diff options
Diffstat (limited to 'poky')
52 files changed, 1079 insertions, 109 deletions
diff --git a/poky/bitbake/lib/bb/data_smart.py b/poky/bitbake/lib/bb/data_smart.py index 1d8774ee5e..61b37cf334 100644 --- a/poky/bitbake/lib/bb/data_smart.py +++ b/poky/bitbake/lib/bb/data_smart.py @@ -28,7 +28,7 @@ logger = logging.getLogger("BitBake.Data") __setvar_keyword__ = ["_append", "_prepend", "_remove"] __setvar_regexp__ = re.compile(r'(?P<base>.*?)(?P<keyword>_append|_prepend|_remove)(_(?P<add>[^A-Z]*))?$') -__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~]+?}") +__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~:]+?}") __expand_python_regexp__ = re.compile(r"\${@.+?}") __whitespace_split__ = re.compile(r'(\s)') __override_regexp__ = re.compile(r'[a-z0-9]+') @@ -481,6 +481,7 @@ class DataSmart(MutableMapping): def setVar(self, var, value, **loginfo): #print("var=" + str(var) + " val=" + str(value)) + var = var.replace(":", "_") self.expand_cache = {} parsing=False if 'parsing' in loginfo: @@ -589,6 +590,8 @@ class DataSmart(MutableMapping): """ Rename the variable key to newkey """ + key = key.replace(":", "_") + newkey = newkey.replace(":", "_") if key == newkey: bb.warn("Calling renameVar with equivalent keys (%s) is invalid" % key) return @@ -637,6 +640,7 @@ class DataSmart(MutableMapping): self.setVar(var + "_prepend", value, ignore=True, parsing=True) def delVar(self, var, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} loginfo['detail'] = "" @@ -664,6 +668,7 @@ class DataSmart(MutableMapping): override = None def setVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} if 'op' not in loginfo: @@ -687,6 +692,7 @@ class DataSmart(MutableMapping): self.dict["__exportlist"]["_content"].add(var) def getVarFlag(self, var, flag, expand=True, noweakdefault=False, parsing=False, retparser=False): + var = var.replace(":", "_") if flag == "_content": cachename = var else: @@ -814,6 +820,7 @@ class DataSmart(MutableMapping): return value def delVarFlag(self, var, flag, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} local_var, _ = self._findVar(var) @@ -831,6 +838,7 @@ class DataSmart(MutableMapping): del self.dict[var][flag] def appendVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") loginfo['op'] = 'append' loginfo['flag'] = flag self.varhistory.record(**loginfo) @@ -838,6 +846,7 @@ class DataSmart(MutableMapping): self.setVarFlag(var, flag, newvalue, ignore=True) def prependVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") loginfo['op'] = 'prepend' loginfo['flag'] = flag self.varhistory.record(**loginfo) @@ -845,6 +854,7 @@ class DataSmart(MutableMapping): self.setVarFlag(var, flag, newvalue, ignore=True) def setVarFlags(self, var, flags, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} infer_caller_details(loginfo) if not var in self.dict: @@ -859,6 +869,7 @@ class DataSmart(MutableMapping): self.dict[var][i] = flags[i] def getVarFlags(self, var, expand = False, internalflags=False): + var = var.replace(":", "_") local_var, _ = self._findVar(var) flags = {} @@ -875,6 +886,7 @@ class DataSmart(MutableMapping): def delVarFlags(self, var, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} if not var in self.dict: self._makeShadowCopy(var) diff --git a/poky/bitbake/lib/bb/parse/ast.py b/poky/bitbake/lib/bb/parse/ast.py index eb8cfa21b8..9f46f3f35a 100644 --- a/poky/bitbake/lib/bb/parse/ast.py +++ b/poky/bitbake/lib/bb/parse/ast.py @@ -97,6 +97,7 @@ class DataNode(AstNode): def eval(self, data): groupd = self.groupd key = groupd["var"] + key = key.replace(":", "_") loginfo = { 'variable': key, 'file': self.filename, @@ -207,6 +208,7 @@ class ExportFuncsNode(AstNode): def eval(self, data): for func in self.n: + func = func.replace(":", "_") calledfunc = self.classname + "_" + func if data.getVar(func, False) and not data.getVarFlag(func, 'export_func', False): diff --git a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py index 6e216effb8..8781129fc1 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py @@ -22,7 +22,7 @@ from .ConfHandler import include, init # For compatibility bb.deprecate_import(__name__, "bb.parse", ["vars_from_file"]) -__func_start_regexp__ = re.compile(r"(((?P<py>python)|(?P<fr>fakeroot))\s*)*(?P<func>[\w\.\-\+\{\}\$]+)?\s*\(\s*\)\s*{$" ) +__func_start_regexp__ = re.compile(r"(((?P<py>python(?=(\s|\()))|(?P<fr>fakeroot(?=\s)))\s*)*(?P<func>[\w\.\-\+\{\}\$:]+)?\s*\(\s*\)\s*{$" ) __inherit_regexp__ = re.compile(r"inherit\s+(.+)" ) __export_func_regexp__ = re.compile(r"EXPORT_FUNCTIONS\s+(.+)" ) __addtask_regexp__ = re.compile(r"addtask\s+(?P<func>\w+)\s*((before\s*(?P<before>((.*(?=after))|(.*))))|(after\s*(?P<after>((.*(?=before))|(.*)))))*") diff --git a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py index af64d3446e..a7e81bd6ad 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py @@ -20,7 +20,7 @@ from bb.parse import ParseError, resolve_file, ast, logger, handle __config_regexp__ = re.compile( r""" ^ (?P<exp>export\s+)? - (?P<var>[a-zA-Z0-9\-_+.${}/~]+?) + (?P<var>[a-zA-Z0-9\-_+.${}/~:]+?) (\[(?P<flag>[a-zA-Z0-9\-_+.]+)\])? \s* ( diff --git a/poky/bitbake/lib/bb/providers.py b/poky/bitbake/lib/bb/providers.py index 3f66a3d99f..484e1ea4f3 100644 --- a/poky/bitbake/lib/bb/providers.py +++ b/poky/bitbake/lib/bb/providers.py @@ -151,7 +151,7 @@ def findPreferredProvider(pn, cfgData, dataCache, pkg_pn = None, item = None): if item: itemstr = " (for item %s)" % item if preferred_file is None: - logger.warn("preferred version %s of %s not available%s", pv_str, pn, itemstr) + logger.warning("preferred version %s of %s not available%s", pv_str, pn, itemstr) available_vers = [] for file_set in pkg_pn: for f in file_set: @@ -163,7 +163,7 @@ def findPreferredProvider(pn, cfgData, dataCache, pkg_pn = None, item = None): available_vers.append(ver_str) if available_vers: available_vers.sort() - logger.warn("versions of %s available: %s", pn, ' '.join(available_vers)) + logger.warning("versions of %s available: %s", pn, ' '.join(available_vers)) else: logger.debug(1, "selecting %s as PREFERRED_VERSION %s of package %s%s", preferred_file, pv_str, pn, itemstr) diff --git a/poky/bitbake/lib/bb/tests/codeparser.py b/poky/bitbake/lib/bb/tests/codeparser.py index 826a2d2f6d..f485204791 100644 --- a/poky/bitbake/lib/bb/tests/codeparser.py +++ b/poky/bitbake/lib/bb/tests/codeparser.py @@ -111,9 +111,9 @@ ${D}${libdir}/pkgconfig/*.pc self.assertExecs(set(["sed"])) def test_parameter_expansion_modifiers(self): - # - and + are also valid modifiers for parameter expansion, but are + # -,+ and : are also valid modifiers for parameter expansion, but are # valid characters in bitbake variable names, so are not included here - for i in ('=', ':-', ':=', '?', ':?', ':+', '#', '%', '##', '%%'): + for i in ('=', '?', '#', '%', '##', '%%'): name = "foo%sbar" % i self.parseExpression("${%s}" % name) self.assertNotIn(name, self.references) diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 99bf4b364e..82fa325545 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -16,7 +16,7 @@ import os import sys import datetime -current_version = "3.1.9" +current_version = "3.1.10" # String used in sidebar version = 'Version: ' + current_version diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index 999779e7cc..590af46ebd 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,11 +1,11 @@ -DISTRO : "3.1.9" +DISTRO : "3.1.10" DISTRO_NAME_NO_CAP : "dunfell" DISTRO_NAME : "Dunfell" DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus" -YOCTO_DOC_VERSION : "3.1.9" +YOCTO_DOC_VERSION : "3.1.10" YOCTO_DOC_VERSION_MINUS_ONE : "3.0.2" -DISTRO_REL_TAG : "yocto-3.1.9" -POKYVERSION : "23.0.9" +DISTRO_REL_TAG : "yocto-3.1.10" +POKYVERSION : "23.0.10" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index e272cdc720..78f604e2a1 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -16,8 +16,9 @@ - :yocto_docs:`3.1.5 Documentation </3.1.5>` - :yocto_docs:`3.1.6 Documentation </3.1.6>` - :yocto_docs:`3.1.7 Documentation </3.1.7>` -- :yocto_docs:`3.1.7 Documentation </3.1.8>` +- :yocto_docs:`3.1.8 Documentation </3.1.8>` - :yocto_docs:`3.1.9 Documentation </3.1.9>` +- :yocto_docs:`3.1.10 Documentation </3.1.10>` ========================== Previous Release Manuals diff --git a/poky/documentation/sphinx-static/switchers.js b/poky/documentation/sphinx-static/switchers.js index 06d4a87091..a6432ae9b0 100644 --- a/poky/documentation/sphinx-static/switchers.js +++ b/poky/documentation/sphinx-static/switchers.js @@ -3,7 +3,7 @@ var all_versions = { 'dev': 'dev (3.3)', - '3.1.9': '3.1.9', + '3.1.10': '3.1.10', '3.0.4': '3.0.4', '2.7.4': '2.7.4', }; diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 92e9ba5477..11897c7422 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.1.9" +DISTRO_VERSION = "3.1.10" DISTRO_CODENAME = "dunfell" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}" diff --git a/poky/meta/classes/kernel-devicetree.bbclass b/poky/meta/classes/kernel-devicetree.bbclass index d4f8864200..27a4905ac6 100644 --- a/poky/meta/classes/kernel-devicetree.bbclass +++ b/poky/meta/classes/kernel-devicetree.bbclass @@ -1,8 +1,11 @@ # Support for device tree generation -PACKAGES_append = " \ - ${KERNEL_PACKAGE_NAME}-devicetree \ - ${@[d.getVar('KERNEL_PACKAGE_NAME') + '-image-zimage-bundle', ''][d.getVar('KERNEL_DEVICETREE_BUNDLE') != '1']} \ -" +python () { + if not bb.data.inherits_class('nopackages', d): + d.appendVar("PACKAGES", " ${KERNEL_PACKAGE_NAME}-devicetree") + if d.getVar('KERNEL_DEVICETREE_BUNDLE') == '1': + d.appendVar("PACKAGES", " ${KERNEL_PACKAGE_NAME}-image-zimage-bundle") +} + FILES_${KERNEL_PACKAGE_NAME}-devicetree = "/${KERNEL_IMAGEDEST}/*.dtb /${KERNEL_IMAGEDEST}/*.dtbo" FILES_${KERNEL_PACKAGE_NAME}-image-zimage-bundle = "/${KERNEL_IMAGEDEST}/zImage-*.dtb.bin" diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass index 85c6594c27..2a3cb21fc0 100644 --- a/poky/meta/classes/kernel.bbclass +++ b/poky/meta/classes/kernel.bbclass @@ -91,6 +91,8 @@ python __anonymous () { imagedest = d.getVar('KERNEL_IMAGEDEST') for type in types.split(): + if bb.data.inherits_class('nopackages', d): + continue typelower = type.lower() d.appendVar('PACKAGES', ' %s-image-%s' % (kname, typelower)) d.setVar('FILES_' + kname + '-image-' + typelower, '/' + imagedest + '/' + type + '-${KERNEL_VERSION_NAME}' + ' /' + imagedest + '/' + type) diff --git a/poky/meta/classes/package_pkgdata.bbclass b/poky/meta/classes/package_pkgdata.bbclass index 18b7ed62e0..a1ea8fc041 100644 --- a/poky/meta/classes/package_pkgdata.bbclass +++ b/poky/meta/classes/package_pkgdata.bbclass @@ -162,6 +162,6 @@ python package_prepare_pkgdata() { } package_prepare_pkgdata[cleandirs] = "${WORKDIR_PKGDATA}" -package_prepare_pkgdata[vardepsexclude] += "MACHINE_ARCH PACKAGE_EXTRA_ARCHS SDK_ARCH BUILD_ARCH SDK_OS BB_TASKDEPDATA" +package_prepare_pkgdata[vardepsexclude] += "MACHINE_ARCH PACKAGE_EXTRA_ARCHS SDK_ARCH BUILD_ARCH SDK_OS BB_TASKDEPDATA SSTATETASKS" diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass index 9cb6b0bd31..de48e4ff0f 100644 --- a/poky/meta/classes/report-error.bbclass +++ b/poky/meta/classes/report-error.bbclass @@ -6,8 +6,6 @@ # # Licensed under the MIT license, see COPYING.MIT for details -inherit base - ERR_REPORT_DIR ?= "${LOG_DIR}/error-report" def errorreport_getdata(e): diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index a689f7f677..0a25e3ed9d 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -123,8 +123,6 @@ SSTATE_HASHEQUIV_REPORT_TASKDATA[doc] = "Report additional useful data to the \ python () { if bb.data.inherits_class('native', d): d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH', False)) - if d.getVar("PN") == "pseudo-native": - d.appendVar('SSTATE_PKGARCH', '_${ORIGNATIVELSBSTRING}') elif bb.data.inherits_class('crosssdk', d): d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}")) elif bb.data.inherits_class('cross', d): @@ -483,7 +481,7 @@ def sstate_clean_cachefiles(d): ss = sstate_state_fromvars(ld, task) sstate_clean_cachefile(ss, ld) -def sstate_clean_manifest(manifest, d, prefix=None): +def sstate_clean_manifest(manifest, d, canrace=False, prefix=None): import oe.path mfile = open(manifest) @@ -501,7 +499,9 @@ def sstate_clean_manifest(manifest, d, prefix=None): if entry.endswith("/"): if os.path.islink(entry[:-1]): os.remove(entry[:-1]) - elif os.path.exists(entry) and len(os.listdir(entry)) == 0: + elif os.path.exists(entry) and len(os.listdir(entry)) == 0 and not canrace: + # Removing directories whilst builds are in progress exposes a race. Only + # do it in contexts where it is safe to do so. os.rmdir(entry[:-1]) else: os.remove(entry) @@ -539,7 +539,7 @@ def sstate_clean(ss, d): for lock in ss['lockfiles']: locks.append(bb.utils.lockfile(lock)) - sstate_clean_manifest(manifest, d) + sstate_clean_manifest(manifest, d, canrace=True) for lock in locks: bb.utils.unlockfile(lock) @@ -703,6 +703,10 @@ def sstate_package(ss, d): os.utime(siginfo, None) except PermissionError: pass + except OSError as e: + # Handle read-only file systems gracefully + if e.errno != errno.EROFS: + raise e return @@ -1141,6 +1145,10 @@ python sstate_eventhandler() { os.utime(siginfo, None) except PermissionError: pass + except OSError as e: + # Handle read-only file systems gracefully + if e.errno != errno.EROFS: + raise e } diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass index 506ce0665e..78eb914921 100644 --- a/poky/meta/classes/staging.bbclass +++ b/poky/meta/classes/staging.bbclass @@ -408,7 +408,7 @@ python extend_recipe_sysroot() { if os.path.islink(f) and not os.path.exists(f): bb.note("%s no longer exists, removing from sysroot" % f) lnk = os.readlink(f.replace(".complete", "")) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(f) os.unlink(f.replace(".complete", "")) @@ -453,7 +453,7 @@ python extend_recipe_sysroot() { fl = depdir + "/" + l bb.note("Task %s no longer depends on %s, removing from sysroot" % (mytaskname, l)) lnk = os.readlink(fl) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(fl) os.unlink(fl + ".complete") @@ -474,7 +474,7 @@ python extend_recipe_sysroot() { continue else: bb.note("%s exists in sysroot, but is stale (%s vs. %s), removing." % (c, lnk, c + "." + taskhash)) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(depdir + "/" + c) if os.path.lexists(depdir + "/" + c + ".complete"): os.unlink(depdir + "/" + c + ".complete") diff --git a/poky/meta/lib/oeqa/selftest/cases/archiver.py b/poky/meta/lib/oeqa/selftest/cases/archiver.py index bc5447d2a3..6a5c8ec71e 100644 --- a/poky/meta/lib/oeqa/selftest/cases/archiver.py +++ b/poky/meta/lib/oeqa/selftest/cases/archiver.py @@ -35,11 +35,11 @@ class Archiver(OESelftestTestCase): src_path = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS']) # Check that include_recipe was included - included_present = len(glob.glob(src_path + '/%s-*' % include_recipe)) + included_present = len(glob.glob(src_path + '/%s-*/*' % include_recipe)) self.assertTrue(included_present, 'Recipe %s was not included.' % include_recipe) # Check that exclude_recipe was excluded - excluded_present = len(glob.glob(src_path + '/%s-*' % exclude_recipe)) + excluded_present = len(glob.glob(src_path + '/%s-*/*' % exclude_recipe)) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % exclude_recipe) def test_archiver_filters_by_type(self): @@ -67,11 +67,11 @@ class Archiver(OESelftestTestCase): src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS']) # Check that target_recipe was included - included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipe)) + included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipe)) self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipe) # Check that native_recipe was excluded - excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipe)) + excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipe)) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipe) def test_archiver_filters_by_type_and_name(self): @@ -104,17 +104,17 @@ class Archiver(OESelftestTestCase): src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS']) # Check that target_recipe[0] and native_recipes[1] were included - included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[0])) + included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[0])) self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipes[0]) - included_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[1])) + included_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[1])) self.assertTrue(included_present, 'Recipe %s was not included.' % native_recipes[1]) # Check that native_recipes[0] and target_recipes[1] were excluded - excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[0])) + excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[0])) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipes[0]) - excluded_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[1])) + excluded_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[1])) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % target_recipes[1]) diff --git a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py index a7214beb4c..bbf67bf9c9 100644 --- a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py +++ b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py @@ -64,7 +64,7 @@ class TestMultiprocessLaunch(TestCase): import bb def testfunction(item, d): - if item == "2" or item == "1": + if item == "2": raise KeyError("Invalid number %s" % item) return "Found %s" % item @@ -99,5 +99,4 @@ class TestMultiprocessLaunch(TestCase): # Assert the function prints exceptions with captured_output() as (out, err): self.assertRaises(bb.BBHandledException, multiprocess_launch, testfunction, ["1", "2", "3", "4", "5", "6"], d, extraargs=(d,)) - self.assertIn("KeyError: 'Invalid number 1'", out.getvalue()) self.assertIn("KeyError: 'Invalid number 2'", out.getvalue()) diff --git a/poky/meta/lib/oeqa/selftest/cases/runcmd.py b/poky/meta/lib/oeqa/selftest/cases/runcmd.py index fa6113d7fa..e9612389fe 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runcmd.py +++ b/poky/meta/lib/oeqa/selftest/cases/runcmd.py @@ -27,8 +27,8 @@ class RunCmdTests(OESelftestTestCase): # The delta is intentionally smaller than the timeout, to detect cases where # we incorrectly apply the timeout more than once. - TIMEOUT = 5 - DELTA = 3 + TIMEOUT = 10 + DELTA = 8 def test_result_okay(self): result = runCmd("true") diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py index 976b513727..353d411681 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -14,11 +14,6 @@ from oeqa.core.decorator.data import skipIfNotQemu class TestExport(OESelftestTestCase): - @classmethod - def tearDownClass(cls): - runCmd("rm -rf /tmp/sdk") - super(TestExport, cls).tearDownClass() - def test_testexport_basic(self): """ Summary: Check basic testexport functionality with only ping test enabled. @@ -95,19 +90,20 @@ class TestExport(OESelftestTestCase): msg = "Couldn't find SDK tarball: %s" % tarball_path self.assertEqual(os.path.isfile(tarball_path), True, msg) - # Extract SDK and run tar from SDK - result = runCmd("%s -y -d /tmp/sdk" % tarball_path) - self.assertEqual(0, result.status, "Couldn't extract SDK") + with tempfile.TemporaryDirectory() as tmpdirname: + # Extract SDK and run tar from SDK + result = runCmd("%s -y -d %s" % (tarball_path, tmpdirname)) + self.assertEqual(0, result.status, "Couldn't extract SDK") - env_script = result.output.split()[-1] - result = runCmd(". %s; which tar" % env_script, shell=True) - self.assertEqual(0, result.status, "Couldn't setup SDK environment") - is_sdk_tar = True if "/tmp/sdk" in result.output else False - self.assertTrue(is_sdk_tar, "Couldn't setup SDK environment") + env_script = result.output.split()[-1] + result = runCmd(". %s; which tar" % env_script, shell=True) + self.assertEqual(0, result.status, "Couldn't setup SDK environment") + is_sdk_tar = True if tmpdirname in result.output else False + self.assertTrue(is_sdk_tar, "Couldn't setup SDK environment") - tar_sdk = result.output - result = runCmd("%s --version" % tar_sdk) - self.assertEqual(0, result.status, "Couldn't run tar from SDK") + tar_sdk = result.output + result = runCmd("%s --version" % tar_sdk) + self.assertEqual(0, result.status, "Couldn't run tar from SDK") class TestImage(OESelftestTestCase): diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index f34ba0dce5..202a14dee0 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -52,6 +52,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ + file://CVE-2021-3588.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch new file mode 100644 index 0000000000..f52ff47a06 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch @@ -0,0 +1,34 @@ +From 3a40bef49305f8327635b81ac8be52a3ca063d5a Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Mon, 4 Jan 2021 10:38:31 -0800 +Subject: [PATCH] gatt: Fix potential buffer out-of-bound + +When client features is read check if the offset is within the cli_feat +bounds. + +Fixes: https://github.com/bluez/bluez/issues/70 + ++Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a] ++Signed-off-by: Steve Sakoman <steve@sakoman.com> ++CVE: CVE-2021-3588 + +--- + src/gatt-database.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/gatt-database.c b/src/gatt-database.c +index 90cc4bade..f2d7b5821 100644 +--- a/src/gatt-database.c ++++ b/src/gatt-database.c +@@ -1075,6 +1075,11 @@ static void cli_feat_read_cb(struct gatt_db_attribute *attrib, + goto done; + } + ++ if (offset >= sizeof(state->cli_feat)) { ++ ecode = BT_ATT_ERROR_INVALID_OFFSET; ++ goto done; ++ } ++ + len = sizeof(state->cli_feat) - offset; + value = len ? &state->cli_feat[offset] : NULL; + diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2021-25217.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2021-25217.patch new file mode 100644 index 0000000000..91aaf83a77 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2021-25217.patch @@ -0,0 +1,66 @@ +From 5a7344b05081d84343a1627e47478f3990b17700 Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowergom@gmail.com> +Date: Thu, 8 Jul 2021 00:08:25 +0000 +Subject: [PATCH] ISC has disclosed a vulnerability in ISC DHCP + (CVE-2021-25217) + +On May 26, 2021, we (Internet Systems Consortium) disclosed a +vulnerability affecting our ISC DHCP software: + + CVE-2021-25217: A buffer overrun in lease file parsing code can be + used to exploit a common vulnerability shared by dhcpd and dhclient + https://kb.isc.org/docs/cve-2021-25217 + +New versions of ISC DHCP are available from https://www.isc.org/downloads + +Operators and package maintainers who prefer to apply patches selectively can +find individual vulnerability-specific patches in the "patches" subdirectory +of the release directories for our two stable release branches (4.4 and 4.1-ESV) + + https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches + https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/patches + +With the public announcement of this vulnerability, the embargo +period is ended and any updated software packages that have been +prepared may be released. + +Upstream-Status: Accepted [https://www.openwall.com/lists/oss-security/2021/05/26/6] +CVE: CVE-2021-25217 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + common/parse.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/common/parse.c b/common/parse.c +index 386a632..fc7b39c 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -3,7 +3,7 @@ + Common parser code for dhcpd and dhclient. */ + + /* +- * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC") ++ * Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1995-2003 by Internet Software Consortium + * + * This Source Code Form is subject to the terms of the Mozilla Public +@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb index b56a204821..5609a350cc 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ file://0013-fixup_use_libbind.patch \ file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ + file://CVE-2021-25217.patch \ " SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" diff --git a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch new file mode 100644 index 0000000000..b75f0907e7 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch @@ -0,0 +1,51 @@ +From fe791386ebc270219ca00406c9fdadc5130b64ee Mon Sep 17 00:00:00 2001 +From: Samuel Sapalski <samuel.sapalski@nokia.com> +Date: Wed, 3 Mar 2021 16:31:22 +0100 +Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt + +On certain corrupt gzip files, huft_build will set the error bit on +the result pointer. If afterwards abort_unzip is called huft_free +might run into a segmentation fault or an invalid pointer to +free(p). + +In order to mitigate this, we check in huft_free if the error bit +is set and clear it before the linked list is freed. + +Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> +Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +Upstream-Status: Backport +CVE: CVE-2021-28831 +Comment: One hunk from this patch is removed as it was not relevant. +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com> +--- + archival/libarchive/decompress_gunzip.