diff options
902 files changed, 23954 insertions, 7636 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 4f16fcf318..3adea45ea7 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -72,6 +72,7 @@ stages: - if: '$KERNEL != "linux-yocto-dev"' script: - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml + - echo KASFILES=$KASFILES - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES - kas build $KASFILES - ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log @@ -119,6 +120,29 @@ update-repos: # VIRT: [none, xen] # TESTING: testimage +arm-systemready-ir-acs: + extends: .build + timeout: 12h + parallel: + matrix: + # arm-systemready-ir-acs must be specified after fvp-base for ordering + # purposes for the jobs-to-kas output. It is not enough to just have it + # in the job name because fvp-base.yml overwrites the target. + - PLATFORM: fvp-base + ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs + tags: + - ${ACS_TAG} + +# Validate layers are Yocto Project Compatible +check-layers: + extends: .setup + script: + - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \ + "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency" + parallel: + matrix: + - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain] + corstone1000-fvp: extends: .build parallel: @@ -127,6 +151,7 @@ corstone1000-fvp: TESTING: [testimage, tftf] - FIRMWARE: none TESTING: testimage + - SYSTEMREADY_FIRMWARE: arm-systemready-firmware corstone1000-mps3: extends: .build @@ -136,11 +161,35 @@ corstone1000-mps3: TESTING: [none, tftf] - FIRMWARE: none +documentation: + extends: .setup + script: + - | + # This can be removed when the kas container has python3-venv installed + sudo apt-get update && sudo apt-get install --yes python3-venv + + python3 -m venv venv + . ./venv/bin/activate + + pip3 install -r meta-arm-bsp/documentation/requirements.txt + + for CONF in meta-*/documentation/*/conf.py ; do + echo Building $CONF... + SOURCE_DIR=$(dirname $CONF) + MACHINE=$(basename $SOURCE_DIR) + sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE + done + test -d build-docs/ + artifacts: + paths: + - build-docs/ + fvp-base: extends: .build parallel: matrix: - - TESTING: testimage + - TS: [none, fvp-base-ts] + TESTING: testimage - FIRMWARE: edk2 - SYSTEMREADY_FIRMWARE: arm-systemready-firmware @@ -152,7 +201,7 @@ arm-systemready-ir-acs: # arm-systemready-ir-acs must be specified after fvp-base for ordering # purposes for the jobs-to-kas output. It is not enough to just have it # in the job name because fvp-base.yml overwrites the target. - - PLATFORM: fvp-base + - PLATFORM: [fvp-base, corstone1000-fvp] ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs tags: - ${ACS_TAG} @@ -160,8 +209,14 @@ arm-systemready-ir-acs: fvps: extends: .build -generic-arm64: +genericarm64: extends: .build + parallel: + matrix: + - TOOLCHAINS: [gcc, clang] + TESTING: testimage + - KERNEL: linux-yocto-dev + TESTING: testimage juno: extends: .build @@ -170,6 +225,22 @@ juno: - TOOLCHAINS: [gcc, clang] FIRMWARE: [u-boot, edk2] +# What percentage of machines in the layer do we build +machine-coverage: + extends: .setup + script: + - ./ci/check-machine-coverage + coverage: '/Coverage: \d+/' + +metrics: + extends: .setup + artifacts: + reports: + metrics: metrics.txt + script: + - kas shell --update --force-checkout ci/base.yml --command \ + "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt" + musca-b1: extends: .build @@ -182,15 +253,19 @@ n1sdp: matrix: - TESTING: [none, n1sdp-ts, n1sdp-optee, tftf] -qemu-generic-arm64: - extends: .build - parallel: - matrix: - - KERNEL: [linux-yocto, linux-yocto-rt] - TOOLCHAINS: [gcc, clang] - TESTING: testimage - - KERNEL: linux-yocto-dev - TESTING: testimage +pending-updates: + extends: .setup + artifacts: + paths: + - update-report + script: + - rm -fr update-report + # This configuration has all of the layers we need enabled + - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \ + "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)" + # Do this on x86 whilst the compilers are x86-only + tags: + - x86_64 qemuarm64-secureboot: extends: .build @@ -257,11 +332,15 @@ qemuarmv5: - DISTRO: poky-tiny TESTING: testimage -sgi575: - extends: .build - -toolchains: +sbsa-ref: extends: .build + parallel: + matrix: + - KERNEL: [linux-yocto, linux-yocto-rt] + TOOLCHAINS: [gcc, clang] + TESTING: testimage + - KERNEL: linux-yocto-dev + TESTING: testimage selftest: extends: .setup @@ -269,65 +348,8 @@ selftest: - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml - kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests' -# Validate layers are Yocto Project Compatible -check-layers: - extends: .setup - script: - - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \ - "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency" - parallel: - matrix: - - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain] - -pending-updates: - extends: .setup - artifacts: - paths: - - update-report - script: - - rm -fr update-report - # This configuration has all of the layers we need enabled - - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \ - "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)" - # Do this on x86 whilst the compilers are x86-only - tags: - - x86_64 - -# What percentage of machines in the layer do we build -machine-coverage: - extends: .setup - script: - - ./ci/check-machine-coverage - coverage: '/Coverage: \d+/' - -metrics: - extends: .setup - artifacts: - reports: - metrics: metrics.txt - script: - - kas shell --update --force-checkout ci/base.yml --command \ - "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt" - -documentation: - extends: .setup - script: - - | - # This can be removed when the kas container has python3-venv installed - sudo apt-get update && sudo apt-get install --yes python3-venv - - python3 -m venv venv - . ./venv/bin/activate - - pip3 install -r meta-arm-bsp/documentation/requirements.txt +sgi575: + extends: .build - for CONF in meta-*/documentation/*/conf.py ; do - echo Building $CONF... - SOURCE_DIR=$(dirname $CONF) - MACHINE=$(basename $SOURCE_DIR) - sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE - done - test -d build-docs/ - artifacts: - paths: - - build-docs/ +toolchains: + extends: .build diff --git a/meta-arm/ci/arm-systemready-firmware.yml b/meta-arm/ci/arm-systemready-firmware.yml index 1854c2ab65..4b9753708f 100644 --- a/meta-arm/ci/arm-systemready-firmware.yml +++ b/meta-arm/ci/arm-systemready-firmware.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 11 includes: diff --git a/meta-arm/ci/arm-systemready-ir-acs.yml b/meta-arm/ci/arm-systemready-ir-acs.yml index 6cfead6c2d..e31a264b37 100644 --- a/meta-arm/ci/arm-systemready-ir-acs.yml +++ b/meta-arm/ci/arm-systemready-ir-acs.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 11 includes: @@ -12,3 +14,6 @@ local_conf_header: target: - arm-systemready-ir-acs + - arm-systemready-linux-distros-debian + - arm-systemready-linux-distros-opensuse + - arm-systemready-linux-distros-fedora diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml index 4296d27057..a3e2c68b86 100644 --- a/meta-arm/ci/base.yml +++ b/meta-arm/ci/base.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 @@ -5,7 +7,7 @@ distro: poky defaults: repos: - branch: master + branch: scarthgap repos: meta-arm: @@ -32,7 +34,6 @@ local_conf_header: PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl" PACKAGECONFIG:append:pn-perf = " coresight" INHERIT += "rm_work" - DISTRO_FEATURES:remove = "ptest" extrapackages: | CORE_IMAGE_EXTRA_INSTALL += "perf opencsd" CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon" diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml index b9425fa72a..9b2d194a3a 100644 --- a/meta-arm/ci/clang.yml +++ b/meta-arm/ci/clang.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml index 7fe9e8793a..3f47b3a5f1 100644 --- a/meta-arm/ci/corstone1000-common.yml +++ b/meta-arm/ci/corstone1000-common.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/corstone1000-firmware-only.yml b/meta-arm/ci/corstone1000-firmware-only.yml index 8af0146a3d..a22989108c 100644 --- a/meta-arm/ci/corstone1000-firmware-only.yml +++ b/meta-arm/ci/corstone1000-firmware-only.yml @@ -1,4 +1,5 @@ ---- +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/corstone1000-fvp.yml b/meta-arm/ci/corstone1000-fvp.yml index c4e5737947..c2bf9459d0 100644 --- a/meta-arm/ci/corstone1000-fvp.yml +++ b/meta-arm/ci/corstone1000-fvp.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/corstone1000-mps3.yml b/meta-arm/ci/corstone1000-mps3.yml index 7a1fc9efef..9b87b2593d 100644 --- a/meta-arm/ci/corstone1000-mps3.yml +++ b/meta-arm/ci/corstone1000-mps3.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/cve.yml b/meta-arm/ci/cve.yml index e2aca0e13a..d060d299ea 100644 --- a/meta-arm/ci/cve.yml +++ b/meta-arm/ci/cve.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/debug.yml b/meta-arm/ci/debug.yml index 6ca1a072bc..371035a17a 100644 --- a/meta-arm/ci/debug.yml +++ b/meta-arm/ci/debug.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/edk2.yml b/meta-arm/ci/edk2.yml index 3a5c4ce93b..d32e3645cd 100644 --- a/meta-arm/ci/edk2.yml +++ b/meta-arm/ci/edk2.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/external-gccarm.yml b/meta-arm/ci/external-gccarm.yml index a3313d8921..8985a1ba17 100644 --- a/meta-arm/ci/external-gccarm.yml +++ b/meta-arm/ci/external-gccarm.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 @@ -6,6 +8,6 @@ local_conf_header: SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain" TCMODE = "external-arm" EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}" - # Temporary workaround for a number binaries in the toolchains that are using 32bit timer API - # This must be done here instead of the recipe because of all the libraries in the toolchain have the issue - INSANE_SKIP:append = " 32bit-time" + # Disable ptest as this pulls target compilers, which don't + # work with external toolchain currently + DISTRO_FEATURES:remove = "ptest" diff --git a/meta-arm/ci/fvp-base-ts.yml b/meta-arm/ci/fvp-base-ts.yml new file mode 100644 index 0000000000..ae74334edf --- /dev/null +++ b/meta-arm/ci/fvp-base-ts.yml @@ -0,0 +1,34 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + includes: + - ci/fvp-base.yml + - ci/meta-openembedded.yml + - ci/testimage.yml + +local_conf_header: + trusted_services: | + # Enable the needed test suites + TEST_SUITES = " ping ssh trusted_services" + # Include all Secure Partitions into the image + MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its" + MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test" + MACHINE_FEATURES:append = " ts-block-storage ts-fwu" + # Include TS demo/test tools into image + IMAGE_INSTALL:append = " packagegroup-ts-tests" + # Include TS PSA Arch tests into image + IMAGE_INSTALL:append = " packagegroup-ts-tests-psa" + CORE_IMAGE_EXTRA_INSTALL += "optee-test" + # Set the TS environment + TS_ENV="sp" + # Enable and configure semihosting + FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}" + FVP_CONFIG[semihosting-enable] = "True" diff --git a/meta-arm/ci/fvp-base.yml b/meta-arm/ci/fvp-base.yml index 7441ea42c0..bbc6c44db3 100644 --- a/meta-arm/ci/fvp-base.yml +++ b/meta-arm/ci/fvp-base.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: @@ -5,3 +7,7 @@ header: - ci/fvp.yml machine: fvp-base + +target: + - core-image-sato + - boot-wrapper-aarch64 diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml index e9f3fa944c..2bf1cef024 100644 --- a/meta-arm/ci/fvp.yml +++ b/meta-arm/ci/fvp.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml index c6516148e6..8f1de17784 100644 --- a/meta-arm/ci/fvps.yml +++ b/meta-arm/ci/fvps.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + # Simple target to build the FVPs that are publically available header: diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml index 260199ae13..1f368c24dc 100644 --- a/meta-arm/ci/gcc.yml +++ b/meta-arm/ci/gcc.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/generic-arm64.yml b/meta-arm/ci/generic-arm64.yml deleted file mode 100644 index 5d944ef1ce..0000000000 --- a/meta-arm/ci/generic-arm64.yml +++ /dev/null @@ -1,6 +0,0 @@ -header: - version: 14 - includes: - - ci/base.yml - -machine: generic-arm64 diff --git a/meta-arm/ci/genericarm64.yml b/meta-arm/ci/genericarm64.yml new file mode 100644 index 0000000000..320cfae71c --- /dev/null +++ b/meta-arm/ci/genericarm64.yml @@ -0,0 +1,18 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + includes: + - ci/base.yml + +repos: + poky: + layers: + meta-yocto-bsp: + +local_conf_header: + bootloader: | + # If running genericarm64 in a qemu we need to manually build the bootloader + EXTRA_IMAGEDEPENDS += "virtual/bootloader" + +machine: genericarm64 diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml index 3c9f9eb754..0bfe026163 100644 --- a/meta-arm/ci/glibc.yml +++ b/meta-arm/ci/glibc.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/juno.yml b/meta-arm/ci/juno.yml index 552e325fd1..e812ec801d 100644 --- a/meta-arm/ci/juno.yml +++ b/meta-arm/ci/juno.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml index 5ee7afbbef..1b8d976838 100644 --- a/meta-arm/ci/linux-yocto-dev.yml +++ b/meta-arm/ci/linux-yocto-dev.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml index 65a276c184..9430cce5ff 100644 --- a/meta-arm/ci/linux-yocto-rt.yml +++ b/meta-arm/ci/linux-yocto-rt.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml index e9ccdcb28d..22d57f257d 100644 --- a/meta-arm/ci/linux-yocto.yml +++ b/meta-arm/ci/linux-yocto.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml index 743fdde57f..499216bfaa 100644 --- a/meta-arm/ci/meta-openembedded.yml +++ b/meta-arm/ci/meta-openembedded.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/meta-secure-core.yml b/meta-arm/ci/meta-secure-core.yml index 2d9fc2c5e2..b34562b267 100644 --- a/meta-arm/ci/meta-secure-core.yml +++ b/meta-arm/ci/meta-secure-core.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/meta-virtualization.yml b/meta-arm/ci/meta-virtualization.yml index f0f6280e8e..c0ba70ba8e 100644 --- a/meta-arm/ci/meta-virtualization.yml +++ b/meta-arm/ci/meta-virtualization.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/musca-b1.yml b/meta-arm/ci/musca-b1.yml index db2adc9bc6..1437b8ab37 100644 --- a/meta-arm/ci/musca-b1.yml +++ b/meta-arm/ci/musca-b1.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/musca-s1.yml b/meta-arm/ci/musca-s1.yml index 974badf437..a7fa680c42 100644 --- a/meta-arm/ci/musca-s1.yml +++ b/meta-arm/ci/musca-s1.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/musl.yml b/meta-arm/ci/musl.yml index 641c47092d..e20a4af42c 100644 --- a/meta-arm/ci/musl.yml +++ b/meta-arm/ci/musl.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/n1sdp-optee.yml b/meta-arm/ci/n1sdp-optee.yml index f2b50abf49..6de4abae5c 100644 --- a/meta-arm/ci/n1sdp-optee.yml +++ b/meta-arm/ci/n1sdp-optee.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/n1sdp-ts.yml b/meta-arm/ci/n1sdp-ts.yml index 641d3766cb..b100e24065 100644 --- a/meta-arm/ci/n1sdp-ts.yml +++ b/meta-arm/ci/n1sdp-ts.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml index c1b654d444..2a85d00b6f 100644 --- a/meta-arm/ci/n1sdp.yml +++ b/meta-arm/ci/n1sdp.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml index f17630106e..41f9a39eb5 100644 --- a/meta-arm/ci/poky-tiny.yml +++ b/meta-arm/ci/poky-tiny.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml index d6887a9cb5..db139dfd77 100644 --- a/meta-arm/ci/poky.yml +++ b/meta-arm/ci/poky.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/qemu-generic-arm64.yml b/meta-arm/ci/qemu-generic-arm64.yml deleted file mode 100644 index 43ae25639f..0000000000 --- a/meta-arm/ci/qemu-generic-arm64.yml +++ /dev/null @@ -1,14 +0,0 @@ -header: - version: 14 - includes: - - ci/generic-arm64.yml - -local_conf_header: - failing_tests: | - DEFAULT_TEST_SUITES:remove = "parselogs" - -machine: qemu-generic-arm64 - -target: - - core-image-sato - - sbsa-acs diff --git a/meta-arm/ci/qemuarm-secureboot.yml b/meta-arm/ci/qemuarm-secureboot.yml index 97e99039dd..6d9f4eea30 100644 --- a/meta-arm/ci/qemuarm-secureboot.yml +++ b/meta-arm/ci/qemuarm-secureboot.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: @@ -7,6 +9,8 @@ machine: qemuarm-secureboot target: - core-image-base - - optee-examples - - optee-test - - optee-os-tadevkit + +local_conf_header: + optee: | + IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta" + TEST_SUITES:append = " optee ftpm" diff --git a/meta-arm/ci/qemuarm.yml b/meta-arm/ci/qemuarm.yml index 18fef52e96..31192aee02 100644 --- a/meta-arm/ci/qemuarm.yml +++ b/meta-arm/ci/qemuarm.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/qemuarm64-secureboot-ts.yml b/meta-arm/ci/qemuarm64-secureboot-ts.yml index e18ce1a9dc..adf1f2f840 100644 --- a/meta-arm/ci/qemuarm64-secureboot-ts.yml +++ b/meta-arm/ci/qemuarm64-secureboot-ts.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/qemuarm64-secureboot.yml b/meta-arm/ci/qemuarm64-secureboot.yml index c4943cb6e4..b26941e0c4 100644 --- a/meta-arm/ci/qemuarm64-secureboot.yml +++ b/meta-arm/ci/qemuarm64-secureboot.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: @@ -7,6 +9,8 @@ machine: qemuarm64-secureboot target: - core-image-base - - optee-examples - - optee-test - - optee-os-tadevkit + +local_conf_header: + optee: | + IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta" + TEST_SUITES:append = " optee ftpm" diff --git a/meta-arm/ci/qemuarm64.yml b/meta-arm/ci/qemuarm64.yml index cd03e94281..9c696365c0 100644 --- a/meta-arm/ci/qemuarm64.yml +++ b/meta-arm/ci/qemuarm64.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/qemuarmv5.yml b/meta-arm/ci/qemuarmv5.yml index c2ff6c8405..b0a8bbd2bb 100644 --- a/meta-arm/ci/qemuarmv5.yml +++ b/meta-arm/ci/qemuarmv5.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/sbsa-ref.yml b/meta-arm/ci/sbsa-ref.yml new file mode 100644 index 0000000000..99e4ed716d --- /dev/null +++ b/meta-arm/ci/sbsa-ref.yml @@ -0,0 +1,12 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + includes: + - ci/base.yml + +machine: sbsa-ref + +target: + - core-image-sato + - sbsa-acs diff --git a/meta-arm/ci/selftest.yml b/meta-arm/ci/selftest.yml index e519851c0f..e36d62c568 100644 --- a/meta-arm/ci/selftest.yml +++ b/meta-arm/ci/selftest.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/sgi575.yml b/meta-arm/ci/sgi575.yml index faab716db2..e431382071 100644 --- a/meta-arm/ci/sgi575.yml +++ b/meta-arm/ci/sgi575.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/sstate-mirror.yml b/meta-arm/ci/sstate-mirror.yml new file mode 100644 index 0000000000..4bcbd760c5 --- /dev/null +++ b/meta-arm/ci/sstate-mirror.yml @@ -0,0 +1,11 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + +local_conf_header: + sstate_mirror: | + BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws" + SSTATE_MIRRORS = "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH" + BB_HASHSERVE = "auto" + BB_SIGNATURE_HANDLER = "OEEquivHash" diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml index a0e90250b2..a9b13d9a78 100644 --- a/meta-arm/ci/testimage.yml +++ b/meta-arm/ci/testimage.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: @@ -12,7 +14,7 @@ local_conf_header: slirp: | TEST_RUNQEMUPARAMS = "slirp" sshd: | - IMAGE_FEATURES:append = " ssh-server-dropbear" + IMAGE_FEATURES += "ssh-server-dropbear" sshkeys: | CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys" universally_failing_tests: | diff --git a/meta-arm/ci/tftf.yml b/meta-arm/ci/tftf.yml index 33a8a4f5f6..af1c486471 100644 --- a/meta-arm/ci/tftf.yml +++ b/meta-arm/ci/tftf.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml index 056269b2bd..c323fbe71d 100644 --- a/meta-arm/ci/toolchains.yml +++ b/meta-arm/ci/toolchains.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml index c693b8b0ad..be59543be7 100644 --- a/meta-arm/ci/u-boot.yml +++ b/meta-arm/ci/u-boot.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 diff --git a/meta-arm/ci/xen.yml b/meta-arm/ci/xen.yml index f4a8f9a453..d855369a65 100644 --- a/meta-arm/ci/xen.yml +++ b/meta-arm/ci/xen.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + header: version: 14 includes: diff --git a/meta-arm/documentation/trusted-services.md b/meta-arm/documentation/trusted-services.md index 70826f681e..c37b10bf3c 100644 --- a/meta-arm/documentation/trusted-services.md +++ b/meta-arm/documentation/trusted-services.md @@ -18,17 +18,18 @@ features for each [Secure Partition][^2] you would like to include: | ----------------- | --------------- | | Attestation | ts-attesation | | Crypto | ts-crypto | +| Firmware Update | ts-fwu | Internal Storage | ts-its | | Protected Storage | ts-storage | | se-proxy | ts-se-proxy | | smm-gateway | ts-smm-gateway | -| spm-test[1-3] | optee-spmc-test | +| spm-test[1-4] | optee-spmc-test | Other steps depend on your machine/platform definition: 1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y` is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES. - (Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.) + (Please see ` meta-arm/recipes-kernel/arm-tstee`.) For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled. @@ -44,9 +45,13 @@ Other steps depend on your machine/platform definition: and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms. +4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be + set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation. + + ## Normal World applications -Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes +Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes [Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests. ## OEQA Trusted Services tests @@ -62,4 +67,4 @@ See `ci/trusted-services.yml` for an example how to include them into an image. [^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html -[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
\ No newline at end of file +[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html diff --git a/meta-arm/kas/arm-systemready-linux-distros-fedora.yml b/meta-arm/kas/arm-systemready-linux-distros-fedora.yml new file mode 100644 index 0000000000..b2b23d7853 --- /dev/null +++ b/meta-arm/kas/arm-systemready-linux-distros-fedora.yml @@ -0,0 +1,7 @@ +header: + version: 16 + includes: + - kas/arm-systemready-firmware.yml + +target: + - arm-systemready-linux-distros-fedora diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml index a8b986030b..33f64f11f2 100644 --- a/meta-arm/kas/corstone1000-base.yml +++ b/meta-arm/kas/corstone1000-base.yml @@ -5,7 +5,7 @@ distro: poky defaults: repos: - branch: master + branch: scarthgap repos: meta-arm: @@ -16,14 +16,14 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - # commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff + commit: c5df9c829a549ca002c36afd6bdf23639831502e layers: meta: meta-poky: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - # commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d + commit: 6de0ab744341ad61b0661aa28d78dc6767ce0786 layers: meta-oe: meta-python: @@ -31,7 +31,7 @@ repos: meta-secure-core: url: https://github.com/wind-river/meta-secure-core.git - # commit: e29165a1031dcf601edbed1733cedd64826672a5 + commit: 13cb4867fb1245581c80da3b94b72c4b4f15d67e layers: meta-secure-core-common: meta-signing-key: diff --git a/meta-arm/kas/corstone1000-firmware-only.yml b/meta-arm/kas/corstone1000-firmware-only.yml index f16403676c..6192a40872 100644 --- a/meta-arm/kas/corstone1000-firmware-only.yml +++ b/meta-arm/kas/corstone1000-firmware-only.yml @@ -4,6 +4,8 @@ header: local_conf_header: firmwarebuild: | + BBMULTICONFIG:remove = "firmware" + # Need to ensure the rescue linux options are selected OVERRIDES .= ":firmware" diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml index 0d6d5feeed..527fd1d804 100644 --- a/meta-arm/kas/corstone1000-fvp.yml +++ b/meta-arm/kas/corstone1000-fvp.yml @@ -13,7 +13,6 @@ env: local_conf_header: testimagefvp: | - LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA" IMAGE_CLASSES += "fvpboot" mass-storage: | diff --git a/meta-arm/kas/corstone1000-image-configuration.yml b/meta-arm/kas/corstone1000-image-configuration.yml index 2b2852230b..4c3172a5a9 100644 --- a/meta-arm/kas/corstone1000-image-configuration.yml +++ b/meta-arm/kas/corstone1000-image-configuration.yml @@ -15,8 +15,8 @@ local_conf_header: initramfsetup: | # Telling the build system which image is responsible of the generation of the initramfs rootfs INITRAMFS_IMAGE_BUNDLE:firmware = "1" - INITRAMFS_IMAGE:firmware ?= "core-image-minimal" - IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}" + INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image" + IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}" IMAGE_NAME_SUFFIX:firmware = "" # enable mdev/busybox for init @@ -38,3 +38,12 @@ local_conf_header: # TS PSA API tests commands for crypto, its, ps and iat CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa" + CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa" + + # external system firmware + CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf" + + capsule: | + CAPSULE_EXTENSION = "uefi.capsule" + CAPSULE_FW_VERSION = "6" + CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}" diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf index 9013d11f8a..1a45840083 100644 --- a/meta-arm/meta-arm-bsp/conf/layer.conf +++ b/meta-arm/meta-arm-bsp/conf/layer.conf @@ -26,3 +26,5 @@ BBFILES_DYNAMIC += " \ " WARN_QA:append:layer-meta-arm-bsp = " patch-status" + +addpylib ${LAYERDIR}/lib oeqa diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf index b15c0faaa7..2c724bfeb2 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf @@ -14,7 +14,10 @@ TEST_SUITES = "fvp_boot" # FVP Config FVP_PROVIDER ?= "fvp-corstone1000-native" FVP_EXE ?= "FVP_Corstone-1000" -FVP_CONSOLE ?= "host_terminal_0" +FVP_CONSOLES[default] = "host_terminal_0" +FVP_CONSOLES[tf-a] = "host_terminal_1" +FVP_CONSOLES[se] = "secenc_terminal" +FVP_CONSOLES[extsys] = "extsys_terminal" #Disable Time Annotation FASTSIM_DISABLE_TA = "0" @@ -49,7 +52,7 @@ FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3" # MMC card configuration FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC" FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0" -FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2" +FVP_CONFIG[board.msd_mmc.diagnostics] ?= "0" FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF" FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16" FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true" @@ -58,10 +61,11 @@ FVP_CONFIG[board.msd_mmc.p_mmc_file] ?= "${IMAGE_NAME}.wic" # MMC2 card configuration FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC" FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0" -FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "2" +FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "0" FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF" FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16" FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true" +FVP_CONFIG[board.msd_mmc_2.p_mmc_file] ?= "corstone1000-esp-image-${MACHINE}.wic" # Virtio-Net configuration FVP_CONFIG[board.virtio_net.enabled] ?= "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 39ef38be56..17fb5023cc 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -47,6 +47,10 @@ FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1" FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22" FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" FVP_CONFIG[cache_state_modelled] ?= "0" +FVP_CONFIG[cluster0.check_memory_attributes] ?= "0" +FVP_CONFIG[cluster1.check_memory_attributes] ?= "0" +FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024" +FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024" FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin" FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin" FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic" @@ -58,3 +62,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console" FVP_TERMINALS[bp.terminal_1] ?= "" FVP_TERMINALS[bp.terminal_2] ?= "" FVP_TERMINALS[bp.terminal_3] ?= "" +FVP_CONFIG[bp.secure_memory] ?= "1"
\ No newline at end of file diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc index 7a8905d7ee..c78cc061bc 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -55,6 +55,11 @@ WKS_FILE:firmware ?= "corstone1000-flash-firmware.wks.in" WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}" # If not building under the firmware multiconf we need to build the actual firmware -FIRMWARE_DEPLOYEMENT ?= "firmware-deploy-image" -FIRMWARE_DEPLOYEMENT:firmware ?= "" -EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYEMENT}" +FIRMWARE_DEPLOYMENT ?= "firmware-deploy-image" +FIRMWARE_DEPLOYMENT:firmware ?= "" +EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYMENT}" + +ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \ + corstone1000-esp-image:do_image_complete \ + " +ARM_SYSTEMREADY_ACS_CONSOLE ?= "default" diff --git a/meta-arm/meta-arm/conf/machine/qemu-generic-arm64.conf b/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf index 6925854fce..ccfc45a8e2 100644 --- a/meta-arm/meta-arm/conf/machine/qemu-generic-arm64.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf @@ -1,14 +1,17 @@ #@TYPE: Machine -#@NAME: qemu-generic-arm64 -#@DESCRIPTION: Generic Arm64 machine for typical SystemReady platforms, which -#have working firmware and boot via EFI. +#@NAME: sbsa-ref +#@DESCRIPTION: Reference SBSA machine in qemu-system-aarch64 on Neoverse N2 -MACHINEOVERRIDES =. "generic-arm64:" - -require conf/machine/generic-arm64.conf +require conf/machine/include/arm/armv9a/tune-neoversen2.inc require conf/machine/include/qemu.inc -EXTRA_IMAGEDEPENDS += "edk2-firmware" +PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" +KERNEL_IMAGETYPE = "Image" +MACHINE_EXTRA_RRECOMMENDS += "kernel-modules" + +MACHINE_FEATURES = " alsa bluetooth efi qemu-usermode rtc screen usbhost vfat wifi" + +IMAGE_FSTYPES += "wic.qcow2" # This unique WIC file is necessary because kernel boot args cannot be passed # because there is no default kernel (see below). There is no default kernel @@ -17,17 +20,23 @@ EXTRA_IMAGEDEPENDS += "edk2-firmware" # boot arg (which we need for testimage), we have to have a WIC file unique to # this platform. WKS_FILE = "qemu-efi-disk.wks.in" -IMAGE_FSTYPES += "wic.qcow2" + +EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}" + +SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0" + +EXTRA_IMAGEDEPENDS += "edk2-firmware" QB_SYSTEM_NAME = "qemu-system-aarch64" QB_MACHINE = "-machine sbsa-ref" +QB_CPU = "-cpu neoverse-n2" QB_MEM = "-m 1024" QB_DEFAULT_FSTYPE = "wic.qcow2" QB_NETWORK_DEVICE = "-device virtio-net-pci,netdev=net0,mac=@MAC@" QB_DRIVE_TYPE = "/dev/hd" QB_ROOTFS_OPT = "-drive file=@ROOTFS@,if=ide,format=qcow2" QB_DEFAULT_KERNEL = "none" -QB_OPT_APPEND = "-device qemu-xhci -device usb-tablet -device usb-kbd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd" +QB_OPT_APPEND = "-device usb-tablet -device usb-kbd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd" QB_SERIAL_OPT = "-device virtio-serial-pci -chardev null,id=virtcon -device virtconsole,chardev=virtcon" QB_TCPSERIAL_OPT = "-device virtio-serial-pci -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon" # sbsa-ref is a true virtual machine so can't use KVM diff --git a/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf b/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf index 7f2a285ac0..3c2c94b6dc 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf @@ -9,7 +9,6 @@ require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware" EXTRA_IMAGEDEPENDS += "trusted-firmware-a" -PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%" KERNEL_IMAGETYPE ?= "Image" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 173823b6c2..f22a99c2c0 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022-2023, Arm Limited. + # Copyright (c) 2022-2024, Arm Limited. # # SPDX-License-Identifier: MIT @@ -10,6 +10,78 @@ Change Log This document contains a summary of the new features, changes and fixes in each release of Corstone-1000 software stack. + +*************** +Version 2024.06 +*************** + +Changes +======= + +- Re-enabling support for the External System using linux remoteproc (only supporting switching on and off the External System) +- UEFI Secure Boot and Authenticated Variable support +- RSE Comms replaces OpenAMP +- The EFI System partition image is now created by the meta-arm build system. + This image is mounted on the second MMC card by default in the FVP. +- The capsule generation script is now part of the meta-arm build system. + Corstone1000-flash-firmware-image recipe generates a capsule binary using the U-Boot capsule generation tool that includes + all the firmware binaries and recovery kernel image. +- SW components upgrades +- Bug fixes + + +Corstone-1000 components versions +================================= + ++-------------------------------------------+-----------------------------------------------------+ +| arm-tstee | 2.0.0 | ++-------------------------------------------+-----------------------------------------------------+ +| linux-yocto | 6.6.23 | ++-------------------------------------------+-----------------------------------------------------+ +| u-boot | 2023.07.02 | ++-------------------------------------------+-----------------------------------------------------+ +| external-system | 0.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| optee-client | 4.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| optee-os | 4.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| trusted-firmware-a | 2.10.4 | ++-------------------------------------------+-----------------------------------------------------+ +| trusted-firmware-m | 2.0.0 | ++-------------------------------------------+-----------------------------------------------------+ +| libts | 602be60719 | ++-------------------------------------------+-----------------------------------------------------+ +| ts-newlib | 4.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 602be60719 | ++-------------------------------------------+-----------------------------------------------------+ +| ts-sp-{se-proxy, smm-gateway} | 602be60719 | ++-------------------------------------------+-----------------------------------------------------+ + +Yocto distribution components versions +====================================== + ++-------------------------------------------+------------------------------+ +| meta-arm | scarthgap | ++-------------------------------------------+------------------------------+ +| poky | scarthgap | ++-------------------------------------------+------------------------------+ +| meta-openembedded | scarthgap | ++-------------------------------------------+------------------------------+ +| meta-secure-core | scarthgap | ++-------------------------------------------+------------------------------+ +| busybox | 1.36.1 | ++-------------------------------------------+------------------------------+ +| musl | 1.2.4 | ++-------------------------------------------+------------------------------+ +| gcc-arm-none-eabi | 13.2.Rel1 | ++-------------------------------------------+------------------------------+ +| gcc-cross-aarch64 | 13.2.0 | ++-------------------------------------------+------------------------------+ +| openssl | 3.2.1 | ++-------------------------------------------+------------------------------+ + *************** Version 2023.11 *************** @@ -298,4 +370,4 @@ Changes -------------- -*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2024, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png Binary files differindex 88bb1259f6..5ed2a28516 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png Binary files differindex 1e37d803b7..ff7a2703ed 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 501a153ed7..0cad02666e 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022-2023, Arm Limited. + # Copyright (c) 2022-2024, Arm Limited. # # SPDX-License-Identifier: MIT @@ -20,6 +20,25 @@ prove defective, you assume the entire cost of all necessary servicing, repair or correction. *********************** +Release notes - 2024.06 +*********************** + +Known Issues or Limitations +--------------------------- + + - Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3. + - See previous release notes for the known limitations regarding ACS tests. + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v2 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +*********************** Release notes - 2023.11 *********************** @@ -213,7 +232,7 @@ Support ------- For technical support email: support-subsystem-iot@arm.com -For all security issues, contact Arm by email at arm-security@arm.com. +For all security issues, contact Arm by email at psirt@arm.com. -------------- diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst index 6bc8aceab8..42278e387b 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022-2023, Arm Limited. + # Copyright (c) 2022-2024, Arm Limited. # # SPDX-License-Identifier: MIT @@ -52,8 +52,8 @@ secure flash. Software running on the Secure Enclave is isolated via hardware for enhanced security. Communication with the Secure Encalve is achieved using Message Handling Units (MHUs) and shared memory. On system power on, the Secure Enclave boots first. Its software -comprises of a ROM code (TF-M BL1), Mcuboot BL2, and -TrustedFirmware-M(`TF-M`_) as runtime software. The software design on +comprises of a ROM code (TF-M BL1), MCUboot BL2, and +TrustedFirmware-M(`TF-M`_) as runtime software. The software design on Secure Enclave follows Firmware Framework for M class processor (`FF-M`_) specification. @@ -61,7 +61,7 @@ The Host System is based on ARM Cotex-A35 processor with standardized peripherals to allow for the booting of a Linux OS. The Cortex-A35 has the TrustZone technology that allows secure and non-secure security states in the processor. The software design in the Host System follows -Firmware Framework for A class procseeor (`FF-A`_) specification. +Firmware Framework for A class processor (`FF-A`_) specification. The boot process follows Trusted Boot Base Requirement (`TBBR`_). The Host Subsystem is taken out of reset by the Secure Enclave system during its final stages of the initialization. The Host subsystem runs @@ -70,12 +70,12 @@ FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS linux (`linux repo`_) in the non-secure world. The communication between non-secure and the secure world is performed via FF-A messages. -An external system is intended to implement use-case specific -functionality. The system is based on Cortex-M3 and run RTX RTOS. -Communication between the external system and Host (Cortex-A35) is performed -using MHU as transport mechanism and rpmsg messaging system (the external system -support in Linux is disabled in this release. More info about this change can be found in the -release-notes). +An external system is intended to implement use-case specific functionality. +The system is based on Cortex-M3 and run RTX RTOS. Communication between the +external system and Host (Cortex-A35) can be performed using MHU as transport +mechanism. The current software release supports switching on and off the +external system. Support for OpenAMP-based communication is under +development. Overall, the Corstone-1000 architecture is designed to cover a range of Power, Performance, and Area (PPA) applications, and enable extension @@ -93,30 +93,64 @@ and loads the following software in the chain. For the boot chain process to work, the start of the chain should be trusted, forming the Root of Trust (RoT) of the device. The RoT of the device is immutable in nature and encoded into the device by the device owner before it -is deployed into the field. In Corstone-1000, the BL1 image of the secure -enclave and content of the CC312 OTP (One Time Programmable) memory -forms the RoT. The BL1 image exists in ROM (Read Only Memory). +is deployed into the field. In Corstone-1000, the content of the ROM +and CC312 OTP (One Time Programmable) memory forms the RoT. + +Verification of an image can happen either by comparing the computed and +stored hashes, or by checking the signature of the image if the image +is signed. .. image:: images/SecureBootChain.png :width: 870 :alt: SecureBootChain It is a lengthy chain to boot the software on Corstone-1000. On power on, -the secure enclave starts executing BL1 code from the ROM which is the RoT -of the device. Authentication of an image involves the steps listed below: - -- Load image from flash to dynamic RAM. +the Secure Enclave starts executing BL1_1 code from the ROM which is the RoT +of the device. The BL1_1 is the immutable bootloader of the system, it handles +the provisioning on the first boot, hardware initialization and verification +of the next stage. + +The BL1_2 code, hashes and keys are written into the OTP during the provisioning. +The next bootstage is the BL1_2 which is copied from the OTP into the RAM. The +BL1_1 also compares the BL1_2 hash with the hash saved to the OTP. The BL1_2 +verifies and transfers control to the next bootstage which is the BL2. During the +verification, the BL1_2 compares the BL2 image's computed hash with the BL2 hash in +the OTP. The BL2 is MCUBoot in the system. BL2 can provision additional keys on the +first boot and it authenticates the initial bootloader of the host (Host TF-A BL2) +and TF-M by checking the signatures of the images. +The MCUBoot handles the image verification the following way: + +- Load image from a non-volatile memory to dynamic RAM. - The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verified in the previous stages. - The image is validated using the public key. -In the secure enclave, BL1 authenticates the BL2 and passes the execution -control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2) -and TF-M. The execution control is now passed to TF-M. TF-M being the run -time executable of secure enclave which initializes itself and, at the end, -brings the host CPU out of rest. The host follows the boot standard defined -in the `TBBR`_ to authenticate the secure and non-secure software. + +The execution control is passed to TF-M after the verification. TF-M being +the runtime executable of the Secure Enclave which initializes itself and, at the end, +brings the host CPU out of rest. + +The TF-M BL1 design details and reasoning can be found in the `TF-M design documents +<https://tf-m-user-guide.trustedfirmware.org/design_docs/booting/bl1.html>`_. + +The Corstone-1000 has some differences compared to this design due to memory (OTP/ROM) +limitations: + +- The provisioning bundle that contains the BL1_2 code is located in the ROM. + This means the BL1_2 cannot be updated during provisioning time. +- The BL1_1 handles most of the hardware initialization instead of the BL1_2. This + results in a bigger BL1_1 code size than needed. +- The BL1_2 does not use the post-quantum LMS verification. The BL2 is verified by + comparing the computed hash to the hash which is stored in the OTP. This means the + BL2 is not updatable. + +The host follows the boot standard defined in the `TBBR`_ to authenticate the +secure and non-secure software. + +For UEFI Secure Boot, authenticated variables can be accessed from the secure flash. +The feature has been integrated in U-Boot, which authenticates the images as per the UEFI +specification before executing them. *************** Secure Services @@ -124,11 +158,11 @@ Secure Services Corstone-1000 is unique in providing a secure environment to run a secure workload. The platform has TrustZone technology in the Host subsystem but -it also has hardware isolated secure enclave environment to run such secure +it also has hardware isolated Secure Enclave environment to run such secure workloads. In Corstone-1000, known Secure Services such as Crypto, Protected Storage, Internal Trusted Storage and Attestation are available via PSA Functional APIs in TF-M. There is no difference for a user communicating to -these services which are running on a secure enclave instead of the +these services which are running on a Secure Enclave instead of the secure world of the host subsystem. The below diagram presents the data flow path for such calls. @@ -139,15 +173,18 @@ flow path for such calls. The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition -managed by OPTEE which forwards such calls to the secure enclave. The -solution relies on OpenAMP which uses shared memory and MHU interrupts as -a doorbell for communication between two cores. Corstone-1000 implements -isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement -isolation level 2. +managed by OPTEE which forwards such calls to the Secure Enclave. The +solution relies on the `RSE communication protocol +<https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_ +which is a lightweight serialization of the psa_call() API. It can use shared +memory and MHU interrupts as a doorbell for communication between two cores +but currently the whole message is forwarded through the MHU channels in Corstone-1000. +Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection +Unit) is used to implement isolation level 2. For a user to define its own secure service, both the options of the host secure world or secure encalve are available. It's a trade-off between -lower latency vs higher security. Services running on a secure enclave are +lower latency vs higher security. Services running on a Secure Enclave are secure by real hardware isolation but have a higher latency path. In the second scenario, the services running on the secure world of the host subsystem have lower latency but virtual hardware isolation created by @@ -174,7 +211,7 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI :width: 690 :alt: ExternalFlash -When Firmware update is triggered, u-boot verifies the capsule by checking the +When Firmware update is triggered, U-Boot verifies the capsule by checking the capsule signature, version number and size. Then it signals the Secure Enclave that can start writing UEFI capsule into the flash. Once this operation finishes ,Secure Enclave resets the entire system. @@ -210,7 +247,7 @@ service. The below diagram presents the data flow to store UEFI variables. The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to communicate with the SMM Service in the secure world. The backend of the SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS -calls are forwarded to the secure enclave as explained above. +calls are forwarded to the Secure Enclave as explained above. .. image:: images/UEFISupport.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 06353b5d3e..5dc956428b 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -3,9 +3,9 @@ # # SPDX-License-Identifier: MIT -########## -User Guide -########## +##################################### +User Guide: Build & run the software +##################################### Notice ------ @@ -43,7 +43,7 @@ Targets Yocto stable branch ------------------- -Corstone-1000 software stack is built on top of Yocto mickledore. +Corstone-1000 software stack is built on top of Yocto scarthgap. Provided components ------------------- @@ -71,7 +71,7 @@ Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmw +----------+-------------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend | +----------+-------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb | +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb | +----------+-------------------------------------------------------------------------------------------------+ OP-TEE @@ -79,9 +79,9 @@ OP-TEE Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ +----------+----------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend | +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend | +----------+----------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb | +| Recipe |<_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_4.1.0.bb | +----------+----------------------------------------------------------------------------------------+ U-Boot @@ -107,7 +107,7 @@ recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | +-----------+----------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb | +| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb | +-----------+----------------------------------------------------------------------------------------------+ | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ @@ -120,7 +120,7 @@ Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmw +----------+-----------------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | +----------+-----------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb | +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb | +----------+-----------------------------------------------------------------------------------------------------+ ******************************** @@ -158,7 +158,7 @@ In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06 To build a Corstone-1000 image for MPS3 FPGA, run: @@ -364,6 +364,22 @@ The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and presen Login using the username root. +Using FVP on Windows or AArch64 Linux +------------------------------------- + +The user should follow the build instructions in this document to build on a Linux host machine. +Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located. +Then, launch the FVP binary. + +Security Issue Reporting +------------------------ + +To report any security issues identified with Corstone-1000, please send an email to psirt@arm.com. + +########################### +User Guide: Provided tests +########################### + SystemReady-IR tests -------------------- @@ -395,77 +411,13 @@ running the ACS tests. **Common to FVP and FPGA:** -#. Create an empty 100 MB partition: - :: - - dd if=/dev/zero of=corstone1000-efi-partition.img iflag=fullblock bs=512 count=204800 && sync - -#. Use OpenSuse Raw image to copy the contents of EFI partition. - - To download OpenSUSE Tumbleweed raw image: - - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, - ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` - - Once the .raw.xz file is downloaded, the raw image file needs to be extracted: - - :: - - unxz <file-name.raw.xz> - - - The above command will generate a file ending with extension .raw image. Use the - following command to get address of the first partition - - :: - - fdisk -lu <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw - -> Device Start End Sectors Size Type - <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw1 8192 40959 32768 16M EFI System - <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw2 40960 1064959 1024000 500M Linux swap - <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw3 1064960 5369822 4304863 2.1G Linux filesystem - - -> <blockaddress_1st_partition> = 8192 - -> <sectorsize_1st_partition> = 32768 - -#. Copy the ESP from opensuse image to empty image: - - :: - - dd conv=notrunc if=openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw skip=<blockaddress_1st_partition> of=corstone1000-efi-partition.img seek=<blockaddress_1st_partition> iflag=fullblock seek=<blockaddress_1st_partition> bs=512 count=<sectorsize_1s_partition> && sync - - -#. Create the file efi_disk.layout locally. Copy the content of provided disk layout below to the efi_disk.layout to label the ESP correctly. - - efi_disk.layout - :: - - label: gpt - label-id: AC53D121-B818-4515-9031-BE02CCEB8701 - device: corstone1000-efi-partition.img - unit: sectors - first-lba: 34 - last-lba: 204766 - - corstone1000-efi-partition.img : start=8192, size=32768, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=792D821F-98AE-46E3-BABD-948003A650F8, name="p.UEFI" - - And use the following command the label the newly created ESP. - - :: - - sfdisk corstone1000-efi-partition.img < efi_disk.layout - - To test the image, you can now mount the disk image - - :: - - fdisk -lu corstone1000-efi-partition.img - -> Device Start End Sectors Size Type - corstone1000-efi-partition.img1 8192 40959 32768 16M EFI System +:: - <offset_1st_partition> = 8192 * 512 (sector size) = 4194304 + kas build meta-arm/kas/corstone1000-{mps3,fvp}.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image - sudo mount -o loop,offset=4194304 corstone1000-efi-partition.img /mount_point +Once the build is successful ``corstone1000-esp-image-corstone1000-{mps3,fvp}.wic`` will be available in either: + - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; + - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. **Using ESP in FPGA:** @@ -477,18 +429,14 @@ USB drive. Run the following commands to prepare the ACS image in USB stick: :: - sudo dd if=corstone1000-efi-partition.img of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync; + sudo dd if=corstone1000-esp-image-corstone1000-mps3.wic of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync; Now you can plug this USB stick to the board together with ACS test USB stick. **Using ESP in FVP:** -The ESP disk image can directly be used in Corstone-1000 FVP by simply passing it as -the 2nd MMC card image. - -:: +The ESP disk image once created will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. It will be used when the SystemReady-IR tests will be performed on the FVP in the later section. - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" Clean Secure Flash Before Testing (applicable to FPGA only) =========================================================== @@ -500,8 +448,8 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm cd meta-arm git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch @@ -534,7 +482,7 @@ includes a set of examples of the invariant behaviors that are provided by a set of specifications for enterprise systems (For example: SBSA, SBBR, etc.), so that implementers can verify if these behaviours have been interpreted correctly. -ACS image contains two partitions. BOOT partition and RESULT partition. +The ACS image contains a BOOT partition. Following test suites and bootable applications are under BOOT partition: * SCT @@ -560,11 +508,14 @@ BOOT partition contains the following: ├── grub ├── grub.cfg ├── Image - └── ramdisk-busybox.img + ├── ramdisk-busybox.img + └── acs_results -RESULT partition is used to store the test results. -**NOTE**: PLEASE MAKE SURE THAT "acs_results" FOLDER UNDER THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS -WILL NOT BE CONSISTENT +The BOOT partition is also used to store the test results. The +results are stored in the `acs_results` folder. + +**NOTE**: PLEASE ENSURE THAT the `acs_results` FOLDER UNDER THE BOOT PARTITION IS +EMPTY BEFORE YOU START TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT. FPGA instructions for ACS image =============================== @@ -583,7 +534,7 @@ certifications of SystemReady-IR. To download the repository, run command: git clone https://github.com/ARM-software/arm-systemready.git Once the repository is successfully downloaded, the prebuilt ACS live image can be found in: - - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0/ir-acs-live-image-generic-arm64.wic.xz`` + - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz`` **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide USB driver support for Corstone-1000. The ACS image with newer kernel version @@ -597,7 +548,7 @@ USB drive. Run the following commands to prepare the ACS image in USB stick: :: - cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0 + cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0 unxz ir-acs-live-image-generic-arm64.wic.xz sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync @@ -616,49 +567,17 @@ the platform is booted to linux at the end of the ACS tests. FVP instructions for ACS image and run ====================================== -Download ACS image from: - - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/main/IR/prebuilt_images/v23.03_2.0.0`` - -Use the below command to run the FVP with EFI and ACS image support in the -SD cards. +The FVP has been integrated in the meta-arm-systemready layer so the running of the ACS tests can be handled automatically as follows :: - unxz ${<path-to-img>/ir-acs-live-image-generic-arm64.wic.xz} - - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" - -The test results can be fetched using following commands: + kas build meta-arm/ci/corstone1000-fvp.yml:meta-arm/ci/debug.yml:kas/arm-systemready-ir-acs.yml -:: - - sudo mkdir /mnt/test - sudo mount -o rw,offset=<offset_3rd_partition> <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test/ - fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic - -> Device Start End Sectors Size Type - <path-to-img>/ir-acs-live-image-generic-arm64.wic1 2048 206847 204800 100M Microsoft basic data - <path-to-img>/ir-acs-live-image-generic-arm64.wic2 206848 1024239 817392 399.1M Linux filesystem - <path-to-img>/ir-acs-live-image-generic-arm64.wic3 1026048 1128447 102400 50M Microsoft basic data +The details of how this layer works can be found in : ``<_workspace>/meta-arm-systemready/README.md`` - -> <offset_3rd_partition> = 1026048 * 512 (sector size) = 525336576 +**NOTE:** You can't use the standard meta-arm/kas/corstone1000-fvp.yml kas file as it sets the build up for only building firmware -The FVP will reset multiple times during the test, and it might take up to 1 day to finish -the test. At the end of test, the FVP host terminal will halt showing a shell prompt. -Once test is finished, the FVP can be stoped, and result can be copied following above -instructions. - -**NOTE:** A rare issue has been noticed (5-6% occurence) during which the FVP hangs during booting the system while running ACS tests. -If this happens, please apply the following patch, rebuild the software stack for FVP and re-run the ACS tests. - -:: - - cd <_workspace> - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11 - cp -f systemready-patch/embedded-a/corstone1000/sr_ir_workaround/0001-embedded-a-corstone1000-sr-ir-workaround.patch meta-arm - cd meta-arm - git am 0001-embedded-a-corstone1000-sr-ir-workaround.patch - cd .. - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image" +**NOTE:** These test might take up to 1 day to finish Common to FVP and FPGA @@ -672,106 +591,70 @@ automatically in the following sequence: - UEFI BSA - FWTS -The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). +The results can be fetched from the `acs_results` folder in the BOOT partition of the USB stick (FPGA) / SD Card (FVP). + +**NOTE:** The FVP uses the ``<_workspace>/build/tmp-glibc/work/corstone1000_fvp-oe-linux/arm-systemready-ir-acs/2.0.0/deploy-arm-systemready-ir-acs/arm-systemready-ir-acs-corstone1000-fvp.wic`` image if the meta-arm-systemready layer is used. +The result can be checked in this image. ##################################################### Manual capsule update and ESRT checks ------------------------------------- -The following section describes running manual capsule update. - -The steps described in this section perform manual capsule update and show how to use the ESRT feature -to retrieve the installed capsule details. - -For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update. - -A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an -incorrect capsule (corrupted or outdated) which fails to boot to the host software. - -Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - - ``ir-acs-live-image-generic-arm64.wic.xz`` - - -Download u-boot under <_workspace> and install tools: +The following section describes running manual capsule updates by going through +a negative and positive test. Two capsules are needed to perform the positive +and negative updates. The steps also show how to use the EFI System Resource Table +(ESRT) to retrieve the installed capsule details. -:: - - git clone https://github.com/u-boot/u-boot.git - cd u-boot - git checkout 83aa0ed1e93e1ffac24888d98d37a5b04ed3fb07 - make tools-only_defconfig - make tools-only - -**NOTE:** The following error could happen if the linux build system does not have "libgnutls28-dev". - **error: "tools/mkeficapsule.c:21:10: fatal error: gnutls/gnutls.h: No such file or directory"**. If that's the case please install libgnutls28-dev and its dependencies by using the following command. - -:: - - sudo apt-get install -y libgnutls28-dev - -Download systemready-patch repo under <_workspace>: -:: +In the positive test, a valid capsule is used and the platform boots correctly +until the Linux prompt after the update. In the negative test, an outdated +capsule is used that has a smaller version number. This capsule gets rejected +because of being outdated and the previous firmware will be used instead. - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11 ******************* Generating Capsules ******************* -Generating FPGA Capsules -======================== - -:: - - cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/ - sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3 - -This will generate a file called "corstone1000_image.nopt" which will be used to -generate a UEFI capsule. - -:: - - cd <_workspace> - - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ - --fw-version 6 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v6 - - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ - --fw-version 5 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v5 - -Generating FVP Capsules -======================= - -:: +A no-partition image is needed for the capsule generation. This image is +created automatically during a clean Yocto build and it can be found in +``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt``. +A capsule is also automatically generated with U-Boot's ``mkeficapsule`` tool +during the Yocto build that uses this ``corstone1000-<fvp/mps3>_image.nopt``. The +capsule's default metadata, that is passed to the ``mkeficapsule`` tool, +can be found in the ``meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb`` +and ``meta-arm/kas/corstone1000-image-configuration.yml`` files. These +data can be modified before the Yocto build if it is needed. It is +assumed that the default values are used in the following steps. + +The automatically generated capsule can be found in +``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>-v6.uefi.capsule``. +This capsule will be used as the positive capsule during the test in the following +steps. + +Generating Capsules Manually +============================ - cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/ - sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp +If a new capsule has to be generated with different metadata after the build +process, then it can be done manually by using the ``u-boot-tools``'s +``mkeficapsule`` and the previously created ``.nopt`` image. The +``mkeficapsule`` tool is built automatically for the host machine +during the Yocto build. -This will generate a file called "corstone1000_image.nopt" which will be used to -generate a UEFI capsule. +The negative capsule needs a lower ``fw-version`` than the positive +capsule. For example if the host's architecture is x86_64, this can +be generated by using the following command: :: cd <_workspace> - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \ - --fw-version 6 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v6 - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \ - --fw-version 5 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v5 + ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule --monotonic-count 1 \ + --private-key build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_key.key \ + --certificate build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ + --fw-version 5 build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt corstone1000-<fvp/mps3>-v5.uefi.capsule - -Common Notes for FVP and FPGA -============================= - -The capsule binary size (wic file) should be less than 15 MB. - -Based on the user's requirement, the user can change the firmware version -number given to ``--fw-version`` option (the version number needs to be >= 1). +This command will put the negative capsule to the ``<_workspace>`` directory. **************** @@ -782,33 +665,52 @@ Copying the FPGA capsules ========================= The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_. -Place the generated ``cs1k_cap`` files in the root directory of the boot partition -in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file +Place the generated ``corstone1000-mps3-v<5/6>.uefi.capsule`` files in the root directory of the boot partition +in the USB stick. Note: As we are running the direct method, the ``corstone1000-mps3-v<5/6>.uefi.capsule`` files should not be under the EFI/UpdateCapsule directory as this may or may not trigger the on disk method. :: - sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/ - sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/ + sudo cp <capsule path>/corstone1000-mps3-v6.uefi.capsule <mounting path>/BOOT/ + sudo cp <capsule path>/corstone1000-mps3-v5.uefi.capsule <mounting path>/BOOT/ sync Copying the FVP capsules ======================== -First, mount the IR image: +The ACS image should be used for the FVP as well. Downloaded and extract the +image the same way as for the FPGA `FPGA instructions for ACS image`_. +Creating an USB stick with the image is not needed for the FVP. + +After getting the ACS image, find the 1st partition's offset of the +``ir-acs-live-image-generic-arm64.wic`` image. The partition table can be +listed using the ``fdisk`` tool. + +:: + + fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic + Device Start End Sectors Size Type + <path-to-img>/ir-acs-live-image-generic-arm64.wic1 2048 309247 307200 150M Microsoft basic data + <path-to-img>/ir-acs-live-image-generic-arm64.wic2 309248 1343339 1034092 505M Linux filesystem + + +The first partition starts at the 2048th sector. This has to be multiplied +by the sector size which is 512 so the offset is 2048 * 512 = 1048576. + +Next, mount the IR image using the previously calculated offset: :: sudo mkdir /mnt/test - sudo mount -o rw,offset=1048576 <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test + sudo mount -o rw,offset=<first_partition_offset> <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test Then, copy the capsules: :: - sudo cp cs1k_cap_fvp_v6 /mnt/test/ - sudo cp cs1k_cap_fvp_v5 /mnt/test/ + sudo cp <capsule path>/corstone1000-fvp-v6.uefi.capsule /mnt/test/ + sudo cp <capsule path>/corstone1000-fvp-v5.uefi.capsule /mnt/test/ sync Then, unmount the IR image: @@ -817,14 +719,21 @@ Then, unmount the IR image: sudo umount /mnt/test -**NOTE:** Please refer to `FVP instructions for ACS image and run`_ section to find the first partition offset. - ****************************** Performing the capsule update ****************************** -During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario -and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. +During this section we will be using the capsule with the higher version +(``corstone1000-<fvp/mps3>-v6.uefi.capsule``) for the positive scenario +and then the capsule with the lower version (``corstone1000-<fvp/mps3>-v5.uefi.capsule``) +for the negative scenario. The two tests have to be done after each other +in the correct order to make sure that the negative capsule will get rejected. + +Running the FPGA with the IR prebuilt image +=========================================== + +Insert the prepared USB stick which has the IR prebuilt image and two capsules, +then Power cycle the MPS3 board. Running the FVP with the IR prebuilt image ========================================== @@ -836,16 +745,14 @@ Run the FVP with the IR prebuilt image: kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic" **NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic. - -Running the FPGA with the IR prebuilt image -=========================================== - -Insert the prepared USB stick then Power cycle the MPS3 board. +**NOTE:** Do not restart the FVP between the positive and negative test because it will start from a clean state. Executing capsule update for FVP and FPGA ========================================= -Reach u-boot then interrupt the boot to reach the EFI shell. +Wait until U-boot loads EFI from the ACS image stick and interrupt the EFI +shell by pressing ESC when the following prompt is displayed in the Host +terminal (ttyUSB2). :: @@ -857,19 +764,30 @@ Then, type FS0: as shown below: FS0: -In case of the positive scenario run the update with the higher version capsule as shown below: +Then start the CapsuleApp application. Use the positive capsule +(corstone1000-<fvp/mps3>-v6.uefi.capsule) first. :: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6 + EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v6.uefi.capsule + +The capsule update will be started. + +**NOTE:** On the FVP it takes around 15-30 minutes, on the FPGA it takes less time. -After successfully updating the capsule the system will reset. +After successfully updating the capsule the system will reset. Make sure the +Corstone-1000's Poky Distro is booted after the reset so the ESRT can be checked. +It is described in the `Select Corstone-1000 Linux kernel boot`_ section how to +boot the Poky distro after the capsule update. +The `Positive scenario`_ sections describes how the result should be inspected. +After the result is checked, the system can be rebooted with the ``reboot`` command in the Host +terminal (ttyUSB2). -In case of the negative scenario run the update with the lower version capsule as shown below: +Interrupt the EFI shell again and now start the capsule update with the negative capsule: :: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5 + EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v5.uefi.capsule The command above should fail and in the TF-M logs the following message should appear: @@ -883,17 +801,14 @@ Then, reboot manually: Shell> reset -FPGA: Select Corstone-1000 Linux kernel boot -============================================ +Make sure the Corstone-1000's Poky Distro is booted again +(`Select Corstone-1000 Linux kernel boot`_) in order to check the results +`Negative scenario`_. -Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. - -**NOTE:** Otherwise, the execution ends up in the ACS live image. - -FVP: Select Corstone-1000 Linux kernel boot -=========================================== +Select Corstone-1000 Linux kernel boot +====================================== -Interrupt the u-boot shell. +Interrupt the U-Boot shell. :: @@ -917,9 +832,12 @@ Capsule update status Positive scenario ================= -In the positive case scenario, the user should see following log in TF-M log, -indicating the new capsule image is successfully applied, and the board boots -correctly. +In the positive case scenario, the software stack copies the capsule to the +External Flash, which is shared between the Secure Enclave and Host, +then a reboot is triggered. The TF-M accepts the capsule. +The user should see following TF-M log in the Secure Enclave terminal (ttyUSB1) +before the system reboots automatically, indicating the new capsule +image is successfully applied, and the board boots correctly. :: @@ -933,6 +851,18 @@ correctly. corstone1000_fwu_flash_image: exit: ret = 0 ... +And after the reboot: + +:: + + ... + fmp_set_image_info:133 Enter + FMP image update: image id = 0 + FMP image update: status = 0version=6 last_attempt_version=6. + fmp_set_image_info:157 Exit. + corstone1000_fwu_host_ack: exit: ret = 0 + ... + It's possible to check the content of the ESRT table after the system fully boots. @@ -961,11 +891,14 @@ In the Linux command-line run the following: lowest_supported_fw_ver: 0 -Negative scenario (Applicable to FPGA only) -=========================================== +Negative scenario +================= -In the negative case scenario (rollback the capsule version), the user should -see appropriate logs in the secure enclave terminal. +In the negative case scenario (rollback the capsule version), +the TF-M detects that the new capsule's version number is +smaller then the current version. The capsule is rejected because +of this. +The user should see appropriate logs in the Secure Enclave terminal (ttyUSB1) before the system reboots itself. :: @@ -989,7 +922,7 @@ see appropriate logs in the secure enclave terminal. If capsule pass initial verification, but fails verifications performed during -boot time, secure enclave will try new images predetermined number of times +boot time, Secure Enclave will try new images predetermined number of times (defined in the code), before reverting back to the previous good bank. :: @@ -1025,11 +958,6 @@ In the Linux command-line run the following: last_attempt_version: 5 lowest_supported_fw_ver: 0 -**Note**: This test is currently not working properly in Corstone-1000 FVP. -However, it is not part of the System-Ready IR tests, and it won't affect the -SR-IR certification. All the compulsory `capsule update tests for SR-IR -<https://developer.arm.com/documentation/DUI1101/2-1/Test-SystemReady-IR/Test-UpdateCapsule>`__ -works on both Corstone-1000 FVP and FPGA. Linux distros tests ------------------- @@ -1043,7 +971,7 @@ provided with the Debian installer image (see below). This bug causes a fatal error when attempting to boot media installer for Debian, and it resets the platform before installation starts. A patch to be applied to the Corstone-1000 stack (only applicable when installing Debian) is provided to -`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.11/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__. +`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2024.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__. This patch makes U-Boot automatically bypass the Shim and run grub and allows the user to proceed with a normal installation. If at the moment of reading this document the problem is solved in the Shim, the user is encouraged to try the @@ -1055,18 +983,20 @@ documentation. :: cd <_workspace> - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm cd meta-arm git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch cd .. **On FPGA** + :: kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image" **On FVP** + :: kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image" @@ -1087,8 +1017,8 @@ Preparing the Installation Media ************************************************* Download one of following Linux distro images: - - `Debian installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/>`__ (Tested on: debian-12.2.0-arm64-DVD-1.iso) - - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20231120-Media.iso) + - `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.4.0/arm64/iso-dvd/>`__ + - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20240516-Media.iso) **NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso @@ -1123,9 +1053,9 @@ With a minimum size of 8GB formatted with gpt. :: - #Generating mmc2 - dd if=/dev/zero of=<_workspace>/mmc2_file.img bs=1 count=0 seek=8G; sync; - parted -s mmc2_file.img mklabel gpt + #Generating os_file + dd if=/dev/zero of=<_workspace>/os_file.img bs=1 count=0 seek=10G; sync; + parted -s os_file.img mklabel gpt ************************************************* @@ -1157,10 +1087,10 @@ FVP :: - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img -C board.msd_mmc_2.p_mmc_file=<path-to-iso_file>" The installer should now start. -The os will be installed on the second mmc 'mmc2_file.img'. +The OS will be installed on 'os_file.img'. ******************************************************* Debian install clarifications @@ -1213,17 +1143,22 @@ after entering the password for the root user. FVP ============== -Once the installation is complete, you will need to exit the shell instance -and run this command to boot into the installed OS: +The platform should automatically boot into the installed OS image. -:: +To cold boot: + + :: + + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img" - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img" -Once the FVP begins booting, you will need to quickly change the boot option in grub, -to boot into recovery mode. +The board will then enter recovery mode, from which the user can access a shell +after entering the password for the root user. -**NOTE:** This option will disappear quickly, so it's best to preempt it. + +**NOTE:** To manually enter recovery mode, once the FVP begins booting, you can quickly +change the boot option in grub, to boot into recovery mode. This option will disappear +quickly, so it's best to preempt it. Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'. @@ -1295,19 +1230,19 @@ First, load FF-A TEE kernel module: :: - insmod /lib/modules/*-yocto-standard/updates/arm-ffa-tee.ko + insmod /lib/modules/*-yocto-standard/updates/arm-tstee.ko Then, check whether the FF-A TEE driver is loaded correctly by using the following command: :: - cat /proc/modules | grep arm_ffa_tee + cat /proc/modules | grep arm_tstee -The output should be: +The output should be similar to: :: - arm_ffa_tee <ID> - - Live <address> (O) + arm_tstee 16384 - - Live 0xffffffc000510000 (O) Now, run the PSA API tests in the following order: @@ -1318,22 +1253,216 @@ Now, run the PSA API tests in the following order: psa-its-api-test psa-ps-api-test -**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run. -Tests results -------------- +UEFI Secureboot (SB) test +------------------------- -As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.11>`__ -can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. +Before running the SB test, the user should make sure that the `FVP and FPGA software has been compiled and the ESP image for both the FVP and FPGA has been created` as mentioned in the previous sections and user should use the same workspace directory under which sources have been compiled. +The SB test is applicable on both the FVP and the FPGA and this involves testing both the signed and unsigned kernel images. Successful test results in executing the signed image correctly and not allowing the unsigned image to run at all. -Running the software on FVP on Windows or AArch64 Linux ------------------------------------------------------------- +*********************************************************** +Below steps are applicable to FVP as well as FPGA +*********************************************************** +Firstly, the flash firmware image has to be built for both the FVP and FPGA as follows: -The user should follow the build instructions in this document to build on a Linux host machine. Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located. Then, launch the FVP binary. +For FVP, -Security Issue Reporting ------------------------- -To report any security issues identified with Corstone-1000, please send an email to arm-security@arm.com. +:: + + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image" + + +For FPGA, + +:: + + kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image" + +In order to test SB for FVP and FPGA, a bash script is available in the systemready-patch repo which is responsible in creating the relevant keys, sign the respective kernel images, and copy the same in their corresponding ESP images. + +Clone the systemready-patch repo under <_workspace. Then, change directory to where the script `create_keys_and_sign.sh` is and execute the script as follows: + +:: + + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 + cd systemready-patch/embedded-a/corstone1000/secureboot/ + +**NOTE:** The efitools package is required to execute the script. Install the efitools package on your system, if it doesn't exist. + +The script is responsible to create the required UEFI secureboot keys, sign the kernel images and copy the public keys and the kernel images (both signed and unsigned) to the ESP image for both the FVP and FPGA. + +:: + + ./create_keys_and_sign.sh -w <Absolute path to <workdir> directory under which sources have been compiled> -v <certification validity in days> + For ex: ./create_keys_and_sign.sh -w "/home/xyz/workspace/meta-arm" -v 365 + For help: ./create_keys_and_sign.sh -h + +**NOTE:** The above script is interactive and contains some commands that would require sudo password/permissions. + +After executing the above script, the relevant keys and the signed/unsigned kernel images will be copied to the ESP images for both the FVP and FGPA. The modified ESP images can be found at the same location i.e. + +:: + + For MPS3 FPGA : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic + For FVP : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-fvp/corstone1000-esp-image-corstone1000-fvp.wic + +Now, it is time to test the SB for the Corstone-1000 + + +*********************************************************** +Steps to test SB on FVP +*********************************************************** +Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. Change directory to your workspace and run the FVP as follows: + +:: + + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm" + +When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. On the host side, stop the execution at the U-Boot prompt which looks like `corstone1000#`. There is a timeout of 3 seconds to stop the execution at the U-Boot prompt. At the U-Boot prompt, run the following commands: + +Set the current mmc device + +:: + + corstone1000# mmc dev 1 + +Enroll the four UEFI Secureboot authenticated variables + +:: + + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize PK + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize KEK + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize db + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize dbx + +Now, load the unsigned FVP kernel image and execute it. This unsigned kernel image should not boot and result as follows + +:: + + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp + corstone1000# loadm $loadaddr $kernel_addr_r $filesize + corstone1000# bootefi $kernel_addr_r $fdtcontroladdr + + Booting /MemoryMapped(0x0,0x88200000,0x236aa00) + Image not authenticated + Loading image failed + +The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows: + +:: + + corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp.signed + corstone1000# loadm $loadaddr $kernel_addr_r $filesize + corstone1000# bootefi $kernel_addr_r $fdtcontroladdr + +The above set of commands should result in booting of signed linux kernel image successfully. + + +*********************************************************** +Steps to test SB on MPS3 FPGA +*********************************************************** +Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image for MPS3 FPGA needs to be copied to the USB drive. +Follow the steps mentioned in the same section for MPS3 FPGA to prepare the USB drive with the ESP image. The modified ESP image corresponds to MPS3 FPGA can be found at the location as mentioned before i.e. `_workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic`. +Insert this USB drive to the MPS3 FPGA and boot, and stop the execution at the U-Boot prompt similar to the FVP. At the U-Boot prompt, run the following commands: + +Reset the USB + +:: + + corstone1000# usb reset + resetting USB... + Bus usb@40200000: isp1763 bus width: 16, oc: not available + USB ISP 1763 HW rev. 32 started + scanning bus usb@40200000 for devices... port 1 high speed + 3 USB Device(s) found + scanning usb for storage devices... 1 Storage Device(s) found + +**NOTE:** Sometimes, the usb reset doesn't recognize the USB device. It is recomended to rerun the usb reset command. + +Set the current USB device + +:: + + corstone1000# usb dev 0 + +Enroll the four UEFI Secureboot authenticated variables + +:: + + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx + + +Now, load the unsigned MPS3 FPGA linux kernel image and execute it. This unsigned kernel image should not boot and result as follows + +:: + + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3 + corstone1000# loadm $loadaddr $kernel_addr_r $filesize + corstone1000# bootefi $kernel_addr_r $fdtcontroladdr + + Booting /MemoryMapped(0x0,0x88200000,0x236aa00) + Image not authenticated + Loading image failed + +The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows: + +:: + + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3.signed + corstone1000# loadm $loadaddr $kernel_addr_r $filesize + corstone1000# bootefi $kernel_addr_r $fdtcontroladdr + +The above set of commands should result in booting of signed linux kernel image successfully. + +*********************************************************** +Steps to disable Secureboot on both FVP and MPS3 FPGA +*********************************************************** +Now, after testing the SB, UEFI authenticated variables get stored in the secure flash. When you try to reboot, the U-Boot will automatically read the UEFI authenticated variables and authenticates the images before executing them. In normal booting scenario, the linux kernel images will not be signed and hence this will not allow the system to boot, as image authentication will fail. We need to delete the Platform Key (one of the UEFI authenticated variable for SB) in order to disable the SB. At the U-Boot prompt, run the following commands. + +On the FVP + +:: + + corstone1000# mmc dev 1 + corstone1000# load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK + corstone1000# boot + +On the MPS3 FPGA + +:: + + corstone1000# usb reset + corstone1000# usb dev 0 + corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK + corstone1000# boot + +The above commands will delete the Platform key (PK) and allow the normal system boot flow without SB. + + +Testing the External System +--------------------------- + +During Linux boot the remoteproc subsystem automatically starts +the external system. + +The external system can be switched on/off on demand with the following commands: + +:: + + echo stop > /sys/class/remoteproc/remoteproc0/state + +:: + + echo start > /sys/class/remoteproc/remoteproc0/state + +Tests results +------------- + +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2024.