package with tempfile.TemporaryDirectory() as tmpdir: - tarball = npm_pack(env, d.getVar("S"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("S"), tmpdir) npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d) # Configure the cached manifest file and cached shrinkwrap file @@ -257,7 +278,7 @@ python npm_do_compile() { args.append(("build-from-source", "true")) # Pack and install the main package - tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM")) env.run(cmd, args=args) } diff --git a/poky/meta/classes/package_rpm.bbclass b/poky/meta/classes/package_rpm.bbclass index e9ff1f7e65..bbbef3793f 100644 --- a/poky/meta/classes/package_rpm.bbclass +++ b/poky/meta/classes/package_rpm.bbclass @@ -193,8 +193,6 @@ python write_specfile () { if path.endswith("DEBIAN") or path.endswith("CONTROL"): continue path = path.replace("%", "%%%%%%%%") - path = path.replace("[", "?") - path = path.replace("]", "?") # Treat all symlinks to directories as normal files. # os.walk() lists them as directories. @@ -214,8 +212,6 @@ python write_specfile () { if dir == "CONTROL" or dir == "DEBIAN": continue dir = dir.replace("%", "%%%%%%%%") - dir = dir.replace("[", "?") - dir = dir.replace("]", "?") # All packages own the directories their files are in... target.append('%dir "' + path + '/' + dir + '"') else: @@ -230,8 +226,6 @@ python write_specfile () { if file == "CONTROL" or file == "DEBIAN": continue file = file.replace("%", "%%%%%%%%") - file = file.replace("[", "?") - file = file.replace("]", "?") if conffiles.count(path + '/' + file): target.append('%config "' + path + '/' + file + '"') else: diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass index a59d9b5878..5c0b3ec37c 100644 --- a/poky/meta/classes/rootfs-postcommands.bbclass +++ b/poky/meta/classes/rootfs-postcommands.bbclass @@ -14,7 +14,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'deb # Create /etc/timestamp during image construction to give a reasonably sane default time setting ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp; " -# Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled +# Tweak files in /etc if read-only-rootfs is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' # We also need to do the same for the kernel boot parameters, @@ -103,20 +103,24 @@ read_only_rootfs_hook () { # If we're using openssh and the /etc/ssh directory has no pre-generated keys, # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly # and the keys under /var/run/ssh. - if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then - if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then - echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh - echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh - else - echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh - echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh + # If overlayfs-etc is used this is not done as /etc is treated as writable + # If stateless-rootfs is enabled this is always done as we don't want to save keys then + if ${@ 'true' if not bb.utils.contains('IMAGE_FEATURES', 'overlayfs-etc', True, False, d) or bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else 'false'}; then + if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then + if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then + echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh + else + echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh + fi fi - fi - # Also tweak the key location for dropbear in the same way. - if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then - if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then - echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + # Also tweak the key location for dropbear in the same way. + if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then + if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then + echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + fi fi fi diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index b1fac107d5..a79e36b594 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -351,6 +351,7 @@ def check_connectivity(d): if len(msg) == 0: msg = "%s.\n" % err msg += " Please ensure your host's network is configured correctly.\n" + msg += " Please ensure CONNECTIVITY_CHECK_URIS is correct and specified URIs are available.\n" msg += " If your ISP or network is blocking the above URL,\n" msg += " try with another domain name, for example by setting:\n" msg += " CONNECTIVITY_CHECK_URIS = \"https://www.example.com/\"" diff --git a/poky/meta/classes/uboot-sign.bbclass b/poky/meta/classes/uboot-sign.bbclass index 31ffe1f472..eecdec9160 100644 --- a/poky/meta/classes/uboot-sign.bbclass +++ b/poky/meta/classes/uboot-sign.bbclass @@ -73,6 +73,9 @@ UBOOT_FIT_HASH_ALG ?= "sha256" FIT_SIGN_ALG ?= "rsa2048" UBOOT_FIT_SIGN_ALG ?= "rsa2048" +# Kernel / U-Boot fitImage Padding Algo +FIT_PAD_ALG ?= "pkcs-1.5" + # Generate keys for signing Kernel / U-Boot fitImage FIT_GENERATE_KEYS ?= "0" UBOOT_FIT_GENERATE_KEYS ?= "0" diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 2a3cf6f8aa..516a30c963 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -924,7 +924,7 @@ SHELL[unexport] = "1" TRANSLATED_TARGET_ARCH ??= "${@d.getVar('TARGET_ARCH').replace("_", "-")}" # Set a default umask to use for tasks for determinism -BB_DEFAULT_UMASK = "022" +BB_DEFAULT_UMASK ??= "022" # Complete output from bitbake BB_CONSOLELOG ?= "${LOG_DIR}/cooker/${MACHINE}/${DATETIME}.log" diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 0a1897fc92..4778b1e5e6 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -544,10 +544,10 @@ RECIPE_MAINTAINER:pn-ofono = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-opensbi = "Alistair Francis <alistair.francis@wdc.com>" RECIPE_MAINTAINER:pn-openssh = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-openssl = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER:pn-opkg = "Alejandro del Castillo <alejandro.delcastillo@ni.com>" -RECIPE_MAINTAINER:pn-opkg-arch-config = "Alejandro del Castillo <alejandro.delcastillo@ni.com>" -RECIPE_MAINTAINER:pn-opkg-keyrings = "Alejandro del Castillo <alejandro.delcastillo@ni.com>" -RECIPE_MAINTAINER:pn-opkg-utils = "Alejandro del Castillo <alejandro.delcastillo@ni.com>" +RECIPE_MAINTAINER:pn-opkg = "Alex Stewart <alex.stewart@ni.com>" +RECIPE_MAINTAINER:pn-opkg-arch-config = "Alex Stewart <alex.stewart@ni.com>" +RECIPE_MAINTAINER:pn-opkg-keyrings = "Alex Stewart <alex.stewart@ni.com>" +RECIPE_MAINTAINER:pn-opkg-utils = "Alex Stewart <alex.stewart@ni.com>" RECIPE_MAINTAINER:pn-orc = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-os-release = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-ovmf = "Ricardo Neri <ricardo.neri-calderon@linux.intel.com>" diff --git a/poky/meta/conf/machine/include/arm/arch-armv9a.inc b/poky/meta/conf/machine/include/arm/arch-armv9a.inc new file mode 100644 index 0000000000..c38d6cfdf6 --- /dev/null +++ b/poky/meta/conf/machine/include/arm/arch-armv9a.inc @@ -0,0 +1,28 @@ +DEFAULTTUNE ?= "armv9a-crc" + +TUNEVALID[armv9a] = "Enable instructions for ARMv9-a" +TUNE_CCARGS_MARCH .= "${@bb.utils.contains('TUNE_FEATURES', 'armv9a', ' -march=armv9-a', '', d)}" +MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'armv9a', 'armv9a:', '', d)}" + +require conf/machine/include/arm/arch-arm64.inc +require conf/machine/include/arm/feature-arm-crc.inc +require conf/machine/include/arm/feature-arm-crypto.inc + +# Little Endian base configs +AVAILTUNES += "armv9a armv9a-crc armv9a-crc-crypto armv9a-crypto" +ARMPKGARCH:tune-armv9a ?= "armv9a" +ARMPKGARCH:tune-armv9a-crc ?= "armv9a" +ARMPKGARCH:tune-armv9a-crypto ?= "armv9a" +ARMPKGARCH:tune-armv9a-crc-crypto ?= "armv9a" +TUNE_FEATURES:tune-armv9a = "aarch64 armv9a" +TUNE_FEATURES:tune-armv9a-crc = "${TUNE_FEATURES:tune-armv9a} crc" +TUNE_FEATURES:tune-armv9a-crypto = "${TUNE_FEATURES:tune-armv9a} crypto" +TUNE_FEATURES:tune-armv9a-crc-crypto = "${TUNE_FEATURES:tune-armv9a-crc} crypto" +PACKAGE_EXTRA_ARCHS:tune-armv9a = "aarch64 armv9a" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crc = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} armv9a-crc" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} armv9a-crypto" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crc-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a-crc} armv9a-crypto armv9a-crc-crypto" +BASE_LIB:tune-armv9a = "lib64" +BASE_LIB:tune-armv9a-crc = "lib64" +BASE_LIB:tune-armv9a-crypto = "lib64" +BASE_LIB:tune-armv9a-crc-crypto = "lib64" diff --git a/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc b/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc index 36355f7bed..d26ab25e48 100644 --- a/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc +++ b/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc @@ -6,17 +6,15 @@ DEFAULTTUNE ?= "neoversen2" TUNEVALID[neoversen2] = "Enable Neoverse-N2 specific processor optimizations" TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'neoversen2', ' -mcpu=neoverse-n2', '', d)}" -# Even though the Neoverse N2 core implemnts the Arm v9.0-A architecture, -# but the support of it in GCC is based on the Arm v8.5-A architecture. -require conf/machine/include/arm/arch-armv8-5a.inc +require conf/machine/include/arm/arch-armv9a.inc # Little Endian base configs AVAILTUNES += "neoversen2 neoversen2-crypto" ARMPKGARCH:tune-neoversen2 = "neoversen2" ARMPKGARCH:tune-neoversen2-crypto = "neoversen2-crypto" -TUNE_FEATURES:tune-neoversen2 = "${TUNE_FEATURES:tune-armv8-5a} neoversen2" +TUNE_FEATURES:tune-neoversen2 = "${TUNE_FEATURES:tune-armv9a} neoversen2" TUNE_FEATURES:tune-neoversen2-crypto = "${TUNE_FEATURES:tune-neoversen2} crypto" -PACKAGE_EXTRA_ARCHS:tune-neoversen2 = "${PACKAGE_EXTRA_ARCHS:tune-armv8-5a} neoversen2" -PACKAGE_EXTRA_ARCHS:tune-neoversen2-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv8-5a-crypto} neoversen2 neoversen2-crypto" +PACKAGE_EXTRA_ARCHS:tune-neoversen2 = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} neoversen2" +PACKAGE_EXTRA_ARCHS:tune-neoversen2-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a-crypto} neoversen2 neoversen2-crypto" BASE_LIB:tune-neoversen2 = "lib64" BASE_LIB:tune-neoversen2-crypto = "lib64" diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index aa06497727..f40f16d7ab 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -143,7 +143,7 @@ def get_cpe_ids(cve_product, version): else: vendor = "*" - cpe_id = f'cpe:2.3:a:{vendor}:{product}:{version}:*:*:*:*:*:*:*' + cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version) cpe_ids.append(cpe_id) return cpe_ids diff --git a/poky/meta/lib/oe/npm_registry.py b/poky/meta/lib/oe/npm_registry.py new file mode 100644 index 0000000000..96c0affb45 --- /dev/null +++ b/poky/meta/lib/oe/npm_registry.py @@ -0,0 +1,169 @@ +import bb +import json +import subprocess + +_ALWAYS_SAFE = frozenset('ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + '0123456789' + '_.-~') + +MISSING_OK = object() + +REGISTRY = "https://registry.npmjs.org" + +# we can not use urllib.parse here because npm expects lowercase +# hex-chars but urllib generates uppercase ones +def uri_quote(s, safe = '/'): + res = "" + safe_set = set(safe) + for c in s: + if c in _ALWAYS_SAFE or c in safe_set: + res += c + else: + res += '%%%02x' % ord(c) + return res + +class PackageJson: + def __init__(self, spec): + self.__spec = spec + + @property + def name(self): + return self.__spec['name'] + + @property + def version(self): + return self.__spec['version'] + + @property + def empty_manifest(self): + return { + 'name': self.name, + 'description': self.__spec.get('description', ''), + 'versions': {}, + } + + def base_filename(self): + return uri_quote(self.name, safe = '@') + + def as_manifest_entry(self, tarball_uri): + res = {} + + ## NOTE: 'npm install' requires more than basic meta information; + ## e.g. it takes 'bin' from this manifest entry but not the actual + ## 'package.json' + for (idx,dflt) in [('name', None), + ('description', ""), + ('version', None), + ('bin', MISSING_OK), + ('man', MISSING_OK), + ('scripts', MISSING_OK), + ('directories', MISSING_OK), + ('dependencies', MISSING_OK), + ('devDependencies', MISSING_OK), + ('optionalDependencies', MISSING_OK), + ('license', "unknown")]: + if idx in self.__spec: + res[idx] = self.__spec[idx] + elif dflt == MISSING_OK: + pass + elif dflt != None: + res[idx] = dflt + else: + raise Exception("%s-%s: missing key %s" % (self.name, + self.version, + idx)) + + res['dist'] = { + 'tarball': tarball_uri, + } + + return res + +class ManifestImpl: + def __init__(self, base_fname, spec): + self.__base = base_fname + self.__spec = spec + + def load(self): + try: + with open(self.filename, "r") as f: + res = json.load(f) + except IOError: + res = self.__spec.empty_manifest + + return res + + def save(self, meta): + with open(self.filename, "w") as f: + json.dump(meta, f, indent = 2) + + @property + def filename(self): + return self.__base + ".meta" + +class Manifest: + def __init__(self, base_fname, spec): + self.__base = base_fname + self.__spec = spec + self.__lockf = None + self.__impl = None + + def __enter__(self): + self.__lockf = bb.utils.lockfile(self.__base + ".lock") + self.__impl = ManifestImpl(self.__base, self.__spec) + return self.__impl + + def __exit__(self, exc_type, exc_val, exc_tb): + bb.utils.unlockfile(self.__lockf) + +class NpmCache: + def __init__(self, cache): + self.__cache = cache + + @property + def path(self): + return self.__cache + + def run(self, type, key, fname): + subprocess.run(['oe-npm-cache', self.__cache, type, key, fname], + check = True) + +class NpmRegistry: + def __init__(self, path, cache): + self.__path = path + self.__cache = NpmCache(cache + '/_cacache') + bb.utils.mkdirhier(self.__path) + bb.utils.mkdirhier(self.__cache.path) + + @staticmethod + ## This function is critical and must match nodejs expectations + def _meta_uri(spec): + return REGISTRY + '/' + uri_quote(spec.name, safe = '@') + + @staticmethod + ## Exact return value does not matter; just make it look like a + ## usual registry url + def _tarball_uri(spec): + return '%s/%s/-/%s-%s.tgz' % (REGISTRY, + uri_quote(spec.name, safe = '@'), + uri_quote(spec.name, safe = '@/'), + spec.version) + + def add_pkg(self, tarball, pkg_json): + pkg_json = PackageJson(pkg_json) + base = os.path.join(self.__path, pkg_json.base_filename()) + + with Manifest(base, pkg_json) as manifest: + meta = manifest.load() + tarball_uri = self._tarball_uri(pkg_json) + + meta['versions'][pkg_json.version] = pkg_json.as_manifest_entry(tarball_uri) + + manifest.save(meta) + + ## Cache entries are a little bit dependent on the nodejs + ## version; version specific cache implementation must + ## mitigate differences + self.__cache.run('meta', self._meta_uri(pkg_json), manifest.filename); + self.__cache.run('tgz', tarball_uri, tarball); diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py index 9e6b411fb6..91312f8353 100644 --- a/poky/meta/lib/oe/rootfs.py +++ b/poky/meta/lib/oe/rootfs.py @@ -384,6 +384,10 @@ def create_rootfs(d, manifest_dir=None, progress_reporter=None, logcatcher=None) def image_list_installed_packages(d, rootfs_dir=None): + # Theres no rootfs for baremetal images + if bb.data.inherits_class('baremetal-image', d): + return "" + if not rootfs_dir: rootfs_dir = d.getVar('IMAGE_ROOTFS') diff --git a/poky/meta/lib/oe/spdx.py b/poky/meta/lib/oe/spdx.py index 14ca706895..6d56ed90df 100644 --- a/poky/meta/lib/oe/spdx.py +++ b/poky/meta/lib/oe/spdx.py @@ -218,7 +218,7 @@ class SPDXPackage(SPDXObject): SPDXID = _String() versionInfo = _String() downloadLocation = _String(default="NOASSERTION") - packageSupplier = _String(default="NOASSERTION") + supplier = _String(default="NOASSERTION") homepage = _String() licenseConcluded = _String(default="NOASSERTION") licenseDeclared = _String(default="NOASSERTION") diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py index f40c63026e..2cfb36425c 100644 --- a/poky/meta/lib/oeqa/runtime/cases/dnf.py +++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py @@ -144,7 +144,7 @@ class DnfRepoTest(DnfTest): self.assertEqual(0, status, output) @OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache']) - @skipIfNotInDataVar('DISTRO_FEATURES', 'usrmerge', 'Test run when enable usrmege') + @skipIfNotInDataVar('DISTRO_FEATURES', 'usrmerge', 'Test run when enable usrmerge') @OEHasPackage('busybox') def test_dnf_installroot_usrmerge(self): rootpath = '/home/root/chroot/test' diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py index 1f9365f3a8..2d59bcf5f7 100644 --- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py @@ -64,6 +64,7 @@ common_errors = [ "[pulseaudio] authkey.c: Failed to load authentication key", "was skipped because of a failed condition check", "was skipped because all trigger condition checks failed", + "xf86OpenConsole: Switching VT failed", ] video_related = [ @@ -140,6 +141,7 @@ ignore_errors = { 'Failed to initialize \'/amba/timer@101e3000\': -22', 'jitterentropy: Initialization failed with host not compliant with requirements: 2', 'clcd-pl11x: probe of 10120000.display failed with error -2', + 'arm-charlcd 10008000.lcd: error -ENXIO: IRQ index 0 not found' ] + common_errors, 'qemuarm64' : [ 'Fatal server error:', diff --git a/poky/meta/lib/oeqa/selftest/cases/fitimage.py b/poky/meta/lib/oeqa/selftest/cases/fitimage.py index e6bfd1257e..d732a9020d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/poky/meta/lib/oeqa/selftest/cases/fitimage.py @@ -738,6 +738,7 @@ UBOOT_LOADADDRESS = "0x80000000" UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_ARCH = "arm" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" +UBOOT_MKIMAGE_KERNEL_TYPE = "kernel" UBOOT_EXTLINUX = "0" FIT_GENERATE_KEYS = "1" KERNEL_IMAGETYPE_REPLACEMENT = "zImage" @@ -763,6 +764,7 @@ FIT_HASH_ALG = "sha256" kernel_load = str(get_bb_var('UBOOT_LOADADDRESS')) kernel_entry = str(get_bb_var('UBOOT_ENTRYPOINT')) + kernel_type = str(get_bb_var('UBOOT_MKIMAGE_KERNEL_TYPE')) kernel_compression = str(get_bb_var('FIT_KERNEL_COMP_ALG')) uboot_arch = str(get_bb_var('UBOOT_ARCH')) fit_hash_alg = str(get_bb_var('FIT_HASH_ALG')) @@ -775,7 +777,7 @@ FIT_HASH_ALG = "sha256" 'kernel-1 {', 'description = "Linux kernel";', 'data = /incbin/("linux.bin");', - 'type = "kernel";', + 'type = "' + kernel_type + '";', 'arch = "' + uboot_arch + '";', 'os = "linux";', 'compression = "' + kernel_compression + '";', diff --git a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py index c809d7c9b1..978898b86f 100644 --- a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py +++ b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py @@ -43,12 +43,6 @@ class oeGoToolchainSelfTest(OESelftestTestCase): @classmethod def tearDownClass(cls): - # Go creates file which are readonly - for dirpath, dirnames, filenames in os.walk(cls.tmpdir_SDKQA): - for filename in filenames + dirnames: - f = os.path.join(dirpath, filename) - if not os.path.islink(f): - os.chmod(f, 0o775) shutil.rmtree(cls.tmpdir_SDKQA, ignore_errors=True) super(oeGoToolchainSelfTest, cls).tearDownClass() @@ -56,6 +50,8 @@ class oeGoToolchainSelfTest(OESelftestTestCase): cmd = "cd %s/src/%s/%s; " % (self.go_path, proj, name) cmd = cmd + ". %s; " % self.env_SDK cmd = cmd + "export GOPATH=%s; " % self.go_path + cmd = cmd + "export GOFLAGS=-modcacherw; " + cmd = cmd + "export CGO_ENABLED=1; " cmd = cmd + "${CROSS_COMPILE}go %s" % gocmd return runCmd(cmd).status diff --git a/poky/meta/lib/oeqa/selftest/cases/git.py b/poky/meta/lib/oeqa/selftest/cases/intercept.py index f12874dc7d..f12874dc7d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/git.py +++ b/poky/meta/lib/oeqa/selftest/cases/intercept.py diff --git a/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py b/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py index 802a91a488..33bd6df2f3 100644 --- a/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py +++ b/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py @@ -3,6 +3,7 @@ # import os +import sys from oeqa.selftest.case import OESelftestTestCase import tempfile import operator @@ -11,15 +12,14 @@ from oeqa.utils.commands import get_bb_var class TestBlobParsing(OESelftestTestCase): def setUp(self): - import time self.repo_path = tempfile.mkdtemp(prefix='selftest-buildhistory', dir=get_bb_var('TOPDIR')) try: from git import Repo self.repo = Repo.init(self.repo_path) - except ImportError: - self.skipTest('Python module GitPython is not present') + except ImportError as e: + self.skipTest('Python module GitPython is not present (%s) (%s)' % (e, sys.path)) self.test_file = "test" self.var_map = {} diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py index de74c07a03..49fb6fe52c 100644 --- a/poky/meta/lib/oeqa/selftest/cases/wic.py +++ b/poky/meta/lib/oeqa/selftest/cases/wic.py @@ -1420,7 +1420,7 @@ class ModifyTests(WicTestCase): # list directory content of the first partition result = runCmd("wic ls %s:1 -n %s" % (images[0], sysroot)) - self.assertIn('\n%s ' % kerneltype.upper(), result.output) + self.assertIn('\n%s ' % kerneltype.upper(), result.output) self.assertIn('\nEFI <DIR> ', result.output) # remove file. EFI partitions are case-insensitive so exercise that too diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 76296d50cd..c19164e6e7 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -471,9 +471,9 @@ class QemuRunner: self.server_socket = qemusock stopread = True reachedlogin = True - self.logger.debug("Reached login banner in %s seconds (%s)" % + self.logger.debug("Reached login banner in %s seconds (%s, %s)" % (time.time() - (endtime - self.boottime), - time.strftime("%D %H:%M:%S"))) + time.strftime("%D %H:%M:%S"), time.time())) else: # no need to check if reachedlogin unless we support multiple connections self.logger.debug("QEMU socket disconnected before login banner reached. (%s)" % @@ -618,6 +618,8 @@ class QemuRunner: return self.qmp.cmd(command) def run_serial(self, command, raw=False, timeout=60): + # Returns (status, output) where status is 1 on success and 0 on error + # We assume target system have echo to get command status if not raw: command = "%s; echo $?\n" % command diff --git a/poky/meta/lib/rootfspostcommands.py b/poky/meta/lib/rootfspostcommands.py index fdb9f5b850..12f66d2ce2 100644 --- a/poky/meta/lib/rootfspostcommands.py +++ b/poky/meta/lib/rootfspostcommands.py @@ -58,3 +58,10 @@ def sort_passwd(sysconfdir): remove_backup(filename) if os.path.exists(filename): sort_file(filename, mapping) + # Drop other known backup shadow-utils. + for filename in ( + 'subgid', + 'subuid', + ): + filepath = os.path.join(sysconfdir, filename) + remove_backup(filepath) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000000..7f7bb1acfe --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -0,0 +1,179 @@ +From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap + out-of-bounds write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3695 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/png.c | 87 +++-------------------------------- + 1 file changed, 7 insertions(+), 80 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 35ae553c8..a3161e25b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ +- +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) + return; + } + +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } +- + { + /* Only copy the upper 8 bit. */ + #ifndef GRUB_CPU_WORDS_BIGENDIAN +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch new file mode 100644 index 0000000000..f06514e665 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch @@ -0,0 +1,50 @@ +From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table + items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3696 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e25b..d7ed5aa6c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch new file mode 100644 index 0000000000..e9fc52df86 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch @@ -0,0 +1,84 @@ +From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3697 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 579bbe8a4..09596fbf5 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -23,6 +23,7 @@ + #include <grub/mm.h> + #include <grub/misc.h> + #include <grub/bufio.h> ++#include <grub/safemath.h> + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -699,6 +700,7 @@ static grub_err_t + grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; ++ unsigned stride_a, stride_b, stride; + int rst = data->dri; + grub_err_t err = GRUB_ERR_NONE; + +@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (grub_mul(vb, data->image_width, &stride_a) || ++ grub_mul(hb, nc1, &stride_b) || ++ grub_sub(stride_a, stride_b, &stride)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); +- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) ++ data->r1++, data->bitmap_ptr += stride * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); + c1++, rst--, data->bitmap_ptr += hb * 3) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000000..8bf9090f94 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch @@ -0,0 +1,63 @@ +From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: [PATCH] net/ip: Do IP fragment maths safely + +We can receive packets with invalid IP fragmentation information. This +can lead to rsm->total_len underflowing and becoming very large. + +Then, in grub_netbuff_alloc(), we add to this very large number, which can +cause it to overflow and wrap back around to a small positive number. +The allocation then succeeds, but the resulting buffer is too small and +subsequent operations can write past the end of the buffer. + +Catch the underflow here. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28733 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> + +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index e3d62e97f..3c3d0be0e 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include <grub/net/netbuff.h> + #include <grub/mm.h> + #include <grub/priority_queue.h> ++#include <grub/safemath.h> + #include <grub/time.h> + + struct iphdr { +@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000000..f31167d315 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -0,0 +1,58 @@ +From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: [PATCH] net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 33a0a28c4..9291a13e2 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000000..e0ca1eec44 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -0,0 +1,56 @@ +From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: [PATCH] net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index f8d7bf0cd..33a0a28c4 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch new file mode 100644 index 0000000000..7a59f10bfb --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch @@ -0,0 +1,111 @@ +From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode <julian.klode@canonical.com> +Date: Thu, 2 Dec 2021 15:03:53 +0100 +Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock + verifier + +We must not allow other verifiers to pass things like the GRUB modules. +Instead of maintaining a blocklist, maintain an allowlist of things +that we do not care about. + +This allowlist really should be made reusable, and shared by the +lockdown verifier, but this is the minimal patch addressing +security concerns where the TPM verifier was able to mark modules +as verified (or the OpenPGP verifier for that matter), when it +should not do so on shim-powered secure boot systems. + +Fixes: CVE-2022-28735 + +Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE:CVE-2022-28735 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- + include/grub/verify.h | 1 + + 2 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index c52ec6226..89c4bb3fd 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + void **context __attribute__ ((unused)), + enum grub_verify_flags *flags) + { +- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ *flags = GRUB_VERIFY_FLAGS_NONE; + + switch (type & GRUB_FILE_TYPE_MASK) + { ++ /* Files we check. */ + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: + case GRUB_FILE_TYPE_BSD_KERNEL: +@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + case GRUB_FILE_TYPE_PLAN9_KERNEL: + case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: + *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; + +- /* Fall through. */ ++ /* Files that do not affect secureboot state. */ ++ case GRUB_FILE_TYPE_NONE: ++ case GRUB_FILE_TYPE_LOOPBACK: ++ case GRUB_FILE_TYPE_LINUX_INITRD: ++ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: ++ case GRUB_FILE_TYPE_XNU_RAMDISK: ++ case GRUB_FILE_TYPE_SIGNATURE: ++ case GRUB_FILE_TYPE_PUBLIC_KEY: ++ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: ++ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: ++ case GRUB_FILE_TYPE_TESTLOAD: ++ case GRUB_FILE_TYPE_GET_SIZE: ++ case GRUB_FILE_TYPE_FONT: ++ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: ++ case GRUB_FILE_TYPE_CAT: ++ case GRUB_FILE_TYPE_HEXCAT: ++ case GRUB_FILE_TYPE_CMP: ++ case GRUB_FILE_TYPE_HASHLIST: ++ case GRUB_FILE_TYPE_TO_HASH: ++ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: ++ case GRUB_FILE_TYPE_PIXMAP: ++ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: ++ case GRUB_FILE_TYPE_CONFIG: ++ case GRUB_FILE_TYPE_THEME: ++ case GRUB_FILE_TYPE_GETTEXT_CATALOG: ++ case GRUB_FILE_TYPE_FS_SEARCH: ++ case GRUB_FILE_TYPE_LOADENV: ++ case GRUB_FILE_TYPE_SAVEENV: ++ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; + ++ /* Other files. */ + default: +- return GRUB_ERR_NONE; ++ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); + } + } + +diff --git a/include/grub/verify.h b/include/grub/verify.h +index cd129c398..672ae1692 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -24,6 +24,7 @@ + + enum grub_verify_flags + { ++ GRUB_VERIFY_FLAGS_NONE = 0, + GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, + GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, + /* Defer verification to another authority. */ +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch new file mode 100644 index 0000000000..2db9bcbbc5 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch @@ -0,0 +1,693 @@ +From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001 +From: Elyes Haouas <ehaouas@noos.fr> +Date: Fri, 4 Mar 2022 07:42:13 +0100 +Subject: [PATCH] video: Remove trailing whitespaces + +Signed-off-by: Elyes Haouas <ehaouas@noos.fr> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/bochs.c | 2 +- + grub-core/video/capture.c | 2 +- + grub-core/video/cirrus.c | 4 ++-- + grub-core/video/coreboot/cbfb.c | 2 +- + grub-core/video/efi_gop.c | 22 +++++++++---------- + grub-core/video/fb/fbblit.c | 8 +++---- + grub-core/video/fb/video_fb.c | 10 ++++----- + grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- + grub-core/video/i386/pc/vga.c | 6 ++--- + grub-core/video/ieee1275.c | 4 ++-- + grub-core/video/radeon_fuloong2e.c | 6 ++--- + grub-core/video/radeon_yeeloong3a.c | 6 ++--- + grub-core/video/readers/png.c | 2 +- + grub-core/video/readers/tga.c | 2 +- + grub-core/video/sis315_init.c | 2 +- + grub-core/video/sis315pro.c | 8 +++---- + grub-core/video/sm712.c | 10 ++++----- + grub-core/video/video.c | 8 +++---- + 18 files changed, 69 insertions(+), 69 deletions(-) + +diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c +index 30ea1bd82..edc651697 100644 +--- a/grub-core/video/bochs.c ++++ b/grub-core/video/bochs.c +@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + + if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) + return 0; +- ++ + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); + framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; + if (!framebuffer.base) +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4d3195e01..c653d89f9 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; +- ++ + err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, + &framebuffer.mode_info, + framebuffer.ptr); +diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c +index e2149e8ce..f5542ccdc 100644 +--- a/grub-core/video/cirrus.c ++++ b/grub-core/video/cirrus.c +@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, + grub_uint8_t sr_ext = 0, hidden_dac = 0; + + grub_vga_set_geometry (&config, grub_vga_cr_write); +- ++ + grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, + GRUB_VGA_GR_MODE); + grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); +- ++ + grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); + + grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) +diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c +index 9af81fa5b..986003c51 100644 +--- a/grub-core/video/coreboot/cbfb.c ++++ b/grub-core/video/coreboot/cbfb.c +@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, + + grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index b7590dc6c..7a5054631 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; + struct grub_video_mode_info mode_info; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + + if (status) +@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + found = 1; + } + } +- ++ + if (!found) + { + unsigned mode; +@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_efi_uintn_t size; + grub_efi_status_t status; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + if (status) + { +@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen + = grub_malloc (framebuffer.mode_info.height +- * framebuffer.mode_info.width ++ * framebuffer.mode_info.width + * sizeof (struct grub_efi_gop_blt_pixel)); + + buffer = framebuffer.offscreen; +- ++ + if (!buffer) + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); +@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + &framebuffer.mode_info); + buffer = framebuffer.ptr; + } +- ++ + grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", + framebuffer.ptr, framebuffer.mode_info.width, + framebuffer.mode_info.height, framebuffer.mode_info.bpp); +- ++ + err = grub_video_fb_create_render_target_from_pointer + (&framebuffer.render_target, &framebuffer.mode_info, buffer); + +@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't create FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + { + grub_dprintf ("video", "GOP: Couldn't set FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't set palette\n"); + else + grub_dprintf ("video", "GOP: Success\n"); +- ++ + return err; + } + +diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c +index d55924837..1010ef393 100644 +--- a/grub-core/video/fb/fbblit.c ++++ b/grub-core/video/fb/fbblit.c +@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr == 0xf0) ++ if (*srcptr == 0xf0) + col = palette[16]; + else + col = palette[*srcptr & 0xf]; +@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + srcptr++; + } + +@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr != 0xf0) ++ if (*srcptr != 0xf0) + { + col = palette[*srcptr & 0xf]; + #ifdef GRUB_CPU_WORDS_BIGENDIAN +@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + } + else + dstptr += 3; +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index ae6b89f9a..fa4ebde26 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, + *alpha = 0; + return; + } +- ++ + /* If we have an out-of-bounds color, return transparent black. */ + if (color > 255) + { +@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + /* If everything is aligned on 32-bit use 32-bit copy. */ + if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint32_t) == 0 +- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) ++ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) + % sizeof (grub_uint32_t) == 0 + && linelen % sizeof (grub_uint32_t) == 0 + && linedelta % sizeof (grub_uint32_t) == 0) +@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint16_t) == 0 + && (grub_addr_t) grub_video_fb_get_video_ptr (&target, +- dst_x, dst_y) ++ dst_x, dst_y) + % sizeof (grub_uint16_t) == 0 + && linelen % sizeof (grub_uint16_t) == 0 + && linedelta % sizeof (grub_uint16_t) == 0) +@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + { + grub_uint8_t *src, *dst; + DO_SCROLL +- } ++ } + } + + /* 4. Fill empty space with specified color. In this implementation +@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, + framebuffer.render_target = framebuffer.back_target; + return GRUB_ERR_NONE; + } +- ++ + mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED + | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); + +diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c +index b7f911926..0e65b5206 100644 +--- a/grub-core/video/i386/pc/vbe.c ++++ b/grub-core/video/i386/pc/vbe.c +@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) + } + + /* Call VESA BIOS 0x4f09 to set palette data, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + grub_uint32_t start_index, + struct grub_vbe_palette_data *palette_data) +@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + } + + /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + { + struct grub_bios_int_registers regs; +@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + } + + /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode_info (grub_uint32_t mode, + struct grub_vbe_mode_info_block *mode_info) + { +@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, + } + + /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode (grub_uint32_t *mode) + { + struct grub_bios_int_registers regs; +@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) + return regs.eax & 0xffff; + } + +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) + { + struct grub_bios_int_registers regs; +@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, + } + + /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_set_scanline_length (grub_uint32_t length) + { + struct grub_bios_int_registers regs; +@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) + regs.ecx = length; + regs.eax = 0x4f06; + /* BL = 2, Set Scan Line in Bytes. */ +- regs.ebx = 0x0002; ++ regs.ebx = 0x0002; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + return regs.eax & 0xffff; + } + + /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + { + struct grub_bios_int_registers regs; +@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + } + + /* Call VESA BIOS 0x4f07 to set display start, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + { + struct grub_bios_int_registers regs; +@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + regs.edx = y; + regs.eax = 0x4f07; + /* BL = 80h, Set Display Start during Vertical Retrace. */ +- regs.ebx = 0x0080; ++ regs.ebx = 0x0080; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + +@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + } + + /* Call VESA BIOS 0x4f07 to get display start, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_display_start (grub_uint32_t *x, + grub_uint32_t *y) + { +@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, + } + + /* Call VESA BIOS 0x4f0a. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, + grub_uint16_t *length) + { +@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, + case GRUB_VBE_MEMORY_MODEL_YUV: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; + break; +- ++ + case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; + break; +@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, + break; + case 8: + mode_info->bytes_per_pixel = 1; +- break; ++ break; + case 4: + mode_info->bytes_per_pixel = 0; +- break; ++ break; + } + + if (controller_info.version >= 0x300) +@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + + static grub_err_t + grub_video_vbe_setup (unsigned int width, unsigned int height, +- grub_video_mode_type_t mode_type, ++ grub_video_mode_type_t mode_type, + grub_video_mode_type_t mode_mask) + { + grub_uint16_t *p; +@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void) + controller_info.version & 0xFF, + controller_info.oem_software_rev >> 8, + controller_info.oem_software_rev & 0xFF); +- ++ + /* The total_memory field is in 64 KiB units. */ + grub_printf_ (N_(" total memory: %d KiB\n"), + (controller_info.total_memory << 6)); +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index b2f776c99..50d0b5e02 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -48,7 +48,7 @@ static struct + int back_page; + } framebuffer; + +-static unsigned char ++static unsigned char + grub_vga_set_mode (unsigned char mode) + { + struct grub_bios_int_registers regs; +@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + is_target = 1; + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c +index f437fb0df..ca3d3c3b2 100644 +--- a/grub-core/video/ieee1275.c ++++ b/grub-core/video/ieee1275.c +@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + /* TODO. */ + return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); + } +- ++ + err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); + if (err) + { +@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + + grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c +index b4da34b5e..40917acb7 100644 +--- a/grub-core/video/radeon_fuloong2e.c ++++ b/grub-core/video/radeon_fuloong2e.c +@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x515a1002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + framebuffer.mapped = 1; + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0x55, ++ grub_memset (framebuffer.ptr, 0x55, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c +index 52614feb6..48631c181 100644 +--- a/grub-core/video/radeon_yeeloong3a.c ++++ b/grub-core/video/radeon_yeeloong3a.c +@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x96151002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + #endif + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff742..54dfedf43 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- ++ + if (data->is_gray) + { + switch (data->bpp) +diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c +index 7cb9d1d2a..a9ec3a1b6 100644 +--- a/grub-core/video/readers/tga.c ++++ b/grub-core/video/readers/tga.c +@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) + + if (len > sizeof (data->palette)) + len = sizeof (data->palette); +- ++ + if (grub_file_read (data->file, &data->palette, len) + != (grub_ssize_t) len) + return grub_errno; +diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c +index ae5c1419c..09c3c7bbe 100644 +--- a/grub-core/video/sis315_init.c ++++ b/grub-core/video/sis315_init.c +@@ -1,4 +1,4 @@ +-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = ++static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = + { + { 0x28, 0x81 }, + { 0x2a, 0x00 }, +diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c +index 22a0c85a6..4d2f9999a 100644 +--- a/grub-core/video/sis315pro.c ++++ b/grub-core/video/sis315pro.c +@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SIS315PRO_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + + #ifndef TEST + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + grub_arch_sync_dma_caches (framebuffer.ptr, + framebuffer.mode_info.height +@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 + | GRUB_VGA_IO_MISC_28MHZ + | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS +- | GRUB_VGA_IO_MISC_COLOR, ++ | GRUB_VGA_IO_MISC_COLOR, + GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); + + grub_vga_sr_write (0x86, 5); +@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + { + if (read_sis_cmd (0x5) != 0xa1) + write_sis_cmd (0x86, 0x5); +- ++ + write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); + write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); + +diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c +index 10c46eb65..65f59f84b 100644 +--- a/grub-core/video/sm712.c ++++ b/grub-core/video/sm712.c +@@ -167,7 +167,7 @@ enum + GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, + GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, + GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, +- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, ++ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, + GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, + GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, + GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, +@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SM712_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + + #if !defined (TEST) && !defined(GENINIT) + /* Prevent garbage from appearing on the screen. */ +- grub_memset ((void *) framebuffer.cached_ptr, 0, ++ grub_memset ((void *) framebuffer.cached_ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + #endif + +@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + grub_sm712_sr_write (0x2, 0x6b); + grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); + grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); +- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY ++ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY + | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY + | GRUB_VGA_IO_MISC_UPPER_64K + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 +@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) + grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, + dda_lookups[i].vcentering); +- ++ + /* Undocumented */ + grub_sm712_cr_write (0, 0x9c); + grub_sm712_cr_write (0, 0x9d); +diff --git a/grub-core/video/video.c b/grub-core/video/video.c +index 983424107..8937da745 100644 +--- a/grub-core/video/video.c ++++ b/grub-core/video/video.c +@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + current_mode); + + param++; +- ++ + *width = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Find height value. */ + value = param; + param = grub_strchr(param, 'x'); +@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + { + /* We have optional color depth value. */ + param++; +- ++ + *height = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Convert color depth value. */ + value = param; + *depth = grub_strtoul (value, 0, 0); +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000000..0c7deae858 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -0,0 +1,264 @@ +From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index c47ffd651..806c56c78 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000000..91ecaad98a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -0,0 +1,53 @@ +From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of + streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 2284a6c06..579bbe8a4 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 45852ab9b1..47ea561002 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -22,6 +22,16 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0001-RISC-V-Restore-the-typcast-to-long.patch \ file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ + file://video-Remove-trailing-whitespaces.patch \ + file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ + file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ + file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ + file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ + file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ + file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ + file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ + file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ + file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch new file mode 100644 index 0000000000..70fdbb1031 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch @@ -0,0 +1,64 @@ +From 50d4b8b9effcf9dc9e5a90034de2f0003fb063f0 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal <miquel.raynal@bootlin.com> +Date: Mon, 27 Jun 2022 12:20:03 +0200 +Subject: [PATCH] fs/squashfs: Use kcalloc when relevant + +A crafted squashfs image could embed a huge number of empty metadata +blocks in order to make the amount of malloc()'d memory overflow and be +much smaller than expected. Because of this flaw, any random code +positioned at the right location in the squashfs image could be memcpy'd +from the squashfs structures into U-Boot code location while trying to +access the rearmost blocks, before being executed. + +In order to prevent this vulnerability from being exploited in eg. a +secure boot environment, let's add a check over the amount of data +that is going to be allocated. Such a check could look like: + +if (!elem_size || n > SIZE_MAX / elem_size) + return NULL; + +The right way to do it would be to enhance the calloc() implementation +but this is quite an impacting change for such a small fix. Another +solution would be to add the check before the malloc call in the +squashfs implementation, but this does not look right. So for now, let's +use the kcalloc() compatibility function from Linux, which has this +check. + +Fixes: c5100613037 ("fs/squashfs: new filesystem") +Reported-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com> +Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> +Tested-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com> + +Upstream-Status: Backport [7f7fb9937c6cb49dd35153bd6708872b390b0a44] +CVE: CVE-2022-33967 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + fs/squashfs/sqfs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c +index e2d91c654c..10e63afbce 100644 +--- a/fs/squashfs/sqfs.c ++++ b/fs/squashfs/sqfs.c +@@ -13,6 +13,7 @@ + #include <linux/types.h> + #include <linux/byteorder/little_endian.h> + #include <linux/byteorder/generic.h> ++#include <linux/compat.h> + #include <memalign.h> + #include <stdlib.h> + #include <string.h> +@@ -725,7 +726,8 @@ static int sqfs_read_inode_table(unsigned char **inode_table) + goto free_itb; + } + +- *inode_table = malloc(metablks_count * SQFS_METADATA_BLOCK_SIZE); ++ *inode_table = kcalloc(metablks_count, SQFS_METADATA_BLOCK_SIZE, ++ GFP_KERNEL); + if (!*inode_table) { + ret = -ENOMEM; + goto free_itb; +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch new file mode 100644 index 0000000000..b1650f6baa --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch @@ -0,0 +1,80 @@ +From 65f1066f5abe291c7b10b6075fd60776074a38a9 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal <miquel.raynal@bootlin.com> +Date: Thu, 9 Jun 2022 16:02:06 +0200 +Subject: [PATCH] fs/squashfs: sqfs_read: Prevent arbitrary code execution + +Following Jincheng's report, an out-of-band write leading to arbitrary +code execution is possible because on one side the squashfs logic +accepts directory names up to 65535 bytes (u16), while U-Boot fs logic +accepts directory names up to 255 bytes long. + +Prevent such an exploit from happening by capping directory name sizes +to 255. Use a define for this purpose so that developers can link the +limitation to its source and eventually kill it some day by dynamically +allocating this array (if ever desired). + +Link: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com +Reported-by: Jincheng Wang <jc.w4ng@gmail.com> +Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> +Tested-by: Jincheng Wang <jc.w4ng@gmail.com> + +CVE: CVE-2022-33103 +Upstream-Status: Backport [2ac0baab4aff1a0b45067d0b62f00c15f4e86856] + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + fs/squashfs/sqfs.c | 8 +++++--- + include/fs.h | 4 +++- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c +index e2d91c654c..a145d754cc 100644 +--- a/fs/squashfs/sqfs.c ++++ b/fs/squashfs/sqfs.c +@@ -973,6 +973,7 @@ int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp) + int i_number, offset = 0, ret; + struct fs_dirent *dent; + unsigned char *ipos; ++ u16 name_size; + + dirs = (struct squashfs_dir_stream *)fs_dirs; + if (!dirs->size) { +@@ -1055,9 +1056,10 @@ int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp) + return -SQFS_STOP_READDIR; + } + +- /* Set entry name */ +- strncpy(dent->name, dirs->entry->name, dirs->entry->name_size + 1); +- dent->name[dirs->entry->name_size + 1] = '\0'; ++ /* Set entry name (capped at FS_DIRENT_NAME_LEN which is a U-Boot limitation) */ ++ name_size = min_t(u16, dirs->entry->name_size + 1, FS_DIRENT_NAME_LEN - 1); ++ strncpy(dent->name, dirs->entry->name, name_size); ++ dent->name[name_size] = '\0'; + + offset = dirs->entry->name_size + 1 + SQFS_ENTRY_BASE_LENGTH; + dirs->entry_count--; +diff --git a/include/fs.h b/include/fs.h +index 1c79e299fd..6cb7ec89f4 100644 +--- a/include/fs.h ++++ b/include/fs.h +@@ -161,6 +161,8 @@ int fs_write(const char *filename, ulong addr, loff_t offset, loff_t len, + #define FS_DT_REG 8 /* regular file */ + #define FS_DT_LNK 10 /* symbolic link */ + ++#define FS_DIRENT_NAME_LEN 256 ++ + /** + * struct fs_dirent - directory entry + * +@@ -181,7 +183,7 @@ struct fs_dirent { + /** change_time: time of last modification */ + struct rtc_time change_time; + /** name: file name */ +- char name[256]; ++ char name[FS_DIRENT_NAME_LEN]; + }; + + /* Note: fs_dir_stream should be treated as opaque to the user of fs layer */ +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch b/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch new file mode 100644 index 0000000000..3f9cc7776b --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch @@ -0,0 +1,207 @@ +From c7cab39de5e4b22620248a190b3d2ee46cff38c2 Mon Sep 17 00:00:00 2001 +From: Fabio Estevam <festevam@denx.de> +Date: Thu, 26 May 2022 11:14:37 -0300 +Subject: [PATCH] net: Check for the minimum IP fragmented datagram size + +Nicolas Bidron and Nicolas Guigo reported the two bugs below: + +" +----------BUG 1---------- + +In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of +`ip->ip_len` (IP packet header's Total Length) higher than `IP_HDR_SIZE` +and strictly lower than `IP_HDR_SIZE+8` will lead to a value for `len` +comprised between `0` and `7`. This will ultimately result in a +truncated division by `8` resulting value of `0` forcing the hole +metadata and fragment to point to the same location. The subsequent +memcopy will overwrite the hole metadata with the fragment data. Through +a second fragment, this can be exploited to write to an arbitrary offset +controlled by that overwritten hole metadata value. + +This bug is only exploitable locally as it requires crafting two packets +the first of which would most likely be dropped through routing due to +its unexpectedly low Total Length. However, this bug can potentially be +exploited to root linux based embedded devices locally. + +```C +static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) +{ + static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); + static u16 first_hole, total_len; + struct hole *payload, *thisfrag, *h, *newh; + struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; + uchar *indata = (uchar *)ip; + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); + thisfrag = payload + offset8; + start = offset8 * 8; + len = ntohs(ip->ip_len) - IP_HDR_SIZE; +``` + +The last line of the previous excerpt from `u-boot/net/net.c` shows how +the attacker can control the value of `len` to be strictly lower than +`8` by issuing a packet with `ip_len` between `21` and `27` +(`IP_HDR_SIZE` has a value of `20`). + +Also note that `offset8` here is `0` which leads to `thisfrag = payload`. + +```C + } else if (h >= thisfrag) { + /* overlaps with initial part of the hole: move this hole */ + newh = thisfrag + (len / 8); + *newh = *h; + h = newh; + if (h->next_hole) + payload[h->next_hole].prev_hole = (h - payload); + if (h->prev_hole) + payload[h->prev_hole].next_hole = (h - payload); + else + first_hole = (h - payload); + + } else { +``` + +Lower down the same function, execution reaches the above code path. +Here, `len / 8` evaluates to `0` leading to `newh = thisfrag`. Also note +that `first_hole` here is `0` since `h` and `payload` point to the same +location. + +```C + /* finally copy this fragment and possibly return whole packet */ + memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); +``` + +Finally, in the above excerpt the `memcpy` overwrites the hole metadata +since `thisfrag` and `h` both point to the same location. The hole +metadata is effectively overwritten with arbitrary data from the +fragmented IP packet data. If `len` was crafted to be `6`, `last_byte`, +`next_hole`, and `prev_hole` of the `first_hole` can be controlled by +the attacker. + +Finally the arbitrary offset write occurs through a second fragment that +only needs to be crafted to write data in the hole pointed to by the +previously controlled hole metadata (`next_hole`) from the first packet. + + ### Recommendation + +Handle cases where `len` is strictly lower than 8 by preventing the +overwrite of the hole metadata during the memcpy of the fragment. This +could be achieved by either: +* Moving the location where the hole metadata is stored when `len` is +lower than `8`. +* Or outright rejecting fragmented IP datagram with a Total Length +(`ip_len`) lower than 28 bytes which is the minimum valid fragmented IP +datagram size (as defined as the minimum fragment of 8 octets in the IP +Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 25). + +----------BUG 2---------- + +In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of +`ip->ip_len` (IP packet header's Total Length) lower than `IP_HDR_SIZE` +will lead to a negative value for `len` which will ultimately result in +a buffer overflow during the subsequent `memcpy` that uses `len` as it's +`count` parameter. + +This bug is only exploitable on local ethernet as it requires crafting +an invalid packet to include an unexpected `ip_len` value in the IP UDP +header that's lower than the minimum accepted Total Length of a packet +(21 as defined in the IP Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791)). Such packet +would in all likelihood be dropped while being routed to its final +destination through most routing equipment and as such requires the +attacker to be in a local position in order to be exploited. + +```C +static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) +{ + static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); + static u16 first_hole, total_len; + struct hole *payload, *thisfrag, *h, *newh; + struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; + uchar *indata = (uchar *)ip; + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); + thisfrag = payload + offset8; + start = offset8 * 8; + len = ntohs(ip->ip_len) - IP_HDR_SIZE; +``` + +The last line of the previous excerpt from `u-boot/net/net.c` shows +where the underflow to a negative `len` value occurs if `ip_len` is set +to a value strictly lower than 20 (`IP_HDR_SIZE` being 20). Also note +that in the above excerpt the `pkt_buff` buffer has a size of +`CONFIG_NET_MAXDEFRAG` which defaults to 16 KB but can range from 1KB to +64 KB depending on configurations. + +```C + /* finally copy this fragment and possibly return whole packet */ + memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); +``` + +In the above excerpt the `memcpy` overflows the destination by +attempting to make a copy of nearly 4 gigabytes in a buffer that's +designed to hold `CONFIG_NET_MAXDEFRAG` bytes at most which leads to a DoS. + + ### Recommendation + +Stop processing of the packet if `ip_len` is lower than 21 (as defined +by the minimum length of a data carrying datagram in the IP +Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 34)." + +Add a check for ip_len lesser than 28 and stop processing the packet +in this case. + +Such a check covers the two reported bugs. + +Reported-by: Nicolas Bidron <nicolas.bidron@nccgroup.com> +Signed-off-by: Fabio Estevam <festevam@denx.de> + +Upstream-Status: Backport [b85d130ea0cac152c21ec38ac9417b31d41b5552] +CVE: CVE-2022-30552 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + include/net.h | 2 ++ + net/net.c | 3 +++ + 2 files changed, 5 insertions(+) + +diff --git a/include/net.h b/include/net.h +index cec8c98618..09d7e9b9e8 100644 +--- a/include/net.h ++++ b/include/net.h +@@ -397,6 +397,8 @@ struct ip_hdr { + + #define IP_HDR_SIZE (sizeof(struct ip_hdr)) + ++#define IP_MIN_FRAG_DATAGRAM_SIZE (IP_HDR_SIZE + 8) ++ + /* + * Internet Protocol (IP) + UDP header. + */ +diff --git a/net/net.c b/net/net.c +index c2992a0908..f5400e6dbc 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -907,6 +907,9 @@ static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + ++ if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE) ++ return NULL; ++ + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb index f2443723e2..c4cfcbca19 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb @@ -1,9 +1,12 @@ require u-boot-common.inc require u-boot.inc -SRC_URI:append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ +SRC_URI += " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ file://0001-riscv-fix-build-with-binutils-2.38.patch \ file://0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch \ + file://0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch \ + file://0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch \ + file://0001-fs-squashfs-Use-kcalloc-when-relevant.patch \ " DEPENDS += "bc-native dtc-native python3-setuptools-native" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 index 968679ff7f..968679ff7f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch index aa3642acec..aa3642acec 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service index cda56ef015..cda56ef015 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.4.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb index c3efaffeda..11c8a4e9d3 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.4.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "f277ae50159a00c300eb926a9c5d51953038a936bd8242d6913dfb6eac42761d" +SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 22dd07b348..79d4645ca8 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -53,7 +53,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ - file://fix_service.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch deleted file mode 100644 index 96fdf6b299..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch +++ /dev/null @@ -1,30 +0,0 @@ -The systemd bluetooth service failed to start because the /var/lib/bluetooth -path of ReadWritePaths= is created by the bluetooth daemon itself. - -The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth -and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service. -The existing ProtectSystem=full option mounts the /usr, the boot loader -directories and /etc read-only. This means the two option are useless and could be removed. - -Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329] - -Index: bluez-5.64/src/bluetooth.service.in -=================================================================== ---- bluez-5.64.orig/src/bluetooth.service.in -+++ bluez-5.64/src/bluetooth.service.in -@@ -15,12 +15,12 @@ LimitNPROC=1 - - # Filesystem lockdown - ProtectHome=true --ProtectSystem=full -+ProtectSystem=strict - PrivateTmp=true - ProtectKernelTunables=true - ProtectControlGroups=true --ReadWritePaths=@statedir@ --ReadOnlyPaths=@confdir@ -+ConfigurationDirectory=bluetooth -+StateDirectory=bluetooth - - # Execute Mappings - MemoryDenyWriteExecute=true diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb index 4319f9aae8..4c15aeb46d 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb @@ -1,6 +1,6 @@ require bluez5.inc -SRC_URI[sha256sum] = "ae437e65b6b3070c198bc5b0109fe9cdeb9eaa387380e2072f9de65fe8a1de34" +SRC_URI[sha256sum] = "2565a4d48354b576e6ad92e25b54ed66808296581c8abb80587051f9993d96d4" # These issues have kernel fixes rather than bluez fixes so exclude here CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch new file mode 100644 index 0000000000..182c5ca29c --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch @@ -0,0 +1,37 @@ +From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 +From: Nathan Crandall <ncrandall@tesla.com> +Date: Tue, 12 Jul 2022 08:56:34 +0200 +Subject: gweb: Fix OOB write in received_data() + +There is a mismatch of handling binary vs. C-string data with memchr +and strlen, resulting in pos, count, and bytes_read to become out of +sync and result in a heap overflow. Instead, do not treat the buffer +as an ASCII C-string. We calculate the count based on the return value +of memchr, instead of strlen. + +Fixes: CVE-2022-32292 + +CVE: CVE-2022-32292 + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + gweb/gweb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gweb/gweb.c b/gweb/gweb.c +index 12fcb1d8..13c6c5f2 100644 +--- a/gweb/gweb.c ++++ b/gweb/gweb.c +@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, + } + + *pos = '\0'; +- count = strlen((char *) ptr); ++ count = pos - ptr; + if (count > 0 && ptr[count - 1] == '\r') { + ptr[--count] = '\0'; + bytes_read--; +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch new file mode 100644 index 0000000000..b280203594 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch @@ -0,0 +1,141 @@ +From 72343929836de80727a27d6744c869dff045757c Mon Sep 17 00:00:00 2001 +From: Daniel Wagner <wagi@monom.org> +Date: Tue, 5 Jul 2022 08:32:12 +0200 +Subject: wispr: Add reference counter to portal context + +Track the connman_wispr_portal_context live time via a +refcounter. This only adds the infrastructure to do proper reference +counting. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/wispr.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 42 insertions(+), 10 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index a07896ca..bde7e63b 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -56,6 +56,7 @@ struct wispr_route { + }; + + struct connman_wispr_portal_context { ++ int refcount; + struct connman_service *service; + enum connman_ipconfig_type type; + struct connman_wispr_portal *wispr_portal; +@@ -97,6 +98,11 @@ static char *online_check_ipv4_url = NULL; + static char *online_check_ipv6_url = NULL; + static bool enable_online_to_ready_transition = false; + ++#define wispr_portal_context_ref(wp_context) \ ++ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__) ++#define wispr_portal_context_unref(wp_context) \ ++ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__) ++ + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { + DBG(""); +@@ -162,9 +168,6 @@ static void free_connman_wispr_portal_context( + { + DBG("context %p", wp_context); + +- if (!wp_context) +- return; +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -201,9 +204,38 @@ static void free_connman_wispr_portal_context( + g_free(wp_context); + } + ++static struct connman_wispr_portal_context * ++wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount + 1, file, line, caller); ++ ++ __sync_fetch_and_add(&wp_context->refcount, 1); ++ ++ return wp_context; ++} ++ ++static void wispr_portal_context_unref_debug( ++ struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ if (!wp_context) ++ return; ++ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount - 1, file, line, caller); ++ ++ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1) ++ return; ++ ++ free_connman_wispr_portal_context(wp_context); ++} ++ + static struct connman_wispr_portal_context *create_wispr_portal_context(void) + { +- return g_try_new0(struct connman_wispr_portal_context, 1); ++ return wispr_portal_context_ref( ++ g_new0(struct connman_wispr_portal_context, 1)); + } + + static void free_connman_wispr_portal(gpointer data) +@@ -215,8 +247,8 @@ static void free_connman_wispr_portal(gpointer data) + if (!wispr_portal) + return; + +- free_connman_wispr_portal_context(wispr_portal->ipv4_context); +- free_connman_wispr_portal_context(wispr_portal->ipv6_context); ++ wispr_portal_context_unref(wispr_portal->ipv4_context); ++ wispr_portal_context_unref(wispr_portal->ipv6_context); + + g_free(wispr_portal); + } +@@ -452,7 +484,7 @@ static void portal_manage_status(GWebResult *result, + connman_info("Client-Timezone: %s", str); + + if (!enable_online_to_ready_transition) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); +@@ -616,7 +648,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service, + return; + } + +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + +@@ -952,7 +984,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context) + + if (wp_context->token == 0) { + err = -EINVAL; +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + } + } else if (wp_context->timeout == 0) { + wp_context->timeout = g_idle_add(no_proxy_callback, wp_context); +@@ -1001,7 +1033,7 @@ int __connman_wispr_start(struct connman_service *service, + + /* If there is already an existing context, we wipe it */ + if (wp_context) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + wp_context = create_wispr_portal_context(); + if (!wp_context) +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch new file mode 100644 index 0000000000..56f8fc82de --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch @@ -0,0 +1,174 @@ +From 416bfaff988882c553c672e5bfc2d4f648d29e8a Mon Sep 17 00:00:00 2001 +From: Daniel Wagner <wagi@monom.org> +Date: Tue, 5 Jul 2022 09:11:09 +0200 +Subject: wispr: Update portal context references + +Maintain proper portal context references to avoid UAF. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/wispr.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index bde7e63b..84bed33f 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -105,8 +105,6 @@ static bool enable_online_to_ready_transition = false; + + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { +- DBG(""); +- + msg->has_error = false; + msg->current_element = NULL; + +@@ -166,8 +164,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context) + static void free_connman_wispr_portal_context( + struct connman_wispr_portal_context *wp_context) + { +- DBG("context %p", wp_context); +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -483,9 +479,6 @@ static void portal_manage_status(GWebResult *result, + &str)) + connman_info("Client-Timezone: %s", str); + +- if (!enable_online_to_ready_transition) +- wispr_portal_context_unref(wp_context); +- + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); + +@@ -546,14 +539,17 @@ static void wispr_portal_request_portal( + { + DBG(""); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + wp_context->status_url, + wispr_portal_web_result, + wispr_route_request, + wp_context); + +- if (wp_context->request_id == 0) ++ if (wp_context->request_id == 0) { + wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); ++ } + } + + static bool wispr_input(const guint8 **data, gsize *length, +@@ -618,13 +614,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service, + return; + + if (!authentication_done) { +- wispr_portal_error(wp_context); + free_wispr_routes(wp_context); ++ wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + + /* Restarting the test */ + __connman_service_wispr_start(service, wp_context->type); ++ wispr_portal_context_unref(wp_context); + } + + static void wispr_portal_request_wispr_login(struct connman_service *service, +@@ -700,11 +698,13 @@ static bool wispr_manage_message(GWebResult *result, + + wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN; + ++ wispr_portal_context_ref(wp_context); + if (__connman_agent_request_login_input(wp_context->service, + wispr_portal_request_wispr_login, +- wp_context) != -EINPROGRESS) ++ wp_context) != -EINPROGRESS) { + wispr_portal_error(wp_context); +- else ++ wispr_portal_context_unref(wp_context); ++ } else + return true; + + break; +@@ -753,6 +753,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (length > 0) { + g_web_parser_feed_data(wp_context->wispr_parser, + chunk, length); ++ wispr_portal_context_unref(wp_context); + return true; + } + +@@ -770,6 +771,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + switch (status) { + case 000: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -781,11 +783,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (g_web_result_get_header(result, "X-ConnMan-Status", + &str)) { + portal_manage_status(result, wp_context); ++ wispr_portal_context_unref(wp_context); + return false; +- } else ++ } else { ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->redirect_url, wp_context); ++ } + + break; + case 300: +@@ -798,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + !g_web_result_get_header(result, "Location", + &redirect)) { + ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -808,6 +814,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + wp_context->redirect_url = g_strdup(redirect); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + redirect, wispr_portal_web_result, + wispr_route_request, wp_context); +@@ -820,6 +827,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + break; + case 505: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -832,6 +840,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + wp_context->request_id = 0; + done: + wp_context->wispr_msg.message_type = -1; ++ wispr_portal_context_unref(wp_context); + return false; + } + +@@ -890,6 +899,7 @@ static void proxy_callback(const char *proxy, void *user_data) + xml_wispr_parser_callback, wp_context); + + wispr_portal_request_portal(wp_context); ++ wispr_portal_context_unref(wp_context); + } + + static gboolean no_proxy_callback(gpointer user_data) +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.41.bb index 736b78eaeb..79542b2175 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.41.bb @@ -5,6 +5,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ file://connman \ file://no-version-scripts.patch \ + file://CVE-2022-32293_p1.patch \ + file://CVE-2022-32293_p2.patch \ + file://CVE-2022-32292.patch \ " SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch new file mode 100644 index 0000000000..54040ad74c --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch @@ -0,0 +1,54 @@ +From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001 +From: Erik Auerswald <auerswal@unix-ag.uni-kl.de> +Date: Sat, 3 Sep 2022 16:58:16 +0200 +Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt + +Fix telnetd crash if the first two bytes of a new connection +are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). + +The problem was reported in: +<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>. + +* NEWS: Mention fix. +* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and +zero slctab[SLC_EL].sptr. + +CVE: CVE-2022-39028 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f] +Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> +--- + telnetd/state.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/telnetd/state.c b/telnetd/state.c +index ffc6cba..c2d760f 100644 +--- a/telnetd/state.c ++++ b/telnetd/state.c +@@ -312,15 +312,21 @@ telrcv (void) + case EC: + case EL: + { +- cc_t ch; ++ cc_t ch = (cc_t) (_POSIX_VDISABLE); + + DEBUG (debug_options, 1, printoption ("td: recv IAC", c)); + ptyflush (); /* half-hearted */ + init_termbuf (); + if (c == EC) +- ch = *slctab[SLC_EC].sptr; ++ { ++ if (slctab[SLC_EC].sptr) ++ ch = *slctab[SLC_EC].sptr; ++ } + else +- ch = *slctab[SLC_EL].sptr; ++ { ++ if (slctab[SLC_EL].sptr) ++ ch = *slctab[SLC_EL].sptr; ++ } + if (ch != (cc_t) (_POSIX_VDISABLE)) + pty_output_byte ((unsigned char) ch); + break; +-- +2.37.3 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index 6c9a299b71..d8062e2b21 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ + file://CVE-2022-39028.patch \ " inherit autotools gettext update-alternatives texinfo diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index e6f216e5cb..2cc92b7b47 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "3d5c8d0f7e0264768a2c000d0fd4b4d4a991e041" -PV = "20220511" +SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5" +PV = "20220725" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" diff --git a/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch b/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch new file mode 100644 index 0000000000..985e2bf1d9 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch @@ -0,0 +1,128 @@ +From d432049f288c9acdc4a7caa729c68ceba3c5dca1 Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen <aaro.koskinen@nokia.com> +Date: Thu, 25 Aug 2022 18:47:02 +0300 +Subject: [PATCH] devmem: add 128-bit width + +Add 128-bit width if the compiler provides the needed type. + +function old new delta +devmem_main 405 464 +59 +.rodata 109025 109043 +18 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 77/0) Total: 77 bytes + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d432049f288c9acdc4a7caa729c68ceba3c5dca1] + +Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com> +Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + miscutils/devmem.c | 68 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 44 insertions(+), 24 deletions(-) + +diff --git a/miscutils/devmem.c b/miscutils/devmem.c +index f9f0276bc..f21621bd6 100644 +--- a/miscutils/devmem.c ++++ b/miscutils/devmem.c +@@ -29,7 +29,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + { + void *map_base, *virt_addr; + uint64_t read_result; +- uint64_t writeval = writeval; /* for compiler */ + off_t target; + unsigned page_size, mapped_size, offset_in_page; + int fd; +@@ -64,9 +63,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + width = strchrnul(bhwl, (argv[2][0] | 0x20)) - bhwl; + width = sizes[width]; + } +- /* VALUE */ +- if (argv[3]) +- writeval = bb_strtoull(argv[3], NULL, 0); + } else { /* argv[2] == NULL */ + /* make argv[3] to be a valid thing to fetch */ + argv--; +@@ -96,28 +92,46 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + virt_addr = (char*)map_base + offset_in_page; + + if (!argv[3]) { +- switch (width) { +- case 8: +- read_result = *(volatile uint8_t*)virt_addr; +- break; +- case 16: +- read_result = *(volatile uint16_t*)virt_addr; +- break; +- case 32: +- read_result = *(volatile uint32_t*)virt_addr; +- break; +- case 64: +- read_result = *(volatile uint64_t*)virt_addr; +- break; +- default: +- bb_simple_error_msg_and_die("bad width"); ++#ifdef __SIZEOF_INT128__ ++ if (width == 128) { ++ unsigned __int128 rd = ++ *(volatile unsigned __int128 *)virt_addr; ++ printf("0x%016llX%016llX\n", ++ (unsigned long long)(uint64_t)(rd >> 64), ++ (unsigned long long)(uint64_t)rd ++ ); ++ } else ++#endif ++ { ++ switch (width) { ++ case 8: ++ read_result = *(volatile uint8_t*)virt_addr; ++ break; ++ case 16: ++ read_result = *(volatile uint16_t*)virt_addr; ++ break; ++ case 32: ++ read_result = *(volatile uint32_t*)virt_addr; ++ break; ++ case 64: ++ read_result = *(volatile uint64_t*)virt_addr; ++ break; ++ default: ++ bb_simple_error_msg_and_die("bad width"); ++ } ++// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", ++// target, virt_addr, ++// (unsigned long long)read_result); ++ /* Zero-padded output shows the width of access just done */ ++ printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } +-// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", +-// target, virt_addr, +-// (unsigned long long)read_result); +- /* Zero-padded output shows the width of access just done */ +- printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } else { ++ /* parse VALUE */ ++#ifdef __SIZEOF_INT128__ ++ unsigned __int128 writeval = strtoumax(argv[3], NULL, 0); ++#else ++ uint64_t writeval = bb_strtoull(argv[3], NULL, 0); ++#endif + switch (width) { + case 8: + *(volatile uint8_t*)virt_addr = writeval; +@@ -135,6 +149,12 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + *(volatile uint64_t*)virt_addr = writeval; + // read_result = *(volatile uint64_t*)virt_addr; + break; ++#ifdef __SIZEOF_INT128__ ++ case 128: ++ *(volatile unsigned __int128 *)virt_addr = writeval; ++// read_result = *(volatile uint64_t*)virt_addr; ++ break; ++#endif + default: + bb_simple_error_msg_and_die("bad width"); + } +-- +2.25.1 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.35.0.bb b/poky/meta/recipes-core/busybox/busybox_1.35.0.bb index edf896485e..e9ca6fdb1a 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.35.0.bb @@ -50,6 +50,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ file://CVE-2022-30065.patch \ + file://0001-devmem-add-128-bit-width.patch \ " SRC_URI:append:libc-musl = " file://musl.cfg " diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.0.bb b/poky/meta/recipes-core/coreutils/coreutils_9.0.bb index 865cffd4cd..8a2fbeca32 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.0.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.0.bb @@ -49,6 +49,7 @@ PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl," PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" +PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl" # [ df mktemp nice printenv base64 gets a special treatment and is not included in this bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \ diff --git a/poky/meta/recipes-core/ell/ell_0.49.bb b/poky/meta/recipes-core/ell/ell_0.50.bb index 9edd6fc92a..243ac01530 100644 --- a/poky/meta/recipes-core/ell/ell_0.49.bb +++ b/poky/meta/recipes-core/ell/ell_0.50.bb @@ -16,7 +16,7 @@ inherit autotools pkgconfig SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "a7ff8ecbc76b187d942dd22b61cb489711400897c790319ffb7e944791687c3f" +SRC_URI[sha256sum] = "0fe51d51c6eddc2a2784092f1dfdd1143a5ef27f15c274ecfbadd680d3a72fd9" do_configure:prepend () { mkdir -p ${S}/build-aux diff --git a/poky/meta/recipes-core/expat/expat_2.4.7.bb b/poky/meta/recipes-core/expat/expat_2.4.9.bb index bf1ca8d56e..cb007708c7 100644 --- a/poky/meta/recipes-core/expat/expat_2.4.7.bb +++ b/poky/meta/recipes-core/expat/expat_2.4.9.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/libexpat/libexpat" SECTION = "libs" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=9e2ce3b3c4c0f2670883a23bbd7c37a9" +LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb" VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" @@ -14,7 +14,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" -SRC_URI[sha256sum] = "e149bdd8b90254c62b3d195da53a09bd531a4d63a963b0d8a5268d48dd2f6a65" +SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb index 41f18d1c48..746d1bc39c 100644 --- a/poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb +++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS = "glib-2.0" -SRC_URI[archive.sha256sum] = "6fc1bedc8062484dc8a0204965995ef2367c3db5c934058ff1607e5a24d95a74" +SRC_URI[archive.sha256sum] = "cd2a084c7bb91d78e849fb55d40e472f6d8f6862cddc9f12c39149359ba18268" PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" diff --git a/poky/meta/recipes-core/glibc/glibc-locale.inc b/poky/meta/recipes-core/glibc/glibc-locale.inc index b8de7d3192..7c14abfe99 100644 --- a/poky/meta/recipes-core/glibc/glibc-locale.inc +++ b/poky/meta/recipes-core/glibc/glibc-locale.inc @@ -87,10 +87,9 @@ do_install() { if [ ${PACKAGE_NO_GCONV} -eq 0 ]; then copy_locale_files ${libdir}/gconv 0755 copy_locale_files ${datadir}/i18n 0644 - else - # Remove the libdir if it is empty when gconv is not copied - find ${D}${libdir} -type d -empty -delete fi + # Remove empty dirs in libdir when gconv or locales are not copied + find ${D}${libdir} -type d -empty -delete copy_locale_files ${datadir}/locale 0644 install -m 0644 ${LOCALETREESRC}/SUPPORTED ${WORKDIR}/SUPPORTED } diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb index 96d0569ff6..97d5dc29a3 100644 --- a/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb +++ b/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb @@ -4,7 +4,7 @@ require glibc-tests.inc inherit ptest features_check REQUIRED_DISTRO_FEATURES = "ptest" -SRC_URI:append = " \ +SRC_URI += " \ file://reproducible-paths.patch \ file://run-ptest \ " @@ -30,7 +30,7 @@ python __anonymous() { RPROVIDES:${PN} = "${PN}" RRECOMMENDS:${PN} = "" RDEPENDS:${PN} = " glibc sed" -DEPENDS:append = " sed" +DEPENDS += "sed" export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index ccb41e5af6..d3cea19f9c 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "0e5b239f45992e4b54c6f946ecb0c410afc8bb08" +SRCREV_glibc ?= "f8ad66a4cab14ed294bf50e7a9eddb73da6cf307" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 7acdd8c2ef..61a9cd4aa3 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "60171200800c62820c9275b50c703e53ed6e7b28" +SRCREV ?