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c +index eb3b64930..e93cd5005 100644 +--- a/archival/libarchive/decompress_gunzip.c ++++ b/archival/libarchive/decompress_gunzip.c +@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { + * each table. + * t: table to free + */ ++#define BAD_HUFT(p) ((uintptr_t)(p) & 1) ++#define ERR_RET ((huft_t*)(uintptr_t)1) + static void huft_free(huft_t *p) + { + huft_t *q; + ++ /* ++ * If 'p' has the error bit set we have to clear it, otherwise we might run ++ * into a segmentation fault or an invalid pointer to free(p) ++ */ ++ if (BAD_HUFT(p)) { ++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); ++ } ++ + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + while (p) { + q = (--p)->v.t; diff --git a/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch new file mode 100644 index 0000000000..4a1960dff2 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch @@ -0,0 +1,81 @@ +From ceb378209f953ea745ed93a8645567196380ce3c Mon Sep 17 00:00:00 2001 +From: Andrej Valek <andrej.valek@siemens.com> +Date: Thu, 24 Jun 2021 19:13:22 +0200 +Subject: [PATCH] mktemp: add tmpdir option + +Make mktemp more compatible with coreutils. +- add "--tmpdir" option +- add long variants for "d,q,u" options + +Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2021-June/088932.html] + +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + coreutils/mktemp.c | 26 ++++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +diff --git a/coreutils/mktemp.c b/coreutils/mktemp.c +index 5393320a5..05c6d98c6 100644 +--- a/coreutils/mktemp.c ++++ b/coreutils/mktemp.c +@@ -39,16 +39,17 @@ + //kbuild:lib-$(CONFIG_MKTEMP) += mktemp.o + + //usage:#define mktemp_trivial_usage +-//usage: "[-dt] [-p DIR] [TEMPLATE]" ++//usage: "[-dt] [-p DIR, --tmpdir[=DIR]] [TEMPLATE]" + //usage:#define mktemp_full_usage "\n\n" + //usage: "Create a temporary file with name based on TEMPLATE and print its name.\n" + //usage: "TEMPLATE must end with XXXXXX (e.g. [/dir/]nameXXXXXX).\n" + //usage: "Without TEMPLATE, -t tmp.XXXXXX is assumed.\n" +-//usage: "\n -d Make directory, not file" +-//usage: "\n -q Fail silently on errors" +-//usage: "\n -t Prepend base directory name to TEMPLATE" +-//usage: "\n -p DIR Use DIR as a base directory (implies -t)" +-//usage: "\n -u Do not create anything; print a name" ++//usage: "\n -d Make directory, not file" ++//usage: "\n -q Fail silently on errors" ++//usage: "\n -t Prepend base directory name to TEMPLATE" ++//usage: "\n -p DIR, --tmpdir[=DIR] Use DIR as a base directory (implies -t)" ++//usage: "\n For --tmpdir is a optional one." ++//usage: "\n -u Do not create anything; print a name" + //usage: "\n" + //usage: "\nBase directory is: -p DIR, else $TMPDIR, else /tmp" + //usage: +@@ -72,13 +73,22 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv) + OPT_t = 1 << 2, + OPT_p = 1 << 3, + OPT_u = 1 << 4, ++ OPT_td = 1 << 5, + }; + + path = getenv("TMPDIR"); + if (!path || path[0] == '\0') + path = "/tmp"; + +- opts = getopt32(argv, "^" "dqtp:u" "\0" "?1"/*1 arg max*/, &path); ++ opts = getopt32long(argv, "^" ++ "dqtp:u\0" ++ "?1" /* 1 arg max */, ++ "directory\0" No_argument "d" ++ "quiet\0" No_argument "q" ++ "dry-run\0" No_argument "u" ++ "tmpdir\0" Optional_argument "\xff" ++ , &path, &path ++ ); + + chp = argv[optind]; + if (!chp) { +@@ -95,7 +105,7 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv) + goto error; + } + #endif +- if (opts & (OPT_t|OPT_p)) ++ if (opts & (OPT_t|OPT_p|OPT_td)) + chp = concat_path_file(path, chp); + + if (opts & OPT_u) { +-- +2.11.0 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.31.1.bb b/poky/meta/recipes-core/busybox/busybox_1.31.1.bb index 7563368287..d9d5f4f96b 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.31.1.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.31.1.bb @@ -50,7 +50,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \ file://busybox-CVE-2018-1000500.patch \ file://0001-hwclock-make-glibc-2.31-compatible.patch \ -" + file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ + file://0001-mktemp-add-tmpdir-option.patch \ + " SRC_URI_append_libc-musl = " file://musl.cfg " SRC_URI[tarball.md5sum] = "70913edaf2263a157393af07565c17f0" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 7ae64a190f..aac0d9b3bf 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.31/master" PV = "2.31+git${SRCPV}" -SRCREV_glibc ?= "f84949f1c4bbf20e6a1d9a5859cf012cde060ede" +SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8" SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb index 75632d9434..da716674c3 100644 --- a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb +++ b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f535425934bb5001f2037d9" SRC_URI = "git://git.yoctoproject.org/update-rc.d" -SRCREV = "4b150b25b38de688d25cde2b2d22c268ed65a748" +SRCREV = "8636cf478d426b568c1be11dbd9346f67e03adac" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index a938b2da49..6571c19938 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -97,8 +97,7 @@ SRC_URI = "git://github.com/xrmx/bootchart.git \ " S = "${WORKDIR}/git" -SRCREV = "331ada031f1d65f6d934d918f896e1c708c64bf7" -PV .= "+git${SRCPV}" +SRCREV = "868a2afab9da34f32c007d773b77253c93104636" inherit systemd update-rc.d python3native update-alternatives diff --git a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c index af7af524eb..9eb5ca807a 100644 --- a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c +++ b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c @@ -9,6 +9,7 @@ #include <argp.h> #include <stdio.h> +#include <stdlib.h> #include <dwarf.h> #include <elfutils/libdw.h> @@ -83,13 +84,15 @@ process_cu (Dwarf_Die *cu_die) int main (int argc, char **argv) { - char* args[3]; + char* args[5]; int res = 0; Dwfl *dwfl; Dwarf_Addr bias; - if (argc != 2) + if (argc != 2) { fprintf(stderr, "Usage %s <file>", argv[0]); + exit(EXIT_FAILURE); + } // Pretend "dwarfsrcfiles -e <file>" was given, so we can use standard // dwfl argp parser to open the file for us and get our Dwfl. Useful @@ -98,8 +101,12 @@ main (int argc, char **argv) args[0] = argv[0]; args[1] = "-e"; args[2] = argv[1]; + // We don't want to follow debug linked files due to the way OE processes + // files, could race against changes in the linked binary (e.g. objcopy on it) + args[3] = "--debuginfo-path"; + args[4] = "/not/exist"; - argp_parse (dwfl_standard_argp (), 3, args, 0, NULL, &dwfl); + argp_parse (dwfl_standard_argp (), 5, args, 0, NULL, &dwfl); Dwarf_Die *cu = NULL; while ((cu = dwfl_nextcu (dwfl, cu, &bias)) != NULL) diff --git a/poky/meta/recipes-devtools/pseudo/pseudo.inc b/poky/meta/recipes-devtools/pseudo/pseudo.inc index 65d6e5068d..e6512bc6e6 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo.inc +++ b/poky/meta/recipes-devtools/pseudo/pseudo.inc @@ -112,6 +112,19 @@ do_compile_prepend_class-nativesdk () { fi } +do_compile_append_class-native () { + if [ '${@bb.data.inherits_class('uninative', d)}' = 'True' ]; then + for i in PSEUDO_PORT_UNIX_SYNCFS PSEUDO_PORT_UIDS_GENERIC PSEUDO_PORT_LINUX_NEWCLONE PSEUDO_PORT_LINUX_XATTR PSEUDO_PORT_LINUX_STATVFS; do + grep $i.1 ${S}/pseudo_ports.h + if [ $? != 0 ]; then + echo "$i not enabled in pseudo which is incompatible with uninative" + exit 1 + fi + done + fi +} + + do_install () { oe_runmake 'DESTDIR=${D}' ${MAKEOPTS} 'LIB=lib/pseudo/lib$(MARK64)' install } diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index 4eab133128..0ba460f3e6 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -6,7 +6,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \ file://fallback-group \ " -SRCREV = "ee24ebec9e5a11dd5208c9be2870f35eab3b9e20" +SRCREV = "b988b0a6b8afd8d459bc9a2528e834f63a3d59b2" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch new file mode 100644 index 0000000000..a44d3396a6 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch @@ -0,0 +1,33 @@ +From 7a2bddfa437be633bb6945d0e6b7d6f27da870ad Mon Sep 17 00:00:00 2001 +From: Tim Orling <timothy.t.orling@intel.com> +Date: Fri, 18 Jun 2021 11:56:50 -0700 +Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk + +These tests need full packagegroup-core-buildessential, the +easiest way to dynamically check for that is looking for +'tools-sdk' in IMAGE_FEATURES. + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Tim Orling <timothy.t.orling@intel.com> +--- + Lib/ctypes/test/test_find.