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06>`__ +can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.06/embedded-a/corstone1000/CORSTONE1000-2024.06?ref_type=tags>`__. -------------- diff --git a/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt b/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt new file mode 100644 index 0000000000..dd47799603 --- /dev/null +++ b/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt @@ -0,0 +1,5 @@ +# The release of EDK2 after 202402 should fix this +NUMA: Failed to initialise from firmware + +# TODO: we should be using bochsdrm over efifb? +efifb: cannot reserve video memory at 0x80000000 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend new file mode 100644 index 0000000000..0e2812eab5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend @@ -0,0 +1 @@ +COMPATIBLE_MACHINE:fvp-base = "fvp-base" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb index 18649ceeaf..8bd1161638 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb @@ -38,15 +38,20 @@ do_compile() { do_compile[cleandirs] = "${B}" do_install() { - install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}/firmware/es_flashfw.bin + install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}${nonarch_base_libdir}/firmware/es_flashfw.bin + install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.elf ${D}${nonarch_base_libdir}/firmware/es_flashfw.elf } -FILES:${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" +FILES:${PN} = "${nonarch_base_libdir}/firmware/es_flashfw.bin" +FILES:${PN}-elf = "${nonarch_base_libdir}/firmware/es_flashfw.elf" +PACKAGES += "${PN}-elf" +INSANE_SKIP:${PN}-elf += "arch" + +SYSROOT_DIRS += "${nonarch_base_libdir}/firmware" inherit deploy do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ + cp -rf ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/ } addtask deploy after do_install diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb new file mode 100644 index 0000000000..bd1a206a81 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb @@ -0,0 +1,25 @@ +SUMMARY = "Corstone1000 platform esp Image" +DESCRIPTION = "This builds a simple image file that only contains an esp \ + partition for use when running the SystemReady IR ACS tests." +LICENSE = "MIT" + +COMPATIBLE_MACHINE = "corstone1000" + +# IMAGE_FSTYPES must be set before 'inherit image' +# https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_FSTYPES +IMAGE_FSTYPES = "wic" + +inherit image + +IMAGE_FEATURES = "" +IMAGE_LINGUAS = "" + +PACKAGE_INSTALL = "" + +# This builds a very specific image so we can ignore any customization +WKS_FILE = "efi-disk-esp-only.wks.in" +WKS_FILE:firmware = "efi-disk-esp-only.wks.in" + +EXTRA_IMAGEDEPENDS = "" +# Don't write an fvp configuration file for this image as it can't run +IMAGE_POSTPROCESS_COMMAND:remove = "do_write_fvpboot_conf;" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc index 2d192745fd..f959573d80 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc @@ -3,7 +3,7 @@ COMPATIBLE_MACHINE = "corstone1000" FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \ bl1.bin \ es_flashfw.bin \ - corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \ + ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \ corstone1000_capsule_cert.crt \ corstone1000_capsule_key.key \ " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb index 73fc17664d..4a32192d6a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb @@ -1,4 +1,4 @@ -SUMARY = "Corstone1000 platform Image" +SUMMARY = "Corstone1000 platform Image" DESCRIPTION = "This is the main image which is the container of all the binaries \ generated for the Corstone1000 platform." LICENSE = "MIT" @@ -12,10 +12,12 @@ IMAGE_FSTYPES = "wic uefi_capsule" inherit image inherit tfm_sign_image inherit uefi_capsule +inherit deploy DEPENDS += "external-system \ trusted-firmware-a \ trusted-firmware-m \ + u-boot \ " IMAGE_FEATURES = "" @@ -23,9 +25,21 @@ IMAGE_LINGUAS = "" PACKAGE_INSTALL = "" -UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}" -UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" -CAPSULE_IMGTYPE = "wic" +# The generated ${MACHINE}_image.nopt is used instead of the default wic image +# for the capsule generation. The uefi.capsule image type doesn't have to +# depend on the wic because of this. +# +# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed +# by the U-Boot recipe so this recipe has to depend on that. +CAPSULE_IMGTYPE = "" +CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt" +CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329" +CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc" +CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}" +CAPSULE_INDEX = "1" +CAPSULE_MONOTONIC_COUNT = "1" +CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key" +UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt" # TF-A settings for signing host images TFA_BL2_BINARY = "bl2-corstone1000.bin" @@ -38,6 +52,11 @@ RE_LAYOUT_WRAPPER_VERSION = "0.0.7" TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem" RE_IMAGE_OFFSET = "0x1000" +# Offsets for the .nopt image generation +TFM_OFFSET = "102400" +FIP_OFFSET = "479232" +KERNEL_OFFSET = "2576384" + do_sign_images() { # Sign TF-A BL2 sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \ @@ -56,3 +75,22 @@ do_sign_images() { do_sign_images[depends] = "\ fiptool-native:do_populate_sysroot \ " + +# This .nopt image is not the same as the one which is generated by meta-arm/meta-arm/classes/wic_nopt.bbclass. +# The meta-arm/meta-arm/classes/wic_nopt.bbclass removes the partition table from the wic image, but keeps the +# second bank. This function creates a no-partition image with only the first bank. +create_nopt_image() { + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/bl2_signed.bin of=${B}/${MACHINE}_image.nopt + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin of=${B}/${MACHINE}_image.nopt seek=${TFM_OFFSET} + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin of=${B}/${MACHINE}_image.nopt seek=${FIP_OFFSET} + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin of=${B}/${MACHINE}_image.nopt seek=${KERNEL_OFFSET} +} +do_image_uefi_capsule[depends] += " linux-yocto:do_deploy" +do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy', '', d)}" +do_image_uefi_capsule[prefuncs] += "create_nopt_image" + +do_deploy() { + install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR} +} + +addtask deploy after do_image_uefi_capsule diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb new file mode 100644 index 0000000000..5ee9adfb8c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb @@ -0,0 +1,7 @@ +require recipes-core/images/core-image-minimal.bb + +# The core-image-minimal is used for the initramfs bundle for the +# Corstone1000 but the testimage task caused hanging errors. This is +# why the core-image-minimal is forked here so the testimage task can +# be disabled as it is not relevant for the Corstone1000. +IMAGE_CLASSES:remove = "testimage" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json deleted file mode 100644 index 0f011ff740..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Payloads": [ - { - "FwVersion": "5", - "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", - "LowestSupportedVersion": "1", - "Payload": "$UEFI_FIRMWARE_BINARY", - "UpdateImageIndex": "0" - } - ] -} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch new file mode 100644 index 0000000000..6028204860 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch @@ -0,0 +1,92 @@ +From 19600e6718e1a5b2ac8ec27d471acdafce0e433e Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Thu, 25 Apr 2024 11:30:58 +0100 +Subject: [PATCH] fix(corstone1000): remove unused NS_SHARED_RAM region + +After enabling additional features in Trusted Services, the size of BL32 image +(OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM +for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by +corstone1000 platform. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Pending +--- + .../corstone1000/common/corstone1000_plat.c | 1 - + .../common/include/platform_def.h | 19 +------------------ + 2 files changed, 1 insertion(+), 19 deletions(-) + +diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c +index ed3801caa..a9475859a 100644 +--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c ++++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c +@@ -23,7 +23,6 @@ + + const mmap_region_t plat_arm_mmap[] = { + ARM_MAP_SHARED_RAM, +- ARM_MAP_NS_SHARED_RAM, + ARM_MAP_NS_DRAM1, + CORSTONE1000_MAP_DEVICE, + CORSTONE1000_EXTERNAL_FLASH, +diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h +index 442d187f0..18fce4486 100644 +--- a/plat/arm/board/corstone1000/common/include/platform_def.h ++++ b/plat/arm/board/corstone1000/common/include/platform_def.h +@@ -90,9 +90,6 @@ + * partition size: 176 KB + * content: BL2 + * +- * <ARM_NS_SHARED_RAM_BASE> = <ARM_TRUSTED_SRAM_BASE> + 1 MB +- * partition size: 512 KB +- * content: BL33 (u-boot) + */ + + /* DDR memory */ +@@ -117,11 +114,7 @@ + /* The remaining Trusted SRAM is used to load the BL images */ + #define TOTAL_SRAM_SIZE (SZ_4M) /* 4 MB */ + +-/* Last 512KB of CVM is allocated for shared RAM as an example openAMP */ +-#define ARM_NS_SHARED_RAM_SIZE (512 * SZ_1K) +- + #define PLAT_ARM_TRUSTED_SRAM_SIZE (TOTAL_SRAM_SIZE - \ +- ARM_NS_SHARED_RAM_SIZE - \ + ARM_SHARED_RAM_SIZE) + + #define PLAT_ARM_MAX_BL2_SIZE (180 * SZ_1K) /* 180 KB */ +@@ -160,11 +153,6 @@ + + /* NS memory */ + +-/* The last 512KB of the SRAM is allocated as shared memory */ +-#define ARM_NS_SHARED_RAM_BASE (ARM_TRUSTED_SRAM_BASE + TOTAL_SRAM_SIZE - \ +- (PLAT_ARM_MAX_BL31_SIZE + \ +- PLAT_ARM_MAX_BL32_SIZE)) +- + #define BL33_BASE ARM_DRAM1_BASE + #define PLAT_ARM_MAX_BL33_SIZE (12 * SZ_1M) /* 12 MB*/ + #define BL33_LIMIT (ARM_DRAM1_BASE + PLAT_ARM_MAX_BL33_SIZE) +@@ -266,7 +254,7 @@ + #define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE + #define PLAT_ARM_NSTIMER_FRAME_ID U(1) + +-#define PLAT_ARM_NS_IMAGE_BASE (ARM_NS_SHARED_RAM_BASE) ++#define PLAT_ARM_NS_IMAGE_BASE (BL33_BASE) + + #define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32) + #define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32) +@@ -295,11 +283,6 @@ + ARM_SHARED_RAM_SIZE, \ + MT_MEMORY | MT_RW | MT_SECURE) + +-#define ARM_MAP_NS_SHARED_RAM MAP_REGION_FLAT( \ +- ARM_NS_SHARED_RAM_BASE, \ +- ARM_NS_SHARED_RAM_SIZE, \ +- MT_MEMORY | MT_RW | MT_NS) +- + #define ARM_MAP_NS_DRAM1 MAP_REGION_FLAT( \ + ARM_NS_DRAM1_BASE, \ + ARM_NS_DRAM1_SIZE, \ +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch new file mode 100644 index 0000000000..a45b657713 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch @@ -0,0 +1,46 @@ +From 37f92eeb4361626072e690adb3b0bb20db7c2fca Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Wed, 15 May 2024 13:54:51 +0100 +Subject: [PATCH] fix(corstone1000): clean the cache and disable interrupt + before system reset + +Corstone1000 does not properly clean the cache and disable gic interrupts +before the reset. This causes a race condition especially in FVP after reset. +This adds proper sequence before resetting the platform. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Pending +--- + plat/arm/board/corstone1000/common/corstone1000_pm.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/plat/arm/board/corstone1000/common/corstone1000_pm.c b/plat/arm/board/corstone1000/common/corstone1000_pm.c +index 4b0a791e7..a52e945bf 100644 +--- a/plat/arm/board/corstone1000/common/corstone1000_pm.c ++++ b/plat/arm/board/corstone1000/common/corstone1000_pm.c +@@ -7,6 +7,7 @@ + #include <lib/psci/psci.h> + #include <plat/arm/common/plat_arm.h> + #include <platform_def.h> ++#include <drivers/arm/gicv2.h> + /******************************************************************************* + * Export the platform handlers via plat_arm_psci_pm_ops. The ARM Standard + * platform layer will take care of registering the handlers with PSCI. +@@ -18,6 +19,14 @@ static void __dead2 corstone1000_system_reset(void) + uint32_t volatile * const watchdog_ctrl_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_CTRL_REG; + uint32_t volatile * const watchdog_val_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_VAL_REG; + ++ /* Flush and invalidate data cache */ ++ dcsw_op_all(DCCISW); ++ /* ++ * Disable GIC CPU interface to prevent pending interrupt ++ * from waking up the AP from WFI. ++ */ ++ gicv2_cpuif_disable(); ++ + *(watchdog_val_reg) = SECURE_WATCHDOG_COUNTDOWN_VAL; + *watchdog_ctrl_reg = SECURE_WATCHDOG_MASK_ENABLE; + while (1) { +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts new file mode 100644 index 0000000000..748da3098b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts @@ -0,0 +1,116 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * Copyright (c) 2022-2023, Arm Limited. All rights reserved. + */ + + +/* + * The content of the SPMC manifest may depend on integration settings like the + * set of deployed SP. This information lives in the integration system and + * hence this file should be store in meta-arm. This avoids indirect + * dependencies between integration systems using the same file which would + * enforce some from of cooperation. + */ + +/dts-v1/; + +/ { + compatible = "arm,ffa-core-manifest-1.0"; + #address-cells = <2>; + #size-cells = <1>; + + attribute { + spmc_id = <0x8000>; + maj_ver = <0x1>; + min_ver = <0x0>; + exec_state = <0x0>; + load_address = <0x0 0x6000000>; + entrypoint = <0x0 0x6000000>; + binary_size = <0x80000>; + }; + +/* + * This file will be preprocessed by TF-A's build system. If Measured Boot is + * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro + * to the preprocessor arguments. + */ +#if MEASURED_BOOT + tpm_event_log { + compatible = "arm,tpm_event_log"; + tpm_event_log_addr = <0x0 0x0>; + tpm_event_log_size = <0x0>; + tpm_event_log_max_size = <0x0>; + }; +#endif + +/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */ +#ifdef ARM_BL2_SP_LIST_DTS + sp_packages { + compatible = "arm,sp_pkg"; +#if !SPMC_TESTS + block_storage { + uuid = <0x806e6463 0x2f4652eb 0xdf8c4fac 0x9c518739>; + load-address = <0x0 0x7a00000>; + }; + internal_trusted_storage { + uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>; + load-address = <0x0 0x7a80000>; + }; + + protected_storage_sp { + uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>; + load-address = <0x0 0x7b00000>; + }; + + crypto_sp { + uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>; + load-address = <0x0 0x7b80000>; + }; + +#if MEASURED_BOOT + initial_attestation_sp { + uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>; + load-address = <0x0 0x7c80000>; + }; +#endif + +#if TS_SMM_GATEWAY + smm_gateway { + uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>; + load-address = <0x0 0x7d00000>; + }; +#endif /* TS_SMM_GATEWAY */ + +#if TS_FW_UPDATE + fwu { + uuid = <0x38a82368 0x0e47061b 0xce0c7497 0xfd53fb8b>; + load-address = <0x0 0x7d80000>; + }; +#endif /* TS_FW_UPDATE */ + +#else /* SPMC_TESTS */ + test_sp1 { + uuid = <0xc3db9e5c 0x67433a7b 0x197c839f 0x376ae81a>; + load-address = <0x0 0x7a00000>; + }; + + test_sp2 { + uuid = <0x4c161778 0x1a4d0cc4 0xb29b7a86 0x1af48c27>; + load-address = <0x0 0x7a20000>; + }; + + test_sp3 { + uuid = <0x0001eb23 0x97442ae3 0x112f5290 0xa6af84e5>; + load-address = <0x0 0x7a40000>; + }; + + test_sp4 { + /* SP binary UUID */ + uuid = <0xed623742 0x6f407277 0x270cd899 0xf8bb0ada>; + load-address = <0x0 0x7a80000>; + }; +#endif /* SPMC_TESTS */ + + }; +#endif /* ARM_BL2_SP_LIST_DTS */ +}; diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb deleted file mode 100644 index 58ee1dcac0..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb +++ /dev/null @@ -1,33 +0,0 @@ -# Firmware Image Package (FIP) -# It is a packaging format used by TF-A to package the -# firmware images in a single binary. - -DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" -LICENSE = "BSD-3-Clause" - -SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" -SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" -LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" - -# Use fiptool from TF-A v2.9.0 -SRCREV = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122" -SRCBRANCH = "master" - -DEPENDS += "openssl-native" - -inherit native - -EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" - -do_compile () { - # This is still needed to have the native fiptool executing properly by - # setting the RPATH - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile - sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - - oe_runmake fiptool -} - -do_install () { - install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool -} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index e061b94480..f5737ca47c 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -7,6 +7,8 @@ SRC_URI:append = " \ file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \ file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \ file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \ + file://0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch \ + file://0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch \ " TFA_DEBUG = "1" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc index 5fafe292d8..4c37f7cb72 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc @@ -4,17 +4,62 @@ # Armv8-A Base Platform FVP # -FILESEXTRAPATHS:prepend := "${THISDIR}/files/:" -SRC_URI:append = " file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch" +FILESEXTRAPATHS:prepend := "${THISDIR}/files/:${THISDIR}/files/fvp-base" +SRC_URI:append = " \ + file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch \ + file://optee_spmc_maifest.dts;subdir=git/plat/arm/board/fvp/fdts \ +" + +# OP-TEE SPMC related configuration +SPMC_IS_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', '0' \ + if d.getVar('SEL2_SPMC') == '1' else '1', '0', d)}" +# Configure the SPMC manifest file. +TFA_ARM_SPMC_MANIFEST_DTS = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \ + '${S}/plat/arm/board/fvp/fdts/optee_spmc_maifest.dts', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES','arm-ffa', \ + 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' \ + if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}" + +# Set OP-TEE SPMC specific TF-A config settings +TFA_SPMD_SPM_AT_SEL2 := '0' +TFA_SPD := "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'spmd', \ + d.getVar('TFA_SPD'), d)}" +DEPENDS += " ${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'optee-os', '', d)}" + +# Configure measured boot if the attestation SP is deployed. +TFA_MB_FLAGS += " \ + ARM_ROTPK_LOCATION=devel_rsa \ + EVENT_LOG_LEVEL=20 \ + GENERATE_COT=1 \ + MBOOT_EL_HASH_ALG=sha256 \ + MEASURED_BOOT=1 \ + ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ + TRUSTED_BOARD_BOOT=1 \ +" +EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\ + '${TFA_MB_FLAGS}','', d)}" + +# Add OP-TEE as BL32. +BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\ + '${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin',\ + '', d)}" +EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \ + ' BL32=${BL32}', '', d)}" + +# Generic configuration COMPATIBLE_MACHINE = "fvp-base" TFA_PLATFORM = "fvp" -TFA_DEBUG = "1" -TFA_MBEDTLS = "1" +# Disable debug build if measured boot is enabled. +TFA_DEBUG := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', '0',\ + d.getVar('TFA_DEBUG'), d)}" +# Add mbedtls if measured boot is enabled +TFA_MBEDTLS := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\ + '1', d.getVar('TFA_MBEDTLS'), d)}" TFA_UBOOT ?= "1" TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip" -EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t" +EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GICV3" # Our fvp-base machine explicitly has v8.4 cores EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc new file mode 100644 index 0000000000..150613972e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc @@ -0,0 +1,6 @@ +# sbsa-ref specific TF-A support + +COMPATIBLE_MACHINE = "sbsa-ref" + +TFA_PLATFORM = "qemu_sbsa" +TFA_INSTALL_TARGET = "bl1 fip" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index cb482a6f4d..214996a970 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -7,6 +7,7 @@ MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc" MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc" MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc" MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc" +MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc" MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc" MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb deleted file mode 100644 index d9fdf32972..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc - -# TF-A v2.9.0 -SRCREV_tfa = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122" - -LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" - -# mbedtls-3.4.0 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" -SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33" - -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -do_compile:prepend() { - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile -} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-arm-trusted-firmware-m-disable-address-warnings-into.patch index 1f19f55c48..1f19f55c48 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-arm-trusted-firmware-m-disable-address-warnings-into.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch deleted file mode 100644 index d53524ad0d..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 6b38b9990c4dab0cb8524506ef129d4f326f3800 Mon Sep 17 00:00:00 2001 -From: Jon Mason <jon.mason@arm.com> -Date: Thu, 14 Dec 2023 09:23:09 -0500 -Subject: [PATCH] cmake: modify path to libmetal version file - -Commit ad87802d6e01e97946de20b6c2fa28aed184ed20 changed how the -versioning is done and created a version file. Due to this change, -the VERSION file is not being found when building because the source dir -is pointing to tf-m. Modify to point where we want it. - -Upstream-Status: Inappropriate [Build workaround] - -Signed-off-by: Jon Mason <jon.mason@arm.com> ---- - cmake/options.cmake | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmake/options.cmake b/cmake/options.cmake -index a7b4ef8bdf03..a06009b6acc4 100644 ---- a/cmake/options.cmake -+++ b/cmake/options.cmake -@@ -1,4 +1,4 @@ --file(READ ${LIBMETAL_ROOT_DIR}/VERSION ver) -+file(READ ${LIBMETAL_ROOT_DIR}/../libmetal/VERSION ver) - - string(REGEX MATCH "VERSION_MAJOR = ([0-9]*)" _ ${ver}) - set(PROJECT_VERSION_MAJOR ${CMAKE_MATCH_1}) diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch deleted file mode 100644 index 2360992101..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch +++ /dev/null @@ -1,76 +0,0 @@ -From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001 -From: Ali Can Ozaslan <ali.oezaslan@arm.com> -Date: Tue, 5 Mar 2024 21:01:59 +0000 -Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox - Agent params - -Adjust Mailbox Agent API parameters patch changed memory check and -related parameters. As a result, platform-specific issues occurred. -Secure side client IDs are converted to negative values. Control -parameter is created. - -Signed-off-by: Bence Balogh <bence.balogh@arm.com> -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com> -Upstream-Status: Pending - ---- - .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++---- - 1 file changed, 18 insertions(+), 5 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c -index d2eabe144..39e11b8cd 100644 ---- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c -+++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c -@@ -18,6 +18,9 @@ - #include "utilities.h" - #include "thread.h" - -+#define SE_PROXY_SP_UID 0 -+#define SMM_GW_SP_UID 0x8003 -+ - /** - * In linux environment and for psa_call type client api, - * the layout of the reply from tf-m to linux is as following. -@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params, - { - psa_status_t ret = PSA_SUCCESS; - -- params->ns_client_id_stateless = s_map_entry->msg.client_id; -+ if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) { -+ params->ns_client_id_stateless = -1; -+ } -+ else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) { -+ params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id; -+ } else { -+ params->ns_client_id_stateless = s_map_entry->msg.client_id; -+ } - - params->p_outvecs = NULL; - ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry); -@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private) - struct client_params_t params = {0}; - psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR; - unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private; -+ uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, -+ s_map_entry->msg.params.psa_call_params.in_len, -+ s_map_entry->msg.params.psa_call_params.out_len); - - switch(s_map_entry->msg.call_type) { - case OPENAMP_PSA_FRAMEWORK_VERSION: -@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private) - send_service_reply_to_non_secure(psa_ret, s_map_entry); - break; - } -+ control = PARAM_SET_NS_INVEC(control); -+ control = PARAM_SET_NS_OUTVEC(control); -+ control = PARAM_SET_NS_VEC(control); - psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle, -- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, -- s_map_entry->msg.params.psa_call_params.in_len, -- s_map_entry->msg.params.psa_call_params.out_len), -- ¶ms, NULL); -+ control, ¶ms, NULL); - if (psa_ret != PSA_SUCCESS) { - send_service_reply_to_non_secure(psa_ret, s_map_entry); - break; diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch index 7aeecfa31b..7aeecfa31b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch index 4c486e69f2..4c486e69f2 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch index 3711b8ce36..3711b8ce36 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch deleted file mode 100644 index be6bde6f8a..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch +++ /dev/null @@ -1,50 +0,0 @@ -From b70dd14eed59d7c5833ded8469cf99e631951e14 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Wed, 15 Nov 2023 09:52:19 +0000 -Subject: [PATCH] platform: corstone1000: fix synchronization issue on openamp - notification - -This fixes a race that is observed rarely in the FVP. It occurs in FVP -when tfm sends the notication ack in openamp, and then reset the access -request which resets the mhu registers before received by the host -processor. This solution introduces polling on the status register of -mhu until the notificaiton is read by the host processor. (Inspired by -signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m -https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61) - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] ---- - .../corstone1000/openamp/platform_spe_dual_core_hal.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c -index 7613345ffc..b58088032f 100644 ---- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c -+++ b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c -@@ -83,7 +83,7 @@ enum tfm_plat_err_t tfm_dual_core_hal_init(void) - - enum tfm_plat_err_t tfm_hal_notify_peer(void) - { -- uint32_t access_ready; -+ uint32_t access_ready,val; - enum mhu_v2_x_error_t status; - struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV; - -@@ -108,6 +108,13 @@ enum tfm_plat_err_t tfm_hal_notify_peer(void) - return TFM_PLAT_ERR_SYSTEM_ERR; - } - -+ do { -+ status = mhu_v2_x_channel_poll(dev, MHU1_SEH_NOTIFY_CH, &val); -+ if (status != MHU_V_2_X_ERR_NONE) { -+ break; -+ } -+ } while(val != 0); -+ - status = mhu_v2_x_reset_access_request(dev); - if (status != MHU_V_2_X_ERR_NONE) { - SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status); --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch new file mode 100644 index 0000000000..4f15da2217 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch @@ -0,0 +1,177 @@ +From 1410dc5504d60219279581b1cf6442f81551cfe7 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Wed, 3 Apr 2024 13:37:40 +0100 +Subject: [PATCH] Platform: Corstone1000: Enable host firewall in FVP + +Enables host firewall and mpu setup for FVP. It also fixes secure-ram +configuration and disable access rights to secure ram from both normal world +for both mps3 and fvp. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + .../Device/Include/platform_base_address.h | 2 +- + .../arm/corstone1000/bl1/boot_hal_bl1_1.c | 42 ++++--------------- + .../arm/corstone1000/bl2/flash_map_bl2.c | 2 +- + 3 files changed, 11 insertions(+), 35 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h +index 416f0ebcd..101cad9e7 100644 +--- a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h ++++ b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h +@@ -67,7 +67,7 @@ + * required by the SE are defined here */ + #define CORSTONE1000_HOST_ADDRESS_SPACE_BASE (0x60000000U) /* Host Address Space */ + #define CORSTONE1000_HOST_BIR_BASE (0x60000000U) /* Boot Instruction Register */ +-#define CORSTONE1000_HOST_SHARED_RAM_BASE (0x62000000U) /* Shared RAM */ ++#define CORSTONE1000_HOST_TRUSTED_RAM_BASE (0x62000000U) /* Secure RAM */ + #define CORSTONE1000_HOST_XNVM_BASE (0x68000000U) /* XNVM */ + #define CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB */ + #define CORSTONE1000_EXT_SYS_RESET_REG (0x7A010310U) /* external system (cortex-M3) */ +diff --git a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c +index a5fee66af..7988c2392 100644 +--- a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c ++++ b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c +@@ -35,7 +35,7 @@ REGION_DECLARE(Image$$, ER_DATA, $$Base)[]; + REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[]; + + #define HOST_ADDRESS_SPACE_BASE 0x00000000 +-#define HOST_SHARED_RAM_BASE 0x02000000 ++#define HOST_TRUSTED_RAM_BASE 0x02000000 + #define HOST_XNVM_BASE 0x08000000 + #define HOST_BASE_SYSTEM_CONTROL_BASE 0x1A010000 + #define HOST_FIREWALL_BASE 0x1A800000 +@@ -347,7 +347,7 @@ static void setup_host_firewall(void) + + fc_pe_enable(); + +- /* CVM - Shared RAM */ ++ /* CVM - Secure RAM */ + fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_CVM); + fc_disable_bypass(); + fc_pe_disable(); +@@ -355,15 +355,12 @@ static void setup_host_firewall(void) + fc_select_region(1); + fc_disable_regions(); + fc_disable_mpe(RGN_MPE0); +- fc_prog_rgn(RGN_SIZE_4MB, HOST_SHARED_RAM_BASE); ++ fc_prog_rgn(RGN_SIZE_4MB, HOST_TRUSTED_RAM_BASE); + fc_init_mpl(RGN_MPE0); + + mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | + RGN_MPL_SECURE_WRITE_MASK | +- RGN_MPL_SECURE_EXECUTE_MASK | +- RGN_MPL_NONSECURE_READ_MASK | +- RGN_MPL_NONSECURE_WRITE_MASK | +- RGN_MPL_NONSECURE_EXECUTE_MASK); ++ RGN_MPL_SECURE_EXECUTE_MASK); + + fc_enable_mpl(RGN_MPE0, mpl_rights); + fc_disable_mpl(RGN_MPE0, ~mpl_rights); +@@ -398,7 +395,9 @@ static void setup_host_firewall(void) + + fc_pe_enable(); + +- /* Host Expansion Master 0 */ ++#if !(PLATFORM_IS_FVP) ++ /* Host Expansion Master 0 (Due to the difference in the models only ++ * programming this for MPS3) */ + fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0); + fc_disable_bypass(); + fc_pe_disable(); +@@ -433,7 +432,6 @@ static void setup_host_firewall(void) + fc_enable_regions(); + fc_rgn_lock(); + +-#if !(PLATFORM_IS_FVP) + fc_select_region(3); + fc_disable_regions(); + fc_disable_mpe(RGN_MPE0); +@@ -461,16 +459,14 @@ static void setup_host_firewall(void) + fc_enable_mpe(RGN_MPE0); + fc_enable_regions(); + fc_rgn_lock(); +-#endif + + fc_pe_enable(); + +- /* Host Expansion Master 0 */ ++ /* Host Expansion Master 1*/ + fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1); + fc_disable_bypass(); + fc_pe_disable(); + +-#if !(PLATFORM_IS_FVP) + fc_select_region(1); + fc_disable_regions(); + fc_disable_mpe(RGN_MPE0); +@@ -484,22 +480,6 @@ static void setup_host_firewall(void) + fc_enable_mpe(RGN_MPE0); + fc_enable_regions(); + fc_rgn_lock(); +-#else +- fc_select_region(1); +- fc_disable_regions(); +- fc_disable_mpe(RGN_MPE0); +- fc_prog_rgn(RGN_SIZE_8MB, HOST_SE_SECURE_FLASH_BASE_FVP); +- fc_init_mpl(RGN_MPE0); +- +- mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | +- RGN_MPL_SECURE_WRITE_MASK); +- +- fc_enable_mpl(RGN_MPE0, mpl_rights); +- fc_enable_mpe(RGN_MPE0); +- fc_enable_regions(); +- fc_rgn_lock(); +-#endif +- + fc_pe_enable(); + + /* Always ON Host Peripherals */ +@@ -527,7 +507,6 @@ static void setup_host_firewall(void) + } + + fc_pe_enable(); +- + /* Host System Peripherals */ + fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_SYSPERIPH); + fc_disable_bypass(); +@@ -553,6 +532,7 @@ static void setup_host_firewall(void) + } + + fc_pe_enable(); ++#endif + + /* Host System Peripherals */ + fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_DBGPERIPH); +@@ -592,13 +572,9 @@ int32_t boot_platform_init(void) + if (result != ARM_DRIVER_OK) { + return 1; + } +-#if !(PLATFORM_IS_FVP) + setup_mpu(); +-#endif + setup_se_firewall(); +-#if !(PLATFORM_IS_FVP) + setup_host_firewall(); +-#endif + + #if defined(TFM_BL1_LOGGING) || defined(TEST_BL1_1) || defined(TEST_BL1_2) + stdio_init(); +diff --git a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c +index 2b1cdfa19..06cc3f0f5 100644 +--- a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c ++++ b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c +@@ -70,7 +70,7 @@ int boot_get_image_exec_ram_info(uint32_t image_id, + rc = 0; + } + else if (image_id == 1 || image_id == 2) { +- (*exec_ram_start) = CORSTONE1000_HOST_SHARED_RAM_BASE; ++ (*exec_ram_start) = CORSTONE1000_HOST_TRUSTED_RAM_BASE; + (*exec_ram_size) = 0x20000000U; + rc = 0; + } +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch new file mode 100644 index 0000000000..e831f0343f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch @@ -0,0 +1,27 @@ +From 2edf197735bd0efb1428c1710443dddcb376d930 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Wed, 17 Apr 2024 11:34:45 +0000 +Subject: [PATCH] platform: corstone1000: Increase ITS max asset size + +Increases the max asset size for ITS to enable parsec services & tests + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Signed-off-by: Vikas Katariya <vikas.katariya@arm.com> +--- + platform/ext/target/arm/corstone1000/config_tfm_target.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h +index 2c7341afd4..2eb0924770 100644 +--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h ++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h +@@ -20,4 +20,8 @@ + /* The maximum number of assets to be stored in the Protected Storage area. */ + #define PS_NUM_ASSETS 20 + ++/* The maximum size of asset to be stored in the Internal Trusted Storage area. */ ++#undef ITS_MAX_ASSET_SIZE ++#define ITS_MAX_ASSET_SIZE 2048 ++ + #endif /* __CONFIG_TFM_TARGET_H__ */ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch new file mode 100644 index 0000000000..3e0acbe3b9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch @@ -0,0 +1,3620 @@ +From 5e0e5207fe7edf7f9b47f0800388c7b3c9d69a1c Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Mon, 26 Feb 2024 10:20:54 +0100 +Subject: [PATCH] Platform: CS1000: Replace OpenAMP with RSE_COMMS + +The RSE_COMMS files were copied from the arm/rse platform (e7fcf4e0) +Did not copy the ATU and pointer access protocol related files as +they are not supported yet in Corstone-1000. + +There were some modifications in the files: +- Remove ATU support because Corstone-1000 doesn't have ATU +- Update and extend platform specific memory and permission checks +- Remove Armv8.1-M specific calls + +The OpenAMP related files were removed from Corstone-1000. + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Backport [75a980b37fb726dff8720b50de121c8196b70e4e] +--- + docs/platform/arm/corstone1000/readme.rst | 5 +- + .../target/arm/corstone1000/CMakeLists.txt | 5 +- + .../arm/corstone1000/Native_Driver/mhu.h | 140 +++++++ + .../Native_Driver/mhu_wrapper_v2_x.c | 353 ++++++++++++++++++ + .../ext/target/arm/corstone1000/config.cmake | 8 - + .../arm/corstone1000/openamp/CMakeLists.txt | 57 --- + ...ogger-when-the-build-type-is-release.patch | 27 -- + .../openamp/ext/libmetal/CMakeLists.txt | 23 -- + .../openamp/ext/libopenamp/CMakeLists.txt | 21 -- + .../openamp/platform_spe_dual_core_hal.c | 152 -------- + .../corstone1000/openamp/tfm_openamp_lib.h | 128 ------- + .../tfm_spe_dual_core_psa_client_secure_lib.c | 304 --------------- + .../tfm_spe_dual_core_psa_client_secure_lib.h | 39 -- + .../openamp/tfm_spe_openamp_interface.h | 39 -- + .../openamp/tfm_spe_openamp_interface_impl.c | 248 ------------ + .../tfm_spe_openamp_platform_interconnect.c | 114 ------ + .../tfm_spe_openamp_platform_interface.h | 31 -- + .../tfm_spe_psa_client_lib_unordered_map.c | 151 -------- + .../tfm_spe_psa_client_lib_unordered_map.h | 50 --- + .../openamp/tfm_spe_shm_openamp.h | 39 -- + .../arm/corstone1000/partition/region_defs.h | 12 +- + .../arm/corstone1000/rse_comms/CMakeLists.txt | 34 ++ + .../arm/corstone1000/rse_comms/rse_comms.c | 176 +++++++++ + .../arm/corstone1000/rse_comms/rse_comms.h | 48 +++ + .../corstone1000/rse_comms/rse_comms_hal.c | 232 ++++++++++++ + .../corstone1000/rse_comms/rse_comms_hal.h | 56 +++ + .../rse_comms/rse_comms_permissions_hal.h | 58 +++ + .../rse_comms/rse_comms_protocol.c | 120 ++++++ + .../rse_comms/rse_comms_protocol.h | 129 +++++++ + .../rse_comms/rse_comms_protocol_embed.c | 105 ++++++ + .../rse_comms/rse_comms_protocol_embed.h | 50 +++ + .../corstone1000/rse_comms/rse_comms_queue.c | 64 ++++ + .../corstone1000/rse_comms/rse_comms_queue.h | 25 ++ + .../corstone1000/rse_comms_permissions_hal.c | 177 +++++++++ + .../target/arm/corstone1000/tfm_interrupts.c | 51 +++ + 35 files changed, 1831 insertions(+), 1440 deletions(-) + create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu.h + create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h + delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h + create mode 100644 platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c + create mode 100644 platform/ext/target/arm/corstone1000/tfm_interrupts.c + +diff --git a/docs/platform/arm/corstone1000/readme.rst b/docs/platform/arm/corstone1000/readme.rst +index 59b167d8f..d46a6460e 100644 +--- a/docs/platform/arm/corstone1000/readme.rst ++++ b/docs/platform/arm/corstone1000/readme.rst +@@ -19,7 +19,8 @@ and boots the software ecosystem based on linux, u-boot, UEFI run time + services, TF-A, Secure Partitions and Optee. + + The communication between NSPE and SPE is based on PSA IPC protocol running on +-top of FF-A/OpenAMP. ++top of the RSE communication protocol. The Corstone-1000 supports only the ++`Embed protocol`, and the ATU support is removed. + + .. toctree:: + :maxdepth: 1 +@@ -116,7 +117,7 @@ Other test configurations are: + - -DTEST_S_PS=ON/OFF + - -DTEST_S_PLATFORM=ON/OFF + +-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* ++*Copyright (c) 2021-2024, Arm Limited. All rights reserved.* + + .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + .. _Arm Corstone-1000 User Guide: https://corstone1000.docs.arm.com/en/corstone1000-2022.11.23/user-guide.html +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 541504368..e2a7ac302 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -87,7 +87,7 @@ target_add_scatter_file(bl1_2 + + #========================= Platform Secure ====================================# + +-add_subdirectory(openamp) ++add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/rse_comms rse_comms) + + add_subdirectory(${PLATFORM_DIR}/ext/accelerator/cc312/cc312-rom cc312-rom) + +@@ -124,6 +124,7 @@ target_sources(platform_s + Device/Source/system_core_init.c + ${PLATFORM_DIR}/ext/target/arm/drivers/usart/pl011/uart_pl011_drv.c + Native_Driver/mhu_v2_x.c ++ Native_Driver/mhu_wrapper_v2_x.c + Native_Driver/watchdog.c + Native_Driver/arm_watchdog_drv.c + $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c> +@@ -137,6 +138,7 @@ target_sources(platform_s + partition/partition.c + partition/gpt.c + $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c> ++ rse_comms_permissions_hal.c + ) + + if (PLATFORM_IS_FVP) +@@ -376,6 +378,7 @@ target_sources(tfm_psa_rot_partition_ns_agent_mailbox + + target_sources(tfm_spm + PRIVATE ++ tfm_interrupts.c + tfm_hal_isolation.c + tfm_hal_platform.c + $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h +new file mode 100644 +index 000000000..a02fdd883 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h +@@ -0,0 +1,140 @@ ++/* ++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#ifndef __MHU_H__ ++#define __MHU_H__ ++ ++#include <stddef.h> ++#include <stdint.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/** ++ * Generic MHU error enumeration types. ++ */ ++enum mhu_error_t { ++ MHU_ERR_NONE = 0, ++ MHU_ERR_NOT_INIT = -1, ++ MHU_ERR_ALREADY_INIT = -2, ++ MHU_ERR_UNSUPPORTED_VERSION = -3, ++ MHU_ERR_UNSUPPORTED = -4, ++ MHU_ERR_INVALID_ARG = -5, ++ MHU_ERR_BUFFER_TOO_SMALL = -6, ++ MHU_ERR_GENERAL = -7, ++}; ++ ++/** ++ * \brief Initializes sender MHU. ++ * ++ * \param[in] mhu_sender_dev Pointer to the sender MHU. ++ * ++ * \return Returns mhu_error_t error code. ++ * ++ * \note This function must be called before mhu_send_data(). ++ */ ++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev); ++ ++/** ++ * \brief Initializes receiver MHU. ++ * ++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU. ++ * ++ * \return Returns mhu_error_t error code. ++ * ++ * \note This function must be called before mhu_receive_data(). ++ */ ++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev); ++ ++/** ++ * \brief Sends data over MHU. ++ * ++ * \param[in] mhu_sender_dev Pointer to the sender MHU. ++ * \param[in] send_buffer Pointer to buffer containing the data to be ++ * transmitted. ++ * \param[in] size Size of the data to be transmitted in bytes. ++ * ++ * \return Returns mhu_error_t error code. ++ * ++ * \note The send_buffer must be 4-byte aligned and its length must be at least ++ * (4 - (size % 4)) bytes bigger than the data size to prevent buffer ++ * over-reading. ++ */ ++enum mhu_error_t mhu_send_data(void *mhu_sender_dev, ++ const uint8_t *send_buffer, ++ size_t size); ++ ++/** ++ * \brief Wait for data from MHU. ++ * ++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU. ++ * ++ * \return Returns mhu_error_t error code. ++ * ++ * \note This function must be called before mhu_receive_data() if the MHU ++ * receiver interrupt is not used. ++ */ ++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev); ++ ++/** ++ * \brief Receives data from MHU. ++ * ++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU. ++ * \param[out] receive_buffer Pointer the buffer where to store the ++ * received data. ++ * \param[in,out] size As input the size of the receive_buffer, ++ * as output the number of bytes received. ++ * As a limitation, the size of the buffer ++ * must be a multiple of 4. ++ * ++ * \return Returns mhu_error_t error code. ++ * ++ * \note The receive_buffer must be 4-byte aligned and its length must be a ++ * multiple of 4. ++ */ ++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev, ++ uint8_t *receive_buffer, ++ size_t *size); ++ ++/** ++ * \brief Signals an interrupt over the last available channel and wait for the ++ * values to be cleared by the receiver. ++ * ++ * \param[in] mhu_sender_dev Pointer to the sender MHU. ++ * \param[in] value Value that will be used while signaling. ++ * ++ * \return Returns mhu_error_t error code. ++ */ ++enum mhu_error_t signal_and_wait_for_clear(void *mhu_sender_dev, ++ uint32_t value); ++ ++/** ++ * \brief Wait for signal on the last available channel in a loop and ++ * acknowledge the transfer by clearing the status on that channel. ++ * ++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU. ++ * \param[in] value Value that will be used while waiting. ++ * ++ * \return Returns mhu_error_t error code. ++ */ ++enum mhu_error_t wait_for_signal_and_clear(void *mhu_receiver_dev, ++ uint32_t value); ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __MHU_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c +new file mode 100644 +index 000000000..f749f7661 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c +@@ -0,0 +1,353 @@ ++/* ++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "mhu.h" ++ ++#include <stddef.h> ++#include <stdint.h> ++ ++#include "mhu_v2_x.h" ++ ++#define MHU_NOTIFY_VALUE (1234u) ++ ++static enum mhu_error_t ++error_mapping_to_mhu_error_t(enum mhu_v2_x_error_t err) ++{ ++ switch (err) { ++ case MHU_V_2_X_ERR_NONE: ++ return MHU_ERR_NONE; ++ case MHU_V_2_X_ERR_NOT_INIT: ++ return MHU_ERR_NOT_INIT; ++ case MHU_V_2_X_ERR_ALREADY_INIT: ++ return MHU_ERR_ALREADY_INIT; ++ case MHU_V_2_X_ERR_UNSUPPORTED_VERSION: ++ return MHU_ERR_UNSUPPORTED_VERSION; ++ case MHU_V_2_X_ERR_INVALID_ARG: ++ return MHU_ERR_INVALID_ARG; ++ case MHU_V_2_X_ERR_GENERAL: ++ return MHU_ERR_GENERAL; ++ default: ++ return MHU_ERR_GENERAL; ++ } ++} ++ ++enum mhu_error_t ++signal_and_wait_for_clear(void *mhu_sender_dev, uint32_t value) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev; ++ uint32_t channel_notify; ++ uint32_t wait_val; ++ ++ if (mhu_sender_dev == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ dev = (struct mhu_v2_x_dev_t *)mhu_sender_dev; ++ ++ /* Use the last channel for notifications */ ++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1; ++ ++ /* FIXME: Avoid wasting a whole channel for notifying */ ++ err = mhu_v2_x_channel_send(dev, channel_notify, value); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ do { ++ err = mhu_v2_x_channel_poll(dev, channel_notify, &wait_val); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ break; ++ } ++ } while (wait_val != 0); ++ ++ return error_mapping_to_mhu_error_t(err); ++} ++ ++enum mhu_error_t ++wait_for_signal_and_clear(void *mhu_receiver_dev, uint32_t value) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev; ++ uint32_t channel_notify; ++ uint32_t wait_val; ++ ++ if (mhu_receiver_dev == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ dev = (struct mhu_v2_x_dev_t *)mhu_receiver_dev; ++ ++ /* Use the last channel for notifications */ ++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1; ++ ++ do { ++ /* Using the last channel for notifications */ ++ err = mhu_v2_x_channel_receive(dev, channel_notify, &wait_val); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ } while (wait_val != value); ++ ++ /* Clear the last channel */ ++ err = mhu_v2_x_channel_clear(dev, channel_notify); ++ ++ return error_mapping_to_mhu_error_t(err); ++} ++ ++static enum mhu_v2_x_error_t ++clear_and_wait_for_signal(struct mhu_v2_x_dev_t *dev) ++{ ++ enum mhu_v2_x_error_t err; ++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); ++ uint32_t val, i; ++ ++ /* Clear all channels */ ++ for (i = 0; i < num_channels; ++i) { ++ err = mhu_v2_x_channel_clear(dev, i); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return err; ++ } ++ } ++ ++ do { ++ /* Using the last channel for notifications */ ++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ break; ++ } ++ } while (val != MHU_NOTIFY_VALUE); ++ ++ return err; ++} ++ ++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev; ++ ++ if (dev == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ /* This wrapper requires at least two channels to be implemented */ ++ if (mhu_v2_x_get_num_channel_implemented(dev) < 2) { ++ return MHU_ERR_UNSUPPORTED; ++ } ++ ++ return MHU_ERR_NONE; ++} ++ ++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev; ++ uint32_t num_channels, i; ++ ++ if (dev == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ num_channels = mhu_v2_x_get_num_channel_implemented(dev); ++ ++ /* This wrapper requires at least two channels to be implemented */ ++ if (num_channels < 2) { ++ return MHU_ERR_UNSUPPORTED; ++ } ++ ++ /* Mask all channels except the notifying channel */ ++ for (i = 0; i < (num_channels - 1); ++i) { ++ err = mhu_v2_x_channel_mask_set(dev, i, UINT32_MAX); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ } ++ ++ /* The last channel is used for notifications */ ++ err = mhu_v2_x_channel_mask_clear(dev, (num_channels - 1), UINT32_MAX); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ err = mhu_v2_x_interrupt_enable(dev, MHU_2_1_INTR_CHCOMB_MASK); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ return MHU_ERR_NONE; ++} ++ ++enum mhu_error_t mhu_send_data(void *mhu_sender_dev, ++ const uint8_t *send_buffer, ++ size_t size) ++{ ++ enum mhu_v2_x_error_t err; ++ enum mhu_error_t mhu_err; ++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev; ++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); ++ uint32_t chan = 0; ++ uint32_t i; ++ uint32_t *p; ++ ++ if (dev == NULL || send_buffer == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } else if (size == 0) { ++ return MHU_ERR_NONE; ++ } ++ ++ /* For simplicity, require the send_buffer to be 4-byte aligned. */ ++ if ((uintptr_t)send_buffer & 0x3u) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ err = mhu_v2_x_initiate_transfer(dev); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ /* First send over the size of the actual message. */ ++ err = mhu_v2_x_channel_send(dev, chan, (uint32_t)size); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ chan++; ++ ++ p = (uint32_t *)send_buffer; ++ for (i = 0; i < size; i += 4) { ++ err = mhu_v2_x_channel_send(dev, chan, *p++); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ if (++chan == (num_channels - 1)) { ++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE); ++ if (mhu_err != MHU_ERR_NONE) { ++ return mhu_err; ++ } ++ chan = 0; ++ } ++ } ++ ++ /* Signal the end of transfer. ++ * It's not required to send a signal when the message was ++ * perfectly-aligned ((num_channels - 1) channels were used in the last ++ * round) preventing it from signaling twice at the end of transfer. ++ */ ++ if (chan != 0) { ++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE); ++ if (mhu_err != MHU_ERR_NONE) { ++ return mhu_err; ++ } ++ } ++ ++ err = mhu_v2_x_close_transfer(dev); ++ return error_mapping_to_mhu_error_t(err); ++} ++ ++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev; ++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); ++ uint32_t val; ++ ++ do { ++ /* Using the last channel for notifications */ ++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ break; ++ } ++ } while (val != MHU_NOTIFY_VALUE); ++ ++ return error_mapping_to_mhu_error_t(err); ++} ++ ++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev, ++ uint8_t *receive_buffer, ++ size_t *size) ++{ ++ enum mhu_v2_x_error_t err; ++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev; ++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); ++ uint32_t chan = 0; ++ uint32_t message_len; ++ uint32_t i; ++ uint32_t *p; ++ ++ if (dev == NULL || receive_buffer == NULL) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ /* For simplicity, require: ++ * - the receive_buffer to be 4-byte aligned, ++ * - the buffer size to be a multiple of 4. ++ */ ++ if (((uintptr_t)receive_buffer & 0x3u) || (*size & 0x3u)) { ++ return MHU_ERR_INVALID_ARG; ++ } ++ ++ /* The first word is the length of the actual message. */ ++ err = mhu_v2_x_channel_receive(dev, chan, &message_len); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ chan++; ++ ++ if (message_len > *size) { ++ /* Message buffer too small */ ++ *size = message_len; ++ return MHU_ERR_BUFFER_TOO_SMALL; ++ } ++ ++ p = (uint32_t *)receive_buffer; ++ for (i = 0; i < message_len; i += 4) { ++ err = mhu_v2_x_channel_receive(dev, chan, p++); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ ++ /* Only wait for next transfer if there is still missing data. */ ++ if (++chan == (num_channels - 1) && (message_len - i) > 4) { ++ /* Busy wait for next transfer */ ++ err = clear_and_wait_for_signal(dev); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ chan = 0; ++ } ++ } ++ ++ /* Clear all channels */ ++ for (i = 0; i < num_channels; ++i) { ++ err = mhu_v2_x_channel_clear(dev, i); ++ if (err != MHU_V_2_X_ERR_NONE) { ++ return error_mapping_to_mhu_error_t(err); ++ } ++ } ++ ++ *size = message_len; ++ ++ return MHU_ERR_NONE; ++} +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index 70bbcdafd..6a805a122 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -37,14 +37,6 @@ set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryp + set(NS FALSE CACHE BOOL "Whether to build NS app") + set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.") + +-# External dependency on OpenAMP and Libmetal +-set(LIBMETAL_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libmetal (or DOWNLOAD to fetch automatically") +-set(LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use") +-set(LIBMETAL_FORCE_PATCH OFF CACHE BOOL "Always apply Libmetal patches") +- +-set(LIBOPENAMP_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libopenamp (or DOWNLOAD to fetch automatically") +-set(OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d" CACHE STRING "The version of openamp to use") +- + if (${PLATFORM_IS_FVP}) + set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.") + else() +diff --git a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt +deleted file mode 100644 +index 32c0def25..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt ++++ /dev/null +@@ -1,57 +0,0 @@ +-#------------------------------------------------------------------------------- +-# Copyright (c) 2021, Arm Limited. All rights reserved. +-# +-# SPDX-License-Identifier: BSD-3-Clause +-# +-#------------------------------------------------------------------------------- +- +-add_subdirectory(ext/libmetal) +-add_subdirectory(ext/libopenamp) +- +-set(CMAKE_SYSTEM_PROCESSOR "arm") +-set(MACHINE "template") +-set(LIBMETAL_INCLUDE_DIR "${LIBMETAL_BIN_PATH}/lib/include") +-set(LIBMETAL_LIB "${LIBMETAL_BIN_PATH}/lib") +- +-add_subdirectory(${LIBMETAL_SRC_PATH} ${LIBMETAL_BIN_PATH}) +-add_subdirectory(${LIBOPENAMP_SRC_PATH} ${LIBOPENAMP_BIN_PATH}) +- +-target_include_directories(platform_s +- PRIVATE +- ${LIBMETAL_BIN_PATH}/lib/include +- ${LIBOPENAMP_SRC_PATH}/lib/include +-) +- +-target_include_directories(platform_s +- PUBLIC +- . +-) +- +-target_sources(platform_s +- PRIVATE +- tfm_spe_openamp_platform_interconnect.c +- tfm_spe_dual_core_psa_client_secure_lib.c +- tfm_spe_openamp_interface_impl.c +- platform_spe_dual_core_hal.c +- tfm_spe_psa_client_lib_unordered_map.c +-) +- +-target_link_libraries(open_amp-static +- PRIVATE +- metal-static +-) +- +-target_compile_definitions(open_amp-static +- PRIVATE +- RPMSG_BUFFER_SIZE=8192 +-) +- +-target_link_libraries(platform_s +- PRIVATE +- open_amp-static +-) +- +-# Export header file shared with non-secure side +-install(FILES tfm_openamp_lib.h +- DESTINATION ${INSTALL_INTERFACE_INC_DIR} +-) +diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch +deleted file mode 100644 +index 7c5eacc9f..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch ++++ /dev/null +@@ -1,27 +0,0 @@ +-From d9d92c8848e4567f208f1900aff57e6a234c8130 Mon Sep 17 00:00:00 2001 +-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +-Date: Wed, 7 Dec 2022 12:37:22 +0000 +-Subject: [PATCH] Disable logger when the build type is release +- +-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +---- +- cmake/options.cmake | 3 ++- +- 1 file changed, 2 insertions(+), 1 deletion(-) +- +-diff --git a/cmake/options.cmake b/cmake/options.cmake +-index 25c7c96..7a2b116 100644 +---- a/cmake/options.cmake +-+++ b/cmake/options.cmake +-@@ -55,7 +55,8 @@ if (WITH_ZEPHYR) +- option (WITH_ZEPHYR_LIB "Build libmetal as a zephyr library" OFF) +- endif (WITH_ZEPHYR) +- +--option (WITH_DEFAULT_LOGGER "Build with default logger" ON) +-+include(CMakeDependentOption) +-+cmake_dependent_option(WITH_DEFAULT_LOGGER "Build with default logger" ON "${CMAKE_BUILD_TYPE} STREQUAL Debug" OFF) +- +- option (WITH_DOC "Build with documentation" ON) +- +--- +-2.25.1 +- +diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt +deleted file mode 100644 +index fa37fd6be..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt ++++ /dev/null +@@ -1,23 +0,0 @@ +-#------------------------------------------------------------------------------- +-# Copyright (c) 2021-2022, Arm Limited. All rights reserved. +-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company) +-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved. +-# +-# SPDX-License-Identifier: BSD-3-Clause +-# +-#------------------------------------------------------------------------------- +- +-fetch_remote_library( +- LIB_NAME libmetal +- LIB_SOURCE_PATH_VAR LIBMETAL_SRC_PATH +- LIB_BINARY_PATH_VAR LIBMETAL_BIN_PATH +- LIB_PATCH_DIR ${CMAKE_CURRENT_LIST_DIR} +- LIB_FORCE_PATCH LIBMETAL_FORCE_PATCH +- FETCH_CONTENT_ARGS +- GIT_TAG ${LIBMETAL_VERSION} +- GIT_REPOSITORY https://github.com/OpenAMP/libmetal.git +-) +- +-if (NOT LIB_BINARY_PATH_VAR) +-set(LIBMETAL_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libmetal-subbuild" CACHE PATH "Path to build directory of libmetal.") +-endif() +diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt +deleted file mode 100644 +index 28c5fa284..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt ++++ /dev/null +@@ -1,21 +0,0 @@ +-#------------------------------------------------------------------------------- +-# Copyright (c) 2020-2022, Arm Limited. All rights reserved. +-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company) +-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved. +-# +-# SPDX-License-Identifier: BSD-3-Clause +-# +-#------------------------------------------------------------------------------- +- +-fetch_remote_library( +- LIB_NAME libopenamp +- LIB_SOURCE_PATH_VAR LIBOPENAMP_SRC_PATH +- LIB_BINARY_PATH_VAR LIBOPENAMP_BIN_PATH +- FETCH_CONTENT_ARGS +- GIT_TAG ${OPENAMP_VERSION} +- GIT_REPOSITORY https://github.com/OpenAMP/open-amp.git +-) +- +-if (NOT LIB_BINARY_PATH_VAR) +-set(LIBOPENAMP_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libopenamp-subbuild" CACHE PATH "Path to build directory of open-amp.") +-endif() +diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c +deleted file mode 100644 +index 7613345ff..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c ++++ /dev/null +@@ -1,152 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon +- * company) or an affiliate of Cypress Semiconductor Corporation. All rights +- * reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- */ +- +-#include "tfm_spe_openamp_platform_interface.h" +-#include "device_cfg.h" +-#include "device_definition.h" +-#include "load/interrupt_defs.h" +-#include "mhu_v2_x.h" +-#include "tfm_plat_defs.h" +-#include "tfm_spm_log.h" +-#include "cmsis.h" +- +-#define MHU1_SEH_NOTIFY_CH 0 +-#define MHU1_SEH_NOTIFY_VAL 1234 +- +-static enum tfm_plat_err_t initialize_secure_enclave_to_host_mhu(void) +-{ +- enum mhu_v2_x_error_t status; +- +- status = mhu_v2_x_driver_init(&MHU1_SE_TO_HOST_DEV, MHU_REV_READ_FROM_HW); +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("Secure-enclave to Host MHU driver initialization failed: ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- SPMLOG_INFMSG("Secure-enclave to Host MHU Driver initialized successfully.\r\n"); +- +- return TFM_PLAT_ERR_SUCCESS; +-} +- +-static enum tfm_plat_err_t initialize_host_to_secure_enclave_mhu(void) +-{ +- enum mhu_v2_x_error_t status; +- +- status = mhu_v2_x_driver_init(&MHU1_HOST_TO_SE_DEV, MHU_REV_READ_FROM_HW); +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("Host to secure-enclave MHU driver initialization failed: ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- SPMLOG_INFMSG("Host to secure-enclave MHU Driver initialized successfully.\r\n"); +- +- NVIC_EnableIRQ(HSE1_RECEIVER_COMBINED_IRQn); +- +- return TFM_PLAT_ERR_SUCCESS; +-} +- +-static struct irq_t mbox_irq_info = {0}; +- +-void HSE1_RECEIVER_COMBINED_IRQHandler(void) +-{ +- spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi); +- +- mhu_v2_x_channel_clear(&MHU1_HOST_TO_SE_DEV, 0); +- NVIC_ClearPendingIRQ(HSE1_RECEIVER_COMBINED_IRQn); +-} +- +-enum tfm_hal_status_t mailbox_irq_init(void *p_pt, +- const struct irq_load_info_t *p_ildi) +-{ +- mbox_irq_info.p_pt = p_pt; +- mbox_irq_info.p_ildi = p_ildi; +- +- return TFM_HAL_SUCCESS; +-} +- +-enum tfm_plat_err_t tfm_dual_core_hal_init(void) +-{ +- enum tfm_plat_err_t status; +- +- status = initialize_host_to_secure_enclave_mhu(); +- if (status) { +- return status; +- } +- status = initialize_secure_enclave_to_host_mhu(); +- +- return status; +-} +- +-enum tfm_plat_err_t tfm_hal_notify_peer(void) +-{ +- uint32_t access_ready; +- enum mhu_v2_x_error_t status; +- struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV; +- +- status = mhu_v2_x_set_access_request(dev); +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("mhu_v2_x_set_access_request failed : ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- +- do { +- status = mhu_v2_x_get_access_ready(dev, &access_ready); +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("mhu_v2_x_get_access_ready failed : ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- } while(!access_ready); +- +- status = mhu_v2_x_channel_send(dev, MHU1_SEH_NOTIFY_CH, MHU1_SEH_NOTIFY_VAL); +- +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("mhu_v2_x_channel_send : ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- +- status = mhu_v2_x_reset_access_request(dev); +- if (status != MHU_V_2_X_ERR_NONE) { +- SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status); +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- return TFM_PLAT_ERR_SUCCESS; +-} +- +-/* +- * The function is implemented to support libmetal's mutex and spinlock +- * implementation. The GCC does not support a respective builtin +- * functions for Cortex M0+. So below function provides the +- * missing link for libmetal compilation. +- * This function will prevent race condition between PendSV context (where +- * entries are inserted into unordered map) and service threads (where +- * entries are removed from the unordered map). +- */ +-bool __atomic_compare_exchange_4(volatile void *mem, void *expected, +- uint32_t desired, bool var, int success, int failure) +-{ +- bool ret = false; +- volatile uint32_t *location = mem; +- volatile uint32_t *old_val = expected; +- /* unused variables */ +- (void)var; +- (void)success; +- (void)failure; +- +- NVIC_DisableIRQ(PendSV_IRQn); +- +- do { +- if (*location != *old_val) { +- break; +- } +- *location = desired; +- ret = true; +- } while (0); +- +- NVIC_EnableIRQ(PendSV_IRQn); +- +- return ret; +-} +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h +deleted file mode 100644 +index 2996ba9a8..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h ++++ /dev/null +@@ -1,128 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-/* +- * This header file is common to NSPE and SPE PSA client libraries. +- */ +- +-#ifndef __TFM_OPENAMP_LIB_H__ +-#define __TFM_OPENAMP_LIB_H__ +- +-#include <stdint.h> +-#include "psa/client.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* PSA client call type value */ +-#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1) +-#define OPENAMP_PSA_VERSION (0x2) +-#define OPENAMP_PSA_CONNECT (0x3) +-#define OPENAMP_PSA_CALL (0x4) +-#define OPENAMP_PSA_CLOSE (0x5) +- +-/* Return code of openamp APIs */ +-#define OPENAMP_SUCCESS (0) +-#define OPENAMP_MAP_FULL (INT32_MIN + 1) +-#define OPENAMP_MAP_ERROR (INT32_MIN + 2) +-#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3) +-#define OPENAMP_NO_PERMS (INT32_MIN + 4) +-#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5) +-#define OPENAMP_CHAN_BUSY (INT32_MIN + 6) +-#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7) +-#define OPENAMP_INIT_ERROR (INT32_MIN + 8) +- +-#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp +- * buffer so that openamp shared memory buffer +- * does not get freed. +- */ +- +-/* +- * This structure holds the parameters used in a PSA client call. +- */ +-typedef struct __attribute__((packed)) psa_client_in_params { +- union { +- struct __attribute__((packed)) { +- uint32_t sid; +- } psa_version_params; +- +- struct __attribute__((packed)) { +- uint32_t sid; +- uint32_t version; +- } psa_connect_params; +- +- struct __attribute__((packed)) { +- psa_handle_t handle; +- int32_t type; +- uint32_t in_vec; +- uint32_t in_len; +- uint32_t out_vec; +- uint32_t out_len; +- } psa_call_params; +- +- struct __attribute__((packed)) { +- psa_handle_t handle; +- } psa_close_params; +- }; +-} psa_client_in_params_t; +- +-/* Openamp message passed from NSPE to SPE to deliver a PSA client call */ +-typedef struct __attribute__((packed)) ns_openamp_msg { +- uint32_t call_type; /* PSA client call type */ +- psa_client_in_params_t params; /* Contain parameters used in PSA +- * client call +- */ +- +- int32_t client_id; /* Optional client ID of the +- * non-secure caller. +- * It is required to identify the +- * non-secure task when NSPE OS +- * enforces non-secure task +- * isolation +- */ +- int32_t request_id; /* This is the unique ID for a +- * request send to TF-M by the +- * non-secure core. TF-M forward +- * the ID back to non-secure on the +- * reply to a given request. Using +- * this id, the non-secure library +- * can identify the request for +- * which the reply has received. +- */ +-} ns_openamp_msg_t; +- +-/* +- * This structure holds the location of the out data of the PSA client call. +- */ +-typedef struct __attribute__((packed)) psa_client_out_params { +- uint32_t out_vec; +- uint32_t out_len; +-} psa_client_out_params_t; +- +- +-/* Openamp message from SPE to NSPE delivering the reply back for a PSA client +- * call. +- */ +-typedef struct __attribute__((packed)) s_openamp_msg { +- int32_t request_id; /* Using this id, the non-secure +- * library identifies the request. +- * TF-M forwards the same +- * request-id received on the +- * initial request. +- */ +- int32_t reply; /* Reply of the PSA client call */ +- psa_client_out_params_t params; /* Contain out data result of the +- * PSA client call. +- */ +-} s_openamp_msg_t; +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* __TFM_OPENAMP_LIB_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c +deleted file mode 100644 +index d2eabe144..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c ++++ /dev/null +@@ -1,304 +0,0 @@ +-/* +- * Copyright (c) 2021-2022, Arm Limited. All rights reserved. +- * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company) +- * or an affiliate of Cypress Semiconductor Corporation. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#include "config_impl.h" +-#include "tfm_psa_call_pack.h" +-#include "tfm_spe_dual_core_psa_client_secure_lib.h" +-#include "tfm_rpc.h" +-#include "tfm_spe_openamp_interface.h" +-#include "tfm_spm_log.h" +-#include "tfm_spe_psa_client_lib_unordered_map.h" +-#include "psa/error.h" +-#include "utilities.h" +-#include "thread.h" +- +-/** +- * In linux environment and for psa_call type client api, +- * the layout of the reply from tf-m to linux is as following. +- */ +-typedef struct output_buffer_with_payload { +- s_openamp_msg_t header; +- psa_outvec outvec[PSA_MAX_IOVEC]; +- uint8_t payload[]; /* outdata follows */ +-} output_buffer_with_payload_t; +- +-static void prepare_and_send_output_msg(int32_t reply, int32_t request_id) +-{ +- s_openamp_msg_t msg; +- +- msg.request_id = request_id; +- msg.reply = reply; +- +- msg.params.out_vec = 0; +- msg.params.out_len = 0; +- +- tfm_to_openamp_reply_back(&msg, sizeof(msg)); +-} +- +-static void prepare_and_send_preallocated_output_msg(int32_t reply, +- const unordered_map_entry_t* s_map_entry) +-{ +- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len; +- output_buffer_with_payload_t *output_msg = (output_buffer_with_payload_t*)s_map_entry->output_buffer; +- +- output_msg->header.request_id = s_map_entry->msg.request_id; +- output_msg->header.reply = reply; +- +- output_msg->header.params.out_vec = +- (uint32_t)tfm_to_openamp_translate_secure_to_non_secure_ptr( +- output_msg->outvec); +- output_msg->header.params.out_len = out_len; +- +- for (int i = 0; i < out_len; i++) { +- output_msg->outvec[i].base = tfm_to_openamp_translate_secure_to_non_secure_ptr( +- output_msg->outvec[i].base); +- } +- +- /* send msg to non-secure side */ +- tfm_to_openamp_reply_back_no_copy(output_msg, s_map_entry->output_buffer_len); +-} +- +-void send_service_reply_to_non_secure(int32_t reply, void *private) +-{ +- unordered_map_handle_t handle; +- const unordered_map_entry_t* s_map_entry = (const unordered_map_entry_t*)private; +- +- if (s_map_entry->is_input_buffer_hold) { +- tfm_to_openamp_release_buffer(s_map_entry->input_buffer); +- } +- +- if (s_map_entry->is_output_buffer) { +- prepare_and_send_preallocated_output_msg(reply, s_map_entry); +- } else { +- prepare_and_send_output_msg(reply, s_map_entry->msg.request_id); +- } +- +- handle = unordered_map_get_entry_handle(s_map_entry); +- if (handle == INVALID_MAP_HANDLE) { +- SPMLOG_ERRMSG("FATAL_ERROR: Map handle not valid\r\n"); +- SPM_ASSERT(0); +- } +- unordered_map_free(handle); +-} +- +-static psa_invec * prepare_in_vecs(unordered_map_entry_t* s_map_entry) +-{ +- uint32_t in_len = s_map_entry->msg.params.psa_call_params.in_len; +- SPM_ASSERT(in_len <= PSA_MAX_IOVEC); +- +- psa_invec *input_buffer_in_vec = (psa_invec*)tfm_to_openamp_translate_non_secure_to_secure_ptr( +- (void*)s_map_entry->msg.params.psa_call_params.in_vec); +- for (int i = 0; i < in_len; i++) { +- input_buffer_in_vec[i].base = tfm_to_openamp_translate_non_secure_to_secure_ptr( +- input_buffer_in_vec[i].base); +- } +- +- return input_buffer_in_vec; +-} +- +-static void * alloc_output_buffer_in_shared_mem(size_t length, +- unordered_map_entry_t* s_map_entry) +-{ +- uint32_t buffer_sz = 0; +- +- /* pre allocate output_buffer space from openamp shared memory */ +- s_map_entry->output_buffer = tfm_to_openamp_get_buffer(&buffer_sz); +- SPM_ASSERT((s_map_entry->output_buffer != NULL) && (buffer_sz >= length)); +- s_map_entry->is_output_buffer = true; +- s_map_entry->output_buffer_len = length; +- spm_memset(s_map_entry->output_buffer, 0x0, length); +- +- return s_map_entry->output_buffer; +-} +- +-static psa_status_t alloc_and_prepare_out_vecs(psa_outvec **out_vec_start_ptr, +- unordered_map_entry_t* s_map_entry) +-{ +- psa_outvec *input_buffer_outvec = NULL; +- size_t output_buffer_len = 0; +- size_t current_outdata_len = 0; +- output_buffer_with_payload_t *out_buffer = NULL; +- int max_shared_mem_buffer_size = 0; +- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len; +- +- SPM_ASSERT(out_len <= PSA_MAX_IOVEC); +- *out_vec_start_ptr = NULL; +- +- if (out_len == 0) { +- return PSA_SUCCESS; +- } +- +- input_buffer_outvec = (psa_outvec*)tfm_to_openamp_translate_non_secure_to_secure_ptr( +- (void*)s_map_entry->msg.params.psa_call_params.out_vec); +- +- /* calculate and validate out data len */ +- output_buffer_len = sizeof(output_buffer_with_payload_t); +- for (int i = 0; i < out_len; i++) { +- output_buffer_len += input_buffer_outvec[i].len; +- } +- max_shared_mem_buffer_size = tfm_to_openamp_get_buffer_size(); +- if (output_buffer_len > max_shared_mem_buffer_size) { +- SPMLOG_ERRMSGVAL("required buffer size : ", output_buffer_len); +- SPMLOG_ERRMSGVAL(" is more than maximum available : ", max_shared_mem_buffer_size); +- return PSA_ERROR_INVALID_ARGUMENT; +- } +- +- /* prepare output buffer layout */ +- out_buffer = (output_buffer_with_payload_t*)alloc_output_buffer_in_shared_mem( +- output_buffer_len, s_map_entry); +- +- for (int i = 0; i < PSA_MAX_IOVEC; i++) { +- if (i < out_len) { +- out_buffer->outvec[i].base = &out_buffer->payload[current_outdata_len]; +- out_buffer->outvec[i].len = input_buffer_outvec[i].len; +- current_outdata_len += input_buffer_outvec[i].len; +- } else { +- out_buffer->outvec[i].base = NULL; +- out_buffer->outvec[i].len = 0; +- } +- } +- +- *out_vec_start_ptr = out_buffer->outvec; +- +- return PSA_SUCCESS; +-} +- +-static psa_status_t prepare_params_for_psa_call(struct client_params_t *params, +- unordered_map_entry_t* s_map_entry) +-{ +- psa_status_t ret = PSA_SUCCESS; +- +- params->ns_client_id_stateless = s_map_entry->msg.client_id; +- +- params->p_outvecs = NULL; +- ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry); +- if (ret != PSA_SUCCESS) { +- return ret; +- } +- +- params->p_invecs = prepare_in_vecs(s_map_entry); +- +- /* hold the input shared memory */ +- tfm_to_openamp_hold_buffer(s_map_entry->input_buffer); +- s_map_entry->is_input_buffer_hold = true; +- +- return ret; +-} +- +-__STATIC_INLINE int32_t check_msg(const ns_openamp_msg_t *msg) +-{ +- /* +- * TODO +- * Comprehensive check of openamp msessage content can be implemented here. +- */ +- (void)msg; +- return OPENAMP_SUCCESS; +-} +- +-static void send_error_to_non_secure(int32_t reply, int32_t request_id) +-{ +- prepare_and_send_output_msg(reply, request_id); +-} +- +-int32_t register_msg_to_spe_and_verify(void **private, const void *data, size_t len) +-{ +- unordered_map_entry_t *s_map_entry; +- ns_openamp_msg_t *ns_msg; +- unordered_map_handle_t map_handle; +- int32_t ret = OPENAMP_SUCCESS; +- +- *private = NULL; +- +- if (len < sizeof(ns_openamp_msg_t)) { +- SPMLOG_ERRMSG("Invalid parameters.\r\n"); +- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, 0); +- return OPENAMP_INVAL_PARAMS; +- } +- +- /* start of the data is with "ns_openamp_msg_t" */ +- ns_msg = (ns_openamp_msg_t*)data; +- ret = unordered_map_insert(ns_msg, data, &map_handle); +- if (ret) { +- SPMLOG_ERRMSG("Map insert failed\r\n"); +- send_error_to_non_secure(OPENAMP_MAP_FULL, ns_msg->request_id); +- return OPENAMP_MAP_FULL; +- } +- +- s_map_entry = unordered_map_get_entry_ptr(map_handle); +- +- /* verify msg after copy to the secure memory */ +- if (check_msg(&s_map_entry->msg)) { +- SPMLOG_ERRMSG("Message is invalid\r\n"); +- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, ns_msg->request_id); +- unordered_map_free(map_handle); +- return OPENAMP_INVAL_PARAMS; +- } +- +- *private = s_map_entry; +- +- return ret; +-} +- +-void deliver_msg_to_tfm_spe(void *private) +-{ +- struct client_params_t params = {0}; +- psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR; +- unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private; +- +- switch(s_map_entry->msg.call_type) { +- case OPENAMP_PSA_FRAMEWORK_VERSION: +- psa_ret = tfm_rpc_psa_framework_version(); +- send_service_reply_to_non_secure(psa_ret, s_map_entry); +- break; +- case OPENAMP_PSA_VERSION: +- psa_ret = tfm_rpc_psa_version(s_map_entry->msg.params.psa_version_params.sid); +- send_service_reply_to_non_secure(psa_ret, s_map_entry); +- break; +- case OPENAMP_PSA_CALL: +- psa_ret = prepare_params_for_psa_call(¶ms, s_map_entry); +- if (psa_ret != PSA_SUCCESS) { +- send_service_reply_to_non_secure(psa_ret, s_map_entry); +- break; +- } +- psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle, +- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, +- s_map_entry->msg.params.psa_call_params.in_len, +- s_map_entry->msg.params.psa_call_params.out_len), +- ¶ms, NULL); +- if (psa_ret != PSA_SUCCESS) { +- send_service_reply_to_non_secure(psa_ret, s_map_entry); +- break; +- } +- break; +-#if CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1 +- case OPENAMP_PSA_CONNECT: +- psa_ret = tfm_rpc_psa_connect(s_map_entry->msg.params.psa_connect_params.sid, +- s_map_entry->msg.params.psa_connect_params.version, +- s_map_entry->msg.client_id, +- NULL); +- if (psa_ret != PSA_SUCCESS) { +- send_service_reply_to_non_secure(psa_ret, s_map_entry); +- } +- break; +- case OPENAMP_PSA_CLOSE: +- tfm_rpc_psa_close(s_map_entry->msg.params.psa_close_params.handle); +- break; +-#endif /* CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1 */ +- default: +- SPMLOG_ERRMSG("msg type did not recognized\r\n"); +- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, s_map_entry->msg.request_id); +- unordered_map_free(unordered_map_get_entry_handle(s_map_entry)); +- break; +- } +-} +- +-void init_dual_core_psa_client_secure_lib(void) +-{ +- unordered_map_init(); +-} +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h +deleted file mode 100644 +index de7891b83..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#ifndef __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ +-#define __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ +- +-#include "tfm_openamp_lib.h" +- +-/** +- * \brief Initializes the library. +- */ +-void init_dual_core_psa_client_secure_lib(void); +- +-/** +- * \brief Decodes the messages received from the NSPE before sending +- * to SPE. +- */ +-void deliver_msg_to_tfm_spe(void *private); +- +-/** +- * \brief Encodes the reply of service before sending it to NSPE. +- */ +-void send_service_reply_to_non_secure(int32_t reply, void *private); +- +-/** +- * \brief Validate and register the message. The message details are +- * copied inside the unordered_map. +- * +- * \retval OPENAMP_SUCCESS Successfully registered the message. +- * \retval Other return code Operation failed with an error code. +- */ +-int32_t register_msg_to_spe_and_verify(void **private, +- const void *data, size_t len); +- +-#endif /* __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h +deleted file mode 100644 +index 25afd5017..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * Copyright (c) 2020 Linaro Limited +- * +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#ifndef TFM_SPE_OPENAMP_INTERFACE_H_ +-#define TFM_SPE_OPENAMP_INTERFACE_H_ +- +-#define SUCCESS (0) +-#define ERROR (INT32_MIN + 1) +- +- +-typedef void (*openamp_to_tfm_callback)(const void *data, +- size_t len); +-typedef void (*openamp_to_tfm_notify)(void); +- +-/* +- * These functions are the logical interface from TF-M to +- * OpenAMP. +- */ +-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb, +- openamp_to_tfm_notify notify); +-void tfm_to_openamp_notify(void); +-void tfm_to_openamp_spe_map_spinlock_acquire(void); +-void tfm_to_openamp_spe_map_spinlock_release(void); +-void tfm_to_openamp_reply_back(const void* data, size_t len); +-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len); +-void tfm_to_openamp_hold_buffer(const void *buffer); +-void tfm_to_openamp_release_buffer(const void *buffer); +-void *tfm_to_openamp_get_buffer(uint32_t *len); +-int tfm_to_openamp_get_buffer_size(void); +-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr); +-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr); +- +-#endif /* TFM_SPE_OPENAMP_INTERFACE_H_ */ +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c +deleted file mode 100644 +index aa16e9929..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c ++++ /dev/null +@@ -1,248 +0,0 @@ +-/* +- * Copyright (c) 2020 Linaro Limited +- * +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#include <metal/device.h> +-#include <metal/spinlock.h> +-#include <openamp/open_amp.h> +- +-#include "tfm_spe_openamp_interface.h" +-#include "tfm_spm_log.h" +-#include "tfm_spe_shm_openamp.h" +- +-static metal_phys_addr_t shm_physmap[] = { SHM_START_PHY_ADDR }; +-static struct metal_device shm_device = { +- .name = SHM_DEVICE_NAME, +- .bus = NULL, +- .num_regions = 1, +- { +- { +- .virt = (void *) SHM_START_VIRT_ADDR, +- .physmap = shm_physmap, +- .size = SHM_SIZE, +- .page_shift = 0xffffffff, +- .page_mask = 0xffffffff, +- .mem_flags = 0, +- .ops = { NULL }, +- }, +- }, +- .node = { NULL }, +- .irq_num = 0, +- .irq_info = NULL +-}; +- +-/* Space to be used by virtqueues */ +-#define VQ_STATIC_SIZE (sizeof(struct virtqueue) + (VRING_SIZE * sizeof(struct vq_desc_extra))) +-uint8_t vq1_static_space[VQ_STATIC_SIZE]; +-uint8_t vq2_static_space[VQ_STATIC_SIZE]; +- +-static struct virtio_vring_info rvrings[2]; +- +-static struct virtio_device vdev; +-static struct rpmsg_virtio_device rvdev; +-static struct metal_io_region *io; +-static struct virtqueue *vq[2]; +-static struct rpmsg_virtio_shm_pool shpool; +-static struct rpmsg_endpoint tfm_ept; +-static struct rpmsg_endpoint *ep = &tfm_ept; +-static struct metal_spinlock spe_map_slock; +-static openamp_to_tfm_callback tfm_callback = NULL; +-static openamp_to_tfm_notify tfm_notify = NULL; +- +-static unsigned char virtio_get_status(struct virtio_device *vdev) +-{ +- (void)vdev; +- uint32_t status = *(uint32_t *)VDEV_STATUS_ADDR; +- return status; +-} +- +-static void virtio_set_status(struct virtio_device *vdev, unsigned char status) +-{ +- (void)vdev; +- *(uint32_t *)VDEV_STATUS_ADDR = status; +-} +- +-static uint32_t virtio_get_features(struct virtio_device *vdev) +-{ +- (void)vdev; +- return 1 << VIRTIO_RPMSG_F_NS; +-} +- +-static void virtio_notify(struct virtqueue *vq) +-{ +- (void)vq; +- tfm_notify(); +-} +- +-static struct virtio_dispatch dispatch = { +- .get_status = virtio_get_status, +- .set_status = virtio_set_status, +- .get_features = virtio_get_features, +- .notify = virtio_notify, +-}; +- +-int endpoint_cb(struct rpmsg_endpoint *ept, void *data, +- size_t len, uint32_t src, void *priv) +-{ +- (void)ept; +- (void)src; +- (void)priv; +- tfm_callback(data, len); +- return 0; +-} +- +-static void rpmsg_service_unbind(struct rpmsg_endpoint *ept) +-{ +- (void)ept; +- rpmsg_destroy_ept(ep); +-} +- +-void ns_bind_cb(struct rpmsg_device *rdev, const char *name, uint32_t dest) +-{ +- (void)rpmsg_create_ept(ep, rdev, name, +- RPMSG_ADDR_ANY, dest, +- endpoint_cb, +- rpmsg_service_unbind); +-} +- +-void tfm_to_openamp_notify(void) +-{ +- virtqueue_notification(vq[0]); +-} +- +-void tfm_to_openamp_spe_map_spinlock_acquire(void) +-{ +- metal_spinlock_acquire(&spe_map_slock); +-} +- +-void tfm_to_openamp_spe_map_spinlock_release(void) +-{ +- metal_spinlock_release(&spe_map_slock); +-} +- +-void tfm_to_openamp_reply_back(const void* data, size_t len) +-{ +- rpmsg_send(ep, data, len); +-} +- +-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len) +-{ +- rpmsg_send_nocopy(ep, data, len); +-} +- +-void tfm_to_openamp_hold_buffer(const void *buffer) +-{ +- rpmsg_hold_rx_buffer(ep, (void*)buffer); +-} +- +-void tfm_to_openamp_release_buffer(const void *buffer) +-{ +- rpmsg_release_rx_buffer(ep, (void*)buffer); +-} +- +-void *tfm_to_openamp_get_buffer(uint32_t *len) +-{ +- return rpmsg_get_tx_payload_buffer(ep, len, 1); +-} +- +-int tfm_to_openamp_get_buffer_size(void) +-{ +- return rpmsg_virtio_get_buffer_size(&rvdev.rdev); +-} +- +-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr) +-{ +- metal_phys_addr_t phys = 0; +- phys = (metal_phys_addr_t)ptr; +- return metal_io_phys_to_virt(io, phys); +-} +- +-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr) +-{ +- metal_phys_addr_t phys = metal_io_virt_to_phys(io, (void*)ptr); +- return (void*)phys; +-} +- +-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb, +- openamp_to_tfm_notify notify) +-{ +- int status = 0; +- struct metal_device *device; +- struct metal_init_params metal_params = METAL_INIT_DEFAULTS; +- +- SPMLOG_INFMSG("TF-M OpenAMP[master] starting initialization...\r\n"); +- +- if (cb == NULL || notify == NULL) { +- SPMLOG_ERRMSG("invalid parameters\r\n"); +- return ERROR; +- } +- tfm_callback = cb; +- tfm_notify = notify; +- +- metal_spinlock_init(&spe_map_slock); +- +- status = metal_init(&metal_params); +- if (status != 0) { +- SPMLOG_ERRMSG("metal_init: failed - error code\r\n"); +- return ERROR; +- } +- +- status = metal_register_generic_device(&shm_device); +- if (status != 0) { +- SPMLOG_ERRMSG("Couldn't register shared memory device\r\n"); +- return ERROR; +- } +- +- status = metal_device_open("generic", SHM_DEVICE_NAME, &device); +- if (status != 0) { +- SPMLOG_ERRMSG("metal_device_open failed\r\n"); +- return ERROR; +- } +- +- io = metal_device_io_region(device, 0); +- if (io == NULL) { +- SPMLOG_ERRMSG("metal_device_io_region failed to get region\r\n"); +- return ERROR; +- } +- +- /* setup vdev */ +- +- memset(vq1_static_space, 0x0, VQ_STATIC_SIZE); +- vq[0] = (struct virtqueue *)vq1_static_space; +- +- memset(vq2_static_space, 0x0, VQ_STATIC_SIZE); +- vq[1] = (struct virtqueue *)vq2_static_space; +- +- vdev.role = RPMSG_MASTER; +- vdev.vrings_num = VRING_COUNT; +- vdev.func = &dispatch; +- rvrings[0].io = io; +- rvrings[0].info.vaddr = (void *)VRING_TX_ADDRESS; +- rvrings[0].info.num_descs = VRING_SIZE; +- rvrings[0].info.align = VRING_ALIGNMENT; +- rvrings[0].vq = vq[0]; +- +- rvrings[1].io = io; +- rvrings[1].info.vaddr = (void *)VRING_RX_ADDRESS; +- rvrings[1].info.num_descs = VRING_SIZE; +- rvrings[1].info.align = VRING_ALIGNMENT; +- rvrings[1].vq = vq[1]; +- +- vdev.vrings_info = &rvrings[0]; +- +- /* setup rvdev */ +- rpmsg_virtio_init_shm_pool(&shpool, (void *)SHM_START_VIRT_ADDR, SHM_SIZE); +- status = rpmsg_init_vdev(&rvdev, &vdev, ns_bind_cb, io, &shpool); +- if (status != 0) { +- SPMLOG_ERRMSGVAL("rpmsg_init_vdev failed : ", status); +- return ERROR; +- } +- SPMLOG_INFMSG("rpmsg_init_vdev Done!\r\n"); +- +- return SUCCESS; +-} +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c +deleted file mode 100644 +index db8e8ac8b..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c ++++ /dev/null +@@ -1,114 +0,0 @@ +-/* +- * Copyright (c) 2021-2022, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#include "tfm_spe_openamp_platform_interface.h" +-#include "tfm_spe_dual_core_psa_client_secure_lib.h" +-#include "tfm_rpc.h" +-#include "tfm_spe_openamp_interface.h" +-#include "tfm_multi_core.h" +-#include "tfm_spm_log.h" +-#include "utilities.h" +- +-static void *registered_msg = NULL; +- +-/* Process call from the other core. */ +-void callback_from_openamp(const void *ns_msg, size_t len) +-{ +- int32_t ret = OPENAMP_SUCCESS; +- void *priv = NULL; +- +- ret = register_msg_to_spe_and_verify(&priv, ns_msg, len); +- if (ret != OPENAMP_SUCCESS) { +- return; +- } +- +- /* +- * registered_msg will be used inside get_caller_private_data. +- * get_caller_private_data will be called in the same context: +- * deliver_msg* => tfm_rpc_xxx => tfm_spm_xxx => spm_init_connection +- * => tfm_rpc_set_caller_data => get_caller_private_data +- */ +- registered_msg = priv; +- +- deliver_msg_to_tfm_spe(priv); +-} +- +-/* RPC reply() callback */ +-static void service_reply(const void *priv, int32_t ret) +-{ +- send_service_reply_to_non_secure(ret, (void*)priv); +-} +- +-/* RPC get_caller_data() callback */ +-static const void *get_caller_private_data(int32_t client_id) +-{ +- if (!registered_msg) { +- SPMLOG_ERRMSG("FATAL_ERROR: Map pointer cannot be NULL.\r\n"); +- SPM_ASSERT(0); +- } +- +- return registered_msg; +-} +- +-/* Openamp specific operations callback for TF-M RPC */ +-static const struct tfm_rpc_ops_t openamp_rpc_ops = { +- .handle_req = tfm_to_openamp_notify, /* notify openamp for pendsv/irq +- * received from the non-secure */ +- .reply = service_reply, +- .get_caller_data = get_caller_private_data, +-}; +- +-void notify_request_from_openamp(void) +-{ +- int32_t ret; +- +- ret = tfm_hal_notify_peer(); +- if (ret) { +- SPMLOG_ERRMSGVAL("tfm_hal_notify_peer failed ", ret); +- } +- return; +-} +- +-/* Openmap initialization */ +-static int32_t tfm_spe_openamp_lib_init(void) +-{ +- int32_t ret; +- +- ret = tfm_dual_core_hal_init(); +- if (ret) { +- SPMLOG_ERRMSGVAL("tfm_dual_core_hal_init failed ", ret); +- return OPENAMP_INIT_ERROR; +- } +- +- ret = tfm_to_openamp_init(callback_from_openamp, +- notify_request_from_openamp); +- if (ret) { +- SPMLOG_ERRMSGVAL("tfm_to_openamp_init failed ", ret); +- return OPENAMP_INIT_ERROR; +- } +- +- init_dual_core_psa_client_secure_lib(); +- +- /* Register RPC callbacks */ +- ret = tfm_rpc_register_ops(&openamp_rpc_ops); +- if (ret) { +- SPMLOG_ERRMSGVAL("tfm_rpc_register_ops failed ", ret); +- return OPENAMP_CALLBACK_REG_ERROR; +- } +- +- SPMLOG_INFMSG("tfm_spe_openamp_lib_init initialized success.\r\n"); +- return OPENAMP_SUCCESS; +-} +- +-int32_t tfm_inter_core_comm_init(void) +-{ +- if (tfm_spe_openamp_lib_init()) { +- return TFM_PLAT_ERR_SYSTEM_ERR; +- } +- +- return TFM_PLAT_ERR_SUCCESS; +-} +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h +deleted file mode 100644 +index 4c720b731..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#ifndef __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ +-#define __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ +- +-#include "tfm_openamp_lib.h" +-#include "tfm_plat_defs.h" +- +-/** +- * \brief Platform specific initialization of SPE openamp. +- * +- * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. +- * \retval Other return code Operation failed with an error code. +- */ +-enum tfm_plat_err_t tfm_dual_core_hal_init(void); +- +-/** +- * \brief Notify NSPE that a PSA client call return result is replied. +- * Implemented by platform specific inter-processor communication driver. +- * +- * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out. +- * \retval Other return code Operation failed with an error code. +- */ +-enum tfm_plat_err_t tfm_hal_notify_peer(void); +- +-#endif /* __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c +deleted file mode 100644 +index 007a675bd..