= "d64bef1c7d713b92a51228e5ade945835e5a94a4" SRC_URI = "git://git.yoctoproject.org/poky;branch=kirkstone \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch b/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch new file mode 100644 index 0000000000..c6567ac878 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch @@ -0,0 +1,814 @@ +From 2c20198b1ddb1bfb47269b8caf929ffb83748f78 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 21 Apr 2022 00:45:58 +0200 +Subject: [PATCH] Port gentest.py to Python 3 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb] + +* fixes: + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 11 + print "libxml2 python bindings not available, skipping testapi.c generation" + ^ +SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")? +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 271 + return 1 + ^ +TabError: inconsistent use of tabs and spaces in indentation +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +aarch64-oe-linux-gcc: error: testapi.c: No such file or directory +aarch64-oe-linux-gcc: fatal error: no input files +compilation terminated. +make[1]: *** [Makefile:1275: testapi.o] Error 1 + +But there is still a bit mystery why it worked before, because check-am +calls gentest.py with $(PYTHON), so it ignores the shebang in the script +and libxml2 is using python3native (through python3targetconfig.bbclass) +so something like: + +libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py + +But that still fails (now without SyntaxError) with: +libxml2 python bindings not available, skipping testapi.c generation + +because we don't have dependency on libxml2-native (to provide libxml2 +python bindings form python3native) and exported PYTHON_SITE_PACKAGES +might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10 +which uses python 3.10 and there is no site-packages with libxml2) + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +--- + gentest.py | 421 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 209 insertions(+), 212 deletions(-) + +diff --git a/gentest.py b/gentest.py +index b6cd866..af15a4f 100755 +--- a/gentest.py ++++ b/gentest.py +@@ -8,7 +8,7 @@ import string + try: + import libxml2 + except: +- print "libxml2 python bindings not available, skipping testapi.c generation" ++ print("libxml2 python bindings not available, skipping testapi.c generation") + sys.exit(0) + + if len(sys.argv) > 1: +@@ -227,7 +227,7 @@ extra_post_call = { + if (old != NULL) { + xmlUnlinkNode(old); + xmlFreeNode(old) ; old = NULL ; } +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlTextMerge": + """if ((first != NULL) && (first->type != XML_TEXT_NODE)) { + xmlUnlinkNode(second); +@@ -236,7 +236,7 @@ extra_post_call = { + """if ((ret_val != NULL) && (ret_val != ncname) && + (ret_val != prefix) && (ret_val != memory)) + xmlFree(ret_val); +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlNewDocElementContent": + """xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""", + "xmlDictReference": "xmlDictFree(dict);", +@@ -268,29 +268,29 @@ modules = [] + def is_skipped_module(name): + for mod in skipped_modules: + if mod == name: +- return 1 ++ return 1 + return 0 + + def is_skipped_function(name): + for fun in skipped_functions: + if fun == name: +- return 1 ++ return 1 + # Do not test destructors +- if string.find(name, 'Free') != -1: ++ if name.find('Free') != -1: + return 1 + return 0 + + def is_skipped_memcheck(name): + for fun in skipped_memcheck: + if fun == name: +- return 1 ++ return 1 + return 0 + + missing_types = {} + def add_missing_type(name, func): + try: + list = missing_types[name] +- list.append(func) ++ list.append(func) + except: + missing_types[name] = [func] + +@@ -310,7 +310,7 @@ def add_missing_functions(name, module): + missing_functions_nr = missing_functions_nr + 1 + try: + list = missing_functions[module] +- list.append(name) ++ list.append(name) + except: + missing_functions[module] = [name] + +@@ -319,45 +319,45 @@ def add_missing_functions(name, module): + # + + def type_convert(str, name, info, module, function, pos): +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +- res = string.replace(str, " *", "_ptr") +-# res = string.replace(str, "*", "_ptr") +- res = string.replace(res, " ", "_") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++ res = str.replace(" *", "_ptr") ++# res = str.replace("*", "_ptr") ++ res = res.replace(" ", "_") + if res == 'const_char_ptr': +- if string.find(name, "file") != -1 or \ +- string.find(name, "uri") != -1 or \ +- string.find(name, "URI") != -1 or \ +- string.find(info, "filename") != -1 or \ +- string.find(info, "URI") != -1 or \ +- string.find(info, "URL") != -1: +- if string.find(function, "Save") != -1 or \ +- string.find(function, "Create") != -1 or \ +- string.find(function, "Write") != -1 or \ +- string.find(function, "Fetch") != -1: +- return('fileoutput') +- return('filepath') ++ if name.find("file") != -1 or \ ++ name.find("uri") != -1 or \ ++ name.find("URI") != -1 or \ ++ info.find("filename") != -1 or \ ++ info.find("URI") != -1 or \ ++ info.find("URL") != -1: ++ if function.find("Save") != -1 or \ ++ function.find("Create") != -1 or \ ++ function.find("Write") != -1 or \ ++ function.find("Fetch") != -1: ++ return('fileoutput') ++ return('filepath') + if res == 'void_ptr': + if module == 'nanoftp' and name == 'ctx': +- return('xmlNanoFTPCtxtPtr') ++ return('xmlNanoFTPCtxtPtr') + if function == 'xmlNanoFTPNewCtxt' or \ +- function == 'xmlNanoFTPConnectTo' or \ +- function == 'xmlNanoFTPOpen': +- return('xmlNanoFTPCtxtPtr') ++ function == 'xmlNanoFTPConnectTo' or \ ++ function == 'xmlNanoFTPOpen': ++ return('xmlNanoFTPCtxtPtr') + if module == 'nanohttp' and name == 'ctx': +- return('xmlNanoHTTPCtxtPtr') +- if function == 'xmlNanoHTTPMethod' or \ +- function == 'xmlNanoHTTPMethodRedir' or \ +- function == 'xmlNanoHTTPOpen' or \ +- function == 'xmlNanoHTTPOpenRedir': +- return('xmlNanoHTTPCtxtPtr'); ++ return('xmlNanoHTTPCtxtPtr') ++ if function == 'xmlNanoHTTPMethod' or \ ++ function == 'xmlNanoHTTPMethodRedir' or \ ++ function == 'xmlNanoHTTPOpen' or \ ++ function == 'xmlNanoHTTPOpenRedir': ++ return('xmlNanoHTTPCtxtPtr'); + if function == 'xmlIOHTTPOpen': +- return('xmlNanoHTTPCtxtPtr') +- if string.find(name, "data") != -1: +- return('userdata') +- if string.find(name, "user") != -1: +- return('userdata') ++ return('xmlNanoHTTPCtxtPtr') ++ if name.find("data") != -1: ++ return('userdata') ++ if name.find("user") != -1: ++ return('userdata') + if res == 'xmlDoc_ptr': + res = 'xmlDocPtr' + if res == 'xmlNode_ptr': +@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos): + res = 'xmlDictPtr' + if res == 'xmlNodePtr' and pos != 0: + if (function == 'xmlAddChild' and pos == 2) or \ +- (function == 'xmlAddChildList' and pos == 2) or \ ++ (function == 'xmlAddChildList' and pos == 2) or \ + (function == 'xmlAddNextSibling' and pos == 2) or \ + (function == 'xmlAddSibling' and pos == 2) or \ + (function == 'xmlDocSetRootElement' and pos == 2) or \ + (function == 'xmlReplaceNode' and pos == 2) or \ + (function == 'xmlTextMerge') or \ +- (function == 'xmlAddPrevSibling' and pos == 2): +- return('xmlNodePtr_in'); ++ (function == 'xmlAddPrevSibling' and pos == 2): ++ return('xmlNodePtr_in'); + if res == 'const xmlBufferPtr': + res = 'xmlBufferPtr' + if res == 'xmlChar_ptr' and name == 'name' and \ +- string.find(function, "EatName") != -1: ++ function.find("EatName") != -1: + return('eaten_name') + if res == 'void_ptr*': + res = 'void_ptr_ptr' +@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos): + res = 'debug_FILE_ptr'; + if res == 'int' and name == 'options': + if module == 'parser' or module == 'xmlreader': +- res = 'parseroptions' ++ res = 'parseroptions' + + return res + +@@ -402,28 +402,28 @@ known_param_types = [] + def is_known_param_type(name): + for type in known_param_types: + if type == name: +- return 1 ++ return 1 + return name[-3:] == 'Ptr' or name[-4:] == '_ptr' + + def generate_param_type(name, rtype): + global test + for type in known_param_types: + if type == name: +- return ++ return + for type in generated_param_types: + if type == name: +- return ++ return + + if name[-3:] == 'Ptr' or name[-4:] == '_ptr': + if rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype ++ crtype = rtype[6:] ++ else: ++ crtype = rtype + + define = 0 +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write(""" + #define gen_nb_%s 1 + static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { +@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR + } + """ % (name, crtype, name, name, rtype)) + if define == 1: +- test.write("#endif\n\n") ++ test.write("#endif\n\n") + add_generated_param_type(name) + + # +@@ -445,7 +445,7 @@ known_return_types = [] + def is_known_return_type(name): + for type in known_return_types: + if type == name: +- return 1 ++ return 1 + return 0 + + # +@@ -471,7 +471,7 @@ def compare_and_save(): + try: + os.system("rm testapi.c; mv testapi.c.new testapi.c") + except: +- os.system("mv testapi.c.new testapi.c") ++ os.system("mv testapi.c.new testapi.c") + print("Updated testapi.c") + else: + print("Generated testapi.c is identical") +@@ -481,17 +481,17 @@ while line != "": + if line == "/* CUT HERE: everything below that line is generated */\n": + break; + if line[0:15] == "#define gen_nb_": +- type = string.split(line[15:])[0] +- known_param_types.append(type) ++ type = line[15:].split()[0] ++ known_param_types.append(type) + if line[0:19] == "static void desret_": +- type = string.split(line[19:], '(')[0] +- known_return_types.append(type) ++ type = line[19:].split('(')[0] ++ known_return_types.append(type) + test.write(line) + line = input.readline() + input.close() + + if line == "": +- print "Could not find the CUT marker in testapi.c skipping generation" ++ print("Could not find the CUT marker in testapi.c skipping generation") + test.close() + sys.exit(0) + +@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n") + # + doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0) + if doc == None: +- print "Failed to load doc/libxml2-api.xml" ++ print("Failed to load doc/libxml2-api.xml") + sys.exit(1) + ctxt = doc.xpathNewContext() + +@@ -519,9 +519,9 @@ for arg in args: + mod = arg.xpathEval('string(../@file)') + func = arg.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): +- type = arg.xpathEval('string(@type)') +- if not argtypes.has_key(type): +- argtypes[type] = func ++ type = arg.xpathEval('string(@type)') ++ if type not in argtypes: ++ argtypes[type] = func + + # similarly for return types + rettypes = {} +@@ -531,8 +531,8 @@ for ret in rets: + func = ret.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): + type = ret.xpathEval('string(@type)') +- if not rettypes.has_key(type): +- rettypes[type] = func ++ if type not in rettypes: ++ rettypes[type] = func + + # + # Generate constructors and return type handling for all enums +@@ -549,49 +549,49 @@ for enum in enums: + continue; + define = 0 + +- if argtypes.has_key(name) and is_known_param_type(name) == 0: +- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) +- i = 0 +- vals = [] +- for value in values: +- vname = value.xpathEval('string(@name)') +- if vname == None: +- continue; +- i = i + 1 +- if i >= 5: +- break; +- vals.append(vname) +- if vals == []: +- print "Didn't find any value for enum %s" % (name) +- continue +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 +- test.write("#define gen_nb_%s %d\n" % (name, len(vals))) +- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % +- (name, name)) +- i = 1 +- for value in vals: +- test.write(" if (no == %d) return(%s);\n" % (i, value)) +- i = i + 1 +- test.write(""" return(0); ++ if (name in argtypes) and is_known_param_type(name) == 0: ++ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) ++ i = 0 ++ vals = [] ++ for value in values: ++ vname = value.xpathEval('string(@name)') ++ if vname == None: ++ continue; ++ i = i + 1 ++ if i >= 5: ++ break; ++ vals.append(vname) ++ if vals == []: ++ print("Didn't find any value for enum %s" % (name)) ++ continue ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 ++ test.write("#define gen_nb_%s %d\n" % (name, len(vals))) ++ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % ++ (name, name)) ++ i = 1 ++ for value in vals: ++ test.write(" if (no == %d) return(%s);\n" % (i, value)) ++ i = i + 1 ++ test.write(""" return(0); + } + + static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { + } + + """ % (name, name)); +- known_param_types.append(name) ++ known_param_types.append(name) + + if (is_known_return_type(name) == 0) and (name in rettypes): +- if define == 0 and modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if define == 0 and (module in modules_defines): ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) { + } + + """ % (name, name)) +- known_return_types.append(name) ++ known_return_types.append(name) + if define == 1: + test.write("#endif\n\n") + +@@ -615,9 +615,9 @@ for file in headers: + # do not test deprecated APIs + # + desc = file.xpathEval('string(description)') +- if string.find(desc, 'DEPRECATED') != -1: +- print "Skipping deprecated interface %s" % name +- continue; ++ if desc.find('DEPRECATED') != -1: ++ print("Skipping deprecated interface %s" % name) ++ continue; + + test.write("#include <libxml/%s.h>\n" % name) + modules.append(name) +@@ -679,7 +679,7 @@ def generate_test(module, node): + # and store the information for the generation + # + try: +- args = node.xpathEval("arg") ++ args = node.xpathEval("arg") + except: + args = [] + t_args = [] +@@ -687,37 +687,37 @@ def generate_test(module, node): + for arg in args: + n = n + 1 + rtype = arg.xpathEval("string(@type)") +- if rtype == 'void': +- break; +- info = arg.xpathEval("string(@info)") +- nam = arg.xpathEval("string(@name)") ++ if rtype == 'void': ++ break; ++ info = arg.xpathEval("string(@info)") ++ nam = arg.xpathEval("string(@name)") + type = type_convert(rtype, nam, info, module, name, n) +- if is_known_param_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 ++ if is_known_param_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 + if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \ +- rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype +- t_args.append((nam, type, rtype, crtype, info)) ++ rtype[0:6] == 'const ': ++ crtype = rtype[6:] ++ else: ++ crtype = rtype ++ t_args.append((nam, type, rtype, crtype, info)) + + try: +- rets = node.xpathEval("return") ++ rets = node.xpathEval("return") + except: + rets = [] + t_ret = None + for ret in rets: + rtype = ret.xpathEval("string(@type)") +- info = ret.xpathEval("string(@info)") ++ info = ret.xpathEval("string(@info)") + type = type_convert(rtype, 'return', info, module, name, 0) +- if rtype == 'void': +- break +- if is_known_return_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 +- t_ret = (type, rtype, info) +- break ++ if rtype == 'void': ++ break ++ if is_known_return_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 ++ t_ret = (type, rtype, info) ++ break + + if no_gen == 0: + for t_arg in t_args: +@@ -733,7 +733,7 @@ test_%s(void) { + + if no_gen == 1: + add_missing_functions(name, module) +- test.write(""" ++ test.write(""" + /* missing type support */ + return(test_ret); + } +@@ -742,22 +742,22 @@ test_%s(void) { + return + + try: +- conds = node.xpathEval("cond") +- for cond in conds: +- test.write("#if %s\n" % (cond.get_content())) +- nb_cond = nb_cond + 1 ++ conds = node.xpathEval("cond") ++ for cond in conds: ++ test.write("#if %s\n" % (cond.get_content())) ++ nb_cond = nb_cond + 1 + except: + pass + + define = 0 +- if function_defines.has_key(name): ++ if name in function_defines: + test.write("#ifdef %s\n" % (function_defines[name])) +- define = 1 ++ define = 1 + + # Declare the memory usage counter + no_mem = is_skipped_memcheck(name) + if no_mem == 0: +- test.write(" int mem_base;\n"); ++ test.write(" int mem_base;\n"); + + # Declare the return value + if t_ret != None: +@@ -766,29 +766,29 @@ test_%s(void) { + # Declare the arguments + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # add declaration +- test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) +- test.write(" int n_%s;\n" % (nam)) ++ # add declaration ++ test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) ++ test.write(" int n_%s;\n" % (nam)) + test.write("\n") + + # Cascade loop on of each argument list of values + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( +- nam, nam, type, nam)) ++ # ++ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( ++ nam, nam, type, nam)) + + # log the memory usage + if no_mem == 0: +- test.write(" mem_base = xmlMemBlocks();\n"); ++ test.write(" mem_base = xmlMemBlocks();\n"); + + # prepare the call + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) +- i = i + 1; ++ # ++ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) ++ i = i + 1; + + # add checks to avoid out-of-bounds array access + i = 0; +@@ -797,7 +797,7 @@ test_%s(void) { + # assume that "size", "len", and "start" parameters apply to either + # the nearest preceding or following char pointer + if type == "int" and (nam == "size" or nam == "len" or nam == "start"): +- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)): ++ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))): + (bnam, btype) = t_args[j][:2] + if btype == "const_char_ptr" or btype == "const_xmlChar_ptr": + test.write( +@@ -806,42 +806,42 @@ test_%s(void) { + " continue;\n" + % (bnam, nam, bnam)) + break +- i = i + 1; ++ i = i + 1; + + # do the call, and clanup the result +- if extra_pre_call.has_key(name): +- test.write(" %s\n"% (extra_pre_call[name])) ++ if name in extra_pre_call: ++ test.write(" %s\n"% (extra_pre_call[name])) + if t_ret != None: +- test.write("\n ret_val = %s(" % (name)) +- need = 0 +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam); +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) +- test.write(" desret_%s(ret_val);\n" % t_ret[0]) ++ test.write("\n ret_val = %s(" % (name)) ++ need = 0 ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam); ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) ++ test.write(" desret_%s(ret_val);\n" % t_ret[0]) + else: +- test.write("\n %s(" % (name)); +- need = 0; +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam) +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) ++ test.write("\n %s(" % (name)); ++ need = 0; ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam) ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) + + test.write(" call_tests++;\n"); + +@@ -849,32 +849,32 @@ test_%s(void) { + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # This is a hack to prevent generating a destructor for the +- # 'input' argument in xmlTextReaderSetup. There should be +- # a better, more generic way to do this! +- if string.find(info, 'destroy') == -1: +- test.write(" des_%s(n_%s, " % (type, nam)) +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s, %d);\n" % (nam, i)) +- i = i + 1; ++ # This is a hack to prevent generating a destructor for the ++ # 'input' argument in xmlTextReaderSetup. There should be ++ # a better, more generic way to do this! ++ if info.find('destroy') == -1: ++ test.write(" des_%s(n_%s, " % (type, nam)) ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s, %d);\n" % (nam, i)) ++ i = i + 1; + + test.write(" xmlResetLastError();\n"); + # Check the memory usage + if no_mem == 0: +- test.write(""" if (mem_base != xmlMemBlocks()) { ++ test.write(""" if (mem_base != xmlMemBlocks()) { + printf("Leak of %%d blocks found in %s", +- xmlMemBlocks() - mem_base); +- test_ret++; ++\t xmlMemBlocks() - mem_base); ++\t test_ret++; + """ % (name)); +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- test.write(""" printf(" %%d", n_%s);\n""" % (nam)) +- test.write(""" printf("\\n");\n""") +- test.write(" }\n") ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ test.write(""" printf(" %%d", n_%s);\n""" % (nam)) ++ test.write(""" printf("\\n");\n""") ++ test.write(" }\n") + + for arg in t_args: +- test.write(" }\n") ++ test.write(" }\n") + + test.write(" function_tests++;\n") + # +@@ -882,7 +882,7 @@ test_%s(void) { + # + while nb_cond > 0: + test.write("#endif\n") +- nb_cond = nb_cond -1 ++ nb_cond = nb_cond -1 + if define == 1: + test.write("#endif\n") + +@@ -900,10 +900,10 @@ test_%s(void) { + for module in modules: + # gather all the functions exported by that module + try: +- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) ++ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) + except: +- print "Failed to gather functions from module %s" % (module) +- continue; ++ print("Failed to gather functions from module %s" % (module)) ++ continue; + + # iterate over all functions in the module generating the test + i = 0 +@@ -923,14 +923,14 @@ test_%s(void) { + # iterate over all functions in the module generating the call + for function in functions: + name = function.xpathEval('string(@name)') +- if is_skipped_function(name): +- continue +- test.write(" test_ret += test_%s();\n" % (name)) ++ if is_skipped_function(name): ++ continue ++ test.write(" test_ret += test_%s();\n" % (name)) + + # footer + test.write(""" + if (test_ret != 0) +- printf("Module %s: %%d errors\\n", test_ret); ++\tprintf("Module %s: %%d errors\\n", test_ret); + return(test_ret); + } + """ % (module)) +@@ -948,7 +948,7 @@ test.write(""" return(0); + } + """); + +-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests) ++print("Generated test for %d modules and %d functions" %(len(modules), nb_tests)) + + compare_and_save() + +@@ -960,11 +960,8 @@ for missing in missing_types.keys(): + n = len(missing_types[missing]) + missing_list.append((n, missing)) + +-def compare_missing(a, b): +- return b[0] - a[0] +- +-missing_list.sort(compare_missing) +-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)) ++missing_list.sort(key=lambda a: a[0]) ++print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))) + lst = open("missing.lst", "w") + lst.write("Missing support for %d types" % (len(missing_list))) + lst.write("\n") +@@ -974,9 +971,9 @@ for miss in missing_list: + for n in missing_types[miss[1]]: + i = i + 1 + if i > 5: +- lst.write(" ...") +- break +- lst.write(" %s" % (n)) ++ lst.write(" ...") ++ break ++ lst.write(" %s" % (n)) + lst.write("\n") + lst.write("\n") + lst.write("\n") diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb index 3081ebf92f..519985bbae 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -22,6 +22,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://fix-execution-of-ptests.patch \ file://remove-fuzz-from-ptests.patch \ file://libxml-m4-use-pkgconfig.patch \ + file://0001-Port-gentest.py-to-Python-3.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" @@ -29,6 +30,10 @@ SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c BINCONFIG = "${bindir}/xml2-config" +# Fixed since 2.9.11 via +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f +CVE_CHECK_IGNORE += "CVE-2016-3709" + PACKAGECONFIG ??= "python \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " @@ -78,6 +83,16 @@ do_configure:prepend () { } do_compile_ptest() { + # Make sure that testapi.c is newer than gentests.py, because + # with reproducible builds, they will both get e.g. Jan 1 1970 + # modification time from SOURCE_DATE_EPOCH and then check-am + # might try to rebuild_testapi, which will fail even with + # 0001-Port-gentest.py-to-Python-3.patch, because it needs + # libxml2 module (libxml2-native dependency and correctly + # set PYTHON_SITE_PACKAGES), it's easier to + # just rely on pre-generated testapi.c from the release + touch ${S}/testapi.c + oe_runmake check-am } diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 18af89b53e..944243fce9 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -66,9 +66,7 @@ python do_fetch() { # Connect to database conn = sqlite3.connect(db_file) - c = conn.cursor() - - initialize_db(c) + initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: total_years = date.today().year + 1 - YEAR_START @@ -98,19 +96,21 @@ python do_fetch() { return # Compare with current db last modified date - c.execute("select DATE from META where YEAR = ?", (year,)) - meta = c.fetchone() + cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) + meta = cursor.fetchone() + cursor.close() + if not meta or meta[0] != last_modified: bb.debug(2, "Updating entries") # Clear products table entries corresponding to current year - c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) + conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() # Update db with current year json file try: response = urllib.request.urlopen(json_url) if response: - update_db(c, gzip.decompress(response.read()).decode('utf-8')) - c.execute("insert or replace into META values (?, ?)", [year, last_modified]) + update_db(conn, gzip.decompress(response.read()).decode('utf-8')) + conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) @@ -129,21 +129,26 @@ do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" do_fetch[file-checksums] = "" do_fetch[vardeps] = "" -def initialize_db(c): - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") +def initialize_db(conn): + with conn: + c = conn.cursor() + + c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") + + c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ + SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ + VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ + VERSION_END TEXT, OPERATOR_END TEXT)") + c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") + c.close() -def parse_node_and_insert(c, node, cveId): +def parse_node_and_insert(conn, node, cveId): # Parse children node if needed for child in node.get('children', ()): - parse_node_and_insert(c, child, cveId) + parse_node_and_insert(conn, child, cveId) def cpe_generator(): for cpe in node.get('cpe_match', ()): @@ -200,9 +205,9 @@ def parse_node_and_insert(c, node, cveId): # Save processing by representing as -. yield [cveId, vendor, product, '-', '', '', ''] - c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) + conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() -def update_db(c, jsondata): +def update_db(conn, jsondata): import json root = json.loads(jsondata) @@ -226,12 +231,12 @@ def update_db(c, jsondata): accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 - c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]) + conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", + [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() configurations = elt['configurations']['nodes'] for config in configurations: - parse_node_and_insert(c, config, cveId) + parse_node_and_insert(conn, config, cveId) do_fetch[nostamp] = "1" diff --git a/poky/meta/recipes-core/meta/wic-tools.bb b/poky/meta/recipes-core/meta/wic-tools.bb index ba0916cb56..daaf3ea576 100644 --- a/poky/meta/recipes-core/meta/wic-tools.bb +++ b/poky/meta/recipes-core/meta/wic-tools.bb @@ -6,7 +6,8 @@ DEPENDS = "\ parted-native gptfdisk-native dosfstools-native \ mtools-native bmap-tools-native grub-native cdrtools-native \ btrfs-tools-native squashfs-tools-native pseudo-native \ - e2fsprogs-native util-linux-native tar-native\ + e2fsprogs-native util-linux-native tar-native \ + virtual/${TARGET_PREFIX}binutils \ " DEPENDS:append:x86 = " syslinux-native syslinux grub-efi systemd-boot" DEPENDS:append:x86-64 = " syslinux-native syslinux grub-efi systemd-boot" diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb index 9523aadd15..e62567894b 100644 --- a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb +++ b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb @@ -98,11 +98,14 @@ RDEPENDS:packagegroup-self-hosted-sdk:append:libc-glibc = "\ glibc-utils \ rpcsvc-proto \ " + +STRACE = "strace" +STRACE:riscv32 = "" RDEPENDS:packagegroup-self-hosted-debug = " \ gdb \ gdbserver \ rsync \ - strace \ + ${STRACE} \ tcf-agent" diff --git a/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf b/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf index 87cbe1e7d3..c4277221a2 100644 --- a/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf +++ b/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf @@ -3,5 +3,6 @@ # inside /var/log. +d /run/lock 1777 - - - d /var/volatile/log - - - - d /var/volatile/tmp 1777 - - diff --git a/poky/meta/recipes-core/systemd/systemd_250.5.bb b/poky/meta/recipes-core/systemd/systemd_250.5.bb index 9923312830..5d568f639e 100644 --- a/poky/meta/recipes-core/systemd/systemd_250.5.bb +++ b/poky/meta/recipes-core/systemd/systemd_250.5.bb @@ -165,6 +165,7 @@ PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native xmlto-native do PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" +PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty index 699a1ead1a..3c31a95f7f 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty +++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty @@ -14,4 +14,7 @@ esac if [ -e /sys/class/tty/$2 -a -c /dev/$2 ]; then ${setsid:-} ${getty} -L $1 $2 $3 +else + # Prevent respawning to fast error if /dev entry does not exist + sleep 1000 fi diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb b/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb index b39020884f..f6d3ea2bc1 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb @@ -69,7 +69,7 @@ EXTRA_OECONF = "\ --enable-libuuid --enable-libblkid \ \ --enable-fsck --enable-kill --enable-last --enable-mesg \ - --enable-mount --enable-partx --enable-raw --enable-rfkill \ + --enable-mount --enable-partx --enable-rfkill \ --enable-unshare --enable-write \ \ --disable-bfs --disable-login \ diff --git a/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch b/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch new file mode 100644 index 0000000000..d29e6e0f1f --- /dev/null +++ b/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch @@ -0,0 +1,44 @@ +From 8617d83d6939754ae3a04fc2d22daa18eeea2a43 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Wed, 17 Aug 2022 10:15:57 +0530 +Subject: [PATCH] CVE-2022-37434 + +Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] +CVE: CVE-2022-37434 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +Fix a bug when getting a gzip header extra field with inflate(). + +If the extra field was larger than the space the user provided with +inflateGetHeader(), and if multiple calls of inflate() delivered +the extra header data, then there could be a buffer overflow of the +provided space. This commit assures that provided space is not +exceeded. + + Fix extra field processing bug that dereferences NULL state->head. + +The recent commit to fix a gzip header extra field processing bug +introduced the new bug fixed here. +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index ac333e8..cd01857 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -759,8 +759,9 @@ int flush; + if (copy > have) copy = have; + if (copy) { + if (state->head != Z_NULL && +- state->head->extra != Z_NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != Z_NULL && ++ (len = state->head->extra_len - state->length) < ++ state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); +-- +2.25.1 + diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.11.bb b/poky/meta/recipes-core/zlib/zlib_1.2.11.bb index f8bcc0abcf..f768b41988 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://CVE-2018-25032.patch \ file://run-ptest \ + file://CVE-2022-37434.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb index 95c25e3036..b5ada2ef55 100644 --- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb +++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -132,5 +132,5 @@ do_install:append:class-target() { do_install:append() { # Avoid non-reproducible -src package - sed -i -e "s,${B},,g" ${B}/apt-pkg/tagfile-keys.cc + sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc } diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch b/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch new file mode 100644 index 0000000000..4f15bf96c3 --- /dev/null +++ b/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch @@ -0,0 +1,138 @@ +From 7a3bbca81b803ba116b83c82de378e840cc35f81 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Thu, 1 Sep 2022 16:19:50 -0500 +Subject: [PATCH] Port to compilers that moan about K&R func decls +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* lib/autoconf/c.m4 (AC_LANG_CALL, AC_LANG_FUNC_LINK_TRY): +Use '(void)' rather than '()' in function prototypes, as the latter +provokes fatal errors in some compilers nowadays. +* lib/autoconf/functions.m4 (AC_FUNC_STRTOD): +* tests/fortran.at (AC_F77_DUMMY_MAIN usage): +* tests/semantics.at (AC_CHECK_DECLS): +Don’t use () in a function decl. + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=8b5e2016c7ed2d67f31b03a3d2e361858ff5299b] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + doc/autoconf.texi | 7 +++---- + lib/autoconf/c.m4 | 6 +++--- + lib/autoconf/functions.m4 | 3 --- + tests/fortran.at | 8 ++++---- + tests/semantics.at | 2 +- + 5 files changed, 11 insertions(+), 15 deletions(-) + +--- a/doc/autoconf.texi ++++ b/doc/autoconf.texi +@@ -5465,9 +5465,7 @@ the @samp{#undef malloc}): + #include <config.h> + #undef malloc + +-#include <sys/types.h> +- +-void *malloc (); ++#include <stdlib.h> + + /* Allocate an N-byte block of memory from the heap. + If N is zero, allocate a 1-byte block. */ +@@ -8295,7 +8293,7 @@ needed: + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () @{ return 1; @} ++ int F77_DUMMY_MAIN (void) @{ return 1; @} + #endif + @end example + +--- a/lib/autoconf/c.m4 ++++ b/lib/autoconf/c.m4 +@@ -127,7 +127,7 @@ m4_if([$2], [main], , + [/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-char $2 ();])], [return $2 ();])]) ++char $2 (void);])], [return $2 ();])]) + + + # AC_LANG_FUNC_LINK_TRY(C)(FUNCTION) +@@ -151,7 +151,7 @@ m4_define([AC_LANG_FUNC_LINK_TRY(C)], + #define $1 innocuous_$1 + + /* System header to define __stub macros and hopefully few prototypes, +- which can conflict with char $1 (); below. */ ++ which can conflict with char $1 (void); below. */ + + #include <limits.h> + #undef $1 +@@ -162,7 +162,7 @@ m4_define([AC_LANG_FUNC_LINK_TRY(C)], + #ifdef __cplusplus + extern "C" + #endif +-char $1 (); ++char $1 (void); + /* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +--- a/lib/autoconf/functions.m4 ++++ b/lib/autoconf/functions.m4 +@@ -1601,9 +1601,6 @@ AC_DEFUN([AC_FUNC_STRTOD], + AC_CACHE_CHECK(for working strtod, ac_cv_func_strtod, + [AC_RUN_IFELSE([AC_LANG_SOURCE([[ + ]AC_INCLUDES_DEFAULT[ +-#ifndef strtod +-double strtod (); +-#endif + int + main (void) + { +--- a/tests/fortran.at ++++ b/tests/fortran.at +@@ -233,7 +233,7 @@ void FOOBAR_F77 (double *x, double *y); + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () { return 1; } ++ int F77_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +@@ -315,7 +315,7 @@ void FOOBAR_FC(double *x, double *y); + # ifdef __cplusplus + extern "C" + # endif +- int FC_DUMMY_MAIN () { return 1; } ++ int FC_DUMMY_MAIN (void) { return 1; } + #endif + + int main (int argc, char *argv[]) +@@ -561,7 +561,7 @@ void @foobar@ (int *x); + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () { return 1; } ++ int F77_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +@@ -637,7 +637,7 @@ void @foobar@ (int *x); + # ifdef __cplusplus + extern "C" + # endif +- int FC_DUMMY_MAIN () { return 1; } ++ int FC_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +--- a/tests/semantics.at ++++ b/tests/semantics.at +@@ -207,7 +207,7 @@ AT_CHECK_MACRO([AC_CHECK_DECLS], + [[extern int yes; + enum { myenum }; + extern struct mystruct_s { int x[20]; } mystruct; +- extern int myfunc(); ++ extern int myfunc (int); + #define mymacro1(arg) arg + #define mymacro2]]) + # Ensure we can detect missing declarations of functions whose diff --git a/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb b/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb index 799191e2ca..97c241a3f5 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb +++ b/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb @@ -18,6 +18,7 @@ SRC_URI = "${GNU_MIRROR}/autoconf/${BP}.tar.gz \ file://preferbash.patch \ file://autotest-automake-result-format.patch \ file://man-host-perl.patch \ + file://0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch \ " SRC_URI:append:class-native = " file://no-man.patch" diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc index eed252976a..fc88d4a79e 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -33,5 +33,11 @@ SRC_URI = "\ file://0012-Check-for-clang-before-checking-gcc-version.patch \ file://0013-Avoid-as-info-race-condition.patch \ file://0014-CVE-2019-1010204.patch \ + file://0015-CVE-2022-38533.patch \ + file://0016-CVE-2022-38126.patch \ + file://0017-CVE-2022-38127-1.patch \ + file://0017-CVE-2022-38127-2.patch \ + file://0017-CVE-2022-38127-3.patch \ + file://0017-CVE-2022-38127-4.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch new file mode 100644 index 0000000000..5d9ac2cb1f --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch @@ -0,0 +1,36 @@ +From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 13 Aug 2022 15:32:47 +0930 +Subject: [PATCH] PR29482 - strip: heap-buffer-overflow + + PR 29482 + * coffcode.h (coff_set_section_contents): Sanity check _LIB. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> + +--- + bfd/coffcode.h | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/bfd/coffcode.h b/bfd/coffcode.h +index 67aaf158ca1..52027981c3f 100644 +--- a/bfd/coffcode.h ++++ b/bfd/coffcode.h +@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, + + rec = (bfd_byte *) location; + recend = rec + count; +- while (rec < recend) ++ while (recend - rec >= 4) + { ++ size_t len = bfd_get_32 (abfd, rec); ++ if (len == 0 || len > (size_t) (recend - rec) / 4) ++ break; ++ rec += len * 4; + ++section->lma; +- rec += bfd_get_32 (abfd, rec) * 4; + } + + BFD_ASSERT (rec == recend); diff --git a/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch b/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch new file mode 100644 index 0000000000..8200e28a81 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch @@ -0,0 +1,34 @@ +From e3e5ae049371a27fd1737aba946fe26d06e029b5 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 27 Jun 2022 13:43:02 +0100 +Subject: [PATCH] Replace a run-time assertion failure with a warning message + when parsing corrupt DWARF data. + + PR 29289 + * dwarf.c (display_debug_names): Replace assert with a warning + message. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/dwarf.c | 7 ++++++- + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 37b477b886d..b99c56987da 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -9802,7 +9802,12 @@ display_debug_names (struct dwarf_sectio + printf (_("Out of %lu items there are %zu bucket clashes" + " (longest of %zu entries).\n"), + (unsigned long) name_count, hash_clash_count, longest_clash); +- assert (name_count == buckets_filled + hash_clash_count); ++ ++ if (name_count != buckets_filled + hash_clash_count) ++ warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"), ++ (unsigned long) name_count, ++ (unsigned long) buckets_filled, ++ (unsigned long) hash_clash_count); + + struct abbrev_lookup_entry + { diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch new file mode 100644 index 0000000000..9bbf1d6453 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch @@ -0,0 +1,1224 @@ +From 19c26da69d68d5d863f37c06ad73ab6292d02ffa Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 6 Apr 2022 14:43:37 +0100 +Subject: [PATCH] Add code to display the contents of .debug_loclists sections + which contain offset entry tables. + + PR 28981 + * dwarf.c (fetch_indexed_value): Rename to fecth_indexed_addr and + return the address, rather than a string. + (fetch_indexed_value): New function - returns a value indexed by a + DW_FORM_loclistx or DW_FORM_rnglistx form. + (read_and_display_attr_value): Add support for DW_FORM_loclistx + and DW_FORM_rnglistx. + (process_debug_info): Load the loclists and rnglists sections. + (display_loclists_list): Add support for DW_LLE_base_addressx, + DW_LLE_startx_endx, DW_LLE_startx_length and + DW_LLE_default_location. + (display_offset_entry_loclists): New function. Displays a + .debug_loclists section that contains offset entry tables. + (display_debug_loc): Call the new function. + (display_debug_rnglists_list): Add support for + DW_RLE_base_addressx, DW_RLE_startx_endx and DW_RLE_startx_length. + (display_debug_ranges): Display the contents of the section's + header. + * dwarf.h (struct debug_info): Add loclists_base field. + * testsuite/binutils-all/dw5.W: Update expected output. + * testsuite/binutils-all/x86-64/pr26808.dump: Likewise. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/ChangeLog | 24 + + binutils/dwarf.c | 513 +++++++++++++++--- + binutils/dwarf.h | 4 + + binutils/testsuite/binutils-all/dw5.W | 2 +- + .../binutils-all/x86-64/pr26808.dump | 82 +-- + gas/ChangeLog | 5 + + gas/testsuite/gas/elf/dwarf-5-irp.d | 2 +- + 7 files changed, 517 insertions(+), 115 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 15b3c81a138..bc862f77c04 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -240,7 +240,7 @@ static const char * + dwarf_vmatoa_1 (const char *fmtch, dwarf_vma value, unsigned num_bytes) + { + /* As dwarf_vmatoa is used more then once in a printf call +- for output, we are cycling through an fixed array of pointers ++ for output, we are cycling through a fixed array of pointers + for return address. */ + static int buf_pos = 0; + static struct dwarf_vmatoa_buf +@@ -796,24 +796,70 @@ fetch_indexed_string (dwarf_vma idx, str + return ret; + } + +-static const char * +-fetch_indexed_value (dwarf_vma offset, dwarf_vma bytes) ++static dwarf_vma ++fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes) + { + struct dwarf_section *section = &debug_displays [debug_addr].section; + + if (section->start == NULL) +- return (_("<no .debug_addr section>")); ++ { ++ warn (_("<no .debug_addr section>")); ++ return 0; ++ } + +- if (offset + bytes > section->size) ++ if (offset + num_bytes > section->size) + { + warn (_("Offset into section %s too big: 0x%s\n"), + section->name, dwarf_vmatoa ("x", offset)); +- return "<offset too big>"; ++ return 0; + } + +- return dwarf_vmatoa ("x", byte_get (section->start + offset, bytes)); ++ return byte_get (section->start + offset, num_bytes); + } + ++/* Fetch a value from a debug section that has been indexed by ++ something in another section (eg DW_FORM_loclistx). ++ Returns 0 if the value could not be found. */ ++ ++static dwarf_vma ++fetch_indexed_value (dwarf_vma index, ++ enum dwarf_section_display_enum sec_enum) ++{ ++ struct dwarf_section *section = &debug_displays [sec_enum].section; ++ ++ if (section->start == NULL) ++ { ++ warn (_("Unable to locate %s section\n"), section->uncompressed_name); ++ return 0; ++ } ++ ++ uint32_t pointer_size, bias; ++ ++ if (byte_get (section->start, 4) == 0xffffffff) ++ { ++ pointer_size = 8; ++ bias = 20; ++ } ++ else ++ { ++ pointer_size = 4; ++ bias = 12; ++ } ++ ++ dwarf_vma offset = index * pointer_size; ++ ++ /* Offsets are biased by the size of the section header. */ ++ offset += bias; ++ ++ if (offset + pointer_size > section->size) ++ { ++ warn (_("Offset into section %s too big: 0x%s\n"), ++ section->name, dwarf_vmatoa ("x", offset)); ++ return 0; ++ } ++ ++ return byte_get (section->start + offset, pointer_size); ++} + + /* FIXME: There are better and more efficient ways to handle + these structures. For now though, I just want something that +@@ -1999,6 +2045,8 @@ skip_attr_bytes (unsigned long form, + case DW_FORM_strx: + case DW_FORM_GNU_addr_index: + case DW_FORM_addrx: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + READ_ULEB (uvalue, data, end); + break; + +@@ -2410,9 +2458,6 @@ read_and_display_attr_value (unsigned lo + + switch (form) + { +- default: +- break; +- + case DW_FORM_ref_addr: + if (dwarf_version == 2) + SAFE_BYTE_GET_AND_INC (uvalue, data, pointer_size, end); +@@ -2496,6 +2541,8 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_udata: + case DW_FORM_GNU_addr_index: + case DW_FORM_addrx: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + READ_ULEB (uvalue, data, end); + break; + +@@ -2515,6 +2562,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_implicit_const: + uvalue = implicit_const; + break; ++ ++ default: ++ break; + } + + switch (form) +@@ -2710,6 +2760,8 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_addrx2: + case DW_FORM_addrx3: + case DW_FORM_addrx4: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + if (!do_loc) + { + dwarf_vma base; +@@ -2728,11 +2780,11 @@ read_and_display_attr_value (unsigned lo + /* We have already displayed the form name. */ + printf (_("%c(index: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_value (offset, pointer_size)); ++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size))); + else + printf (_("%c(addr_index: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_value (offset, pointer_size)); ++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size))); + } + break; + +@@ -2754,6 +2806,13 @@ read_and_display_attr_value (unsigned lo + { + switch (attribute) + { ++ case DW_AT_loclists_base: ++ if (debug_info_p->loclists_base) ++ warn (_("CU @ 0x%s has multiple loclists_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->loclists_base = uvalue; ++ break; ++ + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -2776,7 +2835,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_GNU_call_site_target_clobbered: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_loclistx) + { + /* Process location list. */ + unsigned int lmax = debug_info_p->max_loc_offsets; +@@ -2796,11 +2856,17 @@ read_and_display_attr_value (unsigned lo + lmax, sizeof (*debug_info_p->have_frame_base)); + debug_info_p->max_loc_offsets = lmax; + } +- if (this_set != NULL) ++ ++ if (form == DW_FORM_loclistx) ++ uvalue = fetch_indexed_value (uvalue, loclists); ++ else if (this_set != NULL) + uvalue += this_set->section_offsets [DW_SECT_LOC]; ++ + debug_info_p->have_frame_base [num] = have_frame_base; + if (attribute != DW_AT_GNU_locviews) + { ++ uvalue += debug_info_p->loclists_base; ++ + /* Corrupt DWARF info can produce more offsets than views. + See PR 23062 for an example. */ + if (debug_info_p->num_loc_offsets +@@ -2844,7 +2910,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_ranges: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_rnglistx) + { + /* Process range list. */ + unsigned int lmax = debug_info_p->max_range_lists; +@@ -2858,6 +2925,10 @@ read_and_display_attr_value (unsigned lo + lmax, sizeof (*debug_info_p->range_lists)); + debug_info_p->max_range_lists = lmax; + } ++ ++ if (form == DW_FORM_rnglistx) ++ uvalue = fetch_indexed_value (uvalue, rnglists); ++ + debug_info_p->range_lists [num] = uvalue; + debug_info_p->num_range_lists++; + } +@@ -3231,6 +3302,7 @@ read_and_display_attr_value (unsigned lo + have_frame_base = 1; + /* Fall through. */ + case DW_AT_location: ++ case DW_AT_loclists_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3248,7 +3320,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_GNU_call_site_target_clobbered: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_loclistx) + printf (_(" (location list)")); + /* Fall through. */ + case DW_AT_allocated: +@@ -3517,6 +3590,9 @@ process_debug_info (struct dwarf_section + } + + load_debug_section_with_follow (abbrev_sec, file); ++ load_debug_section_with_follow (loclists, file); ++ load_debug_section_with_follow (rnglists, file); ++ + if (debug_displays [abbrev_sec].section.start == NULL) + { + warn (_("Unable to locate %s section!\n"), +@@ -3729,6 +3805,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].have_frame_base = NULL; + debug_information [unit].max_loc_offsets = 0; + debug_information [unit].num_loc_offsets = 0; ++ debug_information [unit].loclists_base = 0; + debug_information [unit].range_lists = NULL; + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; +@@ -6465,20 +6542,21 @@ display_loc_list (struct dwarf_section * + /* Display a location list from a normal (ie, non-dwo) .debug_loclists section. */ + + static void +-display_loclists_list (struct dwarf_section *section, +- unsigned char **start_ptr, +- unsigned int debug_info_entry, +- dwarf_vma offset, +- dwarf_vma base_address, +- unsigned char **vstart_ptr, +- int has_frame_base) +-{ +- unsigned char *start = *start_ptr, *vstart = *vstart_ptr; +- unsigned char *section_end = section->start + section->size; +- dwarf_vma cu_offset; +- unsigned int pointer_size; +- unsigned int offset_size; +- int dwarf_version; ++display_loclists_list (struct dwarf_section * section, ++ unsigned char ** start_ptr, ++ unsigned int debug_info_entry, ++ dwarf_vma offset, ++ dwarf_vma base_address, ++ unsigned char ** vstart_ptr, ++ int has_frame_base) ++{ ++ unsigned char * start = *start_ptr; ++ unsigned char * vstart = *vstart_ptr; ++ unsigned char * section_end = section->start + section->size; ++ dwarf_vma cu_offset; ++ unsigned int pointer_size; ++ unsigned int offset_size; ++ unsigned int dwarf_version; + + /* Initialize it due to a false compiler warning. */ + dwarf_vma begin = -1, vbegin = -1; +@@ -6544,27 +6622,59 @@ display_loclists_list (struct dwarf_sect + case DW_LLE_end_of_list: + printf (_("<End of list>\n")); + break; ++ ++ case DW_LLE_base_addressx: ++ READ_ULEB (base_address, start, section_end); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(index into .debug_addr) ")); ++ base_address = fetch_indexed_addr (base_address, pointer_size); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; ++ ++ case DW_LLE_startx_endx: ++ READ_ULEB (begin, start, section_end); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ READ_ULEB (end, start, section_end); ++ end = fetch_indexed_addr (end, pointer_size); ++ break; ++ ++ case DW_LLE_startx_length: ++ READ_ULEB (begin, start, section_end); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ READ_ULEB (end, start, section_end); ++ end += begin; ++ break; ++ ++ case DW_LLE_default_location: ++ begin = end = 0; ++ break; ++ + case DW_LLE_offset_pair: + READ_ULEB (begin, start, section_end); + begin += base_address; + READ_ULEB (end, start, section_end); + end += base_address; + break; ++ ++ case DW_LLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, ++ section_end); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; ++ + case DW_LLE_start_end: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end); + SAFE_BYTE_GET_AND_INC (end, start, pointer_size, section_end); + break; ++ + case DW_LLE_start_length: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end); + READ_ULEB (end, start, section_end); + end += begin; + break; +- case DW_LLE_base_address: +- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, +- section_end); +- print_dwarf_vma (base_address, pointer_size); +- printf (_("(base address)\n")); +- break; ++ + #ifdef DW_LLE_view_pair + case DW_LLE_view_pair: + if (vstart) +@@ -6578,15 +6688,17 @@ display_loclists_list (struct dwarf_sect + printf (_("views for:\n")); + continue; + #endif ++ + default: + error (_("Invalid location list entry type %d\n"), llet); + return; + } ++ + if (llet == DW_LLE_end_of_list) + break; +- if (llet != DW_LLE_offset_pair +- && llet != DW_LLE_start_end +- && llet != DW_LLE_start_length) ++ ++ if (llet == DW_LLE_base_address ++ || llet == DW_LLE_base_addressx) + continue; + + if (start == section_end) +@@ -6828,6 +6940,218 @@ loc_offsets_compar (const void *ap, cons + } + + static int ++display_offset_entry_loclists (struct dwarf_section *section) ++{ ++ unsigned char * start = section->start; ++ unsigned char * const end = start + section->size; ++ ++ introduce (section, false); ++ ++ do ++ { ++ dwarf_vma length; ++ unsigned short version; ++ unsigned char address_size; ++ unsigned char segment_selector_size; ++ uint32_t offset_entry_count; ++ uint32_t i; ++ bool is_64bit; ++ ++ printf (_("Table at Offset 0x%lx\n"), (long)(start - section->start)); ++ ++ SAFE_BYTE_GET_AND_INC (length, start, 4, end); ++ if (length == 0xffffffff) ++ { ++ is_64bit = true; ++ SAFE_BYTE_GET_AND_INC (length, start, 8, end); ++ } ++ else ++ is_64bit = false; ++ ++ SAFE_BYTE_GET_AND_INC (version, start, 2, end); ++ SAFE_BYTE_GET_AND_INC (address_size, start, 1, end); ++ SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, end); ++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, end); ++ ++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", length)); ++ printf (_(" DWARF version: %u\n"), version); ++ printf (_(" Address size: %u\n"), address_size); ++ printf (_(" Segment size: %u\n"), segment_selector_size); ++ printf (_(" Offset entries: %u\n"), offset_entry_count); ++ ++ if (version < 5) ++ { ++ warn (_("The %s section contains a corrupt or " ++ "unsupported version number: %d.\n"), ++ section->name, version); ++ return 0; ++ } ++ ++ if (segment_selector_size != 0) ++ { ++ warn (_("The %s section contains an " ++ "unsupported segment selector size: %d.\n"), ++ section->name, segment_selector_size); ++ return 0; ++ } ++ ++ if (offset_entry_count == 0) ++ { ++ warn (_("The %s section contains a table without offset\n"), ++ section->name); ++ return 0; ++ } ++ ++ printf (_("\n Offset Entries starting at 0x%lx:\n"), ++ (long)(start - section->start)); ++ ++ if (is_64bit) ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ dwarf_vma entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 8, end); ++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry)); ++ } ++ } ++ else ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ uint32_t entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 4, end); ++ printf (_(" [%6u] 0x%x\n"), i, entry); ++ } ++ } ++ ++ putchar ('\n'); ++ ++ uint32_t j; ++ ++ for (j = 1, i = 0; i < offset_entry_count;) ++ { ++ unsigned char lle; ++ dwarf_vma base_address = 0; ++ dwarf_vma begin; ++ dwarf_vma finish; ++ dwarf_vma off = start - section->start; ++ ++ if (j != i) ++ { ++ printf (_(" Offset Entry %u\n"), i); ++ j = i; ++ } ++ ++ printf (" "); ++ print_dwarf_vma (off, 4); ++ ++ SAFE_BYTE_GET_AND_INC (lle, start, 1, end); ++ ++ switch (lle) ++ { ++ case DW_LLE_end_of_list: ++ printf (_("<End of list>\n\n")); ++ i ++; ++ continue; ++ ++ case DW_LLE_base_addressx: ++ READ_ULEB (base_address, start, end); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(index into .debug_addr) ")); ++ base_address = fetch_indexed_addr (base_address, address_size); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(base address)\n")); ++ continue; ++ ++ case DW_LLE_startx_endx: ++ READ_ULEB (begin, start, end); ++ begin = fetch_indexed_addr (begin, address_size); ++ READ_ULEB (finish, start, end); ++ finish = fetch_indexed_addr (finish, address_size); ++ break; ++ ++ case DW_LLE_startx_length: ++ READ_ULEB (begin, start, end); ++ begin = fetch_indexed_addr (begin, address_size); ++ READ_ULEB (finish, start, end); ++ finish += begin; ++ break; ++ ++ case DW_LLE_offset_pair: ++ READ_ULEB (begin, start, end); ++ begin += base_address; ++ READ_ULEB (finish, start, end); ++ finish += base_address; ++ break; ++ ++ case DW_LLE_default_location: ++ begin = finish = 0; ++ break; ++ ++ case DW_LLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, address_size, end); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(base address)\n")); ++ continue; ++ ++ case DW_LLE_start_end: ++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end); ++ SAFE_BYTE_GET_AND_INC (finish, start, address_size, end); ++ break; ++ ++ case DW_LLE_start_length: ++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end); ++ READ_ULEB (finish, start, end); ++ finish += begin; ++ break; ++ ++ default: ++ error (_("Invalid location list entry type %d\n"), lle); ++ return 0; ++ } ++ ++ if (start == end) ++ { ++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"), ++ (unsigned long) off); ++ break; ++ } ++ ++ print_dwarf_vma (begin, address_size); ++ print_dwarf_vma (finish, address_size); ++ ++ if (begin == finish) ++ fputs (_(" (start == end)"), stdout); ++ else if (begin > finish) ++ fputs (_(" (start > end)"), stdout); ++ ++ /* Read the counted location descriptions. */ ++ READ_ULEB (length, start, end); ++ ++ if (length > (size_t) (end - start)) ++ { ++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"), ++ (unsigned long) off); ++ break; ++ } ++ ++ putchar (' '); ++ (void) decode_location_expression (start, address_size, address_size, ++ version, length, 0, section); ++ start += length; ++ putchar ('\n'); ++ } ++ ++ putchar ('\n'); ++ } ++ while (start < end); ++ ++ return 1; ++} ++ ++static int + display_debug_loc (struct dwarf_section *section, void *file) + { + unsigned char *start = section->start, *vstart = NULL; +@@ -6893,13 +7217,9 @@ display_debug_loc (struct dwarf_section + } + + SAFE_BYTE_GET_AND_INC (offset_entry_count, hdrptr, 4, end); ++ + if (offset_entry_count != 0) +- { +- warn (_("The %s section contains " +- "unsupported offset entry count: %d.\n"), +- section->name, offset_entry_count); +- return 0; +- } ++ return display_offset_entry_loclists (section); + + expected_start = hdrptr - section_begin; + } +@@ -6959,9 +7279,10 @@ display_debug_loc (struct dwarf_section + if (debug_information [first].num_loc_offsets > 0 + && debug_information [first].loc_offsets [0] != expected_start + && debug_information [first].loc_views [0] != expected_start) +- warn (_("Location lists in %s section start at 0x%s\n"), ++ warn (_("Location lists in %s section start at 0x%s rather than 0x%s\n"), + section->name, +- dwarf_vmatoa ("x", debug_information [first].loc_offsets [0])); ++ dwarf_vmatoa ("x", debug_information [first].loc_offsets [0]), ++ dwarf_vmatoa ("x", expected_start)); + + if (!locs_sorted) + array = (unsigned int *) xcmalloc (num_loc_list, sizeof (unsigned int)); +@@ -7639,24 +7960,44 @@ display_debug_rnglists_list (unsigned ch + case DW_RLE_end_of_list: + printf (_("<End of list>\n")); + break; +- case DW_RLE_base_address: +- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish); ++ case DW_RLE_base_addressx: ++ READ_ULEB (base_address, start, finish); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address index) ")); ++ base_address = fetch_indexed_addr (base_address, pointer_size); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address)\n")); + break; +- case DW_RLE_start_length: +- SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); ++ case DW_RLE_startx_endx: ++ READ_ULEB (begin, start, finish); ++ READ_ULEB (end, start, finish); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ end = fetch_indexed_addr (begin, pointer_size); ++ break; ++ case DW_RLE_startx_length: ++ READ_ULEB (begin, start, finish); + READ_ULEB (length, start, finish); ++ begin = fetch_indexed_addr (begin, pointer_size); + end = begin + length; + break; + case DW_RLE_offset_pair: + READ_ULEB (begin, start, finish); + READ_ULEB (end, start, finish); + break; ++ case DW_RLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; + case DW_RLE_start_end: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); + SAFE_BYTE_GET_AND_INC (end, start, pointer_size, finish); + break; ++ case DW_RLE_start_length: ++ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); ++ READ_ULEB (length, start, finish); ++ end = begin + length; ++ break; + default: + error (_("Invalid range list entry type %d\n"), rlet); + rlet = DW_RLE_end_of_list; +@@ -7664,7 +8005,7 @@ display_debug_rnglists_list (unsigned ch + } + if (rlet == DW_RLE_end_of_list) + break; +- if (rlet == DW_RLE_base_address) ++ if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx) + continue; + + /* Only a DW_RLE_offset_pair needs the base address added. */ +@@ -7709,6 +8050,8 @@ display_debug_ranges (struct dwarf_secti + return 0; + } + ++ introduce (section, false); ++ + if (is_rnglists) + { + dwarf_vma initial_length; +@@ -7745,19 +8088,19 @@ display_debug_ranges (struct dwarf_secti + } + } + +- /* Get and check the version number. */ ++ /* Get the other fields in the header. */ + SAFE_BYTE_GET_AND_INC (version, start, 2, finish); +- +- if (version != 5) +- { +- warn (_("Only DWARF version 5 debug_rnglists info " +- "is currently supported.\n")); +- return 0; +- } +- + SAFE_BYTE_GET_AND_INC (address_size, start, 1, finish); +- + SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, finish); ++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish); ++ ++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", initial_length)); ++ printf (_(" DWARF version: %u\n"), version); ++ printf (_(" Address size: %u\n"), address_size); ++ printf (_(" Segment size: %u\n"), segment_selector_size); ++ printf (_(" Offset entries: %u\n"), offset_entry_count); ++ ++ /* Check the fields. */ + if (segment_selector_size != 0) + { + warn (_("The %s section contains " +@@ -7766,16 +8109,39 @@ display_debug_ranges (struct dwarf_secti + return 0; + } + +- SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish); +- if (offset_entry_count != 0) ++ if (version < 5) + { +- warn (_("The %s section contains " +- "unsupported offset entry count: %u.\n"), +- section->name, offset_entry_count); ++ warn (_("Only DWARF version 5+ debug_rnglists info " ++ "is currently supported.\n")); + return 0; + } +- } + ++ if (offset_entry_count != 0) ++ { ++ printf (_("\n Offsets starting at 0x%lx:\n"), (long)(start - section->start)); ++ if (offset_size == 8) ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ dwarf_vma entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 8, finish); ++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry)); ++ } ++ } ++ else ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ uint32_t entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 4, finish); ++ printf (_(" [%6u] 0x%x\n"), i, entry); ++ } ++ } ++ } ++ } ++ + if (load_debug_info (file) == 0) + { + warn (_("Unable to load/parse the .debug_info section, so cannot interpret the %s section.\n"), +@@ -7834,8 +8200,7 @@ display_debug_ranges (struct dwarf_secti + warn (_("Range lists in %s section start at 0x%lx\n"), + section->name, (unsigned long) range_entries[0].ranges_offset); + +- introduce (section, false); +- ++ putchar ('\n'); + printf (_(" Offset Begin End\n")); + + for (i = 0; i < num_range_list; i++) +@@ -7895,8 +8260,12 @@ display_debug_ranges (struct dwarf_secti + start = next; + last_start = next; + +- (is_rnglists ? display_debug_rnglists_list : display_debug_ranges_list) +- (start, finish, pointer_size, offset, base_address); ++ if (is_rnglists) ++ display_debug_rnglists_list ++ (start, finish, pointer_size, offset, base_address); ++ else ++ display_debug_ranges_list ++ (start, finish, pointer_size, offset, base_address); + } + putchar ('\n'); + +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 4fc62abfa4c..ccce2461c81 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -181,9 +181,13 @@ typedef struct + /* This is an array of offsets to the location view table. */ + dwarf_vma * loc_views; + int * have_frame_base; ++ ++ /* Information for associating location lists with CUs. */ + unsigned int num_loc_offsets; + unsigned int max_loc_offsets; + unsigned int num_loc_views; ++ dwarf_vma loclists_base; ++ + /* List of .debug_ranges offsets seen in this .debug_info. */ + dwarf_vma * range_lists; + unsigned int num_range_lists; +diff --git a/binutils/testsuite/binutils-all/dw5.W b/binutils/testsuite/binutils-all/dw5.W +index ebab8b7d3b0..bfcdac175ba 100644 +--- a/binutils/testsuite/binutils-all/dw5.W ++++ b/binutils/testsuite/binutils-all/dw5.W +@@ -281,7 +281,7 @@ Contents of the .debug_loclists section: + 00000039 <End of list> + + Contents of the .debug_rnglists section: +- ++#... + Offset Begin End + 0000000c 0000000000001234 0000000000001236 + 00000016 0000000000001234 0000000000001239 +diff --git a/binutils/testsuite/binutils-all/x86-64/pr26808.dump b/binutils/testsuite/binutils-all/x86-64/pr26808.dump +index f64f9d008f9..7ef73b24dc9 100644 +--- a/binutils/testsuite/binutils-all/x86-64/pr26808.dump ++++ b/binutils/testsuite/binutils-all/x86-64/pr26808.dump +@@ -30,13 +30,13 @@ Contents of the .debug_info.dwo section: + <a5> DW_AT_decl_file : 1 + <a6> DW_AT_decl_line : 30 + <a7> DW_AT_type : <0x90> +- <ab> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section> ++ <ab> DW_AT_low_pc : (addr_index: 0x0): 0 + <ac> DW_AT_high_pc : 0x304 + <b4> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <b6> DW_AT_GNU_all_tail_call_sites: 1 + <b6> DW_AT_sibling : <0x11b> + <2><ba>: Abbrev Number: 14 (DW_TAG_lexical_block) +- <bb> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section> ++ <bb> DW_AT_low_pc : (addr_index: 0x1): 0 + <bc> DW_AT_high_pc : 0x2fa + <3><c4>: Abbrev Number: 15 (DW_TAG_variable) + <c5> DW_AT_name : c1 +@@ -56,7 +56,7 @@ Contents of the .debug_info.dwo section: + <ff> DW_AT_artificial : 1 + <ff> DW_AT_location : 2 byte block: fb 2 (DW_OP_GNU_addr_index <0x2>) + <3><102>: Abbrev Number: 14 (DW_TAG_lexical_block) +- <103> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section> ++ <103> DW_AT_low_pc : (addr_index: 0x3): 0 + <104> DW_AT_high_pc : 0x2f + <4><10c>: Abbrev Number: 17 (DW_TAG_variable) + <10d> DW_AT_name : i +@@ -274,7 +274,7 @@ Contents of the .debug_info.dwo section: + <2dd> DW_AT_decl_file : 1 + <2de> DW_AT_decl_line : 70 + <2df> DW_AT_linkage_name: _Z4f13iv +- <2e8> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section> ++ <2e8> DW_AT_low_pc : (addr_index: 0x0): 0 + <2e9> DW_AT_high_pc : 0x6 + <2f1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <2f3> DW_AT_GNU_all_call_sites: 1 +@@ -282,7 +282,7 @@ Contents of the .debug_info.dwo section: + <2f4> DW_AT_specification: <0x219> + <2f8> DW_AT_decl_file : 2 + <2f9> DW_AT_decl_line : 30 +- <2fa> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section> ++ <2fa> DW_AT_low_pc : (addr_index: 0x1): 0 + <2fb> DW_AT_high_pc : 0x20 + <303> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <305> DW_AT_object_pointer: <0x30d> +@@ -300,7 +300,7 @@ Contents of the .debug_info.dwo section: + <31d> DW_AT_specification: <0x223> + <321> DW_AT_decl_file : 2 + <322> DW_AT_decl_line : 38 +- <323> DW_AT_low_pc : (addr_index: 0x2): <no .debug_addr section> ++ <323> DW_AT_low_pc : (addr_index: 0x2): 0 + <324> DW_AT_high_pc : 0x18 + <32c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <32e> DW_AT_object_pointer: <0x336> +@@ -316,7 +316,7 @@ Contents of the .debug_info.dwo section: + <341> DW_AT_specification: <0x22d> + <345> DW_AT_decl_file : 2 + <346> DW_AT_decl_line : 46 +- <347> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section> ++ <347> DW_AT_low_pc : (addr_index: 0x3): 0 + <348> DW_AT_high_pc : 0x18 + <350> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <352> DW_AT_object_pointer: <0x35a> +@@ -332,7 +332,7 @@ Contents of the .debug_info.dwo section: + <365> DW_AT_specification: <0x237> + <369> DW_AT_decl_file : 2 + <36a> DW_AT_decl_line : 54 +- <36b> DW_AT_low_pc : (addr_index: 0x4): <no .debug_addr section> ++ <36b> DW_AT_low_pc : (addr_index: 0x4): 0 + <36c> DW_AT_high_pc : 0x16 + <374> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <376> DW_AT_object_pointer: <0x37e> +@@ -348,7 +348,7 @@ Contents of the .debug_info.dwo section: + <389> DW_AT_specification: <0x26b> + <38d> DW_AT_decl_file : 2 + <38e> DW_AT_decl_line : 62 +- <38f> DW_AT_low_pc : (addr_index: 0x5): <no .debug_addr section> ++ <38f> DW_AT_low_pc : (addr_index: 0x5): 0 + <390> DW_AT_high_pc : 0x16 + <398> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <39a> DW_AT_object_pointer: <0x3a2> +@@ -366,7 +366,7 @@ Contents of the .debug_info.dwo section: + <3b2> DW_AT_specification: <0x275> + <3b6> DW_AT_decl_file : 2 + <3b7> DW_AT_decl_line : 72 +- <3b8> DW_AT_low_pc : (addr_index: 0x6): <no .debug_addr section> ++ <3b8> DW_AT_low_pc : (addr_index: 0x6): 0 + <3b9> DW_AT_high_pc : 0x1b + <3c1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <3c3> DW_AT_object_pointer: <0x3cb> +@@ -382,7 +382,7 @@ Contents of the .debug_info.dwo section: + <3d6> DW_AT_specification: <0x27f> + <3da> DW_AT_decl_file : 2 + <3db> DW_AT_decl_line : 82 +- <3dc> DW_AT_low_pc : (addr_index: 0x7): <no .debug_addr section> ++ <3dc> DW_AT_low_pc : (addr_index: 0x7): 0 + <3dd> DW_AT_high_pc : 0x1b + <3e5> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <3e7> DW_AT_object_pointer: <0x3ef> +@@ -398,7 +398,7 @@ Contents of the .debug_info.dwo section: + <3fa> DW_AT_specification: <0x289> + <3fe> DW_AT_decl_file : 2 + <3ff> DW_AT_decl_line : 92 +- <400> DW_AT_low_pc : (addr_index: 0x8): <no .debug_addr section> ++ <400> DW_AT_low_pc : (addr_index: 0x8): 0 + <401> DW_AT_high_pc : 0x19 + <409> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <40b> DW_AT_object_pointer: <0x413> +@@ -414,7 +414,7 @@ Contents of the .debug_info.dwo section: + <41e> DW_AT_specification: <0x2ae> + <422> DW_AT_decl_file : 2 + <423> DW_AT_decl_line : 102 +- <424> DW_AT_low_pc : (addr_index: 0x9): <no .debug_addr section> ++ <424> DW_AT_low_pc : (addr_index: 0x9): 0 + <425> DW_AT_high_pc : 0x19 + <42d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <42f> DW_AT_object_pointer: <0x437> +@@ -432,7 +432,7 @@ Contents of the .debug_info.dwo section: + <447> DW_AT_specification: <0x2b8> + <44b> DW_AT_decl_file : 2 + <44c> DW_AT_decl_line : 112 +- <44d> DW_AT_low_pc : (addr_index: 0xa): <no .debug_addr section> ++ <44d> DW_AT_low_pc : (addr_index: 0xa): 0 + <44e> DW_AT_high_pc : 0x1f + <456> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <458> DW_AT_object_pointer: <0x460> +@@ -451,7 +451,7 @@ Contents of the .debug_info.dwo section: + <471> DW_AT_decl_line : 120 + <472> DW_AT_linkage_name: _Z4f11av + <47b> DW_AT_type : <0x242> +- <47f> DW_AT_low_pc : (addr_index: 0xb): <no .debug_addr section> ++ <47f> DW_AT_low_pc : (addr_index: 0xb): 0 + <480> DW_AT_high_pc : 0xb + <488> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <48a> DW_AT_GNU_all_call_sites: 1 +@@ -459,7 +459,7 @@ Contents of the .debug_info.dwo section: + <48b> DW_AT_specification: <0x2c2> + <48f> DW_AT_decl_file : 2 + <490> DW_AT_decl_line : 126 +- <491> DW_AT_low_pc : (addr_index: 0xc): <no .debug_addr section> ++ <491> DW_AT_low_pc : (addr_index: 0xc): 0 + <492> DW_AT_high_pc : 0x20 + <49a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <49c> DW_AT_object_pointer: <0x4a4> +@@ -478,7 +478,7 @@ Contents of the .debug_info.dwo section: + <4b4> DW_AT_decl_line : 134 + <4b5> DW_AT_linkage_name: _Z3t12v + <4bd> DW_AT_type : <0x249> +- <4c1> DW_AT_low_pc : (addr_index: 0xd): <no .debug_addr section> ++ <4c1> DW_AT_low_pc : (addr_index: 0xd): 0 + <4c2> DW_AT_high_pc : 0x19 + <4ca> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <4cc> DW_AT_GNU_all_tail_call_sites: 1 +@@ -489,7 +489,7 @@ Contents of the .debug_info.dwo section: + <4d2> DW_AT_decl_line : 142 + <4d3> DW_AT_linkage_name: _Z3t13v + <4db> DW_AT_type : <0x249> +- <4df> DW_AT_low_pc : (addr_index: 0xe): <no .debug_addr section> ++ <4df> DW_AT_low_pc : (addr_index: 0xe): 0 + <4e0> DW_AT_high_pc : 0x14 + <4e8> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <4ea> DW_AT_GNU_all_tail_call_sites: 1 +@@ -500,13 +500,13 @@ Contents of the .debug_info.dwo section: + <4f0> DW_AT_decl_line : 150 + <4f1> DW_AT_linkage_name: _Z3t14v + <4f9> DW_AT_type : <0x249> +- <4fd> DW_AT_low_pc : (addr_index: 0xf): <no .debug_addr section> ++ <4fd> DW_AT_low_pc : (addr_index: 0xf): 0 + <4fe> DW_AT_high_pc : 0x61 + <506> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <508> DW_AT_GNU_all_tail_call_sites: 1 + <508> DW_AT_sibling : <0x532> + <2><50c>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <50d> DW_AT_low_pc : (addr_index: 0x10): <no .debug_addr section> ++ <50d> DW_AT_low_pc : (addr_index: 0x10): 0 + <50e> DW_AT_high_pc : 0x57 + <3><516>: Abbrev Number: 25 (DW_TAG_variable) + <517> DW_AT_name : s1 +@@ -538,13 +538,13 @@ Contents of the .debug_info.dwo section: + <54b> DW_AT_decl_line : 163 + <54c> DW_AT_linkage_name: _Z3t15v + <554> DW_AT_type : <0x249> +- <558> DW_AT_low_pc : (addr_index: 0x11): <no .debug_addr section> ++ <558> DW_AT_low_pc : (addr_index: 0x11): 0 + <559> DW_AT_high_pc : 0x5d + <561> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <563> DW_AT_GNU_all_tail_call_sites: 1 + <563> DW_AT_sibling : <0x58d> + <2><567>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <568> DW_AT_low_pc : (addr_index: 0x12): <no .debug_addr section> ++ <568> DW_AT_low_pc : (addr_index: 0x12): 0 + <569> DW_AT_high_pc : 0x53 + <3><571>: Abbrev Number: 25 (DW_TAG_variable) + <572> DW_AT_name : s1 +@@ -576,7 +576,7 @@ Contents of the .debug_info.dwo section: + <5a9> DW_AT_decl_line : 176 + <5aa> DW_AT_linkage_name: _Z3t16v + <5b2> DW_AT_type : <0x249> +- <5b6> DW_AT_low_pc : (addr_index: 0x13): <no .debug_addr section> ++ <5b6> DW_AT_low_pc : (addr_index: 0x13): 0 + <5b7> DW_AT_high_pc : 0x13 + <5bf> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <5c1> DW_AT_GNU_all_tail_call_sites: 1 +@@ -587,13 +587,13 @@ Contents of the .debug_info.dwo section: + <5c7> DW_AT_decl_line : 184 + <5c8> DW_AT_linkage_name: _Z3t17v + <5d0> DW_AT_type : <0x249> +- <5d4> DW_AT_low_pc : (addr_index: 0x14): <no .debug_addr section> ++ <5d4> DW_AT_low_pc : (addr_index: 0x14): 0 + <5d5> DW_AT_high_pc : 0x5f + <5dd> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <5df> DW_AT_GNU_all_call_sites: 1 + <5df> DW_AT_sibling : <0x612> + <2><5e3>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <5e4> DW_AT_low_pc : (addr_index: 0x15): <no .debug_addr section> ++ <5e4> DW_AT_low_pc : (addr_index: 0x15): 0 + <5e5> DW_AT_high_pc : 0x59 + <3><5ed>: Abbrev Number: 25 (DW_TAG_variable) + <5ee> DW_AT_name : c +@@ -602,7 +602,7 @@ Contents of the .debug_info.dwo section: + <5f2> DW_AT_type : <0x53d> + <5f6> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17) + <3><5f9>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <5fa> DW_AT_low_pc : (addr_index: 0x16): <no .debug_addr section> ++ <5fa> DW_AT_low_pc : (addr_index: 0x16): 0 + <5fb> DW_AT_high_pc : 0x50 + <4><603>: Abbrev Number: 25 (DW_TAG_variable) + <604> DW_AT_name : i +@@ -620,13 +620,13 @@ Contents of the .debug_info.dwo section: + <618> DW_AT_decl_line : 199 + <619> DW_AT_linkage_name: _Z3t18v + <621> DW_AT_type : <0x249> +- <625> DW_AT_low_pc : (addr_index: 0x17): <no .debug_addr section> ++ <625> DW_AT_ow_pc : (addr_index: 0x17): 0 + <626> DW_AT_high_pc : 0x5f + <62e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <630> DW_AT_GNU_all_tail_call_sites: 1 + <630> DW_AT_sibling : <0x67a> + <2><634>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <635> DW_AT_low_pc : (addr_index: 0x18): <no .debug_addr section> ++ <635> DW_AT_low_pc : (addr_index: 0x18): 0 + <636> DW_AT_high_pc : 0x55 + <3><63e>: Abbrev Number: 25 (DW_TAG_variable) + <63f> DW_AT_name : c +@@ -635,7 +635,7 @@ Contents of the .debug_info.dwo section: + <643> DW_AT_type : <0x53d> + <647> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17) + <3><64a>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <64b> DW_AT_low_pc : (addr_index: 0x19): <no .debug_addr section> ++ <64b> DW_AT_low_pc : (addr_index: 0x19): 0 + <64c> DW_AT_high_pc : 0x4c + <4><654>: Abbrev Number: 25 (DW_TAG_variable) + <655> DW_AT_name : i +@@ -644,7 +644,7 @@ Contents of the .debug_info.dwo section: + <659> DW_AT_type : <0x242> + <65d> DW_AT_location : 2 byte block: 91 68 (DW_OP_fbreg: -24) + <4><660>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <661> DW_AT_low_pc : (addr_index: 0x1a): <no .debug_addr section> ++ <661> DW_AT_low_pc : (addr_index: 0x1a): 0 + <662> DW_AT_high_pc : 0x34 + <5><66a>: Abbrev Number: 25 (DW_TAG_variable) + <66b> DW_AT_name : s +@@ -786,7 +786,7 @@ Contents of the .debug_info.dwo section: + <7d3> DW_AT_decl_line : 32 + <7d4> DW_AT_linkage_name: _Z4t16av + <7dd> DW_AT_type : <0x7c4> +- <7e1> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section> ++ <7e1> DW_AT_low_pc : (addr_index: 0x0): 0 + <7e2> DW_AT_high_pc : 0x13 + <7ea> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <7ec> DW_AT_GNU_all_tail_call_sites: 1 +@@ -878,14 +878,14 @@ Contents of the .debug_info.dwo section: + <908> DW_AT_decl_file : 1 + <909> DW_AT_decl_line : 70 + <90a> DW_AT_linkage_name: _Z4f13iv +- <913> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section> ++ <913> DW_AT_low_pc : (addr_index: 0x0): 0 + <914> DW_AT_high_pc : 0x6 + <91c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <91e> DW_AT_GNU_all_call_sites: 1 + <1><91e>: Abbrev Number: 17 (DW_TAG_subprogram) + <91f> DW_AT_specification: <0x8a8> + <923> DW_AT_decl_file : 2 +- <924> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section> ++ <924> DW_AT_low_pc : (addr_index: 0x1): 0 + <925> DW_AT_high_pc : 0xf + <92d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <92f> DW_AT_object_pointer: <0x937> +@@ -903,7 +903,7 @@ Contents of the .debug_info.dwo section: + <94b> DW_AT_specification: <0x89b> + <94f> DW_AT_decl_file : 2 + <950> DW_AT_decl_line : 36 +- <951> DW_AT_low_pc : (addr_index: 0x2): <no .debug_addr section> ++ <951> DW_AT_low_pc : (addr_index: 0x2): 0 + <952> DW_AT_high_pc : 0x20 + <95a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <95c> DW_AT_object_pointer: <0x964> +@@ -922,7 +922,7 @@ Contents of the .debug_info.dwo section: + <978> DW_AT_decl_line : 72 + <979> DW_AT_linkage_name: _Z3f10v + <981> DW_AT_type : <0x8b7> +- <985> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section> ++ <985> DW_AT_low_pc : (addr_index: 0x3): 0 + <986> DW_AT_high_pc : 0xb + <98e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <990> DW_AT_GNU_all_call_sites: 1 +@@ -933,7 +933,7 @@ Contents of the .debug_info.dwo section: + <997> DW_AT_decl_line : 80 + <998> DW_AT_linkage_name: _Z4f11bPFivE + <9a5> DW_AT_type : <0x8b7> +- <9a9> DW_AT_low_pc : (addr_index: 0x4): <no .debug_addr section> ++ <9a9> DW_AT_low_pc : (addr_index: 0x4): 0 + <9aa> DW_AT_high_pc : 0x14 + <9b2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <9b4> DW_AT_GNU_all_tail_call_sites: 1 +@@ -954,7 +954,7 @@ Contents of the .debug_info.dwo section: + <9d3> DW_AT_specification: <0x8e0> + <9d7> DW_AT_decl_file : 2 + <9d8> DW_AT_decl_line : 88 +- <9d9> DW_AT_low_pc : (addr_index: 0x5): <no .debug_addr section> ++ <9d9> DW_AT_low_pc : (addr_index: 0x5): 0 + <9da> DW_AT_high_pc : 0xf + <9e2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <9e4> DW_AT_object_pointer: <0x9ec> +@@ -976,7 +976,7 @@ Contents of the .debug_info.dwo section: + <a06> DW_AT_decl_line : 96 + <a07> DW_AT_linkage_name: _Z3f13v + <a0f> DW_AT_type : <0xa1e> +- <a13> DW_AT_low_pc : (addr_index: 0x6): <no .debug_addr section> ++ <a13> DW_AT_low_pc : (addr_index: 0x6): 0 + <a14> DW_AT_high_pc : 0xb + <a1c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <a1e> DW_AT_GNU_all_call_sites: 1 +@@ -990,7 +990,7 @@ Contents of the .debug_info.dwo section: + <a2a> DW_AT_decl_line : 104 + <a2b> DW_AT_linkage_name: _Z3f14v + <a33> DW_AT_type : <0xa42> +- <a37> DW_AT_low_pc : (addr_index: 0x7): <no .debug_addr section> ++ <a37> DW_AT_low_pc : (addr_index: 0x7): 0 + <a38> DW_AT_high_pc : 0xb + <a40> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <a42> DW_AT_GNU_all_call_sites: 1 +@@ -1010,7 +1010,7 @@ Contents of the .debug_info.dwo section: + <a5b> DW_AT_decl_line : 112 + <a5c> DW_AT_linkage_name: _Z3f15v + <a64> DW_AT_type : <0xa73> +- <a68> DW_AT_low_pc : (addr_index: 0x8): <no .debug_addr section> ++ <a68> DW_AT_low_pc : (addr_index: 0x8): 0 + <a69> DW_AT_high_pc : 0xb + <a71> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <a73> DW_AT_GNU_all_call_sites: 1 +@@ -1030,7 +1030,7 @@ Contents of the .debug_info.dwo section: + <a8f> DW_AT_decl_line : 127 + <a90> DW_AT_linkage_name: _Z3f18i + <a98> DW_AT_type : <0xa42> +- <a9c> DW_AT_low_pc : (addr_index: 0x9): <no .debug_addr section> ++ <a9c> DW_AT_low_pc : (addr_index: 0x9): 0 + <a9d> DW_AT_high_pc : 0x44 + <aa5> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <aa7> DW_AT_GNU_all_call_sites: 1 diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch new file mode 100644 index 0000000000..0583bfcfab --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch @@ -0,0 +1,188 @@ +From ec41dd75c866599fc03c390c6afb5736c159c0ff Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 21 Jun 2022 16:37:27 +0100 +Subject: [PATCH] Binutils support for dwarf-5 (location and range lists + related) + + * dwarf.h (struct debug_info): Add rnglists_base field. + * dwarf.c (read_and_display_attr_value): Read attribute DW_AT_rnglists_base. + (display_debug_rnglists_list): While handling DW_RLE_base_addressx, + DW_RLE_startx_endx, DW_RLE_startx_length items, pass the proper parameter + value to fetch_indexed_addr(), i.e. fetch the proper entry in .debug_addr section. + (display_debug_ranges): Add rnglists_base to the .debug_rnglists base address. + (load_separate_debug_files): Load .debug_addr section, if exists. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/ChangeLog | 10 +++++++++ + binutils/dwarf.c | 53 ++++++++++++++++++++++++++++++++++------------ + binutils/dwarf.h | 1 + + 3 files changed, 51 insertions(+), 13 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index cb2523af1f3..30b64ac68a8 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -2812,7 +2812,12 @@ read_and_display_attr_value (unsigned lo + dwarf_vmatoa ("x", debug_info_p->cu_offset)); + debug_info_p->loclists_base = uvalue; + break; +- ++ case DW_AT_rnglists_base: ++ if (debug_info_p->rnglists_base) ++ warn (_("CU @ 0x%s has multiple rnglists_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->rnglists_base = uvalue; ++ break; + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -3303,6 +3308,7 @@ read_and_display_attr_value (unsigned lo + /* Fall through. */ + case DW_AT_location: + case DW_AT_loclists_base: ++ case DW_AT_rnglists_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3322,7 +3328,10 @@ read_and_display_attr_value (unsigned lo + && (form == DW_FORM_data4 || form == DW_FORM_data8)) + || form == DW_FORM_sec_offset + || form == DW_FORM_loclistx) +- printf (_(" (location list)")); ++ { ++ if (attribute != DW_AT_rnglists_base) ++ printf (_(" (location list)")); ++ } + /* Fall through. */ + case DW_AT_allocated: + case DW_AT_associated: +@@ -3809,6 +3818,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].range_lists = NULL; + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; ++ debug_information [unit].rnglists_base = 0; + } + + if (!do_loc && dwarf_start_die == 0) +@@ -7932,9 +7942,16 @@ display_debug_rnglists_list (unsigned ch + unsigned char * finish, + unsigned int pointer_size, + dwarf_vma offset, +- dwarf_vma base_address) ++ dwarf_vma base_address, ++ unsigned int offset_size) + { + unsigned char *next = start; ++ unsigned int debug_addr_section_hdr_len; ++ ++ if (offset_size == 4) ++ debug_addr_section_hdr_len = 8; ++ else ++ debug_addr_section_hdr_len = 16; + + while (1) + { +@@ -7964,20 +7981,24 @@ display_debug_rnglists_list (unsigned ch + READ_ULEB (base_address, start, finish); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address index) ")); +- base_address = fetch_indexed_addr (base_address, pointer_size); ++ base_address = fetch_indexed_addr ((base_address * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address)\n")); + break; + case DW_RLE_startx_endx: + READ_ULEB (begin, start, finish); + READ_ULEB (end, start, finish); +- begin = fetch_indexed_addr (begin, pointer_size); +- end = fetch_indexed_addr (begin, pointer_size); ++ begin = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); ++ end = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + break; + case DW_RLE_startx_length: + READ_ULEB (begin, start, finish); + READ_ULEB (length, start, finish); +- begin = fetch_indexed_addr (begin, pointer_size); ++ begin = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + end = begin + length; + break; + case DW_RLE_offset_pair: +@@ -8003,6 +8024,7 @@ display_debug_rnglists_list (unsigned ch + rlet = DW_RLE_end_of_list; + break; + } ++ + if (rlet == DW_RLE_end_of_list) + break; + if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx) +@@ -8043,6 +8065,7 @@ display_debug_ranges (struct dwarf_secti + /* Initialize it due to a false compiler warning. */ + unsigned char address_size = 0; + dwarf_vma last_offset = 0; ++ unsigned int offset_size = 0; + + if (bytes == 0) + { +@@ -8054,10 +8077,10 @@ display_debug_ranges (struct dwarf_secti + + if (is_rnglists) + { +- dwarf_vma initial_length; +- unsigned char segment_selector_size; +- unsigned int offset_size, offset_entry_count; +- unsigned short version; ++ dwarf_vma initial_length; ++ unsigned char segment_selector_size; ++ unsigned int offset_entry_count; ++ unsigned short version; + + /* Get and check the length of the block. */ + SAFE_BYTE_GET_AND_INC (initial_length, start, 4, finish); +@@ -8230,7 +8253,8 @@ display_debug_ranges (struct dwarf_secti + (unsigned long) offset, i); + continue; + } +- next = section_begin + offset; ++ ++ next = section_begin + offset + debug_info_p->rnglists_base; + + /* If multiple DWARF entities reference the same range then we will + have multiple entries in the `range_entries' list for the same +@@ -8262,7 +8286,7 @@ display_debug_ranges (struct dwarf_secti + + if (is_rnglists) + display_debug_rnglists_list +- (start, finish, pointer_size, offset, base_address); ++ (start, finish, pointer_size, offset, base_address, offset_size); + else + display_debug_ranges_list + (start, finish, pointer_size, offset, base_address); +@@ -11911,6 +11935,9 @@ load_separate_debug_files (void * file, + && load_debug_section (abbrev, file) + && load_debug_section (info, file)) + { ++ /* Load the .debug_addr section, if it exists. */ ++ load_debug_section (debug_addr, file); ++ + free_dwo_info (); + + if (process_debug_info (& debug_displays[info].section, file, abbrev, +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 040e674c6ce..8a89c08e7c2 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -192,6 +192,7 @@ typedef struct + dwarf_vma * range_lists; + unsigned int num_range_lists; + unsigned int max_range_lists; ++ dwarf_vma rnglists_base; + } + debug_info; + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch new file mode 100644 index 0000000000..56331b1128 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch @@ -0,0 +1,211 @@ +From f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199 Mon Sep 17 00:00:00 2001 +From: "Kumar N, Bhuvanendra" <Kavitha.Natarajan@amd.com> +Date: Wed, 22 Jun 2022 17:07:25 +0100 +Subject: [PATCH] Binutils support for split-dwarf and dwarf-5 + + * dwarf.c (fetch_indexed_string): Added new parameter + str_offsets_base to calculate the string offset. + (read_and_display_attr_value): Read DW_AT_str_offsets_base + attribute. + (process_debug_info): While allocating memory and initializing + debug_information, do it for do_debug_info also, if its true. + (load_separate_debug_files): Load .debug_str_offsets if exists. + * dwarf.h (struct debug_info): Add str_offsets_base field. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/ChangeLog | 13 ++++++++++- + binutils/dwarf.c | 57 ++++++++++++++++++++++++++++++++++------------ + binutils/dwarf.h | 1 + + 3 files changed, 56 insertions(+), 15 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index f9c46cf54dd..d9a3144023c 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -687,8 +687,11 @@ fetch_indirect_line_string (dwarf_vma of + } + + static const char * +-fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set, +- dwarf_vma offset_size, bool dwo) ++fetch_indexed_string (dwarf_vma idx, ++ struct cu_tu_set * this_set, ++ dwarf_vma offset_size, ++ bool dwo, ++ dwarf_vma str_offsets_base) + { + enum dwarf_section_display_enum str_sec_idx = dwo ? str_dwo : str; + enum dwarf_section_display_enum idx_sec_idx = dwo ? str_index_dwo : str_index; +@@ -776,7 +779,15 @@ fetch_indexed_string (dwarf_vma idx, str + return _("<index offset is too big>"); + } + +- str_offset = byte_get (curr + index_offset, offset_size); ++ if (str_offsets_base > 0) ++ { ++ if (offset_size == 8) ++ str_offsets_base -= 16; ++ else ++ str_offsets_base -= 8; ++ } ++ ++ str_offset = byte_get (curr + index_offset + str_offsets_base, offset_size); + str_offset -= str_section->address; + if (str_offset >= str_section->size) + { +@@ -2721,11 +2732,13 @@ read_and_display_attr_value (unsigned lo + /* We have already displayed the form name. */ + printf (_("%c(offset: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo)); ++ fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p->str_offsets_base)); + else + printf (_("%c(indexed string: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo)); ++ fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p->str_offsets_base)); + } + break; + +@@ -2800,7 +2813,7 @@ read_and_display_attr_value (unsigned lo + break; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && debug_info_p != NULL) + { +@@ -2818,6 +2831,13 @@ read_and_display_attr_value (unsigned lo + dwarf_vmatoa ("x", debug_info_p->cu_offset)); + debug_info_p->rnglists_base = uvalue; + break; ++ case DW_AT_str_offsets_base: ++ if (debug_info_p->str_offsets_base) ++ warn (_("CU @ 0x%s has multiple str_offsets_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->str_offsets_base = uvalue; ++ break; ++ + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -2956,7 +2976,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx2: + case DW_FORM_strx3: + case DW_FORM_strx4: +- add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset); ++ add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false, ++ debug_info_p->str_offsets_base), ++ cu_offset); + break; + case DW_FORM_string: + add_dwo_name ((const char *) orig_data, cu_offset); +@@ -2988,7 +3010,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx2: + case DW_FORM_strx3: + case DW_FORM_strx4: +- add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset); ++ add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false, ++ debug_info_p->str_offsets_base), ++ cu_offset); + break; + case DW_FORM_string: + add_dwo_dir ((const char *) orig_data, cu_offset); +@@ -3309,6 +3333,7 @@ read_and_display_attr_value (unsigned lo + case DW_AT_location: + case DW_AT_loclists_base: + case DW_AT_rnglists_base: ++ case DW_AT_str_offsets_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3329,7 +3354,8 @@ read_and_display_attr_value (unsigned lo + || form == DW_FORM_sec_offset + || form == DW_FORM_loclistx) + { +- if (attribute != DW_AT_rnglists_base) ++ if (attribute != DW_AT_rnglists_base ++ && attribute != DW_AT_str_offsets_base) + printf (_(" (location list)")); + } + /* Fall through. */ +@@ -3562,7 +3588,7 @@ process_debug_info (struct dwarf_section + return false; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && ! do_types) + { +@@ -3797,7 +3823,7 @@ process_debug_info (struct dwarf_section + continue; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && alloc_num_debug_info_entries > unit + && ! do_types) +@@ -3819,6 +3845,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; + debug_information [unit].rnglists_base = 0; ++ debug_information [unit].str_offsets_base = 0; + } + + if (!do_loc && dwarf_start_die == 0) +@@ -4089,7 +4116,7 @@ process_debug_info (struct dwarf_section + + /* Set num_debug_info_entries here so that it can be used to check if + we need to process .debug_loc and .debug_ranges sections. */ +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && ! do_types) + { +@@ -6237,7 +6264,7 @@ display_debug_macro (struct dwarf_sectio + READ_ULEB (lineno, curr, end); + READ_ULEB (offset, curr, end); + string = (const unsigned char *) +- fetch_indexed_string (offset, NULL, offset_size, false); ++ fetch_indexed_string (offset, NULL, offset_size, false, 0); + if (op == DW_MACRO_define_strx) + printf (" DW_MACRO_define_strx "); + else +@@ -7851,7 +7878,7 @@ display_debug_str_offsets (struct dwarf_ + SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, entries_end); + if (dwo) + string = (const unsigned char *) +- fetch_indexed_string (idx, NULL, entry_length, dwo); ++ fetch_indexed_string (idx, NULL, entry_length, dwo, 0); + else + string = fetch_indirect_string (offset); + +@@ -11937,6 +11964,8 @@ load_separate_debug_files (void * file, + { + /* Load the .debug_addr section, if it exists. */ + load_debug_section (debug_addr, file); ++ /* Load the .debug_str_offsets section, if it exists. */ ++ load_debug_section (str_index, file); + + free_dwo_info (); + +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 8a89c08e7c2..adbf20f9a28 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -193,6 +193,7 @@ typedef struct + unsigned int num_range_lists; + unsigned int max_range_lists; + dwarf_vma rnglists_base; ++ dwarf_vma str_offsets_base; + } + debug_info; + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch new file mode 100644 index 0000000000..e59b19c184 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch @@ -0,0 +1,43 @@ +From e98e7d9a70dcc987bff0e925f20b78cd4a2979ed Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 27 Jun 2022 13:30:35 +0100 +Subject: [PATCH] Fix NULL pointer indirection when parsing corrupt DWARF data. + + PR 29290 + * dwarf.c (read_and_display_attr_value): Check that debug_info_p + is set before dereferencing it. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/dwarf.c | 11 +++++------ + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index bcabb61b871..37b477b886d 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -2727,18 +2727,17 @@ read_and_display_attr_value (unsigned lo + { + const char *suffix = strrchr (section->name, '.'); + bool dwo = suffix && strcmp (suffix, ".dwo") == 0; ++ const char *strng; + ++ strng = fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p ? debug_info_p->str_offsets_base : 0); + if (do_wide) + /* We have already displayed the form name. */ + printf (_("%c(offset: 0x%s): %s"), delimiter, +- dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo, +- debug_info_p->str_offsets_base)); ++ dwarf_vmatoa ("x", uvalue), strng); + else + printf (_("%c(indexed string: 0x%s): %s"), delimiter, +- dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo, +- debug_info_p->str_offsets_base)); ++ dwarf_vmatoa ("x", uvalue), strng); + } + break; + diff --git a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake index 86446c3ace..3ddef12c83 100644 --- a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake +++ b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -1,7 +1,6 @@ set( CMAKE_SYSTEM_NAME Linux ) set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE ) set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS} CACHE STRING "" FORCE ) -set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} ) set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} ) diff --git a/poky/meta/recipes-devtools/gcc/gcc-11.3.inc b/poky/meta/recipes-devtools/gcc/gcc-11.3.inc index 2cebeb2bc8..27074a06ae 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-11.3.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-11.3.inc @@ -65,7 +65,12 @@ SRC_URI = "\ file://0003-CVE-2021-42574.patch \ file://0004-CVE-2021-42574.patch \ file://0001-CVE-2021-46195.patch \ + file://0001-aarch64-Update-Neoverse-N2-core-defini.patch \ + file://0002-aarch64-add-armv9-a-to-march.patch \ + file://0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch \ + file://0004-arm-add-armv9-a-architecture-to-march.patch \ " + SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39" S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}" diff --git a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc index a87b446c4f..c36e4cba81 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc @@ -9,6 +9,7 @@ GCCMULTILIB = "--enable-multilib" require gcc-configure-common.inc +EXTRA_OECONF += "--with-plugin-ld=ld" EXTRA_OECONF_PATHS = "\ --with-gxx-include-dir=/not/exist${target_includedir}/c++/${BINV} \ --with-build-time-tools=${STAGING_DIR_NATIVE}${prefix_native}/${TARGET_SYS}/bin \ @@ -134,8 +135,6 @@ do_install () { ln -sf ${BINRELPATH}/${TARGET_PREFIX}$t$suffix $dest$t$suffix done - t=real-ld - ln -sf ${BINRELPATH}/${TARGET_PREFIX}ld$suffix $dest$t$suffix # libquadmath headers need to be available in the gcc libexec dir install -d ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/ diff --git a/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc b/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc index 26bfed9507..2dbbc23c94 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc @@ -154,7 +154,7 @@ python gcc_multilib_setup() { gcc_header_config_files = { 'x86_64' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], 'i586' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], - 'i686' : ['gcc/config/linux.h', 'gcc/config/i386/linux64.h'], + 'i686' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], 'mips' : ['gcc/config/linux.h', 'gcc/config/mips/linux.h', 'gcc/config/mips/linux64.h'], 'mips64' : ['gcc/config/linux.h', 'gcc/config/mips/linux.h', 'gcc/config/mips/linux64.h'], 'powerpc' : ['gcc/config/linux.h', 'gcc/config/rs6000/linux64.h'], diff --git a/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch new file mode 100644 index 0000000000..8429242348 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch @@ -0,0 +1,42 @@ +From 9f37d31324f89d0b7b2abac988a976d121ae29c6 Mon Sep 17 00:00:00 2001 +From: Andre Vieira <andre.simoesdiasvieira@arm.com> +Date: Thu, 8 Sep 2022 06:02:18 +0000 +Subject: [PATCH 1/4] aarch64: Update Neoverse N2 core definition + +commit 9f37d31324f89d0b7b2abac988a976d121ae29c6 from upstream. + +gcc/ChangeLog: + + * config/aarch64/aarch64-cores.def: Update Neoverse N2 core entry. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> +--- + gcc/config/aarch64/aarch64-cores.def | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-cores.def +index 4643e0e27..3478e567a 100644 +--- a/gcc/config/aarch64/aarch64-cores.def ++++ b/gcc/config/aarch64/aarch64-cores.def +@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR + /* Qualcomm ('Q') cores. */ + AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1) + +-/* Armv8.5-A Architecture Processors. */ +-AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1) +- + /* ARMv8-A big.LITTLE implementations. */ + + AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1) +@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR + /* Armv8-R Architecture Processors. */ + AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1) + ++/* Armv9-A Architecture Processors. */ ++AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1) ++ + #undef AARCH64_CORE +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch b/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch new file mode 100644 index 0000000000..2b1c17f53e --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch @@ -0,0 +1,89 @@ +From d3cf45d15b2fabc767b2d10a0c6bb9fb845e4f99 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Wirkus <przemyslaw.wirkus@arm.com> +Date: Fri, 1 Oct 2021 10:06:45 +0100 +Subject: [PATCH 2/4] aarch64: add armv9-a to -march + +commit f0688d42c9b74a6999548ff2e79ae440b049b87f from upstream + +gcc/ChangeLog: + + * config/aarch64/aarch64-arches.def (AARCH64_ARCH): Added + armv9-a. + * config/aarch64/aarch64.h (AARCH64_FL_V9): New. + (AARCH64_FL_FOR_ARCH9): New flags for Armv9-A. + (AARCH64_ISA_V9): New ISA flag. + * doc/invoke.texi: Update docs. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> +--- + gcc/config/aarch64/aarch64-arches.def | 1 + + gcc/config/aarch64/aarch64.h | 5 +++++ + gcc/doc/invoke.texi | 3 +++ + 3 files changed, 9 insertions(+) + +diff --git a/gcc/config/aarch64/aarch64-arches.def b/gcc/config/aarch64/aarch64-arches.def +index b7497277b..c47ca622c 100644 +--- a/gcc/config/aarch64/aarch64-arches.def ++++ b/gcc/config/aarch64/aarch64-arches.def +@@ -38,5 +38,6 @@ AARCH64_ARCH("armv8.4-a", generic, 8_4A, 8, AARCH64_FL_FOR_ARCH8_4) + AARCH64_ARCH("armv8.5-a", generic, 8_5A, 8, AARCH64_FL_FOR_ARCH8_5) + AARCH64_ARCH("armv8.6-a", generic, 8_6A, 8, AARCH64_FL_FOR_ARCH8_6) + AARCH64_ARCH("armv8-r", generic, 8R , 8, AARCH64_FL_FOR_ARCH8_R) ++AARCH64_ARCH("armv9-a", generic, 9A , 9, AARCH64_FL_FOR_ARCH9) + + #undef AARCH64_ARCH +diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h +index bfffbcd6a..b914bfb5c 100644 +--- a/gcc/config/aarch64/aarch64.h ++++ b/gcc/config/aarch64/aarch64.h +@@ -230,6 +230,8 @@ extern unsigned aarch64_architecture_version; + + /* Pointer Authentication (PAUTH) extension. */ + #define AARCH64_FL_PAUTH (1ULL << 40) ++/* Armv9.0-A. */ ++#define AARCH64_FL_V9 (1ULL << 41) /* Armv9.0-A Architecture. */ + + /* Has FP and SIMD. */ + #define AARCH64_FL_FPSIMD (AARCH64_FL_FP | AARCH64_FL_SIMD) +@@ -257,6 +259,8 @@ extern unsigned aarch64_architecture_version; + | AARCH64_FL_I8MM | AARCH64_FL_BF16) + #define AARCH64_FL_FOR_ARCH8_R \ + (AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_V8_R) ++#define AARCH64_FL_FOR_ARCH9 \ ++ (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9) + + /* Macros to test ISA flags. */ + +@@ -295,6 +299,7 @@ extern unsigned aarch64_architecture_version; + #define AARCH64_ISA_SB (aarch64_isa_flags & AARCH64_FL_SB) + #define AARCH64_ISA_V8_R (aarch64_isa_flags & AARCH64_FL_V8_R) + #define AARCH64_ISA_PAUTH (aarch64_isa_flags & AARCH64_FL_PAUTH) ++#define AARCH64_ISA_V9 (aarch64_isa_flags & AARCH64_FL_V9) + + /* Crypto is an optional extension to AdvSIMD. */ + #define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO) +diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +index c47cfd472..7184a62d0 100644 +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -18270,6 +18270,8 @@ and the features that they enable by default: + @item @samp{armv8.4-a} @tab Armv8.4-A @tab @samp{armv8.3-a}, @samp{+flagm}, @samp{+fp16fml}, @samp{+dotprod} + @item @samp{armv8.5-a} @tab Armv8.5-A @tab @samp{armv8.4-a}, @samp{+sb}, @samp{+ssbs}, @samp{+predres} + @item @samp{armv8.6-a} @tab Armv8.6-A @tab @samp{armv8.5-a}, @samp{+bf16}, @samp{+i8mm} ++@item @samp{armv8.7-a} @tab Armv8.7-A @tab @samp{armv8.6-a}, @samp{+ls64} ++@item @samp{armv9-a} @tab Armv9-A @tab @samp{armv8.5-a}, @samp{+sve}, @samp{+sve2} + @item @samp{armv8-r} @tab Armv8-R @tab @samp{armv8-r} + @end multitable + +@@ -19692,6 +19694,7 @@ Permissible names are: + @samp{armv8.4-a}, + @samp{armv8.5-a}, + @samp{armv8.6-a}, ++@samp{armv9-a}, + @samp{armv7-r}, + @samp{armv8-r}, + @samp{armv6-m}, @samp{armv6s-m}, +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch b/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch new file mode 100644 index 0000000000..2e85384b43 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch @@ -0,0 +1,38 @@ +From 49bfa1927813ae898dfa4e0d2bbde033c353e3dc Mon Sep 17 00:00:00 2001 +From: Andre Vieira <andre.simoesdiasvieira@arm.com> +Date: Tue, 22 Mar 2022 11:44:06 +0000 +Subject: [PATCH 3/4] aarch64: Enable FP16 feature by default for Armv9 + +commit 0bae246acc758d4b11dd575b05207fd69169109b from upstream + +This patch adds the feature bit for FP16 to the feature set for Armv9 since +Armv9 requires SVE to be implemented and SVE requires FP16 to be implemented. + +2022-03-22 Andre Vieira <andre.simoesdiasvieira@arm.com> + + * config/aarch64/aarch64.h (AARCH64_FL_FOR_ARCH9): Add FP16 feature + bit. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> +--- + gcc/config/aarch64/aarch64.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h +index b914bfb5c..55b60d540 100644 +--- a/gcc/config/aarch64/aarch64.h ++++ b/gcc/config/aarch64/aarch64.h +@@ -260,7 +260,8 @@ extern unsigned aarch64_architecture_version; + #define AARCH64_FL_FOR_ARCH8_R \ + (AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_V8_R) + #define AARCH64_FL_FOR_ARCH9 \ +- (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9) ++ (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9 \ ++ | AARCH64_FL_F16) + + /* Macros to test ISA flags. */ + +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch new file mode 100644 index 0000000000..c38d1b9119 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch @@ -0,0 +1,294 @@ +From e66a37acae62236611f951e706e9a2bfbd753f39 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Wirkus <przemyslaw.wirkus@arm.com> +Date: Tue, 9 Nov 2021 09:40:05 +0000 +Subject: [PATCH 4/4] arm: add armv9-a architecture to -march + +commit 32ba7860ccaddd5219e6dae94a3d0653e124c9dd from upstream + +In this patch: + + Add `armv9-a` to -march. + + Update multilib with armv9-a and armv9-a+simd. + +gcc/ChangeLog: + + * config/arm/arm-cpus.in (armv9): New define. + (ARMv9a): New group. + (armv9-a): New arch definition. + * config/arm/arm-tables.opt: Regenerate. + * config/arm/arm.h (BASE_ARCH_9A): New arch enum value. + * config/arm/t-aprofile: Added armv9-a and armv9+simd. + * config/arm/t-arm-elf: Added arm9-a, v9_fps and all_v9_archs + to MULTILIB_MATCHES. + * config/arm/t-multilib: Added v9_a_nosimd_variants and + v9_a_simd_variants to MULTILIB_MATCHES. + * doc/invoke.texi: Update docs. + +gcc/testsuite/ChangeLog: + + * gcc.target/arm/multilib.exp: Update test with armv9-a entries. + * lib/target-supports.exp (v9a): Add new armflag. + (__ARM_ARCH_9A__): Add new armdef. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> +--- + gcc/config/arm/arm-cpus.in | 19 +++++++++++++++++ + gcc/config/arm/arm-tables.opt | 7 +++++-- + gcc/config/arm/arm.h | 3 ++- + gcc/config/arm/t-aprofile | 25 +++++++++++++++++++---- + gcc/config/arm/t-arm-elf | 9 ++++++++ + gcc/config/arm/t-multilib | 12 +++++++++++ + gcc/doc/invoke.texi | 1 + + gcc/testsuite/gcc.target/arm/multilib.exp | 8 ++++++++ + gcc/testsuite/lib/target-supports.exp | 3 ++- + 9 files changed, 79 insertions(+), 8 deletions(-) + +diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in +index bcc9ebe9f..58d83829c 100644 +--- a/gcc/config/arm/arm-cpus.in ++++ b/gcc/config/arm/arm-cpus.in +@@ -132,6 +132,9 @@ define feature cmse + # Architecture rel 8.1-M. + define feature armv8_1m_main + ++# Architecture rel 9.0. ++define feature armv9 ++ + # Floating point and Neon extensions. + # VFPv1 is not supported in GCC. + +@@ -293,6 +296,7 @@ define fgroup ARMv8m_base ARMv6m armv8 cmse tdiv + define fgroup ARMv8m_main ARMv7m armv8 cmse + define fgroup ARMv8r ARMv8a + define fgroup ARMv8_1m_main ARMv8m_main armv8_1m_main ++define fgroup ARMv9a ARMv8_5a armv9 + + # Useful combinations. + define fgroup VFPv2 vfpv2 +@@ -751,6 +755,21 @@ begin arch armv8.1-m.main + option cdecp7 add cdecp7 + end arch armv8.1-m.main + ++begin arch armv9-a ++ tune for cortex-a53 ++ tune flags CO_PROC ++ base 9A ++ profile A ++ isa ARMv9a ++ option simd add FP_ARMv8 DOTPROD ++ option fp16 add fp16 fp16fml FP_ARMv8 DOTPROD ++ option crypto add FP_ARMv8 CRYPTO DOTPROD ++ option nocrypto remove ALL_CRYPTO ++ option nofp remove ALL_FP ++ option i8mm add i8mm FP_ARMv8 DOTPROD ++ option bf16 add bf16 FP_ARMv8 DOTPROD ++end arch armv9-a ++ + begin arch iwmmxt + tune for iwmmxt + tune flags LDSCHED STRONG XSCALE +diff --git a/gcc/config/arm/arm-tables.opt b/gcc/config/arm/arm-tables.opt +index 5692d4fb7..ae3dd9414 100644 +--- a/gcc/config/arm/arm-tables.opt ++++ b/gcc/config/arm/arm-tables.opt +@@ -380,10 +380,13 @@ EnumValue + Enum(arm_arch) String(armv8.1-m.main) Value(30) + + EnumValue +-Enum(arm_arch) String(iwmmxt) Value(31) ++Enum(arm_arch) String(armv9-a) Value(31) + + EnumValue +-Enum(arm_arch) String(iwmmxt2) Value(32) ++Enum(arm_arch) String(iwmmxt) Value(32) ++ ++EnumValue ++Enum(arm_arch) String(iwmmxt2) Value(33) + + Enum + Name(arm_fpu) Type(enum fpu_type) +diff --git a/gcc/config/arm/arm.h b/gcc/config/arm/arm.h +index 47c13a9e5..088c7725c 100644 +--- a/gcc/config/arm/arm.h ++++ b/gcc/config/arm/arm.h +@@ -456,7 +456,8 @@ enum base_architecture + BASE_ARCH_8A = 8, + BASE_ARCH_8M_BASE = 8, + BASE_ARCH_8M_MAIN = 8, +- BASE_ARCH_8R = 8 ++ BASE_ARCH_8R = 8, ++ BASE_ARCH_9A = 9 + }; + + /* The major revision number of the ARM Architecture implemented by the target. */ +diff --git a/gcc/config/arm/t-aprofile b/gcc/config/arm/t-aprofile +index 8574ac3e2..68e2251c7 100644 +--- a/gcc/config/arm/t-aprofile ++++ b/gcc/config/arm/t-aprofile +@@ -26,8 +26,8 @@ + + # Arch and FPU variants to build libraries with + +-MULTI_ARCH_OPTS_A = march=armv7-a/march=armv7-a+fp/march=armv7-a+simd/march=armv7ve+simd/march=armv8-a/march=armv8-a+simd +-MULTI_ARCH_DIRS_A = v7-a v7-a+fp v7-a+simd v7ve+simd v8-a v8-a+simd ++MULTI_ARCH_OPTS_A = march=armv7-a/march=armv7-a+fp/march=armv7-a+simd/march=armv7ve+simd/march=armv8-a/march=armv8-a+simd/march=armv9-a/march=armv9-a+simd ++MULTI_ARCH_DIRS_A = v7-a v7-a+fp v7-a+simd v7ve+simd v8-a v8-a+simd v9-a v9-a+simd + + # ARMv7-A - build nofp, fp-d16 and SIMD variants + +@@ -46,6 +46,11 @@ MULTILIB_REQUIRED += mthumb/march=armv8-a/mfloat-abi=soft + MULTILIB_REQUIRED += mthumb/march=armv8-a+simd/mfloat-abi=hard + MULTILIB_REQUIRED += mthumb/march=armv8-a+simd/mfloat-abi=softfp + ++# Armv9-A - build nofp and SIMD variants. ++MULTILIB_REQUIRED += mthumb/march=armv9-a/mfloat-abi=soft ++MULTILIB_REQUIRED += mthumb/march=armv9-a+simd/mfloat-abi=hard ++MULTILIB_REQUIRED += mthumb/march=armv9-a+simd/mfloat-abi=softfp ++ + # Matches + + # Arch Matches +@@ -129,17 +134,29 @@ MULTILIB_MATCHES += march?armv8-a=march?armv8.6-a + MULTILIB_MATCHES += $(foreach ARCH, $(v8_6_a_simd_variants), \ + march?armv8-a+simd=march?armv8.6-a$(ARCH)) + ++# Armv9 without SIMD: map down to base architecture ++MULTILIB_MATCHES += $(foreach ARCH, $(v9_a_nosimd_variants), \ ++ march?armv9-a=march?armv9-a$(ARCH)) ++ ++# Armv9 with SIMD: map down to base arch + simd ++MULTILIB_MATCHES += march?armv9-a+simd=march?armv9-a+crc+simd \ ++ $(foreach ARCH, $(filter-out +simd, $(v9_a_simd_variants)), \ ++ march?armv9-a+simd=march?armv9-a$(ARCH) \ ++ march?armv9-a+simd=march?armv9-a+crc$(ARCH)) ++ + # Use Thumb libraries for everything. + + MULTILIB_REUSE += mthumb/march.armv7-a/mfloat-abi.soft=marm/march.armv7-a/mfloat-abi.soft + + MULTILIB_REUSE += mthumb/march.armv8-a/mfloat-abi.soft=marm/march.armv8-a/mfloat-abi.soft + ++MULTILIB_REUSE += mthumb/march.armv9-a/mfloat-abi.soft=marm/march.armv9-a/mfloat-abi.soft ++ + MULTILIB_REUSE += $(foreach ABI, hard softfp, \ +- $(foreach ARCH, armv7-a+fp armv7-a+simd armv7ve+simd armv8-a+simd, \ ++ $(foreach ARCH, armv7-a+fp armv7-a+simd armv7ve+simd armv8-a+simd armv9-a+simd, \ + mthumb/march.$(ARCH)/mfloat-abi.$(ABI)=marm/march.$(ARCH)/mfloat-abi.$(ABI))) + + # Softfp but no FP, use the soft-float libraries. + MULTILIB_REUSE += $(foreach MODE, arm thumb, \ +- $(foreach ARCH, armv7-a armv8-a, \ ++ $(foreach ARCH, armv7-a armv8-a armv9-a, \ + mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp)) +diff --git a/gcc/config/arm/t-arm-elf b/gcc/config/arm/t-arm-elf +index d68def308..b3a900e8c 100644 +--- a/gcc/config/arm/t-arm-elf ++++ b/gcc/config/arm/t-arm-elf +@@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp16 vfpv3-fp16 vfpv4 neon \ + # it seems to work ok. + v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml + ++v9_fps := simd fp16 crypto fp16+crypto dotprod fp16fml ++ + # We don't do anything special with these. Pre-v4t probably doesn't work. + all_early_nofp := armv4 armv4t armv5t + +@@ -49,6 +51,8 @@ all_v7_a_r := armv7-a armv7ve armv7-r + all_v8_archs := armv8-a armv8-a+crc armv8.1-a armv8.2-a armv8.3-a armv8.4-a \ + armv8.5-a armv8.6-a + ++all_v9_archs := armv9-a ++ + # No floating point variants, require thumb1 softfp + all_nofp_t := armv6-m armv6s-m armv8-m.base + +@@ -110,6 +114,11 @@ MULTILIB_MATCHES += $(foreach ARCH, $(all_v8_archs), \ + $(foreach FPARCH, $(v8_fps), \ + march?armv7+fp=march?$(ARCH)+$(FPARCH))) + ++MULTILIB_MATCHES += $(foreach ARCH, $(all_v9_archs), \ ++ march?armv7+fp=march?$(ARCH) \ ++ $(foreach FPARCH, $(v9_fps), \ ++ march?armv7+fp=march?$(ARCH)+$(FPARCH))) ++ + MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \ + march?armv7+fp=march?$(ARCH)+fp.dp) + +diff --git a/gcc/config/arm/t-multilib b/gcc/config/arm/t-multilib +index ddc5033bf..d789b86ee 100644 +--- a/gcc/config/arm/t-multilib ++++ b/gcc/config/arm/t-multilib +@@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_r_nosimd_variants := +crc ++v9_a_nosimd_variants := +crc ++v9_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + + ifneq (,$(HAS_APROFILE)) + include $(srcdir)/config/arm/t-aprofile +@@ -202,6 +204,16 @@ MULTILIB_MATCHES += march?armv7=march?armv8.6-a + MULTILIB_MATCHES += $(foreach ARCH, $(v8_6_a_simd_variants), \ + march?armv7+fp=march?armv8.6-a$(ARCH)) + ++# Armv9 ++MULTILIB_MATCHES += march?armv7=march?armv9-a ++MULTILIB_MATCHES += $(foreach ARCH, $(v9_a_nosimd_variants), \ ++ march?armv7=march?armv9-a$(ARCH)) ++ ++# Armv9 with SIMD ++MULTILIB_MATCHES += march?armv7+fp=march?armv9-a+crc+simd \ ++ $(foreach ARCH, $(v9_a_simd_variants), \ ++ march?armv7+fp=march?armv9-a$(ARCH) \ ++ march?armv7+fp=march?armv9-a+crc$(ARCH)) + endif # Not APROFILE. + + # Use Thumb libraries for everything. +diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +index 7184a62d0..9a712c0d6 100644 +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -19701,6 +19701,7 @@ Permissible names are: + @samp{armv7-m}, @samp{armv7e-m}, + @samp{armv8-m.base}, @samp{armv8-m.main}, + @samp{armv8.1-m.main}, ++@samp{armv9-a}, + @samp{iwmmxt} and @samp{iwmmxt2}. + + Additionally, the following architectures, which lack support for the +diff --git a/gcc/testsuite/gcc.target/arm/multilib.exp b/gcc/testsuite/gcc.target/arm/multilib.exp +index 4b30025db..e3f06c316 100644 +--- a/gcc/testsuite/gcc.target/arm/multilib.exp ++++ b/gcc/testsuite/gcc.target/arm/multilib.exp +@@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } { + {-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp" + {-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" + {-march=armv8.6-a+simd+nofp+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp" ++ {-march=armv9-a+crypto -mfloat-abi=soft} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+crypto -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+simd+crypto+nofp -mfloat-abi=softfp} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+nofp+crypto -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+fp16 -mfloat-abi=soft} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+fp16 -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+nofp+fp16 -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" + {-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard" + {-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" + {-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard" +diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp +index 857e57218..52e043917 100644 +--- a/gcc/testsuite/lib/target-supports.exp ++++ b/gcc/testsuite/lib/target-supports.exp +@@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } { + v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft" + __ARM_ARCH_8M_BASE__ + v8m_main "-march=armv8-m.main -mthumb" __ARM_ARCH_8M_MAIN__ +- v8_1m_main "-march=armv8.1-m.main -mthumb" __ARM_ARCH_8M_MAIN__ } { ++ v8_1m_main "-march=armv8.1-m.main -mthumb" __ARM_ARCH_8M_MAIN__ ++ v9a "-march=armv9-a" __ARM_ARCH_9A__ } { + eval [string map [list FUNC $armfunc FLAG $armflag DEFS $armdefs ] { + proc check_effective_target_arm_arch_FUNC_ok { } { + return [check_no_compiler_messages arm_arch_FUNC_ok assembly { +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/go/go-1.17.12.inc b/poky/meta/recipes-devtools/go/go-1.17.13.inc index 77a983f9d0..b18de66f42 100644 --- a/poky/meta/recipes-devtools/go/go-1.17.12.inc +++ b/poky/meta/recipes-devtools/go/go-1.17.13.inc @@ -16,8 +16,9 @@ SRC_URI += "\ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ + file://CVE-2022-27664.patch \ " -SRC_URI[main.sha256sum] = "0d51b5b3f280c0f01f534598c0219db5878f337da6137a9ee698777413607209" +SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch new file mode 100644 index 0000000000..fba4f054ee --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch @@ -0,0 +1,102 @@ +From 5bc9106458fc07851ac324a4157132a91b1f3479 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Mon, 22 Aug 2022 16:21:02 -0700 +Subject: [PATCH] [release-branch.go1.18] net/http: update bundled + golang.org/x/net/http2 + +Disable cmd/internal/moddeps test, since this update includes PRIVATE +track fixes. + +Fixes CVE-2022-27664 +Fixes #53977 +For #54658. + +Change-Id: I84b0b8f61e49e15ef55ef8d738730107a3cf849b +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1554415 +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Tatiana Bradley <tatianabradley@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/428635 +Reviewed-by: Tatiana Bradley <tatiana@golang.org> +Run-TryBot: Michael Knyszek <mknyszek@google.com> +TryBot-Result: Gopher Robot <gobot@golang.org> +Reviewed-by: Carlos Amedee <carlos@golang.org> + +Upstream-Status: Backport +CVE: CVE-2022-27664 + +Reference to upstream patch: https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 +Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> +--- + src/cmd/internal/moddeps/moddeps_test.go | 2 ++ + src/net/http/h2_bundle.go | 21 +++++++++++++-------- + 2 files changed, 15 insertions(+), 8 deletions(-) + +diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go +index 56c3b2585c..3306e29431 100644 +--- a/src/cmd/internal/moddeps/moddeps_test.go ++++ b/src/cmd/internal/moddeps/moddeps_test.go +@@ -34,6 +34,8 @@ import ( + // See issues 36852, 41409, and 43687. + // (Also see golang.org/issue/27348.) + func TestAllDependencies(t *testing.T) { ++ t.Skip("TODO(#53977): 1.18.5 contains unreleased changes from vendored modules") ++ + goBin := testenv.GoToolPath(t) + + // Ensure that all packages imported within GOROOT +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index bb82f24585..1e78f6cdb9 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -3384,10 +3384,11 @@ func (s http2SettingID) String() string { + // name (key). See httpguts.ValidHeaderName for the base rules. + // + // Further, http2 says: +-// "Just as in HTTP/1.x, header field names are strings of ASCII +-// characters that are compared in a case-insensitive +-// fashion. However, header field names MUST be converted to +-// lowercase prior to their encoding in HTTP/2. " ++// ++// "Just as in HTTP/1.x, header field names are strings of ASCII ++// characters that are compared in a case-insensitive ++// fashion. However, header field names MUST be converted to ++// lowercase prior to their encoding in HTTP/2. " + func http2validWireHeaderFieldName(v string) bool { + if len(v) == 0 { + return false +@@ -3578,8 +3579,8 @@ func (s *http2sorter) SortStrings(ss []string) { + // validPseudoPath reports whether v is a valid :path pseudo-header + // value. It must be either: + // +-// *) a non-empty string starting with '/' +-// *) the string '*', for OPTIONS requests. ++// *) a non-empty string starting with '/' ++// *) the string '*', for OPTIONS requests. + // + // For now this is only used a quick check for deciding when to clean + // up Opaque URLs before sending requests from the Transport. +@@ -5053,6 +5054,9 @@ func (sc *http2serverConn) startGracefulShutdownInternal() { + func (sc *http2serverConn) goAway(code http2ErrCode) { + sc.serveG.check() + if sc.inGoAway { ++ if sc.goAwayCode == http2ErrCodeNo { ++ sc.goAwayCode = code ++ } + return + } + sc.inGoAway = true +@@ -6265,8 +6269,9 @@ func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { + // prior to the headers being written. If the set of trailers is fixed + // or known before the header is written, the normal Go trailers mechanism + // is preferred: +-// https://golang.org/pkg/net/http/#ResponseWriter +-// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers ++// ++// https://golang.org/pkg/net/http/#ResponseWriter ++// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers + const http2TrailerPrefix = "Trailer:" + + // promoteUndeclaredTrailers permits http.Handlers to set trailers +-- +2.36.1 + diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb index b034950721..4ee0148417 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "6e5203fbdcade4aa4331e441fd2e1db8444681a6a6c72886a37ddd11caa415d4" -SRC_URI[go_linux_arm64.sha256sum] = "74a4832d0f150a2d768a6781553494ba84152e854ebef743c4092cd9d1f66a9f" +SRC_URI[go_linux_amd64.sha256sum] = "4cdd2bc664724dc7db94ad51b503512c5ae7220951cac568120f64f8e94399fc" +SRC_URI[go_linux_arm64.sha256sum] = "914daad3f011cc2014dea799bb7490442677e4ad6de0b2ac3ded6cee7e3f493d" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.17.12.bb b/poky/meta/recipes-devtools/go/go-cross_1.17.13.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.17.13.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.17.12.bb b/poky/meta/recipes-devtools/go/go-native_1.17.13.bb index 76c0ab73a6..ddf25b2c9b 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.17.13.bb @@ -5,7 +5,7 @@ require go-${PV}.inc inherit native -SRC_URI:append = " https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" +SRC_URI += "https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" export GOOS = "${BUILD_GOOS}" diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb b/poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb diff --git a/poky/meta/recipes-devtools/go/go_1.17.12.bb b/poky/meta/recipes-devtools/go/go_1.17.13.bb index 34dc89bb0c..34dc89bb0c 100644 --- a/poky/meta/recipes-devtools/go/go_1.17.12.bb +++ b/poky/meta/recipes-devtools/go/go_1.17.13.bb diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index e7ef6a730c..c34580b4ff 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35" +SRCREV = "c9670c27ff67ab899007ce749254b16091577e55" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb b/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb index 09a305edf8..6e28b87ba3 100644 --- a/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb +++ b/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb @@ -55,6 +55,8 @@ RDEPENDS:${PN} = "\ python3-unixadmin \ python3-xmlrpc \ python3-pickle \ + python3-distutils \ + python3-image \ " BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb b/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb index 4abd181acf..e374979cb4 100644 --- a/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb +++ b/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb @@ -13,7 +13,7 @@ UPSTREAM_CHECK_REGEX = "/rfc3986-validator/(?P<pver>(\d+[\.\-_]*)+)/" inherit pypi setuptools3 -SRC_URI:append = " \ +SRC_URI += "\ file://0001-setup.py-move-pytest-runner-to-test_requirements.patch \ " diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 54a68e1730..a493ac8add 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -36,6 +36,13 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-4206.patch \ file://CVE-2021-4207.patch \ file://CVE-2022-35414.patch \ + file://CVE-2021-3507_1.patch \ + file://CVE-2021-3507_2.patch \ + file://CVE-2021-3929.patch \ + file://CVE-2021-4158.patch \ + file://CVE-2022-0358.patch \ + file://CVE-2022-0216_1.patch \ + file://CVE-2022-0216_2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch new file mode 100644 index 0000000000..4201610f4d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch @@ -0,0 +1,92 @@ +From 963ac2cd5186b28fbfdecd15ac43afe1dbaf871a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> +Date: Thu, 18 Nov 2021 12:57:32 +0100 +Subject: [PATCH 1/2] hw/block/fdc: Prevent end-of-track overrun + (CVE-2021-3507) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per the 82078 datasheet, if the end-of-track (EOT byte in +the FIFO) is more than the number of sectors per side, the +command is terminated unsuccessfully: + +* 5.2.5 DATA TRANSFER TERMINATION + + The 82078 supports terminal count explicitly through + the TC pin and implicitly through the underrun/over- + run and end-of-track (EOT) functions. For full sector + transfers, the EOT parameter can define the last + sector to be transferred in a single or multisector + transfer. If the last sector to be transferred is a par- + tial sector, the host can stop transferring the data in + mid-sector, and the 82078 will continue to complete + the sector as if a hardware TC was received. The + only difference between these implicit functions and + TC is that they return "abnormal termination" result + status. Such status indications can be ignored if they + were expected. + +* 6.1.3 READ TRACK + + This command terminates when the EOT specified + number of sectors have been read. If the 82078 + does not find an I D Address Mark on the diskette + after the second· occurrence of a pulse on the + INDX# pin, then it sets the IC code in Status Regis- + ter 0 to "01" (Abnormal termination), sets the MA bit + in Status Register 1 to "1", and terminates the com- + mand. + +* 6.1.6 VERIFY + + Refer to Table 6-6 and Table 6-7 for information + concerning the values of MT and EC versus SC and + EOT value. + +* Table 6·6. Result Phase Table + +* Table 6-7. Verify Command Result Phase Table + +Fix by aborting the transfer when EOT > # Sectors Per Side. + +Cc: qemu-stable@nongnu.org +Cc: Hervé Poussineau <hpoussin@reactos.org> +Fixes: baca51faff0 ("floppy driver: disk geometry auto detect") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/339 +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-Id: <20211118115733.4038610-2-philmd@redhat.com> +Reviewed-by: Hanna Reitz <hreitz@redhat.com> +Signed-off-by: Kevin Wolf <kwolf@redhat.com> + +Upstream-Status: Backport [defac5e2fbddf8423a354ff0454283a2115e1367] +CVE: CVE-2021-3507 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/block/fdc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index 21d18ac2e..24b05406e 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1529,6 +1529,14 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction) + int tmp; + fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]); + tmp = (fdctrl->fifo[6] - ks + 1); ++ if (tmp < 0) { ++ FLOPPY_DPRINTF("invalid EOT: %d\n", tmp); ++ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00); ++ fdctrl->fifo[3] = kt; ++ fdctrl->fifo[4] = kh; ++ fdctrl->fifo[5] = ks; ++ return; ++ } + if (fdctrl->fifo[0] & 0x80) + tmp += fdctrl->fifo[6]; + fdctrl->data_len *= tmp; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch new file mode 100644 index 0000000000..9f00d9c0d0 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch @@ -0,0 +1,115 @@ +From ec5725982f811d9728ad1f9940df0e9349397e67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> +Date: Thu, 18 Nov 2021 12:57:33 +0100 +Subject: [PATCH 2/2] tests/qtest/fdc-test: Add a regression test for + CVE-2021-3507 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339 + +Without the previous commit, when running 'make check-qtest-i386' +with QEMU configured with '--enable-sanitizers' we get: + + ==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0 + READ of size 786432 at 0x619000062a00 thread T0 + #0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919) + #1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13 + #2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14 + #3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18 + #4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16 + #5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5 + #6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5 + #7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9 + #8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13 + #9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13 + #10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13 + #11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9 + #12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17 + + 0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00) + allocated by thread T0 here: + #0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec) + #1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11 + #2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27 + #3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20 + #4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5 + #5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13 + + SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy + Shadow bytes around the buggy address: + 0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + =>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Heap left redzone: fa + Freed heap region: fd + ==4028352==ABORTING + +[ kwolf: Added snapshot=on to prevent write file lock failure ] + +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Kevin Wolf <kwolf@redhat.com> + +Upstream-Status: Backport [46609b90d9e3a6304def11038a76b58ff43f77bc] +CVE: CVE-2021-3507 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + tests/qtest/fdc-test.