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Lib/ctypes/test/test_find.py b/Lib/ctypes/test/test_find.py +index 92ac184..0d009d1 100644 +--- a/Lib/ctypes/test/test_find.py ++++ b/Lib/ctypes/test/test_find.py +@@ -112,10 +112,12 @@ class FindLibraryLinux(unittest.TestCase): + # LD_LIBRARY_PATH) + self.assertEqual(find_library(libname), 'lib%s.so' % libname) + ++ @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"") + def test_find_library_with_gcc(self): + with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None): + self.assertNotEqual(find_library('c'), None) + ++ @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"") + def test_find_library_with_ld(self): + with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None), \ + unittest.mock.patch("ctypes.util._findLib_gcc", lambda *args: None): diff --git a/poky/meta/recipes-devtools/python/python3_3.8.10.bb b/poky/meta/recipes-devtools/python/python3_3.8.10.bb index ae32ccc40e..7295c6320e 100644 --- a/poky/meta/recipes-devtools/python/python3_3.8.10.bb +++ b/poky/meta/recipes-devtools/python/python3_3.8.10.bb @@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-configure.ac-fix-LIBPL.patch \ file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ + file://0001-test_ctypes.test_find-skip-without-tools-sdk.patch \ " SRC_URI_append_class-native = " \ diff --git a/poky/meta/recipes-devtools/python/python3_3.8.11.bb b/poky/meta/recipes-devtools/python/python3_3.8.11.bb new file mode 100644 index 0000000000..f549bb2205 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3_3.8.11.bb @@ -0,0 +1,362 @@ +SUMMARY = "The Python Programming Language" +HOMEPAGE = "http://www.python.org" +DESCRIPTION = "Python is a programming language that lets you work more quickly and integrate your systems more effectively." +LICENSE = "PSF-2.0 & BSD-0-Clause" +SECTION = "devel/python" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=c22d2438294c784731bf9dd224a467b7" + +SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ + file://run-ptest \ + file://create_manifest3.py \ + file://get_module_deps3.py \ + file://python3-manifest.json \ + file://check_build_completeness.py \ + file://cgi_py.patch \ + file://0001-Do-not-add-usr-lib-termcap-to-linker-flags-to-avoid-.patch \ + ${@bb.utils.contains('PACKAGECONFIG', 'tk', '', 'file://avoid_warning_about_tkinter.patch', d)} \ + file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \ + file://python-config.patch \ + file://0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch \ + file://0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch \ + file://0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch \ + file://0001-Lib-sysconfig.py-fix-another-place-where-lib-is-hard.patch \ + file://0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch \ + file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \ + file://crosspythonpath.patch \ + file://reformat_sysconfig.py \ + file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ + file://0001-test_locale.py-correct-the-test-output-format.patch \ + file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \ + file://0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch \ + file://0001-Makefile-do-not-compile-.pyc-in-parallel.patch \ + file://0001-configure.ac-fix-LIBPL.patch \ + file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ + file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ + " + +SRC_URI_append_class-native = " \ + file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \ + file://12-distutils-prefix-is-inside-staging-area.patch \ + file://0001-Don-t-search-system-for-headers-libraries.patch \ + " + +SRC_URI[md5sum] = "5840ba601128f48fee4e7c98fbdac65d" +SRC_URI[sha256sum] = "fb1a1114ebfe9e97199603c6083e20b236a0e007a2c51f29283ffb50c1420fb2" + +# exclude pre-releases for both python 2.x and 3.x +UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" + +CVE_PRODUCT = "python" + +# Upstream consider this expected behaviour +CVE_CHECK_WHITELIST += "CVE-2007-4559" +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + +# This is windows only issue. +CVE_CHECK_WHITELIST += "CVE-2020-15523" + +PYTHON_MAJMIN = "3.8" + +S = "${WORKDIR}/Python-${PV}" + +BBCLASSEXTEND = "native nativesdk" + +inherit autotools pkgconfig qemu ptest multilib_header update-alternatives + +MULTILIB_SUFFIX = "${@d.getVar('base_libdir',1).split('/')[-1]}" + +ALTERNATIVE_${PN}-dev = "python3-config" +ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config" +ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" + + +DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive" +DEPENDS_append_class-target = " python3-native" +DEPENDS_append_class-nativesdk = " python3-native" + +EXTRA_OECONF = " --without-ensurepip --enable-shared" +EXTRA_OECONF_append_class-native = " --bindir=${bindir}/${PN}" + +export CROSSPYTHONPATH="${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/" + +EXTRANATIVEPATH += "python3-native" + +CACHED_CONFIGUREVARS = " \ + ac_cv_file__dev_ptmx=yes \ + ac_cv_file__dev_ptc=no \ + ac_cv_working_tzset=yes \ +" +python() { + # PGO currently causes builds to not be reproducible, so disable it for + # now. See YOCTO #13407 + if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) and d.getVar('BUILD_REPRODUCIBLE_BINARIES') != '1': + d.setVar('PACKAGECONFIG_PGO', 'pgo') + else: + d.setVar('PACKAGECONFIG_PGO', '') +} + +PACKAGECONFIG_class-target ??= "readline ${PACKAGECONFIG_PGO} gdbm" +PACKAGECONFIG_class-native ??= "readline gdbm" +PACKAGECONFIG_class-nativesdk ??= "readline gdbm" +PACKAGECONFIG[readline] = ",,readline" +# Use profile guided optimisation by running PyBench inside qemu-user +PACKAGECONFIG[pgo] = "--enable-optimizations,,qemu-native" +PACKAGECONFIG[tk] = ",,tk" +PACKAGECONFIG[gdbm] = ",,gdbm" + +do_configure_prepend () { + mkdir -p ${B}/Modules + cat > ${B}/Modules/Setup.local << EOF +*disabled* +${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)} +${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)} +EOF +} + +CPPFLAGS_append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" + +EXTRA_OEMAKE = '\ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + LIB=${baselib} \ +' + +do_compile_prepend_class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'pgo', 'true', 'false', d)}; then + qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_TARGET}', ['${B}', '${STAGING_DIR_TARGET}/${base_libdir}'])}" + cat >pgo-wrapper <<EOF +#!/bin/sh +cd ${B} +$qemu_binary "\$@" +EOF + chmod +x pgo-wrapper + fi +} + +do_install_prepend() { + ${WORKDIR}/check_build_completeness.py ${T}/log.do_compile +} + +do_install_append_class-target() { + oe_multilib_header python${PYTHON_MAJMIN}/pyconfig.h +} + +do_install_append_class-native() { + # Make sure we use /usr/bin/env python + for PYTHSCRIPT in `grep -rIl ${bindir}/${PN}/python ${D}${bindir}/${PN}`; do + sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' $PYTHSCRIPT + done + # Add a symlink to the native Python so that scripts can just invoke + # "nativepython" and get the right one without needing absolute paths + # (these often end up too long for the #! parser in the kernel as the + # buffer is 128 bytes long). + ln -s python3-native/python3 ${D}${bindir}/nativepython3 +} + +do_install_append() { + mkdir -p ${D}${libdir}/python-sysconfigdata + sysconfigfile=`find ${D} -name _sysconfig*.py` + cp $sysconfigfile ${D}${libdir}/python-sysconfigdata/_sysconfigdata.py + + sed -i \ + -e "s,^ 'LIBDIR'.*, 'LIBDIR': '${STAGING_LIBDIR}'\,,g" \ + -e "s,^ 'INCLUDEDIR'.*, 'INCLUDEDIR': '${STAGING_INCDIR}'\,,g" \ + -e "s,^ 'CONFINCLUDEDIR'.*, 'CONFINCLUDEDIR': '${STAGING_INCDIR}'\,,g" \ + -e "/^ 'INCLDIRSTOMAKE'/{N; s,/usr/include,${STAGING_INCDIR},g}" \ + -e "/^ 'INCLUDEPY'/s,/usr/include,${STAGING_INCDIR},g" \ + ${D}${libdir}/python-sysconfigdata/_sysconfigdata.py +} + +do_install_append_class-nativesdk () { + create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1' +} + +SSTATE_SCAN_FILES += "Makefile _sysconfigdata.py" +PACKAGE_PREPROCESS_FUNCS += "py_package_preprocess" + +py_package_preprocess () { + # Remove references to buildmachine paths in target Makefile and _sysconfigdata + sed -i -e 's:--sysroot=${STAGING_DIR_TARGET}::g' -e s:'--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ + -e 's:${RECIPE_SYSROOT}::g' \ + -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ + ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}*/Makefile \ + ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata*.py \ + ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config + + # Reformat _sysconfigdata after modifying it so that it remains + # reproducible + for c in ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata*.py; do + python3 ${WORKDIR}/reformat_sysconfig.py $c + done + + # Recompile _sysconfigdata after modifying it + cd ${PKGD} + sysconfigfile=`find . -name _sysconfigdata_*.py` + ${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + -c "from py_compile import compile; compile('$sysconfigfile')" + ${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + -c "from py_compile import compile; compile('$sysconfigfile', optimize=1)" + ${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + -c "from py_compile import compile; compile('$sysconfigfile', optimize=2)" + cd - + + mv ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX} + + #Remove the unneeded copy of target sysconfig data + rm -rf ${PKGD}/${libdir}/python-sysconfigdata +} + +# We want bytecode precompiled .py files (.pyc's) by default +# but the user may set it on their own conf +INCLUDE_PYCS ?