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c ++++ /dev/null +@@ -1,151 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#include "tfm_spe_psa_client_lib_unordered_map.h" +-#include "utilities.h" +-#include "tfm_spe_openamp_interface.h" +-#include "tfm_spe_shm_openamp.h" +-#include <stdbool.h> +-#include <stddef.h> +-#include <string.h> +- +-/* +- * SPE map where tf-m copies the psa_client parameters +- * from non-secure memory to its local secure memory. +- */ +-typedef struct unordered_map { +- /* +- * Aligned with TFM_MAX_MESSAGES. A more sophisticated approach is +- * required if the intent is to increase TFM_MAX_MESSAGES beyond +- * 32 bits. +- */ +- uint32_t busy_slots; /* protected by a spinlock */ +- unordered_map_entry_t map[TFM_MAX_MESSAGES]; +-} unordered_map_t; +- +- +-/* +- * TF-M secure memory map: the parameters are copied to secure memory +- * from openamp non-secure memory. This is to avoid TOCTOU attack. +- */ +-static unordered_map_t psa_client_lib_map_; +- +-static inline int find_first_unset_bit(uint32_t n) +-{ +- int index = -1; +- n = ~n & (n+1); +- while(n>0) { +- n >>= 1; +- index++; +- } +- return index; +-} +- +-static inline bool is_map_full(unordered_map_t *m) +-{ +- return (~(m->busy_slots) == 0); +-} +- +-static inline void set_bit(uint32_t *n, int index) +-{ +- *n = (*n | (1 << index)); +-} +- +-static inline bool is_bit_set(uint32_t n, int index) +-{ +- return ((n & (1 << index)) != 0); +-} +- +-static inline void unset_bit(uint32_t *n, int index) +-{ +- uint32_t mask = 0; +- mask |= (1 << index); +- *n = (*n & ~mask); +-} +- +-void unordered_map_init(void) +-{ +- tfm_to_openamp_spe_map_spinlock_acquire(); +- psa_client_lib_map_.busy_slots = 0; +- tfm_to_openamp_spe_map_spinlock_release(); +-} +- +-static int32_t alloc_map_entry(unordered_map_handle_t *handle) +-{ +- int32_t ret; +- tfm_to_openamp_spe_map_spinlock_acquire(); +- do { +- if (is_map_full(&psa_client_lib_map_)) { +- ret = OPENAMP_MAP_FULL; +- break; +- } +- *handle = find_first_unset_bit(psa_client_lib_map_.busy_slots); +- set_bit(&psa_client_lib_map_.busy_slots, *handle); +- ret = OPENAMP_SUCCESS; +- } while (0); +- tfm_to_openamp_spe_map_spinlock_release(); +- return ret; +-} +- +-int32_t unordered_map_insert(const ns_openamp_msg_t *ns_msg, const void *in, +- unordered_map_handle_t *handle) +-{ +- int32_t ret; +- +- ret = alloc_map_entry(handle); +- if (ret) { +- return ret; +- } +- +- memcpy(&psa_client_lib_map_.map[*handle].msg, ns_msg, +- sizeof(ns_openamp_msg_t)); +- +- psa_client_lib_map_.map[*handle].input_buffer = in; +- psa_client_lib_map_.map[*handle].output_buffer = NULL; +- psa_client_lib_map_.map[*handle].output_buffer_len = 0; +- psa_client_lib_map_.map[*handle].is_input_buffer_hold = false; +- psa_client_lib_map_.map[*handle].is_output_buffer = false; +- +- psa_client_lib_map_.map[*handle].handle = *handle; +- +- return OPENAMP_SUCCESS; +-} +- +-void unordered_map_free(unordered_map_handle_t handle) +-{ +- if (handle >= TFM_MAX_MESSAGES || handle < 0) { +- return; +- } +- spm_memset(&psa_client_lib_map_.map[handle], 0, +- sizeof(unordered_map_entry_t)); +- +- tfm_to_openamp_spe_map_spinlock_acquire(); +- unset_bit(&psa_client_lib_map_.busy_slots, handle); +- tfm_to_openamp_spe_map_spinlock_release(); +-} +- +-unordered_map_entry_t* unordered_map_get_entry_ptr(unordered_map_handle_t handle) +-{ +- if (handle >= TFM_MAX_MESSAGES || handle < 0) { +- return NULL; +- } +- if (!is_bit_set(psa_client_lib_map_.busy_slots, handle)) { +- return NULL; +- } +- return &psa_client_lib_map_.map[handle]; +-} +- +-unordered_map_handle_t unordered_map_get_entry_handle( +- const unordered_map_entry_t *ptr) +-{ +- if (!ptr) { +- return INVALID_MAP_HANDLE; +- } +- +- return ptr->handle; +-} +- +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h +deleted file mode 100644 +index 1d094133b..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h ++++ /dev/null +@@ -1,50 +0,0 @@ +-/* +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#ifndef __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ +-#define __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ +- +-#include <stdbool.h> +-#include "tfm_openamp_lib.h" +- +-/* 16 bits are sufficient to store the handle. Also +- * choosing 16bits allow for better packing inside +- * the struct unordered_map_entry_t. +- */ +-typedef int16_t unordered_map_handle_t; +-#define INVALID_MAP_HANDLE -1 +- +-/* An entry structure of map data structure */ +-typedef struct unordered_map_entry { +- ns_openamp_msg_t msg; +- const void *input_buffer; +- void *output_buffer; +- size_t output_buffer_len; +- unordered_map_handle_t handle; /* entry handle */ +- bool is_input_buffer_hold; /* true when input buffer is held */ +- bool is_output_buffer; /* true when output buffer is preallocated */ +-} unordered_map_entry_t; +- +-/* Initialize the map data structure */ +-void unordered_map_init(void); +- +-/* Insert entry into the map and return a handle to the entry */ +-int32_t unordered_map_insert(const ns_openamp_msg_t *msg, const void *in, +- unordered_map_handle_t *handle); +- +-/* Free respective entry into the map represented by the handle */ +-void unordered_map_free(unordered_map_handle_t handle); +- +-/* Using a handle return the memory pointer of the entry */ +-unordered_map_entry_t* unordered_map_get_entry_ptr( +- unordered_map_handle_t handle); +- +-/* Using a entry memory location, return respective handle */ +-unordered_map_handle_t unordered_map_get_entry_handle( +- const unordered_map_entry_t *ptr); +- +-#endif /* __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h +deleted file mode 100644 +index 6e8cde8f4..000000000 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * Copyright (c) 2020 Linaro Limited +- * +- * Copyright (c) 2021, Arm Limited. All rights reserved. +- * +- * SPDX-License-Identifier: BSD-3-Clause +- * +- */ +- +-#ifndef TFM_SPE_SHM_OPEN_AMP_H_ +-#define TFM_SPE_SHM_OPEN_AMP_H_ +- +-#include "region_defs.h" +- +-#define VDEV_STATUS_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR) +-#define VDEV_STATUS_SIZE (0x1000) // 4 KB +-#define SHM_START_VIRT_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE) +-#define SHM_START_PHY_ADDR (OPENAMP_HOST_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE) +-#define SHM_SIZE OPENAMP_SHARED_MEMORY_SIZE - VDEV_STATUS_SIZE +-#define SHM_DEVICE_NAME "cvm.shm" +- +-#define VRING_COUNT 2 +-#define VRING_MEM_SIZE (0x1000) // 4 KB +-#define VRING_TX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - VRING_MEM_SIZE) +-#define VRING_RX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - (2 * VRING_MEM_SIZE)) +-#define VRING_ALIGNMENT 4 +-#define VRING_SIZE 16 +- +-/* +- * The tf-m can only accept MAX_MESSAGES at a given time. +- * The Host should set RPMSG_BUFFER_SIZE accrodingly +- * such that tf-m does not recieve more than +- * TFM_MAX_MESSAGES messages. +- * Changing this macro DOES NOT increase TF-M capabilities +- * to handle more messages. +- */ +-#define TFM_MAX_MESSAGES (32) +- +-#endif /* TFM_SPE_SHM_OPEN_AMP_H_ */ +diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h +index 64ab786e5..a80b07737 100644 +--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h ++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h +@@ -59,13 +59,13 @@ + #define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1) + #define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE) + +-/* OpenAMP shared memory region */ +-#define OPENAMP_SE_SHARED_MEMORY_START_ADDR 0xA8000000 +-#define OPENAMP_HOST_SHARED_MEMORY_START_ADDR 0x88000000 +-#define OPENAMP_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */ ++/* Shared memory region */ ++#define INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR 0xA8000000 ++#define INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR 0x88000000 ++#define INTER_PROCESSOR_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */ + +-#define NS_DATA_START OPENAMP_SE_SHARED_MEMORY_START_ADDR +-#define NS_DATA_SIZE OPENAMP_SHARED_MEMORY_SIZE ++#define NS_DATA_START INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR ++#define NS_DATA_SIZE INTER_PROCESSOR_SHARED_MEMORY_SIZE + + #define S_CODE_VECTOR_TABLE_SIZE (0xc0) + +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt +new file mode 100644 +index 000000000..7c4bc0fef +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt +@@ -0,0 +1,34 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++target_include_directories(platform_s ++ PUBLIC ++ . ++) ++ ++target_sources(platform_s ++ PRIVATE ++ rse_comms.c ++ rse_comms_hal.c ++ rse_comms_queue.c ++ rse_comms_protocol.c ++ rse_comms_protocol_embed.c ++) ++ ++target_compile_definitions(platform_s ++ PRIVATE ++ RSE_COMMS_MAX_CONCURRENT_REQ=1 ++ RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ $<$<BOOL:${CONFIG_TFM_HALT_ON_CORE_PANIC}>:CONFIG_TFM_HALT_ON_CORE_PANIC> ++) ++ ++# For spm_log_msgval ++target_link_libraries(platform_s ++ PRIVATE ++ tfm_spm ++ tfm_sprt ++) +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c +new file mode 100644 +index 000000000..df2b6bffa +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c +@@ -0,0 +1,176 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon company) ++ * or an affiliate of Cypress Semiconductor Corporation. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms.h" ++ ++#include <stddef.h> ++#include <stdint.h> ++ ++#include "rse_comms_hal.h" ++#include "rse_comms_queue.h" ++#include "tfm_rpc.h" ++#include "tfm_multi_core.h" ++#include "tfm_hal_multi_core.h" ++#include "tfm_psa_call_pack.h" ++#include "tfm_spm_log.h" ++#include "rse_comms_permissions_hal.h" ++ ++static struct client_request_t *req_to_process; ++ ++static psa_status_t message_dispatch(struct client_request_t *req) ++{ ++ int32_t client_id; ++ enum tfm_plat_err_t plat_err; ++ ++ /* Create the call parameters */ ++ struct client_params_t params = { ++ .p_invecs = req->in_vec, ++ .p_outvecs = req->out_vec, ++ }; ++ ++ SPMLOG_DBGMSG("[RSE-COMMS] Dispatching message\r\n"); ++ SPMLOG_DBGMSGVAL("handle=", req->handle); ++ SPMLOG_DBGMSGVAL("type=", req->type); ++ SPMLOG_DBGMSGVAL("in_len=", req->in_len); ++ SPMLOG_DBGMSGVAL("out_len=", req->out_len); ++ if (req->in_len > 0) { ++ SPMLOG_DBGMSGVAL("in_vec[0].len=", req->in_vec[0].len); ++ } ++ if (req->in_len > 1) { ++ SPMLOG_DBGMSGVAL("in_vec[1].len=", req->in_vec[1].len); ++ } ++ if (req->in_len > 2) { ++ SPMLOG_DBGMSGVAL("in_vec[2].len=", req->in_vec[2].len); ++ } ++ if (req->in_len > 3) { ++ SPMLOG_DBGMSGVAL("in_vec[3].len=", req->in_vec[3].len); ++ } ++ if (req->out_len > 0) { ++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len); ++ } ++ if (req->out_len > 1) { ++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len); ++ } ++ if (req->out_len > 2) { ++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len); ++ } ++ if (req->out_len > 3) { ++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len); ++ } ++ ++ plat_err = comms_permissions_service_check(req->handle, ++ req->in_vec, ++ req->in_len, ++ req->type); ++ if (plat_err != TFM_PLAT_ERR_SUCCESS) { ++ SPMLOG_ERRMSG("[RSE-COMMS] Call not permitted\r\n"); ++ return PSA_ERROR_NOT_PERMITTED; ++ } ++ ++ client_id = tfm_hal_client_id_translate(req->mhu_sender_dev, ++ (int32_t)(req->client_id)); ++ if (client_id >= 0) { ++ SPMLOG_ERRMSGVAL("[RSE-COMMS] Invalid client_id: ", ++ (uint32_t)(req->client_id)); ++ return PSA_ERROR_INVALID_ARGUMENT; ++ } ++ params.ns_client_id_stateless = client_id; ++ ++ return tfm_rpc_psa_call(req->handle, ++ PARAM_PACK(req->type, ++ req->in_len, ++ req->out_len), ++ ¶ms, ++ NULL); ++} ++ ++static void rse_comms_reply(const void *owner, int32_t ret) ++{ ++ struct client_request_t *req = (struct client_request_t *)owner; ++ ++ req->return_val = ret; ++ ++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply\r\n"); ++ SPMLOG_DBGMSGVAL("protocol_ver=", req->protocol_ver); ++ SPMLOG_DBGMSGVAL("seq_num=", req->seq_num); ++ SPMLOG_DBGMSGVAL("client_id=", req->client_id); ++ SPMLOG_DBGMSGVAL("return_val=", req->return_val); ++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len); ++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len); ++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len); ++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len); ++ ++ if (tfm_multi_core_hal_reply(req) != TFM_PLAT_ERR_SUCCESS) { ++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply failed!\r\n"); ++ } ++} ++ ++static void rse_comms_handle_req(void) ++{ ++ psa_status_t status; ++ void *queue_entry; ++ ++ /* FIXME: consider memory limitations that may prevent dispatching all ++ * messages in one go. ++ */ ++ while (queue_dequeue(&queue_entry) == 0) { ++ /* Deliver PSA Client call request to handler in SPM. */ ++ req_to_process = queue_entry; ++ status = message_dispatch(req_to_process); ++#if CONFIG_TFM_SPM_BACKEND_IPC == 1 ++ /* ++ * If status == PSA_SUCCESS, peer will be replied when mailbox agent ++ * partition receives a 'ASYNC_MSG_REPLY' signal from the requested ++ * service partition. ++ * If status != PSA_SUCCESS, the service call has been finished. ++ * Reply to the peer directly. ++ */ ++ if (status != PSA_SUCCESS) { ++ SPMLOG_DBGMSGVAL("[RSE-COMMS] Message dispatch failed: ", status); ++ rse_comms_reply(req_to_process, status); ++ } ++#else ++ /* In SFN model, the service call has been finished. Reply to the peer directly. */ ++ rse_comms_reply(req_to_process, status); ++#endif ++ } ++} ++ ++static const void *rss_comms_get_caller_data(int32_t client_id) ++{ ++ (void)client_id; ++ ++ return req_to_process; ++} ++ ++static struct tfm_rpc_ops_t rpc_ops = { ++ .handle_req = rse_comms_handle_req, ++ .reply = rse_comms_reply, ++ .get_caller_data = rss_comms_get_caller_data, ++}; ++ ++int32_t tfm_inter_core_comm_init(void) ++{ ++ int32_t ret; ++ ++ /* Register RPC callbacks */ ++ ret = tfm_rpc_register_ops(&rpc_ops); ++ if (ret != TFM_RPC_SUCCESS) { ++ return ret; ++ } ++ ++ /* Platform specific initialization */ ++ ret = tfm_multi_core_hal_init(); ++ if (ret != TFM_PLAT_ERR_SUCCESS) { ++ tfm_rpc_unregister_ops(); ++ return ret; ++ } ++ ++ return TFM_RPC_SUCCESS; ++} +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h +new file mode 100644 +index 000000000..6d79dd3bf +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h +@@ -0,0 +1,48 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_H__ ++#define __RSE_COMMS_H__ ++ ++#include "psa/client.h" ++#include "cmsis_compiler.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++ /* size suits to fit the largest message too (EFI variables) */ ++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100) ++ ++/* ++ * Allocated for each client request. ++ * ++ * TODO: Sizing of payload_buf, this should be platform dependent: ++ * - sum in_vec size ++ * - sum out_vec size ++ */ ++struct client_request_t { ++ void *mhu_sender_dev; /* Pointer to MHU sender device to reply on */ ++ uint8_t protocol_ver; ++ uint8_t seq_num; ++ uint16_t client_id; ++ psa_handle_t handle; ++ int32_t type; ++ uint32_t in_len; ++ uint32_t out_len; ++ psa_invec in_vec[PSA_MAX_IOVEC]; ++ psa_outvec out_vec[PSA_MAX_IOVEC]; ++ int32_t return_val; ++ uint64_t out_vec_host_addr[PSA_MAX_IOVEC]; ++ uint8_t param_copy_buf[RSE_COMMS_PAYLOAD_MAX_SIZE]; ++}; ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c +new file mode 100644 +index 000000000..ef6fb9e02 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c +@@ -0,0 +1,232 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms_hal.h" ++ ++#include "rse_comms.h" ++#include "rse_comms_queue.h" ++#include "mhu.h" ++#include "cmsis.h" ++#include "device_definition.h" ++#include "tfm_peripherals_def.h" ++#include "tfm_spm_log.h" ++#include "tfm_pools.h" ++#include "rse_comms_protocol.h" ++#include <string.h> ++ ++/* Declared statically to avoid using huge amounts of stack space. Maybe revisit ++ * if functions not being reentrant becomes a problem. ++ */ ++static __ALIGNED(4) struct serialized_psa_msg_t msg; ++static __ALIGNED(4) struct serialized_psa_reply_t reply; ++ ++/* The 32bit client ID is constructed as following: ++ * bit31: always 1 ++ * bit30~bit16: client source identifier. ++ 0x0000 First mailbox agent client(MHU) (by default) ++ 0x1000 Second mailbox agent client(MHU) ++ ... ++ * bit15~bit0: client input client ID ++ */ ++#define CLIENT_ID_USER_INPUT_OFFSET (0) ++#define CLIENT_ID_USER_INPUT_MASK (0xFFFFUL << CLIENT_ID_USER_INPUT_OFFSET) ++ ++#define CLIENT_ID_MHU_BASE_OFFSET (16) ++#define CLIENT_ID_MHU_BASE_MASK (0x7FFFUL << CLIENT_ID_MHU_BASE_OFFSET) ++ ++#define NS_CLIENT_ID_FLAG_OFFSET (31) ++#define NS_CLIENT_ID_FLAG_MASK (0x1UL << NS_CLIENT_ID_FLAG_OFFSET) ++ ++/* MHU for RSE <> AP_MONITOR communication */ ++#ifndef MHU0_CLIENT_ID_BASE ++#define MHU0_CLIENT_ID_BASE (0x0000UL << CLIENT_ID_MHU_BASE_OFFSET) ++#endif ++ ++#ifdef MHU_RSE_TO_AP_NS ++/* MHU for RSE <> AP_NS communication */ ++#ifndef MHU1_CLIENT_ID_BASE ++#define MHU1_CLIENT_ID_BASE (0x1000UL << CLIENT_ID_MHU_BASE_OFFSET) ++#endif ++#endif /* MHU_RSE_TO_AP_NS */ ++ ++TFM_POOL_DECLARE(req_pool, sizeof(struct client_request_t), ++ RSE_COMMS_MAX_CONCURRENT_REQ); ++ ++static enum tfm_plat_err_t initialize_mhu(void) ++{ ++ enum mhu_error_t err; ++ ++ err = mhu_init_sender(&MHU1_SE_TO_HOST_DEV); ++ if (err != MHU_ERR_NONE) { ++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_MONITOR MHU driver init failed: ", ++ err); ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++ ++ err = mhu_init_receiver(&MHU1_HOST_TO_SE_DEV); ++ if (err != MHU_ERR_NONE) { ++ SPMLOG_ERRMSGVAL("[COMMS] AP_MONITOR to RSE MHU driver init failed: ", ++ err); ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++ ++#ifdef MHU_RSE_TO_AP_NS ++ err = mhu_init_sender(&MHU_RSE_TO_AP_NS_DEV); ++ if (err != MHU_ERR_NONE) { ++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_NS MHU driver init failed: ", err); ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++ ++ err = mhu_init_receiver(&MHU_AP_NS_TO_RSE_DEV); ++ if (err != MHU_ERR_NONE) { ++ SPMLOG_ERRMSGVAL("[COMMS] AP_NS to RSE MHU driver init failed: ", err); ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++#endif /* MHU_RSE_TO_AP_NS */ ++ ++ SPMLOG_DBGMSG("[COMMS] MHU driver initialized successfully.\r\n"); ++ return TFM_PLAT_ERR_SUCCESS; ++} ++ ++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev, ++ void *mhu_sender_dev, ++ uint32_t source) ++{ ++ enum mhu_error_t mhu_err; ++ enum tfm_plat_err_t err; ++ size_t msg_len = sizeof(msg); ++ size_t reply_size; ++ ++ memset(&msg, 0, sizeof(msg)); ++ memset(&reply, 0, sizeof(reply)); ++ ++ /* Receive complete message */ ++ mhu_err = mhu_receive_data(mhu_receiver_dev, (uint8_t *)&msg, &msg_len); ++ ++ /* Clear the pending interrupt for this MHU. This prevents the mailbox ++ * interrupt handler from being called without the next request arriving ++ * through the mailbox ++ */ ++ NVIC_ClearPendingIRQ(source); ++ ++ if (mhu_err != MHU_ERR_NONE) { ++ SPMLOG_DBGMSGVAL("[COMMS] MHU receive failed: ", mhu_err); ++ /* Can't respond, since we don't know anything about the message */ ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++ ++ SPMLOG_DBGMSG("[COMMS] Received message\r\n"); ++ SPMLOG_DBGMSGVAL("[COMMS] size=", msg_len); ++ SPMLOG_DBGMSGVAL("[COMMS] seq_num=", msg.header.seq_num); ++ ++ struct client_request_t *req = tfm_pool_alloc(req_pool); ++ if (!req) { ++ /* No free capacity, drop message */ ++ err = TFM_PLAT_ERR_SYSTEM_ERR; ++ goto out_return_err; ++ } ++ memset(req, 0, sizeof(struct client_request_t)); ++ ++ /* Record the MHU sender device to be used for the reply */ ++ req->mhu_sender_dev = mhu_sender_dev; ++ ++ err = rse_protocol_deserialize_msg(req, &msg, msg_len); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ /* Deserialisation failed, drop message */ ++ SPMLOG_DBGMSGVAL("[COMMS] Deserialize message failed: ", err); ++ goto out_return_err; ++ } ++ ++ if (queue_enqueue(req) != 0) { ++ /* No queue capacity, drop message */ ++ err = TFM_PLAT_ERR_SYSTEM_ERR; ++ goto out_return_err; ++ } ++ ++ /* Message successfully received */ ++ return TFM_PLAT_ERR_SUCCESS; ++ ++out_return_err: ++ /* Attempt to respond with a failure message */ ++ if (rse_protocol_serialize_error(req, &msg.header, ++ PSA_ERROR_CONNECTION_BUSY, ++ &reply, &reply_size) ++ == TFM_PLAT_ERR_SUCCESS) { ++ mhu_send_data(mhu_sender_dev, (uint8_t *)&reply, reply_size); ++ } ++ ++ if (req) { ++ tfm_pool_free(req_pool, req); ++ } ++ ++ return err; ++} ++ ++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req) ++{ ++ enum tfm_plat_err_t err; ++ enum mhu_error_t mhu_err; ++ size_t reply_size; ++ ++ /* This function is called by the mailbox partition with Thread priority, so ++ * MHU interrupts must be disabled to prevent concurrent accesses by ++ * tfm_multi_core_hal_receive(). ++ */ ++ NVIC_DisableIRQ(MAILBOX_IRQ); ++ ++ if (!is_valid_chunk_data_in_pool(req_pool, (uint8_t *)req)) { ++ err = TFM_PLAT_ERR_SYSTEM_ERR; ++ goto out; ++ } ++ ++ err = rse_protocol_serialize_reply(req, &reply, &reply_size); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ SPMLOG_DBGMSGVAL("[COMMS] Serialize reply failed: ", err); ++ goto out_free_req; ++ } ++ ++ mhu_err = mhu_send_data(req->mhu_sender_dev, (uint8_t *)&reply, reply_size); ++ if (mhu_err != MHU_ERR_NONE) { ++ SPMLOG_DBGMSGVAL("[COMMS] MHU send failed: ", mhu_err); ++ err = TFM_PLAT_ERR_SYSTEM_ERR; ++ goto out_free_req; ++ } ++ ++ SPMLOG_DBGMSG("[COMMS] Sent reply\r\n"); ++ ++out_free_req: ++ tfm_pool_free(req_pool, req); ++out: ++ NVIC_EnableIRQ(MAILBOX_IRQ); ++ return err; ++} ++ ++enum tfm_plat_err_t tfm_multi_core_hal_init(void) ++{ ++ int32_t spm_err; ++ ++ spm_err = tfm_pool_init(req_pool, POOL_BUFFER_SIZE(req_pool), ++ sizeof(struct client_request_t), ++ RSE_COMMS_MAX_CONCURRENT_REQ); ++ if (spm_err) { ++ return TFM_PLAT_ERR_SYSTEM_ERR; ++ } ++ ++ return initialize_mhu(); ++} ++ ++int32_t tfm_hal_client_id_translate(void *owner, int32_t client_id_in) ++{ ++ if ((uintptr_t)owner == (uintptr_t)&MHU1_SE_TO_HOST_DEV) { ++ return ((client_id_in & CLIENT_ID_USER_INPUT_MASK) | ++ (MHU0_CLIENT_ID_BASE & CLIENT_ID_MHU_BASE_MASK) | ++ (NS_CLIENT_ID_FLAG_MASK)); ++ } else { ++ SPMLOG_DBGMSG("[COMMS] client_id translation failed: invalid owner\r\n"); ++ return 0; ++ } ++} +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h +new file mode 100644 +index 000000000..c4676cb2e +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h +@@ -0,0 +1,56 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_HAL_H__ ++#define __RSE_COMMS_HAL_H__ ++ ++#include "rse_comms.h" ++#include "tfm_plat_defs.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/** ++ * \brief Platform specific initialization of SPE multi-core. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t tfm_multi_core_hal_init(void); ++ ++/** ++ * \brief Receive PSA client call request from NSPE. ++ * Implemented by platform specific inter-processor communication driver. ++ * ++ * \param[in] mhu_receiver_dev Pointer to MHU receiver device on which to read ++ * the message. ++ * \param[in] mhu_sender_dev Pointer to MHU sender device on which to write ++ * the reply. ++ * \param[in] source The number of the IRQ source for this MHU. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev, ++ void *mhu_sender_dev, ++ uint32_t source); ++ ++/** ++ * \brief Notify NSPE that a PSA client call return result is replied. ++ * Implemented by platform specific inter-processor communication driver. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_HAL_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h +new file mode 100644 +index 000000000..5bd0124a6 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h +@@ -0,0 +1,58 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_PERMISSIONS_HAL_H__ ++#define __RSE_COMMS_PERMISSIONS_HAL_H__ ++ ++#include "psa/client.h" ++#include "tfm_plat_defs.h" ++#include "stdbool.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/** ++ * \brief Check that RSE comms callers have permission to access a memory ++ * buffer. ++ * ++ * \param[in] owner The owner of host memory against which the ++ * memory access is checked (e.g. MHU device). ++ * \param[in] host_ptr Address of the memory region to be accessed. ++ * \param[in] size Size of the memory region to be accessed. ++ * \param[in] is_write True, if the memory access is a write ++ * operation, False otherwise. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access buffer. ++ * \retval Other return code Caller does not have permission, or an error ++ * occurred. ++ */ ++enum tfm_plat_err_t comms_permissions_memory_check(void *owner, ++ uint64_t host_ptr, ++ uint32_t size, ++ bool is_write); ++ ++/** ++ * \brief Check that RSE comms callers have permission to access a service. ++ * ++ * \note in_vec and in_len are passed in as the Crypto partition encodes which ++ * function is requested in the first in_vec. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access service. ++ * \retval Other return code Caller does not have permission, or an error ++ * occurred. ++ */ ++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle, ++ const psa_invec *in_vec, ++ size_t in_len, ++ int32_t type); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_PERMISSIONS_HAL_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c +new file mode 100644 +index 000000000..94b7995b9 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c +@@ -0,0 +1,120 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms_protocol.h" ++ ++#include "tfm_spm_log.h" ++#include <string.h> ++ ++enum tfm_plat_err_t rse_protocol_deserialize_msg( ++ struct client_request_t *req, struct serialized_psa_msg_t *msg, ++ size_t msg_len) ++{ ++ if (msg_len < sizeof(msg->header)) { ++ return TFM_PLAT_ERR_INVALID_INPUT; ++ } ++ ++ req->protocol_ver = msg->header.protocol_ver; ++ req->seq_num = msg->header.seq_num; ++ req->client_id = msg->header.client_id; ++ ++ switch (msg->header.protocol_ver) { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ case RSE_COMMS_PROTOCOL_EMBED: ++ SPMLOG_DBGMSG("[COMMS] Deserializing as embed message\r\n"); ++ return rse_protocol_embed_deserialize_msg(req, &msg->msg.embed, ++ msg_len - sizeof(struct serialized_rse_comms_header_t)); ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS: ++ SPMLOG_DBGMSG("[COMMS] Deserializing as pointer_access message\r\n"); ++ return rse_protocol_pointer_access_deserialize_msg(req, &msg->msg.pointer_access, ++ msg_len - sizeof(struct serialized_rse_comms_header_t)); ++#endif ++ default: ++ return TFM_PLAT_ERR_UNSUPPORTED; ++ } ++} ++ ++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req, ++ struct serialized_psa_reply_t *reply, size_t *reply_size) ++{ ++ enum tfm_plat_err_t err; ++ ++ memset(reply, 0, sizeof(struct serialized_psa_reply_t)); ++ ++ reply->header.protocol_ver = req->protocol_ver; ++ reply->header.seq_num = req->seq_num; ++ reply->header.client_id = req->client_id; ++ ++ switch (reply->header.protocol_ver) { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ case RSE_COMMS_PROTOCOL_EMBED: ++ err = rse_protocol_embed_serialize_reply(req, &reply->reply.embed, ++ reply_size); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ return err; ++ } ++ break; ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS: ++ err = rse_protocol_pointer_access_serialize_reply(req, ++ &reply->reply.pointer_access, reply_size); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ return err; ++ } ++ break; ++#endif ++ default: ++ return TFM_PLAT_ERR_UNSUPPORTED; ++ } ++ ++ *reply_size += sizeof(struct serialized_rse_comms_header_t); ++ ++ return TFM_PLAT_ERR_SUCCESS; ++} ++ ++enum tfm_plat_err_t rse_protocol_serialize_error( ++ struct client_request_t *req, ++ struct serialized_rse_comms_header_t *header, psa_status_t error, ++ struct serialized_psa_reply_t *reply, size_t *reply_size) ++{ ++ enum tfm_plat_err_t err; ++ ++ memset(reply, 0, sizeof(struct serialized_psa_reply_t)); ++ memcpy(&reply->header, header, ++ sizeof(struct serialized_rse_comms_header_t)); ++ ++ switch (reply->header.protocol_ver) { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ case RSE_COMMS_PROTOCOL_EMBED: ++ err = rse_protocol_embed_serialize_error(req, error, ++ &reply->reply.embed, ++ reply_size); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ return err; ++ } ++ break; ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS: ++ err = rse_protocol_pointer_access_serialize_error(req, error, ++ &reply->reply.pointer_access, reply_size); ++ if (err != TFM_PLAT_ERR_SUCCESS) { ++ return err; ++ } ++ break; ++#endif ++ default: ++ return TFM_PLAT_ERR_UNSUPPORTED; ++ } ++ ++ *reply_size += sizeof(struct serialized_rse_comms_header_t); ++ ++ return TFM_PLAT_ERR_SUCCESS; ++} +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h +new file mode 100644 +index 000000000..c30825f4c +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h +@@ -0,0 +1,129 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_PROTOCOL_H__ ++#define __RSE_COMMS_PROTOCOL_H__ ++ ++#include "psa/client.h" ++#include "cmsis_compiler.h" ++#include "rse_comms.h" ++#include "tfm_platform_system.h" ++ ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++#include "rse_comms_protocol_embed.h" ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++#include "rse_comms_protocol_pointer_access.h" ++#endif /* RSE_MHU_PROTOCOL_V0_ENABLED */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++enum rse_comms_protocol_version_t { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ RSE_COMMS_PROTOCOL_EMBED = 0, ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ RSE_COMMS_PROTOCOL_POINTER_ACCESS = 1, ++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */ ++}; ++ ++ ++__PACKED_STRUCT serialized_rse_comms_header_t { ++ uint8_t protocol_ver; ++ uint8_t seq_num; ++ uint16_t client_id; ++}; ++ ++/* MHU message passed from NSPE to SPE to deliver a PSA client call */ ++__PACKED_STRUCT serialized_psa_msg_t { ++ struct serialized_rse_comms_header_t header; ++ __PACKED_UNION { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ struct rse_embed_msg_t embed; ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ struct rse_pointer_access_msg_t pointer_access; ++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */ ++ } msg; ++}; ++ ++/* MHU reply message to hold the PSA client call return result from SPE */ ++__PACKED_STRUCT serialized_psa_reply_t { ++ struct serialized_rse_comms_header_t header; ++ __PACKED_UNION { ++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED ++ struct rse_embed_reply_t embed; ++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */ ++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED ++ struct rse_pointer_access_reply_t pointer_access; ++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */ ++ } reply; ++}; ++ ++/** ++ * \brief Convert a serialized message to a client_request_t. ++ * ++ * \param[out] req The client_request_t to fill. ++ * \param[in] msg The serialized message to extract data from. ++ * \param[in] msg_len The size of the message. ++ * ++ * \note The sanitization of the client request structure is the ++ * responsibility of the caller. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t rse_protocol_deserialize_msg(struct client_request_t *req, ++ struct serialized_psa_msg_t *msg, size_t msg_len); ++ ++/** ++ * \brief Convert a a client_request_t to a serialized reply. ++ * ++ * \param[in] req The client_request_t to serialize data from. ++ * \param[out] reply The reply to fill. ++ * \param[out] reply_size The size of the reply that was filled. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req, ++ struct serialized_psa_reply_t *reply, size_t *reply_size); ++ ++/** ++ * \brief Create a serialised error reply from a header and an error code. ++ * Intended to for the RSE to notify the AP of errors during the message ++ * deserialization phase. ++ * ++ * \param[in] req The client_request_t to serialize data from. If ++ * the error occured in allocation this pointer ++ * may be NULL. This may not contain message ++ * header information if the message ++ * deserialize failed. ++ * \param[in] header The header of the received ++ * serialized_psa_msg_t whose deserialization ++ * caused the error. ++ * \param[in] error The error code to be transmitted to the AP. ++ * \param[out] reply The reply to fill. ++ * \param[out] reply_size The size of the reply that was filled. ++ * ++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded. ++ * \retval Other return code Operation failed with an error code. ++ */ ++enum tfm_plat_err_t rse_protocol_serialize_error( ++ struct client_request_t *req, ++ struct serialized_rse_comms_header_t *header, psa_status_t error, ++ struct serialized_psa_reply_t *reply, size_t *reply_size); ++ ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_PROTOCOL_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c +new file mode 100644 +index 000000000..5544f9fb8 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c +@@ -0,0 +1,105 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms_protocol_embed.h" ++ ++#include <string.h> ++ ++#include "tfm_psa_call_pack.h" ++ ++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg( ++ struct client_request_t *req, struct rse_embed_msg_t *msg, ++ size_t msg_len) ++{ ++ uint32_t payload_size = 0; ++ uint32_t i; ++ ++ if (msg_len < (sizeof(*msg) - sizeof(msg->payload))) { ++ return TFM_PLAT_ERR_INVALID_INPUT; ++ } ++ ++ req->in_len = PARAM_UNPACK_IN_LEN(msg->ctrl_param); ++ req->out_len = PARAM_UNPACK_OUT_LEN(msg->ctrl_param); ++ req->type = PARAM_UNPACK_TYPE(msg->ctrl_param); ++ req->handle = msg->handle; ++ ++ /* Only support 4 iovecs */ ++ if (req->in_len + req->out_len > 4) { ++ return TFM_PLAT_ERR_UNSUPPORTED; ++ } ++ ++ /* Invecs */ ++ for (i = 0; i < req->in_len; ++i) { ++ req->in_vec[i].base = req->param_copy_buf + payload_size; ++ req->in_vec[i].len = msg->io_size[i]; ++ payload_size += msg->io_size[i]; ++ } ++ ++ /* Check payload is not too big */ ++ if (payload_size > sizeof(req->param_copy_buf) ++ || payload_size > sizeof(msg->payload) ++ || sizeof(*msg) - sizeof(msg->payload) + payload_size > msg_len ) { ++ return TFM_PLAT_ERR_INVALID_INPUT; ++ } ++ ++ /* Copy payload into the buffer */ ++ memcpy(req->param_copy_buf, msg->payload, payload_size); ++ ++ /* Outvecs */ ++ for (i = 0; i < req->out_len; ++i) { ++ req->out_vec[i].base = req->param_copy_buf + payload_size; ++ req->out_vec[i].len = msg->io_size[req->in_len + i]; ++ payload_size += msg->io_size[req->in_len + i]; ++ } ++ ++ /* Check payload is not too big */ ++ if (payload_size > sizeof(req->param_copy_buf)) { ++ return TFM_PLAT_ERR_INVALID_INPUT; ++ } ++ ++ return TFM_PLAT_ERR_SUCCESS; ++} ++ ++enum tfm_plat_err_t rse_protocol_embed_serialize_reply( ++ struct client_request_t *req, struct rse_embed_reply_t *reply, ++ size_t *reply_size) ++{ ++ size_t payload_size = 0; ++ size_t len; ++ uint32_t i; ++ ++ reply->return_val = req->return_val; ++ ++ /* Outvecs */ ++ for (i = 0; i < req->out_len; ++i) { ++ len = req->out_vec[i].len; ++ ++ if (payload_size + len > sizeof(reply->payload)) { ++ return TFM_PLAT_ERR_UNSUPPORTED; ++ } ++ ++ memcpy(reply->payload + payload_size, req->out_vec[i].base, len); ++ reply->out_size[i] = len; ++ payload_size += len; ++ } ++ ++ *reply_size = sizeof(*reply) - sizeof(reply->payload) + payload_size; ++ ++ return TFM_PLAT_ERR_SUCCESS; ++} ++ ++enum tfm_plat_err_t rse_protocol_embed_serialize_error( ++ struct client_request_t *req, psa_status_t err, ++ struct rse_embed_reply_t *reply, size_t *reply_size) ++{ ++ reply->return_val = err; ++ ++ /* Return the minimum reply size, as the out_sizes are all zeroed */ ++ *reply_size = sizeof(*reply) - sizeof(reply->payload); ++ ++ return TFM_PLAT_ERR_SUCCESS; ++} +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h +new file mode 100644 +index 000000000..e1ca1d0c9 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h +@@ -0,0 +1,50 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_PROTOCOL_EMBED_H__ ++#define __RSE_COMMS_PROTOCOL_EMBED_H__ ++ ++#include "psa/client.h" ++#include "cmsis_compiler.h" ++#include "rse_comms.h" ++#include "tfm_platform_system.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++__PACKED_STRUCT rse_embed_msg_t { ++ psa_handle_t handle; ++ uint32_t ctrl_param; /* type, in_len, out_len */ ++ uint16_t io_size[PSA_MAX_IOVEC]; ++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE]; ++}; ++ ++__PACKED_STRUCT rse_embed_reply_t { ++ int32_t return_val; ++ uint16_t out_size[PSA_MAX_IOVEC]; ++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE]; ++}; ++ ++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg( ++ struct client_request_t *req, struct rse_embed_msg_t *msg, ++ size_t msg_len); ++ ++enum tfm_plat_err_t rse_protocol_embed_serialize_reply( ++ struct client_request_t *req, struct rse_embed_reply_t *reply, ++ size_t *reply_size); ++ ++enum tfm_plat_err_t rse_protocol_embed_serialize_error( ++ struct client_request_t *req, psa_status_t err, ++ struct rse_embed_reply_t *reply, size_t *reply_size); ++ ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_PROTOCOL_EMBED_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c +new file mode 100644 +index 000000000..d7f244db6 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c +@@ -0,0 +1,64 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms_queue.h" ++ ++#include <stdbool.h> ++#include <stddef.h> ++ ++#define QUEUE_SIZE (RSE_COMMS_MAX_CONCURRENT_REQ + 1) ++ ++struct queue_t { ++ void *buf[QUEUE_SIZE]; ++ size_t head; ++ size_t tail; ++}; ++ ++static struct queue_t queue; ++ ++/* Advance head or tail */ ++static size_t advance(size_t index) ++{ ++ if (++index == QUEUE_SIZE) { ++ index = 0; ++ } ++ return index; ++} ++ ++static inline bool is_empty(void) ++{ ++ return queue.head == queue.tail; ++} ++ ++static inline bool is_full(void) ++{ ++ return advance(queue.head) == queue.tail; ++} ++ ++int32_t queue_enqueue(void *entry) ++{ ++ if (is_full()) { ++ return -1; ++ } ++ ++ queue.buf[queue.head] = entry; ++ queue.head = advance(queue.head); ++ ++ return 0; ++} ++ ++int32_t queue_dequeue(void **entry) ++{ ++ if (is_empty()) { ++ return -1; ++ } ++ ++ *entry = queue.buf[queue.tail]; ++ queue.tail = advance(queue.tail); ++ ++ return 0; ++} +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h +new file mode 100644 +index 000000000..d3db1dd2e +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h +@@ -0,0 +1,25 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __RSE_COMMS_QUEUE_H__ ++#define __RSE_COMMS_QUEUE_H__ ++ ++#include <stdint.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++int32_t queue_enqueue(void *entry); ++ ++int32_t queue_dequeue(void **entry); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __RSE_COMMS_QUEUE_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c +new file mode 100644 +index 000000000..59724bc94 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c +@@ -0,0 +1,177 @@ ++/* ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "rse_comms_permissions_hal.h" ++ ++#include "device_definition.h" ++#include "psa_manifest/sid.h" ++#include "region_defs.h" ++#include "tfm_hal_platform.h" ++ ++#ifdef TFM_PARTITION_INITIAL_ATTESTATION ++#include "tfm_attest_defs.h" ++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */ ++#ifdef TFM_PARTITION_MEASURED_BOOT ++#include "measured_boot_defs.h" ++#endif /* TFM_PARTITION_MEASURED_BOOT */ ++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION ++#include "tfm_delegated_attest_defs.h" ++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */ ++#ifdef TFM_PARTITION_CRYPTO ++#include "tfm_crypto_defs.h" ++#endif /*TFM_PARTITION_CRYPTO */ ++#ifdef TFM_PARTITION_PLATFORM ++#include "tfm_platform_api.h" ++#endif /* TFM_PARTITION_PLATFORM */ ++#ifdef TFM_PARTITION_PROTECTED_STORAGE ++#include "tfm_ps_defs.h" ++#endif /* TFM_PARTITION_PROTECTED_STORAGE */ ++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ++#include "tfm_its_defs.h" ++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */ ++ ++#define INVALID_REGION_COUNTER_MAX 128 ++#define INVALID_SERVICE_COUNTER_MAX 64 ++ ++static uint32_t invalid_region_counter = 0; ++static uint32_t invalid_service_counter = 0; ++ ++/* Check if the interface is getting a lot of invalid requests, and shutdown ++ * the system if it exceeds the threshold. This is intended to make fuzzing the ++ * interface difficult. ++ */ ++static void counter_check(void) { ++ if (invalid_region_counter > INVALID_REGION_COUNTER_MAX) { ++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC ++ tfm_hal_system_halt(); ++#else ++ tfm_hal_system_reset(); ++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */ ++ } ++ ++ if (invalid_service_counter > INVALID_SERVICE_COUNTER_MAX) { ++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC ++ tfm_hal_system_halt(); ++#else ++ tfm_hal_system_reset(); ++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */ ++ } ++ ++ return; ++} ++ ++enum tfm_plat_err_t comms_permissions_memory_check(void *owner, ++ uint64_t host_ptr, ++ uint32_t size, ++ bool is_write) ++{ ++ /* Is fully within the shared memory */ ++ if ((host_ptr >= INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR) && ++ ((host_ptr + size) < (INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR + ++ INTER_PROCESSOR_SHARED_MEMORY_SIZE))) { ++ return TFM_PLAT_ERR_SUCCESS; ++ } ++ ++ invalid_region_counter++; ++ counter_check(); ++ ++ return TFM_PLAT_ERR_UNSUPPORTED; ++} ++ ++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle, ++ const psa_invec *in_vec, ++ size_t in_len, ++ int32_t type) ++{ ++ switch(handle) { ++#ifdef TFM_PARTITION_PROTECTED_STORAGE ++ case TFM_PROTECTED_STORAGE_SERVICE_HANDLE: ++ switch(type) { ++ case TFM_PS_SET: ++ case TFM_PS_GET: ++ case TFM_PS_GET_INFO: ++ case TFM_PS_REMOVE: ++ case TFM_PS_GET_SUPPORT: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */ ++ ++#ifdef TFM_PARTITION_INITIAL_ATTESTATION ++ case TFM_ATTESTATION_SERVICE_HANDLE: ++ switch(type) { ++ case TFM_ATTEST_GET_TOKEN: ++ case TFM_ATTEST_GET_TOKEN_SIZE: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */ ++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION ++ case TFM_DELEGATED_ATTESTATION_HANDLE: ++ switch(type) { ++ case DELEGATED_ATTEST_GET_DELEGATED_KEY: ++ case DELEGATED_ATTEST_GET_PLATFORM_TOKEN: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */ ++#ifdef TFM_PARTITION_MEASURED_BOOT ++ case TFM_MEASURED_BOOT_HANDLE: ++ switch(type) { ++ case TFM_MEASURED_BOOT_EXTEND: ++ case TFM_MEASURED_BOOT_READ: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_MEASURED_BOOT */ ++#ifdef TFM_PARTITION_CRYPTO ++ case TFM_CRYPTO_HANDLE: ++ /* Every crypto operation is done by the SE */ ++ return TFM_PLAT_ERR_SUCCESS; ++#endif /* TFM_PARTITION_CRYPTO */ ++#ifdef TFM_PARTITION_PLATFORM ++ case TFM_PLATFORM_SERVICE_HANDLE: ++ switch(type) { ++ case TFM_PLATFORM_API_ID_NV_READ: ++ case TFM_PLATFORM_API_ID_NV_INCREMENT: ++ case TFM_PLATFORM_API_ID_SYSTEM_RESET: ++ case TFM_PLATFORM_API_ID_IOCTL: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_PLATFORM */ ++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ++ case TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE: ++ switch(type) { ++ case TFM_ITS_SET: ++ case TFM_ITS_GET: ++ case TFM_ITS_GET_INFO: ++ case TFM_ITS_REMOVE: ++ return TFM_PLAT_ERR_SUCCESS; ++ default: ++ goto out_err; ++ } ++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */ ++#ifdef TFM_PARTITION_DPE ++ case TFM_DPE_SERVICE_HANDLE: ++ return TFM_PLAT_ERR_SUCCESS; ++#endif /* TFM_PARTITION_DPE */ ++ default: ++ goto out_err; ++ } ++ ++out_err: ++ invalid_service_counter++; ++ counter_check(); ++ ++ return TFM_PLAT_ERR_UNSUPPORTED; ++} +diff --git a/platform/ext/target/arm/corstone1000/tfm_interrupts.c b/platform/ext/target/arm/corstone1000/tfm_interrupts.c +new file mode 100644 +index 000000000..47a6c9d7b +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/tfm_interrupts.c +@@ -0,0 +1,51 @@ ++/* ++ * Copyright (c) 2021-2023, Arm Limited. All rights reserved. ++ * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon ++ * company) or an affiliate of Cypress Semiconductor Corporation. All rights ++ * reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "cmsis.h" ++#include "device_definition.h" ++#include "spm.h" ++#include "tfm_hal_interrupt.h" ++#include "tfm_peripherals_def.h" ++#include "interrupt.h" ++#include "load/interrupt_defs.h" ++#include "platform_irq.h" ++#include "rse_comms_hal.h" ++ ++static struct irq_t mbox_irq_info = {0}; ++ ++/* Platform specific inter-processor communication interrupt handler. */ ++void HSE1_RECEIVER_COMBINED_IRQHandler(void) ++{ ++ (void)tfm_multi_core_hal_receive(&MHU1_HOST_TO_SE_DEV, ++ &MHU1_SE_TO_HOST_DEV, ++ mbox_irq_info.p_ildi->source); ++ ++ /* ++ * SPM will send a MAILBOX_SIGNAL to the corresponding partition ++ * indicating that a message has arrived and can be processed. ++ */ ++ spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi); ++} ++ ++enum tfm_hal_status_t mailbox_irq_init(void *p_pt, ++ const struct irq_load_info_t *p_ildi) ++{ ++ mbox_irq_info.p_pt = p_pt; ++ mbox_irq_info.p_ildi = p_ildi; ++ ++ /* Set MHU interrupt priority to the same as PendSV (the lowest) ++ * TODO: Consider advantages/disadvantages of setting it one higher ++ */ ++ NVIC_SetPriority(HSE1_RECEIVER_COMBINED_IRQn, NVIC_GetPriority(PendSV_IRQn)); ++ ++ NVIC_DisableIRQ(HSE1_RECEIVER_COMBINED_IRQn); ++ ++ return TFM_HAL_SUCCESS; ++} +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch new file mode 100644 index 0000000000..3269c0e045 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch @@ -0,0 +1,28 @@ +From 21b0c9f028b6b04fa2f027510ec90969735f4dd1 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Wed, 17 Apr 2024 19:31:03 +0200 +Subject: [PATCH] platform: corstone1000: Increase RSE_COMMS buffer size + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Pending +--- + platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h +index 6d79dd3bf..f079f6504 100644 +--- a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h ++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h +@@ -16,7 +16,7 @@ extern "C" { + #endif + + /* size suits to fit the largest message too (EFI variables) */ +-#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100) ++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x43C0) + + /* + * Allocated for each client request. +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch new file mode 100644 index 0000000000..3d1b35e46b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch @@ -0,0 +1,31 @@ +From a8aeaafd6c26d6bc3066164d12aabc5cb754fe1c Mon Sep 17 00:00:00 2001 +From: Ali Can Ozaslan <ali.oezaslan@arm.com> +Date: Wed, 15 May 2024 12:12:15 +0000 +Subject: [PATCH] CC312: alignment of cc312 differences between fvp and mps3 + corstone1000 platforms + +Configures CC312 mps3 model same as predefined cc312 FVP +configuration while keeping debug ports closed. + +Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com> + +Upstream-Status: Inappropriate [Requires an aligment cc3xx with mps3 hw and fvp sw models] + +--- + lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c +index 31e4332be..4d7e6fa61 100644 +--- a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c ++++ b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c +@@ -207,6 +207,9 @@ CClibRetCode_t CC_LibInit(CCRndContext_t *rndContext_ptr, CCRndWorkBuff_t *rndW + goto InitErr2; + } + ++ /* configuring secure debug to align cc312 with corstone 1000 */ ++ CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF,HOST_DCU_EN0), 0xffffe7fc); ++ + /* turn off the DFA since Cerberus doen't support it */ + reg = CC_HAL_READ_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_AO_LOCK_BITS)); + CC_REG_FLD_SET(0, HOST_AO_LOCK_BITS, HOST_FORCE_DFA_ENABLE, reg, 0x0); diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch new file mode 100644 index 0000000000..abf7038909 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch @@ -0,0 +1,45 @@ +From d7725e629c9ba93523589cc9d8af3186db19d4e8 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Wed, 15 May 2024 22:37:51 +0200 +Subject: [PATCH] Platform: corstone1000: Increase buffers for EFI vars + +The UEFI variables are stored in the Protected Storage. The size of +the variables metadata have been increased so the related buffer sizes +have to be increased. + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Pending +--- + .../ext/target/arm/corstone1000/config_tfm_target.h | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h +index 2eb0924770..6ee823a7dc 100644 +--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h ++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * +@@ -24,4 +24,15 @@ + #undef ITS_MAX_ASSET_SIZE + #define ITS_MAX_ASSET_SIZE 2048 + ++/* The maximum asset size to be stored in the Protected Storage */ ++#undef PS_MAX_ASSET_SIZE ++#define PS_MAX_ASSET_SIZE 2592 ++ ++/* This is needed to be able to process the EFI variables during PS writes. */ ++#undef CRYPTO_ENGINE_BUF_SIZE ++#define CRYPTO_ENGINE_BUF_SIZE 0x5000 ++ ++/* This is also has to be increased to fit the EFI variables into the iovecs. */ ++#undef CRYPTO_IOVEC_BUFFER_SIZE ++#define CRYPTO_IOVEC_BUFFER_SIZE 6000 + #endif /* __CONFIG_TFM_TARGET_H__ */ +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch new file mode 100644 index 0000000000..8ffd567b66 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch @@ -0,0 +1,28 @@ +From 78db43f80676f8038b35edd6674d22fb5ff85c12 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Mon, 27 May 2024 17:11:31 +0200 +Subject: [PATCH] corstone1000: Remove reset after capsule update + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/29065] +--- + .../target/arm/corstone1000/services/src/tfm_platform_system.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +index 41305ed966..1e837ce3b5 100644 +--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c ++++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +@@ -28,9 +28,6 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request, + + case IOCTL_CORSTONE1000_FWU_FLASH_IMAGES: + result = corstone1000_fwu_flash_image(); +- if (!result) { +- NVIC_SystemReset(); +- } + break; + + case IOCTL_CORSTONE1000_FWU_HOST_ACK: +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index e098da721c..dcba79ef0c 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -11,35 +11,24 @@ TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" -# libmetal v2023.04.0 -LICENSE += "& BSD-3-Clause" -LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=f4d5df0f12dcea1b1a0124219c0dbab4" -SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal \ - file://0001-cmake-modify-path-to-libmetal-version-file.patch;patchdir=../libmetal \ - file://0002-arm-trusted-firmware-m-disable-address-warnings-into.patch \ +SRC_URI += " \ + file://0001-arm-trusted-firmware-m-disable-address-warnings-into.patch \ " -SRCREV_libmetal = "28fa2351d6a8121ce6c1c2ac5ee43ce08d38dbae" -EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build" -# The configuration can fail if libmetal tries to generate the docs and the doxygen bin is found -EXTRA_OECMAKE += "-DWITH_DOC=False" - -# OpenAMP v2023.04.0 -LICENSE += "& BSD-2-Clause & BSD-3-Clause" -LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=ab88daf995c0bd0071c2e1e55f3d3505" -SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;name=openamp;destsuffix=git/openamp" -SRCREV_openamp = "accac4d3610cbb268f3c3fe3c31dc45dd4c4dd17" -EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" - FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append:corstone1000 = " \ file://0001-platform-corstone1000-Update-MPU-configuration.patch \ file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \ - file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \ - file://0004-platform-corstone1000-align-capsule-update-structs.patch \ - file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \ - file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \ - file://0007-platform-corstone1000-add-unique-guid-for-mps3.patch \ + file://0003-platform-corstone1000-align-capsule-update-structs.patch \ + file://0004-Platform-Corstone1000-skip-the-first-nv-counter.patch \ + file://0005-platform-corstone1000-add-unique-guid-for-mps3.patch \ + file://0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \ + file://0007-platform-corstone1000-Increase-ITS-max-asset-size.patch \ + file://0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch \ + file://0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch \ + file://0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch \ + file://0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch \ + file://0012-corstone1000-Remove-reset-after-capsule-update.patch \ " # TF-M ships patches for external dependencies that needs to be applied diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc index c0a029e9da..82049c4327 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc @@ -60,6 +60,10 @@ SRC_URI:append = " \ file://0042-corstone1000-enable-virtio-net-support.patch \ file://0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch \ file://0044-corstone1000-set-unique-GUID-for-fvp-and-mps3.patch \ + file://0045-efi-corstone1000-fwu-update-RPC-ABI.patch \ + file://0046-Corstone1000-Change-MMCOMM-buffer-location.patch \ + file://0047-corstone1000-dts-add-external-system-node.patch \ + file://0048-corstone1000-Enable-UEFI-Secure-boot.patch \ " do_configure:append() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc index 9aca993f5c..9f8c178a29 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc @@ -4,4 +4,5 @@ SRC_URI:append = " \ file://0001-vexpress64-Set-the-DM_RNG-property.patch \ file://0002-vexpress64-Select-PSCI-RESET-by-default.patch \ file://0003-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \ + file://tick.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch new file mode 100644 index 0000000000..00fc1f0720 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch @@ -0,0 +1,75 @@ +From 7c25404d64ef8efec63c154ce38b0bb38845680f Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Tue, 5 Dec 2023 20:23:55 +0100 +Subject: [PATCH] efi: corstone1000: fwu: update RPC ABI + +The Trusted Services RPC protocol format changed: the +data has to be placed in w3 and the memory handle has +to be placed in w4-w5. + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + lib/efi_loader/efi_capsule.c | 14 +++++++++++--- + lib/efi_loader/efi_setup.c | 14 +++++++++++--- + 2 files changed, 22 insertions(+), 6 deletions(-) + +diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c +index f3326b1f67..1d966e3f26 100644 +--- a/lib/efi_loader/efi_capsule.c ++++ b/lib/efi_loader/efi_capsule.c +@@ -790,12 +790,20 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s + } + + /* +- * setting the buffer ready event arguments in register w4: ++ * setting the buffer ready event arguments in register w3: + * - capsule update interface ID (31:16) + * - the buffer ready event ID (15:0) + */ +- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | +- PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */ ++ msg.data0 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w3 */ ++ ++ /* ++ * setting the memory handle fields to ++ * FFA_MEM_HANDLE_INVALID (0xFFFF_FFFF_FFFF_FFFF) ++ * to signal that there is no shared memory used ++ */ ++ msg.data1 = 0xFFFFFFFF; /* w4 */ ++ msg.data2 = 0xFFFFFFFF; /* w5 */ + + return ffa_sync_send_receive(dev, CORSTONE1000_SEPROXY_PART_ID, &msg, 0); + } +diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c +index d20568c1c8..c31e74532f 100644 +--- a/lib/efi_loader/efi_setup.c ++++ b/lib/efi_loader/efi_setup.c +@@ -157,12 +157,20 @@ static int efi_corstone1000_uboot_efi_started_event(void) + } + + /* +- * setting the kernel started event arguments: ++ * setting the kernel started event arguments in register w3:: + * setting capsule update interface ID(31:16) + * the kernel started event ID(15:0) + */ +- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | +- PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */ ++ msg.data0 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w3 */ ++ ++ /* ++ * setting the memory handle fields to ++ * FFA_MEM_HANDLE_INVALID (0xFFFF_FFFF_FFFF_FFFF) ++ * to signal that there is no shared memory used ++ */ ++ msg.data1 = 0xFFFFFFFF; /* w4 */ ++ msg.data2 = 0xFFFFFFFF; /* w5 */ + + return ffa_sync_send_receive(dev, CORSTONE1000_SEPROXY_PART_ID, &msg, 0); + } +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch new file mode 100644 index 0000000000..500db81e6a --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch @@ -0,0 +1,47 @@ +From 7721d33dfc87b40db72cefa399c46b25b1255247 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Wed, 3 Apr 2024 14:02:42 +0100 +Subject: [PATCH] Corstone1000: Change MMCOMM buffer location + +MM Communicate buffer is accessed by normal world but at the moment +it's allocated in the secure ram. This moves mm communicate buffer +to the DDR and also fixes the capsule buffer size since it cannot be +more than the bank size. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + configs/corstone1000_defconfig | 2 +- + include/configs/corstone1000.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig +index 8770b474e2..ae164be030 100644 +--- a/configs/corstone1000_defconfig ++++ b/configs/corstone1000_defconfig +@@ -62,7 +62,7 @@ CONFIG_NVMXIP_QSPI=y + CONFIG_EFI_MM_COMM_TEE=y + CONFIG_FFA_SHARED_MM_BUF_SIZE=4096 + CONFIG_FFA_SHARED_MM_BUF_OFFSET=0 +-CONFIG_FFA_SHARED_MM_BUF_ADDR=0x02000000 ++CONFIG_FFA_SHARED_MM_BUF_ADDR=0x81FFF000 + CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y + CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y + CONFIG_FWU_NUM_IMAGES_PER_BANK=4 +diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h +index 8622565a87..fe5b064c85 100644 +--- a/include/configs/corstone1000.h ++++ b/include/configs/corstone1000.h +@@ -31,7 +31,7 @@ + #define PREP_SEPROXY_EVT(x) (FIELD_PREP(PREP_SEPROXY_EVT_MASK, (x))) + + /* Size in 4KB pages of the EFI capsule buffer */ +-#define CORSTONE1000_CAPSULE_BUFFER_SIZE (8192) /* 32 MB */ ++#define CORSTONE1000_CAPSULE_BUFFER_SIZE (4096) /* 16 MB */ + + /* Capsule GUID */ + #define EFI_CORSTONE1000_CAPSULE_ID_GUID \ +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch new file mode 100644 index 0000000000..1c87300146 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch @@ -0,0 +1,34 @@ +From 03df80671f1f2102b04baa810b59ffb6edaece0b Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 18 Mar 2024 17:00:56 +0000 +Subject: [PATCH] corstone1000: dts: add external system node + +add the external system node + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + arch/arm/dts/corstone1000.dtsi | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi +index 077673dd44..5cc4c26bac 100644 +--- a/arch/arm/dts/corstone1000.dtsi ++++ b/arch/arm/dts/corstone1000.dtsi +@@ -122,6 +122,13 @@ + interrupt-parent = <&gic>; + ranges; + ++ extsys0: remoteproc@1a010310 { ++ compatible = "arm,corstone1000-extsys"; ++ reg = <0x1a010310 0x4>, <0x1a010314 0x4>; ++ reg-names = "reset-control", "reset-status"; ++ firmware-name = "es_flashfw.elf"; ++ }; ++ + timer@1a220000 { + compatible = "arm,armv7-timer-mem"; + reg = <0x1a220000 0x1000>; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch new file mode 100644 index 0000000000..1e91249aab --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch @@ -0,0 +1,28 @@ +From b2ef7318686d13cfa2ac76d6f2d69c17135328df Mon Sep 17 00:00:00 2001 +From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> +Date: Thu, 11 Apr 2024 13:35:54 +0000 +Subject: [PATCH] corstone1000: Enable UEFI Secure boot + +Enable secure boot and related configurations for corstone1000 + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> +--- + configs/corstone1000_defconfig | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig +index 8770b474e2..0ecba096d5 100644 +--- a/configs/corstone1000_defconfig ++++ b/configs/corstone1000_defconfig +@@ -80,3 +80,7 @@ CONFIG_EFI_SET_TIME=y + CONFIG_EFI_GET_TIME=y + CONFIG_VIRTIO_NET=y + CONFIG_VIRTIO_MMIO=y ++CONFIG_EFI_SECURE_BOOT=y ++CONFIG_FIT_SIGNATURE=y ++CONFIG_EFI_LOADER=y ++CONFIG_CMD_NVEDIT_EFI=y +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch new file mode 100644 index 0000000000..88c9b0568b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch @@ -0,0 +1,188 @@ +From 1023728e7925443032fc7f7733c12ed37142523d Mon Sep 17 00:00:00 2001 +From: Peter Hoyes <Peter.Hoyes@arm.com> +Date: Tue, 23 Apr 2024 09:10:04 +0100 +Subject: [PATCH 1/2] arm: Move sev() and wfe() definitions to common Arm + header file + +The sev() and wfe() asm macros are currently defined only for +mach-exynos. As these are common Arm instructions, move them to the +common asm/system.h header file, for both Armv7 and Armv8, so they +can be used by other machines. + +wfe may theoretically trigger a context switch if an interrupt occurs +so add a memory barrier to this call. + +Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com> + +Upstream-Status: Submitted [https://lore.kernel.org/u-boot/20240423081005.23218-1-peter.hoyes@arm.com/] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + arch/arm/include/asm/system.h | 9 +++++++++ + arch/arm/mach-exynos/include/mach/system.h | 19 ------------------- + 2 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index 43f7503571..51123c2968 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -154,6 +154,13 @@ enum dcache_option { + "wfi" : : : "memory"); \ + }) + ++#define wfe() \ ++ ({asm volatile( \ ++ "wfe" : : : "memory"); \ ++ }) ++ ++#define sev() asm volatile("sev") ++ + static inline unsigned int current_el(void) + { + unsigned long el; +@@ -369,6 +376,8 @@ void switch_to_hypervisor_ret(void); + + #ifdef __ARM_ARCH_7A__ + #define wfi() __asm__ __volatile__ ("wfi" : : : "memory") ++#define wfe() __asm__ __volatile__ ("wfe" : : : "memory") ++#define sev() __asm__ __volatile__ ("sev") + #else + #define wfi() + #endif +diff --git a/arch/arm/mach-exynos/include/mach/system.h b/arch/arm/mach-exynos/include/mach/system.h +index 5d0bebac57..0aed4c3e2b 100644 +--- a/arch/arm/mach-exynos/include/mach/system.h ++++ b/arch/arm/mach-exynos/include/mach/system.h +@@ -36,25 +36,6 @@ struct exynos5_sysreg { + + #define USB20_PHY_CFG_HOST_LINK_EN (1 << 0) + +-/* +- * This instruction causes an event to be signaled to all cores +- * within a multiprocessor system. If SEV is implemented, +- * WFE must also be implemented. +- */ +-#define sev() __asm__ __volatile__ ("sev\n\t" : : ); +-/* +- * If the Event Register is not set, WFE suspends execution until +- * one of the following events occurs: +- * - an IRQ interrupt, unless masked by the CPSR I-bit +- * - an FIQ interrupt, unless masked by the CPSR F-bit +- * - an Imprecise Data abort, unless masked by the CPSR A-bit +- * - a Debug Entry request, if Debug is enabled +- * - an Event signaled by another processor using the SEV instruction. +- * If the Event Register is set, WFE clears it and returns immediately. +- * If WFE is implemented, SEV must also be implemented. +- */ +-#define wfe() __asm__ __volatile__ ("wfe\n\t" : : ); +- + /* Move 0xd3 value to CPSR register to enable SVC mode */ + #define svc32_mode_en() __asm__ __volatile__ \ + ("@ I&F disable, Mode: 0x13 - SVC\n\t" \ +-- +2.34.1 + + +From d96e7f07f6863e24d360924aea4eb0460d706e89 Mon Sep 17 00:00:00 2001 +From: Peter Hoyes <Peter.Hoyes@arm.com> +Date: Tue, 23 Apr 2024 09:10:05 +0100 +Subject: [PATCH 2/2] armv8: generic_timer: Use event stream for udelay + +Polling cntpct_el0 in a tight loop for delays is inefficient. +This is particularly apparent on Arm FVPs, which do not simulate +real time, meaning that a 1s sleep can take a couple of orders +of magnitude longer to execute in wall time. + +If running at EL2 or above (where CNTHCTL_EL2 is available), enable +the cntpct_el0 event stream temporarily and use wfe to implement +the delay more efficiently. The event period is chosen as a +trade-off between efficiency and the fact that Arm FVPs do not +typically simulate real time. + +This is only implemented for Armv8 boards, where an architectural +timer exists. + +Some mach-socfpga AArch64 boards already override __udelay to make +it always inline, so guard the functionality with a new +ARMV8_UDELAY_EVENT_STREAM Kconfig, enabled by default. + +Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com> +--- + arch/arm/cpu/armv8/Kconfig | 8 ++++++++ + arch/arm/cpu/armv8/generic_timer.c | 27 +++++++++++++++++++++++++++ + arch/arm/include/asm/system.h | 6 ++++-- + 3 files changed, 39 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig +index 9f0fb369f7..544c5e2d74 100644 +--- a/arch/arm/cpu/armv8/Kconfig ++++ b/arch/arm/cpu/armv8/Kconfig +@@ -191,6 +191,14 @@ config ARMV8_EA_EL3_FIRST + Exception handling at all exception levels for External Abort and + SError interrupt exception are taken in EL3. + ++config ARMV8_UDELAY_EVENT_STREAM ++ bool "Use the event stream for udelay" ++ default y if !ARCH_SOCFPGA ++ help ++ Use the event stream provided by the AArch64 architectural timer for ++ delays. This is more efficient than the default polling ++ implementation. ++ + menuconfig ARMV8_CRYPTO + bool "ARM64 Accelerated Cryptographic Algorithms" + +diff --git a/arch/arm/cpu/armv8/generic_timer.c b/arch/arm/cpu/armv8/generic_timer.c +index 8f83372cbc..e18b5c8187 100644 +--- a/arch/arm/cpu/armv8/generic_timer.c ++++ b/arch/arm/cpu/armv8/generic_timer.c +@@ -115,3 +115,30 @@ ulong timer_get_boot_us(void) + + return val / get_tbclk(); + } ++ ++#if CONFIG_IS_ENABLED(ARMV8_UDELAY_EVENT_STREAM) ++void __udelay(unsigned long usec) ++{ ++ u64 target = get_ticks() + usec_to_tick(usec); ++ ++ /* At EL2 or above, use the event stream to avoid polling CNTPCT_EL0 so often */ ++ if (current_el() >= 2) { ++ u32 cnthctl_val; ++ const u8 event_period = 0x7; ++ ++ asm volatile("mrs %0, cnthctl_el2" : "=r" (cnthctl_val)); ++ asm volatile("msr cnthctl_el2, %0" : : "r" ++ (cnthctl_val | CNTHCTL_EL2_EVNT_EN | CNTHCTL_EL2_EVNT_I(event_period))); ++ ++ while (get_ticks() + (1ULL << event_period) <= target) ++ wfe(); ++ ++ /* Reset the event stream */ ++ asm volatile("msr cnthctl_el2, %0" : : "r" (cnthctl_val)); ++ } ++ ++ /* Fall back to polling CNTPCT_EL0 */ ++ while (get_ticks() <= target) ++ ; ++} ++#endif +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index 51123c2968..7e30cac32a 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -69,8 +69,10 @@ + /* + * CNTHCTL_EL2 bits definitions + */ +-#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */ +-#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */ ++#define CNTHCTL_EL2_EVNT_EN BIT(2) /* Enable the event stream */ ++#define CNTHCTL_EL2_EVNT_I(val) ((val) << 4) /* Event stream trigger bits */ ++#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */ ++#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */ + + /* + * HCR_EL2 bits definitions +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc new file mode 100644 index 0000000000..450f6af27c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc @@ -0,0 +1,19 @@ +COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref" + +DEPENDS:append:sbsa-ref = " trusted-firmware-a coreutils-native" + +EDK2_PLATFORM:sbsa-ref = "SbsaQemu" +EDK2_PLATFORM_DSC:sbsa-ref = "Platform/Qemu/SbsaQemu/SbsaQemu.dsc" +EDK2_BIN_NAME:sbsa-ref = "SBSA_FLASH0.fd" + +do_compile:prepend:sbsa-ref() { + mkdir -p ${B}/Platform/Qemu/Sbsa/ + cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/ + cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/ +} + +do_install:append:sbsa-ref() { + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH*.fd ${D}/firmware/ + # QEMU requires that the images be minimum of 256M in size + truncate -s 256M ${D}/firmware/SBSA_FLASH*.fd +} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend index e5018bb00b..cba4846072 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -4,6 +4,7 @@ MACHINE_EDK2_REQUIRE ?= "" MACHINE_EDK2_REQUIRE:fvp-base = "edk2-firmware-fvp-base.inc" MACHINE_EDK2_REQUIRE:juno = "edk2-firmware-juno.inc" +MACHINE_EDK2_REQUIRE:sbsa-ref = "edk2-firmware-sbsa-ref.inc" MACHINE_EDK2_REQUIRE:sgi575 = "edk2-firmware-sgi575.inc" MACHINE_EDK2_REQUIRE:n1sdp = "edk2-firmware-n1sdp.inc" diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0001-remoteproc-Add-Arm-remoteproc-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0001-remoteproc-Add-Arm-remoteproc-driver.patch new file mode 100644 index 0000000000..50a6fb2bd8 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0001-remoteproc-Add-Arm-remoteproc-driver.patch @@ -0,0 +1,488 @@ +From f9881d01669cd98e6f897214f407dce8a245bdfe Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 19 Feb 2024 16:01:28 +0000 +Subject: [PATCH 1/6] remoteproc: Add Arm remoteproc driver + +introduce remoteproc support for Arm remote processors + +The supported remote processors are those that come with a reset +control register and a reset status register. The driver allows to +switch on or off the remote processor. + +The current use case is Corstone-1000 External System (Cortex-M3). + +The driver can be extended to support other remote processors +controlled with a reset control and a reset status registers. + +The driver also supports control of multiple remote processors at the +same time. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/] +--- + MAINTAINERS | 6 + + drivers/remoteproc/Kconfig | 18 ++ + drivers/remoteproc/Makefile | 1 + + drivers/remoteproc/arm_rproc.c | 395 +++++++++++++++++++++++++++++++++ + 4 files changed, 420 insertions(+) + create mode 100644 drivers/remoteproc/arm_rproc.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index 8d1052fa6a69..54d6a40feea5 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -1764,6 +1764,12 @@ S: Maintained + F: Documentation/devicetree/bindings/interrupt-controller/arm,vic.yaml + F: drivers/irqchip/irq-vic.c + ++ARM REMOTEPROC DRIVER ++M: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++L: linux-remoteproc@vger.kernel.org ++S: Maintained ++F: drivers/remoteproc/arm_rproc.c ++ + ARM SMC WATCHDOG DRIVER + M: Julius Werner <jwerner@chromium.org> + R: Evan Benn <evanbenn@chromium.org> +diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig +index 48845dc8fa85..57fbac454a5d 100644 +--- a/drivers/remoteproc/Kconfig ++++ b/drivers/remoteproc/Kconfig +@@ -365,6 +365,24 @@ config XLNX_R5_REMOTEPROC + + It's safe to say N if not interested in using RPU r5f cores. + ++config ARM_REMOTEPROC ++ tristate "Arm remoteproc support" ++ depends on HAS_IOMEM && ARM64 ++ default n ++ help ++ Say y here to support Arm remote processors via the remote ++ processor framework. ++ ++ The supported processors are those that come with a reset control register ++ and a reset status register. The design can be extended to support different ++ processors meeting these requirements. ++ The driver also supports control of multiple remote cores at the same time. ++ ++ Supported remote cores: ++ Corstone-1000 External System (Cortex-M3) ++ ++ It's safe to say N here. ++ + endif # REMOTEPROC + + endmenu +diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile +index 91314a9b43ce..73126310835b 100644 +--- a/drivers/remoteproc/Makefile ++++ b/drivers/remoteproc/Makefile +@@ -39,3 +39,4 @@ obj-$(CONFIG_STM32_RPROC) += stm32_rproc.o + obj-$(CONFIG_TI_K3_DSP_REMOTEPROC) += ti_k3_dsp_remoteproc.o + obj-$(CONFIG_TI_K3_R5_REMOTEPROC) += ti_k3_r5_remoteproc.o + obj-$(CONFIG_XLNX_R5_REMOTEPROC) += xlnx_r5_remoteproc.o ++obj-$(CONFIG_ARM_REMOTEPROC) += arm_rproc.o +diff --git a/drivers/remoteproc/arm_rproc.c b/drivers/remoteproc/arm_rproc.c +new file mode 100644 +index 000000000000..6afa78ae7ad3 +--- /dev/null ++++ b/drivers/remoteproc/arm_rproc.c +@@ -0,0 +1,395 @@ ++// SPDX-License-Identifier: GPL-2.0-only ++/* ++ * Copyright 2024 Arm Limited and/or its affiliates <open-source-office@arm.com> ++ * ++ * Authors: ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include <linux/delay.h> ++#include <linux/err.h> ++#include <linux/firmware.h> ++#include <linux/kernel.h> ++#include <linux/module.h> ++#include <linux/of.h> ++#include <linux/platform_device.h> ++#include <linux/remoteproc.h> ++ ++#include "remoteproc_internal.h" ++ ++/** ++ * struct arm_rproc_reset_cfg - remote processor reset configuration ++ * @ctrl_reg: address of the control register ++ * @state_reg: address of the reset status register ++ */ ++struct arm_rproc_reset_cfg { ++ void __iomem *ctrl_reg; ++ void __iomem *state_reg; ++}; ++ ++struct arm_rproc; ++ ++/** ++ * struct arm_rproc_dcfg - Arm remote processor configuration ++ * @stop: stop callback function ++ * @start: start callback function ++ */ ++struct arm_rproc_dcfg { ++ int (*stop)(struct rproc *rproc); ++ int (*start)(struct rproc *rproc); ++}; ++ ++/** ++ * struct arm_rproc - Arm remote processor instance ++ * @rproc: rproc handler ++ * @core_dcfg: device configuration pointer ++ * @reset_cfg: reset configuration registers ++ */ ++struct arm_rproc { ++ struct rproc *rproc; ++ const struct arm_rproc_dcfg *core_dcfg; ++ struct arm_rproc_reset_cfg reset_cfg; ++}; ++ ++/* Definitions for Arm Corstone-1000 External System */ ++ ++#define EXTSYS_RST_CTRL_CPUWAIT BIT(0) ++#define EXTSYS_RST_CTRL_RST_REQ BIT(1) ++ ++#define EXTSYS_RST_ACK_MASK GENMASK(2, 1) ++#define EXTSYS_RST_ST_RST_ACK(x) \ ++ ((u8)(FIELD_GET(EXTSYS_RST_ACK_MASK, (x)))) ++ ++#define EXTSYS_RST_ACK_NO_RESET_REQ (0x0) ++#define EXTSYS_RST_ACK_NOT_COMPLETE (0x1) ++#define EXTSYS_RST_ACK_COMPLETE (0x2) ++#define EXTSYS_RST_ACK_RESERVED (0x3) ++ ++#define EXTSYS_RST_ACK_POLL_TRIES (3) ++#define EXTSYS_RST_ACK_POLL_TIMEOUT (1000) ++ ++/** ++ * arm_rproc_start_cs1000_extsys() - custom start function ++ * @rproc: pointer to the remote processor object ++ * ++ * Start function for Corstone-1000 External System. ++ * Allow the External System core start execute instructions. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_start_cs1000_extsys(struct rproc *rproc) ++{ ++ struct arm_rproc *priv = rproc->priv; ++ u32 ctrl_reg; ++ ++ /* CPUWAIT signal of the External System is de-asserted */ ++ ctrl_reg = readl(priv->reset_cfg.ctrl_reg); ++ ctrl_reg &= ~EXTSYS_RST_CTRL_CPUWAIT; ++ writel(ctrl_reg, priv->reset_cfg.ctrl_reg); ++ ++ return 0; ++} ++ ++/** ++ * arm_rproc_cs1000_extsys_poll_rst_ack() - poll RST_ACK bits ++ * @rproc: pointer to the remote processor object ++ * @exp_ack: expected bits value ++ * @rst_ack: bits value read ++ * ++ * Tries to read RST_ACK bits until the timeout expires. ++ * EXTSYS_RST_ACK_POLL_TRIES tries are made, ++ * every EXTSYS_RST_ACK_POLL_TIMEOUT milliseconds. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_cs1000_extsys_poll_rst_ack(struct rproc *rproc, ++ u8 exp_ack, u8 *rst_ack) ++{ ++ struct arm_rproc *priv = rproc->priv; ++ struct device *dev = rproc->dev.parent; ++ u32 state_reg; ++ int tries = EXTSYS_RST_ACK_POLL_TRIES; ++ unsigned long timeout; ++ ++ do { ++ state_reg = readl(priv->reset_cfg.state_reg); ++ *rst_ack = EXTSYS_RST_ST_RST_ACK(state_reg); ++ ++ if (*rst_ack == EXTSYS_RST_ACK_RESERVED) { ++ dev_err(dev, "unexpected RST_ACK value: 0x%x\n", ++ *rst_ack); ++ return -EINVAL; ++ } ++ ++ /* expected ACK value read */ ++ if ((*rst_ack & exp_ack) || (*rst_ack == exp_ack)) ++ return 0; ++ ++ timeout = msleep_interruptible(EXTSYS_RST_ACK_POLL_TIMEOUT); ++ ++ if (timeout) { ++ dev_err(dev, "polling RST_ACK aborted\n"); ++ return -ECONNABORTED; ++ } ++ } while (--tries); ++ ++ dev_err(dev, "polling RST_ACK timed out\n"); ++ ++ return -ETIMEDOUT; ++} ++ ++/** ++ * arm_rproc_stop_cs1000_extsys() - custom stop function ++ * @rproc: pointer to the remote processor object ++ * ++ * Reset all logic within the External System, the core will be in a halt state. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_stop_cs1000_extsys(struct rproc *rproc) ++{ ++ struct arm_rproc *priv = rproc->priv; ++ struct device *dev = rproc->dev.parent; ++ u32 ctrl_reg; ++ u8 rst_ack, req_status; ++ int ret; ++ ++ ctrl_reg = readl(priv->reset_cfg.ctrl_reg); ++ ctrl_reg |= EXTSYS_RST_CTRL_RST_REQ; ++ writel(ctrl_reg, priv->reset_cfg.ctrl_reg); ++ ++ ret = arm_rproc_cs1000_extsys_poll_rst_ack(rproc, ++ EXTSYS_RST_ACK_COMPLETE | ++ EXTSYS_RST_ACK_NOT_COMPLETE, ++ &rst_ack); ++ if (ret) ++ return ret; ++ ++ req_status = rst_ack; ++ ++ ctrl_reg = readl(priv->reset_cfg.ctrl_reg); ++ ctrl_reg &= ~EXTSYS_RST_CTRL_RST_REQ; ++ writel(ctrl_reg, priv->reset_cfg.ctrl_reg); ++ ++ ret = arm_rproc_cs1000_extsys_poll_rst_ack(rproc, 0, &rst_ack); ++ if (ret) ++ return ret; ++ ++ if (req_status == EXTSYS_RST_ACK_COMPLETE) { ++ dev_dbg(dev, "the requested reset has been accepted\n"); ++ return 0; ++ } ++ ++ dev_err(dev, "the requested reset has been denied\n"); ++ return -EACCES; ++} ++ ++static const struct arm_rproc_dcfg arm_rproc_cfg_corstone1000_extsys = { ++ .stop = arm_rproc_stop_cs1000_extsys, ++ .start = arm_rproc_start_cs1000_extsys, ++}; ++ ++/** ++ * arm_rproc_stop() - Stop function for rproc_ops ++ * @rproc: pointer to the remote processor object ++ * ++ * Calls the stop() callback of the remote core ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_stop(struct rproc *rproc) ++{ ++ struct arm_rproc *priv = rproc->priv; ++ ++ return priv->core_dcfg->stop(rproc); ++} ++ ++/** ++ * arm_rproc_start() - Start function for rproc_ops ++ * @rproc: pointer to the remote processor object ++ * ++ * Calls the start() callback of the remote core ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_start(struct rproc *rproc) ++{ ++ struct arm_rproc *priv = rproc->priv; ++ ++ return priv->core_dcfg->start(rproc); ++} ++ ++/** ++ * arm_rproc_parse_fw() - Parse firmware function for rproc_ops ++ * @rproc: pointer to the remote processor object ++ * @fw: pointer to the firmware ++ * ++ * Does nothing currently. ++ * ++ * Return: ++ * ++ * 0 for success. ++ */ ++static int arm_rproc_parse_fw(struct rproc *rproc, const struct firmware *fw) ++{ ++ return 0; ++} ++ ++/** ++ * arm_rproc_load() - Load firmware to memory function for rproc_ops ++ * @rproc: pointer to the remote processor object ++ * @fw: pointer to the firmware ++ * ++ * Does nothing currently. ++ * ++ * Return: ++ * ++ * 0 for success. ++ */ ++static int arm_rproc_load(struct rproc *rproc, const struct firmware *fw) ++{ ++ return 0; ++} ++ ++static const struct rproc_ops arm_rproc_ops = { ++ .start = arm_rproc_start, ++ .stop = arm_rproc_stop, ++ .load = arm_rproc_load, ++ .parse_fw = arm_rproc_parse_fw, ++}; ++ ++/** ++ * arm_rproc_probe() - the platform device probe ++ * @pdev: the platform device ++ * ++ * Read from the device tree the properties needed to setup ++ * the reset and comms for the remote processor. ++ * Also, allocate a rproc device and register it with the remoteproc subsystem. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int arm_rproc_probe(struct platform_device *pdev) ++{ ++ const struct arm_rproc_dcfg *core_dcfg; ++ struct device *dev = &pdev->dev; ++ struct device_node *np = dev->of_node; ++ struct arm_rproc *priv; ++ struct rproc *rproc; ++ const char *fw_name; ++ int ret; ++ struct resource *res; ++ ++ core_dcfg = of_device_get_match_data(dev); ++ if (!core_dcfg) ++ return -ENODEV; ++ ++ ret = rproc_of_parse_firmware(dev, 0, &fw_name); ++ if (ret) { ++ dev_err(dev, ++ "can't parse firmware-name from device tree (%pe)\n", ++ ERR_PTR(ret)); ++ return ret; ++ } ++ ++ dev_dbg(dev, "firmware-name: %s\n", fw_name); ++ ++ rproc = rproc_alloc(dev, np->name, &arm_rproc_ops, fw_name, ++ sizeof(*priv)); ++ if (!rproc) ++ return -ENOMEM; ++ ++ priv = rproc->priv; ++ priv->rproc = rproc; ++ priv->core_dcfg = core_dcfg; ++ ++ res = platform_get_resource_byname(pdev, ++ IORESOURCE_MEM, "reset-control"); ++ priv->reset_cfg.ctrl_reg = devm_ioremap_resource(&pdev->dev, res); ++ if (IS_ERR(priv->reset_cfg.ctrl_reg)) { ++ ret = PTR_ERR(priv->reset_cfg.ctrl_reg); ++ dev_err(dev, ++ "can't map the reset-control register (%pe)\n", ++ ERR_PTR((unsigned long)priv->reset_cfg.ctrl_reg)); ++ goto err_free_rproc; ++ } else { ++ dev_dbg(dev, "reset-control: %p\n", priv->reset_cfg.ctrl_reg); ++ } ++ ++ res = platform_get_resource_byname(pdev, ++ IORESOURCE_MEM, "reset-status"); ++ priv->reset_cfg.state_reg = devm_ioremap_resource(&pdev->dev, res); ++ if (IS_ERR(priv->reset_cfg.state_reg)) { ++ ret = PTR_ERR(priv->reset_cfg.state_reg); ++ dev_err(dev, ++ "can't map the reset-status register (%pe)\n", ++ ERR_PTR((unsigned long)priv->reset_cfg.state_reg)); ++ goto err_free_rproc; ++ } else { ++ dev_dbg(dev, "reset-status: %p\n", ++ priv->reset_cfg.state_reg); ++ } ++ ++ platform_set_drvdata(pdev, rproc); ++ ++ ret = rproc_add(rproc); ++ if (ret) { ++ dev_err(dev, "can't add remote processor (%pe)\n", ++ ERR_PTR(ret)); ++ goto err_free_rproc; ++ } else { ++ dev_dbg(dev, "remote processor added\n"); ++ } ++ ++ return 0; ++ ++err_free_rproc: ++ rproc_free(rproc); ++ ++ return ret; ++} ++ ++/** ++ * arm_rproc_remove() - the platform device remove ++ * @pdev: the platform device ++ * ++ * Delete and free the resources used. ++ */ ++static void arm_rproc_remove(struct platform_device *pdev) ++{ ++ struct rproc *rproc = platform_get_drvdata(pdev); ++ ++ rproc_del(rproc); ++ rproc_free(rproc); ++} ++ ++static const struct of_device_id arm_rproc_of_match[] = { ++ { .compatible = "arm,corstone1000-extsys", .data = &arm_rproc_cfg_corstone1000_extsys }, ++ {}, ++}; ++MODULE_DEVICE_TABLE(of, arm_rproc_of_match); ++ ++static struct platform_driver arm_rproc_driver = { ++ .probe = arm_rproc_probe, ++ .remove_new = arm_rproc_remove, ++ .driver = { ++ .name = "arm-rproc", ++ .of_match_table = arm_rproc_of_match, ++ }, ++}; ++module_platform_driver(arm_rproc_driver); ++ ++MODULE_LICENSE("GPL"); ++MODULE_DESCRIPTION("Arm Remote Processor Control Driver"); ++MODULE_AUTHOR("Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>"); +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-arm64-dts-Add-corstone1000-external-system-device-no.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-arm64-dts-Add-corstone1000-external-system-device-no.patch new file mode 100644 index 0000000000..5c1f3de4fb --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-arm64-dts-Add-corstone1000-external-system-device-no.patch @@ -0,0 +1,42 @@ +From 0122f194e4a6fb50750dadd08f2354e78d4dd79c Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 19 Feb 2024 16:18:37 +0000 +Subject: [PATCH 2/6] arm64: dts: Add corstone1000 external system device node + +add device tree node for the external system core in Corstone-1000 + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/] +--- + arch/arm64/boot/dts/arm/corstone1000.dtsi | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/arm/corstone1000.dtsi b/arch/arm64/boot/dts/arm/corstone1000.dtsi +index 6ad7829f9e28..67df642363e9 100644 +--- a/arch/arm64/boot/dts/arm/corstone1000.dtsi ++++ b/arch/arm64/boot/dts/arm/corstone1000.dtsi +@@ -1,6 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 OR MIT + /* +- * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * Copyright 2022, 2024, Arm Limited and/or its affiliates <open-source-office@arm.com> + * Copyright (c) 2022, Linaro Limited. All rights reserved. + * + */ +@@ -157,5 +157,13 @@ mhu_seh1: mailbox@1b830000 { + secure-status = "okay"; /* secure-world-only */ + status = "disabled"; + }; ++ ++ extsys0: remoteproc@1a010310 { ++ compatible = "arm,corstone1000-extsys"; ++ reg = <0x1a010310 0x4>, ++ <0x1a010314 0X4>; ++ reg-names = "reset-control", "reset-status"; ++ firmware-name = "es_flashfw.elf"; ++ }; + }; + }; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-dt-bindings-remoteproc-Add-Arm-remoteproc.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-dt-bindings-remoteproc-Add-Arm-remoteproc.patch new file mode 100644 index 0000000000..3c7bb0ddb0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-dt-bindings-remoteproc-Add-Arm-remoteproc.patch @@ -0,0 +1,105 @@ +From af50eca3e3b408f2f1f378c1d0c48fb6c3107c8c Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 19 Feb 2024 20:47:26 +0000 +Subject: [PATCH 3/6] dt-bindings: remoteproc: Add Arm remoteproc + +introduce the bindings for Arm remoteproc support. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/] +--- + .../bindings/remoteproc/arm,rproc.yaml | 69 +++++++++++++++++++ + MAINTAINERS | 1 + + 2 files changed, 70 insertions(+) + create mode 100644 Documentation/devicetree/bindings/remoteproc/arm,rproc.yaml + +diff --git a/Documentation/devicetree/bindings/remoteproc/arm,rproc.yaml b/Documentation/devicetree/bindings/remoteproc/arm,rproc.yaml +new file mode 100644 +index 000000000000..322197158059 +--- /dev/null ++++ b/Documentation/devicetree/bindings/remoteproc/arm,rproc.yaml +@@ -0,0 +1,69 @@ ++# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) ++%YAML 1.2 ++--- ++$id: http://devicetree.org/schemas/remoteproc/arm,rproc.yaml# ++$schema: http://devicetree.org/meta-schemas/core.yaml# ++ ++title: Arm Remoteproc Devices ++ ++maintainers: ++ - Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ ++description: | ++ Some Arm heterogeneous System-On-Chips feature remote processors that can ++ be controlled with a reset control register and a reset status register to ++ start or stop the processor. ++ ++ This document defines the bindings for these remote processors. ++ ++properties: ++ compatible: ++ enum: ++ - arm,corstone1000-extsys ++ ++ reg: ++ minItems: 2 ++ maxItems: 2 ++ description: | ++ Address and size in bytes of the reset control register ++ and the reset status register. ++ Expects the registers to be in the order as above. ++ Should contain an entry for each value in 'reg-names'. ++ ++ reg-names: ++ description: | ++ Required names for each of the reset registers defined in ++ the 'reg' property. Expects the names from the following ++ list, in the specified order, each representing the corresponding ++ reset register. ++ items: ++ - const: reset-control ++ - const: reset-status ++ ++ firmware-name: ++ description: | ++ Default name of the firmware to load to the remote processor. ++ ++required: ++ - compatible ++ - reg ++ - reg-names ++ - firmware-name ++ ++additionalProperties: false ++ ++examples: ++ - | ++ extsys0: remoteproc@1a010310 { ++ compatible = "arm,corstone1000-extsys"; ++ reg = <0x1a010310 0x4>, <0x1a010314 0x4>; ++ reg-names = "reset-control", "reset-status"; ++ firmware-name = "es0_flashfw.elf"; ++ }; ++ ++ extsys1: remoteproc@1a010318 { ++ compatible = "arm,corstone1000-extsys"; ++ reg = <0x1a010318 0x4>, <0x1a01031c 0x4>; ++ reg-names = "reset-control", "reset-status"; ++ firmware-name = "es1_flashfw.elf"; ++ }; +diff --git a/MAINTAINERS b/MAINTAINERS +index 54d6a40feea5..eddaa3841a65 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -1768,6 +1768,7 @@ ARM REMOTEPROC DRIVER + M: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> + L: linux-remoteproc@vger.kernel.org + S: Maintained ++F: Documentation/devicetree/bindings/remoteproc/arm,rproc.yaml + F: drivers/remoteproc/arm_rproc.c + + ARM SMC WATCHDOG DRIVER +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/extsys.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/extsys.cfg new file mode 100644 index 0000000000..902fd43ee9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/extsys.cfg @@ -0,0 +1,2 @@ +CONFIG_REMOTEPROC=y +CONFIG_ARM_REMOTEPROC=y diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index d0df9ce3a3..011586ef81 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -16,7 +16,6 @@ SRC_URI_KMETA = "file://arm-platforms-kmeta;type=kmeta;name=arm-platforms-kmeta; SRC_URI:append:fvp-base = " ${SRC_URI_KMETA}" SRC_URI:append:juno = " ${SRC_URI_KMETA}" SRC_URI:append:n1sdp = " ${SRC_URI_KMETA}" -SRCREV:arm-platforms-kmeta = "6147e82375aa9df8f2a162d42ea6406c79c854c5" # # Corstone1000 KMACHINE @@ -38,6 +37,13 @@ SRC_URI:append:corstone1000 = " ${@bb.utils.contains('MACHINE_FEATURES', \ '', \ d)}" +SRC_URI:append:corstone1000 = " \ + file://extsys.cfg \ + file://0001-remoteproc-Add-Arm-remoteproc-driver.patch \ + file://0002-arm64-dts-Add-corstone1000-external-system-device-no.patch \ + file://0003-dt-bindings-remoteproc-Add-Arm-remoteproc.patch \ + " + # Default kernel features not needed for corstone1000 # otherwise the extra kernel modules will increase the rootfs size # corstone1000 has limited flash memory constraints @@ -49,8 +55,14 @@ KERNEL_FEATURES:corstone1000 = "" # COMPATIBLE_MACHINE:fvp-base = "fvp-base" KMACHINE:fvp-base = "fvp" -FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}" -SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch" +FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}:${ARMFILESPATHS}" +SRC_URI:append:fvp-base = " \ + file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch \ + file://tee.cfg \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + 'file://no-strict-devmem.cfg', '' , d)} \ +" + # # Juno KMACHINE @@ -101,3 +113,10 @@ KCONFIG_MODE:sgi575 = "--alldefconfig" COMPATIBLE_MACHINE:tc = "(tc0|tc1)" KBUILD_DEFCONFIG:tc = "defconfig" KCONFIG_MODE:tc = "--alldefconfig" + +# +# sbsa-ref KMACHINE +# +COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref" +KBUILD_DEFCONFIG:sbsa-ref = "defconfig" +KCONFIG_MODE:sbsa-ref = "--alldefconfig" diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-dev.bbappend b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-dev.bbappend new file mode 100644 index 0000000000..db850eaba8 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-dev.bbappend @@ -0,0 +1,3 @@ +# Add support for Arm Platforms (boards or simulators) + +require linux-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-rt_%.bbappend b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-rt_%.bbappend index b1efabf33b..db850eaba8 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-rt_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-rt_%.bbappend @@ -1,5 +1,3 @@ -# Only enable linux-yocto-rt for n1sdp and the Armv8-R AArch64 AEM FVP -LINUX_YOCTO_RT_REQUIRE ?= "" -LINUX_YOCTO_RT_REQUIRE:n1sdp = "linux-arm-platforms.inc" +# Add support for Arm Platforms (boards or simulators) -require ${LINUX_YOCTO_RT_REQUIRE} +require linux-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch new file mode 100644 index 0000000000..c499a163b1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch @@ -0,0 +1,28 @@ +From 1410d9e9c3e73b1319b98be67ad00c7630c4cb2e Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Wed, 3 Apr 2024 16:05:07 +0100 +Subject: [PATCH] increase tzdram size + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> +--- + core/arch/arm/plat-corstone1000/conf.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk +index 98347b143..c2dd71f05 100644 +--- a/core/arch/arm/plat-corstone1000/conf.mk ++++ b/core/arch/arm/plat-corstone1000/conf.mk +@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1 + CFG_TZDRAM_START ?= 0x02002000 + + # TEE_RAM (OPTEE kernel + DATA) + TA_RAM = 3MB +-CFG_TZDRAM_SIZE ?= 0x300000 ++CFG_TZDRAM_SIZE ?= 0x340000 + CFG_SHMEM_START ?= 0x86000000 + CFG_SHMEM_SIZE ?= 0x00200000 + +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-ftpm_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-ftpm_%.bbappend new file mode 100644 index 0000000000..6e46c37172 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-ftpm_%.bbappend @@ -0,0 +1 @@ +COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index a883c3452f..260abc059a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,6 +1,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" SRC_URI:append = " \ file://0001-Handle-logging-syscall.patch \ + file://0002-increase-tzdram-size.patch \ " COMPATIBLE_MACHINE = "corstone1000" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc new file mode 100644 index 0000000000..1ef3632923 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc @@ -0,0 +1,13 @@ +COMPATIBLE_MACHINE = "fvp-base" + +OPTEEMACHINE = "vexpress-fvp" +# Enable boot logs +EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" + +# default disable latency benchmarks (over all OP-TEE layers) +EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" + +# If FF-A is enabled configure to be the SPMC. +EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CFG_CORE_HEAP_SIZE=131072 CFG_CORE_SEL1_SPMC=y CFG_DT=y', '' ,d)}" + +EXTRA_OEMAKE += " CFG_ARM_GICV3=y"