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c +index 8f6eee84a..6f5850354 100644 +--- a/tests/qtest/fdc-test.c ++++ b/tests/qtest/fdc-test.c +@@ -583,6 +583,26 @@ static void test_cve_2021_20196(void) + qtest_quit(s); + } + ++static void test_cve_2021_3507(void) ++{ ++ QTestState *s; ++ ++ s = qtest_initf("-nographic -m 32M -nodefaults " ++ "-drive file=%s,format=raw,if=floppy,snapshot=on", ++ test_image); ++ qtest_outl(s, 0x9, 0x0a0206); ++ qtest_outw(s, 0x3f4, 0x1600); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0200); ++ qtest_outw(s, 0x3f4, 0x0200); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_quit(s); ++} ++ + int main(int argc, char **argv) + { + int fd; +@@ -614,6 +634,7 @@ int main(int argc, char **argv) + qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19); + qtest_add_func("/fdc/fuzz-registers", fuzz_registers); + qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196); ++ qtest_add_func("/fdc/fuzz/cve_2021_3507", test_cve_2021_3507); + + ret = g_test_run(); + +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch new file mode 100644 index 0000000000..7555e5bc40 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch @@ -0,0 +1,70 @@ +From 12daeafc9868c1ebe482d580494f9e6d3d5c260f Mon Sep 17 00:00:00 2001 +From: Klaus Jensen <k.jensen@samsung.com> +Date: Fri, 17 Dec 2021 10:44:01 +0100 +Subject: [PATCH] hw/nvme: fix CVE-2021-3929 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes CVE-2021-3929 "locally" by denying DMA to the iomem of the +device itself. This still allows DMA to MMIO regions of other devices +(e.g. doing P2P DMA to the controller memory buffer of another NVMe +device). + +Fixes: CVE-2021-3929 +Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> +Reviewed-by: Keith Busch <kbusch@kernel.org> +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Signed-off-by: Klaus Jensen <k.jensen@samsung.com> + +Upstream-Status: Backport [736b01642d85be832385063f278fe7cd4ffb5221] +CVE: CVE-2021-3929 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/nvme/ctrl.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 5f573c417..eda52c6ac 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -357,6 +357,24 @@ static inline void *nvme_addr_to_pmr(NvmeCtrl *n, hwaddr addr) + return memory_region_get_ram_ptr(&n->pmr.dev->mr) + (addr - n->pmr.cba); + } + ++static inline bool nvme_addr_is_iomem(NvmeCtrl *n, hwaddr addr) ++{ ++ hwaddr hi, lo; ++ ++ /* ++ * The purpose of this check is to guard against invalid "local" access to ++ * the iomem (i.e. controller registers). Thus, we check against the range ++ * covered by the 'bar0' MemoryRegion since that is currently composed of ++ * two subregions (the NVMe "MBAR" and the MSI-X table/pba). Note, however, ++ * that if the device model is ever changed to allow the CMB to be located ++ * in BAR0 as well, then this must be changed. ++ */ ++ lo = n->bar0.addr; ++ hi = lo + int128_get64(n->bar0.size); ++ ++ return addr >= lo && addr < hi; ++} ++ + static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) + { + hwaddr hi = addr + size - 1; +@@ -614,6 +632,10 @@ static uint16_t nvme_map_addr(NvmeCtrl *n, NvmeSg *sg, hwaddr addr, size_t len) + + trace_pci_nvme_map_addr(addr, len); + ++ if (nvme_addr_is_iomem(n, addr)) { ++ return NVME_DATA_TRAS_ERROR; ++ } ++ + if (nvme_addr_is_cmb(n, addr)) { + cmb = true; + } else if (nvme_addr_is_pmr(n, addr)) { +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch new file mode 100644 index 0000000000..f6de53244f --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch @@ -0,0 +1,46 @@ +From a0b64c6d078acb9bcfae600e22bf99a9a7deca7c Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" <mst@redhat.com> +Date: Tue, 21 Dec 2021 09:45:44 -0500 +Subject: [PATCH] acpi: validate hotplug selector on access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When bus is looked up on a pci write, we didn't +validate that the lookup succeeded. +Fuzzers thus can trigger QEMU crash by dereferencing the NULL +bus pointer. + +Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device") +Fixes: CVE-2021-4158 +Cc: "Igor Mammedov" <imammedo@redhat.com> +Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770 +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Ani Sinha <ani@anisinha.ca> + +Upstream-Status: Backport [9bd6565ccee68f72d5012e24646e12a1c662827e] +CVE: CVE-2021-4158 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/acpi/pcihp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c +index 30405b511..a5e182dd3 100644 +--- a/hw/acpi/pcihp.c ++++ b/hw/acpi/pcihp.c +@@ -491,6 +491,9 @@ static void pci_write(void *opaque, hwaddr addr, uint64_t data, + } + + bus = acpi_pcihp_find_hotplug_bus(s, s->hotplug_select); ++ if (!bus) { ++ break; ++ } + QTAILQ_FOREACH_SAFE(kid, &bus->qbus.children, sibling, next) { + Object *o = OBJECT(kid->child); + PCIDevice *dev = PCI_DEVICE(o); +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch new file mode 100644 index 0000000000..de7458fc72 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch @@ -0,0 +1,42 @@ +From 1cedc914b2c4b4e0c9dfcd1b0e02917af35b5eb6 Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella <mcascell@redhat.com> +Date: Tue, 5 Jul 2022 22:05:43 +0200 +Subject: [PATCH 1/3] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout + (CVE-2022-0216) + +Set current_req->req to NULL to prevent reusing a free'd buffer in case of +repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch. + +Fixes: CVE-2022-0216 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 +Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> +Reviewed-by: Thomas Huth <thuth@redhat.com> +Message-Id: <20220705200543.2366809-1-mcascell@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + +Upstream-Status: Backport [6c8fa961da5e60f574bb52fd3ad44b1e9e8ad4b8] +CVE: CVE-2022-0216 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/scsi/lsi53c895a.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 85e907a78..8033cf050 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1029,8 +1029,9 @@ static void lsi_do_msgout(LSIState *s) + case 0x0d: + /* The ABORT TAG message clears the current I/O process only. */ + trace_lsi_do_msgout_abort(current_tag); +- if (current_req) { ++ if (current_req && current_req->req) { + scsi_req_cancel(current_req->req); ++ current_req->req = NULL; + } + lsi_disconnect(s); + break; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch new file mode 100644 index 0000000000..12f5a602da --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch @@ -0,0 +1,52 @@ +From 8f2c2cb908758192d5ebc00605cbf0989b8a507c Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella <mcascell@redhat.com> +Date: Mon, 11 Jul 2022 14:33:16 +0200 +Subject: [PATCH 3/3] scsi/lsi53c895a: really fix use-after-free in + lsi_do_msgout (CVE-2022-0216) + +Set current_req to NULL, not current_req->req, to prevent reusing a free'd +buffer in case of repeated SCSI cancel requests. Also apply the fix to +CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel +the request. + +Thanks to Alexander Bulekov for providing a reproducer. + +Fixes: CVE-2022-0216 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 +Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Message-Id: <20220711123316.421279-1-mcascell@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + +Upstream-Status: Backport [4367a20cc442c56b05611b4224de9a61908f9eac] +CVE: CVE-2022-0216 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/scsi/lsi53c895a.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 8033cf050..fbe3fa3dd 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1031,7 +1031,7 @@ static void lsi_do_msgout(LSIState *s) + trace_lsi_do_msgout_abort(current_tag); + if (current_req && current_req->req) { + scsi_req_cancel(current_req->req); +- current_req->req = NULL; ++ current_req = NULL; + } + lsi_disconnect(s); + break; +@@ -1057,6 +1057,7 @@ static void lsi_do_msgout(LSIState *s) + /* clear the current I/O process */ + if (s->current) { + scsi_req_cancel(s->current->req); ++ current_req = NULL; + } + + /* As the current implemented devices scsi_disk and scsi_generic +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch new file mode 100644 index 0000000000..8eb1475638 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch @@ -0,0 +1,106 @@ +From 4d2558ec9336d3614a43f7437c9cf74793ae3a87 Mon Sep 17 00:00:00 2001 +From: Vivek Goyal <vgoyal@redhat.com> +Date: Tue, 25 Jan 2022 13:51:14 -0500 +Subject: [PATCH] virtiofsd: Drop membership of all supplementary groups + (CVE-2022-0358) + +At the start, drop membership of all supplementary groups. This is +not required. + +If we have membership of "root" supplementary group and when we switch +uid/gid using setresuid/setsgid, we still retain membership of existing +supplemntary groups. And that can allow some operations which are not +normally allowed. + +For example, if root in guest creates a dir as follows. + +$ mkdir -m 03777 test_dir + +This sets SGID on dir as well as allows unprivileged users to write into +this dir. + +And now as unprivileged user open file as follows. + +$ su test +$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755); + +This will create SGID set executable in test_dir/. + +And that's a problem because now an unpriviliged user can execute it, +get egid=0 and get access to resources owned by "root" group. This is +privilege escalation. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 +Fixes: CVE-2022-0358 +Reported-by: JIETAO XIAO <shawtao1125@gmail.com> +Suggested-by: Miklos Szeredi <mszeredi@redhat.com> +Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> +Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Signed-off-by: Vivek Goyal <vgoyal@redhat.com> +Message-Id: <YfBGoriS38eBQrAb@redhat.com> +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> + dgilbert: Fixed missing {}'s style nit + +Upstream-Status: Backport [449e8171f96a6a944d1f3b7d3627ae059eae21ca] +CVE: CVE-2022-0358 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index 64b5b4fbb..b3d0674f6 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -54,6 +54,7 @@ + #include <sys/wait.h> + #include <sys/xattr.h> + #include <syslog.h> ++#include <grp.h> + + #include "qemu/cutils.h" + #include "passthrough_helpers.h" +@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) + #define OURSYS_setresuid SYS_setresuid + #endif + ++static void drop_supplementary_groups(void) ++{ ++ int ret; ++ ++ ret = getgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++ ++ if (!ret) { ++ return; ++ } ++ ++ /* Drop all supplementary groups. We should not need it */ ++ ret = setgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++} ++ + /* + * Change to uid/gid of caller so that file is created with + * ownership of caller. +@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[]) + + qemu_init_exec_dir(argv[0]); + ++ drop_supplementary_groups(); ++ + pthread_mutex_init(&lo.mutex, NULL); + lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal); + lo.root.fd = -1; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..c6cf9d4c88 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 +index 372875fc4..1b7add9ee 100644 --- a/configure.ac +++ b/configure.ac -@@ -871,7 +871,7 @@ else +@@ -884,7 +884,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index d53ab5ed5..9d10441c8 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 +index ebe4e40d1..e6920e258 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 + rpm_version_info = 12:0:3 diff --git a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 4020a31092..2a0069cafe 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -28,11 +28,18 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> lib/rpmscript.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index cc98c4885..f8bd3df04 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -394,8 +394,7 @@ exit: +@@ -17,7 +17,7 @@ + #include "rpmio/rpmio_internal.h" + + #include "lib/rpmplugins.h" /* rpm plugins hooks */ +- ++#include "lib/rpmchroot.h" /* rpmChrootOut */ + #include "debug.h" + + struct scriptNextFileFunc_s { +@@ -391,8 +391,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -42,7 +49,7 @@ index cc98c4885..f8bd3df04 100644 free(fn); } free(mline); -@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, +@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { @@ -57,6 +64,3 @@ index cc98c4885..f8bd3df04 100644 } else { rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); } --- -2.11.0 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch new file mode 100644 index 0000000000..2174a79e75 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -0,0 +1,31 @@ +From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Thu, 4 Aug 2022 12:15:08 +0200 +Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling + +x32 is a 64 bit x86 ABI with 32 bit pointers. + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 372875fc49..7d6a3d274e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` + host_os_gnu=-gnuabi64 + fi ++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then ++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'` ++ host_os_gnu=-gnux32 ++fi + if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnu$//'` + fi +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv <unsigned> 1]) --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb index c392ac0db4..9b6446f265 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -39,13 +39,11 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc file://0001-tools-Add-error.h-for-non-glibc-case.patch \ file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ + file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ " PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" +SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch b/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch deleted file mode 100644 index 2d51ddf965..0000000000 --- a/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch +++ /dev/null @@ -1,31 +0,0 @@ -From fbe85634d88e82fbb439ae2a5d1aca8b8c309bea Mon Sep 17 00:00:00 2001 -From: Matt McCutchen <matt@mattmccutchen.net> -Date: Wed, 26 Aug 2020 12:16:08 -0400 -Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using - openssl. - -CVE: CVE-2020-14387 - -Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c3f7414] - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - rsync-ssl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rsync-ssl b/rsync-ssl -index 8101975..46701af 100755 ---- a/rsync-ssl -+++ b/rsync-ssl -@@ -129,7 +129,7 @@ function rsync_ssl_helper { - fi - - if [[ $RSYNC_SSL_TYPE == openssl ]]; then -- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port -+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port - elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then - exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port - else --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 4ba7665280..42a6372ba7 100644 --- a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From 1f29584e57f5fda09970c66f3b94f4720e09c1bb Mon Sep 17 00:00:00 2001 +From 81700d1a0e51391028c761cc8ef1cd660084d114 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -14,12 +14,12 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 672fcc4..c12d8d4 100644 +index 3cde955..d963a70 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -168,60 +168,6 @@ gen: conf proto.h man - gensend: gen - rsync -aic $(GENFILES) $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ +@@ -190,60 +190,6 @@ gensend: gen + fi + rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true -aclocal.m4: $(srcdir)/m4/*.m4 - aclocal -I $(srcdir)/m4 @@ -41,7 +41,7 @@ index 672fcc4..c12d8d4 100644 - else \ - echo "config.h.in has CHANGED."; \ - fi -- @if test -f configure.sh.old -o -f config.h.in.old; then \ +- @if test -f configure.sh.old || test -f config.h.in.old; then \ - if test "$(MAKECMDGOALS)" = reconfigure; then \ - echo 'Continuing with "make reconfigure".'; \ - else \ diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb index 6168ee85fc..e43f35ea2f 100644 --- a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb +++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb @@ -6,7 +6,7 @@ SECTION = "console/network" # GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) # Includes opennsh and xxhash dynamic link exception LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=9e5a4f9b3a253d51520617aa54f8eb26" +LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7" DEPENDS = "popt" @@ -14,10 +14,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://rsyncd.conf \ file://makefile-no-rebuild.patch \ file://determism.patch \ - file://0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch \ " -SRC_URI[sha256sum] = "becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e" +SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba" # -16548 required for v3.1.3pre1. Already in v3.1.3. CVE_CHECK_IGNORE += " CVE-2017-16548 " @@ -41,7 +40,17 @@ PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" EXTRA_OEMAKE = 'STRIP=""' -EXTRA_OECONF = "--disable-simd --disable-md2man --disable-asm --with-nobody-group=nogroup" +EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup" + +#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)': +#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target +#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; } +#| | ^~~~~~~~~~~~~~~~~~~~~ +#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default +#| 480 | } +#| | ^ +#| If you can't fix the issue, re-run ./configure with --disable-roll-simd. +EXTRA_OECONF:append:libc-musl = " --disable-roll-simd" # rsync 3.0 uses configure.sh instead of configure, and # makefile checks the existence of configure.sh diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch new file mode 100644 index 0000000000..5d0f8fcc09 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch @@ -0,0 +1,36 @@ +From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001 +From: Alan Wu <XrXr@users.noreply.github.com> +Date: Thu, 31 Mar 2022 17:26:28 -0400 +Subject: [PATCH] Remove dependency on libcapstone + +We have received reports of build failures due to this configuration +check modifying compile flags. Since only YJIT devs use this library +we can remove it to make Ruby easier to build for users. + +See: https://github.com/rbenv/ruby-build/discussions/1933 + +Upstream-Status: Backport +--- + configure.ac | 9 --------- + 1 file changed, 9 deletions(-) + +Index: ruby-3.1.2/configure.ac +=================================================================== +--- ruby-3.1.2.orig/configure.ac ++++ ruby-3.1.2/configure.ac +@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki + AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX + AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris + +-if pkg-config --exists capstone; then +- CAPSTONE_CFLAGS=`pkg-config --cflags capstone` +- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone` +- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L" +- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS" +-fi +- +-AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT +- + dnl Checks for header files. + AC_HEADER_DIRENT + dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb index 6fc1f53b18..387bfa9b44 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb @@ -12,6 +12,7 @@ SRC_URI += " \ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ + file://0001-Remove-dependency-on-libcapstone.patch \ " SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" @@ -25,7 +26,6 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6," # rdoc is off by default due to non-reproducibility reported in # https://bugs.ruby-lang.org/issues/18456 PACKAGECONFIG[rdoc] = "--enable-install-rdoc,--disable-install-rdoc," -PACKAGECONFIG[capstone] = "--with-capstone=yes, --with-capstone=no" EXTRA_OECONF = "\ --disable-versioned-paths \ diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.2.bb b/poky/meta/recipes-devtools/vala/vala_0.56.2.bb deleted file mode 100644 index 08c8ccca1d..0000000000 --- a/poky/meta/recipes-devtools/vala/vala_0.56.2.bb +++ /dev/null @@ -1,3 +0,0 @@ -require ${BPN}.inc - -SRC_URI[sha256sum] = "66c9619bb17859fd1ac3aba0a57970613e38fd2a1ee30541174260c9fb90124c" diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.3.bb b/poky/meta/recipes-devtools/vala/vala_0.56.3.bb new file mode 100644 index 0000000000..83f61e5b2f --- /dev/null +++ b/poky/meta/recipes-devtools/vala/vala_0.56.3.bb @@ -0,0 +1,3 @@ +require ${BPN}.inc + +SRC_URI[sha256sum] = "e1066221bf7b89cb1fa7327a3888645cb33b604de3bf45aa81132fd040b699bf" diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb index 629069e844..786940a7e0 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -11,9 +11,10 @@ EXTRA_OECONF = "--without-python --libdir=${base_libdir}" SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" + file://0002-craklib-fix-testnum-and-teststr-failed.patch \ + " -SRCREV = "f83934cf3cced0c9600c7d81332f4169f122a2cf" +SRCREV = "d9e8f9f47718539aeba80f90f4e072549926dc9c" S = "${WORKDIR}/git/src" inherit autotools gettext diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb index 8d2e77e011..801162867c 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd \ " -SRC_URI[sha256sum] = "e1489d9fa7496fbf2e071c338b593b2300d38c23f1e5967e52c9ef482e1b0e26" +SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" DEPENDS = "virtual/crypt" diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch new file mode 100644 index 0000000000..94dd418f36 --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch @@ -0,0 +1,58 @@ +From de988c9b5605a711b306c4203545b8d761875177 Mon Sep 17 00:00:00 2001 +From: Jan Stancek <jstancek@redhat.com> +Date: Mon, 31 Jan 2022 12:00:46 +0100 +Subject: [PATCH] syscalls/pread02: extend buffer to avoid glibc overflow + detection + +Test started failing with recent glibc (glibc-2.34.9000-38.fc36), +which detects that buffer in pread is potentially too small: + tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s + *** buffer overflow detected ***: terminated + tst_test.c:1484: TBROK: Test killed by SIGIOT/SIGABRT! + +(gdb) bt + #0 __pthread_kill_implementation at pthread_kill.c:44 + #1 0x00007ffff7e46f73 in __pthread_kill_internal at pthread_kill.c:78 + #2 0x00007ffff7df6a36 in __GI_raise at ../sysdeps/posix/raise.c:26 + #3 0x00007ffff7de082f in __GI_abort () at abort.c:79 + #4 0x00007ffff7e3b01e in __libc_message at ../sysdeps/posix/libc_fatal.c:155 + #5 0x00007ffff7ed945a in __GI___fortify_fail at fortify_fail.c:26 + #6 0x00007ffff7ed7dc6 in __GI___chk_fail () at chk_fail.c:28 + #7 0x00007ffff7ed8214 in __pread_chk at pread_chk.c:26 + #8 0x0000000000404d1a in pread at /usr/include/bits/unistd.h:74 + #9 verify_pread (n=<optimized out>) at pread02.c:44 + #10 0x000000000040dc19 in run_tests () at tst_test.c:1246 + #11 testrun () at tst_test.c:1331 + #12 fork_testrun () at tst_test.c:1462 + #13 0x000000000040e9a1 in tst_run_tcases + #14 0x0000000000404bde in main + +Extend it to number of bytes we are trying to read from fd. + +Upstream-Status: Backport +[https://github.com/linux-test-project/ltp/commit/de988c9b5605a711b306c4203545b8d761875177] + +Signed-off-by: Jan Stancek <jstancek@redhat.com> +Acked-by: Petr Vorel <pvorel@suse.cz> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + testcases/kernel/syscalls/pread/pread02.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testcases/kernel/syscalls/pread/pread02.c b/testcases/kernel/syscalls/pread/pread02.c +index de2a81fff..fda5fd190 100644 +--- a/testcases/kernel/syscalls/pread/pread02.c ++++ b/testcases/kernel/syscalls/pread/pread02.c +@@ -39,7 +39,7 @@ struct test_case_t { + static void verify_pread(unsigned int n) + { + struct test_case_t *tc = &tcases[n]; +- char buf; ++ char buf[K1]; + + TST_EXP_FAIL2(pread(*tc->fd, &buf, tc->nb, tc->offst), tc->exp_errno, + "pread(%d, %zu, %ld) %s", *tc->fd, tc->nb, tc->offst, tc->desc); +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20220121.bb b/poky/meta/recipes-extended/ltp/ltp_20220121.bb index 8a13dcf9d0..4ae54492f3 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20220121.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20220121.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=ht file://0001-Remove-OOM-tests-from-runtest-mm.patch \ file://0001-metadata-parse.sh-sort-filelist-for-reproducibility.patch \ file://disable_hanging_tests.patch \ + file://0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/pam/libpam/99_pam b/poky/meta/recipes-extended/pam/libpam/99_pam index 97e990d10b..a88247be13 100644 --- a/poky/meta/recipes-extended/pam/libpam/99_pam +++ b/poky/meta/recipes-extended/pam/libpam/99_pam @@ -1 +1 @@ -d root root 0755 /var/run/sepermit none +d root root 0755 /run/sepermit none diff --git a/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch new file mode 100644 index 0000000000..6c04769713 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch @@ -0,0 +1,27 @@ +From aed5a184401fbbe901cb825be4004ced885b6f9a Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan <andrei.gherzan@huawei.com> +Date: Wed, 24 Aug 2022 00:54:47 +0200 +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl + +Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557] +Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> +--- + lib/nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/nss.c b/lib/nss.c +index af3e95a..74e0e16 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -57,7 +57,7 @@ void nss_init(char *nsswitch_path) { + // subid: files + nssfp = fopen(nsswitch_path, "r"); + if (!nssfp) { +- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); ++ //fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + atomic_store(&nss_init_completed, true); + return; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index f5fdf436f7..5106b95571 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -26,6 +26,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ @@ -33,6 +34,7 @@ SRC_URI:append:class-nativesdk = " \ SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" + # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/chpasswd \ @@ -149,6 +151,13 @@ do_install:append() { # Handle link properly after rename, otherwise missing files would # lead rpm failed dependencies. ln -sf newgrp.${BPN} ${D}${bindir}/sg + + # usermod requires the subuid/subgid files to be in place before being + # able to use the -v/-V flags otherwise it fails: + # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V + install -d ${D}${sysconfdir} + touch ${D}${sysconfdir}/subuid + touch ${D}${sysconfdir}/subgid } PACKAGES =+ "${PN}-base" diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch new file mode 100644 index 0000000000..bb35b3030a --- /dev/null +++ b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch @@ -0,0 +1,43 @@ +From ea9ee4dd64ee88e03a959b2c694aa8feb53c7e78 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Wed, 28 Sep 2022 16:47:24 +0800 +Subject: [PATCH] stress-cpu: disable float128 math on powerpc64 to avoid + SIGILL + +float128 requires instructions of xsmaddqp and xsmsubqp which are added to +qemu since v7.0 by the following commit. +https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f + +While kirkstone is still at v6.2 and thus experiences SIGILL as follow +root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s +stress-ng: info: [972] setting to a 30 second run per stressor +stress-ng: info: [972] dispatching hogs: 2 cpu +stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL' +<snip> + +Upstream-Status: Inappropriate [This is specific to kirkstone since qemu on +master branch has upgraded to v7.1.] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + stress-cpu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/stress-cpu.c b/stress-cpu.c +index 0a08f1d1..2849e715 100644 +--- a/stress-cpu.c ++++ b/stress-cpu.c +@@ -41,6 +41,10 @@ + #undef HAVE_FLOAT_DECIMAL128 + #endif + ++#if defined(STRESS_ARCH_PPC64) ++#undef HAVE_FLOAT128 ++#endif ++ + #define GAMMA (0.57721566490153286060651209008240243104215933593992L) + #define OMEGA (0.56714329040978387299996866221035554975381578718651L) + #define PSI (3.35988566624317755317201130291892717968890513373197L) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb index fe177a4de0..807ecd3466 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb @@ -5,7 +5,9 @@ HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master" +SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ + file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ + " SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch new file mode 100644 index 0000000000..ec793ac8ff --- /dev/null +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch @@ -0,0 +1,109 @@ +From 9c97b5db237a793e0d1b6b0241570bdc6e35ee24 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 7 Aug 2022 17:42:24 -0700 +Subject: [PATCH] Fix implicit-function-declaration warnings + +These are seen with clang-15+ + +Upstream-Status: Inappropriate [upstream is dead] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + hosts_access.c | 3 +++ + safe_finger.c | 1 + + shell_cmd.c | 3 +++ + tcpd.c | 2 +- + tcpdchk.c | 1 + + workarounds.c | 1 + + 6 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/hosts_access.c b/hosts_access.c +index 0133e5e..58697ea 100644 +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -33,6 +33,7 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + #include <netinet/in.h> + #include <arpa/inet.h> ++#include <rpcsvc/ypclnt.h> + #include <stdio.h> + #include <stdlib.h> + #include <syslog.h> +@@ -45,6 +46,8 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + + extern int errno; ++extern int match_pattern_ylo(const char *s, const char *pattern); ++extern unsigned long cidr_mask_addr(char* str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +diff --git a/safe_finger.c b/safe_finger.c +index 23afab1..a6458fb 100644 +--- a/safe_finger.c ++++ b/safe_finger.c +@@ -34,6 +34,7 @@ static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41"; + #include <syslog.h> + + extern void exit(); ++extern int pipe_stdin(char **argv); + + /* Local stuff */ + +diff --git a/shell_cmd.c b/shell_cmd.c +index 62d31bc..a566092 100644 +--- a/shell_cmd.c ++++ b/shell_cmd.c +@@ -16,10 +16,13 @@ static char sccsid[] = "@(#) shell_cmd.c 1.5 94/12/28 17:42:44"; + + #include <sys/types.h> + #include <sys/param.h> ++#include <sys/wait.h> ++#include <fcntl.h> + #include <signal.h> + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern void exit(); + +diff --git a/tcpd.c b/tcpd.c +index dc9ff17..4353caa 100644 +--- a/tcpd.c ++++ b/tcpd.c +@@ -46,7 +46,7 @@ void fix_options(struct request_info *); + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-main(argc, argv) ++void main(argc, argv) + int argc; + char **argv; + { +diff --git a/tcpdchk.c b/tcpdchk.c +index 5dca8bd..67c12ce 100644 +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -38,6 +38,7 @@ static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; + + extern int errno; + extern void exit(); ++extern unsigned long cidr_mask_addr(char* str); + extern int optind; + extern char *optarg; + +diff --git a/workarounds.c b/workarounds.c +index b22b378..6335049 100644 +--- a/workarounds.c ++++ b/workarounds.c +@@ -21,6 +21,7 @@ char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern int errno; + +-- +2.37.1 + diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb index 814d7fd913..8137d257c8 100644 --- a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb @@ -50,6 +50,7 @@ SRC_URI = "http://ftp.porcupine.org/pub/security/tcp_wrappers_${PV}.tar.gz \ file://fix_warnings.patch \ file://fix_warnings2.patch \ file://0001-Remove-fgets-extern-declaration.patch \ + file://0001-Fix-implicit-function-declaration-warnings.patch \ " SRC_URI[md5sum] = "e6fa25f71226d090f34de3f6b122fb5a" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index cdd1a2ac3c..d3c78e9157 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022a" +PV = "2022d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7" -SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" +SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" +SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" diff --git a/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch new file mode 100644 index 0000000000..8c419e1d11 --- /dev/null +++ b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch @@ -0,0 +1,37 @@ +From ca1d379fa13c4055d42d2ff3a647b4397768efcd Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 23 Aug 2022 19:23:26 -0700 +Subject: [PATCH] shutdown: Do not guard sys/quota.h sys/swap.h and + sys/reboot.h with __GLIBC__ + +These headers are provided by uclibc/musl/glibc and bionic so we can +assume they are not needed to be glibc specific includes. This also +ensures that we get proper declaration of reboot() API + +Upstream-Status: Submitted [https://sourceforge.net/p/watchdog/patches/12/] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/shutdown.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shutdown.c b/src/shutdown.c +index 1d9a857..6aea0d0 100644 +--- a/src/shutdown.c ++++ b/src/shutdown.c +@@ -29,13 +29,9 @@ + #include "extern.h" + #include "ext2_mnt.h" + +-#if defined __GLIBC__ + #include <sys/quota.h> + #include <sys/swap.h> + #include <sys/reboot.h> +-#else /* __GLIBC__ */ +-#include <linux/quota.h> +-#endif /* __GLIBC__ */ + + #include <unistd.h> + +-- +2.37.2 + diff --git a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb index 1163846ed8..26fcc10487 100644 --- a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb +++ b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb @@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/watchdog/watchdog-${PV}.tar.gz \ file://watchdog.init \ file://wd_keepalive.init \ file://0001-wd_keepalive.service-use-run-instead-of-var-run.patch \ + file://0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch \ " SRC_URI[md5sum] = "1b4f51cabc64d1bee2fce7cdd626831f" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 62ee70d244..897417314d 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -30,6 +30,8 @@ INITSCRIPT_PARAMS = "defaults" PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-libwrap,,tcp-wrappers" +CFLAGS += "-D_GNU_SOURCE" + CONFFILES:${PN} = "${sysconfdir}/xinetd.conf" do_install:append() { diff --git a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch deleted file mode 100644 index e43e73cf12..0000000000 --- a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch +++ /dev/null @@ -1,96 +0,0 @@ -From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001 -From: Lasse Collin <lasse.collin@tukaani.org> -Date: Tue, 29 Mar 2022 19:19:12 +0300 -Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). - -Malicious filenames can make xzgrep to write to arbitrary files -or (with a GNU sed extension) lead to arbitrary code execution. - -xzgrep from XZ Utils versions up to and including 5.2.5 are -affected. 5.3.1alpha and 5.3.2alpha are affected as well. -This patch works for all of them. - -This bug was inherited from gzip's zgrep. gzip 1.12 includes -a fix for zgrep. - -The issue with the old sed script is that with multiple newlines, -the N-command will read the second line of input, then the -s-commands will be skipped because it's not the end of the -file yet, then a new sed cycle starts and the pattern space -is printed and emptied. So only the last line or two get escaped. - -One way to fix this would be to read all lines into the pattern -space first. However, the included fix is even simpler: All lines -except the last line get a backslash appended at the end. To ensure -that shell command substitution doesn't eat a possible trailing -newline, a colon is appended to the filename before escaping. -The colon is later used to separate the filename from the grep -output so it is fine to add it here instead of a few lines later. - -The old code also wasn't POSIX compliant as it used \n in the -replacement section of the s-command. Using \<newline> is the -POSIX compatible method. - -LC_ALL=C was added to the two critical sed commands. POSIX sed -manual recommends it when using sed to manipulate pathnames -because in other locales invalid multibyte sequences might -cause issues with some sed implementations. In case of GNU sed, -these particular sed scripts wouldn't have such problems but some -other scripts could have, see: - - info '(sed)Locale Considerations' - -This vulnerability was discovered by: -cleemy desu wayo working with Trend Micro Zero Day Initiative - -Thanks to Jim Meyering and Paul Eggert discussing the different -ways to fix this and for coordinating the patch release schedule -with gzip. - -Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] -CVE: CVE-2022-1271 - -Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> ---- - src/scripts/xzgrep.in | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in -index 9db5c3a..f64dddb 100644 ---- a/src/scripts/xzgrep.in -+++ b/src/scripts/xzgrep.in -@@ -179,22 +179,26 @@ for i; do - { test $# -eq 1 || test $no_filename -eq 1; }; then - eval "$grep" - else -+ # Append a colon so that the last character will never be a newline -+ # which would otherwise get lost in shell command substitution. -+ i="$i:" -+ -+ # Escape & \ | and newlines only if such characters are present -+ # (speed optimization). - case $i in - (*' - '* | *'&'* | *'\'* | *'|'*) -- i=$(printf '%s\n' "$i" | -- sed ' -- $!N -- $s/[&\|]/\\&/g -- $s/\n/\\n/g -- ');; -+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; - esac -- sed_script="s|^|$i:|" -+ -+ # $i already ends with a colon so don't add it here. -+ sed_script="s|^|$i|" - - # Fail if grep or sed fails. - r=$( - exec 4>&1 -- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- -+ (eval "$grep" 4>&-; echo $? >&4) 3>&- | -+ LC_ALL=C sed "$sed_script" >&3 4>&- - ) || r=2 - exit $r - fi >&3 5>&- diff --git a/poky/meta/recipes-extended/xz/xz_5.2.5.bb b/poky/meta/recipes-extended/xz/xz_5.2.6.bb index 720e070f4a..3482622471 100644 --- a/poky/meta/recipes-extended/xz/xz_5.2.5.bb +++ b/poky/meta/recipes-extended/xz/xz_5.2.6.bb @@ -24,11 +24,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ " -SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \ - file://CVE-2022-1271.patch \ - " -SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717" -SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" +SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" +SRC_URI[sha256sum] = "a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb index f9d60ff2a9..9efd2800da 100644 --- a/poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb +++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb @@ -28,7 +28,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN file://migrator.patch \ file://distributor.patch \ " -SRC_URI[archive.sha256sum] = "7316d3c6500e825d8e57293fa58047c56727bee16cd6b6ac804ffe5d9b229560" +SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860" PACKAGECONFIG_SOUP ?= "soup2" PACKAGECONFIG ??