= "1" + +python(){ + import collections, json + + filename = os.path.join(d.getVar('THISDIR'), 'python3', 'python3-manifest.json') + # This python changes the datastore based on the contents of a file, so mark + # that dependency. + bb.parse.mark_dependency(d, filename) + + with open(filename) as manifest_file: + manifest_str = manifest_file.read() + json_start = manifest_str.find('# EOC') + 6 + manifest_file.seek(json_start) + manifest_str = manifest_file.read() + python_manifest = json.loads(manifest_str, object_pairs_hook=collections.OrderedDict) + + # First set RPROVIDES for -native case + # Hardcoded since it cant be python3-native-foo, should be python3-foo-native + pn = 'python3' + rprovides = d.getVar('RPROVIDES').split() + + # ${PN}-misc-native is not in the manifest + rprovides.append(pn + '-misc-native') + + for key in python_manifest: + pypackage = pn + '-' + key + '-native' + if pypackage not in rprovides: + rprovides.append(pypackage) + + d.setVar('RPROVIDES_class-native', ' '.join(rprovides)) + + # Then work on the target + include_pycs = d.getVar('INCLUDE_PYCS') + + packages = d.getVar('PACKAGES').split() + pn = d.getVar('PN') + + newpackages=[] + for key in python_manifest: + pypackage = pn + '-' + key + + if pypackage not in packages: + # We need to prepend, otherwise python-misc gets everything + # so we use a new variable + newpackages.append(pypackage) + + # "Build" python's manifest FILES, RDEPENDS and SUMMARY + d.setVar('FILES_' + pypackage, '') + for value in python_manifest[key]['files']: + d.appendVar('FILES_' + pypackage, ' ' + value) + + # Add cached files + if include_pycs == '1': + for value in python_manifest[key]['cached']: + d.appendVar('FILES_' + pypackage, ' ' + value) + + for value in python_manifest[key]['rdepends']: + # Make it work with or without $PN + if '${PN}' in value: + value=value.split('-', 1)[1] + d.appendVar('RDEPENDS_' + pypackage, ' ' + pn + '-' + value) + + for value in python_manifest[key].get('rrecommends', ()): + if '${PN}' in value: + value=value.split('-', 1)[1] + d.appendVar('RRECOMMENDS_' + pypackage, ' ' + pn + '-' + value) + + d.setVar('SUMMARY_' + pypackage, python_manifest[key]['summary']) + + # Prepending so to avoid python-misc getting everything + packages = newpackages + packages + d.setVar('PACKAGES', ' '.join(packages)) + d.setVar('ALLOW_EMPTY_${PN}-modules', '1') + d.setVar('ALLOW_EMPTY_${PN}-pkgutil', '1') +} + +# Files needed to create a new manifest + +do_create_manifest() { + # This task should be run with every new release of Python. + # We must ensure that PACKAGECONFIG enables everything when creating + # a new manifest, this is to base our new manifest on a complete + # native python build, containing all dependencies, otherwise the task + # wont be able to find the required files. + # e.g. BerkeleyDB is an optional build dependency so it may or may not + # be present, we must ensure it is. + + cd ${WORKDIR} + # This needs to be executed by python-native and NOT by HOST's python + nativepython3 create_manifest3.py ${PYTHON_MAJMIN} + cp python3-manifest.json.new ${THISDIR}/python3/python3-manifest.json +} + +# bitbake python -c create_manifest +# Make sure we have native python ready when we create a new manifest +addtask do_create_manifest after do_patch do_prepare_recipe_sysroot + +# manual dependency additions +RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" +RRECOMMENDS_${PN}-crypt_append_class-target = " openssl ca-certificates" +RRECOMMENDS_${PN}-crypt_append_class-nativesdk = " openssl ca-certificates" + +# For historical reasons PN is empty and provided by python3-modules +FILES_${PN} = "" +RPROVIDES_${PN}-modules = "${PN}" + +FILES_${PN}-pydoc += "${bindir}/pydoc${PYTHON_MAJMIN} ${bindir}/pydoc3" +FILES_${PN}-idle += "${bindir}/idle3 ${bindir}/idle${PYTHON_MAJMIN}" + +# provide python-pyvenv from python3-venv +RPROVIDES_${PN}-venv += "python3-pyvenv" + +# package libpython3 +PACKAGES =+ "libpython3 libpython3-staticdev" +FILES_libpython3 = "${libdir}/libpython*.so.*" +FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}-*/libpython${PYTHON_MAJMIN}.a" +INSANE_SKIP_${PN}-dev += "dev-elf" +INSANE_SKIP_${PN}-ptest += "dev-deps" + +# catch all the rest (unsorted) +PACKAGES += "${PN}-misc" +RDEPENDS_${PN}-misc += "python3-core python3-email python3-codecs python3-pydoc python3-pickle python3-audio" +RDEPENDS_${PN}-modules_append_class-target = " python3-misc" +RDEPENDS_${PN}-modules_append_class-nativesdk = " python3-misc" +FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN} ${libdir}/python${PYTHON_MAJMIN}/lib-dynload" + +# catch manpage +PACKAGES += "${PN}-man" +FILES_${PN}-man = "${datadir}/man" + +# See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 +RDEPENDS_libpython3_append_libc-glibc = " libgcc" +RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig" +RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata-europe coreutils sed" +RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" +RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" +RDEPENDS_${PN}-dev = "" + +RDEPENDS_${PN}-tests_append_class-target = " bash" +RDEPENDS_${PN}-tests_append_class-nativesdk = " bash" + +# Python's tests contain large numbers of files we don't need in the recipe sysroots +SYSROOT_PREPROCESS_FUNCS += " py3_sysroot_cleanup" +py3_sysroot_cleanup () { + rm -rf ${SYSROOT_DESTDIR}${libdir}/python${PYTHON_MAJMIN}/test +} diff --git a/poky/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch b/poky/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch new file mode 100644 index 0000000000..b1a05b6863 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch @@ -0,0 +1,197 @@ +From 1e5b70cab83c95aa138107a38ecda75ff70e8985 Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowergom@gmail.com> +Date: Thu, 24 Jun 2021 01:11:26 +0000 +Subject: [PATCH] Be much more careful about copying data from the signature + header + +Only look for known tags, and ensure correct type and size where known +before copying over. Bump the old arbitrary 16k count limit to 16M limit +though, it's not inconceivable that a package could have that many files. +While at it, ensure none of these tags exist in the main header, +which would confuse us greatly. + +This is optimized for backporting ease, upstream can remove redundancies +and further improve checking later. + +Reported and initial patches by Demi Marie Obenour. + +Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ... + +Fixes: CVE-2021-3421, CVE-2021-20271 + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21] +CVE: CVE-2021-3421 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + lib/package.c | 115 ++++++++++++++++++++++++-------------------------- + lib/rpmtag.h | 4 ++ + 2 files changed, 58 insertions(+), 61 deletions(-) + +diff --git a/lib/package.c b/lib/package.c +index 081123d84e..7c26ea323f 100644 +--- a/lib/package.c ++++ b/lib/package.c +@@ -20,76 +20,68 @@ + + #include "debug.h" + ++struct taglate_s { ++ rpmTagVal stag; ++ rpmTagVal xtag; ++ rpm_count_t count; ++} const xlateTags[] = { ++ { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 }, ++ { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 }, ++ { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 }, ++ { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 }, ++ /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */ ++ { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 }, ++ { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 }, ++ { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 }, ++ { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 }, ++ { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 }, ++ { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 }, ++ { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 }, ++ { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 }, ++ { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 }, ++ { 0 } ++}; ++ + /** \ingroup header + * Translate and merge legacy signature tags into header. + * @param h header (dest) + * @param sigh signature header (src) + */ + static +-void headerMergeLegacySigs(Header h, Header sigh) ++rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg) + { +- HeaderIterator hi; ++ const struct taglate_s *xl; + struct rpmtd_s td; + +- hi = headerInitIterator(sigh); +- for (; headerNext(hi, &td); rpmtdFreeData(&td)) +- { +- switch (td.tag) { +- /* XXX Translate legacy signature tag values. */ +- case RPMSIGTAG_SIZE: +- td.tag = RPMTAG_SIGSIZE; +- break; +- case RPMSIGTAG_PGP: +- td.tag = RPMTAG_SIGPGP; +- break; +- case RPMSIGTAG_MD5: +- td.tag = RPMTAG_SIGMD5; +- break; +- case RPMSIGTAG_GPG: +- td.tag = RPMTAG_SIGGPG; +- break; +- case RPMSIGTAG_PGP5: +- td.tag = RPMTAG_SIGPGP5; +- break; +- case RPMSIGTAG_PAYLOADSIZE: +- td.tag = RPMTAG_ARCHIVESIZE; +- break; +- case RPMSIGTAG_SHA1: +- case RPMSIGTAG_SHA256: +- case RPMSIGTAG_DSA: +- case RPMSIGTAG_RSA: +- default: +- if (!(td.tag >= HEADER_SIGBASE && td.tag < HEADER_TAGBASE)) +- continue; +- break; +- } +- if (!headerIsEntry(h, td.tag)) { +- switch (td.type) { +- case RPM_NULL_TYPE: +- continue; +- break; +- case RPM_CHAR_TYPE: +- case RPM_INT8_TYPE: +- case RPM_INT16_TYPE: +- case RPM_INT32_TYPE: +- case RPM_INT64_TYPE: +- if (td.count != 1) +- continue; +- break; +- case RPM_STRING_TYPE: +- case RPM_BIN_TYPE: +- if (td.count >= 16*1024) +- continue; +- break; +- case RPM_STRING_ARRAY_TYPE: +- case RPM_I18NSTRING_TYPE: +- continue; +- break; +- } +- (void) headerPut(h, &td, HEADERPUT_DEFAULT); +- } ++ rpmtdReset(&td); ++ for (xl = xlateTags; xl->stag; xl++) { ++ /* There mustn't be one in the main header */ ++ if (headerIsEntry(h, xl->xtag)) ++ break; ++ if (headerGet(sigh, xl->stag, &td, HEADERGET_RAW|HEADERGET_MINMEM)) { ++ /* Translate legacy tags */ ++ if (xl->stag != xl->xtag) ++ td.tag = xl->xtag; ++ /* Ensure type and tag size match expectations */ ++ if (td.type != rpmTagGetTagType(td.tag)) ++ break; ++ if (td.count < 1 || td.count > 16*1024*1024) ++ break; ++ if (xl->count && td.count != xl->count) ++ break; ++ if (!headerPut(h, &td, HEADERPUT_DEFAULT)) ++ break; ++ rpmtdFreeData(&td); ++ } ++ } ++ rpmtdFreeData(&td); ++ ++ if (xl->stag) { ++ rasprintf(msg, "invalid signature tag %s (%d)", ++ rpmTagGetName(xl->xtag), xl->xtag); + } +- headerFreeIterator(hi); ++ ++ return xl->stag; + } + + /** +@@ -337,7 +329,8 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) + goto exit; + + /* Append (and remap) signature tags to the metadata. */ +- headerMergeLegacySigs(h, sigh); ++ if (headerMergeLegacySigs(h, sigh,&msg)) ++ goto exit; + applyRetrofits(h); + + /* Bump reference count for return. */ +diff --git a/lib/rpmtag.h b/lib/rpmtag.h +index 8c718b31b5..d562572c6f 100644 +--- a/lib/rpmtag.h ++++ b/lib/rpmtag.h +@@ -65,6 +65,8 @@ typedef enum rpmTag_e { + RPMTAG_LONGARCHIVESIZE = RPMTAG_SIG_BASE+15, /* l */ + /* RPMTAG_SIG_BASE+16 reserved */ + RPMTAG_SHA256HEADER = RPMTAG_SIG_BASE+17, /* s */ ++ /* RPMTAG_SIG_BASE+18 reserved for RPMSIGTAG_FILESIGNATURES */ ++ /* RPMTAG_SIG_BASE+19 reserved for RPMSIGTAG_FILESIGNATURELENGTH */ + + RPMTAG_NAME = 1000, /* s */ + #define RPMTAG_N RPMTAG_NAME /* s */ +@@ -422,6 +424,8 @@ typedef enum rpmSigTag_e { + RPMSIGTAG_LONGSIZE = RPMTAG_LONGSIGSIZE, /*!< internal Header+Payload size (64bit) in bytes. */ + RPMSIGTAG_LONGARCHIVESIZE = RPMTAG_LONGARCHIVESIZE, /*!< internal uncompressed payload size (64bit) in bytes. */ + RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER, ++ RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18, ++ RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19, + } rpmSigTag; + + +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb index 4029217d08..018b2f8700 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \ file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \ file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \ file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ + file://CVE-2021-3421.patch \ " PE = "1" diff --git a/poky/meta/recipes-extended/timezone/tzdata.bb b/poky/meta/recipes-extended/timezone/tzdata.bb index e6a0655afe..cc6206ac70 100644 --- a/poky/meta/recipes-extended/timezone/tzdata.bb +++ b/poky/meta/recipes-extended/timezone/tzdata.bb @@ -19,13 +19,17 @@ TZONES= "africa antarctica asia australasia europe northamerica southamerica \ " # pacificnew +# "slim" is the default since 2020b +# "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql +ZIC_FMT ?= "slim" + do_compile () { for zone in ${TZONES}; do \ - ${STAGING_BINDIR_NATIVE}/zic -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null \ + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null \ ${S}/${zone} ; \ - ${STAGING_BINDIR_NATIVE}/zic -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null \ + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null \ ${S}/${zone} ; \ - ${STAGING_BINDIR_NATIVE}/zic -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds \ + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds \ ${S}/${zone} ; \ done } diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb index 951e7635cc..887e1e2430 100644 --- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -177,7 +177,7 @@ do_install() { cp -a --parents $SYSCALL_TOOLS $kerneldir/build/ fi - cp -a --parents arch/arm/kernel/module.lds $kerneldir/build/ + cp -a --parents arch/arm/kernel/module.lds $kerneldir/build/ 2>/dev/null || : fi if [ -d arch/${ARCH}/include ]; then diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 3643e6af46..dcf4f12f45 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "c279b45a44858da788a13f23130ed06663e77c57" -SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49" +SRCREV_machine ?= "135b02c845043f37c8eac73607b62b0735286756" +SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.123" +LINUX_VERSION ?= "5.4.132" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index cf8e81e0f3..eaef9d9b64 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.123" +LINUX_VERSION ?= "5.4.132" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "445028ae9ec9a904122bb5c60995def98d2b1ddc" -SRCREV_machine ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49" +SRCREV_machine_qemuarm ?= "629ca595e3eafd1fdc3a3d978d6ed4547b419968" +SRCREV_machine ?= "35abc20f52ebdd41bbe76e6f2d6ee189ab3078f6" +SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 7282fbcd6e..cb3ff75d27 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "c292705386cfec860dad5e1dee74f22407fb7f94" -SRCREV_machine_qemuarm64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_machine_qemumips ?= "d4c949dc0b88dba72f9f94a18fd994aa8482ff8e" -SRCREV_machine_qemuppc ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_machine_qemuriscv64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_machine_qemux86 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_machine_qemux86-64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_machine_qemumips64 ?= "417e8e4e101314f02439a88c78d4cf2ab98df209" -SRCREV_machine ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be" -SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49" +SRCREV_machine_qemuarm ?= "cf8b645d7a1c268d071bdfe606f01d739afbdb80" +SRCREV_machine_qemuarm64 ?= "8d40ced691b9d211840801614a1031089ed6c2a2" +SRCREV_machine_qemumips ?= "c574c7303a75e700cb7123fc93a7ca7c19c963d6" +SRCREV_machine_qemuppc ?= "5550c64c43f81e6c29abfbc6ce31f44f200644ec" +SRCREV_machine_qemuriscv64 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a" +SRCREV_machine_qemux86 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a" +SRCREV_machine_qemux86-64 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a" +SRCREV_machine_qemumips64 ?= "9cd841f768e0b5a07251df29ba202b5ff2bdf114" +SRCREV_machine ?= "92705f96294a9c4ac611d3242f20651d5cf6224a" +SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.123" +LINUX_VERSION ?