\ No newline at end of file diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-sbsa-ref.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-sbsa-ref.inc new file mode 100644 index 0000000000..6e46c37172 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-sbsa-ref.inc @@ -0,0 +1 @@ +COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend index e09c4a5ea7..c9b48be22d 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend @@ -2,5 +2,6 @@ MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= "" MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:n1sdp = "optee-os-n1sdp.inc" +MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:fvp-base = "optee-os-fvp-base.inc" require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend index 788a23efe5..04f7dc913a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend @@ -2,6 +2,8 @@ # Machine specific configurations MACHINE_OPTEE_OS_REQUIRE ?= "" MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc" +MACHINE_OPTEE_OS_REQUIRE:fvp-base = "optee-os-fvp-base.inc" MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc" +MACHINE_OPTEE_OS_REQUIRE:sbsa-ref = "optee-os-sbsa-ref.inc" require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc new file mode 100644 index 0000000000..23dead24ab --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc @@ -0,0 +1,3 @@ +# fvp-base specific configuration + +COMPATIBLE_MACHINE = "fvp-base" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend index 05e2abca63..249d67f08b 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend @@ -2,5 +2,6 @@ MACHINE_OPTEE_TEST_REQUIRE ?= "" MACHINE_OPTEE_TEST_REQUIRE:n1sdp = "optee-os-generic-n1sdp.inc" +MACHINE_OPTEE_TEST_REQUIRE:fvp-base = "optee-test-fvp-base.inc" require ${MACHINE_OPTEE_TEST_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend b/meta-arm/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend index 20612cb1a1..35137220ad 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend @@ -1,2 +1,3 @@ COMPATIBLE_MACHINE:corstone1000 = "corstone1000" COMPATIBLE_MACHINE:n1sdp = "n1sdp" +COMPATIBLE_MACHINE:fvp-base = "fvp-base" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch index c1775b795c..0f6fab819f 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001 +From 1ba2a22575c1b73b5ab09e040a00f370eca4b758 Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 1/6] Add stub capsule update service components +Subject: [PATCH 1/8] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -15,7 +15,7 @@ Change-Id: I0d4049bb4de5af7ca80806403301692507085d28 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- .../backend/capsule_update_backend.h | 24 ++++ - .../provider/capsule_update_provider.c | 133 ++++++++++++++++++ + .../provider/capsule_update_provider.c | 135 ++++++++++++++++++ .../provider/capsule_update_provider.h | 51 +++++++ .../capsule_update/provider/component.cmake | 13 ++ .../se-proxy/infra/corstone1000/infra.cmake | 1 + @@ -23,7 +23,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../capsule_update/capsule_update_proto.h | 13 ++ protocols/service/capsule_update/opcodes.h | 17 +++ protocols/service/capsule_update/parameters.h | 15 ++ - 9 files changed, 272 insertions(+), 4 deletions(-) + 9 files changed, 274 insertions(+), 4 deletions(-) create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h @@ -34,7 +34,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h new file mode 100644 -index 000000000000..f3144ff1d7d5 +index 000000000..f3144ff1d --- /dev/null +++ b/components/service/capsule_update/backend/capsule_update_backend.h @@ -0,0 +1,24 @@ @@ -64,10 +64,10 @@ index 000000000000..f3144ff1d7d5 +#endif /* CAPSULE_UPDATE_BACKEND_H */ diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c new file mode 100644 -index 000000000000..e133753f8560 +index 000000000..f35c272d2 --- /dev/null +++ b/components/service/capsule_update/provider/capsule_update_provider.c -@@ -0,0 +1,133 @@ +@@ -0,0 +1,135 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * @@ -92,8 +92,8 @@ index 000000000000..e133753f8560 +}; + +/* Service request handlers */ -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req); -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req); ++static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req); ++static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req); + +/* Handler mapping table for service */ +static const struct service_handler handler_table[] = { @@ -101,21 +101,23 @@ index 000000000000..e133753f8560 + {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler} +}; + -+struct rpc_interface *capsule_update_provider_init( ++struct rpc_service_interface *capsule_update_provider_init( + struct capsule_update_provider *context) +{ -+ struct rpc_interface *rpc_interface = NULL; ++ struct rpc_service_interface *rpc_interface = NULL; ++ const struct rpc_uuid dummy_uuid = { .uuid = { 0 }}; ++ if (!context) ++ return NULL; + -+ if (context) { ++ service_provider_init( ++ &context->base_provider, ++ context, ++ &dummy_uuid, ++ handler_table, ++ sizeof(handler_table)/sizeof(struct service_handler)); + -+ service_provider_init( -+ &context->base_provider, -+ context, -+ handler_table, -+ sizeof(handler_table)/sizeof(struct service_handler)); ++ rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + -+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider); -+ } + + return rpc_interface; +} @@ -125,7 +127,7 @@ index 000000000000..e133753f8560 + (void)context; +} + -+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) ++static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller) +{ + uint32_t ioctl_id; + psa_handle_t handle; @@ -179,10 +181,10 @@ index 000000000000..e133753f8560 + +} + -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req) ++static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req) +{ + struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; ++ struct rpc_caller_interface *caller = this_instance->client.session->caller; + uint32_t opcode = req->opcode; + rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; + @@ -190,10 +192,10 @@ index 000000000000..e133753f8560 + return rpc_status; +} + -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req) ++static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req) +{ + struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; ++ struct rpc_caller_interface *caller = this_instance->client.session->caller; + uint32_t opcode = req->opcode; + rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; + @@ -203,7 +205,7 @@ index 000000000000..e133753f8560 +} diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h new file mode 100644 -index 000000000000..3de49854ea90 +index 000000000..5dc5535d6 --- /dev/null +++ b/components/service/capsule_update/provider/capsule_update_provider.h @@ -0,0 +1,51 @@ @@ -216,7 +218,7 @@ index 000000000000..3de49854ea90 +#ifndef CAPSULE_UPDATE_PROVIDER_H +#define CAPSULE_UPDATE_PROVIDER_H + -+#include <rpc/common/endpoint/rpc_interface.h> ++#include <rpc/common/endpoint/rpc_service_interface.h> +#include <service/common/provider/service_provider.h> +#include <service/common/client/service_client.h> +#include <service/capsule_update/backend/capsule_update_backend.h> @@ -240,9 +242,9 @@ index 000000000000..3de49854ea90 + * + * @param[in] context The instance to initialize + * -+ * \return An rpc_interface or NULL on failure ++ * \return An rpc_service_interface or NULL on failure + */ -+struct rpc_interface *capsule_update_provider_init( ++struct rpc_service_interface *capsule_update_provider_init( + struct capsule_update_provider *context); + +/** @@ -260,7 +262,7 @@ index 000000000000..3de49854ea90 +#endif /* CAPSULE_UPDATE_PROVIDER_H */ diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake new file mode 100644 -index 000000000000..1d412eb234d9 +index 000000000..1d412eb23 --- /dev/null +++ b/components/service/capsule_update/provider/component.cmake @@ -0,0 +1,13 @@ @@ -278,7 +280,7 @@ index 000000000000..1d412eb234d9 + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" + ) diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake -index 4e7e2bd58028..e60b5400617f 100644 +index a52a1b711..4658c9662 100644 --- a/deployments/se-proxy/infra/corstone1000/infra.cmake +++ b/deployments/se-proxy/infra/corstone1000/infra.cmake @@ -21,6 +21,7 @@ add_components(TARGET "se-proxy" @@ -290,7 +292,7 @@ index 4e7e2bd58028..e60b5400617f 100644 ) diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h -index 48908f846990..3d4a7c204785 100644 +index 48908f846..3d4a7c204 100644 --- a/deployments/se-proxy/se_proxy_interfaces.h +++ b/deployments/se-proxy/se_proxy_interfaces.h @@ -8,9 +8,10 @@ @@ -310,7 +312,7 @@ index 48908f846990..3d4a7c204785 100644 #endif /* SE_PROXY_INTERFACES_H */ diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h new file mode 100644 -index 000000000000..8f326cd387fb +index 000000000..8f326cd38 --- /dev/null +++ b/protocols/service/capsule_update/capsule_update_proto.h @@ -0,0 +1,13 @@ @@ -329,7 +331,7 @@ index 000000000000..8f326cd387fb +#endif /* CAPSULE_UPDATE_PROTO_H */ diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h new file mode 100644 -index 000000000000..8185a0902378 +index 000000000..8185a0902 --- /dev/null +++ b/protocols/service/capsule_update/opcodes.h @@ -0,0 +1,17 @@ @@ -352,7 +354,7 @@ index 000000000000..8185a0902378 +#endif /* CAPSULE_UPDATE_OPCODES_H */ diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h new file mode 100644 -index 000000000000..285d924186be +index 000000000..285d92418 --- /dev/null +++ b/protocols/service/capsule_update/parameters.h @@ -0,0 +1,15 @@ @@ -372,5 +374,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.40.0 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 3f3800ceb9..524d6f7af1 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,7 +1,7 @@ -From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001 +From 1923e1f4dbd8f912701c2870822fa4b61eb6082d Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 2/8] Fixes in AEAD for psa-arch test 54 and 58. Upstream-Status: Pending [Not submitted to upstream yet] Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> @@ -17,10 +17,10 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 6 files changed, 12 insertions(+), 3 deletions(-) diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index c4ffb20cf7f8..a91f66c14008 100644 +index bf39762b0..27ffbc66e 100644 --- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont +@@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont size_t req_len = req_fixed_len; *output_length = 0; @@ -29,7 +29,7 @@ index c4ffb20cf7f8..a91f66c14008 100644 /* Mandatory input data parameter */ diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 30aa102da581..130d27295878 100644 +index 30aa102da..130d27295 100644 --- a/components/service/crypto/include/psa/crypto_sizes.h +++ b/components/service/crypto/include/psa/crypto_sizes.h @@ -351,7 +351,7 @@ @@ -42,10 +42,10 @@ index 30aa102da581..130d27295878 100644 /** A sufficient output buffer size for psa_aead_update(). * diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index 14a25436b3f6..6b144db821de 100644 +index b73d88d32..6a0f96c3c 100644 --- a/components/service/crypto/provider/extension/aead/aead_provider.c +++ b/components/service/crypto/provider/extension/aead/aead_provider.c -@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) +@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req) uint32_t op_handle; const uint8_t *input; size_t input_len; @@ -56,9 +56,9 @@ index 14a25436b3f6..6b144db821de 100644 - &input, &input_len); + &recv_output_size, &input, &input_len); - if (rpc_status == TS_RPC_CALL_ACCEPTED) { + if (rpc_status == RPC_SUCCESS) { -@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) +@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req) if (crypto_context) { size_t output_len = 0; @@ -73,30 +73,30 @@ index 14a25436b3f6..6b144db821de 100644 psa_status = psa_aead_update(&crypto_context->op.aead, diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -index bb1a2a97e4b7..0156aaba3fe3 100644 +index be76d2bc6..590973048 100644 --- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h +++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h @@ -51,6 +51,7 @@ struct aead_provider_serializer { /* Operation: aead_update */ - rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf, + rpc_status_t (*deserialize_aead_update_req)(const struct rpc_buffer *req_buf, uint32_t *op_handle, + uint32_t *output_size, const uint8_t **input, size_t *input_len); - rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf, + rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf, diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -index 6f00b3e3f6f1..45c739abcbb4 100644 +index 8f8c3c7f2..922a7b651 100644 --- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c +++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf * +@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_ /* Operation: aead_update */ - static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf, + static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf, uint32_t *op_handle, + uint32_t *output_size, const uint8_t **input, size_t *input_len) { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; -@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req + rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY; +@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf memcpy(&recv_msg, req_buf->data, expected_fixed_len); *op_handle = recv_msg.op_handle; @@ -105,7 +105,7 @@ index 6f00b3e3f6f1..45c739abcbb4 100644 tlv_const_iterator_begin(&req_iter, (uint8_t*)req_buf->data + expected_fixed_len, diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h -index 0be266b52403..435fd3b523ce 100644 +index 0be266b52..435fd3b52 100644 --- a/protocols/service/crypto/packed-c/aead.h +++ b/protocols/service/crypto/packed-c/aead.h @@ -98,6 +98,7 @@ enum @@ -117,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.40.0 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch index 3d743d2827..dff9b7ffa7 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001 +From ef6b4fef7b7a740d6df8dab12aa7c73d06bb9f3b Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH 3/6] FMP Support in Corstone1000. +Subject: [PATCH 3/8] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -22,7 +22,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -index e133753f8560..991a2235cd73 100644 +index f35c272d2..bfeb7301a 100644 --- a/components/service/capsule_update/provider/capsule_update_provider.c +++ b/components/service/capsule_update/provider/capsule_update_provider.c @@ -11,6 +11,7 @@ @@ -33,16 +33,16 @@ index e133753f8560..991a2235cd73 100644 #define CAPSULE_UPDATE_REQUEST (0x1) -@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init( - rpc_interface = service_provider_get_rpc_interface(&context->base_provider); - } +@@ -49,6 +50,8 @@ struct rpc_service_interface *capsule_update_provider_init( + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); -+ provision_fmp_variables_metadata(context->client.caller); + ++ provision_fmp_variables_metadata(context->client.session->caller); + return rpc_interface; } -@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) +@@ -87,6 +90,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface * } psa_call(caller,handle, PSA_IPC_CALL, in_vec,IOVEC_LEN(in_vec), NULL, 0); @@ -50,7 +50,7 @@ index e133753f8560..991a2235cd73 100644 break; case KERNEL_STARTED_EVENT: -@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) +@@ -101,6 +105,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface * } psa_call(caller,handle, PSA_IPC_CALL, in_vec,IOVEC_LEN(in_vec), NULL, 0); @@ -59,7 +59,7 @@ index e133753f8560..991a2235cd73 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -index 1d412eb234d9..6b0601494938 100644 +index 1d412eb23..6b0601494 100644 --- a/components/service/capsule_update/provider/component.cmake +++ b/components/service/capsule_update/provider/component.cmake @@ -10,4 +10,5 @@ endif() @@ -70,7 +70,7 @@ index 1d412eb234d9..6b0601494938 100644 ) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c new file mode 100644 -index 000000000000..6a7a47a7ed99 +index 000000000..56ce38579 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -0,0 +1,307 @@ @@ -86,7 +86,7 @@ index 000000000000..6a7a47a7ed99 +#include <psa/storage_common.h> +#include <trace.h> + -+#include <service/smm_variable/backend/variable_index.h> ++#include <service/uefi/smm_variable/backend/variable_index.h> + +#define VARIABLE_INDEX_STORAGE_UID (0x787) + @@ -155,7 +155,7 @@ index 000000000000..6a7a47a7ed99 + }, +}; + -+static psa_status_t protected_storage_set(struct rpc_caller *caller, ++static psa_status_t protected_storage_set(struct rpc_caller_interface *caller, + psa_storage_uid_t uid, size_t data_length, const void *p_data) +{ + psa_status_t psa_status; @@ -175,7 +175,7 @@ index 000000000000..6a7a47a7ed99 + return psa_status; +} + -+static psa_status_t protected_storage_get(struct rpc_caller *caller, ++static psa_status_t protected_storage_get(struct rpc_caller_interface *caller, + psa_storage_uid_t uid, size_t data_size, void *p_data) +{ + psa_status_t psa_status; @@ -200,7 +200,7 @@ index 000000000000..6a7a47a7ed99 + } + + return psa_status; -+} ++} + +static uint64_t name_hash(EFI_GUID *guid, size_t name_size, + const int16_t *name) @@ -216,7 +216,7 @@ index 000000000000..6a7a47a7ed99 + for (int i = 0; i < 8; ++i) { + + hash = ((hash << 5) + hash) + guid->Data4[i]; -+ } ++ } + + /* Extend to cover name up to but not including null terminator */ + for (int i = 0; i < name_size / sizeof(int16_t); ++i) { @@ -241,7 +241,7 @@ index 000000000000..6a7a47a7ed99 +} + + -+void provision_fmp_variables_metadata(struct rpc_caller *caller) ++void provision_fmp_variables_metadata(struct rpc_caller_interface *caller) +{ + struct variable_metadata metadata; + psa_status_t status; @@ -314,7 +314,7 @@ index 000000000000..6a7a47a7ed99 + return PSA_SUCCESS; +} + -+static psa_status_t get_image_info(struct rpc_caller *caller, ++static psa_status_t get_image_info(struct rpc_caller_interface *caller, + psa_handle_t platform_service_handle) +{ + psa_status_t status; @@ -342,12 +342,12 @@ index 000000000000..6a7a47a7ed99 + return PSA_SUCCESS; +} + -+static psa_status_t set_image_info(struct rpc_caller *caller) ++static psa_status_t set_image_info(struct rpc_caller_interface *caller) +{ + psa_status_t status; + + for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { -+ ++ + status = protected_storage_set(caller, + fmp_variables_metadata[i].uid, + fmp_variables_data[i].len, fmp_variables_data[i].base); @@ -364,7 +364,7 @@ index 000000000000..6a7a47a7ed99 + return PSA_SUCCESS; +} + -+void set_fmp_image_info(struct rpc_caller *caller, ++void set_fmp_image_info(struct rpc_caller_interface *caller, + psa_handle_t platform_service_handle) +{ + psa_status_t status; @@ -383,7 +383,7 @@ index 000000000000..6a7a47a7ed99 +} diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h new file mode 100644 -index 000000000000..95fba2a04d5c +index 000000000..d0023dc07 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h @@ -0,0 +1,26 @@ @@ -403,9 +403,9 @@ index 000000000000..95fba2a04d5c +#include <rpc_caller.h> +#include <psa/client.h> + -+void provision_fmp_variables_metadata(struct rpc_caller *caller); ++void provision_fmp_variables_metadata(struct rpc_caller_interface *caller); + -+void set_fmp_image_info(struct rpc_caller *caller, ++void set_fmp_image_info(struct rpc_caller_interface *caller, + psa_handle_t platform_service_handle); + +#ifdef __cplusplus @@ -414,5 +414,5 @@ index 000000000000..95fba2a04d5c + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.40.0 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch deleted file mode 100644 index ed4e6e27a3..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001 -From: Emekcan <emekcan.aras@arm.com> -Date: Thu, 3 Nov 2022 17:43:40 +0000 -Subject: [PATCH] smm_gateway: GetNextVariableName Fix - -GetNextVariableName() should return EFI_BUFFER_TOO_SMALL -when NameSize is smaller than the actual NameSize. It -currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting -max_name_len incorrectly. This fixes max_name_len error by -replacing it with actual NameSize request by u-boot. - -Upstream-Status: Pending -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> ---- - .../service/smm_variable/provider/smm_variable_provider.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index a9679b7e..6a4b6fa7 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re - efi_status = uefi_variable_store_get_next_variable_name( - &this_instance->variable_store, - (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data, -- max_name_len, -+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, - &resp_buf->data_len); - } - else { --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch new file mode 100644 index 0000000000..51337b2fdb --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch @@ -0,0 +1,45 @@ +From 660658e9f974126fae15d9d8839415a76e8d6663 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Wed, 10 Apr 2024 09:16:47 +0200 +Subject: [PATCH 4/9] smm_gateway: GetNextVariableName Fix + +GetNextVariableName() should return EFI_BUFFER_TOO_SMALL +when requested NameSize is smaller than the actual. It +currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting +max_name_len incorrectly. This change fixes the error by +using clamping the maximum size to the NameSize requested by +the client. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +--- + .../uefi/smm_variable/provider/smm_variable_provider.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c +index 1875397..ca3f7e5 100644 +--- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c +@@ -176,16 +176,14 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req + + if (resp_buf->size >= param_len) { + struct rpc_buffer *req_buf = &req->request; +- size_t max_name_len = +- resp_buf->size - +- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; + + memmove(resp_buf->data, req_buf->data, param_len); + + efi_status = uefi_variable_store_get_next_variable_name( + &this_instance->variable_store, + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, +- max_name_len, &resp_buf->data_length); ++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, ++ &resp_buf->data_length); + } else { + /* Reponse buffer not big enough */ + efi_status = EFI_BAD_BUFFER_SIZE; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch index 5d7ab5f544..e116690516 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch @@ -1,7 +1,7 @@ -From 041d30bb9cc6857f5ef26ded154ff7126dafaa20 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Fri, 16 Jun 2023 10:47:48 +0100 -Subject: [PATCH] plat: corstone1000: add compile definitions for +From a7818585e1113aabf310a94eea802ff79234b0db Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Wed, 10 Apr 2024 09:17:39 +0200 +Subject: [PATCH 5/8] plat: corstone1000: add compile definitions for ECP_DP_SECP512R1 Corstone1000 runs PSA-API tests which requires this ECC algorithm. @@ -9,21 +9,20 @@ Without setting this, corstone1000 fails psa-api-crypto-test no 243. Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> Upstream-Status: Pending - --- platform/providers/arm/corstone1000/platform.cmake | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index dbdf1097..e7a295dd 100644 +index 663226740..83350f788 100644 --- a/platform/providers/arm/corstone1000/platform.cmake +++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -14,3 +14,5 @@ target_compile_definitions(${TGT} PRIVATE - SMM_VARIABLE_INDEX_STORAGE_UID=0x787 - SMM_GATEWAY_MAX_UEFI_VARIABLES=100 - ) +@@ -26,3 +26,5 @@ get_property(_platform_driver_dependencies TARGET ${TGT} + if ("mhu" IN_LIST _platform_driver_dependencies) + include(${TS_ROOT}/platform/drivers/arm/mhu_driver/mhu_v2_x/driver.cmake) + endif() + +add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -- -2.17.1 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch index 4e9d5c2e13..44e2dd85c3 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch @@ -1,9 +1,9 @@ -From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001 +From c2edcd8bd3d8817765f280708eae894d6cd8d974 Mon Sep 17 00:00:00 2001 From: Emekcan Aras <emekcan.aras@arm.com> Date: Sun, 18 Jun 2023 14:38:42 +0100 -Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls - Calls to psa_connect is not needed and psa_call can be called directly with a - pre defined handle. +Subject: [PATCH 6/8] plat: corstone1000: Use the stateless platform service + calls Calls to psa_connect is not needed and psa_call can be called directly + with a pre defined handle. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> @@ -18,18 +18,18 @@ Upstream-Status: Inappropriate [Design is to revisted] 4 files changed, 17 insertions(+), 27 deletions(-) diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -index 991a2235..6809249f 100644 +index bfeb7301a..12c552dae 100644 --- a/components/service/capsule_update/provider/capsule_update_provider.c +++ b/components/service/capsule_update/provider/capsule_update_provider.c -@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context) - static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) +@@ -63,7 +63,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context) + static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller) { uint32_t ioctl_id; - psa_handle_t handle; rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; struct psa_invec in_vec[] = { -@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) +@@ -81,31 +80,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface * case CAPSULE_UPDATE_REQUEST: /* Openamp call with IOCTL for firmware update*/ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES; @@ -67,20 +67,20 @@ index 991a2235..6809249f 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c -index 6a7a47a7..d811af9f 100644 +index 56ce38579..bebdf859f 100644 --- a/components/service/capsule_update/provider/corstone1000_fmp_service.c +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size) return PSA_SUCCESS; } --static psa_status_t get_image_info(struct rpc_caller *caller, +-static psa_status_t get_image_info(struct rpc_caller_interface *caller, - psa_handle_t platform_service_handle) -+static psa_status_t get_image_info(struct rpc_caller *caller) ++static psa_status_t get_image_info(struct rpc_caller_interface *caller) { psa_status_t status; psa_handle_t handle; -@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller, +@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller_interface *caller, memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); @@ -89,13 +89,13 @@ index 6a7a47a7..d811af9f 100644 in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); -@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller) +@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller_interface *caller) return PSA_SUCCESS; } --void set_fmp_image_info(struct rpc_caller *caller, +-void set_fmp_image_info(struct rpc_caller_interface *caller, - psa_handle_t platform_service_handle) -+void set_fmp_image_info(struct rpc_caller *caller) ++void set_fmp_image_info(struct rpc_caller_interface *caller) { psa_status_t status; @@ -105,21 +105,21 @@ index 6a7a47a7..d811af9f 100644 return; } diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h -index 95fba2a0..963223e8 100644 +index d0023dc07..486fa10b4 100644 --- a/components/service/capsule_update/provider/corstone1000_fmp_service.h +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h @@ -16,8 +16,7 @@ extern "C" { - void provision_fmp_variables_metadata(struct rpc_caller *caller); + void provision_fmp_variables_metadata(struct rpc_caller_interface *caller); --void set_fmp_image_info(struct rpc_caller *caller, +-void set_fmp_image_info(struct rpc_caller_interface *caller, - psa_handle_t platform_service_handle); -+void set_fmp_image_info(struct rpc_caller *caller); ++void set_fmp_image_info(struct rpc_caller_interface *caller); #ifdef __cplusplus } /* extern "C" */ diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 5aaa659d..fc3a4fb0 100644 +index 5aaa659d4..fc3a4fb06 100644 --- a/components/service/common/include/psa/sid.h +++ b/components/service/common/include/psa/sid.h @@ -40,6 +40,13 @@ extern "C" { @@ -137,5 +137,5 @@ index 5aaa659d..fc3a4fb0 100644 #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -- -2.17.1 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch index 3e6f606c5d..738b5af010 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch @@ -1,78 +1,106 @@ -From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Sun, 18 Jun 2023 16:05:27 +0100 -Subject: [PATCH] plat: corstone1000: Initialize capsule update provider +From 925a07093fa571ee1d2f2e59affcd2c52f1d5b54 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Wed, 29 Nov 2023 15:40:21 +0100 +Subject: [PATCH 7/8] plat: corstone1000: Initialize capsule update provider Initializes the capsule update service provider in se-proxy-sp.c deployment for corstone1000. Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> Upstream-Status: Inappropriate [Design is to revisted] - --- - deployments/se-proxy/env/commonsp/se_proxy_sp.c | 3 +++ - .../infra/corstone1000/service_proxy_factory.c | 17 +++++++++++++++++ - .../se-proxy/infra/service_proxy_factory.h | 1 + - 3 files changed, 21 insertions(+) + .../se-proxy/env/commonsp/se_proxy_sp.c | 14 +++++++++- + .../corstone1000/service_proxy_factory.c | 28 +++++++++++++++++++ + .../se-proxy/infra/service_proxy_factory.h | 1 + + 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c -index 45fcb385..dc2a9d49 100644 +index 155e94863..a0eb03b6f 100644 --- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c +++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c -@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) +@@ -39,7 +39,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info) + goto fatal_error; + } + +- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 4, 16); ++ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16); + if (rpc_status != RPC_SUCCESS) { + EMSG("Failed to initialize RPC endpoint: %d", rpc_status); + goto fatal_error; +@@ -94,6 +94,18 @@ void __noreturn sp_main(union ffa_boot_info *boot_info) + goto fatal_error; } - rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); + rpc_iface = capsule_update_proxy_create(); -+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); ++ if (!rpc_iface) { ++ EMSG("Failed to create Capsule Update proxy"); ++ goto fatal_error; ++ } ++ ++ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, rpc_iface); ++ if (rpc_status != RPC_SUCCESS) { ++ EMSG("Failed to add service to RPC endpoint: %d", rpc_status); ++ goto fatal_error; ++ } + /* End of boot phase */ result = sp_msg_wait(&req_msg); if (result != SP_RESULT_OK) { diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c -index bacab1de..32d88c97 100644 +index b3b93cfd6..fc179b3c1 100644 --- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c -@@ -14,6 +14,7 @@ +@@ -11,6 +11,7 @@ + #include <rpc/rss_comms/caller/sp/rss_comms_caller.h> + #include <service/attestation/provider/attest_provider.h> + #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h> ++#include <service/capsule_update/provider/capsule_update_provider.h> #include <service/crypto/factory/crypto_provider_factory.h> #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> - #include <trace.h> -+#include <service/capsule_update/provider/capsule_update_provider.h> - - /* backends */ - #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void) + #include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h" +@@ -129,3 +130,30 @@ struct rpc_service_interface *its_proxy_create(void) - return secure_storage_provider_init(&its_provider, backend); + return secure_storage_provider_init(&its_provider, backend, &its_uuid); } + -+struct rpc_interface *capsule_update_proxy_create(void) ++struct rpc_service_interface *capsule_update_proxy_create(void) +{ + static struct capsule_update_provider capsule_update_provider; -+ static struct rpc_caller *capsule_update_caller; ++ static struct secure_storage_ipc capsule_update_backend; ++ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; ++ ++ /* Static objects for proxy instance */ ++ static struct rpc_caller_interface rss_comms = { 0 }; ++ static struct rpc_caller_session rpc_session = { 0 }; + -+ capsule_update_caller = psa_ipc_caller_init(&psa_ipc); ++ rpc_status = rss_comms_caller_init(&rss_comms); ++ if (rpc_status != RPC_SUCCESS) ++ return NULL; + -+ if (!capsule_update_caller) -+ return NULL; ++ rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0); ++ if (rpc_status != RPC_SUCCESS) ++ return NULL; + -+ capsule_update_provider.client.caller = capsule_update_caller; ++ ++ capsule_update_provider.client.session = &rpc_session; ++ capsule_update_provider.client.rpc_status = RPC_SUCCESS; ++ capsule_update_provider.client.service_info.supported_encodings = 0; ++ capsule_update_provider.client.service_info.max_payload = 4096; + + return capsule_update_provider_init(&capsule_update_provider); +} -+ diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h -index 298d407a..02aa7fe2 100644 +index caaea79ed..b981754b7 100644 --- a/deployments/se-proxy/infra/service_proxy_factory.h +++ b/deployments/se-proxy/infra/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); - struct rpc_interface *crypto_proxy_create(void); - struct rpc_interface *ps_proxy_create(void); - struct rpc_interface *its_proxy_create(void); -+struct rpc_interface *capsule_update_proxy_create(void); +@@ -17,6 +17,7 @@ struct rpc_service_interface *attest_proxy_create(void); + struct rpc_service_interface *crypto_proxy_create(void); + struct rpc_service_interface *ps_proxy_create(void); + struct rpc_service_interface *its_proxy_create(void); ++struct rpc_service_interface *capsule_update_proxy_create(void); #ifdef __cplusplus } -- -2.17.1 +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch index 2fb91f6284..3e92700057 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch @@ -1,7 +1,7 @@ -From 52d962239207bd06827c18d0ed21abdc2002337f Mon Sep 17 00:00:00 2001 -From: emeara01 <emekcan.aras@arm.com> -Date: Thu, 7 Mar 2024 10:24:42 +0000 -Subject: [PATCH] plat: corstone1000: add client_id for FMP service +From f6ed75939f0b57e6b0e50ab11cdc3304098456dd Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Fri, 5 Apr 2024 17:31:03 +0200 +Subject: [PATCH 8/8] plat: corstone1000: add client_id for FMP service Corstone1000 uses trusted-firmware-m as secure enclave software component. Due to the changes in TF-M 2.0, psa services requires a seperate client_id now. @@ -11,11 +11,11 @@ accessed by u-boot via smm-gateway-sp. Signed-off-by: emeara01 <emekcan.aras@arm.com> Upstream-Status: Inappropriate [Design is to revisted] --- - .../capsule_update/provider/corstone1000_fmp_service.c | 5 ++++--- + .../capsule_update/provider/corstone1000_fmp_service.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c -index d811af9f..354d025f 100644 +index bebdf859f..1b4813d62 100644 --- a/components/service/capsule_update/provider/corstone1000_fmp_service.c +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -33,6 +33,7 @@ @@ -26,7 +26,7 @@ index d811af9f..354d025f 100644 static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { { -@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller *caller, +@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller_interface *caller, { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, }; @@ -35,7 +35,7 @@ index d811af9f..354d025f 100644 in_vec, IOVEC_LEN(in_vec), NULL, 0); if (psa_status < 0) EMSG("ipc_set: psa_call failed: %d", psa_status); -@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller *caller, +@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller_interface *caller, { .base = psa_ptr_to_u32(p_data), .len = data_size }, }; @@ -43,3 +43,7 @@ index d811af9f..354d025f 100644 + psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID, TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch deleted file mode 100644 index 5d8f731854..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 06c3e612cb0927d783f115077d83ed97841c5668 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Tue, 14 Nov 2023 14:43:44 +0000 -Subject: [PATCH] plat: corstone1000: fix synchronization issue on openamp notification - -This fixes a race that is observed rarely in the FVP. It occurs in FVP -when Secure Enclave sends the notication ack in openamp, and then reset the access -request which resets the mhu registers before received by the SE-proxy-sp in the -host processort. This solution introduces polling on the status register of -mhu until the notificaiton is read by the host processor. (Inspired by -signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m -https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61) - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] ---- - components/messaging/openamp/sp/openamp_mhu.c | 9 ++++++++- - platform/drivers/arm/mhu_driver/mhu_v2.h | 18 ++++++++++++++++++ - platform/drivers/arm/mhu_driver/mhu_v2_x.c | 17 +++++++++++++++++ - 3 files changed, 43 insertions(+), 1 deletion(-) - -diff --git a/components/messaging/openamp/sp/openamp_mhu.c b/components/messaging/openamp/sp/openamp_mhu.c -index bafba3e3..0700b8b9 100644 ---- a/components/messaging/openamp/sp/openamp_mhu.c -+++ b/components/messaging/openamp/sp/openamp_mhu.c -@@ -85,7 +85,7 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp) - struct mhu_v2_x_dev_t *tx_dev; - enum mhu_v2_x_error_t ret; - struct openamp_mhu *mhu; -- uint32_t access_ready; -+ uint32_t access_ready,val; - - if (!openamp->transport) { - EMSG("openamp: mhu: notify transport not initialized"); -@@ -116,6 +116,13 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp) - return -EPROTO; - } - -+ do { -+ ret = mhu_v2_x_channel_poll(tx_dev, MHU_V_2_NOTIFY_CHANNEL, &val); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ break; -+ } -+ } while (val != 0); -+ - ret = mhu_v2_x_reset_access_request(tx_dev); - if (ret != MHU_V_2_X_ERR_NONE) { - EMSG("openamp: mhu: failed reset access request"); -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h -index 26b3a5d6..2b4d6fcb 100644 ---- a/platform/drivers/arm/mhu_driver/mhu_v2.h -+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h -@@ -384,6 +384,24 @@ enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( - enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( - const struct mhu_v2_x_dev_t *dev, uint32_t *channel); - -+ -+/** -+ * \brief Polls sender channel status. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to poll the status of. -+ * \param[out] value Pointer to variable that will store the value. -+ * -+ * Polls sender channel status. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t *value); -+ - #ifdef __cplusplus - } - #endif -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -index d7e70efa..022e287a 100644 ---- a/platform/drivers/arm/mhu_driver/mhu_v2_x.c -+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -@@ -600,3 +600,20 @@ enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( - - return MHU_V_2_X_ERR_GENERAL; - } -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t *value) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->frame == MHU_V2_X_SENDER_FRAME) { -+ *value = (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_st; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch new file mode 100644 index 0000000000..d08ebe9f7b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch @@ -0,0 +1,84 @@ +From 6d140b21c22dda58f596bb513a1cd6bc08e914eb Mon Sep 17 00:00:00 2001 +From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> +Date: Wed, 3 Apr 2024 10:18:16 +0100 +Subject: [PATCH] Remove Werror flag + +Remove Werror flag due to compilation issues for TS in yocto + +Upstream-Status: Inappropriate [Only for meta-arm] +Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> +--- + deployments/smm-gateway/config/default-opteesp/CMakeLists.txt | 1 - + deployments/smm-gateway/config/default-sp/CMakeLists.txt | 1 - + environments/arm-linux/default_toolchain_file.cmake | 2 +- + environments/linux-pc/default_toolchain_file.cmake | 2 +- + environments/opteesp/default_toolchain_file.cmake | 2 +- + 5 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt +index 5521467..88048a2 100644 +--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt ++++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt +@@ -99,7 +99,6 @@ target_compile_definitions(smm-gateway PRIVATE + if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + target_compile_options(smm-gateway PRIVATE + -std=c11 +- -Werror + ) + + endif() +diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt +index ca563c0..4b43653 100644 +--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt ++++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt +@@ -97,7 +97,6 @@ target_compile_definitions(smm-gateway PRIVATE + if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + target_compile_options(smm-gateway PRIVATE + -std=c11 +- -Werror + ) + + endif() +diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake +index 1da144e..6909db6 100644 +--- a/environments/arm-linux/default_toolchain_file.cmake ++++ b/environments/arm-linux/default_toolchain_file.cmake +@@ -19,7 +19,7 @@ set(CMAKE_SYSTEM_PROCESSOR arm) + + set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") + set(TS_MANDATORY_AARCH_FLAGS "-mstrict-align -march=armv8-a+crc -DARM64=1" CACHE STRING "Compiler flags configuring architecture specific ") +-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") ++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") + set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.") + + # Set flags affecting all build types +diff --git a/environments/linux-pc/default_toolchain_file.cmake b/environments/linux-pc/default_toolchain_file.cmake +index 58f29bc..e23bb79 100644 +--- a/environments/linux-pc/default_toolchain_file.cmake ++++ b/environments/linux-pc/default_toolchain_file.cmake +@@ -11,7 +11,7 @@ include_guard(GLOBAL) + + set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") + set(TS_MANDATORY_AARCH_FLAGS "" CACHE STRING "Compiler flags configuring architecture specific ") +-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") ++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") + set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.") + + # Set flags affecting all build types +diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake +index 43c19c5..90a9418 100644 +--- a/environments/opteesp/default_toolchain_file.cmake ++++ b/environments/opteesp/default_toolchain_file.cmake +@@ -21,7 +21,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE True) + + set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") + set(TS_MANDATORY_AARCH_FLAGS "-fpic -mstrict-align -march=armv8-a+crc" CACHE STRING "Compiler flags configuring architecture specific ") +-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") ++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") + set(TS_MANDATORY_LINKER_FLAGS "-pie -Wl,--as-needed -Wl,--sort-section=alignment -zmax-page-size=4096" + CACHE STRING "Linker flags needed for correct builds.") + +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch new file mode 100644 index 0000000000..addf879f5d --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch @@ -0,0 +1,27 @@ +From a94bcd8af80c42adf99a7114174afea4000e6647 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Tue, 14 May 2024 15:58:15 +0200 +Subject: [PATCH] Remove PLATFORM_HAS_ATTEST_PK define from IAT test + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Inappropriate [Should remove the flag only for CS1000] +--- + deployments/psa-api-test/initial_attestation/iat-api-test.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake +index 4d1d2b1a9..eb4db223c 100644 +--- a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake ++++ b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake +@@ -15,7 +15,7 @@ set(TS_ARCH_TEST_SUITE INITIAL_ATTESTATION CACHE STRING "Arch test suite") + # Set additional defines needed for build. + #------------------------------------------------------------------------------- + list(APPEND PSA_ARCH_TEST_EXTERNAL_DEFS +- -DPSA_ALG_MD4=0x02000002 -DPLATFORM_HAS_ATTEST_PK) ++ -DPSA_ALG_MD4=0x02000002) + + #------------------------------------------------------------------------------- + # The arch test build system puts its build output under a test suite specific +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch new file mode 100644 index 0000000000..d5c43bd560 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch @@ -0,0 +1,28 @@ +From c7f2861e5c5ee209373a8dba15a608f78a97078b Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Wed, 10 Apr 2024 11:17:50 +0200 +Subject: [PATCH 1/3] Fix: Avoid redefinition of variables + +Remove variable redefinition which shadows the original one. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27954] +--- + .../service/uefi/smm_variable/client/cpp/smm_variable_client.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp +index f71d0c864..d39448900 100644 +--- a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp ++++ b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp +@@ -166,7 +166,6 @@ efi_status_t smm_variable_client::get_variable(const EFI_GUID &guid, const std:: + + if (call_handle) { + uint8_t *resp_buf; +- size_t resp_len; + service_status_t service_status; + + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *access_var = +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch new file mode 100644 index 0000000000..06efbb0e08 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch @@ -0,0 +1,495 @@ +From cc4cc9f3f5f02f713cf4da1854f3085bf31e71cf Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Sat, 13 Apr 2024 14:52:23 +0200 +Subject: [PATCH 2/3] Fix GetNextVariableName NameSize input + +Based on the specification the NameSize shall be set to the available +buffer size at the first call instead of the NameSize of the +provided variable. +Change smm-gateway and the tests according this. Also remove +sanitize_get_next_var_name_param utility function, which is not +compilant with this solution. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28022] +--- + .../backend/test/variable_store_tests.cpp | 48 +++++++-------- + .../backend/uefi_variable_store.c | 60 ++++++++++++------- + .../backend/uefi_variable_store.h | 5 +- + .../smm_variable/backend/variable_index.c | 3 + + .../provider/smm_variable_provider.c | 59 +++++------------- + .../service/smm_variable_attack_tests.cpp | 29 ++++----- + .../service/smm_variable_service_tests.cpp | 7 ++- + 7 files changed, 98 insertions(+), 113 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +index fd48f13fb..72772821c 100644 +--- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp ++++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +@@ -501,15 +501,13 @@ TEST(UefiVariableStoreTests, bootServiceAccess) + std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE); + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); +- size_t max_name_len = +- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + + size_t total_len = 0; +- next_name->NameSize = sizeof(int16_t); ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + next_name->Name[0] = 0; + + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + + UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); + } +@@ -574,47 +572,48 @@ TEST(UefiVariableStoreTests, enumerateStoreContents) + std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE); + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); +- size_t max_name_len = +- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + + /* First check handling of invalid variable name */ + std::u16string bogus_name = to_variable_name(u"bogus_variable"); + size_t bogus_name_size = string_get_size_in_bytes(bogus_name); + next_name->Guid = m_common_guid; +- next_name->NameSize = bogus_name_size; ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + memcpy(next_name->Name, bogus_name.data(), bogus_name_size); + + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, status); + + /* Enumerate store contents */ + next_name->NameSize = sizeof(int16_t); + next_name->Name[0] = 0; +- /* Check if the correct NameSize is returned if max_name_len is too small */ ++ /* Check if the correct NameSize is returned if namesize is too small */ + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- 0, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); + UNSIGNED_LONGLONGS_EQUAL(sizeof(var_name_1), next_name->NameSize); + +- /* And then used the previously received next_name->NameSize as max_name_len */ ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- next_name->NameSize, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_2, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); + + power_cycle(); +@@ -622,21 +621,23 @@ TEST(UefiVariableStoreTests, enumerateStoreContents) + /* Enumerate again - should be left with just NV variables. + * Use a different but equally valid null name. + */ +- next_name->NameSize = 10 * sizeof(int16_t); ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + memset(next_name->Name, 0, next_name->NameSize); + + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); + } + +@@ -672,21 +673,20 @@ TEST(UefiVariableStoreTests, failedNvSet) + std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE); + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); +- size_t max_name_len = +- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + + /* Enumerate store contents */ + size_t total_len = 0; +- next_name->NameSize = sizeof(int16_t); ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + next_name->Name[0] = 0; + + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); + ++ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; + status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, +- max_name_len, &total_len); ++ &total_len); + UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); + } + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index 5b46c1371..caf6698aa 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -404,9 +404,27 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * + efi_status_t + uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context, + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur, +- size_t max_name_len, size_t *total_length) ++ size_t *total_length) + { +- efi_status_t status = check_name_terminator(cur->Name, cur->NameSize); ++ efi_status_t status = EFI_SUCCESS; ++ size_t buffer_size = 0; ++ ++ if (!cur) ++ return EFI_INVALID_PARAMETER; ++ /* ++ * NameSize is set to the buffer size to store the names, ++ * let's calculate the size actually being used. ++ */ ++ buffer_size = cur->NameSize; ++ for (int i = 0; i < buffer_size / sizeof(int16_t); i++) { ++ if (cur->Name[i] == 0) { ++ /* With null terminator */ ++ cur->NameSize = 2*(i+1); ++ break; ++ } ++ } ++ ++ status = check_name_terminator(cur->Name, cur->NameSize); + + if (status != EFI_SUCCESS) + return status; +@@ -418,21 +436,11 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con + &context->variable_index, &cur->Guid, cur->NameSize, cur->Name, &status); + + if (info && (status == EFI_SUCCESS)) { +- /* The NameSize has to be set in every case according to the UEFI specs. +- * In case of EFI_BUFFER_TOO_SMALL it has to reflect the size of buffer +- * needed. +- */ +- cur->NameSize = info->metadata.name_size; +- *total_length = sizeof(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME); +- +- if (info->metadata.name_size <= max_name_len) { ++ if (info->metadata.name_size <= buffer_size) { + cur->Guid = info->metadata.guid; ++ cur->NameSize = info->metadata.name_size; + memcpy(cur->Name, info->metadata.name, info->metadata.name_size); + +- *total_length = +- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE( +- cur); +- + /* + * Check if variable is accessible (e.g boot variable is not + * accessible at runtime) +@@ -442,6 +450,10 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con + if (status == EFI_SUCCESS) + break; + } else { ++ /* The VariableNameSize is updated to reflect the size of buffer needed */ ++ cur->NameSize = info->metadata.name_size; ++ memset(cur->Name, 0, buffer_size); ++ memset(&cur->Guid, 0, sizeof(EFI_GUID)); + status = EFI_BUFFER_TOO_SMALL; + break; + } +@@ -450,18 +462,24 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con + /* Do not hide original error if there is any */ + if (status == EFI_SUCCESS) + status = EFI_NOT_FOUND; ++ ++ memset(cur->Name, 0, buffer_size); ++ memset(&cur->Guid, 0, sizeof(EFI_GUID)); ++ cur->NameSize = 0; + break; + } + } + +- /* If we found no accessible variable clear the fields for security */ +- if (status != EFI_SUCCESS) { +- memset(cur->Name, 0, max_name_len); +- memset(&cur->Guid, 0, sizeof(EFI_GUID)); +- if (status != EFI_BUFFER_TOO_SMALL) +- cur->NameSize = 0; ++ if (status == EFI_SUCCESS) { ++ /* Store everything including the name */ ++ *total_length = ++ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE( ++ cur); ++ } else { ++ /* Do not store the name, only the size */ ++ *total_length = ++ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; + } +- + return status; + } + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.h b/components/service/uefi/smm_variable/backend/uefi_variable_store.h +index 8be5f36e6..2493ff6b4 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.h ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.h +@@ -134,8 +134,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * + * Used for enumerating the store contents + * + * @param[in] context uefi_variable_store instance +- * @param[out] cur Current variable name +- * @param[in] max_name_len The maximum variable name length ++ * @param[inout] cur The size of the VariableName buffer + * @param[out] total_len The total length of the output + * + * @return EFI_SUCCESS if successful +@@ -143,7 +142,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * + efi_status_t + uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context, + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur, +- size_t max_name_len, size_t *total_length); ++ size_t *total_length); + + /** + * @brief Query for variable info +diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c +index d850dbe18..e2fe6dd38 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.c ++++ b/components/service/uefi/smm_variable/backend/variable_index.c +@@ -27,6 +27,9 @@ static uint64_t name_hash(const EFI_GUID *guid, size_t name_size, const int16_t + + /* Extend to cover name up to but not including null terminator */ + for (size_t i = 0; i < (name_size - sizeof(int16_t)) / sizeof(int16_t); ++i) { ++ /* Only hash till the first null terminator */ ++ if (name[i] == 0) ++ break; + hash = ((hash << 5) + hash) + name[i]; + } + +diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c +index ca3f7e5e5..1a5269338 100644 +--- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c +@@ -81,30 +81,6 @@ static efi_status_t sanitize_access_variable_param(struct rpc_request *req, size + return efi_status; + } + +-static efi_status_t sanitize_get_next_var_name_param(struct rpc_request *req, size_t *param_len) +-{ +- efi_status_t efi_status = EFI_INVALID_PARAMETER; +- *param_len = 0; +- const struct rpc_buffer *req_buf = &req->request; +- +- if (req_buf->data_length >= SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET) { +- const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *param = +- (const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)req_buf->data; +- +- size_t max_space_for_name = +- req_buf->data_length - +- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; +- +- if (param->NameSize <= max_space_for_name) { +- *param_len = +- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE(param); +- efi_status = EFI_SUCCESS; +- } +- } +- +- return efi_status; +-} +- + static efi_status_t sanitize_var_check_property_param(struct rpc_request *req, size_t *param_len) + { + efi_status_t efi_status = EFI_INVALID_PARAMETER; +@@ -146,7 +122,7 @@ static rpc_status_t get_variable_handler(void *context, struct rpc_request *req) + struct rpc_buffer *req_buf = &req->request; + size_t max_data_len = resp_buf->size - param_len; + +- memmove(resp_buf->data, req_buf->data, param_len); ++ memcpy(resp_buf->data, req_buf->data, param_len); + + efi_status = uefi_variable_store_get_variable( + &this_instance->variable_store, +@@ -167,28 +143,21 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req + { + struct smm_variable_provider *this_instance = (struct smm_variable_provider *)context; + +- size_t param_len = 0; +- efi_status_t efi_status = sanitize_get_next_var_name_param(req, ¶m_len); ++ efi_status_t efi_status = EFI_SUCCESS; ++ size_t variable_size = 0; + +- if (efi_status == EFI_SUCCESS) { +- /* Valid get next variable name header */ +- struct rpc_buffer *resp_buf = &req->response; ++ /* Valid get next variable name header */ ++ struct rpc_buffer *resp_buf = &req->response; ++ struct rpc_buffer *req_buf = &req->request; + +- if (resp_buf->size >= param_len) { +- struct rpc_buffer *req_buf = &req->request; ++ memcpy(resp_buf->data, req_buf->data, req_buf->data_length); + +- memmove(resp_buf->data, req_buf->data, param_len); ++ efi_status = uefi_variable_store_get_next_variable_name( ++ &this_instance->variable_store, ++ (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, ++ &variable_size); + +- efi_status = uefi_variable_store_get_next_variable_name( +- &this_instance->variable_store, +- (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, +- ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, +- &resp_buf->data_length); +- } else { +- /* Reponse buffer not big enough */ +- efi_status = EFI_BAD_BUFFER_SIZE; +- } +- } ++ resp_buf->data_length = variable_size; + + req->service_status = efi_status; + +@@ -240,7 +209,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct rpc_reques + struct rpc_buffer *resp_buf = &req->response; + + if (resp_buf->size >= req_buf->data_length) { +- memmove(resp_buf->data, req_buf->data, req_buf->data_length); ++ memcpy(resp_buf->data, req_buf->data, req_buf->data_length); + + efi_status = uefi_variable_store_query_variable_info( + &this_instance->variable_store, +@@ -308,7 +277,7 @@ static rpc_status_t get_var_check_property_handler(void *context, struct rpc_req + + if (resp_buf->size >= param_len) { + struct rpc_buffer *req_buf = &req->request; +- memmove(resp_buf->data, req_buf->data, param_len); ++ memcpy(resp_buf->data, req_buf->data, param_len); + resp_buf->data_length = param_len; + + efi_status = uefi_variable_store_get_var_check_property( +diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp +index 76b62fd35..98e61fec0 100644 +--- a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp ++++ b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp +@@ -176,19 +176,6 @@ TEST(SmmVariableAttackTests, setAndGetWithSizeMaxNameSize) + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); + } + +-TEST(SmmVariableAttackTests, enumerateWithOversizeName) +-{ +- efi_status_t efi_status = EFI_SUCCESS; +- std::u16string var_name = null_name; +- EFI_GUID guid; +- memset(&guid, 0, sizeof(guid)); +- +- efi_status = m_client->get_next_variable_name(guid, var_name, +- (var_name.size() + 1) * sizeof(int16_t) + 1); +- +- UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status); +-} +- + TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize) + { + efi_status_t efi_status = EFI_SUCCESS; +@@ -202,17 +189,23 @@ TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize) + + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); + +- /* Initial iteration uses good name length */ +- efi_status = m_client->get_next_variable_name(guid, var_name); ++ /* Initial iteration uses good name length for next variable */ ++ efi_status = m_client->get_next_variable_name(guid, var_name, std::numeric_limits<size_t>::max()); + + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); + +- /* Next iteration uses invalid name length */ +- efi_status = m_client->get_next_variable_name(guid, var_name, +- std::numeric_limits<size_t>::max()); ++ /* Next iteration uses invalid name length, so a null terminator can not fit */ ++ var_name = null_name; ++ efi_status = m_client->get_next_variable_name(guid, var_name, 1); + + UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status); + ++ /* Next iteration uses invalid name length, so a null terminator can not fit */ ++ var_name = null_name; ++ efi_status = m_client->get_next_variable_name(guid, var_name, 2); ++ ++ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); ++ + /* Expect to be able to remove the variable */ + efi_status = m_client->remove_variable(m_common_guid, var_name_1); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); +diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp +index e82a90c37..8fa4f8077 100644 +--- a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp ++++ b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp +@@ -9,6 +9,7 @@ + #include <cstring> + #include <locale> + #include <sstream> ++#include <limits> + + #include "util.h" + +@@ -154,7 +155,7 @@ TEST_GROUP(SmmVariableServiceTests) + #endif + + do { +- status = m_client->get_next_variable_name(guid, var_name); ++ status = m_client->get_next_variable_name(guid, var_name, max_variable_size); + + /* There are no more variables in the persistent store */ + if (status == EFI_NOT_FOUND) { +@@ -223,6 +224,8 @@ TEST_GROUP(SmmVariableServiceTests) + std::u16string m_ro_variable = to_variable_name(u"ro_variable"); + std::u16string m_boot_finished_var_name = to_variable_name(u"finished"); + ++ uint32_t max_variable_size = 4096; ++ + /* Cleanup skips these variables */ + std::vector<std::u16string *> m_non_rm_vars{ &m_ro_variable, &m_boot_finished_var_name }; + +@@ -654,7 +657,7 @@ TEST(SmmVariableServiceTests, enumerateStoreContents) + std::u16string *expected_variables[] = { &var_name_1, &var_name_2, &var_name_3 }; + + do { +- efi_status = m_client->get_next_variable_name(guid, var_name); ++ efi_status = m_client->get_next_variable_name(guid, var_name, max_variable_size); + if (efi_status != EFI_SUCCESS) + break; + +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch new file mode 100644 index 0000000000..978f2e52ad --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch @@ -0,0 +1,82 @@ +From c62e728bb86981219984c8b39819fb8926a41e10 Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Fri, 19 Apr 2024 18:25:23 +0200 +Subject: [PATCH 3/3] Fix error handling of variable index loading + +If loading of the variable index from Protected Storage fails, SmmGW +will silently continue with empty variable store. This is a serious +fault and a potential security risk. +Change the code to produce a log output when this happens and stop +loading the SP. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28300] +--- + .../backend/uefi_variable_store.c | 28 ++++++++++++++----- + 1 file changed, 21 insertions(+), 7 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index caf6698aa..c1691dc8f 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -27,7 +27,7 @@ + #include "service/crypto/client/psa/crypto_client.h" + #endif + +-static void load_variable_index(struct uefi_variable_store *context); ++static efi_status_t load_variable_index(struct uefi_variable_store *context); + + static efi_status_t sync_variable_index(const struct uefi_variable_store *context); + +@@ -165,8 +165,10 @@ efi_status_t uefi_variable_store_init(struct uefi_variable_store *context, uint3 + + /* Load the variable index with NV variable info from the persistent store */ + if (context->index_sync_buffer) { +- load_variable_index(context); +- purge_orphan_index_entries(context); ++ status = load_variable_index(context); ++ ++ if (status == EFI_SUCCESS) ++ purge_orphan_index_entries(context); + } + } + +@@ -571,7 +573,7 @@ efi_status_t uefi_variable_store_get_var_check_property( + return status; + } + +-static void load_variable_index(struct uefi_variable_store *context) ++static efi_status_t load_variable_index(struct uefi_variable_store *context) + { + struct storage_backend *persistent_store = context->persistent_store.storage_backend; + +@@ -583,11 +585,23 @@ static void load_variable_index(struct uefi_variable_store *context) + SMM_VARIABLE_INDEX_STORAGE_UID, 0, context->index_sync_buffer_size, + context->index_sync_buffer, &data_len); + +- if (psa_status == PSA_SUCCESS) { +- variable_index_restore(&context->variable_index, data_len, +- context->index_sync_buffer); ++ switch(psa_status) { ++ case PSA_SUCCESS: ++ (void) variable_index_restore(&context->variable_index, data_len, ++ context->index_sync_buffer); ++ break; ++ ++ case PSA_ERROR_DOES_NOT_EXIST: ++ IMSG("Index variable does not exist in NV store, continuing with empty index"); ++ break; ++ ++ default: ++ EMSG("Loading variable index failed: %d", psa_status); ++ return EFI_LOAD_ERROR; + } + } ++ ++ return EFI_SUCCESS; + } + + static efi_status_t sync_variable_index(const struct uefi_variable_store *context) +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch new file mode 100644 index 0000000000..ae9a53fa97 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch @@ -0,0 +1,758 @@ +From 370811420cfa1c14146f45de308bbccf70408eb8 Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Fri, 5 Apr 2024 11:19:37 +0200 +Subject: [PATCH] Provide crypto api to create uefi priv var fingerprint +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add new call to the crypto backend to calculate a hash of the common +name of the signing certificate’s Subject and the tbsCertificate +of the top-level issuer certificate. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27953] +--- + .../client/caller/packed-c/crypto_caller.h | 1 + + ...aller_get_uefi_priv_auth_var_fingerprint.h | 90 ++++++++ + .../packed-c/packedc_crypto_client.cpp | 8 + + .../protocol/packed-c/packedc_crypto_client.h | 4 + + .../service/crypto/client/psa/component.cmake | 1 + + .../service/crypto/client/psa/crypto_client.h | 5 + + .../psa/get_uefi_priv_auth_var_fingerprint.c | 21 ++ + .../service/crypto/provider/crypto_provider.c | 212 +++++++++++++++--- + .../serializer/crypto_provider_serializer.h | 8 + + .../packedc_crypto_provider_serializer.c | 54 +++++ + .../backend/direct/uefi_direct_backend.c | 90 ++++++++ + deployments/smm-gateway/smm-gateway.cmake | 5 + + .../get_uefi_priv_auth_var_fingerprint.h | 21 ++ + protocols/service/crypto/packed-c/opcodes.h | 1 + + 14 files changed, 488 insertions(+), 33 deletions(-) + create mode 100644 components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h + create mode 100644 components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c + create mode 100644 protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h + +diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller.h b/components/service/crypto/client/caller/packed-c/crypto_caller.h +index d834bc207..d5dd0f70d 100644 +--- a/components/service/crypto/client/caller/packed-c/crypto_caller.h ++++ b/components/service/crypto/client/caller/packed-c/crypto_caller.h +@@ -31,5 +31,6 @@ + #include "crypto_caller_sign_hash.h" + #include "crypto_caller_verify_hash.h" + #include "crypto_caller_verify_pkcs7_signature.h" ++#include "crypto_caller_get_uefi_priv_auth_var_fingerprint.h" + + #endif /* PACKEDC_CRYPTO_CALLER_H */ +diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h +new file mode 100644 +index 000000000..d3446e445 +--- /dev/null ++++ b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h +@@ -0,0 +1,90 @@ ++/* ++ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#ifndef PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H ++#define PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H ++ ++#include <common/tlv/tlv.h> ++#include <protocols/common/efi/efi_status.h> ++#include <protocols/rpc/common/packed-c/status.h> ++#include <protocols/service/crypto/packed-c/opcodes.h> ++#include <protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h> ++#include <service/common/client/service_client.h> ++#include <stdlib.h> ++#include <string.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++static inline int crypto_caller_get_uefi_priv_auth_var_fingerprint(struct service_client *context, ++ const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output) ++{ ++ efi_status_t efi_status = EFI_SUCCESS; ++ size_t req_len = 0; ++ ++ if (signature_cert_len > UINT16_MAX) ++ return RPC_ERROR_INVALID_VALUE; ++ ++ struct tlv_record signature_record = { ++ .tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE, ++ .length = (uint16_t)signature_cert_len, ++ .value = signature_cert ++ }; ++ ++ req_len += tlv_required_space(signature_record.length); ++ ++ rpc_call_handle call_handle; ++ uint8_t *req_buf; ++ ++ call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); ++ ++ if (call_handle) { ++ uint8_t *resp_buf; ++ size_t resp_len; ++ service_status_t service_status; ++ struct tlv_iterator req_iter; ++ ++ tlv_iterator_begin(&req_iter, req_buf, req_len); ++ tlv_encode(&req_iter, &signature_record); ++ ++ context->rpc_status = rpc_caller_session_invoke( ++ call_handle, TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, &resp_buf, &resp_len, ++ &service_status); ++ ++ if (context->rpc_status == RPC_SUCCESS) { ++ ++ if (service_status == EFI_SUCCESS) { ++ ++ struct tlv_const_iterator resp_iter; ++ struct tlv_record decoded_record; ++ tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len); ++ ++ if (tlv_find_decode(&resp_iter, ++ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER, &decoded_record)) { ++ ++ memcpy(output, decoded_record.value, PSA_HASH_MAX_SIZE); ++ } ++ else { ++ /* Mandatory response parameter missing */ ++ efi_status = EFI_INVALID_PARAMETER; ++ } ++ } ++ } ++ ++ rpc_caller_session_end(call_handle); ++ } ++ ++ return efi_status; ++} ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */ +diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp +index aaa71f0c8..e0f6a15a8 100644 +--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp ++++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp +@@ -428,3 +428,11 @@ int packedc_crypto_client::verify_pkcs7_signature(const uint8_t *signature_cert, + hash, hash_len, public_key_cert, + public_key_cert_len); + } ++ ++int packedc_crypto_client::get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output) ++{ ++ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&m_client, signature_cert, signature_cert_len, ++ output); ++} +diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h +index 8d4f60cf9..ec6c51c7f 100644 +--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h ++++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h +@@ -236,6 +236,10 @@ public: + int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, + const uint8_t *hash, uint64_t hash_len, + const uint8_t *public_key_cert, uint64_t public_key_cert_len); ++ ++ int get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output); + }; + + #endif /* PACKEDC_CRYPTO_CLIENT_H */ +diff --git a/components/service/crypto/client/psa/component.cmake b/components/service/crypto/client/psa/component.cmake +index 359db3b4a..5bee0c652 100644 +--- a/components/service/crypto/client/psa/component.cmake ++++ b/components/service/crypto/client/psa/component.cmake +@@ -32,4 +32,5 @@ target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/psa_sign_message.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_verify_message.c" + "${CMAKE_CURRENT_LIST_DIR}/verify_pkcs7_signature.c" ++ "${CMAKE_CURRENT_LIST_DIR}/get_uefi_priv_auth_var_fingerprint.c" + ) +diff --git a/components/service/crypto/client/psa/crypto_client.h b/components/service/crypto/client/psa/crypto_client.h +index 4b59bbe32..af04df11e 100644 +--- a/components/service/crypto/client/psa/crypto_client.h ++++ b/components/service/crypto/client/psa/crypto_client.h +@@ -7,10 +7,15 @@ + #ifndef CRYPTO_CLIENT_H + #define CRYPTO_CLIENT_H + ++#include <stddef.h> + #include <stdint.h> + + int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, + const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert, + uint64_t public_key_cert_len); + ++int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output); ++ + #endif /* CRYPTO_CLIENT_H */ +diff --git a/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c +new file mode 100644 +index 000000000..702aaa0c4 +--- /dev/null ++++ b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c +@@ -0,0 +1,21 @@ ++/* ++ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#include "crypto_caller_selector.h" ++#include "crypto_client.h" ++#include "psa_crypto_client.h" ++ ++int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output) ++{ ++ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) ++ return psa_crypto_client_instance.init_status; ++ ++ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&psa_crypto_client_instance.base, ++ signature_cert, signature_cert_len, ++ output); ++} +diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c +index 9cd520859..4535d6dbe 100644 +--- a/components/service/crypto/provider/crypto_provider.c ++++ b/components/service/crypto/provider/crypto_provider.c +@@ -3,12 +3,15 @@ + * + * SPDX-License-Identifier: BSD-3-Clause + */ ++#include <protocols/common/efi/efi_status.h> + #include <protocols/rpc/common/packed-c/status.h> + #include <protocols/service/crypto/packed-c/opcodes.h> + #include <service/crypto/backend/crypto_backend.h> + #include <service/crypto/provider/crypto_provider.h> ++#include <compiler.h> + #include <stdint.h> + #include <stdlib.h> ++#include <string.h> + + #include "crypto_partition.h" + #include "crypto_uuid.h" +@@ -28,25 +31,27 @@ static rpc_status_t copy_key_handler(void *context, struct rpc_request *req); + static rpc_status_t purge_key_handler(void *context, struct rpc_request *req); + static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req); + static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req); ++static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req); + + /* Handler mapping table for service */ + static const struct service_handler handler_table[] = { +- { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler }, +- { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler }, +- { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler }, +- { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler }, +- { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler }, +- { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler }, +- { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler }, +- { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler }, +- { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler }, +- { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler }, +- { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler }, +- { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler }, +- { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler }, +- { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler }, +- { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler }, +- { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler }, ++ { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler }, ++ { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler }, ++ { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler }, ++ { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler }, ++ { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler }, ++ { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler }, ++ { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler }, ++ { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler }, ++ { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler }, ++ { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler }, ++ { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler }, ++ { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler }, ++ { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler }, ++ { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler }, ++ { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler }, ++ { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler }, ++ { TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, get_uefi_priv_auth_var_fingerprint_handler }, + }; + + struct rpc_service_interface * +@@ -664,33 +669,44 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req + } + + if (rpc_status == RPC_SUCCESS) { +- /* Parse the public key certificate */ +- mbedtls_x509_crt signer_certificate; ++ /* Parse the PKCS#7 DER encoded signature block */ ++ mbedtls_pkcs7 pkcs7_structure; + +- mbedtls_x509_crt_init(&signer_certificate); ++ mbedtls_pkcs7_init(&pkcs7_structure); + +- mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert, +- public_key_cert_len); ++ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, ++ signature_cert_len); + +- if (mbedtls_status == 0) { +- /* Parse the PKCS#7 DER encoded signature block */ +- mbedtls_pkcs7 pkcs7_structure; ++ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { + +- mbedtls_pkcs7_init(&pkcs7_structure); ++ /* ++ * If a separate public key is provided, verify the signature with it, ++ * else use the key from the pkcs7 signature structure, because it is ++ * a self-signed certificate. ++ */ ++ if(public_key_cert_len) { ++ /* Parse the public key certificate */ ++ mbedtls_x509_crt signer_certificate; + +- mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, +- signature_cert_len); ++ mbedtls_x509_crt_init(&signer_certificate); + +- if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { +- /* Verify hash against signed hash */ ++ mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert, ++ public_key_cert_len); ++ ++ if (mbedtls_status == 0) { ++ /* Verify hash against signed hash */ ++ mbedtls_status = mbedtls_pkcs7_signed_hash_verify( ++ &pkcs7_structure, &signer_certificate, hash, hash_len); ++ } ++ ++ mbedtls_x509_crt_free(&signer_certificate); ++ } else { + mbedtls_status = mbedtls_pkcs7_signed_hash_verify( +- &pkcs7_structure, &signer_certificate, hash, hash_len); ++ &pkcs7_structure, &pkcs7_structure.private_signed_data.private_certs, hash, hash_len); + } +- +- mbedtls_pkcs7_free(&pkcs7_structure); + } + +- mbedtls_x509_crt_free(&signer_certificate); ++ mbedtls_pkcs7_free(&pkcs7_structure); + } + + free(signature_cert); +@@ -702,6 +718,128 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req + + return rpc_status; + } ++ ++/* ++ * Official value: http://www.oid-info.com/get/2.5.4.3 ++ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php ++ */ ++static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name) ++{ ++ uint8_t CN_oid_tag = 0x06; ++ uint8_t CN_oid_len = 0x03; ++ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03}; ++ ++ while (name) ++ { ++ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) { ++ if (name->oid.p != NULL) { ++ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len)) ++ return &name->val; ++ } ++ } ++ ++ name = name->next; ++ } ++ ++ return NULL; ++} ++ ++static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req) ++{ ++ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; ++ struct rpc_buffer *req_buf = &req->request; ++ const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req); ++ ++ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ uint8_t *signature_cert = NULL; ++ uint64_t signature_cert_len = 0; ++ ++ if (serializer) { ++ /* First collect the lengths of the field */ ++ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req( ++ req_buf, NULL, &signature_cert_len); ++ ++ if (rpc_status == RPC_SUCCESS) { ++ /* Allocate the needed space and get the data */ ++ signature_cert = (uint8_t *)malloc(signature_cert_len); ++ ++ if (signature_cert) { ++ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req( ++ req_buf, signature_cert, &signature_cert_len); ++ } else { ++ rpc_status = RPC_ERROR_RESOURCE_FAILURE; ++ } ++ } ++ } ++ ++ if (rpc_status == RPC_SUCCESS) { ++ /* Parse the PKCS#7 DER encoded signature block */ ++ mbedtls_pkcs7 pkcs7_structure; ++ ++ mbedtls_pkcs7_init(&pkcs7_structure); ++ ++ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, ++ signature_cert_len); ++ ++ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { ++ ++ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 }; ++ size_t __maybe_unused output_size = 0; ++ const mbedtls_asn1_buf *signerCertCN = NULL; ++ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs; ++ const mbedtls_x509_buf *toplevelCertTbs = NULL; ++ struct rpc_buffer *resp_buf = &req->response;; ++ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; ++ ++ /* Find common name field of the signing certificate, which is the first in the chain */ ++ signerCertCN = findCommonName(&topLevelCert->subject); ++ if (!signerCertCN) ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ /* Get the TopLevel certificate which is the last in the chain */ ++ while(topLevelCert->next) ++ topLevelCert = topLevelCert->next; ++ toplevelCertTbs = &topLevelCert->tbs; ++ ++ /* Hash the data to create the fingerprint */ ++ op = psa_hash_operation_init(); ++ ++ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS) ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ /* Clear the remaining part of the buffer for consistency */ ++ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size); ++ ++ rpc_status = serializer->serialize_get_uefi_priv_auth_var_fingerprint_resp( ++ resp_buf, (uint8_t*)&output_buffer); ++ } ++ ++ mbedtls_pkcs7_free(&pkcs7_structure); ++ } ++ ++ free(signature_cert); ++ ++ /* Provide the result of the verification */ ++ req->service_status = (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) ? EFI_SUCCESS : EFI_COMPROMISED_DATA; ++ ++ return rpc_status; ++} + #else + static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req) + { +@@ -710,4 +848,12 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req + + return RPC_ERROR_INTERNAL; + } ++ ++static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req) ++{ ++ (void)context; ++ (void)req; ++ ++ return RPC_ERROR_INTERNAL; ++} + #endif +diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h +index bd5336c3d..2b965afdb 100644 +--- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h ++++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h +@@ -126,6 +126,14 @@ struct crypto_provider_serializer { + uint8_t *hash, uint64_t *hash_len, + uint8_t *public_key_cert, + uint64_t *public_key_cert_len); ++ ++ /* Operation: get_uefi_priv_auth_var_fingerprintentifier */ ++ rpc_status_t (*deserialize_get_uefi_priv_auth_var_fingerprint_req)(const struct rpc_buffer *req_buf, ++ uint8_t *signed_data, ++ uint64_t *signed_data_len); ++ ++ rpc_status_t (*serialize_get_uefi_priv_auth_var_fingerprint_resp)(struct rpc_buffer *resp_buf, ++ const uint8_t *output); + }; + + #endif /* CRYPTO_PROVIDER_SERIALIZER_H */ +diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c +index 050ef2f7d..89e07e2c8 100644 +--- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c ++++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c +@@ -22,6 +22,7 @@ + #include <protocols/service/crypto/packed-c/sign_hash.h> + #include <protocols/service/crypto/packed-c/verify_hash.h> + #include <protocols/service/crypto/packed-c/verify_pkcs7_signature.h> ++#include <protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h> + #include <service/crypto/backend/crypto_backend.h> + #include <stdlib.h> + #include <string.h> +@@ -675,6 +676,57 @@ static rpc_status_t deserialize_verify_pkcs7_signature_req( + return rpc_status; + } + ++/* Operation: get_uefi_priv_auth_var_fingerprintentifier */ ++static rpc_status_t deserialize_get_uefi_priv_auth_var_fingerprint_req(const struct rpc_buffer *req_buf, ++ uint8_t *signed_data, ++ uint64_t *signed_data_len) ++{ ++ rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY; ++ ++ if (req_buf->data_length) { ++ struct tlv_const_iterator req_iter; ++ struct tlv_record decoded_record; ++ ++ rpc_status = RPC_SUCCESS; ++ ++ tlv_const_iterator_begin(&req_iter, (uint8_t *)req_buf->data, req_buf->data_length); ++ ++ if (tlv_find_decode(&req_iter, TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE, ++ &decoded_record)) { ++ *signed_data_len = decoded_record.length; ++ ++ if (signed_data) ++ memcpy(signed_data, decoded_record.value, decoded_record.length); ++ } else { ++ /* Default to a zero length */ ++ *signed_data_len = 0; ++ } ++ } ++ ++ return rpc_status; ++} ++ ++static rpc_status_t serialize_get_uefi_priv_auth_var_fingerprint_resp(struct rpc_buffer *resp_buf, ++ const uint8_t *output) ++{ ++ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; ++ struct tlv_iterator resp_iter; ++ struct tlv_record out_record; ++ ++ out_record.tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER; ++ out_record.length = PSA_HASH_MAX_SIZE; ++ out_record.value = output; ++ ++ tlv_iterator_begin(&resp_iter, resp_buf->data, resp_buf->size); ++ ++ if (tlv_encode(&resp_iter, &out_record)) { ++ resp_buf->data_length = tlv_required_space(PSA_HASH_MAX_SIZE); ++ rpc_status = RPC_SUCCESS; ++ } ++ ++ return rpc_status; ++} ++ + /* Singleton method to provide access to the serializer instance */ + const struct crypto_provider_serializer *packedc_crypto_provider_serializer_instance(void) + { +@@ -704,6 +756,8 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst + deserialize_generate_random_req, + serialize_generate_random_resp, + deserialize_verify_pkcs7_signature_req, ++ deserialize_get_uefi_priv_auth_var_fingerprint_req, ++ serialize_get_uefi_priv_auth_var_fingerprint_resp + }; + + return &instance; +diff --git a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c +index bf978c5dd..c7ca07254 100644 +--- a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c ++++ b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c +@@ -9,6 +9,8 @@ + #include <mbedtls/pkcs7.h> + #include <mbedtls/x509_crt.h> + #include <stdint.h> ++#include <string.h> ++#include <compiler.h> + + int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, + const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert, +@@ -46,3 +48,91 @@ int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cer + + return mbedtls_status; + } ++ ++/* ++ * Official value: http://www.oid-info.com/get/2.5.4.3 ++ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php ++ */ ++static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name) ++{ ++ uint8_t CN_oid_tag = 0x06; ++ uint8_t CN_oid_len = 0x03; ++ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03}; ++ ++ while (name) ++ { ++ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) { ++ if (name->oid.p != NULL) { ++ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len)) ++ return &name->val; ++ } ++ } ++ ++ name = name->next; ++ } ++ ++ return NULL; ++} ++ ++int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, ++ uint64_t signature_cert_len, ++ uint8_t *output) ++{ ++ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ /* Parse the PKCS#7 DER encoded signature block */ ++ mbedtls_pkcs7 pkcs7_structure; ++ ++ mbedtls_pkcs7_init(&pkcs7_structure); ++ ++ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, ++ signature_cert_len); ++ ++ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { ++ ++ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 }; ++ size_t __maybe_unused output_size = 0; ++ const mbedtls_asn1_buf *signerCertCN = NULL; ++ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs; ++ const mbedtls_x509_buf *toplevelCertTbs = NULL; ++ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; ++ ++ /* Find common name field of the signing certificate, which is the first in the chain */ ++ signerCertCN = findCommonName(&topLevelCert->subject); ++ if (!signerCertCN) ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ /* Get the TopLevel certificate which is the last in the chain */ ++ while(topLevelCert->next) ++ topLevelCert = topLevelCert->next; ++ toplevelCertTbs = &topLevelCert->tbs; ++ ++ /* Hash the data to create the fingerprint */ ++ op = psa_hash_operation_init(); ++ ++ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS) ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ ++ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) { ++ psa_hash_abort(&op); ++ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ++ } ++ ++ /* Clear the remaining part of the buffer for consistency */ ++ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size); ++ } ++ ++ mbedtls_pkcs7_free(&pkcs7_structure); ++ ++ return mbedtls_status; ++} +diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake +index e5ee03b60..de519892d 100644 +--- a/deployments/smm-gateway/smm-gateway.cmake ++++ b/deployments/smm-gateway/smm-gateway.cmake +@@ -17,6 +17,11 @@ include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake) + target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto) + target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509) + ++# Pass the location of the mbedtls config file to C preprocessor. ++target_compile_definitions(smm-gateway PRIVATE ++ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" ++) ++ + target_compile_definitions(smm-gateway PRIVATE + -DUEFI_INTERNAL_CRYPTO + ) +diff --git a/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h +new file mode 100644 +index 000000000..29964b33c +--- /dev/null ++++ b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h +@@ -0,0 +1,21 @@ ++/* ++ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#ifndef TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H ++#define TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H ++ ++#include <stdint.h> ++ ++/* Variable length output parameter tags */ ++enum { ++ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER = 1, ++}; ++ ++/* Variable length input parameter tags */ ++enum { ++ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE = 1, ++}; ++ ++#endif /* TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */ +diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h +index 35b81599b..8bc2b49b0 100644 +--- a/protocols/service/crypto/packed-c/opcodes.h ++++ b/protocols/service/crypto/packed-c/opcodes.h +@@ -28,6 +28,7 @@ + #define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) + #define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) + #define TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE (TS_CRYPTO_OPCODE_BASE + 18) ++#define TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT (TS_CRYPTO_OPCODE_BASE + 19) + + /* Hash operations */ + #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch new file mode 100644 index 0000000000..26e7df5fd2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch @@ -0,0 +1,146 @@ +From 5b418e141aadcb6604406f75e156317bd143d898 Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Fri, 5 Apr 2024 11:27:15 +0200 +Subject: [PATCH 1/3] Add timestamp validation for uefi variables + +Return failure if uefi variable creation or update is not +requested with newer timestamp. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27955] +--- + .../backend/uefi_variable_store.c | 35 +++++++++++++++---- + .../smm_variable/backend/variable_index.c | 1 + + .../smm_variable/backend/variable_index.h | 1 + + 3 files changed, 30 insertions(+), 7 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index c1691dc8f..1b624f0c9 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -76,6 +76,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, + const uint8_t *hash_buffer, size_t hash_len); + + static efi_status_t authenticate_variable(const struct uefi_variable_store *context, ++ EFI_TIME *timestamp, + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); + #endif + +@@ -197,6 +198,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) + { + bool should_sync_index = false; ++ EFI_TIME timestamp = { 0 }; + + /* Validate incoming request */ + efi_status_t status = check_name_terminator(var->Name, var->NameSize); +@@ -225,6 +227,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + return EFI_OUT_OF_RESOURCES; + } + ++ /* Save the timestamp into a buffer, which can be overwritten by the authentication function */ ++ memcpy(×tamp, &info->metadata.timestamp, sizeof(EFI_TIME)); ++ + /* Control access */ + status = check_access_permitted_on_set(context, info, var); + +@@ -240,7 +245,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + if (info->metadata.attributes & + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { + status = authenticate_variable( +- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); ++ context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); + + if (status != EFI_SUCCESS) + return status; +@@ -326,7 +331,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + */ + if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { + status = authenticate_variable( +- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); ++ context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); + + if (status != EFI_SUCCESS) + return status; +@@ -358,9 +363,11 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + if (should_sync_index) + status = sync_variable_index(context); + +- /* Store any variable data to the storage backend */ +- if (info->is_variable_set && (status == EFI_SUCCESS)) ++ /* Store any variable data to the storage backend with the updated metadata */ ++ if (info->is_variable_set && (status == EFI_SUCCESS)) { ++ memcpy(&info->metadata.timestamp, ×tamp, sizeof(EFI_TIME)); + status = store_variable_data(context, info, var); ++ } + } + + variable_index_remove_unused_entry(&context->variable_index, info); +@@ -1106,6 +1113,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, + * then verifies it. + */ + static efi_status_t authenticate_variable(const struct uefi_variable_store *context, ++ EFI_TIME *timestamp, + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) + { + efi_status_t status = EFI_SUCCESS; +@@ -1223,9 +1231,7 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + * + * UEFI: Page 253 + * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components +- * of the TimeStamp value are set to zero. Unless the EFI_VARIABLE_APPEND_WRITE +- * attribute is set, verify that the TimeStamp value is later than the current +- * timestamp value associated with the variable ++ * of the TimeStamp value are set to zero. + */ + if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || + (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || +@@ -1235,6 +1241,21 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + return EFI_SECURITY_VIOLATION; + } + ++ /** ++ * UEFI: Page 253 ++ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify ++ * that the TimeStamp value is later than the current ++ * timestamp value associated with the variable ++ */ ++ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { ++ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { ++ EMSG("Timestamp violation"); ++ return EFI_SECURITY_VIOLATION; ++ } ++ ++ /* Save new timestamp */ ++ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); ++ } + /* Calculate hash for the variable only once */ + hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), + &hash_len); +diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c +index e2fe6dd38..f4194d2d3 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.c ++++ b/components/service/uefi/smm_variable/backend/variable_index.c +@@ -198,6 +198,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co + /* Initialize metadata */ + info->metadata.uid = generate_uid(context, guid, name_size, name); + info->metadata.guid = *guid; ++ memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME)); + info->metadata.attributes = 0; + info->metadata.name_size = name_size; + memcpy(info->metadata.name, name, name_size); +diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h +index 5d3b7a7c6..7eef7b86b 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.h ++++ b/components/service/uefi/smm_variable/backend/variable_index.h +@@ -32,6 +32,7 @@ extern "C" { + */ + struct variable_metadata { + EFI_GUID guid; ++ EFI_TIME timestamp; + size_t name_size; + int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE]; + uint32_t attributes; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch new file mode 100644 index 0000000000..16ca63b3c2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch @@ -0,0 +1,282 @@ +From 19e79008e0fa3193b54bf6499516dc75cb10f6ec Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Thu, 11 Apr 2024 13:42:03 +0200 +Subject: [PATCH 2/3] Isolate common uefi variable authentication steps + +Currently all auth variables are authenticated with the secure boot +keys. To introduce corrent check for Private Authenticated Variables +first separate the common steps from the secure boot related steps. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27956] +--- + .../backend/uefi_variable_store.c | 191 ++++++++++-------- + 1 file changed, 103 insertions(+), 88 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index 1b624f0c9..1384d0def 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -78,6 +78,12 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, + static efi_status_t authenticate_variable(const struct uefi_variable_store *context, + EFI_TIME *timestamp, + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); ++ ++static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, ++ efi_data_map* var_map, ++ uint8_t* hash_buffer, ++ size_t hash_len, ++ uint64_t max_variable_size); + #endif + + static efi_status_t store_variable_data(const struct uefi_variable_store *context, +@@ -1118,30 +1124,109 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + { + efi_status_t status = EFI_SUCCESS; + EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; +- EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE; +- EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO variable_info = { 0, 0, 0, 0 }; +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL; +- size_t pk_payload_size = 0; + efi_data_map var_map = { NULL, NULL, NULL, 0, 0, NULL, 0, NULL }; + uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; + size_t hash_len = 0; +- bool hash_result = false; + + /* Create a map of the fields of the new variable including the auth header */ + if (!init_efi_data_map(var, true, &var_map)) + return EFI_SECURITY_VIOLATION; + +- /* database variables can be verified by either PK or KEK while images +- * should be checked by db and dbx so the length of two will be enough. +- */ +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL }; +- + /* Find the maximal size of variables for the GetVariable operation */ + status = uefi_variable_store_query_variable_info(context, &variable_info); + if (status != EFI_SUCCESS) + return EFI_SECURITY_VIOLATION; + ++ /** ++ * UEFI: Page 246 ++ * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a ++ * SetVariable() call, and firmware does not support signature type of the certificate ++ * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call ++ * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the ++ * firmware is defined by the SignatureSupport variable. Signature type of the certificate ++ * is defined by its digest and encryption algorithms. ++ */ ++ /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */ ++ if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ++ return EFI_INVALID_PARAMETER; ++ ++ /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */ ++ if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid)) ++ return EFI_SECURITY_VIOLATION; ++ ++ /** ++ * Time associated with the authentication descriptor. For the TimeStamp value, ++ * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0. ++ * This means that the time shall always be expressed in GMT. ++ * ++ * UEFI: Page 253 ++ * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components ++ * of the TimeStamp value are set to zero. ++ */ ++ if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || ++ (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || ++ (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) || ++ (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) || ++ (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) { ++ return EFI_SECURITY_VIOLATION; ++ } ++ ++ /** ++ * UEFI: Page 253 ++ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify ++ * that the TimeStamp value is later than the current ++ * timestamp value associated with the variable ++ */ ++ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { ++ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { ++ EMSG("Timestamp violation"); ++ return EFI_SECURITY_VIOLATION; ++ } ++ ++ /* Save new timestamp */ ++ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); ++ } ++ /* Calculate hash for the variable only once */ ++ if (calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), &hash_len) == 0) { ++ status = EFI_SECURITY_VIOLATION; ++ } ++ ++ /* Run Secure Boot related authentication steps */ ++ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); ++ ++ /* Remove the authentication header from the variable if the authentication is successful */ ++ if (status == EFI_SUCCESS) { ++ uint8_t *smm_payload = ++ (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); ++ ++ memmove(smm_payload, var_map.payload, var_map.payload_len); ++ memset((uint8_t *)smm_payload + var_map.payload_len, 0, ++ var_map.efi_auth_descriptor_len); ++ ++ var->DataSize -= var_map.efi_auth_descriptor_len; ++ } ++ ++ return status; ++} ++ ++static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, ++ efi_data_map* var_map, ++ uint8_t* hash_buffer, ++ size_t hash_len, ++ uint64_t max_variable_size) ++{ ++ efi_status_t status = EFI_SUCCESS; ++ EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE; ++ EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL; ++ size_t pk_payload_size = 0; ++ ++ /* database variables can be verified by either PK or KEK while images ++ * should be checked by db and dbx so the length of two will be enough. ++ */ ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL }; ++ + /** + * UEFI: Page 253 + * 3. If the variable SetupMode==1, and the variable is a secure +@@ -1166,14 +1251,14 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + * Platform Key is checked to enable or disable authentication. + */ + create_smm_variable(&pk_variable, sizeof(EFI_PLATFORM_KEY_NAME), +- variable_info.MaximumVariableSize, (uint8_t *)EFI_PLATFORM_KEY_NAME, ++ max_variable_size, (uint8_t *)EFI_PLATFORM_KEY_NAME, + &global_variable_guid); + + if (!pk_variable) + return EFI_OUT_OF_RESOURCES; + + status = uefi_variable_store_get_variable( +- context, pk_variable, variable_info.MaximumVariableSize, &pk_payload_size); ++ context, pk_variable, max_variable_size, &pk_payload_size); + + /* If PK does not exist authentication is disabled */ + if (status != EFI_SUCCESS) { +@@ -1207,66 +1292,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + goto end; + } + +- /** +- * UEFI: Page 246 +- * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a +- * SetVariable() call, and firmware does not support signature type of the certificate +- * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call +- * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the +- * firmware is defined by the SignatureSupport variable. Signature type of the certificate +- * is defined by its digest and encryption algorithms. +- */ +- /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */ +- if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) +- return EFI_INVALID_PARAMETER; +- +- /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */ +- if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid)) +- return EFI_SECURITY_VIOLATION; +- +- /** +- * Time associated with the authentication descriptor. For the TimeStamp value, +- * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0. +- * This means that the time shall always be expressed in GMT. +- * +- * UEFI: Page 253 +- * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components +- * of the TimeStamp value are set to zero. +- */ +- if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || +- (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || +- (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) || +- (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) || +- (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) { +- return EFI_SECURITY_VIOLATION; +- } +- +- /** +- * UEFI: Page 253 +- * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify +- * that the TimeStamp value is later than the current +- * timestamp value associated with the variable +- */ +- if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { +- if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { +- EMSG("Timestamp violation"); +- return EFI_SECURITY_VIOLATION; +- } +- +- /* Save new timestamp */ +- memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); +- } +- /* Calculate hash for the variable only once */ +- hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), +- &hash_len); +- +- if (!hash_result) { +- status = EFI_SECURITY_VIOLATION; +- goto end; +- } +- +- status = select_verification_keys(var_map, global_variable_guid, security_database_guid, +- variable_info.MaximumVariableSize, ++ status = select_verification_keys(*var_map, global_variable_guid, security_database_guid, ++ max_variable_size, + &allowed_key_store_variables[0]); + + if (status != EFI_SUCCESS) +@@ -1280,8 +1307,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + continue; + + status = uefi_variable_store_get_variable(context, allowed_key_store_variables[i], +- variable_info.MaximumVariableSize, +- &actual_variable_length); ++ max_variable_size, ++ &actual_variable_length); + + if (status) { + /* When the parent does not exist it is considered verification failure */ +@@ -1297,8 +1324,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + goto end; + } + +- status = verify_var_by_key_var(&var_map, &allowed_key_store_var_map, +- (uint8_t *)&hash_buffer, hash_len); ++ status = verify_var_by_key_var(var_map, &allowed_key_store_var_map, ++ hash_buffer, hash_len); + + if (status == EFI_SUCCESS) + goto end; +@@ -1311,18 +1338,6 @@ end: + free(allowed_key_store_variables[i]); + } + +- /* Remove the authentication header from the variable if the authentication is successful */ +- if (status == EFI_SUCCESS) { +- uint8_t *smm_payload = +- (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); +- +- memmove(smm_payload, var_map.payload, var_map.payload_len); +- memset((uint8_t *)smm_payload + var_map.payload_len, 0, +- var_map.efi_auth_descriptor_len); +- +- var->DataSize -= var_map.efi_auth_descriptor_len; +- } +- + return status; + } + #endif +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch new file mode 100644 index 0000000000..eb7852f0c6 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch @@ -0,0 +1,292 @@ +From a172c6e8269915db1b25e2749bae06dc0220cfb8 Mon Sep 17 00:00:00 2001 +From: Gabor Toth <gabor.toth2@arm.com> +Date: Thu, 11 Apr 2024 13:48:14 +0200 +Subject: [PATCH 3/3] Implement Private Authenticated Variable verification + +Refactor the implementation to only use the PK, KEK, DB authentication +chain for boot variables, and implement the self authentication for +private authenticated variables. + +Signed-off-by: Gabor Toth <gabor.toth2@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27957] +--- + .../backend/uefi_variable_store.c | 126 +++++++++++++++--- + .../smm_variable/backend/variable_index.c | 1 + + .../smm_variable/backend/variable_index.h | 2 + + .../config/default-opteesp/CMakeLists.txt | 2 +- + .../config/default-sp/CMakeLists.txt | 2 +- + 5 files changed, 112 insertions(+), 21 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index 1384d0def..97c43dc74 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -75,15 +75,25 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, + const efi_data_map *key_store_var, + const uint8_t *hash_buffer, size_t hash_len); + ++static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); ++ + static efi_status_t authenticate_variable(const struct uefi_variable_store *context, +- EFI_TIME *timestamp, +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); ++ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE], ++ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); + + static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, + efi_data_map* var_map, + uint8_t* hash_buffer, + size_t hash_len, + uint64_t max_variable_size); ++ ++static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context, ++ efi_data_map* var_map, ++ uint8_t* hash_buffer, ++ size_t hash_len, ++ uint64_t max_variable_size, ++ bool new_variable, ++ uint8_t (*fingerprint)[FINGERPRINT_SIZE]); + #endif + + static efi_status_t store_variable_data(const struct uefi_variable_store *context, +@@ -205,6 +215,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + { + bool should_sync_index = false; + EFI_TIME timestamp = { 0 }; ++ uint8_t fingerprint[FINGERPRINT_SIZE] = { 0 }; + + /* Validate incoming request */ + efi_status_t status = check_name_terminator(var->Name, var->NameSize); +@@ -233,8 +244,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + return EFI_OUT_OF_RESOURCES; + } + +- /* Save the timestamp into a buffer, which can be overwritten by the authentication function */ ++ /* Save the timestamp and fingerprints into a buffer, which can be overwritten by the authentication function */ + memcpy(×tamp, &info->metadata.timestamp, sizeof(EFI_TIME)); ++ memcpy(&fingerprint, &info->metadata.fingerprint, FINGERPRINT_SIZE); + + /* Control access */ + status = check_access_permitted_on_set(context, info, var); +@@ -251,7 +263,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + if (info->metadata.attributes & + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { + status = authenticate_variable( +- context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); ++ context, ×tamp, &fingerprint, false, ++ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); + + if (status != EFI_SUCCESS) + return status; +@@ -337,7 +350,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + */ + if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { + status = authenticate_variable( +- context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); ++ context, ×tamp, &fingerprint, true, ++ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); + + if (status != EFI_SUCCESS) + return status; +@@ -372,6 +386,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + /* Store any variable data to the storage backend with the updated metadata */ + if (info->is_variable_set && (status == EFI_SUCCESS)) { + memcpy(&info->metadata.timestamp, ×tamp, sizeof(EFI_TIME)); ++ memcpy(&info->metadata.fingerprint, &fingerprint, FINGERPRINT_SIZE); + status = store_variable_data(context, info, var); + } + } +@@ -1030,15 +1045,6 @@ select_verification_keys(const efi_data_map new_var, EFI_GUID global_variable_gu + create_smm_variable(&(allowed_key_store_variables[1]), + sizeof(EFI_KEY_EXCHANGE_KEY_NAME), maximum_variable_size, + (uint8_t *)EFI_KEY_EXCHANGE_KEY_NAME, &global_variable_guid); +- } else { +- /* +- * Any other variable is considered Private Authenticated Variable. +- * These are verified by db +- */ +- create_smm_variable(&(allowed_key_store_variables[0]), +- sizeof(EFI_IMAGE_SECURITY_DATABASE), maximum_variable_size, +- (uint8_t *)EFI_IMAGE_SECURITY_DATABASE, +- &security_database_guid); + } + + return EFI_SUCCESS; +@@ -1114,13 +1120,39 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, + return EFI_SECURITY_VIOLATION; + } + +-/* Basic verification of the authentication header of the new variable. ++static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) ++{ ++ if (compare_name_to_key_store_name(var->Name, ++ var->NameSize, EFI_PLATFORM_KEY_NAME, ++ sizeof(EFI_PLATFORM_KEY_NAME)) || ++ compare_name_to_key_store_name( ++ var->Name, var->NameSize, ++ EFI_KEY_EXCHANGE_KEY_NAME, sizeof(EFI_KEY_EXCHANGE_KEY_NAME)) || ++ compare_name_to_key_store_name( ++ var->Name, var->NameSize, ++ EFI_IMAGE_SECURITY_DATABASE, sizeof(EFI_IMAGE_SECURITY_DATABASE)) || ++ compare_name_to_key_store_name( ++ var->Name, var->NameSize, ++ EFI_IMAGE_SECURITY_DATABASE1, sizeof(EFI_IMAGE_SECURITY_DATABASE1)) || ++ compare_name_to_key_store_name( ++ var->Name, var->NameSize, ++ EFI_IMAGE_SECURITY_DATABASE2, sizeof(EFI_IMAGE_SECURITY_DATABASE2)) || ++ compare_name_to_key_store_name( ++ var->Name, var->NameSize, ++ EFI_IMAGE_SECURITY_DATABASE3, sizeof(EFI_IMAGE_SECURITY_DATABASE3))) ++ return false; ++ ++ return true; ++} ++ ++/* ++ * Basic verification of the authentication header of the new variable. + * First finds the key variable responsible for the authentication of the new variable, + * then verifies it. + */ + static efi_status_t authenticate_variable(const struct uefi_variable_store *context, +- EFI_TIME *timestamp, +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) ++ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE], ++ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) + { + efi_status_t status = EFI_SUCCESS; + EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; +@@ -1192,8 +1224,13 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont + status = EFI_SECURITY_VIOLATION; + } + +- /* Run Secure Boot related authentication steps */ +- status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); ++ if (isPrivateAuthVar(var)) { ++ /* Run Private Authenticated Variable related authentication steps */ ++ status = authenticate_private_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize, new_variable, fingerprint); ++ } else { ++ /* Run Secure Boot related authentication steps */ ++ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); ++ } + + /* Remove the authentication header from the variable if the authentication is successful */ + if (status == EFI_SUCCESS) { +@@ -1340,6 +1377,57 @@ end: + + return status; + } ++ ++static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context, ++ efi_data_map* var_map, ++ uint8_t* hash_buffer, ++ size_t hash_len, ++ uint64_t max_variable_size, ++ bool new_variable, ++ uint8_t (*fingerprint)[FINGERPRINT_SIZE]) ++{ ++ efi_status_t status = EFI_SUCCESS; ++ uint8_t new_fingerprint[PSA_HASH_MAX_SIZE] = { 0 }; ++ ++ /* Verify the signature of the variable */ ++ if (verify_pkcs7_signature( ++ var_map->efi_auth_descriptor->AuthInfo.CertData, ++ var_map->efi_auth_descriptor_certdata_len, hash_buffer, ++ hash_len, NULL, 0) == 0) ++ status = EFI_SUCCESS; ++ else ++ return EFI_SECURITY_VIOLATION; ++ ++ /** ++ * UEFI: Page 254 ++ * CN of the signing certificate’s Subject and the hash of the tbsCertificate of the top-level issuer certificate ++ * (or the signing certificate itself if no other certificates are present or the certificate chain is of length 1) ++ * in SignedData.certificates is registered for use in subsequent verifications of this variable. Implementations ++ * may store just a single hash of these two elements to reduce storage requirements. ++ */ ++ if (get_uefi_priv_auth_var_fingerprint_handler(var_map->efi_auth_descriptor->AuthInfo.CertData, ++ var_map->efi_auth_descriptor_certdata_len, ++ (uint8_t*)&new_fingerprint)) { ++ EMSG("Failed to querry variable fingerprint input"); ++ return EFI_SECURITY_VIOLATION; ++ } ++ ++ /* ++ * The hash is SHA256 so only 32 bytes contain non zero values. ++ * Use only that part to decrease metadata size. ++ */ ++ if (!new_variable) { ++ if (memcmp(&new_fingerprint, fingerprint, FINGERPRINT_SIZE)) { ++ EMSG("Fingerprint verification failed"); ++ return EFI_SECURITY_VIOLATION; ++ } ++ } else { ++ /* Save fingerprint */ ++ memcpy(fingerprint, &new_fingerprint, FINGERPRINT_SIZE); ++ } ++ ++ return status; ++} + #endif + + static efi_status_t store_variable_data(const struct uefi_variable_store *context, +diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c +index f4194d2d3..7f2fbe0ba 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.c ++++ b/components/service/uefi/smm_variable/backend/variable_index.c +@@ -199,6 +199,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co + info->metadata.uid = generate_uid(context, guid, name_size, name); + info->metadata.guid = *guid; + memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME)); ++ memset(&info->metadata.fingerprint, 0, sizeof(FINGERPRINT_SIZE)); + info->metadata.attributes = 0; + info->metadata.name_size = name_size; + memcpy(info->metadata.name, name, name_size); +diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h +index 7eef7b86b..726bc985a 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.h ++++ b/components/service/uefi/smm_variable/backend/variable_index.h +@@ -24,6 +24,7 @@ extern "C" { + * Implementation limits + */ + #define VARIABLE_INDEX_MAX_NAME_SIZE (64) ++#define FINGERPRINT_SIZE (32) + + /** + * \brief variable_metadata structure definition +@@ -33,6 +34,7 @@ extern "C" { + struct variable_metadata { + EFI_GUID guid; + EFI_TIME timestamp; ++ uint8_t fingerprint[FINGERPRINT_SIZE]; + size_t name_size; + int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE]; + uint32_t attributes; +diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt +index 0e281a377..d3df61ded 100644 +--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt ++++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt +@@ -42,7 +42,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP") + add_platform(TARGET "smm-gateway") + + # SMM variable and RPC caller settings +-set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count") ++set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count") + set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW") + if (UEFI_AUTH_VAR) + set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size") +diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt +index 8df9256e4..bb97cf8e3 100644 +--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt ++++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt +@@ -47,7 +47,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP") + add_platform(TARGET "smm-gateway") + + # SMM variable and RPC caller settings +-set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count") ++set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count") + set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW") + if (UEFI_AUTH_VAR) + set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size") +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch new file mode 100644 index 0000000000..76e78fa365 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch @@ -0,0 +1,37 @@ +From e8b577d02d1d4ed2492bb0b6c3a5bb7d2656f13a Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Fri, 17 May 2024 13:21:07 +0200 +Subject: [PATCH] Change RSS_COMMS cmake variables to cahce vars + +This way they can be set externally as well for the corstone1000 +platform. + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Pending +--- + platform/providers/arm/corstone1000/platform.cmake | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +index 16139c80e..82ac14f0b 100644 +--- a/platform/providers/arm/corstone1000/platform.cmake ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -9,11 +9,13 @@ + set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count") + set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW") + set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size") ++set(PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSS_COMMS_PAYLOAD buffer") ++set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU") + + target_compile_definitions(${TGT} PRIVATE + SMM_VARIABLE_INDEX_STORAGE_UID=0x787 +- PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0x2080 +- COMMS_MHU_MSG_SIZE=0x3500 ++ PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE} ++ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} + ) + + get_property(_platform_driver_dependencies TARGET ${TGT} +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend index 99c03f69fd..2ae28c891a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend @@ -1,5 +1,9 @@ require ts-arm-platforms.inc -EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \ +EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x81FFF000 \ -DMM_COMM_BUFFER_PAGE_COUNT=1 \ " + +EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS=0x81000000 \ + -DMM_COMM_BUFFER_PAGE_COUNT=8 \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 80a580569f..c186b02207 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -5,13 +5,25 @@ SRC_URI:append:corstone1000 = " \ file://0001-Add-stub-capsule-update-service-components.patch \ file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ file://0003-FMP-Support-in-Corstone1000.patch \ - file://0004-GetNextVariableName-Fix.patch \ + file://0004-smm_gateway-GetNextVariableName-Fix.patch \ file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch \ file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \ file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \ - file://0008-platform-corstone1000-fix-synchronization-issue.patch \ - file://0009-plat-corstone1000-fmp-client-id.patch \ + file://0008-plat-corstone1000-add-client_id-for-FMP-service.patch \ + file://0009-Remove-Werror-flag.patch \ + file://0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ + file://0011-Fix-Avoid-redefinition-of-variables.patch \ + file://0012-Fix-GetNextVariableName-NameSize-input.patch \ + file://0013-Fix-error-handling-of-variable-index-loading.patch \ + file://0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch \ + file://0015-Add-timestamp-validation-for-uefi-variables.patch \ + file://0016-Isolate-common-uefi-variable-authentication-steps.patch \ + file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \ + file://0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch \ " COMPATIBLE_MACHINE:n1sdp = "n1sdp" + +COMPATIBLE_MACHINE:fvp-base = "fvp-base" +TS_PLATFORM:fvp-base = "arm/fvp/fvp_base_revc-2xaemv8a" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend index 7417d9b0ba..77fb7ae266 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend @@ -6,3 +6,4 @@ SRC_URI:append:corstone1000 = " \ " COMPATIBLE_MACHINE:n1sdp = "n1sdp" +COMPATIBLE_MACHINE:fvp-base = "fvp-base" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend index eba1553235..64ab5bea09 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend @@ -1,5 +1,10 @@ require ts-arm-platforms.inc -EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \ -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + -DSP_HEAP_SIZE=70*1024 \ " + +# Proxy is pointless on fvp-base as there is no dedicated security subsystem. It could be +# deployed configured to have dummy service providers for build testing purposes. +COMPATIBLE_MACHINE:remove:fvp-base = "fvp-base" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index eba1553235..628dfb4807 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -1,5 +1,12 @@ require ts-arm-platforms.inc -EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \ -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + -DUEFI_AUTH_VAR=ON \ + -DUEFI_INTERNAL_CRYPTO=ON \ + -DSMM_GATEWAY_MAX_UEFI_VARIABLES=60 \ + " + +EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="8" \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/wic/efi-disk-esp-only.wks.in b/meta-arm/meta-arm-bsp/wic/efi-disk-esp-only.wks.in new file mode 100644 index 0000000000..739cc5a430 --- /dev/null +++ b/meta-arm/meta-arm-bsp/wic/efi-disk-esp-only.wks.in @@ -0,0 +1,9 @@ +# short-description: Create an EFI disk image with only an ESP partition +# long-description: Creates a partitioned EFI disk image that the user +# can directly dd to boot media. This image only contains an ESP +# partition that can be used by the SystemReady ACS test to store +# EFI data and process capsule updates. + +part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid --part-name="ESP" --part-type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B --fixed-size 256M + +bootloader --ptable gpt --timeout=1 --append="${GRUB_LINUX_APPEND}" diff --git a/meta-arm/meta-arm-bsp/wic/efi-disk-no-swap.wks.in b/meta-arm/meta-arm-bsp/wic/efi-disk-no-swap.wks.in index 61902dfdad..6ae7ad9d6d 100644 --- a/meta-arm/meta-arm-bsp/wic/efi-disk-no-swap.wks.in +++ b/meta-arm/meta-arm-bsp/wic/efi-disk-no-swap.wks.in @@ -3,8 +3,8 @@ # can directly dd to boot media. This image will not contain a swap # partition but will contain custom machine specific grub arguments. -part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid +part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid --part-name="ESP" --part-type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B --fixed-size 256M -part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid +part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --exclude-path boot/ bootloader --ptable gpt --timeout=1 --append="${GRUB_LINUX_APPEND}" diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb index f9226c31cf..41ac2f7759 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb @@ -41,7 +41,7 @@ file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \ " IMAGE_CLASSES:remove = "license_image" -COMPATIBLE_MACHINE = "fvp-*" +COMPATIBLE_MACHINE = "(fvp-.+|.+-fvp)" TEST_SUITES = "arm_systemready_ir_acs" diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb index 04faa3a937..8dbb75c3f7 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb @@ -1,41 +1,105 @@ require arm-systemready-linux-distros.inc -LICENSE = "GPL-1.0-only & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later \ - & GPL-3.0-only & GPL-3.0-or-later & LGPL-2.0-only \ - & LGPL-2.0-or-later & LGPL-2.1-only & LGPL-2.1-or-later \ - & LGPL-3.0-only & LGPL-3.0-or-later & BSD-3-Clause & BSD-4-Clause \ - & Artistic-1.0-Perl & Apache-1.0 & Apache-1.1 & Apache-2.0 & Zlib \ - & Python-2.0 & Ruby & PHP-3.01 & W3C-20150513 & OpenSSL & Sleepycat" +# The Debian project does not provide a license manifest for the distributed ISO images. +# The following list only contains the SPDX license identifiers found on the deb +# packages from the ISO image and is not exhaustive. +# For more information about Debian licenses, including the non-free ones, refer to +# https://www.debian.org/legal/licenses/. +LICENSE = "AFL-2.0 & AFL-2.1 \ + & GPL-1.0-only & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later & GPL-2.0-with-autoconf-exception \ + & GPL-2.0-with-OpenSSL-exception & GPL-3.0-only & GPL-3.0-or-later & GPL-3.0-with-autoconf-exception \ + & GPL-3-with-bison-exception & SMAIL_GPL & LGPL-2.0-only & LGPL-2.0-or-later & LGPL-2.1-only \ + & LGPL-2.1-or-later & LGPL-3.0-only & LGPL-3.0-or-later & BSD-2-Clause & BSD-3-Clause \ + & BSD-3-Clause-Clear & BSD-4-Clause & BSD-4-Clause-UC & TCP-wrappers & OLDAP-2.8 & PSF-2.0 & BSL-1.0 \ + & bzip2-1.0.6 & CC0-1.0 & Libpng & Latex2e & Unicode-TOU & Unicode-DFS-2016 & CC-BY-3.0 & CC-BY-SA-3.0 \ + & CC-BY-SA-4.0 & curl & MS-PL & NTP & FSFAP & FSFUL & FSFULLR & FSF-Unlimited & EDL-1.0 & Vim & FTL \ + & TCL & MPL-1.1 & MPL-2.0 & GFDL-1.1-or-later & GFDL-1.2-or-later & GFDL-1.3-no-invariants-or-later \ + & GFDL-1.3-no-invariants-only & Artistic-1.0 & Artistic-2.0 & Artistic-1.0-Perl & Apache-2.0 \ + & Apache-2.0-with-LLVM-exception & Zlib & Python-2.0 & OpenSSL & Sleepycat & Spencer-86 & MIT & MIT-CMU \ + & MIT-advertising & Beerware & Intel & X11 & ISC & IPL-1.0 & SSH-OpenSSH & SSH-short & RSA-MD & OPL-1.0 & PD" + LIC_FILES_CHKSUM = "\ +file://${COMMON_LICENSE_DIR}/AFL-2.0;md5=f01c02e5eac69cff6b8c2cc474b8d468 \ +file://${COMMON_LICENSE_DIR}/AFL-2.1;md5=e40039b90e182a056bcd9ad3e47ddd71 \ file://${COMMON_LICENSE_DIR}/GPL-1.0-only;md5=e9e36a9de734199567a4d769498f743d \ file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf61 \ file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6 \ file://${COMMON_LICENSE_DIR}/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-with-autoconf-exception;md5=966c02a95037a9c7ad75a7597aea9c5f \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-with-OpenSSL-exception;md5=d9e4412f125e3e6f14efba8ce7b4604f \ file://${COMMON_LICENSE_DIR}/GPL-3.0-only;md5=c79ff39f19dfec6d293b95dea7b07891 \ file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea7245 \ +file://${COMMON_LICENSE_DIR}/GPL-3.0-with-autoconf-exception;md5=da26b415cb0faf9bfe6829f0ffa409ec \ +file://${COMMON_LICENSE_DIR}/GPL-3-with-bison-exception;md5=6e1bac3dc21fcc4fa049cf5c407eb7a2 \ +file://${COMMON_LICENSE_DIR}/SMAIL_GPL;md5=b948675029f79c64840e78881e91e1d4 \ file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \ file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \ file://${COMMON_LICENSE_DIR}/LGPL-2.1-only;md5=1a6d268fd218675ffea8be556788b780 \ file://${COMMON_LICENSE_DIR}/LGPL-2.1-or-later;md5=2a4f4fd2128ea2f65047ee63fbca9f68 \ file://${COMMON_LICENSE_DIR}/LGPL-3.0-only;md5=bfccfe952269fff2b407dd11f2f3083b \ file://${COMMON_LICENSE_DIR}/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \ +file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f \ file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \ +file://${COMMON_LICENSE_DIR}/BSD-3-Clause-Clear;md5=7a434440b651f4a472ca93716d01033a \ file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \ +file://${COMMON_LICENSE_DIR}/BSD-4-Clause-UC;md5=1da3cf8ad50cd8d5d1de3cfc53196d01 \ +file://${COMMON_LICENSE_DIR}/TCP-wrappers;md5=83b1f59c3c52689f5652193e0cd5b1cf \ +file://${COMMON_LICENSE_DIR}/OLDAP-2.8;md5=bb28ada4fbb5c3f52c233899b2e410a5 \ +file://${COMMON_LICENSE_DIR}/PSF-2.0;md5=76c1502273262a5ebefb50dfb20d7c4f \ +file://${COMMON_LICENSE_DIR}/BSL-1.0;md5=65a7df9ad57aacf825fd252c4c33288c \ +file://${COMMON_LICENSE_DIR}/bzip2-1.0.6;md5=841c5495611ae95b13e80fa4a0627333 \ +file://${COMMON_LICENSE_DIR}/CC0-1.0;md5=0ceb3372c9595f0a8067e55da801e4a1 \ +file://${COMMON_LICENSE_DIR}/Libpng;md5=12b4ec50384c800bc568f519671b120c \ +file://${COMMON_LICENSE_DIR}/Latex2e;md5=ef91d258f6a8d4d7f4db4d30adf38598 \ +file://${COMMON_LICENSE_DIR}/Unicode-TOU;md5=666362dc5dba74f477af0f44fb85bd22 \ +file://${COMMON_LICENSE_DIR}/Unicode-DFS-2016;md5=907371994d651afe53e98adc27824669 \ +file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7 \ +file://${COMMON_LICENSE_DIR}/CC-BY-SA-3.0;md5=3248afbd148270ac7337a6f3e2558be5 \ +file://${COMMON_LICENSE_DIR}/CC-BY-SA-4.0;md5=4084714af41157e38872e798eb3fe1b1 \ +file://${COMMON_LICENSE_DIR}/curl;md5=f7adb1397db248527ffed14d947e445c \ +file://${COMMON_LICENSE_DIR}/MS-PL;md5=b9cbca4f1a399b0c17b3521736e67848 \ +file://${COMMON_LICENSE_DIR}/NTP;md5=0926fd147301b2a65e45e21adb3a6f14 \ +file://${COMMON_LICENSE_DIR}/FSFAP;md5=232368338ef6dc99de71c2e05ff12176 \ +file://${COMMON_LICENSE_DIR}/FSFUL;md5=dc74327e8d4dca295527a090d2af4ba4 \ +file://${COMMON_LICENSE_DIR}/FSFULLR;md5=f0aa4b452548cc5d53a7772a9a90b3c0 \ +file://${COMMON_LICENSE_DIR}/FSF-Unlimited;md5=06fadd9ae6adbcd5d8d545dac90b15f6 \ +file://${COMMON_LICENSE_DIR}/EDL-1.0;md5=e06be17b8577bf6e2277a5c3c71b2d05 \ +file://${COMMON_LICENSE_DIR}/Vim;md5=676d28582e2dca824e7e309a9865eeb1 \ +file://${COMMON_LICENSE_DIR}/FTL;md5=f0bf6b09ee8b02121ed10709d9e49d8b \ +file://${COMMON_LICENSE_DIR}/TCL;md5=5f7b23ac10d8f7cde16737bc896bb6fb \ +file://${COMMON_LICENSE_DIR}/MPL-1.1;md5=1d38e87ed8d522c49f04e1efe0fab3ab \ +file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad \ +file://${COMMON_LICENSE_DIR}/GFDL-1.1-or-later;md5=03322744a1a73f36ebf29f98cced39a4 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.2-or-later;md5=9f58808219e9a42ff1228309d6f83dc6 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.3-no-invariants-or-later;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.3-no-invariants-only;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \ +file://${COMMON_LICENSE_DIR}/Artistic-1.0;md5=cda03bbdc3c1951996392b872397b798 \ +file://${COMMON_LICENSE_DIR}/Artistic-2.0;md5=8bbc66f0ba93cec26ef526117e280266 \ file://${COMMON_LICENSE_DIR}/Artistic-1.0-Perl;md5=8feedd169dbd5738981843bd7d931f9f \ -file://${COMMON_LICENSE_DIR}/Apache-1.0;md5=9f7a9503b805de9158a2a31a2cef4b70 \ -file://${COMMON_LICENSE_DIR}/Apache-1.1;md5=61cc638ff95ff4f38f243855bcec4317 \ file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \ +file://${COMMON_LICENSE_DIR}/Apache-2.0-with-LLVM-exception;md5=0bcd48c3bdfef0c9d9fd17726e4b7dab \ file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \ file://${COMMON_LICENSE_DIR}/Python-2.0;md5=a5c8025e305fb49e6d405769358851f6 \ -file://${COMMON_LICENSE_DIR}/Ruby;md5=105fc57d3f4d3122db32912f3e6107d0 \ -file://${COMMON_LICENSE_DIR}/PHP-3.01;md5=3363e286b5882ec667a6ebd86e0d9d91 \ -file://${COMMON_LICENSE_DIR}/W3C-20150513;md5=9ff23a699fca546a380855dd40d12d4f \ file://${COMMON_LICENSE_DIR}/OpenSSL;md5=4eb1764f3e65fafa1a25057f9082f2ae \ file://${COMMON_LICENSE_DIR}/Sleepycat;md5=1cbb64231c94198653282f3ccab88ffb \ +file://${COMMON_LICENSE_DIR}/Spencer-86;md5=97ba797de74f88a17676473fab224843 \ +file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ +file://${COMMON_LICENSE_DIR}/MIT-CMU;md5=91b70218e0db8e063ed88cd532cb801d \ +file://${COMMON_LICENSE_DIR}/MIT-advertising;md5=0f358dd6677661d482934070c7eeaeec \ +file://${COMMON_LICENSE_DIR}/Beerware;md5=8db32780d0d8bbbdce0fa415e514cb89 \ +file://${COMMON_LICENSE_DIR}/Intel;md5=ced5efc26449ecac834b4b71625a3410 \ +file://${COMMON_LICENSE_DIR}/X11;md5=87f08485cf6ba3c63a00eda8ecba7f1d \ +file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d \ +file://${COMMON_LICENSE_DIR}/IPL-1.0;md5=be739b8845e6e98f99e206221fe9293b \ +file://${COMMON_LICENSE_DIR}/SSH-OpenSSH;md5=3af632aae8cf01feb6ce2ed44bb7ed2e \ +file://${COMMON_LICENSE_DIR}/SSH-short;md5=b73783010a430cadaabdc8ec0c0748f8 \ +file://${COMMON_LICENSE_DIR}/RSA-MD;md5=9342e66a3fb8ddeebe449a85366f4acc \ +file://${COMMON_LICENSE_DIR}/OPL-1.0;md5=acdf1e4398bd93dc137e271c50316324 \ +file://${COMMON_LICENSE_DIR}/PD;md5=b3597d12946881e13cb3b548d1173851 \ " -PV = "11.7.0" +PV = "12.4.0" # netinst, DVD-1 ISO_TYPE = "netinst" SRC_URI = "https://cdimage.debian.org/mirror/cdimage/archive/${PV}/arm64/iso-cd/debian-${PV}-arm64-${ISO_TYPE}.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso" -SRC_URI[sha256sum] = "174caba674fe3172938439257156b9cb8940bb5fd5ddf124256e81ec00ec460d" +SRC_URI[sha256sum] = "d32d2c63350a932dc0d9d45665985b41413f9e01efc0eacbea981d435f553d3d" diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb new file mode 100644 index 0000000000..25990b3038 --- /dev/null +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb @@ -0,0 +1,103 @@ +require arm-systemready-linux-distros.inc + +# The Fedora project does not provide a license manifest for the distributed ISO images. +# The following list only contains the SPDX license identifiers found on the rpm +# packages from the ISO image and is not exhaustive. +# For more information about Fedora licenses, including the non-free ones, refer to +# https://docs.fedoraproject.org/en-US/legal/fedora-linux-license/. +LICENSE = "GPL-1.0-only & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later & GPL-2.0-with-font-exception \ + & GPL-2.0-with-GCC-exception & GPL-3.0-only & GPL-3.0-or-later & GPL-3-with-bison-exception \ + & LGPL-2.0-only & LGPL-2.0-or-later & LGPL-2.1-only & LGPL-2.1-or-later & LGPL-3.0-only & LGPL-3.0-or-later \ + & 0BSD & BSD-2-Clause & BSD-3-Clause & BSD-3-Clause-Modification & BSD-4-Clause & BSD-4-Clause-UC \ + & ClArtistic & Artistic-2.0 & Artistic-1.0-Perl & Apache-2.0 & Apache-2.0-with-LLVM-exception & Zlib \ + & zlib-acknowledgement & Sleepycat & MIT & MIT-open-group & MIT-Modern-Variant & Unlicense & ISC \ + & AFL-2.1 & AGPL-3.0-only & AGPL-3.0-or-later & FSFAP & MPL-1.1 & MPL-2.0 & CC-BY-3.0 & CC-BY-4.0 \ + & CC-BY-SA-4.0 & CC0-1.0 & NCSA & APSL-2.0 & IJG & psutils & Sendmail & blessing & NTP & BSL-1.0 \ + & GFDL-1.1-or-later & GFDL-1.2-or-later & GFDL-1.3 & GFDL-1.3-or-later & GFDL-1.3-no-invariants-or-later \ + & NPL-1.1 & libtiff & Vim & curl & EUPL-1.1 & OFL-1.1 & OFL-1.1-RFN & FTL & Info-ZIP & Interbase-1.0 \ + & Unicode-DFS-2016 & SISSL & LPPL-1.3a & SGI-B-2.0 & PSF-2.0 & X11 & OLDAP-2.8 & PostgreSQL & OPUBL-1.0" + +LIC_FILES_CHKSUM = "\ +file://${COMMON_LICENSE_DIR}/GPL-1.0-only;md5=e9e36a9de734199567a4d769498f743d \ +file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf61 \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6 \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-with-font-exception;md5=bf93e21a513f6f923474e62fb920434d \ +file://${COMMON_LICENSE_DIR}/GPL-2.0-with-GCC-exception;md5=14c42911132e8c9008911385aede6449 \ +file://${COMMON_LICENSE_DIR}/GPL-3.0-only;md5=c79ff39f19dfec6d293b95dea7b07891 \ +file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea7245 \ +file://${COMMON_LICENSE_DIR}/GPL-3-with-bison-exception;md5=6e1bac3dc21fcc4fa049cf5c407eb7a2 \ +file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \ +file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \ +file://${COMMON_LICENSE_DIR}/LGPL-2.1-only;md5=1a6d268fd218675ffea8be556788b780 \ +file://${COMMON_LICENSE_DIR}/LGPL-2.1-or-later;md5=2a4f4fd2128ea2f65047ee63fbca9f68 \ +file://${COMMON_LICENSE_DIR}/LGPL-3.0-only;md5=bfccfe952269fff2b407dd11f2f3083b \ +file://${COMMON_LICENSE_DIR}/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \ +file://${COMMON_LICENSE_DIR}/0BSD;md5=f667a3c3830a55a17ec3067709f4526c \ +file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f \ +file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \ +file://${COMMON_LICENSE_DIR}/BSD-3-Clause-Modification;md5=27b46022df7bdef61a1e404fc3573f83 \ +file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \ +file://${COMMON_LICENSE_DIR}/BSD-4-Clause-UC;md5=1da3cf8ad50cd8d5d1de3cfc53196d01 \ +file://${COMMON_LICENSE_DIR}/ClArtistic;md5=f633bbf0697ec33066b83adfa9ebe51d \ +file://${COMMON_LICENSE_DIR}/Artistic-2.0;md5=8bbc66f0ba93cec26ef526117e280266 \ +file://${COMMON_LICENSE_DIR}/Artistic-1.0-Perl;md5=8feedd169dbd5738981843bd7d931f9f \ +file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \ +file://${COMMON_LICENSE_DIR}/Apache-2.0-with-LLVM-exception;md5=0bcd48c3bdfef0c9d9fd17726e4b7dab \ +file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \ +file://${COMMON_LICENSE_DIR}/zlib-acknowledgement;md5=c76c64e2cf99efcfb5e2b26aa86b12e6 \ +file://${COMMON_LICENSE_DIR}/Sleepycat;md5=1cbb64231c94198653282f3ccab88ffb \ +file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ +file://${COMMON_LICENSE_DIR}/MIT-open-group;md5=a7c50bba311e4b09d48a526eedcef837 \ +file://${COMMON_LICENSE_DIR}/MIT-Modern-Variant;md5=272dea2b67586002978254bc04648ab2 \ +file://${COMMON_LICENSE_DIR}/Unlicense;md5=7246f848faa4e9c9fc0ea91122d6e680 \ +file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d \ +file://${COMMON_LICENSE_DIR}/AFL-2.1;md5=e40039b90e182a056bcd9ad3e47ddd71 \ +file://${COMMON_LICENSE_DIR}/AGPL-3.0-only;md5=73f1eb20517c55bf9493b7dd6e480788 \ +file://${COMMON_LICENSE_DIR}/AGPL-3.0-or-later;md5=a4af3f9f0c0fc9de318e4df46665906e \ +file://${COMMON_LICENSE_DIR}/FSFAP;md5=232368338ef6dc99de71c2e05ff12176 \ +file://${COMMON_LICENSE_DIR}/MPL-1.1;md5=1d38e87ed8d522c49f04e1efe0fab3ab \ +file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad \ +file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7 \ +file://${COMMON_LICENSE_DIR}/CC-BY-4.0;md5=9b33bbd06fb58995fb0e299cd38d1838 \ +file://${COMMON_LICENSE_DIR}/CC-BY-SA-4.0;md5=4084714af41157e38872e798eb3fe1b1 \ +file://${COMMON_LICENSE_DIR}/CC0-1.0;md5=0ceb3372c9595f0a8067e55da801e4a1 \ +file://${COMMON_LICENSE_DIR}/NCSA;md5=1b5fdec70ee13ad8a91667f16c1959d7 \ +file://${COMMON_LICENSE_DIR}/APSL-2.0;md5=f9e4701d9a216a87ba145bbe25f54c58 \ +file://${COMMON_LICENSE_DIR}/IJG;md5=d9fc5ebaa95c14466091d25e0d34e688 \ +file://${COMMON_LICENSE_DIR}/psutils;md5=29046009c1f269661e7b74196fb8f6a0 \ +file://${COMMON_LICENSE_DIR}/Sendmail;md5=8037c42e05a5d4bfce06a44729fb6f1a \ +file://${COMMON_LICENSE_DIR}/blessing;md5=d5407b61870d6dc19d0bdc04ae4cc654 \ +file://${COMMON_LICENSE_DIR}/NTP;md5=0926fd147301b2a65e45e21adb3a6f14 \ +file://${COMMON_LICENSE_DIR}/BSL-1.0;md5=65a7df9ad57aacf825fd252c4c33288c \ +file://${COMMON_LICENSE_DIR}/GFDL-1.1-or-later;md5=03322744a1a73f36ebf29f98cced39a4 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.2-or-later;md5=9f58808219e9a42ff1228309d6f83dc6 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.3;md5=1083add59b39991c748ea70a92166959 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.3-or-later;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \ +file://${COMMON_LICENSE_DIR}/GFDL-1.3-no-invariants-or-later;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \ +file://${COMMON_LICENSE_DIR}/NPL-1.1;md5=f9c017c062c1b02462efb915d9f2cb63 \ +file://${COMMON_LICENSE_DIR}/libtiff;md5=b99383975855adc28712577c9cd56485 \ +file://${COMMON_LICENSE_DIR}/Vim;md5=676d28582e2dca824e7e309a9865eeb1 \ +file://${COMMON_LICENSE_DIR}/curl;md5=f7adb1397db248527ffed14d947e445c \ +file://${COMMON_LICENSE_DIR}/EUPL-1.1;md5=3f12b8134016fd7ba5a010afd690abaa \ +file://${COMMON_LICENSE_DIR}/OFL-1.1;md5=fac3a519e5e9eb96316656e0ca4f2b90 \ +file://${COMMON_LICENSE_DIR}/OFL-1.1-RFN;md5=2680fce30f17e5fed9bcebd9336e5b78 \ +file://${COMMON_LICENSE_DIR}/FTL;md5=f0bf6b09ee8b02121ed10709d9e49d8b \ +file://${COMMON_LICENSE_DIR}/Info-ZIP;md5=83a1c8ea099b3b58beb6e55dcbe4c15f \ +file://${COMMON_LICENSE_DIR}/Interbase-1.0;md5=f65304bc0e87e6700fe1e4ab5affdc6f \ +file://${COMMON_LICENSE_DIR}/Unicode-DFS-2016;md5=907371994d651afe53e98adc27824669 \ +file://${COMMON_LICENSE_DIR}/SISSL;md5=fded06bff75eb4a2899bd051e2e128f5 \ +file://${COMMON_LICENSE_DIR}/LPPL-1.3a;md5=8e2e8e1428b39cd78927c2ad28734ff7 \ +file://${COMMON_LICENSE_DIR}/SGI-B-2.0;md5=5f5dd7bd973dff1594131b1e9c7981f1 \ +file://${COMMON_LICENSE_DIR}/PSF-2.0;md5=76c1502273262a5ebefb50dfb20d7c4f \ +file://${COMMON_LICENSE_DIR}/X11;md5=87f08485cf6ba3c63a00eda8ecba7f1d \ +file://${COMMON_LICENSE_DIR}/OLDAP-2.8;md5=bb28ada4fbb5c3f52c233899b2e410a5 \ +file://${COMMON_LICENSE_DIR}/PostgreSQL;md5=a9c78964f52e27f4c01140a1a16da8e2 \ +file://${COMMON_LICENSE_DIR}/OPUBL-1.0;md5=99367d4750dbf0ae6cc74209ddd52f6d \ +" + +ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE = "6144" + +PV = "39.1.5" +SRC_URI = "https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/aarch64/iso/Fedora-Server-dvd-aarch64-39-1.5.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso" +SRC_URI[sha256sum] = "d19dc2a39758155fa53e6fd555d0d173ccc8175b55dea48002d499f39cb30ce0" diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb index 13e4355d40..06135d1537 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb @@ -1,19 +1,20 @@ require arm-systemready-linux-distros.inc -LICENSE = "AGPL-3.0-only & Apache-2.0 & Artistic-1.0 & Artistic-2.0 \ +LICENSE = "AGPL-3.0-only & Apache-1.1 & Apache-2.0 & Artistic-1.0 & Artistic-2.0 \ & BSD-2-Clause-Patent & BSD-2-Clause & BSD-3-Clause & BSD-4-Clause \ - & CC-BY-3.0 & CC-BY-4.0 & CC-BY-SA-1.0 & CC-BY-SA-3.0 \ + & BSL-1.0 & CC-BY-3.0 & CC-BY-4.0 & CC-BY-SA-1.0 & CC-BY-SA-3.0 \ & CC-BY-SA-4.0 & CC0-1.0 & CDDL-1.0 & GFDL-1.1-only \ & GFDL-1.2-only & GFDL-1.3-only & GFDL-1.3-or-later \ & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later \ - & GPL-3.0-only & GPL-3.0-or-later & HPND & ICU & IPA \ + & GPL-3.0-only & GPL-3.0-or-later & HPND & ICU & IPL-1.0 & IPA \ & ISC & LGPL-2.0-only & LGPL-2.0-or-later & LGPL-2.1-only \ & LGPL-2.1-or-later & LGPL-3.0-only & LGPL-3.0-or-later \ & LPPL-1.3c & MIT & MPL-1.1 & MPL-2.0 & OFL-1.1 & OLDAP-2.8 \ - & OpenSSL & Python-2.0 & Vim & W3C" + & OpenSSL & Python-2.0 & Sleepycat & Vim & W3C & Zlib" LIC_FILES_CHKSUM = "\ file://${COMMON_LICENSE_DIR}/AGPL-3.0-only;md5=73f1eb20517c55bf9493b7dd6e480788 \ +file://${COMMON_LICENSE_DIR}/Apache-1.1;md5=61cc638ff95ff4f38f243855bcec4317 \ file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \ file://${COMMON_LICENSE_DIR}/Artistic-1.0;md5=cda03bbdc3c1951996392b872397b798 \ file://${COMMON_LICENSE_DIR}/Artistic-2.0;md5=8bbc66f0ba93cec26ef526117e280266 \ @@ -21,6 +22,7 @@ file://${COMMON_LICENSE_DIR}/BSD-2-Clause-Patent;md5=0518d409dae93098cca8dfa932f file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f \ file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \ file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \ +file://${COMMON_LICENSE_DIR}/BSL-1.0;md5=65a7df9ad57aacf825fd252c4c33288c \ file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7 \ file://${COMMON_LICENSE_DIR}/CC-BY-4.0;md5=9b33bbd06fb58995fb0e299cd38d1838 \ file://${COMMON_LICENSE_DIR}/CC-BY-SA-1.0;md5=681ffad43a0addd90f1bebf45675104e \ @@ -40,6 +42,7 @@ file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea72 file://${COMMON_LICENSE_DIR}/HPND;md5=faa364b3e3c6db0f74cc0e704ddf6b9c \ file://${COMMON_LICENSE_DIR}/ICU;md5=4d85ad1f393add71dc66bcf78e3ee584 \ file://${COMMON_LICENSE_DIR}/IPA;md5=17b18da2d8b2c43c598aa7583229ef1b \ +file://${COMMON_LICENSE_DIR}/IPL-1.0;md5=be739b8845e6e98f99e206221fe9293b \ file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d \ file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \ file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \ @@ -55,15 +58,17 @@ file://${COMMON_LICENSE_DIR}/OFL-1.1;md5=fac3a519e5e9eb96316656e0ca4f2b90 \ file://${COMMON_LICENSE_DIR}/OLDAP-2.8;md5=bb28ada4fbb5c3f52c233899b2e410a5 \ file://${COMMON_LICENSE_DIR}/OpenSSL;md5=4eb1764f3e65fafa1a25057f9082f2ae \ file://${COMMON_LICENSE_DIR}/Python-2.0;md5=a5c8025e305fb49e6d405769358851f6 \ +file://${COMMON_LICENSE_DIR}/Sleepycat;md5=1cbb64231c94198653282f3ccab88ffb \ file://${COMMON_LICENSE_DIR}/Vim;md5=676d28582e2dca824e7e309a9865eeb1 \ file://${COMMON_LICENSE_DIR}/W3C;md5=4b1d0384b406508a63e51f7c69687700 \ +file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \ " ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE = "6144" -PV = "15.4" +PV = "15.5" # possible value of ISO_TYPE: NET, DVD ISO_TYPE = "DVD" -BUILD_NO = "243.2" +BUILD_NO = "491.1" SRC_URI = "https://download.opensuse.org/distribution/leap/${PV}/iso/openSUSE-Leap-${PV}-${ISO_TYPE}-aarch64-Build${BUILD_NO}-Media.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso" -SRC_URI[sha256sum] = "d87f79b2b723f9baaeedd9e2be0365c04081e51a4f7f7f08c7ab3eee0c3e0fae" +SRC_URI[sha256sum] = "456cc4f99b044429d8a89bd302c06e9e382d6ac4dc590139a7096ebb54f5357b" diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc index e247a42799..d80cf2373e 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc @@ -3,6 +3,7 @@ DESCRIPTION = "Arm SystemReady Linux distro CD/DVD images and installation \ target disk image" IMAGE_CLASSES:remove = "license_image testimage" +BUILDHISTORY_FEATURES:remove = "image" INHIBIT_DEFAULT_DEPS = "1" COMPATIBLE_HOST = "aarch64-*" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb index fab1761177..49ad744270 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb @@ -316,6 +316,7 @@ PACKAGES += "\ ${PN}-staticdev \ " +INSANE_SKIP += " 32bit-time" INSANE_SKIP:${PN}-dbg = "staticdev" INSANE_SKIP:${PN}-utils += "ldflags" INSANE_SKIP:libstdc++ += "ldflags" diff --git a/meta-arm/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/meta-arm/classes/uefi_capsule.bbclass index 690e7af4c3..a0709c0fd0 100644 --- a/meta-arm/meta-arm/classes/uefi_capsule.bbclass +++ b/meta-arm/meta-arm/classes/uefi_capsule.bbclass @@ -1,13 +1,10 @@ # This class generates UEFI capsules # The current class supports generating a capsule with single firmware binary -DEPENDS += "gettext-native" -inherit python3native - IMAGE_TYPES += "uefi_capsule" -# edk2 base tools should be installed in the native sysroot directory -do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot" +# u-boot-tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot" # By default the wic image is used to create a capsule CAPSULE_IMGTYPE ?= "wic" @@ -18,37 +15,37 @@ CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" # The generated capsule by default has uefi.capsule extension CAPSULE_EXTENSION ?= "uefi.capsule" +# The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY +CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}" + # The following variables must be set to be able to generate a capsule update +CAPSULE_CERTIFICATE_PATH ?= "" +CAPSULE_FW_VERSION ?= "" +CAPSULE_GUID ?= "" +CAPSULE_INDEX ?= "" +CAPSULE_MONOTONIC_COUNT ?= "" +CAPSULE_PRIVATE_KEY_PATH ?= "" UEFI_FIRMWARE_BINARY ?= "" -UEFI_CAPSULE_CONFIG ?= "" # Check if the required variables are set python() { - for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]: + for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \ + "CAPSULE_GUID", "CAPSULE_INDEX", \ + "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \ + "UEFI_FIRMWARE_BINARY"]: if not d.getVar(var): raise bb.parse.SkipRecipe(f"{var} not set") } IMAGE_CMD:uefi_capsule(){ - - # Force the GenerateCapsule script to use python3 - export PYTHON_COMMAND=${PYTHON} - - # Copy the firmware and the capsule config json to current directory - if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then - cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ; - fi - - export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY} - envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json - - ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \ - -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \ - ${MACHINE}-capsule-update-image.json - - # Remove the firmware to avoid contamination of IMGDEPLOYDIR - rm ${UEFI_FIRMWARE_BINARY} - + mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \ + --fw-version ${CAPSULE_FW_VERSION} \ + --guid ${CAPSULE_GUID} \ + --index ${CAPSULE_INDEX} \ + --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \ + --private-key ${CAPSULE_PRIVATE_KEY_PATH} \ + ${UEFI_FIRMWARE_BINARY} \ + ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION} } # The firmware binary should be created before generating the capsule diff --git a/meta-arm/meta-arm/classes/wic_nopt.bbclass b/meta-arm/meta-arm/classes/wic_nopt.bbclass deleted file mode 100644 index 529bf138a4..0000000000 --- a/meta-arm/meta-arm/classes/wic_nopt.bbclass +++ /dev/null @@ -1,9 +0,0 @@ -# This class removes the empty partition table header -# in the WIC file when --no-table WKS option is used - -IMAGE_TYPES:append = " wic.nopt" - -CONVERSIONTYPES += "nopt" - -# 1024 bytes are skipped which corresponds to the size of the partition table header to remove -CONVERSION_CMD:nopt = "tail -c +1025 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.nopt" diff --git a/meta-arm/meta-arm/conf/machine/generic-arm64.conf b/meta-arm/meta-arm/conf/machine/generic-arm64.conf deleted file mode 100644 index 9594e04171..0000000000 --- a/meta-arm/meta-arm/conf/machine/generic-arm64.conf +++ /dev/null @@ -1,25 +0,0 @@ -#@TYPE: Machine -#@NAME: generic-arm64 -#@DESCRIPTION: Generic Arm64 machine for typical SystemReady platforms, which -#have working firmware and boot via EFI. - -require conf/machine/include/arm/arch-armv8a.inc - -PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -KBUILD_DEFCONFIG = "defconfig" -KCONFIG_MODE = "--alldefconfig" -KERNEL_IMAGETYPE = "Image" -MACHINE_EXTRA_RRECOMMENDS += "kernel-modules linux-firmware" - -IMAGE_FSTYPES ?= "wic" -WKS_FILE ?= "efi-disk.wks.in" -EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}" - -MACHINE_FEATURES:append = " alsa bluetooth efi qemu-usermode rtc screen usbhost vfat wifi" - -SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0" - -XSERVER ?= "xserver-xorg \ - xf86-video-fbdev \ - xf86-video-modesetting \ - " diff --git a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py index 80f72aab6b..dddc10ee3a 100644 --- a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py +++ b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py @@ -3,6 +3,7 @@ import enum import pathlib import pexpect import os +import time from oeqa.core.target.ssh import OESSHTarget from fvp import runner @@ -127,9 +128,19 @@ class OEFVPTarget(OESSHTarget): def call_pexpect(terminal, *args, **kwargs): attr = getattr(self.terminals[terminal], name) if callable(attr): - return attr(*args, **kwargs) + self.logger.debug(f"Calling {name} on {terminal} : with arguments -> {args} : {kwargs}") + start_time = time.monotonic() # Record the start time + + attr = getattr(self.terminals[terminal], name) + result = attr(*args, **kwargs) + + end_time = time.monotonic() # Record the end time + elapsed_time = end_time - start_time + self.logger.debug(f"Execution time for result: [ {result} ] - elapsed_time: {elapsed_time} seconds") else: - return attr + result = attr + + return result return call_pexpect diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/ftpm.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/ftpm.py new file mode 100644 index 0000000000..be0cf46f5b --- /dev/null +++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/ftpm.py @@ -0,0 +1,41 @@ +# +# SPDX-License-Identifier: MIT +# + +import os + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.oetimeout import OETimeout + +class FtpmTestSuite(OERuntimeTestCase): + """ + Minimal test for optee-ftpm and ftpm kernel driver interfaces + """ + @OETimeout(360) + def test_ftpm(self): + # device files, need tee-supplicant fully initialized which takes some time + # and tests seem to run before boot is complete + cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 60; ls -l /dev/tpm0 /dev/tpmrm0 )" + status, output = self.target.run(cmd, timeout=90) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # tpm version + cmd = "cat /sys/class/tpm/tpm0/tpm_version_major" + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + self.assertEqual(output, "2", msg='\n'.join([cmd, output])) + + # sha384 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # sha256 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # sha1 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/optee.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/optee.py new file mode 100644 index 0000000000..4f46225b1d --- /dev/null +++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/optee.py @@ -0,0 +1,24 @@ +# +# SPDX-License-Identifier: MIT +# + +import os + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.runtime.decorator.package import OEHasPackage +from oeqa.core.decorator.oetimeout import OETimeout + +class OpteeTestSuite(OERuntimeTestCase): + """ + Run OP-TEE tests (xtest). + """ + @OETimeout(1300) + @OEHasPackage(['optee-test']) + def test_opteetest_xtest(self): + # clear storage before executing tests + cmd = "xtest --clear-storage || true" + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + cmd = "xtest" + status, output = self.target.run(cmd, timeout=1200) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py index 882989561d..5442399935 100644 --- a/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py +++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py @@ -28,9 +28,7 @@ class TrustedServicesTest(OERuntimeTestCase): @OEHasPackage(['ts-psa-crypto-api-test']) @OETestDepends(['ssh.SSHTest.test_ssh']) def test_03_psa_crypto_api_test(self): - # There are a two expected PSA Crypto tests failures testing features - # TS will not support. - self.run_test_tool('psa-crypto-api-test', expected_status=46) + self.run_test_tool('psa-crypto-api-test') @OEHasPackage(['ts-psa-its-api-test']) @OETestDepends(['ssh.SSHTest.test_ssh']) @@ -40,8 +38,7 @@ class TrustedServicesTest(OERuntimeTestCase): @OEHasPackage(['ts-psa-ps-api-test']) @OETestDepends(['ssh.SSHTest.test_ssh']) def test_05_psa_ps_api_test(self): - # There are a few expected PSA Storage tests failing - self.run_test_tool('psa-ps-api-test', expected_status=46) + self.run_test_tool('psa-ps-api-test') @OEHasPackage(['ts-psa-iat-api-test']) @OETestDepends(['ssh.SSHTest.test_ssh']) @@ -53,13 +50,12 @@ class TrustedServicesTest(OERuntimeTestCase): def test_09_ts_service_grp_check(self): # If this test fails, available test groups in ts-service-test have changed and all # tests using the test executable need to be double checked to ensure test group to - # TS SP mapping is still valid. + # TS SP mapping is still valid. test_grp_list="FwuServiceTests PsServiceTests ItsServiceTests AttestationProvisioningTests" test_grp_list+=" AttestationServiceTests CryptoKeyDerivationServicePackedcTests" test_grp_list+=" CryptoMacServicePackedcTests CryptoCipherServicePackedcTests" test_grp_list+=" CryptoHashServicePackedcTests CryptoServicePackedcTests" test_grp_list+=" CryptoServiceProtobufTests CryptoServiceLimitTests" - test_grp_list+=" DiscoveryServiceTests" self.run_test_tool('ts-service-test -lg', expected_output=test_grp_list) @OEHasPackage(['optee-test']) @@ -79,7 +75,7 @@ class TrustedServicesTest(OERuntimeTestCase): def test_11_ps_service_tests(self): if 'ts-storage' not in self.tc.td['MACHINE_FEATURES'] and \ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: - self.skipTest('Storage SP is not included into OPTEE') + self.skipTest('Storage SP is not deployed in the system.') self.run_test_tool('ts-service-test -g PsServiceTests') @OEHasPackage(['ts-service-test']) @@ -87,7 +83,7 @@ class TrustedServicesTest(OERuntimeTestCase): def test_12_its_service_tests(self): if 'ts-its' not in self.tc.td['MACHINE_FEATURES'] and \ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: - self.skipTest('Internal Storage SP is not included into OPTEE') + self.skipTest('Internal Storage SP is not deployed in the system.') self.run_test_tool('ts-service-test -g ItsServiceTests') @OEHasPackage(['ts-service-test']) @@ -95,9 +91,8 @@ class TrustedServicesTest(OERuntimeTestCase): def test_14_attestation_service_tests(self): if 'ts-attestation' not in self.tc.td['MACHINE_FEATURES'] and \ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: - self.skipTest('Attestation SP is not included into OPTEE') - for grp in ["AttestationProvisioningTests", "AttestationServiceTests"]: - self.run_test_tool('ts-service-test -g %s'%grp) + self.skipTest('Attestation SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g Attestation') @OEHasPackage(['ts-service-test']) @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-crypto', 'Crypto SP is not included') @@ -105,16 +100,5 @@ class TrustedServicesTest(OERuntimeTestCase): def test_15_crypto_service_tests(self): if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: - self.skipTest('Crypto SP is not included into OPTEE') - for grp in ["CryptoKeyDerivationServicePackedcTests", "CryptoMacServicePackedcTests", \ - "CryptoCipherServicePackedcTests", "CryptoHashServicePackedcTests", \ - "CryptoServicePackedcTests", "CryptoServiceProtobufTests CryptoServiceLimitTests"]: - self.run_test_tool('ts-service-test -g %s'%grp) - - @OEHasPackage(['ts-service-test']) - @OETestDepends(['ssh.SSHTest.test_ssh']) - def test_16_discovery_service_test(self): - if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \ - 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: - self.skipTest('Crypto SP is not included into OPTEE') - self.run_test_tool('ts-service-test -g DiscoveryServiceTests') + self.skipTest('Crypto SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g Crypto') diff --git a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb index 775f406457..d0605dd7a5 100644 --- a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb +++ b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb @@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master" +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master;protocol=https" SRCREV = "d3b1a15d18542b2086e72bfdc3fc43f454772a3b" # boot-wrapper doesn't make releases diff --git a/meta-arm/meta-arm/recipes-bsp/images/firmware-deploy-image.bb b/meta-arm/meta-arm/recipes-bsp/images/firmware-deploy-image.bb index 76c827385b..2f347f0b39 100644 --- a/meta-arm/meta-arm/recipes-bsp/images/firmware-deploy-image.bb +++ b/meta-arm/meta-arm/recipes-bsp/images/firmware-deploy-image.bb @@ -15,7 +15,8 @@ do_install[noexec] = "1" FIRMWARE_BINARIES ?= "" do_deploy() { - firmware_loc="${TMPDIR}_${MACHINE}/deploy/images/${MACHINE}" + firmware_loc=$(echo "${TMPDIR}" | sed "s/${TCLIBC}/musl/") + firmware_loc="${firmware_loc}_${MACHINE}/deploy/images/${MACHINE}" for firmware in ${FIRMWARE_BINARIES}; do echo "cp -av ${firmware_loc}/${firmware} ${DEPLOYDIR}/" cp -av "${firmware_loc}/${firmware}" ${DEPLOYDIR}/ diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch new file mode 100644 index 0000000000..2d189d8e8c --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch @@ -0,0 +1,36 @@ +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Mon, 15 Jan 2024 09:26:56 +0000 +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot + +If firmware is configured with TPM support but it's missing +on HW, e.g. swtpm not started and/or configured with qemu, +then continue booting. Missing TPM is not a fatal error. +Enables testing boot without TPM device to see that +missing TPM is detected further up the SW stack and correct +fallback actions are taken. + +Upstream-Status: Pending + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + plat/qemu/qemu/qemu_measured_boot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c +index 122bb23b14..731b081c47 100644 +--- a/plat/qemu/qemu/qemu_measured_boot.c ++++ b/plat/qemu/qemu/qemu_measured_boot.c +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void) + * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the + * secure Event Log buffer address. + */ +- panic(); ++ ERROR("Ignoring TPM errors, continuing without\n"); ++ return; + } + + /* Copy Event Log to Non-secure memory */ +-- +2.34.1 + diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.4.bb index 5ba8d48cb4..9072dca50a 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.4.bb @@ -9,8 +9,8 @@ SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmwa SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" -# Use fiptool from TF-A v2.10.3 -SRCREV = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +# Use fiptool from TF-A v2.10.4 +SRCREV = "569e16caad976a0684147da1ecc6333fd9b7f813" SRCBRANCH = "lts-v2.10" DEPENDS += "openssl-native" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index b3624bb3c7..3d42a97c7b 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,5 +1,4 @@ COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" -COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64" COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot" #FIXME - clang fails to build tfa for qemuarm-secureboot, and possibly other @@ -14,7 +13,6 @@ SRC_URI:append:qemuarm64-secureboot = " \ " TFA_PLATFORM:qemuarm64-secureboot = "qemu" -TFA_PLATFORM:qemu-generic-arm64 = "qemu_sbsa" TFA_PLATFORM:qemuarm-secureboot = "qemu" # Trusted Services secure partitions require arm-ffa machine feature. @@ -32,7 +30,6 @@ TFA_BUILD_TARGET:aarch64:qemuall = "all fip" TFA_BUILD_TARGET:arm:qemuall = "all fip" TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin" -TFA_INSTALL_TARGET:qemu-generic-arm64 = "bl1 fip" TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin" DEPENDS:append:aarch64:qemuall = " optee-os" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb index b30ac7252d..332ca7a688 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb @@ -1,7 +1,7 @@ require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc -# TF-A v2.10.3 -SRCREV_tfa = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +# TF-A v2.10.4 +SRCREV_tfa = "569e16caad976a0684147da1ecc6333fd9b7f813" SRCBRANCH = "lts-v2.10" LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" @@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +# continue to boot also without TPM +SRC_URI += "\ + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ +" diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb index bd84096731..9a1086fc5b 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb @@ -12,6 +12,8 @@ LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" +UPSTREAM_CHECK_GITTAGREGEX = "^edk2-stable(?P<pver>\d+)$" + S = "${WORKDIR}/git" inherit native diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend index 7a39bb0319..e923d9f034 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -13,24 +13,6 @@ EDK2_PLATFORM:qemuarm = "ArmVirtQemu-ARM" EDK2_PLATFORM_DSC:qemuarm = "ArmVirtPkg/ArmVirtQemu.dsc" EDK2_BIN_NAME:qemuarm = "QEMU_EFI.fd" -COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64" -DEPENDS:append:qemu-generic-arm64 = " trusted-firmware-a coreutils-native" -EDK2_PLATFORM:qemu-generic-arm64 = "SbsaQemu" -EDK2_PLATFORM_DSC:qemu-generic-arm64 = "Platform/Qemu/SbsaQemu/SbsaQemu.dsc" -EDK2_BIN_NAME:qemu-generic-arm64 = "SBSA_FLASH0.fd" - -do_compile:prepend:qemu-generic-arm64() { - mkdir -p ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/ -} - -do_install:append:qemu-generic-arm64() { - install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH*.fd ${D}/firmware/ - # QEMU requires that the images be minimum of 256M in size - truncate -s 256M ${D}/firmware/SBSA_FLASH*.fd -} - do_install:append:qemuarm64() { install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ } diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.24.11.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.25.15.bb index fe89e01f53..eab2255f6f 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.24.11.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.25.15.bb @@ -5,8 +5,11 @@ LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba file://license_terms/third_party_licenses/third_party_licenses.txt;md5=b9005e55057311e41efe02ccfea8ea72 \ file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=c09526c02e631abb95ad61528892552d" -SRC_URI[fvp-aarch64.sha256sum] = "7a3593dafd3af6897b3a0a68f66701201f8f3e02a3d981ba47494b2f18853648" -SRC_URI[fvp-x86_64.sha256sum] = "0f132334834cbc66889a62dd72057c976d7c7dfcfeec21799e9c78fb2ce24720" +SRC_URI[fvp-aarch64.sha256sum] = "22096fc2267ad776abe0ff32d0d3b870c9fae10036d9c16f4f0fe4a64487a11e" +SRC_URI[fvp-x86_64.sha256sum] = "5f33707a1bdaa96a933b89949f28643110ad80ac9835a75f139c200b64a394dc" + +# The CSS used in the FVP homepage make it too difficult to query with the tooling currently in Yocto +UPSTREAM_VERSION_UNKNOWN = "1" MODEL_CODE = "FVP_Base_RevC-2xAEMvA" diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc index a20959b780..29de89f222 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc @@ -29,10 +29,17 @@ def get_real_pv(d): pv = d.getVar("PV") return "%s.%s_%s" % tuple(pv.split(".")) +def get_fm_short_pv_url(d): + # FVP versions are like 11.12_43 + pv = d.getVar("PV") + return "FM_%s_%s" % tuple(pv.split("."))[:2] + + # If PV is 1.2.3, VERSION=1.2, BUILD=3, PV_URL=1.2_3. VERSION = "${@oe.utils.trim_version(d.getVar('PV', -1))}" BUILD = "${@d.getVar('PV').split('.')[-1]}" PV_URL = "${@get_real_pv(d)}" +PV_URL_SHORT="${@get_fm_short_pv_url(d)}" # The directory the FVP is installed into FVPDIR = "${libdir}/fvp/${BPN}" diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb index 4ac9a6ca5d..aef9edde51 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb @@ -2,12 +2,14 @@ require fvp-ecosystem.inc MODEL = "Corstone-1000" MODEL_CODE = "FVP_Corstone_1000" -PV = "11.23_25" +PV = "11.23.25" -SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" +SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV_URL}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" SRC_URI[fvp-aarch64.sha256sum] = "e299e81d5fa8b3d2afee0850fd03be31c1a1c3fad07f79849c63e46ee5e36acc" SRC_URI[fvp-x86_64.sha256sum] = "ec34c9564ccb5b1eb62fc2757673343a353db1d116a7cb1b5f82f9d985d99cdf" +UPSTREAM_CHECK_REGEX = "${MODEL_CODE}_(?P<pver>(\d+[\.\-_]*)+)_${FVP_ARCH}\.tgz" + LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ file://license_terms/third_party_licenses/third_party_licenses.txt;md5=0c32ac6f58ebff83065105042ab98211" diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-envelope.inc b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-envelope.inc index 1e8bb40728..f48d823f60 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-envelope.inc +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-envelope.inc @@ -2,7 +2,7 @@ require fvp-common.inc HOMEPAGE = "https://developer.arm.com/Tools%20and%20Software/Fixed%20Virtual%20Platforms" -SRC_URI = "https://developer.arm.com/-/media/Files/downloads/ecosystem-models/${MODEL_CODE}_${PV_URL}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" +SRC_URI = "https://developer.arm.com/-/media/Files/downloads/ecosystem-models/${PV_URL_SHORT}/${MODEL_CODE}_${PV_URL}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" UPSTREAM_CHECK_URI = "${HOMEPAGE}" UPSTREAM_CHECK_REGEX = "${MODEL_CODE}_(?P<pver>(\d+[\.\-_]*)+).tgz" diff --git a/meta-arm/meta-arm/recipes-kernel/arm-ffa-tee/arm-ffa-tee_1.1.2.bb b/meta-arm/meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb index 5790d00f10..44608b1dd2 100644 --- a/meta-arm/meta-arm/recipes-kernel/arm-ffa-tee/arm-ffa-tee_1.1.2.bb +++ b/meta-arm/meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb @@ -10,13 +10,13 @@ SRC_URI = "git://gitlab.arm.com/linux-arm/linux-trusted-services;protocol=https; " S = "${WORKDIR}/git" -# Tag tee-v1.1.2 -SRCREV = "8a81f5d2406f146b15a705d49b256efaa5fa3ba9" +# Tag tee-v2.0.0 +SRCREV = "a2d7349a96c3b3afb44bf1555d53f1c46e45a23d" COMPATIBLE_HOST = "(arm|aarch64).*-linux" -KERNEL_MODULE_AUTOLOAD += "arm-ffa-tee" +KERNEL_MODULE_AUTOLOAD += "arm-tstee" do_install:append() { install -d ${D}${includedir} - install -m 0644 ${S}/uapi/arm_ffa_tee.h ${D}${includedir}/ + install -m 0644 ${S}/uapi/arm_tstee.h ${D}${includedir}/ } diff --git a/meta-arm/meta-arm/recipes-kernel/arm-ffa-tee/files/Makefile b/meta-arm/meta-arm/recipes-kernel/arm-tstee/files/Makefile index 40a6e47403..6d781d15db 100644 --- a/meta-arm/meta-arm/recipes-kernel/arm-ffa-tee/files/Makefile +++ b/meta-arm/meta-arm/recipes-kernel/arm-tstee/files/Makefile @@ -1,4 +1,4 @@ -obj-m := arm-ffa-tee.o +obj-m := arm-tstee.o SRC := $(shell pwd) diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt-tweaks.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt-tweaks.cfg deleted file mode 100644 index 84e0dd71ca..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt-tweaks.cfg +++ /dev/null @@ -1,4 +0,0 @@ -# These configurations have a dependency on !PREEMPT_RT. Set them to `n` to -# avoid complain when do_kernel_configcheck. -CONFIG_LEDS_TRIGGER_CPU=n -CONFIG_TRANSPARENT_HUGEPAGE=n diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt.scc b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt.scc deleted file mode 100644 index ae97c2e2a3..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-preempt-rt.scc +++ /dev/null @@ -1,7 +0,0 @@ -define KMACHINE generic-arm64 -define KTYPE preempt-rt -define KARCH arm64 - -kconf hardware generic-arm64-preempt-rt-tweaks.cfg -include ktypes/preempt-rt/preempt-rt.scc -include features/bluetooth/bluetooth.scc diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc deleted file mode 100644 index 7036476902..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc +++ /dev/null @@ -1,6 +0,0 @@ -define KMACHINE generic-arm64 -define KTYPE standard -define KARCH arm64 - -include ktypes/standard/standard.scc -include features/bluetooth/bluetooth.scc diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend index c4e351bb39..a287d0e181 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend @@ -1,11 +1,5 @@ ARMFILESPATHS := "${THISDIR}/files:" -COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64" -FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}" -SRC_URI:append:generic-arm64 = " \ - file://generic-arm64-kmeta;type=kmeta;destsuffix=generic-arm64-kmeta \ - " - FILESEXTRAPATHS:prepend:qemuarm64-secureboot = "${ARMFILESPATHS}" SRC_URI:append:qemuarm64-secureboot = " \ file://tee.cfg \ diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb index 1bb76819b0..d5f6e01db3 100644 --- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb +++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb @@ -5,7 +5,6 @@ HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" COMPATIBLE_MACHINE ?= "invalid" COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64" -COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64" COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm" #FIXME - doesn't currently work with clang diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend index 4829bc107f..31be0e8f97 100644 --- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend +++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend @@ -1,15 +1,11 @@ FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" DEPENDS:append = "\ - ${@bb.utils.contains('MACHINE_FEATURES', \ - 'optee-ftpm', \ - 'optee-ftpm', \ - '' , \ - d)}" + ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', 'optee-ftpm', '' , d)} \ +" EXTRA_OEMAKE:append = "\ - ${@bb.utils.contains('MACHINE_FEATURES', \ - 'optee-ftpm', \ - 'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \ - '', \ - d)} " + ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', \ + 'CFG_CORE_HEAP_SIZE=131072 CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \ + '', d)} \ +" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc index ce5b8b86ca..d30e8ea7f3 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -6,64 +6,80 @@ # TS SPs UUIDs definitions require recipes-security/trusted-services/ts-uuid.inc -TS_ENV = "opteesp" +TS_ENV ?