= "${PACKAGECONFIG_SOUP}" diff --git a/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb b/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb index 717c31c325..8719884f25 100644 --- a/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb +++ b/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb @@ -13,6 +13,8 @@ DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native \ CACHED_CONFIGUREVARS += "ac_cv_path_GPG='gpg2'" +CFLAGS += "-D_GNU_SOURCE" + GNOMEBASEBUILDCLASS = "meson" GTKDOC_MESON_OPTION = "gtk_doc" inherit gnomebase gtk-icon-cache gtk-doc features_check upstream-version-is-even vala gobject-introspection gettext mime mime-xdg diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch index a8206a4507..02cc9a2a70 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch @@ -1,4 +1,4 @@ -From ba73bb0f3d2023839bc3b681c49b7ec1192cceb4 Mon Sep 17 00:00:00 2001 +From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Sat, 8 May 2021 21:58:54 +0200 Subject: [PATCH] Add use_prebuilt_tools option @@ -18,7 +18,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 5 files changed, 42 insertions(+), 19 deletions(-) diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build -index 8b0590b..7331491 100644 +index 54ff9dd..2e321cf 100644 --- a/gdk-pixbuf/meson.build +++ b/gdk-pixbuf/meson.build @@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin @@ -45,16 +45,18 @@ index 8b0590b..7331491 100644 # load the installed cache; we always build it by default loaders_cache = custom_target('loaders.cache', diff --git a/meson.build b/meson.build -index 7a1409b..0bc73eb 100644 +index 813bd43..a93e6f7 100644 --- a/meson.build +++ b/meson.build -@@ -403,16 +403,16 @@ subdir('gdk-pixbuf') +@@ -369,18 +369,18 @@ subdir('gdk-pixbuf') # i18n subdir('po') -if not meson.is_cross_build() +if not meson.is_cross_build() or get_option('use_prebuilt_tools') - subdir('tests') + if get_option('tests') + subdir('tests') + endif - subdir('thumbnailer') endif +subdir('thumbnailer') @@ -69,10 +71,10 @@ index 7a1409b..0bc73eb 100644 gdk_pixbuf_bindir, gdk_pixbuf_libdir, diff --git a/meson_options.txt b/meson_options.txt -index 0ee6718..cc29855 100644 +index d198d99..1c899e9 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -49,4 +49,8 @@ option('gio_sniffing', +@@ -53,4 +53,8 @@ option('gio_sniffing', description: 'Perform file type detection using GIO (Unused on MacOS and Windows)', type: 'boolean', value: true) @@ -82,7 +84,7 @@ index 0ee6718..cc29855 100644 + value: false) diff --git a/tests/meson.build b/tests/meson.build -index 7c6cb11..1029e6a 100644 +index 28c2525..d97c02d 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -5,6 +5,12 @@ diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch index 25410b11ea..dd580f8162 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch @@ -1,4 +1,4 @@ -From f00603d58d844422363b896ea7d07aaf48ddaa66 Mon Sep 17 00:00:00 2001 +From b511bd1efb43ffc49c753e309717a242ec686ef1 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Tue, 1 Apr 2014 17:23:36 +0100 Subject: [PATCH] gdk-pixbuf: add an option so that loader errors are fatal @@ -14,10 +14,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/gdk-pixbuf/queryloaders.c b/gdk-pixbuf/queryloaders.c -index 312aa78..b813d99 100644 +index 1d39b44..2b00815 100644 --- a/gdk-pixbuf/queryloaders.c +++ b/gdk-pixbuf/queryloaders.c -@@ -212,7 +212,7 @@ write_loader_info (GString *contents, const char *path, GdkPixbufFormat *info) +@@ -216,7 +216,7 @@ write_loader_info (GString *contents, const char *path, GdkPixbufFormat *info) g_string_append_c (contents, '\n'); } @@ -26,7 +26,7 @@ index 312aa78..b813d99 100644 query_module (GString *contents, const char *dir, const char *file) { char *path; -@@ -221,6 +221,7 @@ query_module (GString *contents, const char *dir, const char *file) +@@ -225,6 +225,7 @@ query_module (GString *contents, const char *dir, const char *file) void (*fill_vtable) (GdkPixbufModule *module); gpointer fill_info_ptr; gpointer fill_vtable_ptr; @@ -34,7 +34,7 @@ index 312aa78..b813d99 100644 if (g_path_is_absolute (file)) path = g_strdup (file); -@@ -270,10 +271,13 @@ query_module (GString *contents, const char *dir, const char *file) +@@ -274,10 +275,13 @@ query_module (GString *contents, const char *dir, const char *file) g_module_error()); else g_fprintf (stderr, "Cannot load loader %s\n", path); @@ -47,8 +47,8 @@ index 312aa78..b813d99 100644 + return ret; } - #ifdef G_OS_WIN32 -@@ -314,6 +318,7 @@ int main (int argc, char **argv) + #if defined(G_OS_WIN32) && defined(GDK_PIXBUF_RELOCATABLE) +@@ -318,6 +322,7 @@ int main (int argc, char **argv) gint first_file = 1; GFile *pixbuf_libdir_file; gchar *pixbuf_libdir; @@ -56,7 +56,7 @@ index 312aa78..b813d99 100644 #ifdef G_OS_WIN32 gchar *libdir; -@@ -452,7 +457,9 @@ int main (int argc, char **argv) +@@ -456,7 +461,9 @@ int main (int argc, char **argv) } modules = g_list_sort (modules, (GCompareFunc)strcmp); for (l = modules; l != NULL; l = l->next) @@ -67,7 +67,7 @@ index 312aa78..b813d99 100644 g_list_free_full (modules, g_free); g_free (moduledir); #else -@@ -468,7 +475,8 @@ int main (int argc, char **argv) +@@ -472,7 +479,8 @@ int main (int argc, char **argv) infilename = g_locale_to_utf8 (infilename, -1, NULL, NULL, NULL); #endif @@ -77,7 +77,7 @@ index 312aa78..b813d99 100644 } g_free (cwd); } -@@ -486,5 +494,8 @@ int main (int argc, char **argv) +@@ -490,5 +498,8 @@ int main (int argc, char **argv) g_free (pixbuf_libdir); diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb index 55c16e4d66..d33718e3ea 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb @@ -23,7 +23,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0001-Add-use_prebuilt_tools-option.patch \ " -SRC_URI[sha256sum] = "c4a6b75b7ed8f58ca48da830b9fa00ed96d668d3ab4b1f723dcf902f78bde77f" +SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962" inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package @@ -39,16 +39,18 @@ PACKAGECONFIG = "${GDK_PIXBUF_LOADERS} \ ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" PACKAGECONFIG:class-native = "${GDK_PIXBUF_LOADERS}" -PACKAGECONFIG[png] = "-Dpng=true,-Dpng=false,libpng" -PACKAGECONFIG[jpeg] = "-Djpeg=true,-Djpeg=false,jpeg" -PACKAGECONFIG[tiff] = "-Dtiff=true,-Dtiff=false,tiff" +PACKAGECONFIG[png] = "-Dpng=enabled,-Dpng=disabled,libpng" +PACKAGECONFIG[jpeg] = "-Djpeg=enabled,-Djpeg=disabled,jpeg" +PACKAGECONFIG[tiff] = "-Dtiff=enabled,-Dtiff=disabled,tiff" PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" -EXTRA_OEMESON:class-target = " \ +EXTRA_OEMESON = "-Dman=false" + +EXTRA_OEMESON:append:class-target = " \ -Duse_prebuilt_tools=true \ " -EXTRA_OEMESON:class-nativesdk = " \ +EXTRA_OEMESON:append:class-nativesdk = " \ -Duse_prebuilt_tools=true \ " @@ -95,9 +97,11 @@ do_install:append() { } -# Remove a bad fuzzing attempt that sporadically fails without a way to reproduce do_install_ptest() { + # Remove a bad fuzzing attempt that sporadically fails without a way to reproduce rm ${D}/${datadir}/installed-tests/gdk-pixbuf/pixbuf-randomly-modified.test + # https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/215 + rm ${D}/${datadir}/installed-tests/gdk-pixbuf/pixbuf-jpeg.test } do_install:append:class-native() { diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 67081bb8cb..ffb813d290 100644 --- a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -17,9 +17,13 @@ LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-perf-utils = "GPL-3.0-or-later" +# Adapt the licenses for cairo-dbg and cairo-src depending on whether +# cairo-trace is being built. +LICENSE:${PN}-dbg = "(MPL-1.1 | LGPL-2.1-only)${@bb.utils.contains('PACKAGECONFIG', 'trace', ' & GPL-3.0-or-later', '', d)}" +LICENSE:${PN}-src = "(MPL-1.1 | LGPL-2.1-only)${@bb.utils.contains('PACKAGECONFIG', 'trace', ' & GPL-3.0-or-later', '', d)}" LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77 \ - file://util/cairo-trace/COPYING-GPL-3;md5=d32239bcb673463ab874e80d47fae504" + ${@bb.utils.contains('PACKAGECONFIG', 'trace', 'file://util/cairo-trace/COPYING-GPL-3;md5=d32239bcb673463ab874e80d47fae504', '', d)}" DEPENDS = "fontconfig glib-2.0 libpng pixman zlib" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb index fdc035d5f7..1708fa97f0 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb @@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ file://0001-libjpeg-turbo-fix-package_qa-error.patch \ " -SRC_URI[sha256sum] = "467b310903832b033fe56cd37720d1b73a6a3bd0171dbf6ff0b620385f4f76d0" +SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch b/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch deleted file mode 100644 index 1ac0695222..0000000000 --- a/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ece4c3d261aeec230869c0304ed1011ff6837c16 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 12 Sep 2020 14:04:04 -0700 -Subject: [PATCH] Fix atomic modesetting with musl - -atomic modesetting seems to fail with drm weston backend and this patch fixes -it, below errors are seen before weston exits - -atomic: couldn't commit new state: Invalid argument - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/wayland/weston/-/issues/158] -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - libweston/backend-drm/kms.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libweston/backend-drm/kms.c b/libweston/backend-drm/kms.c -index 780d007..9994da1 100644 ---- a/libweston/backend-drm/kms.c -+++ b/libweston/backend-drm/kms.c -@@ -1142,8 +1142,8 @@ drm_pending_state_apply_atomic(struct drm_pending_state *pending_state, - wl_list_for_each(plane, &b->plane_list, link) { - drm_debug(b, "\t\t[atomic] starting with plane %lu disabled\n", - (unsigned long) plane->plane_id); -- plane_add_prop(req, plane, WDRM_PLANE_CRTC_ID, 0); -- plane_add_prop(req, plane, WDRM_PLANE_FB_ID, 0); -+ //plane_add_prop(req, plane, WDRM_PLANE_CRTC_ID, 0); -+ //plane_add_prop(req, plane, WDRM_PLANE_FB_ID, 0); - } - - flags |= DRM_MODE_ATOMIC_ALLOW_MODESET; diff --git a/poky/meta/recipes-graphics/wayland/weston_10.0.1.bb b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb index e27dac164e..f81a33fd1e 100644 --- a/poky/meta/recipes-graphics/wayland/weston_10.0.1.bb +++ b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb @@ -13,9 +13,7 @@ SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downlo file://systemd-notify.weston-start \ " -SRC_URI:append:libc-musl = " file://dont-use-plane-add-prop.patch " - -SRC_URI[sha256sum] = "8a9e52506a865a7410981b04f8341b89b84106db8531ab1f9fdd37b5dc034115" +SRC_URI[sha256sum] = "89646ca0d9f8d413c2767e5c3828eaa3fa149c2a105b3729a6894fa7cf1549e7" UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index a6ab9ca56d..dea7b65a7c 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "90598a5fae1172e3f7782a1b02f7b7518efd32c8" +SRCREV = "ba600ef61a85966596126a6e8d936971905e8749" PV = "0.3+git${SRCPV}" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb index 91c32e49d6..45c9d0e861 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "def08711eb23ba967fb7e1f8cff66178" +WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "0abec827a035c82bdcabdf82aa37ded247bc682ef05861bd409ea6f477bab81d" +SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9" inherit allarch @@ -311,6 +311,11 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \ + ${PN}-qcom-sc8280xp-lenovo-x13s-compat \ + ${PN}-qcom-sc8280xp-lenovo-x13s-audio \ + ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \ + ${PN}-qcom-sc8280xp-lenovo-x13s-compute \ + ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \ ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ @@ -976,6 +981,11 @@ FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${n FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*" FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*" FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" @@ -996,12 +1006,21 @@ RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-compute = "${PN}-qcom-license" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" + FILES:${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio" # For Amlogic VDEC @@ -1081,3 +1100,6 @@ python populate_packages:prepend () { # Firmware files are generally not ran on the CPU, so they can be # allarch despite being architecture specific INSANE_SKIP = "arch" + +# Don't warn about already stripped files +INSANE_SKIP:${PN} = "already-stripped" diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb index c64629d094..d5039264c4 100644 --- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb +++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb @@ -7,7 +7,7 @@ SRC_URI:append:libc-musl = "\ file://0001-include-linux-stddef.h-in-swab.h-uapi-header.patch \ " -SRC_URI:append = "\ +SRC_URI += "\ file://0001-scripts-Use-fixed-input-and-output-files-instead-of-.patch \ file://0001-kbuild-install_headers.sh-Strip-_UAPI-from-if-define.patch \ " diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb index d35632071b..75b1cb2a49 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -50,7 +50,7 @@ PACKAGECONFIG[dt-validation] = ",,python3-dtschema-native" # we need the wrappers if validation isn't in the packageconfig DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'dt-validation', '', 'python3-dtschema-wrapper-native', d)}" -COMPATIBLE_MACHINE = "(qemuarm|qemux86|qemuppc|qemumips|qemumips64|qemux86-64|qemuriscv32|qemuriscv64)" +COMPATIBLE_MACHINE = "^(qemuarm|qemux86|qemuppc|qemumips|qemumips64|qemux86-64|qemuriscv32|qemuriscv64)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 9387c67cfb..7ce21f0719 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6df690626649ba5430a379f63a5f7b7423ce2e48" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine ?= "932359383ea84843300c03ee6633881de1af488b" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" @@ -31,7 +31,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" LINUX_KERNEL_TYPE = "preempt-rt" -COMPATIBLE_MACHINE = "(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 32c7db2c74..6f8648e004 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "13ee019f28013cf8c102a3ffaadfa5e9ae9743e1" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" @@ -31,7 +31,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" LINUX_KERNEL_TYPE = "preempt-rt" -COMPATIBLE_MACHINE = "(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index d7aa3281cc..760b2be437 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,16 +15,16 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "3b1c4608c04d645b292f13cc550b5151e032794b" -SRCREV_machine ?= "cbfab86927ad95da60b8d49957ca941df615d877" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine:qemuarm ?= "f794496466680c6dbd36cb34b3e0884d0ee48d2d" +SRCREV_machine ?= "8173de3a22ec3395be1ae01dbe823d076313641a" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" PV = "${LINUX_VERSION}+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -COMPATIBLE_MACHINE = "qemux86|qemux86-64|qemuarm|qemuarmv5" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5)$" # Functionality flags KERNEL_FEATURES = "" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 8eb138e78b..4f2bb48743 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,15 +14,15 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "86c19d4c40f475e09a076d55391fa66d96a1b3ac" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" PV = "${LINUX_VERSION}+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -COMPATIBLE_MACHINE = "qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$" # Functionality flags KERNEL_FEATURES = "" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index cabc8f4975..7ea661e138 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -60,7 +60,7 @@ do_install:append(){ KERNEL_FEATURES:append:qemuall=" features/kernel-sample/kernel-sample.scc" KERNEL_DEBUG_OPTIONS ?= "stack" -KERNEL_EXTRA_ARGS:append:x86-64 = "${@bb.utils.contains('KERNEL_DEBUG_OPTIONS', 'stack', 'HOST_LIBELF_LIBS="-L${RECIPE_SYSROOT_NATIVE}/usr/lib/pkgconfig/../../../usr/lib/ -lelf"', '', d)}" +KERNEL_EXTRA_ARGS:append:x86-64 = " ${@bb.utils.contains('KERNEL_DEBUG_OPTIONS', 'stack', 'HOST_LIBELF_LIBS="-L${RECIPE_SYSROOT_NATIVE}/usr/lib/pkgconfig/../../../usr/lib/ -lelf"', '', d)}" do_devshell:prepend() { # setup native pkg-config variables (kconfig scripts call pkg-config directly, cannot generically be overriden to pkg-config-native) diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 73a58e59a0..bf43f77100 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "23ab0f8300e7b90fdf1e0be923933d5cfd03b618" -SRCREV_machine:qemuarm64 ?= "5ff1949cbb7ff90ae3e4dc6fd0fd9876ffaab9d2" -SRCREV_machine:qemumips ?= "01c75770046189608bb4ea9977521ec58a15b6bf" -SRCREV_machine:qemuppc ?= "7dd170da9eacb57c6d8eff88ca24b8bf55ab042a" -SRCREV_machine:qemuriscv64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemuriscv32 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemux86 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemux86-64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemumips64 ?= "a099189ac94c7218c09f1519ea4222fb2d9070be" -SRCREV_machine ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine:qemuarm ?= "1cfbadeee39ed8d3a8840586a57eee0cf1686f62" +SRCREV_machine:qemuarm64 ?= "12f0f8c4af04c4d4cb7762b7a2e5cfaa917f8fe9" +SRCREV_machine:qemumips ?= "4b9e240c03b2b60be378ae2cc9a321922201de8f" +SRCREV_machine:qemuppc ?= "7914a529e3ccd64f347439d5cabc202d24af3ea0" +SRCREV_machine:qemuriscv64 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemuriscv32 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemux86 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemux86-64 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemumips64 ?= "05365e1787c60331f88bec98dd0fcca08ce78b06" +SRCREV_machine ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -42,7 +42,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" -COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32" +COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32)$" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 083f87727b..2f91fb7a37 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "c33f2e2ad3fdcc1c9539f80fb51b49f68c544c03" -SRCREV_machine:qemuarm64 ?= "e8a14fadeb24619f20d3caebc01c7f26c49f768a" -SRCREV_machine:qemumips ?= "c5f07eee39e4e03e90de3e71a3f6448fdb73921a" -SRCREV_machine:qemuppc ?= "b5873d3a40b837059a36179174863cb4c7f9e109" -SRCREV_machine:qemuriscv64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemuriscv32 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemux86 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemux86-64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemumips64 ?= "a6c0767511eed80395777e42d33fdc8405bff2b4" -SRCREV_machine ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e" +SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad" +SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a" +SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6" +SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a" +SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "d676d6149a2f4b4d66b8ea0a1dfef30a54cf5750" +SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -51,7 +51,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" -COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32" +COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32)$" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch new file mode 100644 index 0000000000..1c3918be5c --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch @@ -0,0 +1,92 @@ +From 5dab3d515b6f5c5ac80c8e7674628495e3bf4ac6 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Mon, 22 Aug 2022 14:16:27 -0400 +Subject: [PATCH] fix: adjust range v5.10.137 in block probe + +See upstream commit, backported in v5.10.137 : + +commit 1cb3032406423b25aa984854b4d78e0100d292dd +Author: Christoph Hellwig <hch@lst.de> +Date: Thu Dec 3 17:21:39 2020 +0100 + + block: remove the request_queue to argument request based tracepoints + + [ Upstream commit a54895fa057c67700270777f7661d8d3c7fda88a ] + + The request_queue can trivially be derived from the request. + +Change-Id: I01f96a437641421faf993b4b031171c372bd0374 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> + +Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/5dab3d515b6f5c5ac80c8e7674628495e3bf4ac6] +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + include/instrumentation/events/block.h | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/include/instrumentation/events/block.h b/include/instrumentation/events/block.h +index 882e6e08..d4821c12 100644 +--- a/include/instrumentation/events/block.h ++++ b/include/instrumentation/events/block.h +@@ -366,7 +366,8 @@ LTTNG_TRACEPOINT_EVENT(block_rq_requeue, + lttng_req_op(rq), lttng_req_rw(rq), blk_rq_bytes(rq)) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_requeue - place block IO request back on a queue + * @rq: block IO operation request +@@ -611,7 +612,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(block_rq, + ctf_array_text(char, comm, current->comm, TASK_COMM_LEN) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + LTTNG_TRACEPOINT_EVENT_CLASS(block_rq, + + TP_PROTO(struct request *rq), +@@ -746,7 +748,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS_CODE(block_rq, + ) + #endif /* #else #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,11,0)) */ + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_insert - insert block operation request into queue + * @rq: block IO operation request +@@ -781,7 +784,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(block_rq, block_rq_insert, + ) + #endif + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_issue - issue pending block IO request operation to device driver + * @rq: block IO operation operation request +@@ -812,7 +816,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(block_rq, block_rq_issue, + ) + #endif + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_merge - merge request with another one in the elevator + * @rq: block IO operation operation request +@@ -1632,7 +1637,8 @@ LTTNG_TRACEPOINT_EVENT(block_rq_remap, + lttng_req_op(rq), lttng_req_rw(rq), blk_rq_bytes(rq)) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_remap - map request for a block operation request + * @rq: block IO operation request diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch new file mode 100644 index 0000000000..21e27ffc5e --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch @@ -0,0 +1,68 @@ +From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Wed, 10 Aug 2022 11:07:14 -0400 +Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION + +The definition of 'struct compact_control' in 'mm/internal.h' depends on +CONFIG_COMPACTION being defined. Only build the compaction probe when +this configuration option is enabled. + +Thanks to Bruce Ashfield <bruce.ashfield@gmail.com> for reporting this +issue. + +Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660] + +Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +--- + src/probes/Kbuild | 34 ++++++++++++++++++---------------- + 1 file changed, 18 insertions(+), 16 deletions(-) + +diff --git a/src/probes/Kbuild b/src/probes/Kbuild +index 2908cf75..3e556b8e 100644 +--- a/src/probes/Kbuild ++++ b/src/probes/Kbuild +@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),) + endif # $(wildcard $(btrfs_dep)) + endif # CONFIG_BTRFS_FS + +-# A dependency on internal header 'mm/internal.h' was introduced in v5.18 +-compaction_dep = $(srctree)/mm/internal.h +-compaction_dep_wildcard = $(wildcard $(compaction_dep)) +-compaction_dep_check = $(shell \ +-if [ \( $(VERSION) -ge 6 \ +- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ +- -z "$(compaction_dep_wildcard)" ] ; then \ +- echo "warn" ; \ +-else \ +- echo "ok" ; \ +-fi ;) +-ifeq ($(compaction_dep_check),ok) +- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o +-else +- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) +-endif # $(wildcard $(compaction_dep)) ++ifneq ($(CONFIG_COMPACTION),) ++ # A dependency on internal header 'mm/internal.h' was introduced in v5.18 ++ compaction_dep = $(srctree)/mm/internal.h ++ compaction_dep_wildcard = $(wildcard $(compaction_dep)) ++ compaction_dep_check = $(shell \ ++ if [ \( $(VERSION) -ge 6 \ ++ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ ++ -z "$(compaction_dep_wildcard)" ] ; then \ ++ echo "warn" ; \ ++ else \ ++ echo "ok" ; \ ++ fi ;) ++ ifeq ($(compaction_dep_check),ok) ++ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o ++ else ++ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) ++ endif # $(wildcard $(compaction_dep)) ++endif # CONFIG_COMPACTION + + ifneq ($(CONFIG_EXT4_FS),) + ext4_dep = $(srctree)/fs/ext4/*.h +-- +2.34.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch new file mode 100644 index 0000000000..62376806c8 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch @@ -0,0 +1,106 @@ +From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Wed, 8 Jun 2022 12:56:36 -0400 +Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint + mm_page_alloc_zone_locked() (v5.19) + +See upstream commit : + + commit 10e0f7530205799e7e971aba699a7cb3a47456de + Author: Wonhyuk Yang <vvghjk1234@gmail.com> + Date: Thu May 19 14:08:54 2022 -0700 + + mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() + + Currently, trace point mm_page_alloc_zone_locked() doesn't show correct + information. + + First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated + from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use + requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA. + + Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages + to be stored on the per-cpu lists") percpu-list can store high order + pages. But trace point determine whether it is a refiil of percpu-list by + comparing requested order and 0. + + To handle these problems, make mm_page_alloc_zone_locked() only be called + by __rmqueue_smallest with correct migration type. With a new argument + called percpu_refill, it can show roughly whether it is a refill of + percpu-list. + +Upstream-Status: Backport + +Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +--- + include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++ + 1 file changed, 45 insertions(+) + +diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h +index 29c0fb7f..8c19e962 100644 +--- a/include/instrumentation/events/kmem.h ++++ b/include/instrumentation/events/kmem.h +@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) ++LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype, ++ int percpu_refill), ++ ++ TP_ARGS(page, order, migratetype, percpu_refill), ++ ++ TP_FIELDS( ++ ctf_integer_hex(struct page *, page, page) ++ ctf_integer(unsigned long, pfn, ++ page ? page_to_pfn(page) : -1UL) ++ ctf_integer(unsigned int, order, order) ++ ctf_integer(int, migratetype, migratetype) ++ ctf_integer(int, percpu_refill, percpu_refill) ++ ) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked, ++ ++ kmem_mm_page_alloc_zone_locked, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype, ++ int percpu_refill), ++ ++ TP_ARGS(page, order, migratetype, percpu_refill) ++) ++ ++LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain, ++ ++ kmem_mm_page_pcpu_drain, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype), ++ ++ TP_ARGS(page, order, migratetype), ++ ++ TP_FIELDS( ++ ctf_integer(unsigned long, pfn, ++ page ? page_to_pfn(page) : -1UL) ++ ctf_integer(unsigned int, order, order) ++ ctf_integer(int, migratetype, migratetype) ++ ) ++) ++#else + LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, + + TP_PROTO(struct page *page, unsigned int order, int migratetype), +@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain, + + TP_ARGS(page, order, migratetype) + ) ++#endif + + #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \ + || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \ +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch new file mode 100644 index 0000000000..84c97d5f90 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch @@ -0,0 +1,76 @@ +From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Wed, 8 Jun 2022 13:07:59 -0400 +Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin + (v5.19) + +See upstream commit : + + commit 9d6b0cd7579844761ed68926eb3073bab1dca87b + Author: Matthew Wilcox (Oracle) <willy@infradead.org> + Date: Tue Feb 22 14:31:43 2022 -0500 + + fs: Remove flags parameter from aops->write_begin + + There are no more aop flags left, so remove the parameter. + +Upstream-Status: Backport + +Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +--- + include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h +index 513762c0..222416ec 100644 +--- a/include/instrumentation/events/ext4.h ++++ b/include/instrumentation/events/ext4.h +@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) ++LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len), ++ ++ TP_FIELDS( ++ ctf_integer(dev_t, dev, inode->i_sb->s_dev) ++ ctf_integer(ino_t, ino, inode->i_ino) ++ ctf_integer(loff_t, pos, pos) ++ ctf_integer(unsigned int, len, len) ++ ) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len) ++) ++#else + LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, + + TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, +@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, + + TP_ARGS(inode, pos, len, flags) + ) ++#endif + + LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end, + TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch new file mode 100644 index 0000000000..63f9c40d92 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch @@ -0,0 +1,124 @@ +From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Wed, 15 Jun 2022 12:07:16 -0400 +Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19) + +See upstream commit : + + commit 873a400938b31a1e443c4d94b560b78300787540 + Author: Wonhyuk Yang <vvghjk1234@gmail.com> + Date: Wed May 4 11:32:03 2022 +0900 + + workqueue: Fix type of cpu in trace event + + The trace event "workqueue_queue_work" use unsigned int type for + req_cpu, cpu. This casue confusing cpu number like below log. + + $ cat /sys/kernel/debug/tracing/trace + cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295 + + So, change unsigned type to signed type in the trace event. After + applying this patch, cpu number will be printed as -1 instead of + 4294967295 as folllows. + + $ cat /sys/kernel/debug/tracing/trace + cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1 + +Upstream-Status: Backport + +Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +--- + include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++-- + 1 file changed, 46 insertions(+), 3 deletions(-) + +diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h +index 023b65a8..5693cf89 100644 +--- a/include/instrumentation/events/workqueue.h ++++ b/include/instrumentation/events/workqueue.h +@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) + /** + * workqueue_queue_work - called when a work gets queued + * @req_cpu: the requested cpu +- * @cwq: pointer to struct cpu_workqueue_struct ++ * @pwq: pointer to struct pool_workqueue ++ * @work: pointer to struct work_struct ++ * ++ * This event occurs when a work is queued immediately or once a ++ * delayed work is actually queued on a workqueue (ie: once the delay ++ * has been reached). ++ */ ++LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, ++ ++ TP_PROTO(int req_cpu, struct pool_workqueue *pwq, ++ struct work_struct *work), ++ ++ TP_ARGS(req_cpu, pwq, work), ++ ++ TP_FIELDS( ++ ctf_integer_hex(void *, work, work) ++ ctf_integer_hex(void *, function, work->func) ++ ctf_integer(int, req_cpu, req_cpu) ++ ) ++) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) ++/** ++ * workqueue_queue_work - called when a work gets queued ++ * @req_cpu: the requested cpu ++ * @pwq: pointer to struct pool_workqueue + * @work: pointer to struct work_struct + * + * This event occurs when a work is queued immediately or once a +@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, + */ + LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) + TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq, + struct work_struct *work), + + TP_ARGS(req_cpu, pwq, work), ++ ++ TP_FIELDS( ++ ctf_integer_hex(void *, work, work) ++ ctf_integer_hex(void *, function, work->func) ++ ctf_integer(unsigned int, req_cpu, req_cpu) ++ ) ++) + #else ++/** ++ * workqueue_queue_work - called when a work gets queued ++ * @req_cpu: the requested cpu ++ * @cwq: pointer to struct cpu_workqueue_struct ++ * @work: pointer to struct work_struct ++ * ++ * This event occurs when a work is queued immediately or once a ++ * delayed work is actually queued on a workqueue (ie: once the delay ++ * has been reached). ++ */ ++LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, ++ + TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq, + struct work_struct *work), + + TP_ARGS(req_cpu, cwq, work), +-#endif + + TP_FIELDS( + ctf_integer_hex(void *, work, work) +@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, + ctf_integer(unsigned int, req_cpu, req_cpu) + ) + ) ++#endif + + /** + * workqueue_activate_work - called when a work gets activated +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb index bee2204b42..80b9ceec3f 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb @@ -11,7 +11,12 @@ include lttng-platforms.inc SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0009-Rename-genhd-wrapper-to-blkdev.patch \ + file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \ + file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \ + file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \ file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \ + file://0001-fix-compaction.patch \ + file://0001-fix-adjust-range-v5.10.137-in-block-probe.patch \ " # Use :append here so that the patch is applied also when using devupstream diff --git a/poky/meta/recipes-kernel/lttng/lttng-platforms.inc b/poky/meta/recipes-kernel/lttng/lttng-platforms.inc index 933c65d85d..900e36df82 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-platforms.inc +++ b/poky/meta/recipes-kernel/lttng/lttng-platforms.inc @@ -15,3 +15,7 @@ LTTNGUST:arc = "" COMPATIBLE_HOST:arc:pn-lttng-ust = "null" +# Whether the platform supports lttng-tools +# lttng-tools requires SYS_ppoll and SYS_pselect6 which are not supported on riscv32. +# It's also turned off for riscv32 in meta-riscv. See https://github.com/riscv/meta-riscv/blob/master/conf/layer.conf +COMPATIBLE_HOST:riscv32:pn-lttng-tools = "null" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 95e7eae9fe..772bc2dea1 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -144,6 +144,9 @@ do_install() { # we are checking for this make target to be compatible with older perf versions if ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'true', 'false', d)} && grep -q install-python_ext ${S}/tools/perf/Makefile*; then oe_runmake DESTDIR=${D} install-python_ext + if [ -e ${D}${libdir}/python*/site-packages/perf-*/SOURCES.txt ]; then + sed -i -e 's#${WORKDIR}##g' ${D}${libdir}/python*/site-packages/perf-*/SOURCES.txt + fi fi } @@ -203,7 +206,7 @@ do_configure:prepend () { if [ -e "${S}/tools/perf/Makefile.perf" ]; then sed -i -e 's,\ .config-detected, $(OUTPUT)/config-detected,g' \ ${S}/tools/perf/Makefile.perf - sed -i -e "s,prefix='\$(DESTDIR_SQ)/usr'$,prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(DESTDIR)\$(PYTHON_SITEPACKAGES_DIR)',g" \ + sed -i -e "s,prefix='\$(DESTDIR_SQ)/usr'$,prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(PYTHON_SITEPACKAGES_DIR)' --root='\$(DESTDIR)',g" \ ${S}/tools/perf/Makefile.perf # backport https://github.com/torvalds/linux/commit/e4ffd066ff440a57097e9140fa9e16ceef905de8 sed -i -e 's,\($(Q)$(SHELL) .$(arch_errno_tbl).\) $(CC) $(arch_errno_hdr_dir),\1 $(firstword $(CC)) $(arch_errno_hdr_dir),g' \ @@ -244,6 +247,9 @@ do_configure:prepend () { # change the Makefile line to remove everything before 'tools/perf' sed -i -e "s%srcdir_SQ = \$(subst ','\\\'',\$(srcdir))%srcdir_SQ = \$(patsubst \%tools/perf,tools/perf,\$(subst ','\\\'',\$(srcdir)))%g" \ ${S}/tools/perf/Makefile.config + # Avoid hardcoded path to python-native + sed -i -e 's#\(PYTHON_WORD := \)$(call shell-wordify,$(PYTHON))#\1 python3#g' \ + ${S}/tools/perf/Makefile.config fi if [ -e "${S}/tools/perf/tests/Build" ]; then # OUTPUT is the full path, we have python on the path so we remove it from the diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb index 2eba4f873b..357e79d7e1 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "ac00f97efecce5046ed069d1d93f3365fdf994c7c7854a8fc50831e959537230" +SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84" inherit bin_package allarch diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb index 61e3d92e95..dc627203ef 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb @@ -5,14 +5,13 @@ library for use in applications that read, create, and manipulate PNG \ HOMEPAGE = "http://www.libpng.org/" SECTION = "libs" LICENSE = "Libpng" -LIC_FILES_CHKSUM = "file://LICENSE;md5=b0085051bf265bac2bfc38bc89f50000" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13" DEPENDS = "zlib" LIBV = "16" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9" -SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca" +SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be" MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch new file mode 100644 index 0000000000..48ca56982f --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch @@ -0,0 +1,29 @@ +From 3fc1fdda0068981340cc7ae136173731275e2c5e Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Thu, 18 Aug 2022 10:46:30 +0530 +Subject: [PATCH] CVE-2022-34526 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990] +CVE: CVE-2022-34526 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + libtiff/tif_dirinfo.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 8565dfb..0f722a5 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -1157,6 +1157,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) + default: + return 1; + } ++ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) { ++ return 0; ++ } + /* Check if codec specific tags are allowed for the current + * compression scheme (codec) */ + switch (tif->tif_dir.td_compression) { +-- +2.25.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 149516508f..b5ccd859f3 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -21,6 +21,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ file://CVE-2022-1354.patch \ file://CVE-2022-1355.patch \ + file://CVE-2022-34526.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb index 281cff1bf2..263589846a 100644 --- a/poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb +++ b/poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \ file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7" SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz" -SRC_URI[sha256sum] = "7656532f837af5f4cec3ff6bafe552c044dc39bf453587bd5b77450802f4aee6" +SRC_URI[sha256sum] = "7bf5a8a28cc69bcfa8cb214f2c3095703c6b73ac5fba4d5480c205331d9494df" UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html" diff --git a/poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb b/poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb index ac4ee3eb23..77ca517ef7 100644 --- a/poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb +++ b/poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb @@ -11,7 +11,7 @@ inherit cmake features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "e8eeca228a6b4c36294cfb63f7d3ba9ada47a430904a5a973b3c99c96a44c18c" +SRC_URI[sha256sum] = "b84fdbfbc849ce4fdf084bb28b58e5463b1b4b6cc8f200dc77b41f8545d5329d" # This is a tweak of upstream-version-is-even needed because # ipstream directory contains tarballs for other components as well. diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb index df4ff63121..026e24ae39 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb @@ -16,8 +16,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://reproducibility.patch \ file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ " - -SRC_URI[sha256sum] = "b6bebe1f85a479d968c19e44a4704622ef8cef61636ad1b2406b77d16ae2e2a8" +SRC_URI[sha256sum] = "0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb index 4a18467ea4..5f776c13e6 100644 --- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb +++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb @@ -13,7 +13,7 @@ inherit meson features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "6239c9c15523410798d66315de6b491712ab30009ba180f3e0dd076d9b0074ac" +SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629" # Especially helps compiling with clang which enable this as error when # using c++11 diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch new file mode 100644 index 0000000000..d0a9bd9129 --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch @@ -0,0 +1,52 @@ +From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 23 Aug 2022 22:42:03 -0700 +Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type + +APR's configure script uses AC_TRY_RUN to detect whether the return type +of strerror_r is int. When cross-compiling this defaults to no. + +This commit adds an AC_CACHE_CHECK so users who cross-compile APR may +influence the outcome with a configure variable. + +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + build/apr_common.m4 | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/build/apr_common.m4 b/build/apr_common.m4 +index cbf2a4c..42e75cf 100644 +--- a/build/apr_common.m4 ++++ b/build/apr_common.m4 +@@ -525,8 +525,9 @@ dnl string. + dnl + dnl + AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ +-AC_MSG_CHECKING(for type of return code from strerror_r) +-AC_TRY_RUN([ ++AC_CACHE_CHECK([whether return code from strerror_r has type int], ++[ac_cv_strerror_r_rc_int], ++[AC_TRY_RUN([ + #include <errno.h> + #include <string.h> + #include <stdio.h> +@@ -542,14 +543,10 @@ main() + }], [ + ac_cv_strerror_r_rc_int=yes ], [ + ac_cv_strerror_r_rc_int=no ], [ +- ac_cv_strerror_r_rc_int=no ] ) ++ ac_cv_strerror_r_rc_int=no ] ) ] ) + if test "x$ac_cv_strerror_r_rc_int" = xyes; then + AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) +- msg="int" +-else +- msg="pointer" + fi +-AC_MSG_RESULT([$msg]) + ] ) + + dnl +-- +2.37.2 + diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch new file mode 100644 index 0000000000..fa6202da79 --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -0,0 +1,62 @@ +From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 26 Aug 2022 00:28:08 -0700 +Subject: [PATCH] configure: Remove runtime test for mmap that can map + /dev/zero + +This never works for cross-compile moreover it ends up disabling +ac_cv_file__dev_zero which then results in compiler errors in shared +mutexes + +Upstream-Status: Inappropriate [Cross-compile specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.in | 32 -------------------------------- + 1 file changed, 32 deletions(-) + +diff --git a/configure.in b/configure.in +index a99049d..f1f55c7 100644 +--- a/configure.in ++++ b/configure.in +@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ + APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) + AC_CHECK_FILE(/dev/zero) + +-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. +-if test "$ac_cv_func_mmap" = "yes" && +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_MSG_CHECKING(for mmap that can map /dev/zero) +- AC_TRY_RUN([ +-#include <sys/types.h> +-#include <sys/stat.h> +-#include <fcntl.h> +-#ifdef HAVE_SYS_MMAN_H +-#include <sys/mman.h> +-#endif +- int main() +- { +- int fd; +- void *m; +- fd = open("/dev/zero", O_RDWR); +- if (fd < 0) { +- return 1; +- } +- m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); +- if (m == (void *)-1) { /* aka MAP_FAILED */ +- return 2; +- } +- if (munmap(m, sizeof(void*)) < 0) { +- return 3; +- } +- return 0; +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) +- +- AC_MSG_RESULT($ac_cv_file__dev_zero) +-fi +- + # Now we determine which one is our anonymous shmem preference. + haveshmgetanon="0" + havemmapzero="0" +-- +2.37.2 + diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb index 9c826d4380..cb4bb936d7 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb @@ -24,6 +24,8 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ + file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ + file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ file://CVE-2021-35940.patch \ " @@ -36,17 +38,30 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'" # Added to fix some issues with cmake. Refer to https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928 CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes" - +# Enable largefile +CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes" +# Additional AC_TRY_RUN tests which will need to be cached for cross compile +CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes apr_cv_sock_cloexec=yes \ + ac_cv_struct_rlimit=yes \ + ac_cv_func_sem_open=yes \ + apr_cv_process_shared_works=yes \ + apr_cv_mutex_robust_shared=yes \ + " # Also suppress trying to use sctp. # CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sctp_uio_h=no" -CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes" +# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail during cross-compile +CACHED_CONFIGUREVARS += "${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS') != '32']}" + CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes" +CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG:append:libc-musl = " xsi-strerror" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[timed-tests] = "--enable-timed-tests,--disable-timed-tests," +PACKAGECONFIG[xsi-strerror] = "ac_cv_strerror_r_rc_int=yes,ac_cv_strerror_r_rc_int=no," do_configure:prepend() { # Avoid absolute paths for grep since it causes failures diff --git a/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch b/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch new file mode 100644 index 0000000000..df8b285700 --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch @@ -0,0 +1,82 @@ +From 78fd284a42caabe8815cb0870b46e5567872e75b Mon Sep 17 00:00:00 2001 +From: Dmitry <grisumbras@gmail.com> +Date: Sat, 11 Dec 2021 16:58:23 +0300 +Subject: [PATCH] Don't skip install targets if there's <build>no in ureqs + (#113) + +--- + src/tools/stage.jam | 4 ++++ + test/install_build_no.py | 26 ++++++++++++++++++++++++++ + test/test_all.py | 1 + + 3 files changed, 31 insertions(+) + create mode 100755 test/install_build_no.py + +Fixes install of boost fiber shared libraries which are missing in 1.78.0 +but working in 1.79.0. Only kirkstone affected by this. + +Upstream-Status: Backport + +Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> + +diff --git a/tools/build/src/tools/stage.jam b/tools/build/src/tools/stage.jam +index c5f02e3ba..325129dc8 100644 +--- a/tools/build/src/tools/stage.jam ++++ b/tools/build/src/tools/stage.jam +@@ -478,6 +478,10 @@ class install-target-class : basic-target + return [ sequence.unique $(result2) ] ; + } + ++ rule skip-from-usage-requirements ( ) ++ { ++ } ++ + # Returns true iff 'type' is subtype of some element of 'types-to-include'. + # + local rule include-type ( type : types-to-include * ) +diff --git a/tools/build/test/install_build_no.py b/tools/build/test/install_build_no.py +new file mode 100755 +index 000000000..0ccf3c5cc +--- /dev/null ++++ b/tools/build/test/install_build_no.py +@@ -0,0 +1,26 @@ ++#!