= "5.4.132" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index b6f50583f7..e04047e85a 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -45,7 +45,7 @@ PROVIDES = "virtual/perf" inherit linux-kernel-base kernel-arch manpages # needed for building the tools/perf Python bindings -inherit ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'python3native', '', d)} +inherit ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'python3targetconfig', '', d)} inherit python3-dir export PYTHON_SITEPACKAGES_DIR diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2021-3522.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2021-3522.patch new file mode 100644 index 0000000000..3717f0cf3a --- /dev/null +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2021-3522.patch @@ -0,0 +1,36 @@ +From 067e759136904b82bba9c6d1d781c4408dfecfe6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com> +Date: Wed, 3 Mar 2021 01:08:25 +0000 +Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads + +Check the right variable when checking if there's +enough data left to read the frame size. + +Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1066> + +Upstream-Status: Backport +[https://gstreamer.freedesktop.org/security/sa-2021-0001.html] +CVE: CVE-2021-3522 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + gst-libs/gst/tag/id3v2frames.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c +index 8e9f782..f39659b 100644 +--- a/gst-libs/gst/tag/id3v2frames.c ++++ b/gst-libs/gst/tag/id3v2frames.c +@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work) + + if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION | + ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) { +- if (work->hdr.frame_data_size <= 4) ++ if (frame_data_size <= 4) + return FALSE; + if (ID3V2_VER_MAJOR (work->hdr.version) == 3) { + work->parse_size = GST_READ_UINT32_BE (frame_data); +-- +2.17.1 + diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb index f8f5caa94a..431468d459 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb @@ -15,10 +15,15 @@ SRC_URI = " \ file://0003-ssaparse-enhance-SSA-text-lines-parsing.patch \ file://0005-viv-fb-Make-sure-config.h-is-included.patch \ file://0009-glimagesink-Downrank-to-marginal.patch \ + file://CVE-2021-3522.patch \ " SRC_URI[md5sum] = "e3ddb1bae9fb510b49a295f212f1e6e4" SRC_URI[sha256sum] = "9f02678b0bbbcc9eff107d3bd89d83ce92fec2154cd607c7c8bd34dc7fee491c" +# CPE entries for gst-plugins-base are listed as gstreamer issues +# so we need to ignore the false hit +CVE_CHECK_WHITELIST += "CVE-2021-3522" + S = "${WORKDIR}/gst-plugins-base-${PV}" DEPENDS += "iso-codes util-linux zlib" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb index 1038cbf224..e8830103ce 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb @@ -15,6 +15,11 @@ SRC_URI = " \ SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e" SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f" +# CPE entries for gst-plugins-good are listed as gstreamer issues +# so we need to ignore the false hit +CVE_CHECK_WHITELIST += "CVE-2021-3497" +CVE_CHECK_WHITELIST += "CVE-2021-3498" + S = "${WORKDIR}/gst-plugins-good-${PV}" LICENSE = "GPLv2+ & LGPLv2.1+" diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch new file mode 100644 index 0000000000..d8bb8efb88 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch @@ -0,0 +1,66 @@ +From cb929f59b527fe890376e47613dfe1434a320bc0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 11 Aug 2020 15:44:48 -0700 +Subject: [PATCH] [clang 11] fix build errors due to -WWc++11-narrowing + +https://bugs.webkit.org/show_bug.cgi?id=211193 + +Reviewed by Adrian Perez de Castro. + +Fixes the following errors, + +Source/WebCore/html/MediaElementSession.cpp:1059:9: error: type 'WebCore::RenderMedia *' cannot be narrowed to 'bool' in initializer list [-Wc++11-narrowing] +m_element.renderer(), +^~~~~~~~~~~~~~~~~~~~ + +Source/WebCore/style/StyleResolver.cpp:106:55: error: type 'const char [4]' cannot be narrowed to 'bool' in initializer list [-Wc++11-narrowing] +m_mediaQueryEvaluator = MediaQueryEvaluator { "all" }; + ^~~~~ +Source/WebCore/style/StyleResolver.cpp:106:55: note: insert an explicit cast to silence this issue +m_mediaQueryEvaluator = MediaQueryEvaluator { "all" }; + ^~~~~ + static_cast<bool>( ) + +* html/HTMLMediaElement.h: +(WebCore::HTMLMediaElement::hasRenderer const): +MediaElementSession was implicitly casting a pointer to a bool, +which is not allowed with modern Clang checks. Add a helper method +to encapsulate the now required static_cast<bool>. +* html/MediaElementSession.cpp: Use the new helper method to see +if the HTMLMediaElement has an associated renderer. +(WebCore::MediaElementSession::updateMediaUsageIfChanged): +* style/StyleResolver.cpp: This was calling MediaQueryEvaluator { +"all" }; and seemingly expecting to cast a const char[] to a bool, +or maybe String? It's confusing because of the MediaQueryEvaluator +API. If it was implicitly converting to bool then that could be +unintentional. Such casts are not allowed either now. The +MediaQueryEvaluator's default constructor says it returns true for +"all", which appears to be the original intent of this call, so I +replaced it with that. +(WebCore::Style::Resolver::Resolver): + +git-svn-id: http://svn.webkit.org/repository/webkit/trunk@260951 268f45cc-cd09-0410-ab3c-d52691b4dbfc + +Upstream-Status: Backport [https://github.com/WebKit/webkit/commit/c3cf651016e4cdcb4350598d4a586821071f91bf.patch] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Source/WebCore/style/StyleResolver.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Source/WebCore/style/StyleResolver.cpp b/Source/WebCore/style/StyleResolver.cpp +index 8bf371a0..34580ddb 100644 +--- a/Source/WebCore/style/StyleResolver.cpp ++++ b/Source/WebCore/style/StyleResolver.cpp +@@ -107,7 +107,7 @@ Resolver::Resolver(Document& document) + if (view) + m_mediaQueryEvaluator = MediaQueryEvaluator { view->mediaType() }; + else +- m_mediaQueryEvaluator = MediaQueryEvaluator { "all" }; ++ m_mediaQueryEvaluator = MediaQueryEvaluator { }; + + if (root) { + m_rootDefaultStyle = styleForElement(*root, m_document.renderStyle(), nullptr, RuleMatchingBehavior::MatchOnlyUserAgentRules).renderStyle; +-- +2.28.0 + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch deleted file mode 100644 index d8504c2b36..0000000000 --- a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [https://trac.webkit.org/changeset/262368/webkit?format=diff&new=262368] -CVE: CVE-2020-13753 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> - -Index: a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -=================================================================== ---- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262367) -+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262368) -@@ -642,5 +642,5 @@ - int r; - if (rule.arg) -- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, rule.arg); -+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, *rule.arg); - else - r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 0); diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb index cf6b2ffae7..ceda2992d7 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb @@ -19,10 +19,9 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://cross-compile.patch \ file://0001-Fix-build-with-musl.patch \ file://include_array.patch \ - file://CVE-2020-13753.patch \ + file://0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch \ " -SRC_URI[md5sum] = "ec0ef870ca37e3a5ebbead2f268a28ec" -SRC_URI[sha256sum] = "b9d23525cfd8d22c37b5d964a9fe9a8ce7583042a2f8d3922e71e6bbc68c30bd" +SRC_URI[sha256sum] = "821952e8c9303ed752f1fb1d4283f612c25249d00d705d2b79c2db1bc49c9464" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc diff --git a/poky/scripts/lib/devtool/deploy.py b/poky/scripts/lib/devtool/deploy.py index aaa25dda08..d802b22e8f 100644 --- a/poky/scripts/lib/devtool/deploy.py +++ b/poky/scripts/lib/devtool/deploy.py @@ -168,7 +168,7 @@ def deploy(args, config, basepath, workspace): if args.strip and not args.dry_run: # Fakeroot copy to new destination srcdir = recipe_outdir - recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'deploy-target-stripped') + recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'devtool-deploy-target-stripped') if os.path.isdir(recipe_outdir): bb.utils.remove(recipe_outdir, True) exec_fakeroot(rd, "cp -af %s %s" % (os.path.join(srcdir, '.'), recipe_outdir), shell=True) |