= "opteesp" TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" +TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin" + +SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}" # ITS SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ ' ts-sp-its', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ - ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}" # Storage SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ ' ts-sp-storage', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ - ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}" # Crypto SP. DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ ' ts-sp-crypto', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ - ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}" # Attestation SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ ' ts-sp-attestation', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ - ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}" # Env-test SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ ' ts-sp-env-test', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ - ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}" # SE-Proxy SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ ' ts-sp-se-proxy', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ - ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}" # SMM Gateway DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ ' ts-sp-smm-gateway', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ - ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}" # SPM test SPs DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' ts-sp-spm-test1 ts-sp-spm-test2 ts-sp-spm-test3', '' , d)}" + ' ts-sp-spm-test1 ts-sp-spm-test2 \ + ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \ + '', d)}" EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ ' CFG_SPMC_TESTS=y', '' , d)}" +# Firmware Update SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ts-sp-fwu', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ${TS_BIN}/${FWU_UUID}${SP_EXT}', '', d)}" + # Block Storage SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ ' ts-sp-block-storage', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ - ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}" -EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}" +EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ + ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ + SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee.inc b/meta-arm/meta-arm/recipes-security/optee/optee.inc index 1569a9df3b..37676f1496 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee.inc @@ -2,7 +2,6 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" COMPATIBLE_MACHINE ?= "invalid" COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64" -COMPATIBLE_MACHINE:qemu-generic-arm64 ?= "qemu-generic-arm64" COMPATIBLE_MACHINE:qemuarm ?= "qemuarm" # Please add supported machines below or set it in .bbappend or .conf diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch new file mode 100644 index 0000000000..bcffa4b86f --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch @@ -0,0 +1,100 @@ +From 9fbeb9dd8c4f2c842248541b73e4cff9c6f8d26e Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing <gyorgy.szing@arm.com> +Date: Wed, 27 Mar 2024 21:53:51 +0000 +Subject: [PATCH 1/1] Allow configuring flash image files compile time + +Allow configuring image file PATH name for file and semihosted +block_store using CMake build options. + +Upstream-Status: Pending + +Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com> +--- + .../block_storage/factory/file/block_store_factory.c | 6 +++++- + .../service/block_storage/factory/file/component.cmake | 6 +++++- + .../block_storage/factory/semihosting/block_store_factory.c | 6 +++++- + .../block_storage/factory/semihosting/component.cmake | 6 +++++- + 4 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/components/service/block_storage/factory/file/block_store_factory.c b/components/service/block_storage/factory/file/block_store_factory.c +index c6915107b..ef05ee791 100644 +--- a/components/service/block_storage/factory/file/block_store_factory.c ++++ b/components/service/block_storage/factory/file/block_store_factory.c +@@ -25,6 +25,10 @@ + #define FILE_BLOCK_SIZE (512) + #endif + ++#ifndef FILE_BLK_FILE_NAME ++#define FILE_BLK_FILE_NAME "secure-flash.img" ++#endif ++ + static char disk_img_filename[256]; + + struct block_store_assembly { +@@ -60,7 +64,7 @@ struct block_store *file_block_store_factory_create(void) + + /* Ensure disk image filename is set */ + if (disk_img_filename[0] == '\0') +- file_block_store_factory_set_filename("secure-flash.img"); ++ file_block_store_factory_set_filename(FILE_BLK_FILE_NAME); + + /* Initialise a file_block_store to provide underlying storage */ + struct block_store *secure_flash = file_block_store_init( +diff --git a/components/service/block_storage/factory/file/component.cmake b/components/service/block_storage/factory/file/component.cmake +index 644f03972..fa15d1399 100644 +--- a/components/service/block_storage/factory/file/component.cmake ++++ b/components/service/block_storage/factory/file/component.cmake +@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY) + set(TS_BLOCK_STORE_FACTORY "file_block_store_factory") + target_compile_definitions(${TGT} PRIVATE + CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY}) +-endif() +\ No newline at end of file ++endif() ++ ++set(FILE_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.") ++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS FILE_BLK_FILE_NAME="${FILE_BLK_FILE_NAME}") ++message(status "Block storage image file PATH is ${FILE_BLK_FILE_NAME}") +diff --git a/components/service/block_storage/factory/semihosting/block_store_factory.c b/components/service/block_storage/factory/semihosting/block_store_factory.c +index 8e58e3638..09bdb74eb 100644 +--- a/components/service/block_storage/factory/semihosting/block_store_factory.c ++++ b/components/service/block_storage/factory/semihosting/block_store_factory.c +@@ -21,6 +21,10 @@ + /* Most common block size for UEFI volumes */ + #define SEMIHOSTING_BLOCK_SIZE (512) + ++#ifndef SEMIHOSTING_BLK_FILE_NAME ++#define SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" ++#endif ++ + struct block_store_assembly + { + struct semihosting_block_store semihosting_block_store; +@@ -55,7 +59,7 @@ struct block_store *semihosting_block_store_factory_create(void) + /* Initialise a semihosting_block_store to provide underlying storage */ + struct block_store *secure_flash = semihosting_block_store_init( + &assembly->semihosting_block_store, +- "secure-flash.img", ++ SEMIHOSTING_BLK_FILE_NAME, + SEMIHOSTING_BLOCK_SIZE); + + if (secure_flash) { +diff --git a/components/service/block_storage/factory/semihosting/component.cmake b/components/service/block_storage/factory/semihosting/component.cmake +index 97affaf49..98d6dcdcb 100644 +--- a/components/service/block_storage/factory/semihosting/component.cmake ++++ b/components/service/block_storage/factory/semihosting/component.cmake +@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY) + set(TS_BLOCK_STORE_FACTORY "semihosting_block_store_factory") + target_compile_definitions(${TGT} PRIVATE + CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY}) +-endif() +\ No newline at end of file ++endif() ++ ++set(SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.") ++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS SEMIHOSTING_BLK_FILE_NAME="${SEMIHOSTING_BLK_FILE_NAME}") ++message(status "Block storage semihosting image file PATH is ${SEMIHOSTING_BLK_FILE_NAME}") +\ No newline at end of file +-- +2.34.1 + diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-LazyFetch-allow-setting-the-cmake-generator.patch b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-LazyFetch-allow-setting-the-cmake-generator.patch deleted file mode 100644 index 6664fd0519..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-LazyFetch-allow-setting-the-cmake-generator.patch +++ /dev/null @@ -1,46 +0,0 @@ -From e62709f8e6f586ace7975b58b8a1c726d120759f Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing <Gyorgy.Szing@arm.com> -Date: Thu, 31 Aug 2023 18:24:50 +0200 -Subject: [PATCH] LazyFetch: allow setting the cmake generator - -Allow configuring the CMake generator used for external components. By -default use the generator the main project is using. -For details see the documentation in tools/cmake/common/LazyFetch.cmake. - -Change-Id: Ie01ea1ae533cf7a40c1f09808de2ad2e83a09db3 -Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - tools/cmake/common/LazyFetch.cmake | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/tools/cmake/common/LazyFetch.cmake b/tools/cmake/common/LazyFetch.cmake -index 68e790e..7676201 100644 ---- a/tools/cmake/common/LazyFetch.cmake -+++ b/tools/cmake/common/LazyFetch.cmake -@@ -87,11 +87,20 @@ function(LazyFetch_ConfigAndBuild) - "component specific. Pleas refer to the upstream documentation for more information.") - endif() - -+ if(NOT DEFINED ${UC_DEP_NAME}_GENERATOR) -+ if(DEFINED ENV{${UC_DEP_NAME}_GENERATOR}) -+ set(${UC_DEP_NAME}_GENERATOR ENV{${UC_DEP_NAME}_GENERATOR} CACHE STRING "CMake generator used for ${UC_DEP_NAME}.") -+ else() -+ set(${UC_DEP_NAME}_GENERATOR ${CMAKE_GENERATOR} CACHE STRING "CMake generator used for ${UC_DEP_NAME}.") -+ endif() -+ endif() -+ - execute_process(COMMAND - ${CMAKE_COMMAND} -E env "CROSS_COMPILE=${CROSS_COMPILE}" - ${CMAKE_COMMAND} - "-C${CONFIGURED_CACHE_FILE}" - -DCMAKE_BUILD_TYPE=${${UC_DEP_NAME}_BUILD_TYPE} -+ -G${${UC_DEP_NAME}_GENERATOR} - -S ${BUILD_SRC_DIR} - -B ${BUILD_BIN_DIR} - RESULT_VARIABLE --- -2.34.1 - diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch deleted file mode 100644 index 28e041bce6..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch +++ /dev/null @@ -1,41 +0,0 @@ -From aca9f9ae26235e9da2bc9adef49f9f5578f3e1e7 Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing <Gyorgy.Szing@arm.com> -Date: Tue, 25 Apr 2023 15:03:46 +0000 -Subject: [PATCH 1/1] Limit nanopb build to single process - -Sometimes in yocto the nanopb build step fails. The reason seems -to be a race condition. This fix disables parallel build as -a workaround. - -Upstream-Status: Inappropriate [yocto specific] - -Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> ---- - external/nanopb/nanopb.cmake | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/external/nanopb/nanopb.cmake b/external/nanopb/nanopb.cmake -index 36465f61..94f8048c 100644 ---- a/external/nanopb/nanopb.cmake -+++ b/external/nanopb/nanopb.cmake -@@ -65,6 +65,8 @@ if(TARGET stdlib::c) - unset_saved_properties(LIBC) - endif() - -+set(_PROCESSOR_COUNT ${PROCESSOR_COUNT}) -+set(PROCESSOR_COUNT 1) - include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) - LazyFetch_MakeAvailable(DEP_NAME nanopb - FETCH_OPTIONS ${GIT_OPTIONS} -@@ -73,6 +75,8 @@ LazyFetch_MakeAvailable(DEP_NAME nanopb - CACHE_FILE "${TS_ROOT}/external/nanopb/nanopb-init-cache.cmake.in" - SOURCE_DIR "${NANOPB_SOURCE_DIR}" - ) -+set(PROCESSOR_COUNT ${_PROCESSOR_COUNT}) -+ - unset(_cmake_fragment) - - if(TARGET stdlib::c) --- -2.34.1 - diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/files/nanopb-upgrade.patch b/meta-arm/meta-arm/recipes-security/trusted-services/files/nanopb-upgrade.patch deleted file mode 100644 index 9ae4c6f2b8..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/files/nanopb-upgrade.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 35d16cdfd51aeca5df70732accc89e250af86b69 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Fri, 29 Sep 2023 16:21:26 +0100 -Subject: [PATCH] Upgrade nanopb - -Upgrade the nanopb checkout to 0.4.7 plus some important build fixes, and -change the build/install process to be more reliable. - -This should be upstreamed, but some pieces of this are not upstreamable in their -current state. - -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - external/nanopb/fix-pyhon-name.patch | 41 ---------------------- - external/nanopb/nanopb-init-cache.cmake.in | 6 +++- - external/nanopb/nanopb.cmake | 7 ++-- - 3 files changed, 8 insertions(+), 46 deletions(-) - delete mode 100644 external/nanopb/fix-pyhon-name.patch - -diff --git a/external/nanopb/fix-pyhon-name.patch b/external/nanopb/fix-pyhon-name.patch -deleted file mode 100644 -index ab0e84c550f4..000000000000 ---- a/external/nanopb/fix-pyhon-name.patch -+++ /dev/null -@@ -1,41 +0,0 @@ --This patch fixes two issues: -- --1. On windows the python3 executable is not allways called "python3". As a result -- "protoc" execution can fail due to the shebang in the file. This patch fixes -- this by running protoc with the intepreter. -- --2. In addition when not running from a virtualenv, the install path for python file -- is set to the "user site-packages" to avoid needing elevated access rights. -- --diff --git a/CMakeLists.txt b/CMakeLists.txt --index 31c86e7..e827015 100644 ----- a/CMakeLists.txt --+++ b/CMakeLists.txt --@@ -54,13 +54,25 @@ if(nanopb_BUILD_GENERATOR) -- string(REGEX REPLACE "([^;]+)" "\\1_pb2.py" generator_proto_py_file "${generator_proto}") -- add_custom_command( -- OUTPUT ${generator_proto_py_file} --- COMMAND ${nanopb_PROTOC_PATH} --python_out=${PROJECT_BINARY_DIR} -I${PROJECT_SOURCE_DIR}/generator/proto ${generator_proto_file} --+ COMMAND ${Python_EXECUTABLE} ${nanopb_PROTOC_PATH} --python_out=${PROJECT_BINARY_DIR} -I${PROJECT_SOURCE_DIR}/generator/proto ${generator_proto_file} -- DEPENDS ${generator_proto_file} -- ) -- add_custom_target("generate_${generator_proto_py_file}" ALL DEPENDS ${generator_proto_py_file}) --+ --+ if (DEFINED ENV{VIRTUAL_ENV}) --+ set(PYTHON_INSTALL_DIR ${Python_SITELIB} CACHE PATH "Install location for generated python modules.") --+ else() --+ execute_process( --+ COMMAND ${Python_EXECUTABLE} -m site --user-site --+ OUTPUT_VARIABLE PYTHON_USER_SITE --+ OUTPUT_STRIP_TRAILING_WHITESPACE --+ ) --+ set(PYTHON_INSTALL_DIR ${PYTHON_USER_SITE} CACHE PATH "Install location for generated python modules.") --+ endif() --+ -- install( -- FILES ${PROJECT_BINARY_DIR}/${generator_proto_py_file} --- DESTINATION ${Python_SITELIB} --+ DESTINATION ${PYTHON_INSTALL_DIR} -- ) -- endforeach() -- endif() -diff --git a/external/nanopb/nanopb-init-cache.cmake.in b/external/nanopb/nanopb-init-cache.cmake.in -index fb8104d64b26..8df41ddcb5eb 100644 ---- a/external/nanopb/nanopb-init-cache.cmake.in -+++ b/external/nanopb/nanopb-init-cache.cmake.in -@@ -12,11 +12,15 @@ set(BUILD_STATIC_LIBS On CACHE BOOL "") - set(nanopb_BUILD_RUNTIME On CACHE BOOL "") - set(nanopb_BUILD_GENERATOR On CACHE BOOL "") - set(nanopb_MSVC_STATIC_RUNTIME Off BOOL "") --set(nanopb_PROTOC_PATH ${CMAKE_SOURCE_DIR}/generator/protoc CACHE STRING "") -+ -+set(Python_EXECUTABLE "@Python_EXECUTABLE@" CACHE PATH "Location of python3 executable") - - string(TOUPPER @CMAKE_CROSSCOMPILING@ CMAKE_CROSSCOMPILING) # CMake expects TRUE - if (CMAKE_CROSSCOMPILING) - set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY CACHE STRING "") - endif() - -+set(nanopb_PYTHON_INSTDIR_OVERRIDE "@BUILD_INSTALL_DIR@/lib/python" CACHE PATH "") -+set(NANOPB_GENERATOR_DIR "@BUILD_INSTALL_DIR@/lib/python" CACHE PATH "") -+ - @_cmake_fragment@ -diff --git a/external/nanopb/nanopb.cmake b/external/nanopb/nanopb.cmake -index 36465f612d5d..57cf3d697fdd 100644 ---- a/external/nanopb/nanopb.cmake -+++ b/external/nanopb/nanopb.cmake -@@ -28,7 +28,7 @@ running this module. - - set(NANOPB_URL "https://github.com/nanopb/nanopb.git" - CACHE STRING "nanopb repository URL") --set(NANOPB_REFSPEC "nanopb-0.4.2" -+set(NANOPB_REFSPEC "nanopb-0.4.7" - CACHE STRING "nanopb git refspec") - set(NANOPB_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/nanopb-src" - CACHE PATH "nanopb source-code") -@@ -85,7 +85,7 @@ find_package(Python3 REQUIRED COMPONENTS Interpreter) - - find_file(NANOPB_GENERATOR_PATH - NAMES nanopb_generator.py -- PATHS ${nanopb_SOURCE_DIR}/generator -+ PATHS ${NANOPB_INSTALL_DIR}/bin - DOC "nanopb protobuf compiler" - NO_DEFAULT_PATH - ) -@@ -186,11 +186,10 @@ function(protobuf_generate) - target_include_directories(${PARAMS_TGT} PRIVATE ${_OUT_DIR_BASE}) - endif() - -- get_filename_component(NANOPB_GENERATOR_DIR "${NANOPB_GENERATOR_PATH}" DIRECTORY CACHE "Location of nanopb generator.") - #Append a protobuf generator command to the nanopb_generate target. - add_custom_command(OUTPUT "${_OUT_C}" "${_OUT_H}" - COMMAND -- ${CMAKE_COMMAND} -E env PYTHONPATH=${NANOPB_GENERATOR_DIR} -+ ${CMAKE_COMMAND} -E env PYTHONPATH=${NANOPB_INSTALL_DIR}/lib/python - ${Python3_EXECUTABLE} ${NANOPB_GENERATOR_PATH} - -I ${PARAMS_BASE_DIR} - -D ${_OUT_DIR_BASE} diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb index aafe85160c..789bde7cb2 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb +++ b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb @@ -10,8 +10,8 @@ SRC_URI += "file://tee-udev.rules \ OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}" -DEPENDS += "arm-ffa-tee arm-ffa-user" -RRECOMMENDS:${PN} += "arm-ffa-tee" +DEPENDS += "arm-tstee arm-ffa-user" +RRECOMMENDS:${PN} += "arm-tstee" # Unix group name for dev/tee* ownership. TEE_GROUP_NAME ?= "teeclnt" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc index 20a462199e..e05aadd77c 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -2,19 +2,17 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib" -SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \ +SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=main;name=trusted-services;destsuffix=git/trusted-services \ " FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append = "\ - file://0001-Limit-nanopb-build-to-single-process.patch \ - file://0001-LazyFetch-allow-setting-the-cmake-generator.patch \ - file://nanopb-upgrade.patch \ + file://0001-Allow-configuring-flash-image-files-compile-time.patch \ " -#Latest on 2023 April 28 -SRCREV_trusted-services = "08b3d39471f4914186bd23793dc920e83b0e3197" +# Trusted Services; aka. 2024 April 19 +SRCREV_trusted-services = "602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9" LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" S = "${WORKDIR}/git/trusted-services" @@ -25,10 +23,10 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" -# MbedTLS, tag "mbedtls-3.3.0" +# MbedTLS, tag "v3.5.1" SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls" -SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454" -LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +SRCREV_mbedtls = "15254759342494c7e969766d5424d78d7deb9bfa" +LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" # Nanopb, tag "nanopb-0.4.7" plus some further fixes SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" @@ -50,17 +48,7 @@ SRC_URI += "git://github.com/cpputest/cpputest.git;name=cpputest;protocol=https; SRCREV_cpputest = "e25097614e1c4856036366877a02346c4b36bb5b" LIC_FILES_CHKSUM += "file://../cpputest/COPYING;md5=ce5d5f1fe02bcd1343ced64a06fd4177" -# Libmetal -SRC_URI += "git://github.com/OpenAMP/libmetal.git;name=libmetal;protocol=https;branch=main;destsuffix=git/libmetal" -SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad" -LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c" - -# Openamp -SRC_URI += "git://github.com/OpenAMP/open-amp.git;name=openamp;protocol=https;branch=main;destsuffix=git/openamp" -SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" -LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf" - -SRCREV_FORMAT = "trusted-services_dtc_mbedtls_nanopb_qcbor_tcose_cpputest_libmetal_openamp" +SRCREV_FORMAT = "trusted-services_dtc_mbedtls_nanopb_qcbor_tcose_cpputest" inherit apply_local_src_patches LOCAL_SRC_PATCHES_INPUT_DIR = "N/A" @@ -74,6 +62,11 @@ do_apply_local_src_patches() { apply_local_src_patches ${S}/external/nanopb ${WORKDIR}/git/nanopb } +do_config:append:() { + # Fine tune MbedTLS configuration for crypto only operation. + sh -c "cd ${WORKDIR}/git/mbedtls; python3 scripts/config.py crypto" +} + # Paths to dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-DDTC_SOURCE_DIR=${WORKDIR}/git/dtc \ -DCPPUTEST_SOURCE_DIR=${WORKDIR}/git/cpputest \ @@ -81,6 +74,4 @@ EXTRA_OECMAKE += "-DDTC_SOURCE_DIR=${WORKDIR}/git/dtc \ -DT_COSE_SOURCE_DIR=${WORKDIR}/git/tcose \ -DQCBOR_SOURCE_DIR=${WORKDIR}/git/qcbor \ -DMBEDTLS_SOURCE_DIR=${WORKDIR}/git/mbedtls \ - -DOPENAMP_SOURCE_DIR=${WORKDIR}/git/openamp \ - -DLIBMETAL_SOURCE_DIR=${WORKDIR}/git/libmetal \ " diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc index b46cd49897..272e9106cd 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -23,7 +23,7 @@ TS_PLATFORM ?= "ts/mock" # FIP packaging is not supported yet SP_PACKAGING_METHOD ?= "embedded" -SYSROOT_DIRS += "/usr/opteesp /usr/arm-linux" +SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux" # TS cmake files use find_file() to search through source code and build dirs. # Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails. @@ -32,7 +32,6 @@ OECMAKE_EXTRA_ROOT_PATH = "${WORKDIR}/git/ ${WORKDIR}/build/" EXTRA_OECMAKE += '-DLIBGCC_LOCATE_CFLAGS="--sysroot=${STAGING_DIR_HOST}" \ -DCROSS_COMPILE="${TARGET_PREFIX}" \ - -DSP_PACKAGING_METHOD="${SP_PACKAGING_METHOD}" \ -DTS_PLATFORM="${TS_PLATFORM}" \ ' export CROSS_COMPILE="${TARGET_PREFIX}" @@ -40,15 +39,20 @@ export CROSS_COMPILE="${TARGET_PREFIX}" # Default TS installation path TS_INSTALL = "/usr/${TS_ENV}" -# Use the Yocto cmake toolchain for arm-linux TS deployments and -# the TS opteesp toolchain for opteesp TS deployments -EXTRA_OECMAKE += "${@oe.utils.conditional('TS_ENV', 'opteesp', \ - '-DCMAKE_TOOLCHAIN_FILE=${S}/environments/${TS_ENV}/default_toolchain_file.cmake', \ - '-DTS_EXTERNAL_LIB_TOOLCHAIN_FILE=${WORKDIR}/toolchain.cmake', \ - d)} \ - " +# Use the Yocto cmake toolchain for external components of the arm-linux TS deployments, +# and the TS toolchain for opteesp and sp deployments +def get_ts_toolchain_option(d): + ts_env=d.getVar('TS_ENV') + if ts_env == 'opteesp' or ts_env == 'sp': + return '-DCMAKE_TOOLCHAIN_FILE=${S}/environments/'+ts_env+'/default_toolchain_file.cmake' + if ts_env == 'arm-linux': + return '-DTS_EXTERNAL_LIB_TOOLCHAIN_FILE=${WORKDIR}/toolchain.cmake' + bb.error("Unkown value \"%s\" for TS_ENV." % (ts_env)) + return '' + +EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}" # Paths to pre-built dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ - -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib \ + -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \ " diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb index 668bde568f..a17c1720e2 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb @@ -18,6 +18,10 @@ TOOLCHAIN = "gcc" FILES:${PN} = "${bindir}/ts-demo" +# TODO: remove FORTIFY_SOURCE as MbedTLS fails to build in yocto if this +# compilation flag is used. +lcl_maybe_fortify = "${@oe.utils.conditional('OPTLEVEL','-O0','','${OPTLEVEL}',d)}" + do_install:append () { install -d ${D}${bindir} mv ${D}${TS_INSTALL}/bin/ts-demo ${D}${bindir} diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb index 24a724a4fd..669e87aed1 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb @@ -7,7 +7,7 @@ require trusted-services.inc SRC_URI += "git://sourceware.org/git/newlib-cygwin.git;name=newlib;protocol=https;branch=master;destsuffix=git/newlib \ " -# tag "newlib-0.4.1" +# tag "newlib-4.1.0" SRCREV_newlib = "415fdd4279b85eeec9d54775ce13c5c412451e08" LIC_FILES_CHKSUM += "file://../newlib/COPYING.NEWLIB;md5=b8dda70da54e0efb49b1074f349d7749" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc index c8b4e99244..93051bf38a 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc @@ -13,7 +13,7 @@ SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protoc file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \ " -SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe" +SRCREV_psatest = "74dc6646ff594e131a726a5305aba77bac30eceb" LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" EXTRA_OECMAKE += "-DPSA_ARCH_TESTS_SOURCE_DIR=${WORKDIR}/git/psatest" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb index e5c662e4d0..c39554a69b 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb @@ -16,6 +16,9 @@ SRCREV_psaqcbor = "42272e466a8472948bf8fca076d113b81b99f0e0" EXTRA_OECMAKE += "-DPSA_TARGET_QCBOR=${WORKDIR}/git/psaqcbor \ " +# TODO: remove FORTIFY_SOURCE as MbedTLS fails to build in yocto if this +# compilation flag is used. +lcl_maybe_fortify = "${@oe.utils.conditional('OPTLEVEL','-O0','','${OPTLEVEL}',d)}" # Mbedtls 3.1.0 does not compile with clang. # This can be removed after TS updated required mbedtls version diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 3d756015a0..c8b1409c50 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -1,11 +1,12 @@ # Common part of all Trusted Services SPs recipes -TS_ENV = "opteesp" +TS_ENV ?= "opteesp" require trusted-services.inc require ts-uuid.inc DEPENDS += "dtc-native ts-newlib" +DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}" FILES:${PN}-dev = "${TS_INSTALL}" @@ -30,3 +31,13 @@ INSANE_SKIP:${PN}-dev += "ldflags" # Trusted Services SPs do not compile with clang TOOLCHAIN = "gcc" + +# FORTIFY_SOURCE is a glibc feature. Disable it for all SPs as these do not use glibc. +TARGET_CFLAGS:remove = "-D_FORTIFY_SOURCE=2" +OECMAKE_C_FLAGS:remove = "-D_FORTIFY_SOURCE=2" +OECMAKE_CXX_FLAGS:remove = "-D_FORTIFY_SOURCE=2" + +# Override yoctos default linux specific toolchain file. trusted-services.inc +# will add a proper tooclhain option. +OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake" + diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb new file mode 100644 index 0000000000..02f58fb42e --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb @@ -0,0 +1,32 @@ +# SPDX-FileCopyrightText: <text>Copyright 2024 Arm Limited and/or its +# affiliates <open-source-office@arm.com></text> +# +# SPDX-License-Identifier: MIT + +DESCRIPTION = "Trusted Services Firmware Update Service provider" + +require ts-sp-common.inc +inherit deploy + +SP_UUID = "${FWU_UUID}" +TS_SP_FWU_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}" + +# The GPT parser component is needed from TF-A +SRC_URI += "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;name=tfa;protocol=https;branch=master;destsuffix=git/tf-a" +SRCREV_tfa = "v2.7.0" +LIC_FILES_CHKSUM = "file://../tf-a/docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" +do_apply_local_src_patches:append() { + apply_local_src_patches ${S}/external/tf_a ${WORKDIR}/git/tf-a +} + +EXTRA_OECMAKE:append = "-DTFA_SOURCE_DIR=${WORKDIR}/git/tf-a" + +# Deploy the secure flash image. +do_deploy() { + cp -v ${S}/components/media/disk/disk_images/multi_location_fw.img ${DEPLOYDIR}/secure-flash.img +} +addtask deploy after do_compile + +EXTRA_OECMAKE:append:qemuall = " -DSEMIHOSTING_BLK_FILE_NAME:STRING=${@oe.path.relative('${TMPDIR}', '${DEPLOY_DIR_IMAGE}')}/secure-flash.img" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc index e357629b0f..5c0d686571 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc @@ -1,5 +1,8 @@ DESCRIPTION = "Trusted Services SPMC test SPs" +# spm test SP only supports opteesp. +TS_ENV = 'opteesp' + require ts-sp-common.inc SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb new file mode 100644 index 0000000000..2ee69c1f0c --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP4" + +SP_INDEX="4" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc index 1eb05d8b5c..810ffa5e59 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -10,4 +10,6 @@ STORAGE_UUID = "751bf801-3dde-4768-a514-0f10aeed1790" SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37" SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a" SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6" +SPM_TEST4_UUID = "423762ed-7772-406f-99d8-0c27da0abbf8" +FWU_UUID = "6823a838-1b06-470e-9774-0cce8bfb53fd" BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" diff --git a/meta-openembedded/README.md b/meta-openembedded/README.md index 7318f09cdb..82f2e9699a 100644 --- a/meta-openembedded/README.md +++ b/meta-openembedded/README.md @@ -1,6 +1,6 @@ Collection of layers for the OE-core universe -Main layer maintainer: Khem Raj <raj.khem@gmail.com> +Main layer maintainer: Armin Kuster <akuster808@gmail.com> This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer diff --git a/meta-openembedded/meta-filesystems/README.md b/meta-openembedded/meta-filesystems/README.md index 78a4429ce2..bf48806035 100644 --- a/meta-openembedded/meta-filesystems/README.md +++ b/meta-openembedded/meta-filesystems/README.md @@ -11,26 +11,26 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: scarthgap URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: scarthgap Patches ======= Please submit any patches against the filesystems layer to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) -with '[meta-filesystems]' in the subject. +with '[meta-filesystems][scarthgap]' in the subject. -Layer maintainer: Khem Raj <raj.khem@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ - --subject-prefix='meta-filesystems][PATCH' + --subject-prefix='meta-filesystems][scarthgap][PATCH' Table of Contents diff --git a/meta-openembedded/meta-filesystems/conf/include/non-repro-meta-filesystems.inc b/meta-openembedded/meta-filesystems/conf/include/non-repro-meta-filesystems.inc new file mode 100644 index 0000000000..4975593277 --- /dev/null +++ b/meta-openembedded/meta-filesystems/conf/include/non-repro-meta-filesystems.inc @@ -0,0 +1,9 @@ +# List of known non-reproducible package of the meta-filesystems layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_FILESYSTEMS = " \ + e2tools-ptest \ + xfsprogs-doc \ + zfs \ + zfs-dbg \ + zfs-dev \ +" diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/fuse3.conf b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/fuse3.conf new file mode 100644 index 0000000000..a517c488f3 --- /dev/null +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/fuse3.conf @@ -0,0 +1 @@ +fuse diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.16.2.bb b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.16.2.bb index 2b0797a6f5..b946b63ee4 100644 --- a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.16.2.bb +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.16.2.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = " \ " SRC_URI = "https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.gz \ + file://fuse3.conf \ " SRC_URI[sha256sum] = "f797055d9296b275e981f5f62d4e32e089614fc253d1ef2985851025b8a0ce87" @@ -79,6 +80,20 @@ FILES:fuse3-utils = "${bindir} ${base_sbindir}" DEBIAN_NOAUTONAME:fuse3-utils = "1" DEBIAN_NOAUTONAME:${PN}-dbg = "1" +SYSTEMD_SERVICE:${PN} = "" + do_install:append() { rm -rf ${D}${base_prefix}/dev + + # systemd class remove the sysv_initddir only if systemd_system_unitdir + # contains anything, but it's not needed if sysvinit is not in DISTRO_FEATURES + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then + rm -rf ${D}${sysconfdir}/init.d/ + fi + + # Install systemd related configuration file + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/modules-load.d + install -m 0644 ${WORKDIR}/fuse3.conf ${D}${sysconfdir}/modules-load.d + fi } diff --git a/meta-openembedded/meta-filesystems/recipes-utils/binfs/bindfs_1.17.6.bb b/meta-openembedded/meta-filesystems/recipes-utils/binfs/bindfs_1.17.7.bb index 673198e2dd..788c85b7ce 100644 --- a/meta-openembedded/meta-filesystems/recipes-utils/binfs/bindfs_1.17.6.bb +++ b/meta-openembedded/meta-filesystems/recipes-utils/binfs/bindfs_1.17.7.bb @@ -8,7 +8,7 @@ DEPENDS = "fuse" RDEPENDS:${PN} = "fuse" SRC_URI = "git://github.com/mpartel/bindfs;protocol=https;branch=master" -SRCREV = "b982aee1161307cdd0e90f7f9597b11872440efc" +SRCREV = "3f5e3cb1fcac5fb8034fa4712764317fab51ebe0" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-gnome/README.md b/meta-openembedded/meta-gnome/README.md index fbb0d72476..2125c36df3 100644 --- a/meta-openembedded/meta-gnome/README.md +++ b/meta-openembedded/meta-gnome/README.md @@ -3,14 +3,14 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: scarthgap URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: scarthgap -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome][scarthgap]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][scarthgap][PATCH' -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-gnome/conf/include/non-repro-meta-gnome.inc b/meta-openembedded/meta-gnome/conf/include/non-repro-meta-gnome.inc new file mode 100755 index 0000000000..553bc32cc6 --- /dev/null +++ b/meta-openembedded/meta-gnome/conf/include/non-repro-meta-gnome.inc @@ -0,0 +1,13 @@ +# List of known non-reproducible package of the meta-gnome layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_GNOME = " \ + geary \ + geary-dbg \ + gegl-dev \ + gimp \ + gimp-dbg \ + gnome-terminal-src \ + grilo-src \ + gtk-vnc-src \ + ibus \ +" diff --git a/meta-openembedded/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.0.bb b/meta-openembedded/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb index b9ee0e60d5..634b37971e 100644 --- a/meta-openembedded/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.0.bb +++ b/meta-openembedded/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb @@ -8,7 +8,7 @@ inherit gnomebase gettext gsettings features_check REQUIRED_DISTRO_FEATURES = "opengl" -SRC_URI[archive.sha256sum] = "e75ce17c12a6d39254dc309c31514e5ef15763f136612d641c5f6f4445e00ac4" +SRC_URI[archive.sha256sum] = "7c62a4281fdfa9522110affbf75d09973035f2adc7fa4577511d733186beb68f" DEPENDS = " \ asciidoc-native \ diff --git a/meta-openembedded/meta-gnome/recipes-gnome/file-roller/file-roller_44.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/file-roller/file-roller_44.1.bb index 3daa1b5706..30760387f4 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/file-roller/file-roller_44.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/file-roller/file-roller_44.1.bb @@ -22,7 +22,7 @@ REQUIRED_DISTRO_FEATURES = "opengl" EXTRA_OEMESON += "-Dintrospection=enabled" SRC_URI = "git://gitlab.gnome.org/GNOME/file-roller.git;protocol=https;branch=master" -SRCREV = "f1c7714cf4c8989b9f3fa4c611887c29cf6df343" +SRCREV = "299e86c77d8fe600ee6658357e209b15c674397e" S = "${WORKDIR}/git" PACKAGECONFIG ??= "" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-calendar/gnome-calendar_46.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-calendar/gnome-calendar_46.1.bb index 707c4b583f..eac768c8f5 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-calendar/gnome-calendar_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-calendar/gnome-calendar_46.1.bb @@ -22,7 +22,7 @@ inherit gnomebase gsettings gtk-icon-cache gettext features_check upstream-versi REQUIRED_DISTRO_FEATURES = "x11 opengl" -SRC_URI[archive.sha256sum] = "5e21960c174bd8606d9089bf79c70f31070ab4837919878b00db2f14af9fe718" +SRC_URI[archive.sha256sum] = "9861ff7b8abd5b7b20690ba55eb7542c7ec534b566269e29b5b1e858c1610897" do_install:prepend() { sed -i -e 's|${S}/src|${TARGET_DBGSRC_DIR}/src|g' ${B}/src/gcal-enum-types.h diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center/0001-Add-meson-option-to-pass-sysroot.patch b/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center/0001-Add-meson-option-to-pass-sysroot.patch index 4ae923f876..7d17817bc0 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center/0001-Add-meson-option-to-pass-sysroot.patch +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center/0001-Add-meson-option-to-pass-sysroot.patch @@ -1,4 +1,4 @@ -From 1a48df2a8da44410bbd767c2420d363f6180c79a Mon Sep 17 00:00:00 2001 +From 8e542784b8ca49c655df0f251a1a1dec724a522e Mon Sep 17 00:00:00 2001 From: Markus Volk <f_l_k@t-online.de> Date: Mon, 18 Mar 2024 05:50:21 +0100 Subject: [PATCH] Add meson option to pass sysroot @@ -13,16 +13,16 @@ Upstream-Status: Inappropriate [OE specific] 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/meson_options.txt b/meson_options.txt -index e53d6e3f3..8fae4c824 100644 +index f415a7e..8966632 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,3 +1,4 @@ +option('oe_sysroot', type: 'string', value: '', description: 'Directory for OE-sysroot') option('deprecated-declarations', type: 'feature', value: 'disabled', description: 'build with deprecated declaration warnings') option('documentation', type: 'boolean', value: false, description: 'build documentation') - option('ibus', type: 'boolean', value: true, description: 'build with IBus support') + option('location-services', type: 'feature', value: 'disabled', description: 'build with location services') diff --git a/panels/background/meson.build b/panels/background/meson.build -index 6ced050f9..df1f80896 100644 +index 6ced050..df1f808 100644 --- a/panels/background/meson.build +++ b/panels/background/meson.build @@ -24,7 +24,7 @@ common_sources += gnome.mkenums_simple( @@ -35,7 +35,7 @@ index 6ced050f9..df1f80896 100644 common_sources += gnome.mkenums( diff --git a/panels/system/meson.build b/panels/system/meson.build -index 4fee82210..979332a0e 100644 +index 4fee822..979332a 100644 --- a/panels/system/meson.build +++ b/panels/system/meson.build @@ -73,7 +73,7 @@ sources += gnome.compile_resources( @@ -47,6 +47,3 @@ index 4fee82210..979332a0e 100644 'datetime/cc-datetime-page.h' ) --- -2.44.0 - diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.0.1.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.1.bb index de11239ed5..87daec0c25 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.0.1.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-control-center/gnome-control-center_46.1.bb @@ -37,16 +37,15 @@ inherit gtk-icon-cache pkgconfig gnomebase gsettings gettext upstream-version-is REQUIRED_DISTRO_FEATURES += "opengl polkit pulseaudio systemd x11" -SRC_URI = "gitsm://gitlab.gnome.org/GNOME/gnome-control-center.git;protocol=https;nobranch=1" SRC_URI += "file://0001-Add-meson-option-to-pass-sysroot.patch" - -S = "${WORKDIR}/git" -SRCREV = "005f40dcfa464f113a1c95f97673bc5505fc15ad" +SRC_URI[archive.sha256sum] = "81792423019deda1d2a074c1ecf6a7e6ef3172c09cbe6f4d7995a4b5dea28312" PACKAGECONFIG ??= "ibus ${@bb.utils.filter('DISTRO_FEATURES', 'wayland', d)}" PACKAGECONFIG[cups] = ",,cups,cups" PACKAGECONFIG[ibus] = "-Dibus=true, -Dibus=false, ibus" PACKAGECONFIG[wayland] = "-Dwayland=true, -Dwayland=false, wayland" +PACKAGECONFIG[file-share] = ",,,gnome-user-share" +PACKAGECONFIG[media-share] = ",,,rygel-meta tumbler" EXTRA_OEMESON += "-Doe_sysroot=${STAGING_DIR_HOST}" @@ -72,4 +71,4 @@ FILES:${PN} += " \ FILES:${PN}-dev += "${datadir}/gettext" -RDEPENDS:${PN} += "gsettings-desktop-schemas tecla system-config-printer cups-pk-helper ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'gnome-user-share', '' , d)}" +RDEPENDS:${PN} += "gsettings-desktop-schemas tecla system-config-printer cups-pk-helper" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-online-accounts/gnome-online-accounts_3.50.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-online-accounts/gnome-online-accounts_3.50.1.bb index d28cc876d6..66df8902fa 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-online-accounts/gnome-online-accounts_3.50.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-online-accounts/gnome-online-accounts_3.50.1.bb @@ -8,7 +8,7 @@ REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('PACKAGECONFIG', 'goabackend', DEPENDS += "gdk-pixbuf dbus glib-2.0 gcr" -SRC_URI[archive.sha256sum] = "b0f64f0dcfbb8885a3a759e1c9de7fb204adb3ce6bd32c30bcf52d5533c06d4e" +SRC_URI[archive.sha256sum] = "42ee43fd1e2942b9ff6106252ccdc834602815508bf7a3a52c0bdfffa56eaf40" PACKAGECONFIG ?= "goabackend kerberos owncloud google windows_live" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell-extensions_46.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell-extensions_46.1.bb index eff5fecffe..b79f70c60c 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell-extensions_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell-extensions_46.1.bb @@ -6,7 +6,7 @@ inherit gnomebase gettext gsettings features_check REQUIRED_DISTRO_FEATURES = "x11 polkit systemd pam gobject-introspection-data" -SRC_URI[archive.sha256sum] = "d8138f88cd92df9f932309149c236fbdd77c1bc095445036ab7eb0ecda53c01a" +SRC_URI[archive.sha256sum] = "c5ba50700da77a986f0060beedacfc017e7ec82283f2a6384842a0807bc4553f" EXTRA_OEMESON += " \ -Dextension_set=all \ diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell/0002-screencast-Correct-expected-bus-name-for-streams.patch b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell/0002-screencast-Correct-expected-bus-name-for-streams.patch new file mode 100644 index 0000000000..736594716a --- /dev/null +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell/0002-screencast-Correct-expected-bus-name-for-streams.patch @@ -0,0 +1,38 @@ +From 50a011a19dcc6997ea6173c07bb80b2d9888d363 Mon Sep 17 00:00:00 2001 +From: Simon McVittie <smcv@debian.org> +Date: Mon, 6 May 2024 21:58:09 +0100 +Subject: [PATCH] screencast: Correct expected bus name for streams +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously, this only worked because GDBusConnection was not filtering +signals by their sender correctly (GNOME/glib#3268). + +Thanks: Alicia Boya García +Signed-off-by: Simon McVittie <smcv@debian.org> +Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3303> + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/50a011a19dcc6997ea6173c07bb80b2d9888d363] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + js/dbusServices/screencast/screencastService.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/js/dbusServices/screencast/screencastService.js b/js/dbusServices/screencast/screencastService.js +index d664a51b083..0645811fa0a 100644 +--- a/js/dbusServices/screencast/screencastService.js ++++ b/js/dbusServices/screencast/screencastService.js +@@ -340,7 +340,7 @@ class Recorder extends Signals.EventEmitter { + }); + + this._streamProxy = new ScreenCastStreamProxy(Gio.DBus.session, +- 'org.gnome.ScreenCast.Stream', ++ 'org.gnome.Mutter.ScreenCast', + streamPath); + + this._streamProxy.connectSignal('PipeWireStreamAdded', +-- +2.30.2 + diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell_46.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell_46.1.bb index 907cfdf678..1bc9b6b394 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-shell/gnome-shell_46.1.bb @@ -32,8 +32,9 @@ GIR_MESON_OPTION = "" # gobject-introspection is mandatory and cannot be configured REQUIRED_DISTRO_FEATURES += "gobject-introspection-data" -SRC_URI[archive.sha256sum] = "6bc41340b6de05774e97cfe20feba86e2b3cc9c8139118f24bd84ac63e82b53e" +SRC_URI[archive.sha256sum] = "64f999844c101e63bf294d45b138de56319ad2f326282721aad0fa860653b369" SRC_URI += "file://0001-Introduce-options-gjs_path-to-optionally-set-path-to.patch" +SRC_URI += "file://0002-screencast-Correct-expected-bus-name-for-streams.patch" PACKAGECONFIG ??= "bluetooth nm ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" PACKAGECONFIG[bluetooth] = ",,gnome-bluetooth" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_46.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_46.1.bb index 967182aeaa..f37eb71952 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_46.1.bb @@ -18,7 +18,7 @@ inherit gnomebase gtk-icon-cache itstool gnome-help mime-xdg features_check REQUIRED_DISTRO_FEATURES = "opengl" -SRC_URI[archive.sha256sum] = "c018d0b3792c044c1558d1d0dd92b09fb0a96c9e2d25e1ae1f4cf91f7eab4614" +SRC_URI[archive.sha256sum] = "8ebfa0bea12e75f5efeacc721be3b8ae65027b024aa81db9ecab8c312257a2eb" FILES:${PN} += " \ ${datadir}/metainfo \ diff --git a/meta-openembedded/meta-gnome/recipes-gnome/libgweather/libgweather4_4.4.2.bb b/meta-openembedded/meta-gnome/recipes-gnome/libgweather/libgweather4_4.4.2.bb index acf2885281..e0c8724a31 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/libgweather/libgweather4_4.4.2.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/libgweather/libgweather4_4.4.2.bb @@ -28,3 +28,7 @@ FILES:${PN} += " \ ${datadir}/libgweather-4 \ ${libdir}/libgweather-4 \ " + +do_configure:prepend() { + cp -f ${STAGING_LIBDIR}/girepository-1.0/GLib*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ +} diff --git a/meta-openembedded/meta-gnome/recipes-gnome/msgraph/msgraph_0.2.1.bb b/meta-openembedded/meta-gnome/recipes-gnome/msgraph/msgraph_0.2.1.bb index 4c11a8d136..9b4a8a0352 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/msgraph/msgraph_0.2.1.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/msgraph/msgraph_0.2.1.bb @@ -2,7 +2,8 @@ SUMMARY = "libmsgraph is a GLib-based library for accessing online serive APIs u LICENSE = "LGPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=3000208d539ec061b899bce1d9ce9404" -inherit gnomebase gobject-introspection gi-docgen +inherit gnomebase gobject-introspection gi-docgen features_check +REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI[archive.sha256sum] = "e0e59eaa8ae3e0a48ec0a6c2fed0470856a709248e9212b6a1d037de5792ecbb" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/mutter/mutter_46.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/mutter/mutter_46.1.bb index d14f161f14..b60ffefb0a 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/mutter/mutter_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/mutter/mutter_46.1.bb @@ -24,7 +24,7 @@ DEPENDS = " \ inherit gnomebase gsettings gobject-introspection gettext features_check -SRC_URI[archive.sha256sum] = "bb3f7d77aebdea9d317d3f5ef03868e4e7969da423ac495e33a16d61db2c9373" +SRC_URI[archive.sha256sum] = "63b2660dd0fa193fa662c80ee12eb8b16f2b8c3bc3896366200c79943824d51d" # x11 is still manadatory - see meson.build REQUIRED_DISTRO_FEATURES = "wayland x11 polkit" diff --git a/meta-openembedded/meta-gnome/recipes-support/xdg-desktop-portal/xdg-desktop-portal-gnome_46.0.bb b/meta-openembedded/meta-gnome/recipes-support/xdg-desktop-portal/xdg-desktop-portal-gnome_46.1.bb index c5040571cd..847907a5be 100644 --- a/meta-openembedded/meta-gnome/recipes-support/xdg-desktop-portal/xdg-desktop-portal-gnome_46.0.bb +++ b/meta-openembedded/meta-gnome/recipes-support/xdg-desktop-portal/xdg-desktop-portal-gnome_46.1.bb @@ -21,7 +21,7 @@ inherit gnomebase pkgconfig gsettings features_check REQUIRED_DISTRO_FEATURES = "polkit" -SRC_URI[archive.sha256sum] = "5d2d533597d280b7370b8f74faa40097b292b0036dbd59166e1312230500bb8b" +SRC_URI[archive.sha256sum] = "7e8d9623e9d96a89c0897616827cd441dcf2832927d38f135c722552b1172aa1" PACKAGECONFIG ?= "screenshot screencast ${@bb.utils.filter('DISTRO_FEATURES', 'wayland', d)}" PACKAGECONFIG[wayland] = ",,wayland-native" diff --git a/meta-openembedded/meta-initramfs/README.md b/meta-openembedded/meta-initramfs/README.md index 119293a741..da7acfca62 100644 --- a/meta-openembedded/meta-initramfs/README.md +++ b/meta-openembedded/meta-initramfs/README.md @@ -12,19 +12,19 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: scarthgap Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-initramfs]' in the subject. +with '[meta-initramfs][scarthgap]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][scarthgap][PATCH' -Interm layer maintainer: Khem Raj <raj.khem@gmail.com> +Interm layer maintainer: Armin Kuster <akuster808@gmail.com> License diff --git a/meta-openembedded/meta-initramfs/conf/include/non-repro-meta-initramfs.inc b/meta-openembedded/meta-initramfs/conf/include/non-repro-meta-initramfs.inc new file mode 100755 index 0000000000..8f01f5624b --- /dev/null +++ b/meta-openembedded/meta-initramfs/conf/include/non-repro-meta-initramfs.inc @@ -0,0 +1,23 @@ +# List of known non-reproducible package of the meta-initramfs layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_INITRAMFS = " \ + kexecboot-klibc \ + kexecboot-klibc-dbg \ + kexec-klibc \ + kexec-tools-klibc-dbg \ + mtdinfo-klibc \ + ubiattach-klibc \ + ubiblock-klibc \ + ubicrc32-klibc \ + ubidetach-klibc \ + ubiformat-klibc \ + ubimkvol-klibc \ + ubinfo-klibc \ + ubinize-klibc \ + ubirename-klibc \ + ubirmvol-klibc \ + ubirsvol-klibc \ + ubiupdatevol-klibc \ + ubi-utils-klibc-dbg \ + vmcore-dmesg-klibc \ +" diff --git a/meta-openembedded/meta-multimedia/README.md b/meta-openembedded/meta-multimedia/README.md index 235c34331b..66c139ac9c 100644 --- a/meta-openembedded/meta-multimedia/README.md +++ b/meta-openembedded/meta-multimedia/README.md @@ -1,17 +1,17 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: scarthgap URI: git://git.openembedded.org/meta-openembedded layers: meta-oe -branch: master +branch: scarthgap -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia]' in the subject +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia][scarthgap]' in the subject When sending single patches, please use something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][scarthgap][PATCH' You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like GitLab, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch <remote>' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI. -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-multimedia/conf/include/non-repro-meta-multimedia.inc b/meta-openembedded/meta-multimedia/conf/include/non-repro-meta-multimedia.inc new file mode 100755 index 0000000000..b02de42eb9 --- /dev/null +++ b/meta-openembedded/meta-multimedia/conf/include/non-repro-meta-multimedia.inc @@ -0,0 +1,15 @@ +# List of known non-reproducible package of the meta-multimedia layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_MULTIMEDIA = " \ + crossguid \ + libcamera \ + libcamera-dbg \ + libcamera-src \ + libgssdp-1.6-src \ + libgupnp-1.6-src \ + libsquish-staticdev \ + oscam \ + oscam-dbg \ + oscam-src \ + rtmpdump-staticdev \ +" diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp/0001-gssdp-enums.c.template-use-basename-instead-of-filen.patch b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp/0001-gssdp-enums.c.template-use-basename-instead-of-filen.patch new file mode 100644 index 0000000000..63126520e9 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp/0001-gssdp-enums.c.template-use-basename-instead-of-filen.patch @@ -0,0 +1,32 @@ +From 78270f9159a9ec7284ca39a2fbb1774347942de1 Mon Sep 17 00:00:00 2001 +From: Markus Volk <f_l_k@t-online.de> +Date: Wed, 24 Apr 2024 19:08:43 +0200 +Subject: [PATCH] gssdp-enums.c.template: use basename instead of filename + +This would prevent the build path from leaking into the source code. + +Signed-off-by: Markus Volk <f_l_k@t-online.de> + +Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gssdp/-/merge_requests/13] +--- + libgssdp/gssdp-enums.c.template | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libgssdp/gssdp-enums.c.template b/libgssdp/gssdp-enums.c.template +index 600d426..2dfb859 100644 +--- a/libgssdp/gssdp-enums.c.template ++++ b/libgssdp/gssdp-enums.c.template +@@ -3,8 +3,8 @@ + + /*** END file-header ***/ + /*** BEGIN file-production ***/ +-/* enumerations from "@filename@" */ +-#include "@filename@" ++/* enumerations from "@basename@" */ ++#include "@basename@" + /*** END file-production ***/ + /*** BEGIN value-header ***/ + GType +-- +2.44.0 + diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.6.3.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.6.3.bb index f2e27622cc..e6ea472709 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.6.3.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.6.3.bb @@ -6,6 +6,7 @@ BUGTRACKER = "https://gitlab.gnome.org/GNOME/gssdp/-/issues" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" +SRC_URI:append = " file://0001-gssdp-enums.c.template-use-basename-instead-of-filen.patch" SRC_URI[archive.sha256sum] = "2fedb5afdb22cf14d5498a39a773ca89788a250fcf70118783df821e1f3f3446" GTKDOC_MESON_OPTION = 'gtk_doc' diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-gupnp-enums.c.template-use-basename-instead-of-filen.patch b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-gupnp-enums.c.template-use-basename-instead-of-filen.patch new file mode 100644 index 0000000000..373eb4548e --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-gupnp-enums.c.template-use-basename-instead-of-filen.patch @@ -0,0 +1,32 @@ +From f875a0afe24fdebdefc46d132f6722dfcb55115a Mon Sep 17 00:00:00 2001 +From: Markus Volk <f_l_k@t-online.de> +Date: Wed, 24 Apr 2024 18:52:45 +0200 +Subject: [PATCH] gupnp-enums.c.template: use @basename@ instead of @filename@ + +This would prevent the build path from leaking into the source code. + +Signed-off-by: Markus Volk <f_l_k@t-online.de> + +Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/36] +--- + libgupnp/gupnp-enums.c.template | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libgupnp/gupnp-enums.c.template b/libgupnp/gupnp-enums.c.template +index 3ce5fa4..a7ff89c 100644 +--- a/libgupnp/gupnp-enums.c.template ++++ b/libgupnp/gupnp-enums.c.template +@@ -3,8 +3,8 @@ + + /*** END file-header ***/ + /*** BEGIN file-production ***/ +-/* enumerations from "@filename@" */ +-#include "@filename@" ++/* enumerations from "@basename@" */ ++#include "@basename@" + /*** END file-production ***/ + /*** BEGIN value-header ***/ + GType +-- +2.44.0 + diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.6.6.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.6.6.bb index f1628d82ee..7d9b8a477f 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.6.6.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.6.6.bb @@ -8,6 +8,8 @@ DEPENDS = "e2fsprogs gssdp libsoup-3.0 libxml2" inherit gnomebase pkgconfig vala gobject-introspection SRC_URI[archive.sha256sum] = "c9dc50e8c78b3792d1b0e6c5c5f52c93e9345d3dae2891e311a993a574f5a04f" +SRC_URI += "file://0001-gupnp-enums.c.template-use-basename-instead-of-filen.patch" + SYSROOT_PREPROCESS_FUNCS += "gupnp_sysroot_preprocess" diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/rygel/rygel_0.42.4.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/rygel/rygel_0.42.5.bb index 4fbdce0867..e79bd77a54 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/rygel/rygel_0.42.4.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/rygel/rygel_0.42.5.bb @@ -20,7 +20,7 @@ inherit gnomebase features_check vala gobject-introspection gettext systemd # gobject-introspection is mandatory for libmediaart-2.0 and cannot be configured REQUIRED_DISTRO_FEATURES = "gobject-introspection-data x11" -SRC_URI[archive.sha256sum] = "6310dfaa2d332b66119b9b020fad6a4bd27d9bc61faf780ca5ca0b62813303f7" +SRC_URI[archive.sha256sum] = "1133602d2e6710aade6b22aa98d93384c8d56396f344763413e96e0110b7d89f" GIR_MESON_ENABLE_FLAG = 'enabled' GIR_MESON_DISABLE_FLAG = 'disabled' @@ -28,7 +28,7 @@ GIR_MESON_DISABLE_FLAG = 'disabled' EXTRA_OEMESON = "-Dengines=gstreamer -Dplugins=${@strip_comma('${RYGEL_PLUGINS}')}" PACKAGECONFIG:append = "${@bb.utils.contains("DISTRO_FEATURES", "x11", " gtk+3", "", d)}" -PACKAGECONFIG ?= "external mpris ruih gst-launch" +PACKAGECONFIG ?= "external mpris ruih gst-launch media-export" PACKAGECONFIG[external] = "" PACKAGECONFIG[mpris] = "" @@ -60,16 +60,9 @@ do_install:append() { # Remove .la files for loadable modules rm -f ${D}/${libdir}/rygel-${LIBV}/engines/*.la rm -f ${D}/${libdir}/rygel-${LIBV}/plugins/*.la - if [ -e ${D}${nonarch_libdir}/systemd/user/rygel.service ]; then - mkdir -p ${D}${systemd_unitdir}/system - mv ${D}${nonarch_libdir}/systemd/user/rygel.service ${D}${systemd_unitdir}/system - rmdir --ignore-fail-on-non-empty ${D}${nonarch_libdir}/systemd/user \ - ${D}${nonarch_libdir}/systemd \ - ${D}${nonarch_libdir} - fi } -FILES:${PN} += "${libdir}/rygel-${LIBV}/engines ${datadir}/dbus-1 ${datadir}/icons" +FILES:${PN} += "${libdir}/rygel-${LIBV}/engines ${systemd_user_unitdir} ${datadir}/dbus-1 ${datadir}/icons" FILES:${PN}-dbg += "${libdir}/rygel-${LIBV}/engines/.debug ${libdir}/rygel-${LIBV}/plugins/.debug" PACKAGES += "${PN}-meta" @@ -77,8 +70,6 @@ ALLOW_EMPTY:${PN}-meta = "1" PACKAGES_DYNAMIC = "${PN}-plugin-*" -SYSTEMD_SERVICE:${PN} = "rygel.service" - python populate_packages:prepend () { rygel_libdir = d.expand('${libdir}/rygel-${LIBV}') postinst = d.getVar('plugin_postinst') diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/aravis/aravis_0.8.31.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/aravis/aravis_0.8.31.bb new file mode 100644 index 0000000000..a4386e809c --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/aravis/aravis_0.8.31.bb @@ -0,0 +1,40 @@ +SUMMARY = "A vision library for genicam based cameras" +DESCRIPTION = "\ + Aravis is a glib/gobject based library for video acquisition using Genicam cameras.\ + It currently implements the gigabit ethernet and USB3 protocols used by industrial cameras.\ + It also provides a basic ethernet camera simulator and a simple video viewer.\ +" +AUTHOR = "Emmanuel Pacaud" +HOMEPAGE = "https://github.com/AravisProject/aravis" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +DEPENDS += "\ + glib-2.0 \ + glib-2.0-native \ + libxml2 \ + zlib \ +" + +SRC_URI = "https://github.com/AravisProject/aravis/releases/download/${PV}/${BPN}-${PV}.tar.xz" +SRC_URI[sha256sum] = "9c4ebe6273ed3abe466cb6ed8fa5c132bdd7e9a9298ca43fa0212c4311a084da" + +EXTRA_OEMESON += "-Dtests=false" + +GIR_MESON_ENABLE_FLAG = 'enabled' +GIR_MESON_DISABLE_FLAG = 'disabled' +GIDOCGEN_MESON_OPTION = "documentation" +GIDOCGEN_MESON_ENABLE_FLAG = "enabled" +GIDOCGEN_MESON_DISABLE_FLAG = "disabled" + +inherit meson pkgconfig gi-docgen gobject-introspection + +PACKAGECONFIG ?= "gstreamer usb ${@bb.utils.contains_any('DISTRO_FEATURES', '${GTK3DISTROFEATURES}', 'viewer', '', d)}" +PACKAGECONFIG[gstreamer] = "-Dgst-plugin=enabled, -Dgst-plugin=disabled,gstreamer1.0 gstreamer1.0-plugins-base," +PACKAGECONFIG[usb] = "-Dusb=enabled, -Dusb=disabled, libusb1," +PACKAGECONFIG[viewer] = "-Dviewer=enabled, -Dviewer=disabled, gtk+3 gstreamer1.0-plugins-base," + +FILES:${PN} += "\ + ${datadir} \ + ${libdir}/gstreamer-1.0/libgstaravis.0.8.so \ +" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb index a762fc8322..f30fffebeb 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb @@ -100,3 +100,6 @@ USERADD_PARAM:${PN} = " \ --home ${localstatedir}/lib/mpd \ --groups audio \ --user-group mpd" + +CVE_STATUS[CVE-2020-7465] = "cpe-incorrect: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." +CVE_STATUS[CVE-2020-7466] = "cpe-incorrect: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.4.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.5.bb index e9c83dd236..c8ac04d59a 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.4.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.5.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "dbus ncurses" -SRCREV = "f2874ad1c2f7f0b9a1da05cc4f402b3ea3761ee6" +SRCREV = "a2287be601710eea0d073261223ec34b92384c8a" SRC_URI = "git://gitlab.freedesktop.org/pipewire/pipewire.git;branch=1.0;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb index d25a20ae01..21bc408f6d 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb @@ -9,7 +9,7 @@ DEPENDS = "coreutils-native fribidi libtool libgcrypt libgcrypt-native bison-nat dbus libxml2 gnutls \ tremor faad2 ffmpeg flac alsa-lib \ lua-native lua libidn \ - avahi jpeg xz libmodplug mpeg2dec \ + avahi jpeg xz libmodplug \ libmtp libopus orc libsamplerate0 libusb1 schroedinger taglib \ tiff" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.5.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.5.1.bb index 8aa95a3e97..9115076a24 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.5.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.5.1.bb @@ -10,7 +10,7 @@ DEPENDS = "glib-2.0 glib-2.0-native lua pipewire \ ${@bb.utils.contains("DISTRO_FEATURES", "gobject-introspection-data", "python3-native python3-lxml-native doxygen-native", "", d)} \ " -SRCREV = "59d190a2bd400f3b093f99b16fc0fb06f6cb2cfe" +SRCREV = "961450b2ac700e8c9c85a0beb2426b875fa08bff" SRC_URI = " \ git://gitlab.freedesktop.org/pipewire/wireplumber.git;branch=master;protocol=https \ file://90-OE-disable-session-dbus-dependent-features.lua \ diff --git a/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb b/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb index df688bbcda..04d16ffe11 100644 --- a/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb +++ b/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb @@ -19,5 +19,5 @@ FILES:${PN} += "${libdir}/*" INSANE_SKIP:${PN}-dev = "dev-elf" -PACKAGECONFIG ??= "ui" +PACKAGECONFIG ??= "${@bb.utils.contains_any('DISTRO_FEATURES', '${GTK3DISTROFEATURES}', 'ui', '', d)}" PACKAGECONFIG[ui] = "-Dui=enabled,-Dui=disabled,gtk+3" diff --git a/meta-openembedded/meta-networking/MAINTAINERS b/meta-openembedded/meta-networking/MAINTAINERS index dc549d7582..a424ab9cdd 100644 --- a/meta-openembedded/meta-networking/MAINTAINERS +++ b/meta-openembedded/meta-networking/MAINTAINERS @@ -2,13 +2,13 @@ This file contains a list of maintainers for the meta-networking layer. Please submit any patches against meta-networking to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) with -'[meta-networking]' in the subject. +'[meta-networking][scarthgap]' in the subject. When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ - --subject-prefix='meta-networking][PATCH' + --subject-prefix='meta-networking][scarthgap][PATCH' You may also contact the maintainers directly. @@ -26,14 +26,9 @@ Please keep this list in alphabetical order. Maintainers List (try to look for most precise areas first) COMMON -M: Khem Raj <raj.khem@gmail.com> -M: "Joe MacDonald (backup)" <joe@deserted.net> +M: Armin Kuster <akuster808@gmail.com> L: openembedded-devel@lists.openembedded.org Q: https://patchwork.openembedded.org/project/oe/ S: Maintained F: conf F: recipes-* - -OPENTHREAD -M: Stefan Schmidt <stefan@datenfreihafen.org> -F: recipes-connectivity/openthread/ diff --git a/meta-openembedded/meta-networking/README.md b/meta-openembedded/meta-networking/README.md index ab2640618f..ef7933e319 100644 --- a/meta-openembedded/meta-networking/README.md +++ b/meta-openembedded/meta-networking/README.md @@ -18,21 +18,21 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: Scarthgap For some recipes, the meta-oe layer is required: URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe -branch: master +branch: Scarthgap URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-python -branch: master +branch: Scarthgap Maintenance ----------- -Layer maintainers: Khem Raj <raj.khem@gmail.com> +Stable Layer maintainer: Armin Kuster <akuster808@gmail.com> Please see the MAINTAINERS file for information on contacting the diff --git a/meta-openembedded/meta-networking/classes/waf-samba.bbclass b/meta-openembedded/meta-networking/classes/waf-samba.bbclass index c8bf7bacf8..79acacc989 100644 --- a/meta-openembedded/meta-networking/classes/waf-samba.bbclass +++ b/meta-openembedded/meta-networking/classes/waf-samba.bbclass @@ -15,7 +15,7 @@ CONFIGUREOPTS = " --prefix=${prefix} \ --localstatedir=${localstatedir} \ --libdir=${libdir} \ --includedir=${includedir} \ - --oldincludedir=${oldincludedir} \ + --oldincludedir=${includedir} \ --infodir=${infodir} \ --mandir=${mandir} \ ${PACKAGECONFIG_CONFARGS} \ diff --git a/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc b/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc new file mode 100755 index 0000000000..e0f448fe31 --- /dev/null +++ b/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc @@ -0,0 +1,59 @@ +# List of known non-reproducible package of the meta-networking layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_NETWORKING = " \ + blueman \ + blueman-dbg \ + blueman-src \ + civetweb-dev \ + dhcp-relay-staticdev \ + ettercap-src \ + fetchmail \ + fetchmail-dbg \ + freediameter \ + freediameter-src \ + freeradius \ + htpdate-doc \ + keepalived \ + keepalived-dbg \ + kernel-module-mdio-netlink-6.6.17-yocto-standard \ + libbearssl-staticdev \ + libfko3 \ + libfko-client \ + libfko-daemon \ + libfko-dbg \ + libmosquitto1 \ + libowfat-staticdev \ + libruli-staticdev \ + libsamba-util0 \ + mdio-netlink-dbg \ + mosquitto \ + mosquitto-dbg \ + ncftp \ + ncftp-dbg \ + ncftp-src \ + ndisc6-dbg \ + ndisc6-misc \ + ndisc6-ndisc6 \ + ndisc6-rdisc6 \ + ndisc6-rdnssd \ + ndisc6-rltraceroute6 \ + netsniff-ng-doc \ + ntpsec-src \ + openl2tp \ + openl2tp-dbg \ + ot-br-posix \ + ot-br-posix-dbg \ + postfix-cfg \ + proftpd \ + proftpd-dbg \ + proftpd-dev \ + rdist \ + rdist-dbg \ + samba-dbg \ + tayga \ + tayga-dbg \ + wolfssl \ + wolfssl-dbg \ + znc \ + znc-doc \ +" diff --git a/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc b/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc index 574e3a0aa1..7ec6f9063d 100644 --- a/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc +++ b/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc @@ -7,6 +7,7 @@ # ptests which take less than ~30s each PTESTS_FAST_META_NETWORKING = "\ + freediameter \ geoip \ libcoap \ libldb \ @@ -27,7 +28,6 @@ PTESTS_SLOW_META_NETWORKING = "\ " PTESTS_PROBLEMS_META_NETWORKING = "\ - freediameter \ geoip-perl \ libtevent \ lksctp-tools \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb index 66ad83f711..8cb4c04fa3 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb @@ -11,6 +11,7 @@ DEPENDS = "libpcap libpcre libdnet bison-native libnetfilter-queue" SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ file://disable-run-test-program-while-cross-compiling.patch \ file://0001-correct-the-location-of-unistd.h.patch \ + file://daq-fix-incompatible-pointer-type-error.patch \ " SRC_URI[sha256sum] = "bdc4e5a24d1ea492c39ee213a63c55466a2e8114b6a9abed609927ae13a7705e" # these 2 create undeclared dependency on libdnet and libnetfilter-queue from meta-networking diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch new file mode 100644 index 0000000000..ade3ec686b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch @@ -0,0 +1,31 @@ +Fix daq incompatible pointer type error when gcc option +'-Wincompatible-pointer-types is set: + +| ../../daq-2.0.7/os-daq-modules/daq_nfq.c: In function 'SetPktHdr': +| ../../daq-2.0.7/os-daq-modules/daq_nfq.c:394:37: error: passing argument 2 + of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types] +| 394 | int len = nfq_get_payload(nfad, (char**)pkt); +| | ^~~~~~~~~~~ +| | | +| | char ** + +Upstream-Status: Inactive-Upstream [lastrelease: 2019-03-09] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + os-daq-modules/daq_nfq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/os-daq-modules/daq_nfq.c b/os-daq-modules/daq_nfq.c +index 4de94b6..a6de2f3 100644 +--- a/os-daq-modules/daq_nfq.c ++++ b/os-daq-modules/daq_nfq.c +@@ -391,7 +391,7 @@ static inline int SetPktHdr ( + DAQ_PktHdr_t* hdr, + uint8_t** pkt + ) { +- int len = nfq_get_payload(nfad, (char**)pkt); ++ int len = nfq_get_payload(nfad, (unsigned char**)pkt); + + if ( len <= 0 ) + return -1; diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_3.0.14.bb index 19346124bf..74964e0741 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_3.0.14.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig SRC_URI = "git://github.com/snort3/libdaq.git;protocol=https;branch=master \ file://0001-example-Use-lm-for-the-fst-module.patch" -SRCREV = "c757aaae5a70d5bbb3239c5a16bca217a5aca651" +SRCREV = "4e68d7ba6940df9a1503599d7b177029112d6b6a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb index 3e5fc91dad..63476d3495 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb @@ -33,6 +33,6 @@ RDEPENDS:${PN}-python = " python3-core " RDEPENDS:${PN} = " python3-core " FILES:${PN} += " \ - ${libdir}/${PYTHON_DIR}/site-packages/iec61850.py \ - ${libdir}/${PYTHON_DIR}/site-packages/_iec61850.so \ + ${PYTHON_SITEPACKAGES_DIR}/iec61850.py \ + ${PYTHON_SITEPACKAGES_DIR}/_iec61850.so \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_12.bb b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_1.7.3.bb index ab2907110d..a6556249b7 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_12.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_1.7.3.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a41e579bb4326c21c774f8e51e41d8a3" SRC_URI = "git://github.com/nanomsg/nng.git;branch=master;protocol=https" -SRCREV = "169221da8d53b2ca4fda76f894bee8505887a7c6" +SRCREV = "85fbe7f9e4642b554d0d97f2e3ff2aa12978691a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb index be30154a36..8184fcf1a1 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb @@ -76,9 +76,10 @@ EXTRA_OEMESON = "\ CFLAGS:append:libc-musl = " \ -DRTLD_DEEPBIND=0 \ " - -do_compile:prepend() { - export GI_TYPELIB_PATH="${B}}/src/libnm-client-impl${GI_TYPELIB_PATH:+:$GI_TYPELIB_PATH}" +do_configure:prepend() { + cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ + cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ + cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ } PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli vala \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.21.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.22.0.bb index e6c9a69ee5..568593b2d4 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.21.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.22.0.bb @@ -3,7 +3,7 @@ LICENSE = "GPL-3.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=3d575262a651a6f1a17210ce41bf907d" SRC_URI = "git://github.com/adrienverge/openfortivpn.git;protocol=https;branch=master" -SRCREV = "26a1fe68cc7a61c58f4f2a98862f6fcf30f9f2dc" +SRCREV = "82e4401162fc65efad8267f4cb3287c6ab6fc088" DEPENDS = "openssl" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.5.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.6.bb index f5ef86dd4b..bd0309934b 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.5.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.6.bb @@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \ file://samba-4.3.9-remove-getpwent_r.patch \ " -SRC_URI[sha256sum] = "0e2405b4cec29d0459621f4340a1a74af771ec7cffedff43250cad7f1f87605e" +SRC_URI[sha256sum] = "653b52095554dbc223c63b96af5cdf9e98c3e048549c5f56143d3b33dce1cef1" UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.19(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb index b8826b0682..ee84aa17e7 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb @@ -5,14 +5,12 @@ SECTION = "net" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" -PV = "3+git" - DEPENDS = "flex-native hwloc libdaq libdnet libpcap libpcre libtirpc libunwind luajit zlib" SRC_URI = "git://github.com/snort3/snort3.git;protocol=https;branch=master \ file://0001-cmake-Check-for-HP-libunwind.patch \ file://0001-cmake-Pass-noline-flag-to-flex.patch" -SRCREV = "e1760a8dbb829bb3fcf1a340ab6cc4bb80a47ecd" +SRCREV = "e7312efd840d66a52a2019abe1db7cc89ca0f39a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb index f0f7eb5df6..7f06e0ebf3 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d" inherit features_check systemd -RDEPENDS:${PN} = "python3-pygobject python3-dbus" +RDEPENDS:${PN} = "python3-pygobject python3-dbus python3-json" REQUIRED_DISTRO_FEATURES = "systemd gobject-introspection-data" SRCREV = "dfd26d72793914eb3da910ef8c71de6d7c8942a2" diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.8.bb b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.9.bb index c8370eaba7..33d286e122 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.8.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.9.bb @@ -22,7 +22,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://squid.nm \ " -SRC_URI[sha256sum] = "11cc5650b51809d99483ccfae24744a2e51cd16199f5ff0c917e84fce695870f" +SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \ @@ -68,6 +68,11 @@ EXTRA_OECONF += "--with-default-user=squid \ --with-logdir=${localstatedir}/log/${BPN} \ 'PERL=${USRBINPATH}/env perl'" +# Workaround a build failure when using a native compiler that need -std=c++17 +# with a cross-compiler that doesn't. +# Upstream issue closed as invalid : https://bugs.squid-cache.org/show_bug.cgi?id=5376 +BUILD_CXXFLAGS += "-std=c++17" + export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" TESTDIR = "test-suite" diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch new file mode 100644 index 0000000000..add52483b7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch @@ -0,0 +1,45 @@ +From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001 +From: Jon Shallow <supjps-libcoap@jpshallow.com> +Date: Thu, 25 Jan 2024 18:03:17 +0000 +Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information + +A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. +Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. +The manipulation leads to stack-based buffer overflow. + +CVE: CVE-2024-0962 + +Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311] + +Signed-off-by: alperak <alperyasinak1@gmail.com> +--- + src/coap_oscore.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/coap_oscore.c b/src/coap_oscore.c +index 83f785c92..e0fb22947 100644 +--- a/src/coap_oscore.c ++++ b/src/coap_oscore.c +@@ -1678,11 +1678,12 @@ get_split_entry(const char **start, + oscore_value_t *value) { + const char *begin = *start; + const char *end; ++ const char *kend; + const char *split; + size_t i; + + retry: +- end = memchr(begin, '\n', size); ++ kend = end = memchr(begin, '\n', size); + if (end == NULL) + return 0; + +@@ -1693,7 +1694,7 @@ get_split_entry(const char **start, + + if (begin[0] == '#' || (end - begin) == 0) { + /* Skip comment / blank line */ +- size -= end - begin + 1; ++ size -= kend - begin + 1; + begin = *start; + goto retry; + } diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb index 20bdbee252..98f0f02fb8 100644 --- a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc" SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \ file://run-ptest \ + file://CVE-2024-0962.patch \ " SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615" diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch deleted file mode 100644 index d5e242ac21..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch +++ /dev/null @@ -1,97 +0,0 @@ -From d527a0b7b63e43263384540b5525714484bb089f Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Mon, 3 Sep 2018 14:40:56 +0800 -Subject: [PATCH] libfdcore/sctp.c: update the old sctp api check - -The initial sctp api check for freediameter as below: - === - commit d3c5e991cb532ea09684d69fb4d0d58e9bc39a0c - Author: Sebastien Decugis <sdecugis@freediameter.net> - Date: Mon Jun 3 12:05:37 2013 +0800 - - Add some compliancy to RFC6458. Not tested however as Ubuntu does not support this yet - - [snip] - +/* Use old draft-ietf-tsvwg-sctpsocket-17 API ? If not defined, RFC6458 API will be used */ - +/* #define OLD_SCTP_SOCKET_API */ - + - +/* Automatically fallback to old API if some of the new symbols are not defined */ - +#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_RECVRCVINFO)) || (!defined(SCTP_SNDINFO))) - +# define OLD_SCTP_SOCKET_API - +#endif - === - -SCTP_RECVRCVINFO is defined in <linux/sctp.h>, -but <linux/sctp.h> is't included in the source code -previouly. So defined(SCTP_RECVRCVINFO) can be 0 -and it make old sctp socket api definiton in effect -as below: - # define OLD_SCTP_SOCKET_API - -After lksctp-tools upgrade to 1.0.18, there is below -commit introduced: -=== -commit 3c8bd0d26b64611c690f33f5802c734b0642c1d8 -Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Date: Tue Apr 17 20:17:14 2018 -0300 - - sctp.h: make use kernel UAPI header - - and with that, remove tons of duplicated declarations. These were - lagging behind the kernel header, which is always the most updated one, - and as the library is intended to be run only on Linux, there is no - reason that we cannot re-use what is in there. - - That said, this patch drops all duplicated declarations and includes - linux/sctp.h to bring them into lksctp-tools. - - Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> - - [snip] - #include <stdint.h> - #include <linux/types.h> - #include <sys/socket.h> -+#include <linux/sctp.h> - [snip] -=== - -And above logic make defined(SCTP_RECVRCVINFO) to -be 1 and the old sctp socket api macro as below -won't be defined. - # define OLD_SCTP_SOCKET_API - -And it encouters below build error: -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1262:9: error: 'SCTP_SEND_FAILED_EVENT' undeclared (first use in this function); did you mean 'SCTP_SEND_FAILED'? - case SCTP_SEND_FAILED_EVENT: - ^~~~~~~~~~~~~~~~~~~~~~ - SCTP_SEND_FAILED -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1262:9: note: each undeclared identifier is reported only once for each function it appears in -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1274:9: error: 'SCTP_NOTIFICATIONS_STOPPED_EVENT' undeclared (first use in this function); did you mean 'SCTP_AUTHENTICATION_EVENT'? - case SCTP_NOTIFICATIONS_STOPPED_EVENT: - -Update the old sctp socket api check to fix -the above build error. - -Upstream-Status: Pending - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> ---- - libfdcore/sctp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libfdcore/sctp.c b/libfdcore/sctp.c -index c80a497..83440c7 100644 ---- a/libfdcore/sctp.c -+++ b/libfdcore/sctp.c -@@ -48,7 +48,7 @@ - /* #define OLD_SCTP_SOCKET_API */ - - /* Automatically fallback to old API if some of the new symbols are not defined */ --#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_RECVRCVINFO)) || (!defined(SCTP_SNDINFO))) -+#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_NOTIFICATIONS_STOPPED_EVENT)) || (!defined(SCTP_SNDINFO))) - # define OLD_SCTP_SOCKET_API - #endif - --- -2.7.4 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest index 3c841644b7..7d0648935c 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest +++ b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest @@ -7,4 +7,8 @@ if ! lsmod | grep -q sctp && ! modprobe sctp 2>/dev/null; then fi cmake -E cmake_echo_color --cyan "Running tests..." -ctest --force-new-ctest-process +if ctest --force-new-ctest-process ; then + echo "PASS: freediameter" +else + echo "FAIL: freediameter" +fi diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.4.0.bb b/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.5.0.bb index 44fc46e3a8..b3282d273b 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.4.0.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.5.0.bb @@ -7,28 +7,28 @@ Accounting needs." HOMEPAGE = "http://www.freediameter.net" -DEPENDS = "flex bison cmake-native libgcrypt gnutls libidn lksctp-tools virtual/kernel bison-native" +DEPENDS = "flex bison cmake-native libgcrypt gnutls libidn2 lksctp-tools virtual/kernel bison-native" PACKAGE_ARCH = "${MACHINE_ARCH}" fd_pkgname = "freeDiameter" -SRC_URI = "\ - http://www.freediameter.net/hg/${fd_pkgname}/archive/${PV}.tar.gz;downloadfilename=${fd_pkgname}-${PV}.tar.gz \ +PV .= "+git" +SRCREV = "f9f1e464e6c675d222b3be4cab9c13408d544c83" +SRC_URI = "git://github.com/freeDiameter/freeDiameter;protocol=https;branch=master \ file://Replace-murmurhash-algorithm-with-Robert-Jenkin-s-ha.patch \ + file://run-ptest \ file://freediameter.service \ file://freediameter.init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://install_test.patch file://run-ptest file://0001-tests-use-EXTENSIONS_DIR.patch', '', d)} \ file://freeDiameter.conf \ - file://0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch \ + file://install_test.patch \ + file://0001-tests-use-EXTENSIONS_DIR.patch \ " -SRC_URI[sha256sum] = "7a537401bd110c606594b7c6be71b993f0ccc73ae151ad68040979286ba4e50e" - -S = "${WORKDIR}/${fd_pkgname}-${PV}" +S = "${WORKDIR}/git" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69bdc1d97648a2d35914563fcbbb361a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=868c059b6147748b1d621e500feeac4f" PTEST_PATH = "${libdir}/${fd_pkgname}/ptest" diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb index 58d683eab4..bdd87993d7 100644 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb @@ -63,10 +63,10 @@ FILES:${PN}-dbg += "${bindir}/.debug/* \ ${libdir}/ldb/.debug/* \ ${libdir}/ldb/modules/ldb/.debug/*" -FILES:pyldb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pyldb = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpyldb-util.*.so.* \ " -FILES:pyldb-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug \ +FILES:pyldb-dbg = "${PYTHON_SITEPACKAGES_DIR}/.debug \ ${libdir}/.debug/libpyldb-util.*.so.*" FILES:pyldb-dev = "${libdir}/libpyldb-util.*.so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb index 394c176287..b617f097cf 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb @@ -53,7 +53,7 @@ PACKAGES += "pytalloc pytalloc-dev" RPROVIDES:${PN}-dbg += "pytalloc-dbg" -FILES:pytalloc = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pytalloc = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpytalloc-util.so.2 \ ${libdir}/libpytalloc-util.so.2.1.1 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb index f23b157e8c..bd3f9f63a9 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb @@ -58,6 +58,6 @@ RPROVIDES:${PN}-dbg += "python3-tdb-dbg" FILES:${PN} = "${libdir}/*.so.*" FILES:tdb-tools = "${bindir}/*" -FILES:python3-tdb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tdb = "${PYTHON_SITEPACKAGES_DIR}/*" RDEPENDS:python3-tdb = "python3" INSANE_SKIP:${MLPREFIX}python3-tdb = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb index 67f36083bf..0a37d7977d 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb @@ -17,7 +17,7 @@ SRC_URI = "https://samba.org/ftp/tevent/tevent-${PV}.tar.gz \ LIC_FILES_CHKSUM = "file://tevent.h;endline=26;md5=47386b7c539bf2706b7ce52dc9341681" -SRC_URI[sha256sum] = "1aa58f21017ed8c2f606ae84aa7e795b5439edd4dd5f68f1a388a7d6fb40f682" +SRC_URI[sha256sum] = "362971e0f32dc1905f6fe4736319c4b8348c22dc85aa6c3f690a28efe548029e" inherit pkgconfig ptest waf-samba @@ -57,6 +57,6 @@ PACKAGES += "python3-tevent" RPROVIDES:${PN}-dbg += "python3-tevent-dbg" -FILES:python3-tevent = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tevent = "${PYTHON_SITEPACKAGES_DIR}/*" INSANE_SKIP:${MLPREFIX}python3-tevent = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb index 6696e552c7..82aab051f1 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb @@ -120,3 +120,5 @@ python() { } CVE_PRODUCT = "open-vm-tools vmware:tools" +CVE_STATUS[CVE-2014-4199] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" +CVE_STATUS[CVE-2014-4200] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb index ab4de22a51..7c26a8c436 100644 --- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=http file://0001-cmake-Allow-SYSTEMCTL_BIN-to-be-overridden-from-envi.patch \ file://0001-include-libgen.h-for-basename.patch \ " -SRCREV = "bc6b4bc134532e952fe7f8efc251e1f89b912098" +SRCREV = "6cd09097ad2eebde9a7fa3d3bb09a2cea6e3c2d6" S = "${WORKDIR}/git" #Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md diff --git a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb index 2824dde883..50248078a2 100644 --- a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb @@ -16,7 +16,7 @@ DEPENDS = "\ " SRC_URI = "git://github.com/irontec/sngrep.git;protocol=https;branch=master" -SRCREV = "f7b36df3b79617892958b67cb4ad9313c6ce72d2" +SRCREV = "373abb90804ba71f980c7120e62f90d3a5c81213" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb index 82ce7067d9..c8a3f7f532 100644 --- a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb +++ b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb @@ -40,7 +40,7 @@ DEPENDS = " \ " DEPENDS:append:libc-musl = " libucontext" -RDEPENDS:${PN} = "python3-pyparsing python3-six usbids" +RDEPENDS:${PN} = "python3-pyparsing python3-six hwdata" inherit meson pkgconfig vala gobject-introspection features_check gtk-doc @@ -59,8 +59,9 @@ do_configure:prepend() { PACKAGECONFIG ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)} smartcard" PACKAGECONFIG[vapi] = "-Dvapi=enabled,-Dvapi=disabled" PACKAGECONFIG[smartcard] = "-Dsmartcard=enabled,-Dsmartcard=disabled,libcacard" +PACKAGECONFIG[webdav] = "-Dwebdav=enabled,-Dwebdav=disabled,phodav libsoup" -EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/usb.ids " +EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/hwdata/usb.ids " EXTRA_OEMESON:append:libc-musl = " -Dcoroutine=libucontext" LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' -Wl,--undefined-version', '', d)}" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch new file mode 100644 index 0000000000..69348030bb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch @@ -0,0 +1,129 @@ +From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Tue, 12 Mar 2024 00:37:23 -0700 +Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer. + +This both saves the buffer for freeing later and saves the packet +pointer and snapend to be restored when packet processing is complete, +even if an exception is thrown with longjmp. + +This means that the hex/ASCII printing in pretty_print_packet() +processes the packet data as captured or read from the savefile, rather +than as modified by the PPP printer, so that the bounds checking is +correct. + +That fixes CVE-2024-2397, which was caused by an exception being thrown +by the hex/ASCII printer (which should only happen if those routines are +called by a packet printer, not if they're called for the -X/-x/-A +flag), which jumps back to the setjmp() that surrounds the packet +printer. Hilarity^Winfinite looping ensues. + +Also, restore ndo->ndo_packetp before calling the hex/ASCII printing +routine, in case nd_pop_all_packet_info() didn't restore it. + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2] +CVE: CVE-2024-2397 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + print-ppp.c | 31 +++++++++++++++++-------------- + print.c | 8 ++++++-- + 2 files changed, 23 insertions(+), 16 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index aba243d..e5ae064 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -42,6 +42,8 @@ + #include <net/if_ppp.h> + #endif + ++#include <stdlib.h> ++ + #include "netdissect.h" + #include "extract.h" + #include "addrtoname.h" +@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo, + u_char *b, *t, c; + const u_char *s; + u_int i, proto; +- const void *sb, *se; + + if (caplen == 0) + return; +@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo, + if (length == 0) + return; + +- b = (u_char *)nd_malloc(ndo, caplen); +- if (b == NULL) +- return; ++ b = (u_char *)malloc(caplen); ++ if (b == NULL) { ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: malloc", __func__); ++ } + + /* + * Unescape all the data into a temporary, private, buffer. +@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo, + } + + /* +- * Change the end pointer, so bounds checks work. +- * Change the pointer to packet data to help debugging. ++ * Switch to the output buffer for dissection, and save it ++ * on the buffer stack so it can be freed; our caller must ++ * pop it when done. + */ +- sb = ndo->ndo_packetp; +- se = ndo->ndo_snapend; +- ndo->ndo_packetp = b; +- ndo->ndo_snapend = t; ++ if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) { ++ free(b); ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: can't push buffer on buffer stack", __func__); ++ } + length = ND_BYTES_AVAILABLE_AFTER(b); + + /* now lets guess about the payload codepoint format */ +@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo, + } + + cleanup: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + return; + + trunc: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + nd_print_trunc(ndo); + } + +diff --git a/print.c b/print.c +index 9c0ab86..33706b9 100644 +--- a/print.c ++++ b/print.c +@@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, + nd_pop_all_packet_info(ndo); + + /* +- * Restore the original snapend, as a printer might have +- * changed it. ++ * Restore the originals snapend and packetp, as a printer ++ * might have changed them. ++ * ++ * XXX - nd_pop_all_packet_info() should have restored the ++ * original values, but, just in case.... + */ + ndo->ndo_snapend = sp + h->caplen; ++ ndo->ndo_packetp = sp; + if (ndo->ndo_Xflag) { + /* + * Print the raw packet data in hex and ASCII. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 803a9bb5f5..b05b832dd8 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -24,6 +24,7 @@ SRC_URI = " \ http://www.tcpdump.org/release/${BP}.tar.gz \ file://add-ptest.patch \ file://run-ptest \ + file://CVE-2024-2397.patch \ " SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" diff --git a/meta-openembedded/meta-oe/README.md b/meta-openembedded/meta-oe/README.md index 676a2c8925..9bc68a86c7 100644 --- a/meta-openembedded/meta-oe/README.md +++ b/meta-openembedded/meta-oe/README.md @@ -4,7 +4,7 @@ meta-oe This layer depends on: URI: git://github.com/openembedded/openembedded-core.git -branch: master +branch: scarthgap luajit recipe requires host compiler to be able to generate 32bit code when target is 32bit e.g. arm, so ensure that $CC -m32 is functional on build host, if building this recipe, needed @@ -16,10 +16,10 @@ pacman -S lib32-gcc-libs lib32-glibc Ubuntu sudo apt-get install gcc-multilib linux-libc-dev:i386 -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][scarthgap]' in the subject' When sending single patches, please use something like: -'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-oe][PATCH"' +'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-oe][scarthgap][PATCH"' You are encouraged to fork the mirror on GitHub https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. @@ -28,4 +28,4 @@ Other services like GitLab, repo.or.cz or self-hosted setups are of course accep 'git fetch <remote>' works the same on all of them. We recommend GitHub because it is free, easy to use, has been proven to be reliable and has a really good web GUI. -layer maintainer: Khem Raj <raj.khem@gmail.com> +layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-oe/classes/image_types_verity.bbclass b/meta-openembedded/meta-oe/classes/image_types_verity.bbclass new file mode 100644 index 0000000000..b42217c453 --- /dev/null +++ b/meta-openembedded/meta-oe/classes/image_types_verity.bbclass @@ -0,0 +1,137 @@ +# SPDX-License-Identifier: MIT +# +# Copyright Pengutronix <yocto@pengutronix.de> +# + +# Support generating a dm-verity image and the parameters required to assemble +# the corresponding table for the device-mapper driver. The latter will be +# stored in the file ${DEPLOY_DIR_IMAGE}/<IMAGE_LINK_NAME>.verity-params. Note +# that in the resulting image the hash tree data is appended to the contents of +# the original image without an explicit superblock to keep things simple and +# compact. +# +# The above mentioned parameter file can be sourced by a shell to finally create +# the desired blockdevice via "dmsetup" (found in meta-oe's recipe +# "libdevmapper"), e.g. +# +# . <IMAGE_LINK_NAME>.verity-params +# dmsetup create <dm_dev_name> --readonly --table "0 $VERITY_DATA_SECTORS \ +# verity 1 <dev> <hash_dev> \ +# $VERITY_DATA_BLOCK_SIZE $VERITY_HASH_BLOCK_SIZE \ +# $VERITY_DATA_BLOCKS $VERITY_DATA_BLOCKS \ +# $VERITY_HASH_ALGORITHM $VERITY_ROOT_HASH $VERITY_SALT \ +# 1 ignore_zero_blocks" +# +# As the hash tree data is found at the end of the image, <dev> and <hash_dev> +# should be the same blockdevice in the command shown above while <dm_dev_name> +# is the name of the to be created dm-verity-device. +# +# The root hash is calculated using a salt to make attacks more difficult. Thus, +# please grant each image recipe its own salt which could be generated e.g. via +# +# dd if=/dev/random bs=1k count=1 | sha256sum +# +# and assign it to the parameter VERITY_SALT. + +inherit image-artifact-names + +do_image_verity[depends] += "cryptsetup-native:do_populate_sysroot" + +CLASS_VERITY_SALT = "4e5f0d9b6ccac5e843598d4e4545046232b48451a399acb2106822b43679b375" +VERITY_SALT ?= "${CLASS_VERITY_SALT}" +VERITY_BLOCK_SIZE ?= "4096" +VERITY_IMAGE_FSTYPE ?= "ext4" +VERITY_IMAGE_SUFFIX ?= ".verity" +VERITY_INPUT_IMAGE ?= "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.${VERITY_IMAGE_FSTYPE}" + +IMAGE_TYPEDEP:verity = "${VERITY_IMAGE_FSTYPE}" +IMAGE_TYPES_MASKED += "verity" + +python __anonymous() { + if 'verity' not in d.getVar('IMAGE_FSTYPES'): + return + + dep_task = 'do_image_{}'.format(d.getVar('VERITY_IMAGE_FSTYPE').replace('-', '_')) + bb.build.addtask('do_image_verity', 'do_image_complete', dep_task, d) +} + +python do_image_verity () { + import os + import subprocess + import shutil + + link = d.getVar('VERITY_INPUT_IMAGE') + image = os.path.realpath(link) + + verity_image_suffix = d.getVar('VERITY_IMAGE_SUFFIX') + verity = '{}{}'.format(image, verity_image_suffix) + + # For better readability the parameter VERITY_BLOCK_SIZE is specified in + # bytes. It must be a multiple of the logical sector size which is 512 bytes + # in Linux. Make sure that this is the case as otherwise the resulting + # issues would be hard to debug later. + block_size = int(d.getVar('VERITY_BLOCK_SIZE')) + if block_size % 512 != 0: + bb.fatal("VERITY_BLOCK_SIZE must be a multiple of 512!") + + salt = d.getVar('VERITY_SALT') + if salt == d.getVar('CLASS_VERITY_SALT'): + bb.warn("Please overwrite VERITY_SALT with an image specific one!") + + shutil.copyfile(image, verity) + + data_size_blocks, data_size_rest = divmod(os.stat(verity).st_size, block_size) + data_blocks = data_size_blocks + (1 if data_size_rest else 0) + data_size = data_blocks * block_size + + bb.debug(1, f"data_size_blocks: {data_size_blocks}, {data_size_rest}") + bb.debug(1, f"data_size: {data_size}") + + # Create verity image + try: + output = subprocess.check_output([ + 'veritysetup', 'format', + '--no-superblock', + '--salt={}'.format(salt), + '--data-blocks={}'.format(data_blocks), + '--data-block-size={}'.format(block_size), + '--hash-block-size={}'.format(block_size), + '--hash-offset={}'.format(data_size), + verity, verity, + ]) + except subprocess.CalledProcessError as err: + bb.fatal('%s returned with %s (%s)' % (err.cmd, err.returncode, err.output)) + + try: + with open(image + '.verity-info', 'wb') as f: + f.write(output) + except Exception as err: + bb.fatal('Unexpected error %s' % err) + + # Create verity params + params = [] + for line in output.decode('ASCII').splitlines(): + if not ':' in line: + continue + k, v = line.split(':', 1) + k = k.strip().upper().replace(' ', '_') + v = v.strip() + bb.debug(1, f"{k} {v}") + params.append('VERITY_{}={}'.format(k, v)) + + params.append('VERITY_DATA_SECTORS={}'.format(data_size//512)) + + try: + with open(image + '.verity-params', 'w') as f: + f.write('\n'.join(params)) + except Exception as err: + bb.fatal('Unexpected error %s' % err) + + # Create symlinks + for suffix in [ verity_image_suffix, '.verity-info', '.verity-params' ]: + try: + os.remove(link + suffix) + except FileNotFoundError: + pass + os.symlink(os.path.basename(image) + suffix, link + suffix) +} diff --git a/meta-openembedded/meta-oe/conf/include/non-repro-meta-oe.inc b/meta-openembedded/meta-oe/conf/include/non-repro-meta-oe.inc new file mode 100755 index 0000000000..7961d851f9 --- /dev/null +++ b/meta-openembedded/meta-oe/conf/include/non-repro-meta-oe.inc @@ -0,0 +1,107 @@ +# List of known non-reproducible package of the meta-oe layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_OE = " \ + boinc-client-dev \ + cjson-ptest \ + cpuid-doc \ + crash \ + crash-dbg \ + crash-src \ + dhrystone \ + dhrystone-dbg \ + dhrystone-dev \ + dhrystone-src \ + directfb \ + directfb-dbg \ + doxygen-src \ + editorconfig-core-c-dev \ + etcd-cpp-apiv3-dev \ + fbgrab-doc \ + fluentbit-src \ + fvwm-dbg \ + fvwm-doc \ + fvwm-extra \ + gcab-src \ + gosu \ + gosu-dbg \ + gosu-dev \ + gosu-staticdev \ + gphoto2 \ + gphoto2-dbg \ + hddtemp-locale-de \ + hdf5 \ + hdf5-dbg \ + hdf5-src \ + hdf5-staticdev \ + hplip \ + hplip-dbg \ + jpnevulator-doc \ + jsonrpc-dev \ + kpatch-build \ + kpatch-doc \ + ldns \ + libbotan-3-bin \ + libbotan-3-dbg \ + libbotan-3-dev \ + libck-doc \ + libdbus-cxx-dev \ + libforms \ + libiio-src \ + libjcat-dbg \ + libjcat-ptest \ + libthrift-c-glib-zlib-src \ + libvncserver-dev \ + libwebsockets-testapps \ + libwmf \ + libyui-ncurses-dbg \ + libyui-ncurses-dev \ + lmbench-staticdev \ + log4cpp \ + lprng \ + lprng-dbg \ + lshw \ + lshw-locale-fr \ + mariadb-dbg \ + mariadb-server \ + mariadb-src \ + mce-test \ + mime-support-doc \ + minifi-cpp \ + minifi-cpp-dbg \ + minifi-cpp-src \ + mozjs-115-src \ + mpv \ + mpv-dbg \ + nana \ + nbench-byte \ + nbench-byte-dbg \ + nbench-byte-src \ + nspr-staticdev \ + openocd \ + openocd-dbg \ + pcp \ + pcp-dev \ + pcp-doc \ + pcp-src \ + perfetto \ + perfetto-dbg \ + php-phar \ + pidgin \ + pidgin-dbg \ + pim435-staticdev \ + postgresql-server-dev \ + qcbor-staticdev \ + sharutils \ + sharutils-dbg \ + smemstat-doc \ + soci-dev \ + thin-provisioning-tools-dev \ + vulkan-cts \ + vulkan-cts-dbg \ + waylandpp-dev \ + yasm-src \ + zlog-staticdev \ + zsh \ + zsh-dbg \ + zsh-src \ +" diff --git a/meta-openembedded/meta-oe/conf/include/ptest-packagelists-meta-oe.inc b/meta-openembedded/meta-oe/conf/include/ptest-packagelists-meta-oe.inc index f5c7b9b719..a29408a822 100644 --- a/meta-openembedded/meta-oe/conf/include/ptest-packagelists-meta-oe.inc +++ b/meta-openembedded/meta-oe/conf/include/ptest-packagelists-meta-oe.inc @@ -35,6 +35,7 @@ PTESTS_FAST_META_OE = "\ onig \ oprofile \ protobuf \ + pv \ sdbus-c++ \ uthash \ xmlsec1 \ @@ -68,5 +69,4 @@ PTESTS_PROBLEMS_META_OE ="\ libteam \ ostree \ psqlodbc \ - pv \ " diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb index 3d474305d7..d348ef8be9 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb @@ -101,7 +101,7 @@ FILES:${PN} += "${systemd_unitdir}/system/lircd.service" FILES:${PN} += "${systemd_unitdir}/system/lircd.socket" FILES:${PN} += "${libdir}/tmpfiles.d/lirc.conf" FILES:${PN}-dbg += "${libdir}/lirc/plugins/.debug" -FILES:${PN}-python += "${bindir}/irdb-get ${bindir}/irtext2udp ${bindir}/lircd-setup ${bindir}/pronto2lirc ${libdir}/python*/site-packages" +FILES:${PN}-python += "${bindir}/irdb-get ${bindir}/irtext2udp ${bindir}/lircd-setup ${bindir}/pronto2lirc ${PYTHON_SITEPACKAGES_DIR}" INITSCRIPT_PACKAGES = "lirc lirc-exec" INITSCRIPT_NAME:lirc-exec = "lircexec" diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/0001-meson-Avoid-absolute-buildtime-paths-in-generated-he.patch b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/0001-meson-Avoid-absolute-buildtime-paths-in-generated-he.patch deleted file mode 100644 index 2273bdf105..0000000000 --- a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/0001-meson-Avoid-absolute-buildtime-paths-in-generated-he.patch +++ /dev/null @@ -1,41 +0,0 @@ -From b1df1ed3a21b8ef0244102043a8fb88b0ccc3f91 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 17 Apr 2023 11:30:21 -0700 -Subject: [PATCH] meson: Avoid absolute buildtime paths in generated headers - -using meson.project_source_root() means the path emitted to include .h -files is absolute and it makes its way into PN-src as well, which infact -is not going to work if the -src package was used to re-build this in a -different build path. Therefore use relative path which is '.' and -relative to ${S} - -Changes -include "<abspath>/plugins/acpi-dmar/fu-acpi-dmar-plugin.h" -to -include "./plugins/acpi-dmar/fu-acpi-dmar-plugin.h" - -in generated build/src/fu-plugin-builtin.h - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/meson.build b/src/meson.build -index b9f6736..bb856ea 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -188,7 +188,7 @@ plugins_hdr = custom_target('fwupd-generate-plugins-header', - command : [ - join_paths(meson.project_source_root(), 'contrib', 'generate-plugins-header.py'), - '@OUTPUT@', -- meson.project_source_root(), -+ '.', - ','.join(plugin_names), - ], - ) --- -2.40.0 - diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.9.bb b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.9.18.bb index 1f95dee1be..e6c276ba4e 100644 --- a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.9.bb +++ b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.9.18.bb @@ -2,12 +2,11 @@ SUMMARY = "A simple daemon to allow session software to update firmware" LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -DEPENDS = "glib-2.0 libxmlb json-glib libjcat gcab vala-native" +DEPENDS = "glib-2.0 libxmlb json-glib libjcat gcab vala-native python3-jinja2-native" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \ - file://0001-meson-Avoid-absolute-buildtime-paths-in-generated-he.patch \ file://run-ptest" -SRC_URI[sha256sum] = "719a791ac4ba5988aeb93ec42778bd65d33cb075d0c093b5c04e5e1682be528a" +SRC_URI[sha256sum] = "4e554f77a8a73383a41d5637b62e6c8a8936e66cd1d18585baf29d7fe47fc4d7" UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" @@ -17,14 +16,16 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" inherit meson vala gobject-introspection systemd bash-completion pkgconfig gi-docgen ptest manpages useradd GIDOCGEN_MESON_OPTION = 'docs' -GIDOCGEN_MESON_ENABLE_FLAG = 'docgen' +GIDOCGEN_MESON_ENABLE_FLAG = 'enabled' GIDOCGEN_MESON_DISABLE_FLAG = 'disabled' +GIR_MESON_ENABLE_FLAG = 'enabled' +GIR_MESON_DISABLE_FLAG = 'disabled' PACKAGECONFIG ??= "curl gnutls gudev gusb \ ${@bb.utils.filter('DISTRO_FEATURES', 'bluetooth polkit', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd offline', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'plugin_uefi_capsule plugin_uefi_pk', '', d)} \ - ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests plugin_dummy', '', d)} \ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ hsi \ plugin_android_boot \ plugin_acpi_phat \ @@ -54,61 +55,59 @@ PACKAGECONFIG ??= "curl gnutls gudev gusb \ plugin_upower \ sqlite" -PACKAGECONFIG[bluetooth] = "-Dbluez=true,-Dbluez=false" +PACKAGECONFIG[bluetooth] = "-Dbluez=enabled,-Dbluez=disabled" PACKAGECONFIG[compat-cli] = "-Dcompat_cli=true,-Dcompat_cli=false" -PACKAGECONFIG[consolekit] = "-Dconsolekit=true,-Dconsolekit=false,consolekit" -PACKAGECONFIG[curl] = "-Dcurl=true,-Dcurl=false,curl" +PACKAGECONFIG[consolekit] = "-Dconsolekit=enabled,-Dconsolekit=disabled,consolekit" +PACKAGECONFIG[curl] = "-Dcurl=enabled,-Dcurl=disabled,curl" PACKAGECONFIG[firmware-packager] = "-Dfirmware-packager=true,-Dfirmware-packager=false" PACKAGECONFIG[fish-completion] = "-Dfish_completion=true,-Dfish_completion=false" -PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls" -PACKAGECONFIG[gudev] = "-Dgudev=true,-Dgudev=false,libgudev" -PACKAGECONFIG[gusb] = "-Dgusb=true,-Dgusb=false,libgusb" -PACKAGECONFIG[hsi] = "-Dhsi=true,-Dhsi=false" -PACKAGECONFIG[libarchive] = "-Dlibarchive=true,-Dlibarchive=false,libarchive" +PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" +PACKAGECONFIG[gudev] = "-Dgudev=enabled,-Dgudev=disabled,libgudev" +PACKAGECONFIG[gusb] = "-Dgusb=enabled,-Dgusb=disabled,libgusb" +PACKAGECONFIG[hsi] = "-Dhsi=enabled,-Dhsi=disabled" +PACKAGECONFIG[libarchive] = "-Dlibarchive=enabled,-Dlibarchive=disabled,libarchive" PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false" PACKAGECONFIG[metainfo] = "-Dmetainfo=true,-Dmetainfo=false" -PACKAGECONFIG[offline] = "-Doffline=true,-Doffline=false" -PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false,polkit" -PACKAGECONFIG[sqlite] = "-Dsqlite=true,-Dsqlite=false,sqlite3" -PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd" +PACKAGECONFIG[offline] = "-Doffline=enabled,-Doffline=disabled" +PACKAGECONFIG[polkit] = "-Dpolkit=enabled,-Dpolkit=disabled,polkit" +PACKAGECONFIG[sqlite] = "-Dsqlite=enabled,-Dsqlite=disabled,sqlite3" +PACKAGECONFIG[systemd] = "-Dsystemd=enabled,-Dsystemd=disabled,systemd" PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,gcab-native" # TODO plugins-all meta-option that expands to all plugin_*? -PACKAGECONFIG[plugin_acpi_phat] = "-Dplugin_acpi_phat=true,-Dplugin_acpi_phat=false" +PACKAGECONFIG[plugin_acpi_phat] = "-Dplugin_acpi_phat=enabled,-Dplugin_acpi_phat=disabled" PACKAGECONFIG[plugin_android_boot] = "-Dplugin_android_boot=enabled,-Dplugin_android_boot=disabled" -PACKAGECONFIG[plugin_bcm57xx] = "-Dplugin_bcm57xx=true,-Dplugin_bcm57xx=false" -PACKAGECONFIG[plugin_cfu] = "-Dplugin_cfu=true,-Dplugin_cfu=false" -PACKAGECONFIG[plugin_dell] = "-Dplugin_dell=true,-Dplugin_dell=false,libsmbios" -PACKAGECONFIG[plugin_dummy] = "-Dplugin_dummy=true,-Dplugin_dummy=false" -PACKAGECONFIG[plugin_emmc] = "-Dplugin_emmc=true,-Dplugin_emmc=false" -PACKAGECONFIG[plugin_ep963x] = "-Dplugin_ep963x=true,-Dplugin_ep963x=false" -PACKAGECONFIG[plugin_fastboot] = "-Dplugin_fastboot=true,-Dplugin_fastboot=false" -PACKAGECONFIG[plugin_flashrom] = "-Dplugin_flashrom=true,-Dplugin_flashrom=false,flashrom" -PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=true,-Dplugin_gpio=false" +PACKAGECONFIG[plugin_bcm57xx] = "-Dplugin_bcm57xx=enabled,-Dplugin_bcm57xx=disabled" +PACKAGECONFIG[plugin_cfu] = "-Dplugin_cfu=enabled,-Dplugin_cfu=disabled" +PACKAGECONFIG[plugin_emmc] = "-Dplugin_emmc=enabled,-Dplugin_emmc=disabled" +PACKAGECONFIG[plugin_ep963x] = "-Dplugin_ep963x=enabled,-Dplugin_ep963x=disabled" +PACKAGECONFIG[plugin_fastboot] = "-Dplugin_fastboot=enabled,-Dplugin_fastboot=disabled" +PACKAGECONFIG[plugin_flashrom] = "-Dplugin_flashrom=enabled,-Dplugin_flashrom=disabled,flashrom" +PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=enabled,-Dplugin_gpio=disabled" PACKAGECONFIG[plugin_igsc] = "-Dplugin_igsc=enabled,-Dplugin_igsc=disabled" PACKAGECONFIG[plugin_intel_me] = "-Dplugin_intel_me=enabled,-Dplugin_intel_me=disabled" -PACKAGECONFIG[plugin_intel_spi] = "-Dplugin_intel_spi=true -Dlzma=true,-Dplugin_intel_spi=false -Dlzma=false,xz" -PACKAGECONFIG[plugin_logitech_bulkcontroller] = "-Dplugin_logitech_bulkcontroller=true,-Dplugin_logitech_bulkcontroller=false,protobuf-c-native protobuf-c" +PACKAGECONFIG[plugin_intel_spi] = "-Dplugin_intel_spi=true -Dlzma=enabled,-Dplugin_intel_spi=false -Dlzma=disabled,xz" +PACKAGECONFIG[plugin_logitech_bulkcontroller] = "-Dplugin_logitech_bulkcontroller=enabled,-Dplugin_logitech_bulkcontroller=disabled,protobuf-c-native protobuf-c" PACKAGECONFIG[plugin_logitech_scribe] = "-Dplugin_logitech_scribe=enabled,-Dplugin_logitech_scribe=disabled" -PACKAGECONFIG[plugin_modem_manager] = "-Dplugin_modem_manager=true,-Dplugin_modem_manager=false,libqmi modemmanager" -PACKAGECONFIG[plugin_msr] = "-Dplugin_msr=true,-Dplugin_msr=false,cpuid" -PACKAGECONFIG[plugin_nitrokey] = "-Dplugin_nitrokey=true,-Dplugin_nitrokey=false" -PACKAGECONFIG[plugin_nvme] = "-Dplugin_nvme=true,-Dplugin_nvme=false" -PACKAGECONFIG[plugin_parade_lspcon] = "-Dplugin_parade_lspcon=true,-Dplugin_parade_lspcon=false" -PACKAGECONFIG[plugin_pixart_rf] = "-Dplugin_pixart_rf=true,-Dplugin_pixart_rf=false" -PACKAGECONFIG[plugin_powerd] = "-Dplugin_powerd=true,-Dplugin_powerd=false" -PACKAGECONFIG[plugin_realtek_mst] = "-Dplugin_realtek_mst=true,-Dplugin_realtek_mst=false" -PACKAGECONFIG[plugin_redfish] = "-Dplugin_redfish=true,-Dplugin_redfish=false" -PACKAGECONFIG[plugin_scsi] = "-Dplugin_scsi=true,-Dplugin_scsi=false" -PACKAGECONFIG[plugin_synaptics_mst] = "-Dplugin_synaptics_mst=true,-Dplugin_synaptics_mst=false" -PACKAGECONFIG[plugin_synaptics_rmi] = "-Dplugin_synaptics_rmi=true,-Dplugin_synaptics_rmi=false" -PACKAGECONFIG[plugin_tpm] = "-Dplugin_tpm=true,-Dplugin_tpm=false,tpm2-tss" +PACKAGECONFIG[plugin_modem_manager] = "-Dplugin_modem_manager=enabled,-Dplugin_modem_manager=disabled,libqmi modemmanager" +PACKAGECONFIG[plugin_msr] = "-Dplugin_msr=enabled,-Dplugin_msr=disabled,cpuid" +PACKAGECONFIG[plugin_nitrokey] = "-Dplugin_nitrokey=enabled,-Dplugin_nitrokey=disabled" +PACKAGECONFIG[plugin_nvme] = "-Dplugin_nvme=enabled,-Dplugin_nvme=disabled" +PACKAGECONFIG[plugin_parade_lspcon] = "-Dplugin_parade_lspcon=enabled,-Dplugin_parade_lspcon=disabled" +PACKAGECONFIG[plugin_pixart_rf] = "-Dplugin_pixart_rf=enabled,-Dplugin_pixart_rf=disabled" +PACKAGECONFIG[plugin_powerd] = "-Dplugin_powerd=enabled,-Dplugin_powerd=disabled" +PACKAGECONFIG[plugin_realtek_mst] = "-Dplugin_realtek_mst=enabled,-Dplugin_realtek_mst=disabled" +PACKAGECONFIG[plugin_redfish] = "-Dplugin_redfish=enabled,-Dplugin_redfish=disabled" +PACKAGECONFIG[plugin_scsi] = "-Dplugin_scsi=enabled,-Dplugin_scsi=disabled" +PACKAGECONFIG[plugin_synaptics_mst] = "-Dplugin_synaptics_mst=enabled,-Dplugin_synaptics_mst=disabled" +PACKAGECONFIG[plugin_synaptics_rmi] = "-Dplugin_synaptics_rmi=enabled,-Dplugin_synaptics_rmi=disabled" +PACKAGECONFIG[plugin_tpm] = "-Dplugin_tpm=enabled,-Dplugin_tpm=disabled,tpm2-tss" # Turn off the capsule splash as it needs G-I at buildtime, which isn't currently supported -PACKAGECONFIG[plugin_uefi_capsule] = "-Dplugin_uefi_capsule=true -Dplugin_uefi_capsule_splash=false,-Dplugin_uefi_capsule=false,efivar fwupd-efi" -PACKAGECONFIG[plugin_uefi_pk] = "-Dplugin_uefi_pk=true,-Dplugin_uefi_pk=false" -PACKAGECONFIG[plugin_uf2] = "-Dplugin_uf2=true,-Dplugin_uf2=false" -PACKAGECONFIG[plugin_upower] = "-Dplugin_upower=true,-Dplugin_upower=false" +PACKAGECONFIG[plugin_uefi_capsule] = "-Dplugin_uefi_capsule=enabled -Dplugin_uefi_capsule_splash=false,-Dplugin_uefi_capsule=disabled,efivar fwupd-efi" +PACKAGECONFIG[plugin_uefi_pk] = "-Dplugin_uefi_pk=enabled,-Dplugin_uefi_pk=disabled" +PACKAGECONFIG[plugin_uf2] = "-Dplugin_uf2=enabled,-Dplugin_uf2=disabled" +PACKAGECONFIG[plugin_upower] = "-Dplugin_upower=enabled,-Dplugin_upower=disabled" # Always disable these plugins on non-x86 platforms as they don't compile or are useless DISABLE_NON_X86 = "plugin_intel_me plugin_intel_spi plugin_msr" @@ -130,6 +129,7 @@ do_install:append() { FILES:${PN} += "${libdir}/fwupd-plugins-* \ ${libdir}/fwupd-${PV} \ ${systemd_unitdir} \ + ${nonarch_libdir}/sysusers.d/fwupd.conf \ ${datadir}/fish \ ${datadir}/metainfo \ ${datadir}/icons \ diff --git a/meta-openembedded/meta-oe/recipes-connectivity/gensio/gensio_2.8.3.bb b/meta-openembedded/meta-oe/recipes-connectivity/gensio/gensio_2.8.4.bb index 533b79f477..1f85c46e2f 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/gensio/gensio_2.8.3.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/gensio/gensio_2.8.4.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ " -SRCREV = "c8e0d722794e35c71bc9bb1d79e98f926aad19e0" +SRCREV = "300644fc02b7099ca27ca5bac88c47e159ba8a6b" SRC_URI = "git://github.com/cminyard/gensio;protocol=https;branch=master" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent-rasterbar/libtorrent-rasterbar_2.0.10.bb b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent-rasterbar/libtorrent-rasterbar_2.0.10.bb index 084e3c4080..f2de1f468d 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent-rasterbar/libtorrent-rasterbar_2.0.10.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent-rasterbar/libtorrent-rasterbar_2.0.10.bb @@ -17,6 +17,8 @@ S = "${WORKDIR}/git" inherit cmake pkgconfig python3targetconfig +CVE_PRODUCT = "libtorrent" + EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release" PACKAGECONFIG ??= "python3" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 38f5f63fc4..c7a0562db4 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb @@ -13,8 +13,12 @@ SRCREV = "e60f222241319aaae482789517ad00ae9344bd13" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" +CVE_STATUS[CVE-2009-1760] = "backported-patch: patched in our product" + S = "${WORKDIR}/git" +CVE_PRODUCT = "" + PACKAGECONFIG ??= "instrumentation aligned" PACKAGECONFIG:remove:mipsarch = "instrumentation" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.3.bb b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.3.bb index 4518e2faaa..3170d37f5b 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.3.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.3.bb @@ -42,6 +42,8 @@ do_install:append() { sed -i -e 's|${STAGING_LIBDIR}/libuv.so|uv|g' ${D}${libdir}/cmake/libwebsockets/LibwebsocketsTargets.cmake sed -i -e 's|${STAGING_INCDIR}||g' ${D}${libdir}/cmake/libwebsockets/LibwebsocketsTargets.cmake \ ${D}${libdir}/cmake/libwebsockets/libwebsockets-config.cmake + sed -i -e 's|${STAGING_LIBDIR}/||g' ${D}${libdir}/cmake/libwebsockets/LibwebsocketsTargets.cmake \ + ${D}${libdir}/cmake/libwebsockets/libwebsockets-config.cmake } PACKAGES =+ "${PN}-testapps ${PN}-evlib-event ${PN}-evlib-uv ${PN}-evlib-ev ${PN}-evlib-sd" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-initialize-timespec-variable.patch b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-initialize-timespec-variable.patch new file mode 100644 index 0000000000..f2e210fc67 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-initialize-timespec-variable.patch @@ -0,0 +1,35 @@ +From 298dec6f87061914c85049faca3d0ff3310d1794 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 6 May 2024 12:15:30 -0700 +Subject: [PATCH] initialize timespec variable + +Fixes build warnings with GCC14 + +/mnt/b/yoe/master/build/tmp/work/core2-32-yoe-linux/pcapplusplus/23.09/git/Packet++/src/RawPacket.cpp: In constructor 'pcpp::RawPacket::RawPacket(const uint8_t*, int, timeval, bool, pcpp::LinkLayerType)': +/mnt/b/yoe/master/build/tmp/work/core2-32-yoe-linux/pcapplusplus/23.09/git/Packet++/src/RawPacket.cpp:23:18: error: 'nsec_time.timespec::<anonymous>' is used uninitialized [-Werror=uninitialized] + 23 | timespec nsec_time; + | ^~~~~~~~~ +cc1plus: all warnings being treated as errors + +Upstream-Status: Submitted [https://github.com/seladb/PcapPlusPlus/pull/1389] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Packet++/src/RawPacket.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Packet++/src/RawPacket.cpp b/Packet++/src/RawPacket.cpp +index 8ad52d52..07dbbbe2 100644 +--- a/Packet++/src/RawPacket.cpp ++++ b/Packet++/src/RawPacket.cpp +@@ -20,7 +20,7 @@ void RawPacket::init(bool deleteRawDataAtDestructor) + + RawPacket::RawPacket(const uint8_t* pRawData, int rawDataLen, timeval timestamp, bool deleteRawDataAtDestructor, LinkLayerType layerType) + { +- timespec nsec_time; ++ timespec nsec_time = {}; + TIMEVAL_TO_TIMESPEC(×tamp, &nsec_time); + init(deleteRawDataAtDestructor); + setRawData(pRawData, rawDataLen, nsec_time, layerType); +-- +2.45.0 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-packet-Initialize-m_ExternalRawData-in-IDnsResource-.patch b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-packet-Initialize-m_ExternalRawData-in-IDnsResource-.patch new file mode 100644 index 0000000000..b6389e0e3f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus/0001-packet-Initialize-m_ExternalRawData-in-IDnsResource-.patch @@ -0,0 +1,34 @@ +From 742f564ee80749e9f1f3363092775545e37c0f87 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 9 May 2024 17:02:09 -0700 +Subject: [PATCH] packet++: Initialize m_ExternalRawData in IDnsResource + constructor + +Fixes following warning with GCC-14 + +Packet++/src/DnsResource.cpp:29:24: error: '*this.pcpp::IDnsResource::m_ExternalRawData' may be used uninitialized [-Werror=maybe-uninitialized] + 29 | return m_ExternalRawData; + | ^~~~~~~~~~~~~~~~~ + +Upstream-Status: Submitted [https://github.com/seladb/PcapPlusPlus/pull/1391] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Packet++/src/DnsResource.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Packet++/src/DnsResource.cpp b/Packet++/src/DnsResource.cpp +index fec1bf05..c1f97041 100644 +--- a/Packet++/src/DnsResource.cpp ++++ b/Packet++/src/DnsResource.cpp +@@ -10,7 +10,7 @@ namespace pcpp + { + + IDnsResource::IDnsResource(DnsLayer* dnsLayer, size_t offsetInLayer) +- : m_DnsLayer(dnsLayer), m_OffsetInLayer(offsetInLayer), m_NextResource(nullptr) ++ : m_DnsLayer(dnsLayer), m_OffsetInLayer(offsetInLayer), m_NextResource(nullptr), m_ExternalRawData(nullptr) + { + char decodedName[4096]; + m_NameLength = decodeName((const char*)getRawData(), decodedName); +-- +2.45.0 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus_23.09.bb b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus_23.09.bb index 39c6942c83..9db0222172 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus_23.09.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/pcapplusplus/pcapplusplus_23.09.bb @@ -7,7 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=911690f51af322440237a253d695d19f" DEPENDS = "libpcap" -SRC_URI = "git://github.com/seladb/PcapPlusPlus.git;protocol=https;branch=master" +SRC_URI = "git://github.com/seladb/PcapPlusPlus.git;protocol=https;branch=master \ + file://0001-packet-Initialize-m_ExternalRawData-in-IDnsResource-.patch \ + file://0001-initialize-timespec-variable.patch" + SRCREV = "4cf8ed44f9dd145f874dc1dd747dfefcfcab75be" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb index 8a63f5b203..7544a9fbfa 100644 --- a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb +++ b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb @@ -611,6 +611,7 @@ RDEPENDS:packagegroup-meta-oe-graphics ="\ xcursorgen \ ${@bb.utils.contains("DISTRO_FEATURES", "x11 pam", "xscreensaver", "", d)} \ yad \ + ydotool \ parallel-deqp-runner \ ${@bb.utils.contains("DISTRO_FEATURES", "opengl", "opengl-es-cts", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "opengl vulkan", "vulkan-cts", "", d)} \ diff --git a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.5.0/run-ptest b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.5.0/run-ptest deleted file mode 100755 index 2dc6e1eca1..0000000000 --- a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.5.0/run-ptest +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -e -set -o pipefail - -SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" - -${SCRIPTPATH}/sdbus-c++-unit-tests 2>&1 | \ -sed -r 's/^\[\s+OK\s+\] (.*) \([0-9]+\sms\)$/OK: \1 /' | \ -sed -r 's/^\[\s+FAILED\s+\] (.*) \([0-9]+\sms\)$/FAILED: \1 /' | \ -awk '{if ($1 == "OK:" || $1 == "FAILED:") {print $0}}' - -${SCRIPTPATH}/sdbus-c++-integration-tests 2>&1 | \ -sed -r 's/^\[\s+OK\s+\] (.*) \([0-9]+\sms\)$/OK: \1 /' | \ -sed -r 's/^\[\s+FAILED\s+\] (.*) \([0-9]+\sms\)$/FAILED: \1 /' | \ -awk '{if ($1 == "OK:" || $1 == "FAILED:") {print $0}}' diff --git a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.5.0.bb b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_2.0.0.bb index 6b1af25280..af112ced88 100644 --- a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.5.0.bb +++ b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_2.0.0.bb @@ -8,7 +8,7 @@ inherit cmake DEPENDS += "expat" -SRCREV = "30d9f1d46258c2be4ce29b7f7f168ecdf6d4f328" +SRCREV = "e62472b210d9e7f06a5e611c23471d414c99a99c" SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master;subpath=tools" S = "${WORKDIR}/tools" diff --git a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++/run-ptest b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++/run-ptest new file mode 100755 index 0000000000..5e285b39e0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++/run-ptest @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +./sdbus-c++-unit-tests 2>&1 && echo "PASS: sdbus-c++-unit-tests" || echo "FAIL: sdbus-c++-unit-tests" + +./sdbus-c++-integration-tests 2>&1 && echo "PASS: sdbus-c++-integration-tests" || echo "FAIL: sdbus-c++-integration-tests" diff --git a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.5.0.bb b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++_2.0.0.bb index f52ba141e1..2b6bb1011a 100644 --- a/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.5.0.bb +++ b/meta-openembedded/meta-oe/recipes-core/sdbus-c++/sdbus-c++_2.0.0.bb @@ -12,18 +12,18 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'with-exte ${@bb.utils.contains('PTEST_ENABLED', '1', 'with-tests', '', d)}" PACKAGECONFIG[with-builtin-libsystemd] = ",,sdbus-c++-libsystemd,libcap,basu" PACKAGECONFIG[with-external-libsystemd] = ",,systemd,libsystemd" -PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${PTEST_PATH},-DBUILD_TESTS=OFF,googletest gmock" +PACKAGECONFIG[with-tests] = "-DSDBUSCPP_BUILD_TESTS=ON -DSDBUSCPP_INSTALL_TESTS=ON -DSDBUSCPP_TESTS_INSTALL_PATH=${PTEST_PATH},-DSDBUSCPP_BUILD_TESTS=OFF,googletest gmock" DEPENDS += "expat" -SRCREV = "30d9f1d46258c2be4ce29b7f7f168ecdf6d4f328" +PV .= "+git" +SRCREV = "e62472b210d9e7f06a5e611c23471d414c99a99c" +SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master \ + file://run-ptest" -SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master" -SRC_URI += "file://run-ptest" - -EXTRA_OECMAKE = "-DBUILD_CODE_GEN=OFF \ - -DBUILD_DOC=ON \ - -DBUILD_DOXYGEN_DOC=OFF" +EXTRA_OECMAKE = "-DSDBUSCPP_BUILD_CODEGEN=OFF \ + -DSDBUSCPP_BUILD_DOCS=ON \ + -DSDBUSCPP_BUILD_DOXYGEN_DOCS=OFF" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-core/toybox/toybox_0.8.10.bb b/meta-openembedded/meta-oe/recipes-core/toybox/toybox_0.8.11.bb index d747ebf36a..db071a1995 100644 --- a/meta-openembedded/meta-oe/recipes-core/toybox/toybox_0.8.10.bb +++ b/meta-openembedded/meta-oe/recipes-core/toybox/toybox_0.8.11.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=78659a599b9325da368f2f1eb88f19c7" inherit cml1 update-alternatives SRC_URI = "http://www.landley.net/toybox/downloads/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "d3afee05ca90bf425ced73f527e418fecd626c5340b5f58711a14531f8d7d108" +SRC_URI[sha256sum] = "15aa3f832f4ec1874db761b9950617f99e1e38144c22da39a71311093bfe67dc" SECTION = "base" diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.1.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.2.bb index 53162cb94c..504c718b96 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.2.bb @@ -20,7 +20,7 @@ DEPENDS:append:libc-musl = " argp-standalone" LDFLAGS:append:libc-musl = " -largp" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" -SRC_URI[sha256sum] = "da5d1419e2a86e01aa32fd79582cd54d208857cb541bca2fd426a5ff1aaabbc3" +SRC_URI[sha256sum] = "219ebf74e8eddf96624a0376477e5a6f8f350a67aaf36e7dadb114d94b3afef4" inherit autotools gettext pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0003-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0003-configure.ac-bypass-autoconf-2.69-version-check.patch index d76d1991b6..9df4d073ff 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0003-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0003-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -18,7 +18,7 @@ index 401ce30..27f382d 100644 +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [16.2], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [16.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch index fa46912eef..1f735f322b 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch @@ -23,7 +23,7 @@ diff --git a/configure.ac b/configure.ac index fba79ee..7170f26 100644 --- a/configure.ac +++ b/configure.ac -@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.]) +@@ -2297,7 +2297,7 @@ Use --without-tcl to disable building PL/Tcl.]) fi # check for <perl.h> diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_16.2.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_16.3.bb index 31f83a564b..6df719cd98 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_16.2.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_16.3.bb @@ -11,6 +11,6 @@ SRC_URI += "\ file://0005-postgresql-fix-ptest-failure-of-sysviews.patch \ " -SRC_URI[sha256sum] = "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952" +SRC_URI[sha256sum] = "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585" CVE_STATUS[CVE-2017-8806] = "not-applicable-config: Ddoesn't apply to out configuration of postgresql so we can safely ignore it." diff --git a/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/files/psqlodbc-fix-for-ptest-support.patch b/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/files/psqlodbc-fix-for-ptest-support.patch index 30e67b7dfb..081c6d0fd0 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/files/psqlodbc-fix-for-ptest-support.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/files/psqlodbc-fix-for-ptest-support.patch @@ -19,8 +19,6 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> test/runsuite.c | 20 ++++++++++---------- 3 files changed, 15 insertions(+), 15 deletions(-) -diff --git a/test/Makefile.in b/test/Makefile.in -index 3f9a9af..09406ae 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -19,7 +19,7 @@ CPPFLAGS = @CPPFLAGS@ -I.. # config.h @@ -32,8 +30,6 @@ index 3f9a9af..09406ae 100644 all: $(TESTBINS) runsuite reset-db -diff --git a/test/odbcini-gen.sh b/test/odbcini-gen.sh -index 2eaba35..6555cdb 100755 --- a/test/odbcini-gen.sh +++ b/test/odbcini-gen.sh @@ -6,7 +6,7 @@ @@ -45,6 +41,15 @@ index 2eaba35..6555cdb 100755 driver=${drvr}.so if test ! -e $driver ; then driver=${drvr}.dll +@@ -16,7 +16,7 @@ if test ! -e $driver ; then + fi + fi + +-drvra=../.libs/psqlodbca ++drvra=@LIBDIR@/psqlodbca + drivera=${drvra}.so + if test ! -e $drivera ; then + drivera=${drvra}.dll @@ -52,10 +52,10 @@ Driver = PostgreSQL Unicode Trace = No TraceFile = @@ -59,8 +64,6 @@ index 2eaba35..6555cdb 100755 ReadOnly = No RowVersioning = No ShowSystemTables = No -diff --git a/test/runsuite.c b/test/runsuite.c -index 3be5732..cd842dc 100644 --- a/test/runsuite.c +++ b/test/runsuite.c @@ -55,7 +55,7 @@ bailout(const char *fmt, ...) @@ -72,7 +75,7 @@ index 3be5732..cd842dc 100644 { const char *basename; #ifdef WIN32 -@@ -69,7 +69,7 @@ parse_argument(const char *in, char *testname, char *binname) +@@ -69,7 +69,7 @@ parse_argument(const char *in, char *tes if (strchr(in, DIR_SEP) == NULL) { strcpy(testname, in); @@ -90,7 +93,7 @@ index 3be5732..cd842dc 100644 if (runtest(binname, testname, i, inputdir) != 0) failures++; } -@@ -161,29 +161,29 @@ runtest(const char *binname, const char *testname, int testno, const char *input +@@ -161,29 +161,29 @@ runtest(const char *binname, const char #ifndef WIN32 snprintf(cmdline, sizeof(cmdline), "ODBCSYSINI=. ODBCINSTINI=./odbcinst.ini ODBCINI=./odbc.ini " diff --git a/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/psqlodbc_16.00.0000.bb b/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/psqlodbc_16.00.0000.bb index 97333f679d..a1ef8e75e9 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/psqlodbc_16.00.0000.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/psqlodbc/psqlodbc_16.00.0000.bb @@ -58,5 +58,5 @@ do_install_ptest() { FILES:${PN} += "${libdir}" # The tests need a local PostgreSQL server running -RDEPENDS:${PN}-ptest = "postgresql" - +RDEPENDS:${PN}-ptest += "psqlodbc postgresql diffutils" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils locale-base-en-us glibc-gconv glibc-charmaps" diff --git a/meta-openembedded/meta-oe/recipes-dbs/soci/soci_4.0.3.bb b/meta-openembedded/meta-oe/recipes-dbs/soci/soci_4.0.3.bb index 25d67ff8bf..315f5d515e 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/soci/soci_4.0.3.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/soci/soci_4.0.3.bb @@ -3,7 +3,6 @@ HOMEPAGE = "http://soci.sourceforge.net" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c" SECTION = "libs" -DEPENDS = "boost" SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${BP}/${BP}.tar.gz \ file://0001-Do-not-use-std-shuffle-with-clang-15.patch \ @@ -18,20 +17,20 @@ OBASEDIR ?= "/opt/oracle" OINCDIR = "rdbms/public" OLIBDIR = "lib" -PACKAGECONFIG[sqlite3] = "-DSOCI_SQLITE3=ON,-DSOCI_SQLITE3=OFF,sqlite3," -PACKAGECONFIG[mysql] = "-DSOCI_MYSQL=ON,-DSOCI_MYSQL=OFF,mariadb," -PACKAGECONFIG[postgresql] = "-DSOCI_POSTGRESQL=ON,-DSOCI_POSTGRESQL=OFF,postgresql," -PACKAGECONFIG[odbc] = "-DSOCI_ODBC=ON,-DSOCI_ODBC=OFF,," +PACKAGECONFIG[sqlite3] = "-DWITH_SQLITE3=ON,-DWITH_SQLITE3=OFF,sqlite3," +PACKAGECONFIG[mysql] = "-DWITH_MYSQL=ON,-DWITH_MYSQL=OFF,mariadb," +PACKAGECONFIG[postgresql] = "-DWITH_POSTGRESQL=ON,-DWITH_POSTGRESQL=OFF,postgresql," +PACKAGECONFIG[odbc] = "-DWITH_ODBC=ON,-DWITH_ODBC=OFF,," PACKAGECONFIG[empty] = "-DSOCI_EMPTY=ON,-DSOCI_EMPTY=OFF,," PACKAGECONFIG[oracle] = "-DWITH_ORACLE=ON --with-oracle-include=${OINCDIR} --with-oracle-lib=${OLIBDIR},-DWITH_ORACLE=OFF,," PACKAGECONFIG[firebird] = "-DWITH_FIREBIRD=ON,-DWITH_FIREBIRD=OFF,," -PACKAGECONFIG[ptest] = "${TESTCONFIG},,," +PACKAGECONFIG[boost] = "-DWITH_BOOST=ON,-DWITH_BOOST=OFF,boost" +PACKAGECONFIG[ptest] = "${TESTCONFIG},-DSOCI_TESTS=OFF,," # enable your backend by default we enable 'empty' -PACKAGECONFIG ??= "empty" +PACKAGECONFIG ??= "boost empty" -# Take the flags added by PACKAGECONFIG and pass them to cmake. -EXTRA_OECMAKE = "${EXTRA_OECONF} -DSOCI_LIBDIR=${libdir}" +EXTRA_OECMAKE = "-DWITH_DB2=OFF" DISABLE_STATIC = "" inherit dos2unix cmake diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0004-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0004-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch new file mode 100644 index 0000000000..461df7a608 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0004-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch @@ -0,0 +1,82 @@ +From 7335a36d0b5c1c597566f9aa3f458a5b6817c3b4 Mon Sep 17 00:00:00 2001 +From: aurel32 <aurelien@aurel32.net> +Date: Fri, 22 Mar 2024 14:21:13 -0700 +Subject: [PATCH] PR #1644: unscaledcycleclock: remove RISC-V support + +Imported from GitHub PR https://github.com/abseil/abseil-cpp/pull/1644 + +Starting with Linux 6.6 [1], RDCYCLE is a privileged instruction on RISC-V and can't be used directly from userland. There is a sysctl option to change that as a transition period, but it will eventually disappear. + +The RDTIME instruction is another less accurate alternative, however its frequency varies from board to board, and there is currently now way to get its frequency from userland [2]. + +Therefore this patch just removes the code for unscaledcycleclock on RISC-V. Without processor specific implementation, abseil relies on std::chrono::steady_clock::now().time_since_epoch() which is basically a wrapper around clock_gettime (CLOCK_MONOTONIC), which in turns use __vdso_clock_gettime(). On RISC-V this VDSO is just a wrapper around RDTIME correctly scaled to use nanoseconds units. + +This fixes the testsuite on riscv64, tested on a VisionFive 2 board. + +[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc4c07c89aada16229084eeb93895c95b7eabaa3 +[2] https://github.com/abseil/abseil-cpp/pull/1631 +Merge 43356a2548cfde76e164d446cb69004b488c6a71 into 76f8011beabdaee872b5fde7546e02407b220cb1 + +Merging this change closes #1644 + +COPYBARA_INTEGRATE_REVIEW=https://github.com/abseil/abseil-cpp/pull/1644 from aurel32:rv64-no-unscaledcycleclock 43356a2548cfde76e164d446cb69004b488c6a71 +PiperOrigin-RevId: 618286262 +Change-Id: Ie4120a727e7d0bb185df6e06ea145c780ebe6652 + +Upstream-Status: Backport [https://github.com/abseil/abseil-cpp/commit/7335a36d] +[Adapted to apply on top of meta-oe's patch stack] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> +--- + absl/base/internal/unscaledcycleclock.cc | 12 ------------ + absl/base/internal/unscaledcycleclock_config.h | 5 ++--- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/absl/base/internal/unscaledcycleclock.cc b/absl/base/internal/unscaledcycleclock.cc +index f11fecb3..103b4f6a 100644 +--- a/absl/base/internal/unscaledcycleclock.cc ++++ b/absl/base/internal/unscaledcycleclock.cc +@@ -121,18 +121,6 @@ double UnscaledCycleClock::Frequency() { + return aarch64_timer_frequency; + } + +-#elif defined(__riscv) +- +-int64_t UnscaledCycleClock::Now() { +- int64_t virtual_timer_value; +- asm volatile("rdcycle %0" : "=r"(virtual_timer_value)); +- return virtual_timer_value; +-} +- +-double UnscaledCycleClock::Frequency() { +- return base_internal::NominalCPUFrequency(); +-} +- + #elif defined(_M_IX86) || defined(_M_X64) + + #pragma intrinsic(__rdtsc) +diff --git a/absl/base/internal/unscaledcycleclock_config.h b/absl/base/internal/unscaledcycleclock_config.h +index 5e232c1a..83552fc5 100644 +--- a/absl/base/internal/unscaledcycleclock_config.h ++++ b/absl/base/internal/unscaledcycleclock_config.h +@@ -22,7 +22,6 @@ + // The following platforms have an implementation of a hardware counter. + #if defined(__i386__) || defined(__x86_64__) || defined(__aarch64__) || \ + ((defined(__powerpc__) || defined(__ppc__)) && defined(__GLIBC__)) || \ +- defined(__riscv) || \ + defined(_M_IX86) || (defined(_M_X64) && !defined(_M_ARM64EC)) + #define ABSL_HAVE_UNSCALED_CYCLECLOCK_IMPLEMENTATION 1 + #else +@@ -54,8 +53,8 @@ + #if ABSL_USE_UNSCALED_CYCLECLOCK + // This macro can be used to test if UnscaledCycleClock::Frequency() + // is NominalCPUFrequency() on a particular platform. +-#if (defined(__i386__) || defined(__x86_64__) || defined(__riscv) || \ +- defined(_M_IX86) || defined(_M_X64)) ++#if (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || \ ++ defined(_M_X64)) + #define ABSL_INTERNAL_UNSCALED_CYCLECLOCK_FREQUENCY_IS_CPU_FREQUENCY + #endif + #endif +-- +2.44.0 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.1.bb b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.2.bb index e6c65d3064..87ab239311 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.2.bb @@ -7,13 +7,14 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=df52c6edb7adc22e533b2bacc3bd3915" -SRCREV = "2f9e432cce407ce0ae50676696666f33a77d42ac" +SRCREV = "d7aaad83b488fd62bd51c81ecf16cd938532cc0a" BRANCH = "lts_2024_01_16" SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \ file://0001-absl-always-use-asm-sgidefs.h.patch \ file://0002-Remove-maes-option-from-cross-compilation.patch \ file://abseil-ppc-fixes.patch \ file://0003-Remove-neon-option-from-cross-compilation.patch \ + file://0004-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/autoconf-2.13/autoconf-2.13-native_2.13.bb b/meta-openembedded/meta-oe/recipes-devtools/autoconf-2.13/autoconf-2.13-native_2.13.bb index 21d1356f7b..d0e0446eb8 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/autoconf-2.13/autoconf-2.13-native_2.13.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/autoconf-2.13/autoconf-2.13-native_2.13.bb @@ -43,7 +43,7 @@ CONFIGUREOPTS = " \ --localstatedir=${localstatedir} \ --libdir=${libdir} \ --includedir=${includedir} \ - --oldincludedir=${oldincludedir} \ + --oldincludedir=${includedir} \ --infodir=${infodir} \ --mandir=${mandir} \ --disable-silent-rules \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb index 6c8934b342..ea74f1d680 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb @@ -24,6 +24,11 @@ do_install_ptest() { sed s#${B}#${PTEST_PATH}# ${B}/CTestTestfile.cmake > ${D}${PTEST_PATH}/CTestTestfile.cmake sed s#${B}#${PTEST_PATH}# ${B}/tests/CTestTestfile.cmake > ${D}${PTEST_PATH}/tests/CTestTestfile.cmake sed s#${B}#${PTEST_PATH}# ${B}/fuzzing/CTestTestfile.cmake > ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake + # The cmake files also contain full paths to original CMakeLists.txt file in _BACKTRACE_TRIPLES property; + # these are not needed for successful ptests as we don't install the CMakeLists.txt files anyway. + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/CTestTestfile.cmake + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/tests/CTestTestfile.cmake + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake # install test artifacts install ${B}/cJSON_test ${D}${PTEST_PATH} install ${B}/tests/cjson_add ${B}/tests/*_tests ${B}/tests/parse_* ${B}/tests/print_* ${B}/tests/readme_examples ${D}${PTEST_PATH}/tests/ diff --git a/meta-openembedded/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch b/meta-openembedded/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch new file mode 100644 index 0000000000..a01b28ac6d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch @@ -0,0 +1,42 @@ +Subject: Modify binary name "convert" to "convert.im7" + +The change is needed to resolve the below compilation error +after giflib version upgrade. Log data follows: +| DEBUG: Executing shell function do_compile +| NOTE: make -j 8 +| make -C doc +| make[1]: Entering directory '../giflib/5.2.2/giflib-5.2.2/doc' +| convert ../pic/gifgrid.gif -resize 50x50 giflib-logo.gif +| make[1]: convert: No such file or directory +| make[1]: *** [Makefile:46: giflib-logo.gif] Error 127 +| make[1]: Leaving directory '../giflib/5.2.2/giflib-5.2.2/doc' +| make: *** [Makefile:93: all] Error 2 +| ERROR: oe_runmake failed + +Added dependency on ImageMagick which includes "convert" utility, +to ensure availability of required tool during compilation process. + +This patch updates the binary name used in Makefile from +"convert" to "convert.im7" for resizing the logo image used in HTML +documentation as Imagemagick installs binary in this format. + +Below commits justify the cause of adding the suffix to binaries +provided by ImageMagic package: +https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/imagemagick?id=dcbb49f707e7ad9bf755dd3275ffc442154b8144 +https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/imagemagick?id=6e0c24e9b3f9d430dec57f61f8c12c74bca5375d + +Signed-off-by: Bhabu Bindu <bhabubindu@kpit.com> +Upstream-Status: Inappropriate [OE specific] + +=================================================================== +--- a/doc/Makefile ++++ b/doc/Makefile +@@ -43,7 +43,7 @@ + + # Logo image file for HTML docs + giflib-logo.gif: ../pic/gifgrid.gif +- convert $^ -resize 50x50 $@ ++ convert.im7 $^ -resize 50x50 $@ + + # Philosophical choice: the website gets the internal manual pages + allhtml: $(XMLALL:.xml=.html) giflib-logo.gif diff --git a/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb b/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb index 79afe9a70f..7d8a175fe3 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb @@ -5,10 +5,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ae11c61b04b2917be39b11f78d71519a" CVE_PRODUCT = "giflib_project:giflib" -DEPENDS = "xmlto-native" +DEPENDS = "xmlto-native imagemagick-native" + +SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \ + file://add_suffix_to_convert_binary_used_in_Makefile.patch" + +SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb" -SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz" -SRC_URI[sha256sum] = "31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd" do_install() { # using autotools's default will end up in /usr/local diff --git a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.3.0.bb b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.3.0.bb index 7e0272f898..cc21c8beae 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.3.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.3.0.bb @@ -17,6 +17,8 @@ SRC_URI = "git://github.com/jemalloc/jemalloc.git;branch=dev;protocol=https \ file://run-ptest \ " SRCREV = "630434bb0ac619f7beec927569782d924c459385" +PV_LONG := "${PV}-171-g${SRCREV}" +PV .= "+git" S = "${WORKDIR}/git" @@ -27,7 +29,7 @@ EXTRA_AUTORECONF += "--exclude=autoheader" EXTRA_OECONF:append:libc-musl = " --with-jemalloc-prefix=je_" # For some reason VERSION file populated only in tarball distribution. # Adding jemalloc version since this recipe is using source code from git tag -EXTRA_OECONF:append = " --with-version=${PV}-0-g${SRCREV} --enable-xmalloc" +EXTRA_OECONF:append = " --with-version=${PV_LONG} --enable-xmalloc" do_install:append() { sed -i -e 's@${STAGING_DIR_HOST}@@g' \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/mpich/mpich_4.2.0.bb b/meta-openembedded/meta-oe/recipes-devtools/mpich/mpich_4.2.1.bb index deb459ce57..9fd8c3bb7b 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mpich/mpich_4.2.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/mpich/mpich_4.2.1.bb @@ -6,7 +6,7 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=7a88f0d96d0d7396a7c66bf353235b62" SRC_URI = "http://www.mpich.org/static/downloads/${PV}/mpich-${PV}.tar.gz" -SRC_URI[sha256sum] = "a64a66781b9e5312ad052d32689e23252f745b27ee8818ac2ac0c8209bc0b90e" +SRC_URI[sha256sum] = "23331b2299f287c3419727edc2df8922d7e7abbb9fd0ac74e03b9966f9ad42d7" RDEPENDS:${PN} += "bash perl libxml2" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-20.11/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-20.12/oe-npm-cache index f596207648..eb0f143eae 100755 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-20.11/oe-npm-cache +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-20.12/oe-npm-cache @@ -30,7 +30,7 @@ const xlate = { time: Date.now(), url: key, reqHeaders: { - 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + 'accept': 'application/json', }, resHeaders: { "content-type": "application/json", diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_20.11.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_20.12.bb index a61dd5018f..a61dd5018f 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_20.11.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_20.12.bb diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_20.11.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_20.12.2.bb index 9a61cfcf71..d86c38f2fc 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_20.11.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_20.12.2.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=78ad16dab3c1d15d4878c81770be0be7" +LIC_FILES_CHKSUM = "file://LICENSE;md5=9a7fcce64128730251dbc58aa41b4674" CVE_PRODUCT = "nodejs node.js" @@ -36,7 +36,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "77813edbf3f7f16d2d35d3353443dee4e61d5ee84d9e3138c7538a3c0ca5209e" +SRC_URI[sha256sum] = "d7cbcc5fbfb31e9001f3f0150bbeda59abe5dd7137aaa6273958cd59ce35ced7" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-ext-opcache-config.m4-enable-opcache.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-ext-opcache-config.m4-enable-opcache.patch index a967d64120..c743697469 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-ext-opcache-config.m4-enable-opcache.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/0001-ext-opcache-config.m4-enable-opcache.patch @@ -1,6 +1,6 @@ -From ca9b419f2c146061f73ee045cb0a069c18b40cd0 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 15 Dec 2021 14:00:08 +0800 +From 889583912ddd7abc628f2703892ec4884db6419a Mon Sep 17 00:00:00 2001 +From: Soumya Sambu <soumya.sambu@windriver.com> +Date: Tue, 7 May 2024 08:39:16 +0000 Subject: [PATCH 01/11] ext/opcache/config.m4: enable opcache We can't use AC_TRY_RUN to run programs in a cross compile @@ -20,15 +20,18 @@ Signed-off-by: Claude Bing <cbing@cybernetics.com> update patch to version 8.1.0 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + +update patch to version 8.2.18 +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> --- ext/opcache/config.m4 | 204 ++---------------------------------------- 1 file changed, 8 insertions(+), 196 deletions(-) diff --git a/ext/opcache/config.m4 b/ext/opcache/config.m4 -index 2a83fa2..9471b5d 100644 +index 6bf07ad3..5d645b86 100644 --- a/ext/opcache/config.m4 +++ b/ext/opcache/config.m4 -@@ -108,209 +108,21 @@ if test "$PHP_OPCACHE" != "no"; then +@@ -113,209 +113,21 @@ if test "$PHP_OPCACHE" != "no"; then AC_CHECK_FUNCS([mprotect]) AC_MSG_CHECKING(for sysvipc shared memory support) @@ -40,7 +43,7 @@ index 2a83fa2..9471b5d 100644 -#include <unistd.h> -#include <string.h> - --int main() { +-int main(void) { - pid_t pid; - int status; - int ipc_id; @@ -121,7 +124,7 @@ index 2a83fa2..9471b5d 100644 -# define MAP_FAILED ((void*)-1) -#endif - --int main() { +-int main(void) { - pid_t pid; - int status; - char *shm; @@ -185,7 +188,7 @@ index 2a83fa2..9471b5d 100644 -# define MAP_FAILED ((void*)-1) -#endif - --int main() { +-int main(void) { - pid_t pid; - int status; - int fd; @@ -247,5 +250,5 @@ index 2a83fa2..9471b5d 100644 PHP_NEW_EXTENSION(opcache, ZendAccelerator.c \ -- -2.17.1 +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.16.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.20.bb index 1cb378fb94..f807f67a23 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.16.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.20.bb @@ -34,7 +34,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "2658c1b8935ab6b53a7f209354602761ab07066e66920bc472b8815fd1b43f71" +SRC_URI[sha256sum] = "5dec6fa61c7b9c47aa1d76666be651f2642ed2bcf6cd8638c57e3571ce2aac61" CVE_STATUS_GROUPS += "CVE_STATUS_PHP" CVE_STATUS_PHP[status] = "fixed-version: The name of this product is exactly the same as github.com/emlog/emlog. CVE can be safely ignored." diff --git a/meta-openembedded/meta-oe/recipes-devtools/python/python3-pycups_2.0.1.bb b/meta-openembedded/meta-oe/recipes-devtools/python/python3-pycups_2.0.4.bb index 1508273009..b7071fa4ff 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/python/python3-pycups_2.0.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/python/python3-pycups_2.0.4.bb @@ -14,6 +14,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS += "cups" # See https://pypi.org/project/pycups/ for data -SRC_URI[sha256sum] = "57434ce5f62548eb12949ca8217f066f4eeb21a5d6ab8b13471dce350e380c90" +SRC_URI[sha256sum] = "843e385c1dbf694996ca84ef02a7f30c28376035588f5fbeacd6bae005cf7c8d" inherit pypi python_setuptools_build_meta diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index 2a34210f3c..c5b5e60027 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -3,7 +3,7 @@ SUMMARY = "Yet Another JSON Library." DESCRIPTION = "YAJL is a small event-driven (SAX-style) JSON parser \ written in ANSI C, and a small validating JSON generator." -HOMEPAGE = "http://lloyd.github.com/yajl/" +HOMEPAGE = "https://lloyd.github.io/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" diff --git a/meta-openembedded/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb b/meta-openembedded/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb index 3d438871ed..ec0b4da935 100644 --- a/meta-openembedded/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb @@ -13,7 +13,6 @@ LIC_FILES_CHKSUM = "\ file://LICENSE-MIT;md5=4b242fd9ef20207e18286d73da8a6677 \ " -DEPENDS = "boost" SRCREV = "42ebcec9dc2c99a1b3a4542787572045763ad196" PV = "0.6.3+git" @@ -24,3 +23,8 @@ SRC_URI = "\ S = "${WORKDIR}/git" inherit cmake + +PACKAGECONFIG ??= "" +PACKAGECONFIG[boost] = "-DUSE_BOOST_REGEX=ON,-DUSE_BOOST_REGEX=OFF,boost" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch b/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch deleted file mode 100644 index b076a3fffd..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ced2e933cf647874da4baff002e0987b9bfe5fac Mon Sep 17 00:00:00 2001 -From: Markus Volk <f_l_k@t-online.de> -Date: Sat, 18 Nov 2023 15:07:49 +0100 -Subject: [PATCH] meson.build: require for native wayland-scanner - -Signed-off-by: Markus Volk <f_l_k@t-online.de> - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5596] ---- - meson.build | 4 ++-- - 1 file changed, 1 insertions(+), 1 deletions(-) - -diff --git a/meson.build b/meson.build -index f4e5b3a3..5d2f9eba 100644 ---- a/meson.build -+++ b/meson.build -@@ -207,7 +207,7 @@ gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context')) -+wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context'), native : true) - wayland_protocols = dependency('wayland-protocols', version : '>= 1.32', required : get_option('wayland_security_context')) - build_wayland_security_context = wayland_client.found() and wayland_scanner.found() and wayland_protocols.found() - --- -2.42.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch b/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch deleted file mode 100644 index 77b60ec98c..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 49737b1e4a74c77a8cd7ae727974d68503da087f Mon Sep 17 00:00:00 2001 -From: Markus Volk <f_l_k@t-online.de> -Date: Fri, 12 Jan 2024 13:52:08 +0100 -Subject: [PATCH] meson.build: require native gtkdoc - -this fixes: -| Run-time dependency gtk-doc found: NO (tried pkgconfig) -| -| ../git/meson.build:206:13: ERROR: Dependency "gtk-doc" not found, tried pkgconfig - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5650/commits/e5de3e46b917f830d7f81e9db6ed2a9b7d7db942] - -Signed-off-by: Markus Volk <f_l_k@t-online.de> ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index f7f9372d..dccc3eb4 100644 ---- a/meson.build -+++ b/meson.build -@@ -203,7 +203,7 @@ appstream_dep = dependency('appstream', version : '>=0.12.0') - gdk_pixbuf_dep = dependency('gdk-pixbuf-2.0') - libseccomp_dep = dependency('libseccomp', required : get_option('seccomp')) - gir_dep = dependency('gobject-introspection-1.0', version : '>=1.40.0', required : get_option('gir')) --gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) -+gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc'), native : true) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --- -2.43.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb b/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb index 97e57c13d5..8719d3ef03 100644 --- a/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb +++ b/meta-openembedded/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb @@ -6,11 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = " \ gitsm://github.com/flatpak/flatpak;protocol=https;branch=main \ file://0001-flatpak-pc-add-pc_sysrootdir.patch \ - file://0001-meson.build-require-for-native-wayland-scanner.patch \ - file://0001-meson.build-require-native-gtkdoc.patch \ " -SRCREV = "27b11b93c2a80a91c9461bc6c7f5e9a201406041" +SRCREV = "925c80f913d69e7ca424428823e1431c4ffb0deb" S = "${WORKDIR}/git" @@ -66,6 +64,8 @@ PACKAGECONFIG ?= " \ ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \ " +EXTRA_OEMESON = "-Dsystem_fusermount=${bindir}/fusermount3" + FILES:${PN} += "${libdir} ${datadir}" USERADD_PACKAGES = "${PN}" diff --git a/meta-openembedded/meta-oe/recipes-extended/hiredis/hiredis/run-ptest b/meta-openembedded/meta-oe/recipes-extended/hiredis/hiredis/run-ptest index 59b747dbd8..8d450b881f 100644 --- a/meta-openembedded/meta-oe/recipes-extended/hiredis/hiredis/run-ptest +++ b/meta-openembedded/meta-oe/recipes-extended/hiredis/hiredis/run-ptest @@ -1,3 +1,18 @@ #!/bin/sh -TEST_SSL=0 TEST_ASYNC=0 ./test.sh +TEST_SSL=0 TEST_ASYNC=0 ./test.sh | sed -e 's/PASSED/PASS/g' -e 's/FAILED/FAIL/g' -e 's/SKIPPED/SKIP/g' | awk ' +{ + if ($NF == "\033[0;32mPASS\033[0;0m" || $NF == "\033[0;31mFAIL\033[0;0m" || $NF == "\033[01;33mSKIP\033[0;0m") { + printf "%s: %s\n", $NF, $0 + } else { + print + } +}'| awk '{ + if ($NF == "\033[0;32mPASS\033[0;0m" || $NF == "\033[0;31mFAIL\033[0;0m" || $NF == "\033[01;33mSKIP\033[0;0m") { + $NF = "" + print $0 + } else { + print + } +}' | awk '{gsub(/:/,"",$NF)}1' + diff --git a/meta-openembedded/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb b/meta-openembedded/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb index 15a7965935..6b60d89187 100644 --- a/meta-openembedded/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/rnovacek/konkretcmpi.git;branch=master;protocol=http SRCREV = "ad28225e6eceff88417a60c1ba8896c8e40f21a7" S = "${WORKDIR}/git" -inherit cmake +inherit cmake python3-dir EXTRA_OECMAKE = "-DWITH_PYTHON=ON \ ${@oe.utils.conditional("libdir", "/usr/lib64", "-DLIB_SUFFIX=64", "", d)} \ @@ -34,6 +34,6 @@ PACKAGES =+ "${PN}-python" RPROVIDES:${PN}-dbg += "${PN}-python-dbg" -FILES:${PN}-python = "${libdir}/python*/site-packages/konkretmof.py* ${libdir}/python*/site-packages/_konkretmof.so" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/konkretmof.py* ${PYTHON_SITEPACKAGES_DIR}/_konkretmof.so" BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_3.1.1.bb b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_3.1.1.bb index dd15146285..1ad8036d7b 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_3.1.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_3.1.1.bb @@ -18,7 +18,7 @@ SRC_URI = "git://github.com/storaged-project/libblockdev;branch=3.1.x-devel;prot SRCREV = "68aaff5556afe26be749c29a2b7cbd714dce3050" S = "${WORKDIR}/git" -FILES:${PN} += "${libdir}/python3.*/site-packages" +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" PACKAGECONFIG ??= "python3 lvm lvm-dbus dm parted fs escrow btrfs crypto mdraid mpath nvdimm tools" PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3" diff --git a/meta-openembedded/meta-oe/recipes-extended/libcbor/libcbor_0.11.0.bb b/meta-openembedded/meta-oe/recipes-extended/libcbor/libcbor_0.11.0.bb index 28bd5b5ae2..0e15393dd5 100755 --- a/meta-openembedded/meta-oe/recipes-extended/libcbor/libcbor_0.11.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libcbor/libcbor_0.11.0.bb @@ -11,4 +11,4 @@ S = "${WORKDIR}/git" inherit cmake -EXTRA_OECMAKE += " -DCMAKE_BUILD_TYPE=Release" +EXTRA_OECMAKE += "-DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS:BOOL=ON" diff --git a/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate/0001-lib-arm-don-t-use-explicit-armv8.2-a-on-gcc-13.2-and.patch b/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate/0001-lib-arm-don-t-use-explicit-armv8.2-a-on-gcc-13.2-and.patch new file mode 100644 index 0000000000..e87972af27 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate/0001-lib-arm-don-t-use-explicit-armv8.2-a-on-gcc-13.2-and.patch @@ -0,0 +1,57 @@ +From 684ebc7f8eb44558219d4b5be52add1250b3c0ca Mon Sep 17 00:00:00 2001 +From: Eric Biggers <ebiggers@google.com> +Date: Tue, 30 Apr 2024 11:27:55 -0700 +Subject: [PATCH] lib/arm: don't use explicit armv8.2-a on gcc 13.2 and later + +Resolves https://github.com/ebiggers/libdeflate/issues/369 +--- +Upstream-Status: Backport [https://github.com/ebiggers/libdeflate/pull/370] + + lib/arm/adler32_impl.h | 10 ++++++---- + lib/arm/crc32_impl.h | 10 ++++++---- + 2 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/lib/arm/adler32_impl.h b/lib/arm/adler32_impl.h +index 6453b8e..6144afb 100644 +--- a/lib/arm/adler32_impl.h ++++ b/lib/arm/adler32_impl.h +@@ -214,11 +214,13 @@ adler32_arm_neon(u32 adler, const u8 *p, size_t len) + # ifdef __clang__ + # define ATTRIBUTES _target_attribute("dotprod") + /* +- * With gcc, arch=armv8.2-a is needed for dotprod intrinsics, unless the +- * default target is armv8.3-a or later in which case it must be omitted. +- * armv8.3-a or later can be detected by checking for __ARM_FEATURE_JCVT. ++ * With gcc 13.1 and earlier (before gcc commit 73d3bc348190 or 9aac37ab8a7b, ++ * "aarch64: Remove architecture dependencies from intrinsics"), ++ * arch=armv8.2-a is needed for the dotprod intrinsics, unless the default ++ * target is armv8.3-a or later in which case it must be omitted. armv8.3-a ++ * or later can be detected by checking for __ARM_FEATURE_JCVT. + */ +-# elif defined(__ARM_FEATURE_JCVT) ++# elif GCC_PREREQ(13, 2) || defined(__ARM_FEATURE_JCVT) + # define ATTRIBUTES _target_attribute("+dotprod") + # else + # define ATTRIBUTES _target_attribute("arch=armv8.2-a+dotprod") +diff --git a/lib/arm/crc32_impl.h b/lib/arm/crc32_impl.h +index 3c4bec7..5363041 100644 +--- a/lib/arm/crc32_impl.h ++++ b/lib/arm/crc32_impl.h +@@ -551,11 +551,13 @@ crc32_arm_pmullx4(u32 crc, const u8 *p, size_t len) + # ifdef __clang__ + # define ATTRIBUTES _target_attribute("aes,crc,sha3") + /* +- * With gcc, arch=armv8.2-a is needed for the sha3 intrinsics, unless the +- * default target is armv8.3-a or later in which case it must be omitted. +- * armv8.3-a or later can be detected by checking for __ARM_FEATURE_JCVT. ++ * With gcc 13.1 and earlier (before gcc commit 73d3bc348190 or 9aac37ab8a7b, ++ * "aarch64: Remove architecture dependencies from intrinsics"), ++ * arch=armv8.2-a is needed for the sha3 intrinsics, unless the default ++ * target is armv8.3-a or later in which case it must be omitted. armv8.3-a ++ * or later can be detected by checking for __ARM_FEATURE_JCVT. + */ +-# elif defined(__ARM_FEATURE_JCVT) ++# elif GCC_PREREQ(13, 2) || defined(__ARM_FEATURE_JCVT) + # define ATTRIBUTES _target_attribute("+crypto,+crc,+sha3") + # else + # define ATTRIBUTES _target_attribute("arch=armv8.2-a+crypto+crc+sha3") diff --git a/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate_1.20.bb b/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate_1.20.bb index f0a966f2b4..e3de8aca62 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate_1.20.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libdeflate/libdeflate_1.20.bb @@ -6,10 +6,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7b6977026437092191e9da699ed9f780" DEPENDS += "gzip zlib" -SRC_URI = "git://github.com/ebiggers/libdeflate.git;protocol=https;branch=master" +SRC_URI = "git://github.com/ebiggers/libdeflate.git;protocol=https;branch=master \ + file://0001-lib-arm-don-t-use-explicit-armv8.2-a-on-gcc-13.2-and.patch \ +" S = "${WORKDIR}/git" SRCREV = "275aa5141db6eda3587214e0f1d3a134768f557d" inherit cmake pkgconfig - diff --git a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.3.0.bb b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.3.0.bb index 69e80ac0c8..81a3c26e04 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.3.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.3.0.bb @@ -26,8 +26,8 @@ do_configure:prepend() { } do_install:append () { - if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then - chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so + if [ -e ${D}${PYTHON_SITEPACKAGES_DIR}/plist/_plist.so ]; then + chrpath -d ${D}${PYTHON_SITEPACKAGES_DIR}/plist/_plist.so fi } @@ -38,4 +38,4 @@ PACKAGES =+ "${PN}-utils \ FILES:${PN} = "${libdir}/libplist-2.0${SOLIBS}" FILES:${PN}++ = "${libdir}/libplist++-2.0${SOLIBS}" FILES:${PN}-utils = "${bindir}/*" -FILES:${PN}-python = "${libdir}/python*/site-packages/*" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/*" diff --git a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_git.bb b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_git.bb index 26dd821f96..bfd4af053c 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_git.bb @@ -28,8 +28,8 @@ do_configure:prepend() { } do_install:append () { - if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then - chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so + if [ -e ${D}${PYTHON_SITEPACKAGES_DIR}/plist/_plist.so ]; then + chrpath -d ${D}${PYTHON_SITEPACKAGES_DIR}/plist/_plist.so fi } @@ -40,4 +40,4 @@ PACKAGES =+ "${PN}-utils \ FILES:${PN} = "${libdir}/libplist-2.0${SOLIBS}" FILES:${PN}++ = "${libdir}/libplist++-2.0${SOLIBS}" FILES:${PN}-utils = "${bindir}/*" -FILES:${PN}-python = "${libdir}/python*/site-packages/*" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/*" diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2024.5.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2024.5.bb index 0e098109c8..2ea92f190c 100644 --- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2024.5.bb +++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2024.5.bb @@ -45,6 +45,7 @@ BUILD_OPTIMIZATION:append = " -O2" PACKAGECONFIG ??= " \ ${@bb.utils.filter('DISTRO_FEATURES', 'selinux smack', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd libmount', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'soup3', '', d)} \ glib \ gpgme \ curl \ @@ -192,6 +193,7 @@ RDEPENDS:${PN}-ptest += " \ diffutils \ findutils \ grep \ + locale-base-en-us \ python3-core \ python3-multiprocessing \ strace \ diff --git a/meta-openembedded/meta-oe/recipes-extended/rrdtool/rrdtool_1.8.0.bb b/meta-openembedded/meta-oe/recipes-extended/rrdtool/rrdtool_1.8.0.bb index f0c083c6db..cbe1af2854 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rrdtool/rrdtool_1.8.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rrdtool/rrdtool_1.8.0.bb @@ -124,8 +124,8 @@ RDEPENDS:${PN}-perl = "perl perl-module-lib perl-module-getopt-long perl-module- DESCRIPTION:${PN}-python = \ "The ${PN}-python package includes RRDtool bindings for python." -FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/*" RDEPENDS:${PN}-python = "python3" FILES:${PN}-dbg += "${libdir}/perl/vendor_perl/*/auto/RRDs/.debug \ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug" + ${PYTHON_SITEPACKAGES_DIR}/.debug" diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/0001-include-libgen.h-for-basename.patch b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/0001-include-libgen.h-for-basename.patch deleted file mode 100644 index 439ffc6473..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/0001-include-libgen.h-for-basename.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c955ac2a4d57f21351e53a5209346fdc2325a747 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 25 Mar 2024 15:12:02 -0700 -Subject: [PATCH] include libgen.h for basename - -basename prototype has been removed from string.h from latest musl [1] -compilers e.g. clang-18 flags the absense of prototype as error. therefore -include libgen.h for providing it. - -[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - wdmd/main.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/wdmd/main.c b/wdmd/main.c -index 38a99f3..7014462 100644 ---- a/wdmd/main.c -+++ b/wdmd/main.c -@@ -15,6 +15,7 @@ - #include <stddef.h> - #include <grp.h> - #include <fcntl.h> -+#include <libgen.h> - #include <string.h> - #include <errno.h> - #include <limits.h> --- -2.44.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.9.1.bb b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.9.2.bb index 1d0f8b0103..d369af1c6a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.9.2.bb @@ -16,9 +16,8 @@ PV .= "+git" SRC_URI = "git://pagure.io/sanlock.git;protocol=http;branch=master \ file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch \ file://0001-add-missing-system-header-string.h.patch \ - file://0001-include-libgen.h-for-basename.patch \ - " -SRCREV = "ecf30a1ccf756776dfea440e4cf9b0b54581075f" + " +SRCREV = "e005fbec2324aa8de7e2f302e5a17483c525b1d1" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils/tipcutils.conf b/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils/tipcutils.conf new file mode 100644 index 0000000000..39ed83d6af --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils/tipcutils.conf @@ -0,0 +1 @@ +tipc diff --git a/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb b/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb index 596aa260e7..580d03cbb5 100644 --- a/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb @@ -3,6 +3,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://tipclog/tipc.h;endline=35;md5=985b6ea8735818511d276c1b466cce98" SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils;branch=master \ + file://tipcutils.conf \ file://0001-include-sys-select.h-for-FD_-definitions.patch \ file://0002-replace-non-standard-uint-with-unsigned-int.patch \ file://0001-multicast_blast-tipcc-Fix-struct-type-for-TIPC_GROUP.patch \ @@ -11,7 +12,7 @@ SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils;branch=master \ SRCREV = "7ab2211b87414ba240b0b2e4af219c1057c9cf9a" PV = "2.2.0+git" -inherit autotools pkgconfig +inherit autotools pkgconfig systemd DEPENDS += "libdaemon" @@ -41,8 +42,16 @@ do_install:append() { install -d ${D}${sysconfdir} cp -R --no-dereference --preserve=mode,links -v ${S}/scripts/etc/* ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir} + + # Install systemd related configuration file + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/modules-load.d + install -m 0644 ${WORKDIR}/tipcutils.conf ${D}${sysconfdir}/modules-load.d + fi } +SYSTEMD_SERVICE:${PN} = "" + PACKAGES += "${PN}-demos" FILES:${PN}-dbg += "/opt/tipcutils/demos/*/.debug /opt/tipcutils/ptts/.debug" FILES:${PN}-demos = "/opt/tipcutils/*" diff --git a/meta-openembedded/meta-oe/recipes-gnome/gnome-themes/adw-gtk3_5.2.bb b/meta-openembedded/meta-oe/recipes-gnome/gnome-themes/adw-gtk3_5.3.bb index d10f5ad413..1ddc277651 100644 --- a/meta-openembedded/meta-oe/recipes-gnome/gnome-themes/adw-gtk3_5.2.bb +++ b/meta-openembedded/meta-oe/recipes-gnome/gnome-themes/adw-gtk3_5.3.bb @@ -11,6 +11,6 @@ inherit meson SRC_URI = "git://github.com/lassekongo83/adw-gtk3.git;protocol=https;branch=main" S = "${WORKDIR}/git" -SRCREV = "8056d8701afbd9b985668916557159432e6ad824" +SRCREV = "22a3b9374369640993e4a7ab84f8acc72318e501" FILES:${PN} = "${datadir}/themes" diff --git a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb index 4d40ee4dee..2700142e5d 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb @@ -101,7 +101,7 @@ PACKAGE_WRITE_DEPS += "qemu-native" PACKAGES =+ "${PN}-python ${PN}-perl ${PN}-demo" -FILES:${PN}-python += "${libdir}/python*/site-packages/ ${libdir}/graphviz/python/" +FILES:${PN}-python += "${PYTHON_SITEPACKAGES_DIR}/ ${libdir}/graphviz/python/" FILES:${PN}-perl += "${libdir}/perl5/*/vendor_perl/ ${libdir}/graphviz/perl/" FILES:${PN}-demo += "${datadir}/graphviz/demo/" diff --git a/meta-openembedded/meta-oe/recipes-graphics/gtkwave/gtkwave_3.3.117.bb b/meta-openembedded/meta-oe/recipes-graphics/gtkwave/gtkwave_3.3.119.bb index d23d89f2b1..0b1b054041 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/gtkwave/gtkwave_3.3.117.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/gtkwave/gtkwave_3.3.119.bb @@ -6,7 +6,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=75859989545e37968a99b631ef42722e" SRC_URI = "http://gtkwave.sourceforge.net/gtkwave-gtk3-${PV}.tar.gz" -SRC_URI[sha256sum] = "3cf1537586a911cbb0601af8fa18cf6da708c8a14a71f69ce3cb9118e8571db9" +SRC_URI[sha256sum] = "eab3e09e7641115c07848bfb30f7dd0c3bbe2b8cbe45017e95e077dbba6ac038" S = "${WORKDIR}/${BPN}-gtk3-${PV}" DEPENDS = " \ diff --git a/meta-openembedded/meta-oe/recipes-graphics/renderdoc/renderdoc_1.27.bb b/meta-openembedded/meta-oe/recipes-graphics/renderdoc/renderdoc_1.27.bb index e52ec5f291..58f2275736 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/renderdoc/renderdoc_1.27.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/renderdoc/renderdoc_1.27.bb @@ -10,7 +10,7 @@ SRC_URI = " \ " S = "${WORKDIR}/git" -DEPENDS += "virtual/libx11 virtual/libgl libxcb xcb-util-keysyms vim-native" +DEPENDS += "virtual/libx11 virtual/libgl libxcb xcb-util-keysyms" RDEPENDS:${PN} = "libxcb xcb-util-keysyms" diff --git a/meta-openembedded/meta-oe/recipes-graphics/suckless/st_0.9.1.bb b/meta-openembedded/meta-oe/recipes-graphics/suckless/st_0.9.2.bb index 18499cf3a0..22ad0211b6 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/suckless/st_0.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/suckless/st_0.9.2.bb @@ -7,7 +7,7 @@ inherit pkgconfig features_check REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI[sha256sum] = "16f43b9433ade9d70d6085c31f9fd99f2835eaade31221020f22143035dfc0d2" +SRC_URI[sha256sum] = "6b215d4f472b21d6232f30f221117a777e24bcfee68955ddefb7426467f9494b" DEPENDS += "libx11 libxft fontconfig ncurses-native" @@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color" ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st" ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color" + +CVE_STATUS[CVE-2017-16224] = "cpe-incorrect: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue." diff --git a/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts_1.3.7.3.bb b/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts_1.3.7.3.bb index 1008a5fd42..7492fe9aa4 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts_1.3.7.3.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts_1.3.7.3.bb @@ -23,6 +23,9 @@ SRC_URI += "file://0001-cmake-Define-WAYLAND_SCANNER-and-WAYLAND_PROTOCOLS_D.pat TOOLCHAIN = "gcc" +# Workaround an optimization bug that breaks createMeshShaderMiscTestsEXT +OECMAKE_CXX_FLAGS:remove:toolchain-gcc = "-O2" + S = "${WORKDIR}/git" REQUIRED_DISTRO_FEATURES = "vulkan" diff --git a/meta-openembedded/meta-oe/recipes-graphics/ydotool/ydotool_git.bb b/meta-openembedded/meta-oe/recipes-graphics/ydotool/ydotool_git.bb new file mode 100644 index 0000000000..3acf70235e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/ydotool/ydotool_git.bb @@ -0,0 +1,26 @@ +SUMMARY = "Generic Linux command-line automation tool (no X!)" +DESCRIPTION = "ydotool is not limited to Wayland. You can use it on anything as long as it accepts keyboard/mouse/whatever input." +LICENSE = "AGPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=eb1e647870add0502f8f010b19de32af" + +PV = "1.0.4+git" + +SRC_URI = "git://github.com/ReimuNotMoe/ydotool;protocol=https;branch=master" +SRCREV = "0c295346d55afcc6aebaaee564333b3e1efabcbd" + +S = "${WORKDIR}/git" + +inherit cmake systemd + +EXTRA_OECMAKE = "\ + -DBUILD_DOCS=OFF \ +" + +do_install:append() { + if ! ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + rm -rf ${D}${systemd_user_unitdir} + rmdir ${D}${nonarch_libdir}/systemd ${D}${nonarch_libdir} + fi +} +SYSTEMD_SERVICE:${PN} = "ydotoold.service" +SYSTEMD_AUTO_ENABLE = "disable" diff --git a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_1.3.0.bb b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_1.4.0.bb index 9b8ca07fe7..f2ec48f390 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_1.3.0.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_1.4.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE.LGPL-2.1;md5=b370887980db5dd40659b50909238 DEPENDS = "zlib elfutils" SRC_URI = "git://github.com/libbpf/libbpf.git;protocol=https;branch=master" -SRCREV = "20c0a9e3d7e7d4aeb283eae982543c9cacc29477" +SRCREV = "20ea95b4505c477af3b6ff6ce9d19cee868ddc5d" PACKAGE_ARCH = "${MACHINE_ARCH}" COMPATIBLE_HOST = "(x86_64|i.86|arm|aarch64|riscv64|powerpc|powerpc64|mips64).*-linux" diff --git a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile/0001-makedumpfile-replace-hardcode-CFLAGS.patch b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile/0001-makedumpfile-replace-hardcode-CFLAGS.patch index 15ced551db..96a996f616 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile/0001-makedumpfile-replace-hardcode-CFLAGS.patch +++ b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile/0001-makedumpfile-replace-hardcode-CFLAGS.patch @@ -1,4 +1,4 @@ -From 71b5a3905d5cd0feca88a0d61d7657ba5296a052 Mon Sep 17 00:00:00 2001 +From 6d16911316cb576db0239f607e60918a222e4436 Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Sun, 24 Apr 2022 17:25:33 +0800 Subject: [PATCH] makedumpfile: replace hardcode CFLAGS @@ -20,9 +20,11 @@ Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Rebase to 1.7.1 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> --- - Makefile | 42 ++++++++++++++++++++++-------------------- - 1 file changed, 22 insertions(+), 20 deletions(-) + Makefile | 40 +++++++++++++++++++++------------------- + 1 file changed, 21 insertions(+), 19 deletions(-) +diff --git a/Makefile b/Makefile +index 71d8548..22acdd5 100644 --- a/Makefile +++ b/Makefile @@ -8,12 +8,6 @@ ifeq ($(strip $CC),) @@ -126,7 +128,7 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> @sed -e "s/@DATE@/$(DATE)/" \ -e "s/@VERSION@/$(VERSION)/" \ $(VPATH)makedumpfile.8.in > $(VPATH)makedumpfile.8 -@@ -120,7 +122,7 @@ makedumpfile: $(SRC_BASE) $(OBJ_PART) $( +@@ -120,7 +122,7 @@ makedumpfile: $(SRC_BASE) $(OBJ_PART) $(OBJ_ARCH) $(VPATH)makedumpfile.conf.5.in > $(VPATH)makedumpfile.conf.5 eppic_makedumpfile.so: extension_eppic.c diff --git a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.4.bb b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.5.bb index b016d5da4d..85b44c4941 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.4.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.5.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" LICENSE = "GPL-2.0-only" SRCBRANCH ?= "master" -SRCREV = "3bc3b3e3be33a9aa040e654f055912063e576c1b" +SRCREV = "c266469347d49287be38059d45e7aaa454db9cb2" DEPENDS = "bzip2 zlib elfutils xz" RDEPENDS:${PN}-tools = "perl ${PN}" diff --git a/meta-openembedded/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.2.bb b/meta-openembedded/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.2.bb index 142b283614..eced6c7726 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.2.bb +++ b/meta-openembedded/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.2.bb @@ -37,7 +37,3 @@ PACKAGECONFIG[gimp] = "-DJPEGXL_ENABLE_PLUGIN_GIMP210=ON,-DJPEGXL_ENABLE_PLUGIN_ PACKAGECONFIG[mime] = "-DJPEGXL_ENABLE_PLUGIN_MIME=ON,-DJPEGXL_ENABLE_PLUGIN_MIME=OFF" FILES:${PN} += "${libdir}/gdk-pixbuf-2.0 ${datadir}" - -CXXFLAGS:append:arm = " -mfp16-format=ieee" -# Option not supported with clang and its default format for __fp16 anyway with clang -CXXFLAGS:remove:toolchain-clang = "-mfp16-format=ieee" diff --git a/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.1.bb b/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.2.bb index 4ce6dd2026..02958ef023 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.1.bb +++ b/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.2.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=4b365c2155d66e550e1447075d6744a5" SRC_URI = "http://downloads.xiph.org/releases/opus/opus-${PV}.tar.gz" -SRC_URI[sha256sum] = "b84610959b8d417b611aa12a22565e0a3732097c6389d19098d844543e340f85" +SRC_URI[sha256sum] = "65c1d2f78b9f2fb20082c38cbe47c951ad5839345876e46941612ee87f9a7ce1" S = "${WORKDIR}/opus-${PV}" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.1.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.1.bb index 96ed6ff3d0..a37ae3bb84 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.1.bb @@ -44,8 +44,8 @@ EXTRA_OECONF = " \ EXTRA_OEMAKE = " \ PYTHON=python3 \ - pythondir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ + pythondir=${PYTHON_SITEPACKAGES_DIR} \ + pyexecdir=${PYTHON_SITEPACKAGES_DIR} \ STDINC='${STAGING_INCDIR}' \ " diff --git a/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.24.11.bb b/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.24.12.bb index d04ba1611d..058fe6a7c4 100644 --- a/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.24.11.bb +++ b/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.24.12.bb @@ -13,7 +13,7 @@ SRC_URI = " \ file://0001-Enable-system-malloc-on-all-linux.patch \ file://0002-Add-debian-csh-scripts.patch \ " -SRC_URI[sha256sum] = "b5a7b627abb3ef2e8d3a869bb675d0e927d850704447a1b2c77946c0d324799d" +SRC_URI[sha256sum] = "e3270ce9667fd5bd2a046687659fcf5fd6a6781326f806ebd724f1e1c9cd4185" EXTRA_OEMAKE += "CC_FOR_GETHOST='${BUILD_CC}'" inherit autotools diff --git a/meta-openembedded/meta-oe/recipes-support/asio/asio_1.28.0.bb b/meta-openembedded/meta-oe/recipes-support/asio/asio_1.30.2.bb index 84074400a6..6930381ecd 100644 --- a/meta-openembedded/meta-oe/recipes-support/asio/asio_1.28.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/asio/asio_1.30.2.bb @@ -8,18 +8,15 @@ LICENSE = "BSL-1.0" DEPENDS = "openssl" -SRC_URI = " \ - ${SOURCEFORGE_MIRROR}/asio/${BP}.tar.bz2 \ - file://0001-Add-the-pkgconfigdir-location.patch \ -" +SRC_URI = "${SOURCEFORGE_MIRROR}/asio/${BP}.tar.bz2" inherit autotools ALLOW_EMPTY:${PN} = "1" -LIC_FILES_CHKSUM = "file://COPYING;md5=ff668366bbdb687b6029d33a5fe4b999" +LIC_FILES_CHKSUM = "file://COPYING;md5=2bfc909e030aeafefa72f764165b8d07" -SRC_URI[sha256sum] = "d0ddc2361abd2f4c823e970aaf8e28b4b31ab21b1a68af16b114fc093661e232" +SRC_URI[sha256sum] = "9f12cef05c0477eace9c68ccabd19f9e3a04b875d4768c323714cbd3a5fa3c2b" PACKAGECONFIG ??= "boost" diff --git a/meta-openembedded/meta-oe/recipes-support/asio/files/0001-Add-the-pkgconfigdir-location.patch b/meta-openembedded/meta-oe/recipes-support/asio/files/0001-Add-the-pkgconfigdir-location.patch deleted file mode 100644 index 75f083b0ed..0000000000 --- a/meta-openembedded/meta-oe/recipes-support/asio/files/0001-Add-the-pkgconfigdir-location.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 248e87869d748cfb72d3a5d3b2b91ad178172e30 Mon Sep 17 00:00:00 2001 -From: Vasileios Anagnostopoulos <anagnwstopoulos@hotmail.com> -Date: Tue, 9 May 2023 12:48:29 +0200 -Subject: [PATCH] Add the pkgconfigdir location - -This change is necessary, because while building asio in yocto the -compilation is failing and is complaining because the variable is -undefined - -Signed-off-by: Vasileios Anagnostopoulos <anagnwstopoulos@hotmail.com> -Upstream-Status: Submitted [https://github.com/chriskohlhoff/asio/pull/1294] ---- - asio/Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index b7760851..bc4f75b3 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1,6 +1,7 @@ - AUTOMAKE_OPTIONS = foreign dist-bzip2 dist-zip - - pkgconfig_DATA = asio.pc -+pkgconfigdir = $(libdir)/pkgconfig - - SUBDIRS = include src - --- -2.34.1 - diff --git a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0001-Remove-cpp-unittest-compilation.patch b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0001-Remove-cpp-unittest-compilation.patch index f407fa6ecd..bcfafdda55 100644 --- a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0001-Remove-cpp-unittest-compilation.patch +++ b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0001-Remove-cpp-unittest-compilation.patch @@ -1,9 +1,10 @@ From 6be1c45e1f7ee78499bdca76c25ec23a61317134 Mon Sep 17 00:00:00 2001 From: Rui Costa <rui.ms.costa@ctw.bmwgroup.com> Date: Wed, 20 Mar 2024 14:58:27 +0000 -Subject: [PATCH 1/2] Remove cpp unittest compilation +Subject: [PATCH] Remove cpp unittest compilation Upstream-Status: Inappropriate [oe-specific] + --- lang/c++/CMakeLists.txt | 61 ----------------------------------------- 1 file changed, 61 deletions(-) @@ -83,6 +84,3 @@ index 4a3793152..d94ba42d3 100644 include (InstallRequiredSystemLibraries) set (CPACK_PACKAGE_FILE_NAME "avrocpp-${AVRO_VERSION_MAJOR}") --- -2.44.0 - diff --git a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0002-Add-package-configuration-files.patch b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0002-Add-package-configuration-files.patch index ecb1251860..437a3fa138 100644 --- a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0002-Add-package-configuration-files.patch +++ b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0002-Add-package-configuration-files.patch @@ -1,39 +1,47 @@ -From 56feaa90d070a5011f380d3ae47c01643b9fafe0 Mon Sep 17 00:00:00 2001 +From 86aa3f2333a9b8e6f1c631e6d5cb7296b6e8380b Mon Sep 17 00:00:00 2001 From: Rui Costa <rui.ms.costa@ctw.bmwgroup.com> Date: Fri, 22 Mar 2024 13:27:38 +0000 -Subject: [PATCH 2/2] Add package configuration files +Subject: [PATCH] Add package configuration files Upstream-Status: Pending + --- - lang/c++/CMakeLists.txt | 35 +++++++++++++++++++++++++++--- - lang/c++/cmake/AvroCppConfig.cmake | 5 +++++ - 2 files changed, 37 insertions(+), 3 deletions(-) + lang/c++/CMakeLists.txt | 45 ++++++++++++++++++++++++------ + lang/c++/cmake/AvroCppConfig.cmake | 5 ++++ + 2 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 lang/c++/cmake/AvroCppConfig.