/usr/bin/python ++ ++# Copyright 2021 Dmitry Arkhipov (grisumbras@gmail.com) ++# Distributed under the Boost Software License, Version 1.0. ++# (See accompanying file LICENSE.txt or https://www.bfgroup.xyz/b2/LICENSE.txt) ++ ++# Check that <build>no in usage-requirements of dependencies does not affect ++# install rule, i.e. a skipped installed target does not affect insallation of ++# other targets. ++ ++import BoostBuild ++ ++t = BoostBuild.Tester() ++ ++t.write("a.cpp", "int main() {}\n") ++ ++t.write("jamroot.jam", """ ++make x : : maker : <build>no ; ++exe a : a.cpp ; ++install install : x a ; ++""") ++ ++t.run_build_system() ++t.expect_addition("install/a.exe") ++ ++t.cleanup() +diff --git a/tools/build/test/test_all.py b/tools/build/test/test_all.py +index b7ef5ad70..9ed729d01 100644 +--- a/tools/build/test/test_all.py ++++ b/tools/build/test/test_all.py +@@ -250,6 +250,7 @@ tests = ["abs_workdir", + "inherit_toolset", + "inherited_dependency", + "inline", ++ "install_build_no", + "libjpeg", + "liblzma", + "libpng", +-- +2.20.1 + diff --git a/poky/meta/recipes-support/boost/boost_1.78.0.bb b/poky/meta/recipes-support/boost/boost_1.78.0.bb index 58be9dcf12..08364a4c3c 100644 --- a/poky/meta/recipes-support/boost/boost_1.78.0.bb +++ b/poky/meta/recipes-support/boost/boost_1.78.0.bb @@ -7,4 +7,5 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ file://de657e01635306085488290ea83de541ec393f8b.patch \ file://0001-futex-fix-build-on-32-bit-architectures-using-64-bit.patch \ + file://0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch \ " diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch new file mode 100644 index 0000000000..7b6f81bd02 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch @@ -0,0 +1,72 @@ +From 62c09239ac4e08239c8e363b06901fc80637d8c7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 29 Aug 2022 00:09:17 +0200 +Subject: [PATCH] cookie: reject cookies with "control bytes" + +Rejects 0x01 - 0x1f (except 0x09) plus 0x7f + +Reported-by: Axel Chong + +Bug: https://curl.se/docs/CVE-2022-35252.html + +CVE-2022-35252 + +Closes #9381 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb] + +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/cookie.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/lib/cookie.c b/lib/cookie.c +index cb0c03b..e0470a1 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -438,6 +438,30 @@ static bool bad_domain(const char *domain) + return TRUE; + } + ++/* ++ RFC 6265 section 4.1.1 says a server should accept this range: ++ ++ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ++ ++ But Firefox and Chrome as of June 2022 accept space, comma and double-quotes ++ fine. The prime reason for filtering out control bytes is that some HTTP ++ servers return 400 for requests that contain such. ++*/ ++static int invalid_octets(const char *p) ++{ ++ /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ ++ static const char badoctets[] = { ++ "\x01\x02\x03\x04\x05\x06\x07\x08\x0a" ++ "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" ++ "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" ++ }; ++ size_t vlen, len; ++ /* scan for all the octets that are *not* in cookie-octet */ ++ len = strcspn(p, badoctets); ++ vlen = strlen(p); ++ return (len != vlen); ++} ++ + /* + * Curl_cookie_add + * +@@ -590,6 +614,11 @@ Curl_cookie_add(struct Curl_easy *data, + badcookie = TRUE; + break; + } ++ if(invalid_octets(whatptr) || invalid_octets(name)) { ++ infof(data, "invalid octets in name/value, cookie dropped"); ++ badcookie = TRUE; ++ break; ++ } + } + else if(!len) { + /* +-- +2.35.1 + diff --git a/poky/meta/recipes-support/curl/curl_7.82.0.bb b/poky/meta/recipes-support/curl/curl_7.82.0.bb index 67de0220c6..5368c91f5c 100644 --- a/poky/meta/recipes-support/curl/curl_7.82.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.82.0.bb @@ -28,6 +28,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-32206.patch \ file://CVE-2022-32207.patch \ file://CVE-2022-32208.patch \ + file://CVE-2022-35252.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" diff --git a/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch b/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch new file mode 100644 index 0000000000..c1c1def194 --- /dev/null +++ b/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch @@ -0,0 +1,282 @@ +From 8161fec931f416f5ca6aa31bb53751e140a93046 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Tue, 16 Aug 2022 16:56:15 +0530 +Subject: [PATCH] CVE-2022-2509 + +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2] +CVE: CVE-2022-2509 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + NEWS | 4 + + lib/x509/pkcs7.c | 3 +- + tests/Makefile.am | 2 +- + tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++ + 4 files changed, 222 insertions(+), 2 deletions(-) + create mode 100644 tests/pkcs7-verify-double-free.c + +diff --git a/NEWS b/NEWS +index 36381f0..02c4040 100644 +--- a/NEWS ++++ b/NEWS +@@ -7,6 +7,10 @@ See the end for copying conditions. + + * Version 3.7.4 (released 2022-03-17) + ++** libgnutls: Fixed double free during verification of pkcs7 signatures. ++ Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium] ++ [CVE-2022-2509] ++ + ** libgnutls: Added support for certificate compression as defined in RFC8879. + ** certtool: Added option --compress-cert that allows user to specify compression + methods for certificate compression. +diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c +index 1f35fab..d5be7f4 100644 +--- a/lib/x509/pkcs7.c ++++ b/lib/x509/pkcs7.c +@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, + issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags); + + if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) { +- if (prev) gnutls_x509_crt_deinit(prev); ++ if (prev && prev != signer) ++ gnutls_x509_crt_deinit(prev); + prev = issuer; + break; + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index cec0a4e..b3cb56c 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -230,7 +230,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ +- x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name ++ x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name pkcs7-verify-double-free + + ctests += tls-channel-binding + +diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c +new file mode 100644 +index 0000000..fadf307 +--- /dev/null ++++ b/tests/pkcs7-verify-double-free.c +@@ -0,0 +1,215 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Zoltan Fridrich ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software: you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <stdio.h> ++#include <gnutls/pkcs7.h> ++#include <gnutls/x509.h> ++ ++#include "utils.h" ++ ++static char rca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n" ++ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" ++ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n" ++ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n" ++ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n" ++ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n" ++ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n" ++ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" ++ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n" ++ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n" ++ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n" ++ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n" ++ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n" ++ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n" ++ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n" ++ "LirBWjg89RoAjFQ7bTE=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n" ++ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n" ++ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n" ++ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n" ++ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n" ++ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n" ++ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n" ++ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n" ++ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n" ++ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n" ++ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n" ++ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n" ++ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n" ++ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n" ++ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ee_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n" ++ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n" ++ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n" ++ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n" ++ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n" ++ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n" ++ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n" ++ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n" ++ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n" ++ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n" ++ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n" ++ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n" ++ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n" ++ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n" ++ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n" ++ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char msg_pem[] = ++ "-----BEGIN PKCS7-----\n" ++ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n" ++ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n" ++ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n" ++ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" ++ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n" ++ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n" ++ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n" ++ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n" ++ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n" ++ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n" ++ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n" ++ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n" ++ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n" ++ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n" ++ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n" ++ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n" ++ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n" ++ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n" ++ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n" ++ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n" ++ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n" ++ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n" ++ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n" ++ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n" ++ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n" ++ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n" ++ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" ++ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n" ++ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n" ++ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n" ++ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n" ++ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n" ++ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n" ++ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n" ++ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n" ++ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n" ++ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n" ++ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n" ++ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n" ++ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n" ++ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n" ++ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n" ++ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n" ++ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n" ++ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n" ++ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n" ++ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n" ++ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n" ++ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n" ++ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n" ++ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n" ++ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n" ++ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n" ++ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n" ++ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n" ++ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n" ++ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n" ++ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n" ++ "-----END PKCS7-----\n"; ++ ++const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 }; ++const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 }; ++const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 }; ++const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 }; ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s |<%d>| %s", "err", level, str); ++} ++ ++#define CHECK(X)\ ++{\ ++ r = X;\ ++ if (r < 0)\ ++ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ ++}\ ++ ++void doit(void) ++{ ++ int r; ++ gnutls_x509_crt_t rca_cert = NULL; ++ gnutls_x509_crt_t ca_cert = NULL; ++ gnutls_x509_crt_t ee_cert = NULL; ++ gnutls_x509_trust_list_t tlist = NULL; ++ gnutls_pkcs7_t pkcs7 = NULL; ++ gnutls_datum_t data = { (unsigned char *)"xxx", 3 }; ++ ++ if (debug) { ++ gnutls_global_set_log_function(tls_log_func); ++ gnutls_global_set_log_level(4711); ++ } ++ ++ // Import certificates ++ CHECK(gnutls_x509_crt_init(&rca_cert)); ++ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ca_cert)); ++ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ee_cert)); ++ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Setup trust store ++ CHECK(gnutls_x509_trust_list_init(&tlist, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0)); ++ ++ // Setup pkcs7 structure ++ CHECK(gnutls_pkcs7_init(&pkcs7)); ++ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Signature verification ++ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0); ++ ++ gnutls_x509_crt_deinit(rca_cert); ++ gnutls_x509_crt_deinit(ca_cert); ++ gnutls_x509_crt_deinit(ee_cert); ++ gnutls_x509_trust_list_deinit(tlist, 0); ++ gnutls_pkcs7_deinit(pkcs7); ++} +-- +2.25.1 + diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb index b34eb7f5f0..94e7f0d58e 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ + file://CVE-2022-2509.patch \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" diff --git a/poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb b/poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb index db49adc1c2..5fb8b54c06 100644 --- a/poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb +++ b/poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ DEPENDS = "bison-native" -SRC_URI[sha256sum] = "4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898" +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" inherit autotools texinfo lib_package gtk-doc diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb index 857fe463ef..be573981b0 100644 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb @@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" -SRCREV = "9a6c24ee40e737ab34273c1af13a8dabcae888dd" +SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985" # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which # are inhibited by allarch diff --git a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb index 8ea8436977..fad92df507 100644 --- a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb +++ b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb @@ -5,13 +5,13 @@ SECTION = "optional" PROVIDES += "libatomics-ops" LICENSE = "GPL-2.0-only & MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://doc/LICENSING.txt;md5=e00dd5c8ac03a14c5ae5225a4525fa2d \ + file://doc/LICENSING.txt;md5=dfc50c7cea7b66935844587a0f7389e7 \ " SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz" UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases" -SRC_URI[sha256sum] = "f0ab566e25fce08b560e1feab6a3db01db4a38e5bc687804334ef3920c549f3e" +SRC_URI[sha256sum] = "390f244d424714735b7050d056567615b3b8f29008a663c262fb548f1802d292" S = "${WORKDIR}/libatomic_ops-${PV}" diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch index 9884fb5641..3f4c7e57ae 100644 --- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch +++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -1,4 +1,4 @@ -From fc60e000169618a4adced845b9462d36ced1efdd Mon Sep 17 00:00:00 2001 +From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Thu, 14 Oct 2021 15:57:36 +0800 Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl diff --git a/poky/meta/recipes-support/libcap/libcap_2.63.bb b/poky/meta/recipes-support/libcap/libcap_2.65.bb index 9e341c4bd0..8013d40769 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.63.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.65.bb @@ -20,7 +20,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ " -SRC_URI[sha256sum] = "0c637b8f44fc7d8627787e9cf57f15ac06c1ddccb53e41feec5496be3466f77f" +SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb b/poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb index 66763349d2..6ecf2e21c0 100644 --- a/poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb +++ b/poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \ SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2" -SRC_URI[sha256sum] = "3213f33d2b8f710eb920eb1abb279ec04bf8ae6361f44f2513c28c20d3363083" +SRC_URI[sha256sum] = "1213fd9f1b0b74da7de2bb74335b76098db9738fec5d3cdc07c0c524f34fc032" S = "${WORKDIR}/userspace-rcu-${PV}" inherit autotools multilib_header diff --git a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch deleted file mode 100644 index 5ac8f6691f..0000000000 --- a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 -From: Jasper Lievisse Adriaanse <j@jasper.la> -Date: Fri, 26 Feb 2021 15:21:20 +0100 -Subject: [PATCH] Fix potential memory corruption with negative memmove() size - -Upstream-Status: Backport -https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 -CVE: CVE-2021-3520 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - lib/lz4.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/lib/lz4.c -=================================================================== ---- git.orig/lib/lz4.c -+++ git/lib/lz4.c -@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( - const size_t dictSize /* note : = 0 if noDict */ - ) - { -- if (src == NULL) { return -1; } -+ if ((src == NULL) || (outputSize < 0)) { return -1; } - - { const BYTE* ip = (const BYTE*) src; - const BYTE* const iend = ip + srcSize; diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb index 129a86b681..a2a178bab5 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp HOMEPAGE = "https://github.com/lz4/lz4" LICENSE = "BSD-2-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ +LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \ file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \ + file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \ " PE = "1" -SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" +SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://CVE-2021-3520.patch \ - " +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb index 169cac8965..e6cc71a547 100644 --- a/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb +++ b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb @@ -32,5 +32,8 @@ PACKAGECONFIG[secret] = "--enable-libsecret, --disable-libsecret, libsecret" EXTRA_OECONF = " \ --disable-rpath \ " +EXTRA_OECONF:append:libc-musl = " \ + ac_cv_should_define__xopen_source=yes \ +" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch b/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch new file mode 100644 index 0000000000..9e8f039ef6 --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch @@ -0,0 +1,26 @@ +From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 +From: drh +Date: Thu, 18 Aug 2022 15:10:46 +0200 +Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation + +Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. + +This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). + +Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com + +CVE: CVE-2022-35737 + +Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] +--- + sqlite3.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index f867d62..490199a 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -30234,1 +30234,2 @@ static int vxprintf( +- int i, j, k, n, isnull; ++ i64 i, j, k, n; ++ int isnull; diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index d56a3a0209..628f630657 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -3,7 +3,9 @@ require sqlite3.inc LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" -SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \ +" SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c" # -19242 is only an issue in specific development branch commits diff --git a/poky/meta/recipes-support/vim/files/crosscompile.patch b/poky/meta/recipes-support/vim/files/crosscompile.patch deleted file mode 100644 index 583d3fc7b0..0000000000 --- a/poky/meta/recipes-support/vim/files/crosscompile.patch +++ /dev/null @@ -1,51 +0,0 @@ -configure.ac: Fix create_timer solaris test for cross compiling - -A runtime test was added for create_timer however this meant cross compiling -would no longer work. Allow a cache value to be specified to allow cross -compiling again. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777] - -Index: git/src/configure.ac -=================================================================== ---- git.orig/src/configure.ac -+++ git/src/configure.ac -@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( - dnl Check for timer_create. It probably requires the 'rt' library. - dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually - dnl works, on Solaris timer_create() exists but fails at runtime. --AC_MSG_CHECKING([for timer_create]) -+AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create], - save_LIBS="$LIBS" - LIBS="$LIBS -lrt" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ -@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE), -+ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes, - LIBS="$save_LIBS" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ - #include<signal.h> -@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE), -- AC_MSG_RESULT(no))) -+ vim_cv_timer_create=yes, -+ vim_cv_timer_create=no), -+ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create') -+ ) -+) -+ -+if test "x$vim_cv_timer_create" = "xyes" ; then -+ AC_DEFINE(HAVE_TIMER_CREATE) -+fi -+ - - AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash], - [ diff --git a/poky/meta/recipes-support/vim/files/racefix.patch b/poky/meta/recipes-support/vim/files/racefix.patch deleted file mode 100644 index 34bd37d650..0000000000 --- a/poky/meta/recipes-support/vim/files/racefix.patch +++ /dev/null @@ -1,37 +0,0 @@ -po/Makefile: Avoid race over LINGUAS file - -The creation of the LINGUAS file is duplicated for each desktop file -which can lead the commands to race against each other. One target might -remove it before another has been able to use it. Rework the makefile to -avoid this as the expense of leaving the file on disk. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776] - -Index: git/src/po/Makefile -=================================================================== ---- git.orig/src/po/Makefile -+++ git/src/po/Makefile -@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM - # Delete the temporary files - rm *.js - --vim.desktop: vim.desktop.in $(POFILES) -+LINGUAS: - echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+ -+vim.desktop: vim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template vim.desktop.in -o tmp_vim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_vim.desktop; fi - mv tmp_vim.desktop vim.desktop - --gvim.desktop: gvim.desktop.in $(POFILES) -- echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+gvim.desktop: gvim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template gvim.desktop.in -o tmp_gvim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_gvim.desktop; fi - mv tmp_gvim.desktop gvim.desktop - diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index 31229534e4..cbc370100b 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -18,12 +18,10 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ - file://racefix.patch \ - file://crosscompile.patch \ " -PV .= ".0063" -SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3" +PV .= ".0598" +SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/scripts/create-pull-request b/poky/scripts/create-pull-request index 8eefcf63a5..2f91a355b0 100755 --- a/poky/scripts/create-pull-request +++ b/poky/scripts/create-pull-request @@ -128,7 +128,7 @@ PROTO_RE="[a-z][a-z+]*://" GIT_RE="\(^\($PROTO_RE\)\?\)\($USER_RE@\)\?\([^:/]*\)[:/]\(.*\)" REMOTE_URL=${REMOTE_URL%.git} REMOTE_REPO=$(echo $REMOTE_URL | sed "s#$GIT_RE#\5#") -REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#git://\4/\5#") +REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#https://\4/\5#") if [ -z "$BRANCH" ]; then BRANCH=$(git branch | grep -e "^\* " | cut -d' ' -f2) diff --git a/poky/scripts/devtool b/poky/scripts/devtool index af4811b922..20d785c7f7 100755 --- a/poky/scripts/devtool +++ b/poky/scripts/devtool @@ -104,6 +104,7 @@ def read_workspace(): for fn in glob.glob(os.path.join(config.workspace_path, 'appends', '*.bbappend')): with open(fn, 'r') as f: pnvalues = {} + pn = None for line in f: res = externalsrc_re.match(line.rstrip()) if res: @@ -123,6 +124,9 @@ def read_workspace(): elif line.startswith('# srctreebase: '): pnvalues['srctreebase'] = line.split(':', 1)[1].strip() if pnvalues: + if not pn: + raise DevtoolError("Found *.bbappend in %s, but could not determine EXTERNALSRC:pn-*. " + "Maybe still using old syntax?" % config.workspace_path) if not pnvalues.get('srctreebase', None): pnvalues['srctreebase'] = pnvalues['srctree'] logger.debug('Found recipe %s' % pnvalues) @@ -314,10 +318,10 @@ def main(): args = parser.parse_args(unparsed_args, namespace=global_args) - if not getattr(args, 'no_workspace', False): - read_workspace() - try: + if not getattr(args, 'no_workspace', False): + read_workspace() + ret = args.func(args, config, basepath, workspace) except DevtoolError as err: if str(err): diff --git a/poky/scripts/lib/devtool/upgrade.py b/poky/scripts/lib/devtool/upgrade.py index 0357ec07bf..39a1910a49 100644 --- a/poky/scripts/lib/devtool/upgrade.py +++ b/poky/scripts/lib/devtool/upgrade.py @@ -119,20 +119,19 @@ def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d) f.write('# original_files: %s\n' % ' '.join(copied)) return af -def _cleanup_on_error(rf, srctree): - rfp = os.path.split(rf)[0] # recipe folder - rfpp = os.path.split(rfp)[0] # recipes folder - if os.path.exists(rfp): - shutil.rmtree(rfp) - if not len(os.listdir(rfpp)): - os.rmdir(rfpp) +def _cleanup_on_error(rd, srctree): + rdp = os.path.split(rd)[0] # recipes folder + if os.path.exists(rd): + shutil.rmtree(rd) + if not len(os.listdir(rdp)): + os.rmdir(rdp) srctree = os.path.abspath(srctree) if os.path.exists(srctree): shutil.rmtree(srctree) -def _upgrade_error(e, rf, srctree, keep_failure=False, extramsg=None): - if rf and not keep_failure: - _cleanup_on_error(rf, srctree) +def _upgrade_error(e, rd, srctree, keep_failure=False, extramsg=None): + if not keep_failure: + _cleanup_on_error(rd, srctree) logger.error(e) if extramsg: logger.error(extramsg) @@ -337,7 +336,10 @@ def _create_new_recipe(newpv, md5, sha256, srcrev, srcbranch, srcsubdir_old, src replacing = True new_src_uri = [] for entry in src_uri: - scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(entry) + try: + scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(entry) + except bb.fetch2.MalformedUrl as e: + raise DevtoolError("Could not decode SRC_URI: {}".format(e)) if replacing and scheme in ['git', 'gitsm']: branch = params.get('branch', 'master') if rd.expand(branch) != srcbranch: @@ -426,7 +428,7 @@ def _create_new_recipe(newpv, md5, sha256, srcrev, srcbranch, srcsubdir_old, src try: rd = tinfoil.parse_recipe_file(fullpath, False) except bb.tinfoil.TinfoilCommandFailed as e: - _upgrade_error(e, fullpath, srctree, keep_failure, 'Parsing of upgraded recipe failed') + _upgrade_error(e, os.path.dirname(fullpath), srctree, keep_failure, 'Parsing of upgraded recipe failed') oe.recipeutils.patch_recipe(rd, fullpath, newvalues) return fullpath, copied @@ -568,10 +570,9 @@ def upgrade(args, config, basepath, workspace): new_licenses = _extract_licenses(srctree_s, (rd.getVar('LIC_FILES_CHKSUM') or "")) license_diff = _generate_license_diff(old_licenses, new_licenses) rf, copied = _create_new_recipe(args.version, md5, sha256, args.srcrev, srcbranch, srcsubdir1, srcsubdir2, config.workspace_path, tinfoil, rd, license_diff, new_licenses, srctree, args.keep_failure) - except bb.process.CmdError as e: - _upgrade_error(e, rf, srctree, args.keep_failure) - except DevtoolError as e: - _upgrade_error(e, rf, srctree, args.keep_failure) + except (bb.process.CmdError, DevtoolError) as e: + recipedir = os.path.join(config.workspace_path, 'recipes', rd.getVar('BPN')) + _upgrade_error(e, recipedir, srctree, args.keep_failure) standard._add_md5(config, pn, os.path.dirname(rf)) af = _write_append(rf, srctree_s, args.same_dir, args.no_same_dir, rev2, diff --git a/poky/scripts/lib/wic/misc.py b/poky/scripts/lib/wic/misc.py index 3e11822996..a8aab6c524 100644 --- a/poky/scripts/lib/wic/misc.py +++ b/poky/scripts/lib/wic/misc.py @@ -140,11 +140,12 @@ def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""): cmd_and_args = pseudo + cmd_and_args hosttools_dir = get_bitbake_var("HOSTTOOLS_DIR") + target_sys = get_bitbake_var("TARGET_SYS") - native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/bin:%s" % \ + native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/usr/bin/%s:%s/bin:%s" % \ (native_sysroot, native_sysroot, - native_sysroot, native_sysroot, - hosttools_dir) + native_sysroot, native_sysroot, target_sys, + native_sysroot, hosttools_dir) native_cmd_and_args = "export PATH=%s:$PATH;%s" % \ (native_paths, cmd_and_args) diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py index 0391aebdc8..a65a5b9780 100644 --- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py +++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py @@ -326,21 +326,20 @@ class BootimgEFIPlugin(SourcePlugin): exec_cmd(install_cmd) staging_dir_host = get_bitbake_var("STAGING_DIR_HOST") + target_sys = get_bitbake_var("TARGET_SYS") # https://www.freedesktop.org/software/systemd/man/systemd-stub.html - objcopy_cmd = "objcopy \ - --add-section .osrel=%s --change-section-vma .osrel=0x20000 \ - --add-section .cmdline=%s --change-section-vma .cmdline=0x30000 \ - --add-section .linux=%s --change-section-vma .linux=0x2000000 \ - --add-section .initrd=%s --change-section-vma .initrd=0x3000000 \ - %s %s" % \ - ("%s/usr/lib/os-release" % staging_dir_host, - cmdline.name, - "%s/%s" % (staging_kernel_dir, kernel), - initrd.name, - efi_stub, - "%s/EFI/Linux/linux.efi" % hdddir) - exec_cmd(objcopy_cmd) + objcopy_cmd = "%s-objcopy" % target_sys + objcopy_cmd += " --add-section .osrel=%s/usr/lib/os-release" % staging_dir_host + objcopy_cmd += " --change-section-vma .osrel=0x20000" + objcopy_cmd += " --add-section .cmdline=%s" % cmdline.name + objcopy_cmd += " --change-section-vma .cmdline=0x30000" + objcopy_cmd += " --add-section .linux=%s/%s" % (staging_kernel_dir, kernel) + objcopy_cmd += " --change-section-vma .linux=0x2000000" + objcopy_cmd += " --add-section .initrd=%s" % initrd.name + objcopy_cmd += " --change-section-vma .initrd=0x3000000" + objcopy_cmd += " %s %s/EFI/Linux/linux.efi" % (efi_stub, hdddir) + exec_native_cmd(objcopy_cmd, native_sysroot) else: install_cmd = "install -m 0644 %s/%s %s/%s" % \ (staging_kernel_dir, kernel, hdddir, kernel) diff --git a/poky/scripts/oe-setup-builddir b/poky/scripts/oe-setup-builddir index 54048e62ec..5d644168cb 100755 --- a/poky/scripts/oe-setup-builddir +++ b/poky/scripts/oe-setup-builddir @@ -74,9 +74,10 @@ fi if [ ! -r "$BUILDDIR/conf/local.conf" ]; then cat <<EOM You had no conf/local.conf file. This configuration file has therefore been -created for you with some default values. You may wish to edit it to, for -example, select a different MACHINE (target hardware). See conf/local.conf -for more information as common configuration options are commented. +created for you from $OECORELOCALCONF +You may wish to edit it to, for example, select a different MACHINE (target +hardware). See conf/local.conf for more information as common configuration +options are commented. EOM cp -f "$OECORELOCALCONF" "$BUILDDIR/conf/local.conf" @@ -89,8 +90,9 @@ fi if [ ! -r "$BUILDDIR/conf/bblayers.conf" ]; then cat <<EOM You had no conf/bblayers.conf file. This configuration file has therefore been -created for you with some default values. To add additional metadata layers -into your configuration please add entries to conf/bblayers.conf. +created for you from $OECORELAYERCONF +To add additional metadata layers into your configuration please add entries +to conf/bblayers.conf. EOM diff --git a/poky/scripts/relocate_sdk.py b/poky/scripts/relocate_sdk.py index 4ed8bfc0d1..8a728720ba 100755 --- a/poky/scripts/relocate_sdk.py +++ b/poky/scripts/relocate_sdk.py @@ -104,11 +104,12 @@ def change_interpreter(elf_file_name): if (len(new_dl_path) >= p_filesz): print("ERROR: could not relocate %s, interp size = %i and %i is needed." \ % (elf_file_name, p_memsz, len(new_dl_path) + 1)) - break + return False dl_path = new_dl_path + b("\0") * (p_filesz - len(new_dl_path)) f.seek(p_offset) f.write(dl_path) break + return True def change_dl_sysdirs(elf_file_name): if arch == 32: @@ -222,6 +223,7 @@ else: executables_list = sys.argv[3:] +errors = False for e in executables_list: perms = os.stat(e)[stat.ST_MODE] if os.access(e, os.W_OK|os.R_OK): @@ -247,7 +249,8 @@ for e in executables_list: arch = get_arch() if arch: parse_elf_header() - change_interpreter(e) + if not change_interpreter(e): + errors = True change_dl_sysdirs(e) """ change permissions back """ @@ -260,3 +263,6 @@ for e in executables_list: print("New file size for %s is different. Looks like a relocation error!", e) sys.exit(-1) +if errors: + print("Relocation of one or more executables failed.") + sys.exit(-1) diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index 6e1f073ed2..1525081ad5 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -1375,7 +1375,7 @@ class BaseConfig(object): elif "-display sdl" in output: self.sdl = True else: - self.qemu_opt += '-display none' + self.qemu_opt += ' -display none' if self.sdl == True or self.gtk == True or self.egl_headless == True: @@ -1500,6 +1500,9 @@ class BaseConfig(object): cmd = "%s %s" % (self.qemu_opt, kernel_opts) cmds = shlex.split(cmd) logger.info('Running %s\n' % cmd) + with open('/proc/uptime', 'r') as f: + uptime_seconds = f.readline().split()[0] + logger.info('Host uptime: %s\n' % uptime_seconds) pass_fds = [] if self.taplock_descriptor: pass_fds = [self.taplock_descriptor.fileno()] @@ -1523,6 +1526,9 @@ class BaseConfig(object): signal.signal(signal.SIGTERM, signal.SIG_IGN) logger.info("Cleaning up") + with open('/proc/uptime', 'r') as f: + uptime_seconds = f.readline().split()[0] + logger.info('Host uptime: %s\n' % uptime_seconds) if self.cleantap: cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native) logger.debug('Running %s' % str(cmd)) diff --git a/poky/scripts/runqemu.README b/poky/scripts/runqemu.README index da9abd7dfb..e5f4b4634c 100644 --- a/poky/scripts/runqemu.README +++ b/poky/scripts/runqemu.README @@ -1,12 +1,12 @@ Using OE images with QEMU ========================= -OE-Core can generate qemu bootable kernels and images with can be used +OE-Core can generate qemu bootable kernels and images which can be used on a desktop system. The scripts currently support booting ARM, MIPS, PowerPC -and x86 (32 and 64 bit) images. The scripts can be used within the OE build -system or externaly. +and x86 (32 and 64 bit) images. The scripts can be used within the OE build +system or externally. -The runqemu script is run as: +The runqemu script is run as: runqemu <machine> <zimage> <filesystem> @@ -15,13 +15,13 @@ where: <machine> is the machine/architecture to use (qemuarm/qemumips/qemuppc/qemux86/qemux86-64) <zimage> is the path to a kernel (e.g. zimage-qemuarm.bin) <filesystem> is the path to an ext2 image (e.g. filesystem-qemuarm.ext2) or an nfs directory - -If <machine> isn't specified, the script will try to detect the machine name + +If <machine> isn't specified, the script will try to detect the machine name from the name of the <zimage> file. If <filesystem> isn't specified, nfs booting will be assumed. -When used within the build system, it will default to qemuarm, ext2 and the last kernel and +When used within the build system, it will default to qemuarm, ext2 and the last kernel and core-image-sato-sdk image built by the build system. If an sdk image isn't present it will look for sato and minimal images. @@ -31,7 +31,7 @@ Full usage instructions can be seen by running the command with no options speci Notes ===== - - The scripts run qemu using sudo. Change perms on /dev/net/tun to + - The scripts run qemu using sudo. Change perms on /dev/net/tun to run as non root. The runqemu-gen-tapdevs script can also be used by root to prepopulate the appropriate network devices. - You can access the host computer at 192.168.7.1 within the image. |