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt -index d94ba42d3..2e5a394cb 100644 +index d94ba42d3..4748b111d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -140,12 +140,16 @@ set (CPACK_PACKAGE_FILE_NAME "avrocpp-${AVRO_VERSION_MAJOR}") +@@ -140,14 +140,18 @@ set (CPACK_PACKAGE_FILE_NAME "avrocpp-${AVRO_VERSION_MAJOR}") include (CPack) -install (TARGETS avrocpp avrocpp_s +- LIBRARY DESTINATION lib +- ARCHIVE DESTINATION lib +- RUNTIME DESTINATION lib) +- +-install (TARGETS avrogencpp RUNTIME DESTINATION bin) +- +-install (DIRECTORY api/ DESTINATION include/avro +install (TARGETS avrocpp + EXPORT AvroCppTargets - LIBRARY DESTINATION lib - ARCHIVE DESTINATION lib -- RUNTIME DESTINATION lib) -+ RUNTIME DESTINATION lib ++ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR} + INCLUDES DESTINATION include) - --install (TARGETS avrogencpp RUNTIME DESTINATION bin) ++ +install (TARGETS avrogencpp + EXPORT AvroCppTargets -+ RUNTIME DESTINATION bin) - - install (DIRECTORY api/ DESTINATION include/avro ++ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ ++install (DIRECTORY api/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/avro FILES_MATCHING PATTERN *.hh) + + if (NOT CMAKE_BUILD_TYPE) @@ -155,3 +159,28 @@ if (NOT CMAKE_BUILD_TYPE) "Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel." FORCE) @@ -52,7 +60,7 @@ index d94ba42d3..2e5a394cb 100644 + COPYONLY +) + -+set(ConfigPackageLocation lib/cmake/avrocpp) ++set(ConfigPackageLocation ${CMAKE_INSTALL_LIBDIR}/cmake/avrocpp) +install(EXPORT AvroCppTargets + FILE AvroCppTargets.cmake + NAMESPACE AvroCpp:: @@ -74,6 +82,3 @@ index 000000000..deb8aaa31 + COMPONENTS filesystem iostreams program_options regex system) + +include("${CMAKE_CURRENT_LIST_DIR}/AvroCppTargets.cmake") --- -2.44.0 - diff --git a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0003-Update-CXX-standard-to-CXX14.patch b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0003-Update-CXX-standard-to-CXX14.patch index 449b0dfd66..3e65cb7a72 100644 --- a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0003-Update-CXX-standard-to-CXX14.patch +++ b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++/0003-Update-CXX-standard-to-CXX14.patch @@ -1,15 +1,16 @@ -From 640c51c61536913b3d43714bebe228b32f043144 Mon Sep 17 00:00:00 2001 +From 66c08ade24e4472b5af5dca48097ed9a2ec035ec Mon Sep 17 00:00:00 2001 From: Rui Costa <rui.ms.costa@ctw.bmwgroup.com> Date: Fri, 5 Apr 2024 11:33:51 +0000 -Subject: [PATCH 3/3] Update CXX standard to CXX14 +Subject: [PATCH] Update CXX standard to CXX14 Upstream-Status: Inappropriate [oe-specific] + --- lang/c++/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2e5a394cb..f29a532ef 100644 +index 4748b111d..1e45c13d5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -21,7 +21,7 @@ cmake_minimum_required (VERSION 3.1) @@ -21,6 +22,3 @@ index 2e5a394cb..f29a532ef 100644 endif() set(CMAKE_CXX_STANDARD_REQUIRED ON) --- -2.44.0 - diff --git a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++_1.11.3.bb b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++_1.11.3.bb index 1e4787eb49..6ec25bdd2b 100644 --- a/meta-openembedded/meta-oe/recipes-support/avro/avro-c++_1.11.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/avro/avro-c++_1.11.3.bb @@ -1,5 +1,5 @@ SUMMARY = "Apache Avro data serialization system." -HOMEPAGE = "http://apr.apache.org/" +HOMEPAGE = "https://avro.apache.org/" SECTION = "libs" LICENSE = "Apache-2.0" @@ -18,3 +18,5 @@ SRC_URI = "git://github.com/apache/avro;branch=${BRANCH};protocol=https \ S = "${WORKDIR}/git/lang/c++" inherit cmake pkgconfig + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/avro/avro-c_1.11.3.bb b/meta-openembedded/meta-oe/recipes-support/avro/avro-c_1.11.3.bb index 14a3cbe462..bb7f53e459 100644 --- a/meta-openembedded/meta-oe/recipes-support/avro/avro-c_1.11.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/avro/avro-c_1.11.3.bb @@ -1,5 +1,5 @@ SUMMARY = "Apache Avro data serialization system." -HOMEPAGE = "http://apr.apache.org/" +HOMEPAGE = "https://avro.apache.org/" SECTION = "libs" LICENSE = "Apache-2.0" diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/run-ptest b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/run-ptest index 46572111b5..66ffd53889 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/run-ptest +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/run-ptest @@ -1,7 +1,3 @@ #!/bin/sh +./arestest --gtest_filter=-*.Live* --gtest_print_time=0 | sed -E '/^\[ RUN/d ; s/\[ OK \]/PASS: / ; s/\[ DISABLED \]/SKIP: / ; s/\[ FAILED \]/FAIL: /' -if ./arestest --gtest_filter=-*.Live*; then - echo "PASS: c-ares" -else - echo "FAIL: c-ares" -fi diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.27.0.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.27.0.bb index 2d91ac1731..f6de281058 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.27.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.27.0.bb @@ -5,7 +5,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fdbc58a6da11a9f68aa73c453818decc" -SRC_URI = "https://c-ares.org/download/${BPN}-${PV}.tar.gz \ +SRC_URI = "https://github.com/c-ares/c-ares/releases/download/cares-1_27_0/${BPN}-${PV}.tar.gz \ file://run-ptest" SRC_URI[sha256sum] = "0a72be66959955c43e2af2fbd03418e82a2bd5464604ec9a62147e37aceb420b" diff --git a/meta-openembedded/meta-oe/recipes-support/canonical-multitouch/geis_2.2.17.bb b/meta-openembedded/meta-oe/recipes-support/canonical-multitouch/geis_2.2.17.bb index aa595ebe52..139649b975 100644 --- a/meta-openembedded/meta-oe/recipes-support/canonical-multitouch/geis_2.2.17.bb +++ b/meta-openembedded/meta-oe/recipes-support/canonical-multitouch/geis_2.2.17.bb @@ -48,12 +48,12 @@ RDEPENDS:${PN}-bin = " \ FILES:${PN} += " \ ${datadir}/geisview \ - ${libdir}/${PYTHON_DIR}/site-packages/geis* \ - ${libdir}/${PYTHON_DIR}/site-packages/_*.so \ + ${PYTHON_SITEPACKAGES_DIR}/geis* \ + ${PYTHON_SITEPACKAGES_DIR}/_*.so \ " -FILES:${PN}-dbg += "${libdir}/${PYTHON_DIR}/site-packages/.debug" +FILES:${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug" -FILES:${PN}-dev += "${libdir}/${PYTHON_DIR}/site-packages/_*.la" +FILES:${PN}-dev += "${PYTHON_SITEPACKAGES_DIR}/_*.la" -FILES:${PN}-staticdev += "${libdir}/${PYTHON_DIR}/site-packages/_*.a" +FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/_*.a" diff --git a/meta-openembedded/meta-oe/recipes-support/edid-decode/edid-decode_git.bb b/meta-openembedded/meta-oe/recipes-support/edid-decode/edid-decode_git.bb index bb8c9de71d..6eaec800ca 100644 --- a/meta-openembedded/meta-oe/recipes-support/edid-decode/edid-decode_git.bb +++ b/meta-openembedded/meta-oe/recipes-support/edid-decode/edid-decode_git.bb @@ -14,3 +14,5 @@ S = "${WORKDIR}/git" do_install() { oe_runmake 'DESTDIR=${D}' install } + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.380.bb b/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.381.bb index e9b5afe479..291b273724 100644 --- a/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.380.bb +++ b/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.381.bb @@ -5,7 +5,7 @@ SECTION = "System/Base" LICENSE = "GPL-2.0-or-later | XFree86-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57" -SRCREV = "d0cbfddb1fec4bb1a395373396c972e5f210bcf8" +SRCREV = "4463530857af32d9dbfcfa9939c2304b51e5e58d" SRC_URI = "git://github.com/vcrhonek/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/libfido2/libfido2_1.14.0.bb b/meta-openembedded/meta-oe/recipes-support/libfido2/libfido2_1.14.0.bb index 08d3f4e84d..d453d0ab97 100644 --- a/meta-openembedded/meta-oe/recipes-support/libfido2/libfido2_1.14.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/libfido2/libfido2_1.14.0.bb @@ -21,5 +21,3 @@ EXTRA_OECMAKE = "-DUDEV_RULES_DIR=${nonarch_base_libdir}/udev/rules.d -DBUILD_EX PACKAGE_BEFORE_PN = "${PN}-tools" FILES:${PN}-tools = "${bindir}/fido2-*" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb b/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb index 7f0cfa237c..eae1c02f04 100644 --- a/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb +++ b/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb @@ -37,4 +37,4 @@ BBCLASSEXTEND = "native nativesdk" PACKAGES =+ "${PN}-python ftdi-eeprom" FILES:ftdi-eeprom = "${bindir}/ftdi_eeprom" -FILES:${PN}-python = "${libdir}/${PYTHON_DIR}/site-packages/" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/" diff --git a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.1.1.bb b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.1.2.bb index 4c13d67eba..6e4fbd2a3b 100644 --- a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.1.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.1.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = " \ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}-2.x:" -SRC_URI[sha256sum] = "b21913f469d3135680d5516f00fdf9f81d5e564e19ffb690927ea7f1d7e312cb" +SRC_URI[sha256sum] = "7a148a5a7d1c97a1abb40474b9a392b6edd7a42fe077dfd7ff42cfba24308548" # Enable all project features for ptest PACKAGECONFIG[tests] = "--enable-tests --enable-tools --enable-bindings-cxx --enable-gpioset-interactive,--disable-tests,kmod util-linux glib-2.0 catch2 libedit" diff --git a/meta-openembedded/meta-oe/recipes-support/nano/files/CVE-2024-5742.patch b/meta-openembedded/meta-oe/recipes-support/nano/files/CVE-2024-5742.patch new file mode 100644 index 0000000000..f29b73c539 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nano/files/CVE-2024-5742.patch @@ -0,0 +1,101 @@ +From aad1439553de8ce0ef8815a65ac0732dc804507b Mon Sep 17 00:00:00 2001 +From: Benno Schulenberg <bensberg@telfort.nl> +Date: Sun, 28 Apr 2024 10:51:52 +0200 +Subject: [PATCH] files: run `chmod` and `chown` on the descriptor, not on the + filename + +This closes a window of opportunity where the emergency file could be +replaced by a malicious symlink. + +The issue was reported by `MartinJM` and `InvisibleMeerkat`. + +Problem existed since version 2.2.0, commit 123110c5, when chmodding +and chowning of the emergency .save file was added. + +Upstream-Status: Backport from [https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2] +CVE: CVE-2024-5742 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + src/definitions.h | 2 +- + src/files.c | 13 ++++++++++++- + src/nano.c | 12 +----------- + 3 files changed, 14 insertions(+), 13 deletions(-) + +diff --git a/src/definitions.h b/src/definitions.h +index 288f1ff..04614a3 100644 +--- a/src/definitions.h ++++ b/src/definitions.h +@@ -283,7 +283,7 @@ typedef enum { + } message_type; + + typedef enum { +- OVERWRITE, APPEND, PREPEND ++ OVERWRITE, APPEND, PREPEND, EMERGENCY + } kind_of_writing_type; + + typedef enum { +diff --git a/src/files.c b/src/files.c +index c6eadc1..88397d3 100644 +--- a/src/files.c ++++ b/src/files.c +@@ -1760,6 +1760,8 @@ bool write_file(const char *name, FILE *thefile, bool normal, + #endif + char *realname = real_dir_from_tilde(name); + /* The filename after tilde expansion. */ ++ int fd = 0; ++ /* The descriptor that is assigned when opening the file. */ + char *tempname = NULL; + /* The name of the temporary file we use when prepending. */ + linestruct *line = openfile->filetop; +@@ -1843,7 +1845,6 @@ bool write_file(const char *name, FILE *thefile, bool normal, + * For an emergency file, access is restricted to just the owner. */ + if (thefile == NULL) { + mode_t permissions = (normal ? RW_FOR_ALL : S_IRUSR|S_IWUSR); +- int fd; + + #ifndef NANO_TINY + block_sigwinch(TRUE); +@@ -1969,6 +1970,16 @@ bool write_file(const char *name, FILE *thefile, bool normal, + } + #endif + ++#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN) ++ /* Change permissions and owner of an emergency save file to the values ++ * of the original file, but ignore any failure as we are in a hurry. */ ++ if (method == EMERGENCY && fd && openfile->statinfo) { ++ IGNORE_CALL_RESULT(fchmod(fd, openfile->statinfo->st_mode)); ++ IGNORE_CALL_RESULT(fchown(fd, openfile->statinfo->st_uid, ++ openfile->statinfo->st_gid)); ++ } ++#endif ++ + if (fclose(thefile) != 0) { + statusline(ALERT, _("Error writing %s: %s"), realname, strerror(errno)); + +diff --git a/src/nano.c b/src/nano.c +index c6db6dd..c8e5265 100644 +--- a/src/nano.c ++++ b/src/nano.c +@@ -337,18 +337,8 @@ void emergency_save(const char *filename) + + if (*targetname == '\0') + fprintf(stderr, _("\nToo many .save files\n")); +- else if (write_file(targetname, NULL, SPECIAL, OVERWRITE, NONOTES)) { ++ else if (write_file(targetname, NULL, SPECIAL, EMERGENCY, NONOTES)) + fprintf(stderr, _("\nBuffer written to %s\n"), targetname); +-#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN) +- /* Try to chmod/chown the saved file to the values of the original file, +- * but ignore any failure as we are in a hurry to get out. */ +- if (openfile->statinfo) { +- IGNORE_CALL_RESULT(chmod(targetname, openfile->statinfo->st_mode)); +- IGNORE_CALL_RESULT(chown(targetname, openfile->statinfo->st_uid, +- openfile->statinfo->st_gid)); +- } +-#endif +- } + + free(targetname); + free(plainname); +-- +2.44.0 + diff --git a/meta-openembedded/meta-oe/recipes-support/nano/nano_7.2.bb b/meta-openembedded/meta-oe/recipes-support/nano/nano_7.2.bb index 0642287c98..73d46949d9 100644 --- a/meta-openembedded/meta-oe/recipes-support/nano/nano_7.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/nano/nano_7.2.bb @@ -12,7 +12,9 @@ RDEPENDS:${PN} = "ncurses-terminfo-base" PV_MAJOR = "${@d.getVar('PV').split('.')[0]}" -SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz" +SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz \ + file://CVE-2024-5742.patch \ + " SRC_URI[sha256sum] = "86f3442768bd2873cec693f83cdf80b4b444ad3cc14760b74361474fc87a4526" UPSTREAM_CHECK_URI = "https://ftp.gnu.org/gnu/nano" diff --git a/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.0.bb b/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.1.bb index 02c9c7e806..19fb78092e 100644 --- a/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.1.bb @@ -12,9 +12,8 @@ LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" #v0.21.0 -SRCREV = "67986eda93a3a359a897f0b0be97f4315dde8d42" -SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ - " +SRCREV = "0a4b772d6fdab9bfaaa3123775a48a7cb6c5e7c6" +SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https" DEPENDS = "virtual/libiconv openssl" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/procmail/procmail_3.22.bb b/meta-openembedded/meta-oe/recipes-support/procmail/procmail_3.22.bb index ba268de0a5..16917666a4 100644 --- a/meta-openembedded/meta-oe/recipes-support/procmail/procmail_3.22.bb +++ b/meta-openembedded/meta-oe/recipes-support/procmail/procmail_3.22.bb @@ -43,3 +43,5 @@ do_install() { oe_runmake -i BASENAME=${D}/usr MANDIR=${D}${mandir} install install -m 0644 debian/mailstat.1 ${D}${mandir}/man1 } + +CVE_STATUS[CVE-1999-0475] = "fixed-version: No action required. The current version (3.22) is not affected by the CVE." diff --git a/meta-openembedded/meta-oe/recipes-support/pv/pv_1.6.20.bb b/meta-openembedded/meta-oe/recipes-support/pv/pv_1.6.20.bb index 6d449a945b..6a739af927 100644 --- a/meta-openembedded/meta-oe/recipes-support/pv/pv_1.6.20.bb +++ b/meta-openembedded/meta-oe/recipes-support/pv/pv_1.6.20.bb @@ -18,7 +18,7 @@ inherit autotools ptest LDEMULATION:mipsarchn32 = "${@bb.utils.contains('TUNE_FEATURES', 'bigendian', 'elf32btsmipn32', 'elf32ltsmipn32', d)}" export LDEMULATION -RDEPENDS:${PN}-ptest = "coreutils" +RDEPENDS:${PN}-ptest += "coreutils ${PN}" do_install_ptest() { install -d ${D}${PTEST_PATH}/tests diff --git a/meta-openembedded/meta-oe/recipes-support/re2/re2_2024.03.01.bb b/meta-openembedded/meta-oe/recipes-support/re2/re2_2024.03.01.bb index 192fe265f1..76d6f0c7a9 100644 --- a/meta-openembedded/meta-oe/recipes-support/re2/re2_2024.03.01.bb +++ b/meta-openembedded/meta-oe/recipes-support/re2/re2_2024.03.01.bb @@ -16,9 +16,6 @@ DEPENDS = "abseil-cpp ${@bb.utils.contains('PTEST_ENABLED', '1', 'gtest googlebe inherit cmake ptest RDEPENDS:${PN}-ptest += "cmake sed" -RDEPENDS:${PN} += "abseil-cpp-dev" - -INSANE_SKIP:${PN} += "dev-deps" EXTRA_OECMAKE += " \ -DBUILD_SHARED_LIBS=ON \ @@ -35,10 +32,11 @@ do_install_ptest () { } # ignore .so in /usr/lib64 -FILES:${PN} = "${libdir}" +SOLIBS = ".so*" +FILES_SOLIBSDEV = "" INSANE_SKIP:${PN} += "dev-so" # Don't include so files in dev package -FILES:${PN}-dev = "${includedir} ${libdir}/cmake" +FILES:${PN}-dev = "${includedir} ${libdir}/cmake ${libdir}/pkgconfig" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-openembedded/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch new file mode 100644 index 0000000000..6884465452 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch @@ -0,0 +1,53 @@ +From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001 +From: Soumya Sambu <soumya.sambu@windriver.com> +Date: Fri, 7 Jun 2024 11:10:46 +0000 +Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types + +These result in out-of-bounds stack writes on 64-bit architectures +(caller has 4 bytes, callee writes 8 bytes), and seem to have gone +unnoticed on little-endian architectures (although big-endian +architectures must be broken). + +This change is required to avoid a build failure with GCC 14. + +CVE: CVE-2024-1013 + +Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + Drivers/Postgre7.1/info.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c +index 63ac91f..2216ecd 100644 +--- a/Drivers/Postgre7.1/info.c ++++ b/Drivers/Postgre7.1/info.c +@@ -1779,14 +1779,14 @@ char *table_name; + char index_name[MAX_INFO_STRING]; + short fields_vector[8]; + char isunique[10], isclustered[10]; +-SDWORD index_name_len, fields_vector_len; ++SQLLEN index_name_len, fields_vector_len; + TupleNode *row; + int i; + HSTMT hcol_stmt; + StatementClass *col_stmt, *indx_stmt; + char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; + char **column_names = 0; +-Int4 column_name_len; ++SQLLEN column_name_len; + int total_columns = 0; + char error = TRUE; + ConnInfo *ci; +@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt; + StatementClass *tbl_stmt; + char tables_query[STD_STATEMENT_LEN]; + char attname[MAX_INFO_STRING]; +-SDWORD attname_len; ++SQLLEN attname_len; + char pktab[MAX_TABLE_LEN + 1]; + Int2 result_cols; + +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb b/meta-openembedded/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb index 0ab4f8864d..dfad833e0a 100644 --- a/meta-openembedded/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb +++ b/meta-openembedded/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb @@ -11,8 +11,9 @@ DEPENDS = "libtool readline" SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \ file://do-not-use-libltdl-source-directory.patch \ file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \ + file://CVE-2024-1013.patch \ " -SRC_URI[sha256sum] = "d9e55c8e7118347e3c66c87338856dad1516b490fb7c756c1562a2c267c73b5c" +SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec" UPSTREAM_CHECK_REGEX = "unixODBC-(?P<pver>\d+(\.\d+)+)\.tar" @@ -21,7 +22,7 @@ inherit autotools-brokensep multilib_header qemu S = "${WORKDIR}/unixODBC-${PV}" EXTRA_OEMAKE += "LIBS=-lltdl" - +EXTRA_OECONF += "--enable-utf8ini" DEPENDS:append:class-target = "${@' qemu-native' if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) else ''}" QEMU_WRAPPER = "${@qemu_wrapper_cmdline(d, '${STAGING_DIR_HOST}', ['${STAGING_DIR_HOST}/${libdir}','${STAGING_DIR_HOST}/${base_libdir}'])}" @@ -44,5 +45,5 @@ do_install:prepend() { } do_install:append() { - oe_multilib_header unixodbc.h unixODBC/config.h unixODBC/unixodbc_conf.h + oe_multilib_header unixodbc.h unixODBC/unixodbc_conf.h } diff --git a/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.7.bb b/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.8.bb index 421263e62b..3d76190d39 100644 --- a/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.7.bb +++ b/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.8.bb @@ -5,7 +5,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=fcc5a53146c2401f4b4f6a3bdf3f0168" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${BP}/${BP}.tar.gz" -SRC_URI[sha256sum] = "11553b2abd2b5728a6c88e35ab08e807d0a0f23c44920df937778ce8cc4d40ff" +SRC_URI[sha256sum] = "4cd0e4f93b477272fabceeb0202f269169fe6ec3044e10fac6acbcdf354bb080" inherit cmake github-releases diff --git a/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch b/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch deleted file mode 100644 index 0f6b9a6335..0000000000 --- a/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2922af379dc70b4b1a63b01d67179eb431f03ac4 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@redhat.com> -Date: Mon, 18 Mar 2024 11:14:54 -0700 -Subject: [PATCH] REGRESSION(274077@main): failure to build on i586 (and likely - other 32bit arches): static assertion failed: Timer should stay small - https://bugs.webkit.org/show_bug.cgi?id=271108 - -Unreviewed build fix. This changes SameSizeOfTimer to ensure it matches -the size of Timer on 32-bit platforms. - -* Source/WebCore/platform/Timer.cpp: - -Canonical link: https://commits.webkit.org/276282@main - -Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/2922af379dc70b4b1a63b01d67179eb431f03ac4] ---- - Source/WebCore/platform/Timer.cpp | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/Source/WebCore/platform/Timer.cpp b/Source/WebCore/platform/Timer.cpp -index 4f7c0f5c39ca9..0f3734cca2474 100644 ---- a/Source/WebCore/platform/Timer.cpp -+++ b/Source/WebCore/platform/Timer.cpp -@@ -263,7 +263,11 @@ struct SameSizeAsTimer { - - WeakPtr<TimerAlignment> timerAlignment; - double times[2]; -- void* pointers[3]; -+ void* pointers[2]; -+#if CPU(ADDRESS32) -+ uint8_t bitfields; -+#endif -+ void* pointer; - }; - - static_assert(sizeof(Timer) == sizeof(SameSizeAsTimer), "Timer should stay small"); diff --git a/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.44.0.bb b/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.44.1.bb index 34afaed9d8..fc96d5dc3b 100644 --- a/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.44.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.44.1.bb @@ -15,9 +15,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ file://no-musttail-arm.patch \ file://0001-LowLevelInterpreter.cpp-339-21-error-t6-was-not-decl.patch \ file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \ - file://2922af379dc70b4b1a63b01d67179eb431f03ac4.patch \ " -SRC_URI[sha256sum] = "c66530e41ba59b1edba4ee89ef20b2188e273bed0497e95084729e3cfbe30c87" +SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen diff --git a/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1_1.3.3.bb b/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1_1.3.4.bb index 7a5f01e4fd..7639209e19 100644 --- a/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1_1.3.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1_1.3.4.bb @@ -22,7 +22,7 @@ SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \ file://ensure-search-path-non-host.patch \ " -SRC_URI[sha256sum] = "ab5b9a9ffd6960f46f7466d9d91f174ec37e8c31989237ba6b9eacdd816464f2" +SRC_URI[sha256sum] = "45ad9078d41ae76844ad2f8651600ffeec0fdd128ead988a8d69e907c57aee75" inherit autotools-brokensep ptest pkgconfig diff --git a/meta-openembedded/meta-perl/README.md b/meta-openembedded/meta-perl/README.md index 13014b0ff3..4ad9915146 100644 --- a/meta-openembedded/meta-perl/README.md +++ b/meta-openembedded/meta-perl/README.md @@ -52,7 +52,7 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core - branch: master + branch: scarthgap Adding the meta-perl layer to your build --------------------------------------- @@ -73,14 +73,13 @@ Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org with -'[meta-perl]' in the subject. +'[meta-perl][scarthgap]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-perl][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-perl][scarthgap][PATCH' -Layer maintainers: - Hongxu Jia <hongxu.jia@windriver.com> - Tim "moto-timo" Orling <ticotimo@gmail.com> +Layer maintainers: Armin Kuster <akuster808@gmail.com> + License ------- diff --git a/meta-openembedded/meta-perl/conf/include/non-repro-meta-perl.inc b/meta-openembedded/meta-perl/conf/include/non-repro-meta-perl.inc new file mode 100755 index 0000000000..9082691f67 --- /dev/null +++ b/meta-openembedded/meta-perl/conf/include/non-repro-meta-perl.inc @@ -0,0 +1,10 @@ +# List of known non-reproducible package of the meta-perl layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_PERL = " \ + libencode-perl-src \ + libhtml-tree-perl \ + libhtml-tree-perl-doc \ + libmodule-build-tiny-perl \ + po4a \ + po4a-doc \ +" diff --git a/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-random-perl_0.15.bb b/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-random-perl_0.16.bb index 9bfb631d30..dc2075d134 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-random-perl_0.15.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-random-perl_0.16.bb @@ -5,8 +5,7 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=089c18d635ae273e1727ec385e64063b" SRC_URI = "http://www.cpan.org/modules/by-module/Crypt/Crypt-OpenSSL-Random-${PV}.tar.gz " -SRC_URI[md5sum] = "bcde8d5a822c91376deda3c4f0c75fbe" -SRC_URI[sha256sum] = "f0876faa1ba3111e39b86aa730c603211eff2905e460c72a57b61e8cf475cef4" +SRC_URI[sha256sum] = "fcf58cb2af4c3eda2fe1405527d9373efe9576268fce8adb34df9ce9b6b44d1e" S = "${WORKDIR}/Crypt-OpenSSL-Random-${PV}" diff --git a/meta-openembedded/meta-python/README.md b/meta-openembedded/meta-python/README.md index 36c193957c..b29ccf3453 100644 --- a/meta-openembedded/meta-python/README.md +++ b/meta-openembedded/meta-python/README.md @@ -13,11 +13,11 @@ The meta-python layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: scarthgap URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: scarthgap Contributing ------------------------- @@ -28,14 +28,12 @@ comments and patch review. It is subscriber only, so please register before posting. Send pull requests to openembedded-devel@lists.openembedded.org with -'[meta-python]' in the subject. +'[meta-python][scarthgap]' in the subject. When sending single patches, please use something like: -git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][PATCH' +git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][scarthgap][PATCH' Maintenance ------------------------- -Layer maintainers: - Tim "moto-timo" Orling <TicoTimo@gmail.com> - Derek Straka <derek@asterius.io> +Layer maintainers: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-python/classes/distutils3-base.bbclass b/meta-openembedded/meta-python/classes/distutils3-base.bbclass index 4f13ea6fe7..d36b4c4a3e 100644 --- a/meta-openembedded/meta-python/classes/distutils3-base.bbclass +++ b/meta-openembedded/meta-python/classes/distutils3-base.bbclass @@ -6,4 +6,4 @@ inherit distutils-common-base python3native python3targetconfig python __anonymous() { bb.warn("distutils3-base.bbclass is deprecated, please use setuptools3-base.bbclass instead") - +} diff --git a/meta-openembedded/meta-python/conf/include/non-repro-meta-python.inc b/meta-openembedded/meta-python/conf/include/non-repro-meta-python.inc new file mode 100755 index 0000000000..629dc4aa04 --- /dev/null +++ b/meta-openembedded/meta-python/conf/include/non-repro-meta-python.inc @@ -0,0 +1,22 @@ +# List of known non-reproducible package of the meta-python layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_PYTHON = " \ + python3-evdev-src \ + python3-frozenlist \ + python3-frozenlist-dbg \ + python3-kivy-src \ + python3-pandas \ + python3-pandas-dbg \ + python3-pandas-src \ + python3-pycocotools-src \ + python3-pydantic-core \ + python3-pynacl \ + python3-pynacl-dbg \ + python3-pynacl-src \ + python3-pyproj \ + python3-pyproj-dbg \ + python3-pyproj-src \ + python3-pyzmq \ + python3-yarl \ + python3-yarl-dbg \ +" diff --git a/meta-openembedded/meta-python/conf/include/ptest-packagelists-meta-python.inc b/meta-openembedded/meta-python/conf/include/ptest-packagelists-meta-python.inc index 6bd48156dc..e07aaf3c0c 100644 --- a/meta-openembedded/meta-python/conf/include/ptest-packagelists-meta-python.inc +++ b/meta-openembedded/meta-python/conf/include/ptest-packagelists-meta-python.inc @@ -87,11 +87,13 @@ PTESTS_FAST_META_PYTHON = "\ PTESTS_SLOW_META_PYTHON = "\ python3-arrow \ + python3-ecdsa \ python3-google-auth \ python3-lz4 \ python3-marshmallow \ python3-pillow \ python3-pytest-localserver \ + python3-scrypt \ python3-traitlets \ python3-yappi \ " @@ -102,6 +104,5 @@ PTESTS_PROBLEMS_META_PYTHON ="\ python3-fastjsonschema \ python3-pint \ python3-pyzmq \ - python3-scrypt \ python3-whoosh \ " diff --git a/meta-openembedded/meta-python/recipes-connectivity/telepathy/telepathy-python3_0.15.19.bb b/meta-openembedded/meta-python/recipes-connectivity/telepathy/telepathy-python3_0.15.19.bb index 31f6ae37fc..23c2165047 100644 --- a/meta-openembedded/meta-python/recipes-connectivity/telepathy/telepathy-python3_0.15.19.bb +++ b/meta-openembedded/meta-python/recipes-connectivity/telepathy/telepathy-python3_0.15.19.bb @@ -20,14 +20,14 @@ SRC_URI[md5sum] = "f7ca25ab3c88874015b7e9728f7f3017" SRC_URI[sha256sum] = "244c0e1bf4bbd78ae298ea659fe10bf3a73738db550156767cc2477aedf72376" FILES:${PN} += "\ - ${libdir}/python*/site-packages/telepathy/*.py \ - ${libdir}/python*/site-packages/telepathy/*/*.py \ + ${PYTHON_SITEPACKAGES_DIR}/telepathy/*.py \ + ${PYTHON_SITEPACKAGES_DIR}/telepathy/*/*.py \ " do_install:append () { - rm -fr ${D}${libdir}/python*/site-packages/telepathy/__pycache__ - rm -fr ${D}${libdir}/python*/site-packages/telepathy/__pycache__ - rm -fr ${D}${libdir}/python*/site-packages/telepathy/*/__pycache__ - rm -fr ${D}${libdir}/python*/site-packages/telepathy/*/__pycache__ + rm -fr ${D}${PYTHON_SITEPACKAGES_DIR}/telepathy/__pycache__ + rm -fr ${D}${PYTHON_SITEPACKAGES_DIR}/telepathy/__pycache__ + rm -fr ${D}${PYTHON_SITEPACKAGES_DIR}/telepathy/*/__pycache__ + rm -fr ${D}${PYTHON_SITEPACKAGES_DIR}/telepathy/*/__pycache__ } RDEPENDS:${PN} += "python3-dbus" diff --git a/meta-openembedded/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-openembedded/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb index e0446da286..8850f8eb9a 100644 --- a/meta-openembedded/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb +++ b/meta-openembedded/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb @@ -450,7 +450,6 @@ RDEPENDS:packagegroup-meta-python3 = "\ python3-webcolors \ python3-webencodings \ python3-websocket-client \ - python3-websockets \ python3-werkzeug \ python3-werkzeug \ python3-whoosh \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiodns_3.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiodns_3.2.0.bb index ec7d62ee2c..bf3f1312d2 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiodns_3.1.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiodns_3.2.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/saghul/aiodns" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a565d8b5d06b9620968a135a2657b093" -SRC_URI[sha256sum] = "1073eac48185f7a4150cad7f96a5192d6911f12b4fb894de80a088508c9b3a99" +SRC_URI[sha256sum] = "62869b23409349c21b072883ec8998316b234c9a9e36675756e8e317e8768f72" PYPI_PACKAGE = "aiodns" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.9.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.9.4.bb index 10a3085ef2..1cfed0d7a4 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.9.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.9.4.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/aio-libs/aiohttp" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41" -SRC_URI[sha256sum] = "90842933e5d1ff760fae6caca4b2b3edba53ba8f4b71e95dacf2818a2aca06f7" +SRC_URI[sha256sum] = "6ff71ede6d9a5a58cfb7b6fffc83ab5d4a63138276c771ac91ceaaddf5459644" PYPI_PACKAGE = "aiohttp" inherit python_setuptools_build_meta pypi diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-argcomplete_3.2.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-argcomplete_3.3.0.bb index 8d8c8a4e2e..d96861010e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-argcomplete_3.2.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-argcomplete_3.3.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/kislyuk/argcomplete" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=2ee41112a44fe7014dce33e26468ba93" -SRC_URI[sha256sum] = "bf7900329262e481be5a15f56f19736b376df6f82ed27576fa893652c5de6c23" +SRC_URI[sha256sum] = "fd03ff4a5b9e6580569d34b273f741e85cd9e072f3feeeee3eba4891c70eda62" PYPI_PACKAGE = "argcomplete" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-cbor2_5.6.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-cbor2_5.6.3.bb index c0987a9a15..c9c98b6fb5 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-cbor2_5.6.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-cbor2_5.6.3.bb @@ -4,7 +4,7 @@ DEPENDS +="python3-setuptools-scm-native" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" -SRC_URI[sha256sum] = "b7513c2dea8868991fad7ef8899890ebcf8b199b9b4461c3c11d7ad3aef4820d" +SRC_URI[sha256sum] = "e6f0ae2751c2d333a960e0807c0611494eb1245631a167965acbc100509455d3" inherit pypi python_setuptools_build_meta ptest diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-colorlog_6.8.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-colorlog_6.8.2.bb index c26f4bb70e..df5fdedfc8 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-colorlog_6.8.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-colorlog_6.8.2.bb @@ -10,3 +10,5 @@ PYPI_PACKAGE = "colorlog" SRC_URI[sha256sum] = "3e3e079a41feb5a1b64f978b5ea4f46040a94f11f0e8bbb8261e3dbbeca64d44" RDEPENDS:${PN} += "python3-logging" + +BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-croniter_2.0.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-croniter_2.0.5.bb index ad80574a95..01ee048404 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-croniter_2.0.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-croniter_2.0.5.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b8ee59850b882cbf623188489ea748e2" PYPI_PACKAGE = "croniter" -SRC_URI[sha256sum] = "28763ad39c404e159140874f08010cfd8a18f4c2a7cea1ce73e9506a4380cfc1" +SRC_URI[sha256sum] = "f1f8ca0af64212fbe99b1bee125ee5a1b53a9c1b433968d8bca8817b79d237f3" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-dateutil_2.9.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-dateutil_2.9.0.bb index ac76ccc96a..1f7a4a03fd 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-dateutil_2.9.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-dateutil_2.9.0.bb @@ -10,7 +10,7 @@ PYPI_PACKAGE = "python-dateutil" inherit pypi python_setuptools_build_meta PACKAGES =+ "${PN}-zoneinfo" -FILES:${PN}-zoneinfo = "${libdir}/${PYTHON_DIR}/site-packages/dateutil/zoneinfo" +FILES:${PN}-zoneinfo = "${PYTHON_SITEPACKAGES_DIR}/dateutil/zoneinfo" DEPENDS += "python3-setuptools-scm-native" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-decorator_5.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-decorator_5.1.1.bb index 6d5cafb1d5..f330376243 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-decorator_5.1.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-decorator_5.1.1.bb @@ -16,3 +16,5 @@ inherit pypi setuptools3 RDEPENDS:${PN} += "\ python3-stringold \ " + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_5.0.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_5.0.4.bb index 14c41a626f..3139ed4682 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_5.0.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_5.0.4.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "5fb37580dcf4a262f9258c1f4373819aacca906431f505e4688e37f3a99195df" +SRC_URI[sha256sum] = "4bd01a8c830bb77a8a3b0e7d8b25b887e536ad17a81ba2dce5476135c73312bd" RDEPENDS:${PN} += "\ python3-sqlparse \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa/run-ptest b/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa/run-ptest new file mode 100644 index 0000000000..8d2017d39c --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest --automake diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb index 5b4f7eb93f..8e967f9259 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb @@ -6,12 +6,31 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=66ffc5e30f76cbb5358fe54b645e5a1d" PYPI_PACKAGE = "ecdsa" SRC_URI[sha256sum] = "60eaad1199659900dd0af521ed462b793bbdf867432b3948e87416ae4caf6bf8" -inherit pypi setuptools3 python3native +inherit pypi setuptools3 python3native ptest -RDEPENDS:${PN} += "python3-six python3-gmpy2" +SRC_URI += " \ + file://run-ptest \ +" -BBCLASSEXTEND = "native nativesdk" +RDEPENDS:${PN}-ptest += " \ + python3-hypothesis \ + python3-pytest \ + python3-unittest-automake-output \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/src/ecdsa/* ${D}${PTEST_PATH}/tests/ +} + +RDEPENDS:${PN} += " \ + python3-gmpy2 \ + python3-json \ + python3-six \ +" do_install:append() { - rm ${D}${PYTHON_SITEPACKAGES_DIR}/ecdsa/test_*.py + rm ${D}${PYTHON_SITEPACKAGES_DIR}/ecdsa/test_*.py } + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-abi_5.0.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-abi_5.1.0.bb index a56296188c..e8bfb437fb 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-abi_5.0.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-abi_5.1.0.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=731f4de9c79bfeba6d8d55f83d0d2423" -SRC_URI[sha256sum] = "e9425110c6120c585c9f0db2e8a33d76c4b886b148a65e68fc0035d3917a3b9c" +SRC_URI[sha256sum] = "33ddd756206e90f7ddff1330cc8cac4aa411a824fe779314a0a52abea2c8fc14" PYPI_PACKAGE = "eth_abi" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-account_0.11.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-account_0.12.1.bb index ce48d9dcf9..867aaaf025 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-account_0.11.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-account_0.12.1.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=16ffc86adf4293d4cfb204e77d62cfe6" -SRC_URI[sha256sum] = "2ffc7a0c7538053a06a7d11495c16c7ad9897dd42be0f64ca7551e9f6e0738c3" +SRC_URI[sha256sum] = "0374c5886f35780e1f23e50ce6b0482f3387646eceda544e97d69f17f6c216ee" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-typing_4.0.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-typing_4.1.0.bb index 3ca311db5c..4491de979c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-typing_4.0.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-eth-typing_4.1.0.bb @@ -4,6 +4,6 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=3d7bdfe69b1ffbde073ca6e96f5c53f7" -SRC_URI[sha256sum] = "9af0b6beafbc5c2e18daf19da5f5a68315023172c4e79d149e12ad10a3d3f731" +SRC_URI[sha256sum] = "ed52b0c6b049240fd810bc87c8857c7ea39370f060f70b9ca3876285269f2938" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-execnet_2.0.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-execnet_2.1.1.bb index 78a15d3572..94c1a228e3 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-execnet_2.0.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-execnet_2.1.1.bb @@ -13,7 +13,7 @@ DEPENDS += "\ SRC_URI += "file://run-ptest \ " -SRC_URI[sha256sum] = "cc59bc4423742fd71ad227122eb0dd44db51efb3dc4095b45ac9a08c770096af" +SRC_URI[sha256sum] = "5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3" inherit ptest pypi python_hatchling diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-filelock_3.13.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-filelock_3.13.4.bb index f1477d1dcd..4d6d19551a 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-filelock_3.13.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-filelock_3.13.4.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://py-filelock.readthedocs.io/" LICENSE = "Unlicense" LIC_FILES_CHKSUM = "file://LICENSE;md5=911690f51af322440237a253d695d19f" -SRC_URI[sha256sum] = "a79895a25bbefdf55d1a2a0a80968f7dbb28edcd6d4234a0afb3f37ecde4b546" +SRC_URI[sha256sum] = "d13f466618bfde72bd2c18255e269f72542c6e70e7bac83a0232d6b1cc5c8cf4" BBCLASSEXTEND = "native nativesdk" inherit pypi python_hatchling diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_7.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_7.2.bb index 8a61a2de05..517124742a 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_7.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_7.2.bb @@ -11,6 +11,13 @@ S = "${WORKDIR}/git" inherit setuptools3 -RDEPENDS:${PN} += "python3-jinja2 python3-lxml python3-setuptools python3-pygments python3-multiprocessing" +RDEPENDS:${PN} += " \ + python3-colorlog \ + python3-jinja2 \ + python3-lxml \ + python3-multiprocessing \ + python3-pygments \ + python3-setuptools \ +" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.124.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.125.0.bb index 99b07d3e86..8abe4699e8 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.124.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.125.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/googleapis/google-api-python-client" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "f6d3258420f7c76b0f5266b5e402e6f804e30351b018a10083f4a46c3ec33773" +SRC_URI[sha256sum] = "51a0385cff65ec135106e8be60ee7112557396dde5f44113ae23912baddda143" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.2.bb index ffa2f843c7..e05b8734d6 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.2.bb @@ -12,7 +12,7 @@ DEPENDS += "python3-grpcio" SRC_URI += "file://0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch \ file://0001-protobuf-Disable-musttail-attribute-on-mips.patch \ " -SRC_URI[sha256sum] = "a4991e5ee8a97ab791296d3bf7e8700b1445635cc1828cc98df945ca1802d7f2" +SRC_URI[sha256sum] = "5fd5e1582b678e6b941ee5f5809340be5e0724691df5299aae8226640f94e18f" RDEPENDS:${PN} = "python3-grpcio" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio/0001-target.h-define-proper-macro-for-ppc-ppc64.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio/0001-target.h-define-proper-macro-for-ppc-ppc64.patch new file mode 100644 index 0000000000..0b512b1d00 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio/0001-target.h-define-proper-macro-for-ppc-ppc64.patch @@ -0,0 +1,37 @@ +From b3bca013007a4a66703573d243e433f22e1e6684 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 15 May 2024 16:55:09 +0800 +Subject: [PATCH] target.h: define proper macro for ppc/ppc64 + +Fix error: +third_party/boringssl-with-bazel/src/include/openssl/target.h:74:2: error: #error "Unknown target CPU" +third_party/boringssl-with-bazel/src/include/openssl/bn.h:172:2: error: #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" +third_party/boringssl-with-bazel/src/include/openssl/bn.h:230:44: error: 'BN_ULONG' has not been declared + +BN_ULONG will be defined after set proper OPENSSL_32_BIT or OPENSSL_64_BIT + +Upstream-Status: Pending + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + third_party/boringssl-with-bazel/src/include/openssl/target.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/third_party/boringssl-with-bazel/src/include/openssl/target.h b/third_party/boringssl-with-bazel/src/include/openssl/target.h +index 29b1dc6..d779813 100644 +--- a/third_party/boringssl-with-bazel/src/include/openssl/target.h ++++ b/third_party/boringssl-with-bazel/src/include/openssl/target.h +@@ -54,6 +54,10 @@ + #define OPENSSL_32_BIT + #elif defined(__myriad2__) + #define OPENSSL_32_BIT ++#elif defined(__PPC64__) ++#define OPENSSL_64_BIT ++#elif defined(__PPC__) ++#define OPENSSL_32_BIT + #else + // The list above enumerates the platforms that BoringSSL supports. For these + // platforms we keep a reasonable bar of not breaking them: automated test +-- +2.25.1 + diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio_1.62.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb index 8405ebed02..80a4d04e67 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio_1.62.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb @@ -9,8 +9,9 @@ DEPENDS += "python3-protobuf" SRC_URI += "file://0001-Include-missing-cstdint-header.patch \ file://abseil-ppc-fixes.patch \ file://0001-zlib-Include-unistd.h-for-open-close-C-APIs.patch \ + file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \ " -SRC_URI[sha256sum] = "6c455e008fa86d9e9a9d85bb76da4277c0d7d9668a3bfa70dbe86e9f3c759947" +SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d" RDEPENDS:${PN} = "python3-protobuf" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-incremental_22.10.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-incremental_22.10.0.bb index 3d93cc05e9..503ef35a9e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-incremental_22.10.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-incremental_22.10.0.bb @@ -5,15 +5,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6ca9b07f08e2c72d48c74d363d1e0e15" SRC_URI[sha256sum] = "912feeb5e0f7e0188e6f42241d2f450002e11bbc0937c65865045854c24c0bd0" -inherit pypi setuptools3 +inherit pypi python_setuptools_build_meta RDEPENDS:${PN} += " \ - python3-twisted \ + python3-twisted-core \ python3-click \ " # -native is needed to build python[3]-twisted, however, we need to take steps to # prevent a circular dependency. The build apparently does not use the part of # python-incremental which uses python-twisted, so this hack is OK. -RDEPENDS:python3-incremental-native:remove = "python3-twisted-native" +RDEPENDS:python3-incremental-native:remove = "python3-twisted-core-native" BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-ipython_8.22.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-ipython_8.23.0.bb index b8595fe9ca..ebfd147229 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-ipython_8.22.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-ipython_8.23.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.rst;md5=59b20262b8663cdd094005bddf47af5f" PYPI_PACKAGE = "ipython" -SRC_URI[sha256sum] = "2dcaad9049f9056f1fef63514f176c7d41f930daa78d05b82a176202818f2c14" +SRC_URI[sha256sum] = "7468edaf4f6de3e1b912e57f66c241e6fd3c7099f2ec2136e239e142e800274d" RDEPENDS:${PN} = "\ python3-setuptools \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-javaobj-py3_0.4.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-javaobj-py3_0.4.4.bb index 5555a12563..d71101ee2c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-javaobj-py3_0.4.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-javaobj-py3_0.4.4.bb @@ -5,9 +5,9 @@ DESCRIPTION = "python-javaobj is a python library that provides functions\ representation is a standard data interchange format in Java world." HOMEPAGE = "https://github.com/tcalmant/python-javaobj" LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d273d63619c9aeaf15cdaf76422c4f87" -SRC_URI[sha256sum] = "38f74db3a57e9998a9774e3614afb95cb396f139f29b3fdb130c5af554435259" +SRC_URI[sha256sum] = "e4e3257ef2cf81a3339787a4d5cf924e54c91f095a723f6d2584dae61d4396ed" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-joblib_1.3.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-joblib_1.4.0.bb index d68b40e384..868e3f2114 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-joblib_1.3.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-joblib_1.4.0.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2e481820abf0a70a18011a30153df066" inherit setuptools3 pypi -SRC_URI[sha256sum] = "92f865e621e17784e7955080b6d042489e3b8e294949cc44c6eac304f59772b1" +SRC_URI[sha256sum] = "1eb0dc091919cd384490de890cb5dfd538410a6d4b3b54eef09fb8c50b409b1c" RDEPENDS:${PN} += " \ python3-asyncio \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-networkx_3.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-networkx_3.1.bb index 3860238096..2f2c3cfc3d 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-networkx_3.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-networkx_3.1.bb @@ -19,3 +19,5 @@ RDEPENDS:${PN} += "\ python3-profile \ python3-threading \ " + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-parso_0.8.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-parso_0.8.4.bb index 217c821fb4..176bf6f277 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-parso_0.8.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-parso_0.8.4.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=cbaa2675b2424d771451332a7a69503f" PYPI_PACKAGE = "parso" -SRC_URI[sha256sum] = "8c07be290bb59f03588915921e29e8a50002acaf2cdc5fa0e0114f91709fafa0" +SRC_URI[sha256sum] = "eb3a7b58240fb99099a345571deecc0f9540ea5f4dd2fe14c2a99d6b281ab92d" inherit setuptools3 pypi diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-path_16.10.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-path_16.14.0.bb index f95fce3b08..b4d290a230 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-path_16.10.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-path_16.14.0.bb @@ -2,7 +2,7 @@ SUMMARY = "A module wrapper for os.path" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" -SRC_URI[sha256sum] = "b32b22b76fe810a8ded6d136268cc8b6698ae7c47c29b94a9ea12623f3051e46" +SRC_URI[sha256sum] = "dbaaa7efd4602fd6ba8d82890dc7823d69e5de740a6e842d9919b0faaf2b6a8e" SRC_URI += "\ file://run-ptest \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pdm_2.13.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pdm_2.14.0.bb index 387f14b0ea..011ba5b3dd 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pdm_2.13.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pdm_2.14.0.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" SECTION = "devel/python" LIC_FILES_CHKSUM = "file://LICENSE;md5=2eb31a2cc1a758c34b499f287dd04ef2" -SRC_URI[sha256sum] = "e282bf1caf0a083fc0fb5e89ad6f79d7c579ff52c7bb58ee8587ea3d5bb9e14a" +SRC_URI[sha256sum] = "7ae6c4b5518085a703e0824ab10cbc3b7246b599ef07b8c4dcb2af1e42859190" inherit pypi python_setuptools_build_meta diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.25.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.25.3.bb index 8bb8a93f76..b9b03badd0 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.25.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.25.3.bb @@ -23,7 +23,6 @@ RDEPENDS:${PN} += " \ python3-netclient \ python3-numbers \ python3-pkgutil \ - python3-six \ python3-unittest \ " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pulsectl_23.5.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pulsectl_24.4.0.bb index 4da72904f1..3bc15bb08a 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pulsectl_23.5.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pulsectl_24.4.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/mk-fg/python-pulse-control" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=f1d10048469ff90123263eb5e214061d" -SRC_URI[sha256sum] = "e911d398eaf0539cf3c63b4217357b51a3d1b7e4a50607d1591cf2b49f5d2c6a" +SRC_URI[sha256sum] = "697ed50e7d452e78678ae38e2ab935843008bec448955283cd0fb362867e3165" RDEPENDS:${PN} += " \ libpulse \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast/0001-Allow-newer-version-of-wheel-and-setuptools.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast/0001-Allow-newer-version-of-wheel-and-setuptools.patch index 8825615de9..447f679070 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast/0001-Allow-newer-version-of-wheel-and-setuptools.patch +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast/0001-Allow-newer-version-of-wheel-and-setuptools.patch @@ -1,4 +1,4 @@ -From e82caffe51b37c211f7f0cd60002fbc6b4e48d03 Mon Sep 17 00:00:00 2001 +From 5ee73f91b7f13dd5c700c69e7fc43cecab5868da Mon Sep 17 00:00:00 2001 From: Tom Geelen <t.f.g.geelen@gmail.com> Date: Sun, 7 Apr 2024 22:39:35 +0000 Subject: [PATCH] Allow newer version of wheel and setuptools @@ -10,7 +10,7 @@ Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml -index 0f19c71..d0ecf11 100644 +index 56df5bd..17ca62d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast_14.0.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast_14.0.1.bb index be5a3a97e7..dee4bf6ebe 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast_14.0.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pychromecast_14.0.1.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=b1dbd4e85f47b389bdadee9c694669f5" SRC_URI += "file://0001-Allow-newer-version-of-wheel-and-setuptools.patch" -SRC_URI[sha256sum] = "dc4f8b052e760a978da9b2568b79020cb79af608a026465f07544cffe43973cf" +SRC_URI[sha256sum] = "e16e0a7f9488319191b8b4fa21ca0beb4bf12eeda5c9bf640241188f2bea0a3e" PYPI_PACKAGE = "PyChromecast" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pycurl_7.45.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pycurl_7.45.2.bb index fb2a41d261..a6863e21ff 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pycurl_7.45.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pycurl_7.45.2.bb @@ -17,3 +17,5 @@ SRC_URI[sha256sum] = "5730590be0271364a5bddd9e245c9cc0fb710c4cbacbdd95264a3122d2 DEPENDS = "curl" inherit pypi setuptools3 + +BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic-core_2.16.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic-core_2.16.3.bb index 934e3e2bb2..faa291ea6d 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic-core_2.16.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic-core_2.16.3.bb @@ -36,12 +36,12 @@ RDEPENDS:${PN}-ptest += "\ " do_install:append() { - for f in ${D}/${libdir}/${PYTHON_DIR}/site-packages/pydantic_core/_pydantic_core.*.so + for f in ${D}/${PYTHON_SITEPACKAGES_DIR}/pydantic_core/_pydantic_core.*.so do fname=`basename $f` lname=`echo $fname | sed 's/musl/gnu/'` if [ "$fname" != "$lname" ]; then - mv $f ${D}/${libdir}/${PYTHON_DIR}/site-packages/pydantic_core/$lname + mv $f ${D}/${PYTHON_SITEPACKAGES_DIR}/pydantic_core/$lname fi done } diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic_2.6.4.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic_2.7.0.bb index 9c52564121..36ad83527d 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic_2.6.4.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pydantic_2.7.0.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=09280955509d1c4ca14bae02f21d49a6" inherit pypi python_hatchling -SRC_URI[sha256sum] = "b1704e0847db01817624a6b86766967f552dd9dbf3afba4004409f908dcc84e6" +SRC_URI[sha256sum] = "b5ecdd42262ca2462e2624793551e80911a1e989f462910bb81aef974b4bb383" DEPENDS += "python3-hatch-fancy-pypi-readme-native" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyhamcrest_2.1.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyhamcrest_2.1.0.bb index eaa24eefe5..dcc9ebfa93 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyhamcrest_2.1.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyhamcrest_2.1.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=79391bf1501c898472d043f36e960612" SRC_URI[sha256sum] = "c6acbec0923d0cb7e72c22af1926f3e7c97b8e8d69fc7498eabacaf7c975bd9c" -inherit pypi python_setuptools_build_meta +inherit pypi python_hatchling DEPENDS += "python3-hatch-vcs-native" @@ -13,6 +13,6 @@ UPSTREAM_CHECK_URI = "https://pypi.python.org/pypi/PyHamcrest/" UPSTREAM_CHECK_REGEX = "/PyHamcrest/(?P<pver>(\d+[\.\-_]*)+)" RDEPENDS:${PN} += " \ - python3-six \ + python3-asyncio \ python3-numbers \ " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymisp_2.4.188.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymisp_2.4.190.bb index 59a00be154..c1389982d4 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymisp_2.4.188.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymisp_2.4.190.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/MISP/PyMISP" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=a3639cf5780f71b125d3e9d1dc127c20" -SRC_URI[sha256sum] = "c2313d059a9f4d1221243fcda64fb8ae11603c1745e92d57c4071aad04336696" +SRC_URI[sha256sum] = "e7374295bfd8c7d25f56867e4395a029433360d95420e39b7f78eb1d4f8b48b4" inherit python_poetry_core pypi diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.6.6.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.6.7.bb index 8e181640b6..323377253e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.6.6.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.6.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/riptideio/pymodbus/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=eba8057aa82c058d2042b4b0a0e9cc63" -SRC_URI[sha256sum] = "c4d556a0954d00a9e1c8f1d0de03f41c4800336e6d785e820f2917eeb4ee7736" +SRC_URI[sha256sum] = "e6cefac57f8d0e887ef49a705743787d8f1f005df94bd148e3da43c2599c77f3" inherit pypi python_setuptools_build_meta diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-html_4.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-html_4.1.1.bb index 37478ee0ae..154ec255cb 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-html_4.1.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-html_4.1.1.bb @@ -15,7 +15,9 @@ DEPENDS += "\ " RDEPENDS:${PN} += " \ + python3-jinja2 \ python3-pytest \ + python3-pytest-metadata \ " BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_25.1.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_25.1.2.bb index 540aa62006..2a6993c141 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_25.1.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_25.1.2.bb @@ -22,7 +22,7 @@ PACKAGES =+ "\ " FILES:${PN}-test += "\ - ${libdir}/${PYTHON_DIR}/site-packages/*/tests \ + ${PYTHON_SITEPACKAGES_DIR}/*/tests \ " RDEPENDS:${PN} += "\ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-rarfile_4.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-rarfile_4.2.bb index 8f5ef415c6..41cff4bfc4 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-rarfile_4.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-rarfile_4.2.bb @@ -2,11 +2,11 @@ SUMMARY = "RAR archive reader for Python" HOMEPAGE = "https://github.com/markokr/rarfile" LICENSE = "ISC" SECTION = "devel/python" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2f31e224cbf0c29cb6c55f2bae0e165f" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1916695551f7eec48dfd97db9467b831" inherit setuptools3 -SRC_URI[sha256sum] = "db60b3b5bc1c4bdeb941427d50b606d51df677353385255583847639473eda48" +SRC_URI[sha256sum] = "8e1c8e72d0845ad2b32a47ab11a719bc2e41165ec101fd4d3fe9e92aa3f469ef" inherit pypi diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-regex_2023.12.25.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-regex_2024.4.16.bb index d7ac616083..18a6f3d65b 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-regex_2023.12.25.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-regex_2024.4.16.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7b5751ddd6b643203c31ff873051d069" inherit pypi setuptools3 -SRC_URI[sha256sum] = "29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5" +SRC_URI[sha256sum] = "fa454d26f2e87ad661c4f0c5a5fe4cf6aab1e307d1b94f16ffdfcb089ba685c0" RDEPENDS:${PN} += " \ python3-stringold \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sentry-sdk_1.44.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-sentry-sdk_1.45.0.bb index 1b371ef01a..c3e53b5183 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-sentry-sdk_1.44.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sentry-sdk_1.45.0.bb @@ -15,7 +15,7 @@ RDEPENDS:${PN} += "\ python3-datetime \ " -SRC_URI[sha256sum] = "f7125a9235795811962d52ff796dc032cd1d0dd98b59beaced8380371cd9c13c" +SRC_URI[sha256sum] = "509aa9678c0512344ca886281766c2e538682f8acfa50fd8d405f8c417ad0625" PYPI_PACKAGE = "sentry-sdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.27.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.29.bb index e5a8376594..e646bd0d9c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.27.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.29.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sqlalchemy.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=c78b979ae6c20775a28a287d32092cbb" -SRC_URI[sha256sum] = "86a6ed69a71fe6b88bf9331594fa390a2adda4a49b5c06f98e47bf0d392534f8" +SRC_URI[sha256sum] = "bd9566b8e58cabd700bc367b60e90d9349cd16f0984973f98a9a09f9c64e86f0" PYPI_PACKAGE = "SQLAlchemy" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-tornado_6.4.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-tornado_6.4.bb index e3d0209e1a..b01c1cec2a 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-tornado_6.4.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-tornado_6.4.bb @@ -35,5 +35,7 @@ PACKAGES =+ "\ " FILES:${PN}-test = " \ - ${libdir}/${PYTHON_DIR}/site-packages/*/test \ + ${PYTHON_SITEPACKAGES_DIR}/*/test \ " + +BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-traitlets_5.14.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-traitlets_5.14.3.bb index af5a2f3fbf..5142e92a04 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-traitlets_5.14.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-traitlets_5.14.3.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/ipython/traitlets" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=13bed0ee6f46a6f6dbf1f9f9572f250a" -SRC_URI[sha256sum] = "8cdd83c040dab7d1dee822678e5f5d100b514f7b72b01615b26fc5718916fdf9" +SRC_URI[sha256sum] = "9ed0579d3502c94b4b3732ac120375cda96f923114522847de4b3bb98b96b6b7" inherit pypi python_hatchling ptest diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_22.10.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_22.10.0.bb deleted file mode 100644 index 72a173e6f1..0000000000 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_22.10.0.bb +++ /dev/null @@ -1,312 +0,0 @@ -DESCRIPTION = "Twisted is an event-driven networking framework written in Python and licensed under the LGPL. \ -Twisted supports TCP, UDP, SSL/TLS, multicast, Unix sockets, a large number of protocols \ -(including HTTP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more." -HOMEPAGE = "http://www.twistedmatrix.com" - -#twisted/topfiles/NEWS:655: - Relicensed: Now under the MIT license, rather than LGPL. -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0f8d67f84b6e178c92d471011b2245fc" - -SRC_URI[sha256sum] = "32acbd40a94f5f46e7b42c109bfae2b302250945561783a8b7a059048f2d4d31" - -PYPI_PACKAGE = "Twisted" - -inherit pypi python_setuptools_build_meta - -do_install:append() { - # remove some useless files before packaging - find ${D} \( -name "*.bat" -o -name "*.c" -o -name "*.h" \) -exec rm -f {} \; -} - -PACKAGES += "\ - ${PN}-zsh \ - ${PN}-test \ - ${PN}-protocols \ - ${PN}-conch \ - ${PN}-mail \ - ${PN}-names \ - ${PN}-news \ - ${PN}-runner \ - ${PN}-web \ - ${PN}-words \ - ${PN}-flow \ - ${PN}-pair \ - ${PN}-core \ -" - -PACKAGES =+ "\ - ${PN}-bin \ -" - -DEPENDS += " \ - python3-incremental-native \ -" - -RDEPENDS:${PN} = "\ - ${PN}-bin \ - ${PN}-core \ - ${PN}-conch \ - ${PN}-mail \ - ${PN}-names \ - ${PN}-pair \ - ${PN}-protocols \ - ${PN}-runner \ - ${PN}-web \ - ${PN}-words \ - ${PN}-zsh \ -" - -RDEPENDS:${PN}-core = "python3-appdirs \ - python3-asyncio \ - python3-automat \ - python3-constantly \ - python3-core \ - python3-debugger \ - python3-hyperlink \ - python3-incremental \ - python3-pyhamcrest \ - python3-pyserial \ - python3-typing-extensions \ - python3-unixadmin \ - python3-zopeinterface \ -" -RDEPENDS:${PN}-test = "${PN}" -RDEPENDS:${PN}-conch = "${PN}-core ${PN}-protocols python3-bcrypt python3-cryptography python3-pyasn1 python3-pickle" -RDEPENDS:${PN}-mail = "${PN}-core ${PN}-protocols" -RDEPENDS:${PN}-names = "${PN}-core" -RDEPENDS:${PN}-news = "${PN}-core ${PN}-protocols" -RDEPENDS:${PN}-runner = "${PN}-core ${PN}-protocols" -RDEPENDS:${PN}-web += "${PN}-core ${PN}-protocols" -RDEPENDS:${PN}-words += "${PN}-core" -RDEPENDS:${PN}-flow += "${PN}-core" -RDEPENDS:${PN}-pair += "${PN}-core" - -FILES:${PN} = "${PYTHON_SITEPACKAGES_DIR}/${PYPI_PACKAGE}-${PV}.dist-info/*" - -FILES:${PN}-test = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/test \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/*/test \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/haproxy/test/ \ -" - -FILES:${PN}-protocols = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/*.py* \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/gps/ \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/mice/ \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/haproxy \ -" - -FILES:${PN}-zsh = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/python/zsh \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/python/zshcomp.* \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/python/twisted-completion.zsh \ -" - -FILES:${PN}-conch = " \ - ${bindir}/ckeygen \ - ${bindir}/tkconch \ - ${bindir}/conch \ - ${bindir}/conchftp \ - ${bindir}/cftp \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_conch.py* \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/conch \ -" - -FILES:${PN}-core = " \ -${bindir}/manhole \ -${bindir}/mktap \ -${bindir}/twistd \ -${bindir}/tap2deb \ -${bindir}/tap2rpm \ -${bindir}/tapconvert \ -${bindir}/tkmktap \ -${bindir}/trial \ -${bindir}/easy_install* \ -${bindir}/pyhtmlizer \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/*.so \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/*.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__init__.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/notestplugin.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/testplugin.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_ftp.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_inet.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_manhole.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_portforward.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_socks.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_telnet.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_trial.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/dropin.cache \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/application \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/cred \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/enterprise \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/internet \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/manhole \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/manhole \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/persisted \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols\ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python\ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/timeoutqueue.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/filepath.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/dxprofile.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/plugin.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/htmlizer.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/__init__.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/dispatch.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/hook.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/threadpool.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/otp.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/usage.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/roots.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/versions.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/urlpath.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/util.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/components.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/logfile.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/runtime.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/reflect.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/context.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/threadable.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/rebuild.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/failure.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/lockfile.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/formmethod.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/finalize.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/win32.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/dist.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/shortcut.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/zipstream.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/release.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/syslog.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/log.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/compat.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/zshcomp.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/procutils.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/text.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/_twisted_zsh_stub \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/scripts/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/spread/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/tap/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/trial/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/__init__.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/_version.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/copyright.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/im.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/*.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/python/*.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/*.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/topfiles \ -${libdir}/${PYTHON_DIR}/site-packages/Twisted*egg-info \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/logger/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/_threads/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/positioning/ \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/py.typed \ -" - -FILES:${PN}-mail = " \ -${bindir}/mailmail \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_mail.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/mail \ -" - -FILES:${PN}-names = " \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_names.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/names \ -" - -FILES:${PN}-news = " \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_news.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/news \ -" - -FILES:${PN}-runner = " \ -${libdir}/site-packages/twisted/runner/portmap.so \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/runner\ -" - -FILES:${PN}-web = " \ -${bindir}/websetroot \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_web.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/web\ -" - -FILES:${PN}-words = " \ -${bindir}/im \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_words.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/words\ -" - -FILES:${PN}-flow = " \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_flow.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/flow \" - -FILES:${PN}-pair = " \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/twisted_pair.py* \ -${libdir}/${PYTHON_DIR}/site-packages/twisted/pair \ -" - -FILES:${PN}-doc += " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/python/_pydoctortemplates/ \ -" - -FILES:${PN}-core:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/__pycache__ \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/python/__pycache__/*pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/__init__*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/notestplugin*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/testplugin*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_ftp*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_inet*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_manhole*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_portforward*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_socks*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_telnet*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_trial*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_core*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_qtstub*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_reactors*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/cred*.pyc \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/dropin*.cache \ -" - -FILES:${PN}-names:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_names*.pyc \ -" - -FILES:${PN}-news:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_news*.pyc \ -" - -FILES:${PN}-protocols:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/protocols/__pycache__/*pyc \ -" - -FILES:${PN}-conch:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_conch*.pyc \ -" - -FILES:${PN}-lore:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_lore*.pyc \ -" -FILES:${PN}-mail:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_mail*.pyc \ -" - -FILES:${PN}-web:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_web*.pyc \ -" - -FILES:${PN}-words:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_words*.pyc \ -" - -FILES:${PN}-flow:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_flow*.pyc \ -" - -FILES:${PN}-pair:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_pair*.pyc \ -" - -FILES:${PN}-runner:append = " \ - ${libdir}/${PYTHON_DIR}/site-packages/twisted/plugins/__pycache__/twisted_runner*.pyc \ -" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb new file mode 100644 index 0000000000..336c173893 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb @@ -0,0 +1,176 @@ +DESCRIPTION = "Twisted is an event-driven networking framework written in Python and licensed under the LGPL. \ +Twisted supports TCP, UDP, SSL/TLS, multicast, Unix sockets, a large number of protocols \ +(including HTTP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more." +HOMEPAGE = "https://twisted.org" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1c5d2c2493b848f83864bdedd67bbf5" + +SRC_URI[sha256sum] = "6b38b6ece7296b5e122c9eb17da2eeab3d98a198f50ca9efd00fb03e5b4fd4ae" + +inherit pypi python_hatchling + +do_install:append() { + # remove some useless files before packaging + find ${D} \( -name "*.bat" -o -name "*.c" -o -name "*.h" \) -exec rm -f {} \; +} + +PACKAGES =+ "\ + ${PN}-zsh \ + ${PN}-test \ + ${PN}-protocols \ + ${PN}-conch \ + ${PN}-mail \ + ${PN}-names \ + ${PN}-runner \ + ${PN}-web \ + ${PN}-words \ + ${PN}-pair \ + ${PN}-core \ +" + +DEPENDS += " \ + python3-hatch-fancy-pypi-readme-native \ + python3-incremental-native \ +" + +RDEPENDS:${PN} = "\ + ${PN}-core \ + ${PN}-conch \ + ${PN}-mail \ + ${PN}-names \ + ${PN}-pair \ + ${PN}-protocols \ + ${PN}-runner \ + ${PN}-web \ + ${PN}-words \ + ${PN}-zsh \ +" + +RDEPENDS:${PN}-core = "python3-appdirs \ + python3-asyncio \ + python3-automat \ + python3-constantly \ + python3-core \ + python3-debugger \ + python3-hyperlink \ + python3-incremental \ + python3-pyserial \ + python3-typing-extensions \ + python3-unixadmin \ + python3-zopeinterface \ +" +RDEPENDS:${PN}-test = "${PN} python3-pyhamcrest" +RDEPENDS:${PN}-conch = "${PN}-core ${PN}-protocols python3-bcrypt python3-cryptography python3-pickle" +RDEPENDS:${PN}-mail = "${PN}-core ${PN}-protocols" +RDEPENDS:${PN}-names = "${PN}-core" +RDEPENDS:${PN}-runner = "${PN}-core ${PN}-protocols" +RDEPENDS:${PN}-web += "${PN}-core ${PN}-protocols" +RDEPENDS:${PN}-words += "${PN}-core" +RDEPENDS:${PN}-pair += "${PN}-core" + +FILES:${PN}-test = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/test \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/*/test \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/protocols/haproxy/test/ \ +" + +FILES:${PN}-protocols = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/protocols/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/protocols/haproxy \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/protocols/__pycache__/*pyc \ +" + +FILES:${PN}-zsh = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/python/twisted-completion.zsh \ +" + +FILES:${PN}-conch = " \ + ${bindir}/ckeygen \ + ${bindir}/tkconch \ + ${bindir}/conch \ + ${bindir}/cftp \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_conch.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_conch*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/conch \ +" + +FILES:${PN}-core = " \ + ${bindir}/twist \ + ${bindir}/twistd \ + ${bindir}/trial \ + ${bindir}/pyhtmlizer \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/application \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/cred \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/enterprise \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/internet \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/persisted \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/protocols \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/scripts \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/spread \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/tap \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/trial \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/python/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/logger \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/_threads \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/positioning \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/py.typed \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/__pycache__/*pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/python/__pycache__/*pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/__init__*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/cred_anonymous*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/cred_file*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/cred_memory*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/cred_sshkeys*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/cred_unix*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_core*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_ftp*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_inet*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_portforward*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_reactors*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_socks*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_trial*.pyc \ +" + +FILES:${PN}-mail = " \ + ${bindir}/mailmail \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_mail.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_mail*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/mail \ +" + +FILES:${PN}-names = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_names.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_names*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/names \ +" + +FILES:${PN}-runner = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_runner.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_runner*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/runner \ +" + +FILES:${PN}-web = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_web.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_web*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/web \ +" + +FILES:${PN}-words = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/twisted_words.py* \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/plugins/__pycache__/twisted_words*.pyc \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/words \ +" + +FILES:${PN}-pair = " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/pair \ +" + +FILES:${PN}-doc += " \ + ${PYTHON_SITEPACKAGES_DIR}/twisted/python/_pydoctortemplates \ +" + diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-txdbus_1.1.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-txdbus_1.1.2.bb index d579ca0441..1232f5e99f 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-txdbus_1.1.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-txdbus_1.1.2.bb @@ -9,4 +9,4 @@ SRC_URI[sha256sum] = "8375a5fb68a12054f0def91af800c821fb2232949337756ed975f88d8e inherit pypi setuptools3 -RDEPENDS:${PN} += "python3-six python3-twisted" +RDEPENDS:${PN} += "python3-twisted-core" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-validators_0.24.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-validators_0.28.0.bb index 78261dd67f..36444c0bfc 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-validators_0.24.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-validators_0.28.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://python-validators.github.io/validators" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=b3fb4b9e6db86c69a33d5e3ee013ab59" -SRC_URI[sha256sum] = "cd23defb36de42d14e7559cf0757f761bb46b10d9de2998e6ef805f769d859e3" +SRC_URI[sha256sum] = "85bc82511f6ccd0800f4c15d8c0dc546c15e369640c5ea1f24349ba0b3b17815" inherit pypi python_setuptools_build_meta ptest diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-web3_6.16.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-web3_6.17.0.bb index 01738f22c5..f1be4dcf4d 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-web3_6.16.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-web3_6.17.0.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=373fede350846fdffd23648fba504635" -SRC_URI[sha256sum] = "b10c93476c106acc44b8428e47c61c385b7d0885e82cdc24049d27f521833552" +SRC_URI[sha256sum] = "1b535272a40da3d8d2b120856edb53b84b0c08bcc8fe1a5bbd5f816fd72f4ec6" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-websockets_12.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-websockets_12.0.bb deleted file mode 100644 index f89c3b629e..0000000000 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-websockets_12.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -SUMMARY = "An implementation of the WebSocket Protocol (RFC 6455)" -HOMEPAGE = "https://github.com/aaugustin/websockets" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=51924a6af4495b8cfaee1b1da869b6f4" - -inherit pypi setuptools3 - -SRC_URI[sha256sum] = "81df9cbcbb6c260de1e007e58c011bfebe2dafc8435107b0537f393dd38c8b1b" - -BBCLASSEXTEND = "native nativesdk" - -RDEPENDS:${PN} = " \ - python3-asyncio \ - python3-profile \ -" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-yamlloader_1.3.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-yamlloader_1.4.1.bb index 93c58c11ca..55c48f889c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-yamlloader_1.3.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-yamlloader_1.4.1.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/Phynix/yamlloader" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=6831ef36faa29329bce2420c5356f97e" -SRC_URI[sha256sum] = "7dbd98421d8090c521655f1b06ca030067f29df5253a8878126bce3a90f56817" +SRC_URI[sha256sum] = "b6fe40ecf5af596d840e920670ed3475f9813492bf6e55b24f2ad450c212bab5" inherit pypi python_setuptools_build_meta diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-zeroconf_0.131.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-zeroconf_0.132.0.bb index 4c7bebe760..ea8ef1cb92 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-zeroconf_0.131.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-zeroconf_0.132.0.bb @@ -3,12 +3,13 @@ HOMEPAGE = "https://github.com/jstasiak/python-zeroconf" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=6;endline=6;md5=6517bdc8f2416f27ab725d4702f7aac3" -SRC_URI[sha256sum] = "90c431e99192a044a5e0217afd7ca0ca9824af93190332e6f7baf4da5375f331" +SRC_URI[sha256sum] = "e2dddb9b8e6a9de3c43f943d8547300e6bd49b2043fd719ae830cfe0f2908a5c" -inherit pypi setuptools3 +DEPENDS += "python3-cython-native" + +inherit pypi python_poetry_core RDEPENDS:${PN} += " \ - python3-ifaddr \ - python3-asyncio \ + python3-ifaddr (>=0.1.7) \ python3-async-timeout \ " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_6.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_6.3.bb index 70a634a49b..21d03f2e7d 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_6.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_6.3.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=e54fd776274c1b7423 PYPI_PACKAGE = "zope.interface" inherit pypi setuptools3 -SRC_URI[sha256sum] = "3b6c62813c63c543a06394a636978b22dffa8c5410affc9331ce6cdb5bfa8565" +SRC_URI[sha256sum] = "f83d6b4b22262d9a826c3bd4b2fbfafe1d0000f085ef8e44cd1328eea274ae6a" PACKAGES =. "${PN}-test " diff --git a/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.6.3.bb b/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.2.bb index 7d1ff28589..1fdcc98ca7 100644 --- a/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.6.3.bb +++ b/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.2.bb @@ -16,7 +16,7 @@ HOMEPAGE = "http://pywbem.github.io" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=fbc093901857fcd118f065f900982c24" -SRC_URI[sha256sum] = "78df30dee98c508620b599b8951f322a81c6c0a9d7b78ffe5e017b9417cd97b9" +SRC_URI[sha256sum] = "dc3b785840017f5fcb6381c56682598cebbfc8451851768f85e2318a84e06b68" inherit pypi setuptools3 update-alternatives diff --git a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.2.1.bb b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.3.0.bb index c0a5368d11..127aa8b4a3 100644 --- a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.2.1.bb +++ b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.3.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://pywbemtools.readthedocs.io/en/stable/" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa" -SRC_URI[sha256sum] = "d2ad6c383490ddb3bbb0f737d23a07c7e8c345df65f8309bc554d8455cc913dc" +SRC_URI[sha256sum] = "9d0162b74c0b34d4500c099dddfe518cadc295a1a7bfb0abefa740a134d80fea" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-extended/send2trash/python3-send2trash_1.8.2.bb b/meta-openembedded/meta-python/recipes-extended/send2trash/python3-send2trash_1.8.3.bb index eac89e6297..0bbfb9a11f 100644 --- a/meta-openembedded/meta-python/recipes-extended/send2trash/python3-send2trash_1.8.2.bb +++ b/meta-openembedded/meta-python/recipes-extended/send2trash/python3-send2trash_1.8.3.bb @@ -1,10 +1,10 @@ SUMMARY = "Send file to trash natively under Mac OS X, Windows and Linux" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=a02659c2d5f4cc626e4dcf6504b865eb" +LIC_FILES_CHKSUM = "file://LICENSE;md5=05faa35ba1ca10b723f19d286c9d5237" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "c132d59fa44b9ca2b1699af5c86f57ce9f4c5eb56629d5d55fbb7a35f84e2312" +SRC_URI[sha256sum] = "b18e7a3966d99871aefeb00cfbcfdced55ce4871194810fc71f4aa484b953abf" PYPI_PACKAGE = "Send2Trash" diff --git a/meta-openembedded/meta-webserver/README.md b/meta-openembedded/meta-webserver/README.md index d1b743887c..caa70acdef 100644 --- a/meta-openembedded/meta-webserver/README.md +++ b/meta-openembedded/meta-webserver/README.md @@ -13,13 +13,13 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core subdirectory: meta -branch: master +branch: scarthgap For some recipes, the meta-oe layer is required: URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe -branch: master +branch: scarthgap @@ -50,9 +50,12 @@ Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-webserver]' in the subject. +with '[meta-webserver][scarthgap]' in the subject. -Layer maintainer: Derek Straka <derek@asterius.io> +When sending single patches, please using something like: +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-webserver][scarthgap][PATCH' + +Layer maintainer: Armin Kuster <akuster808@gmail.com> License diff --git a/meta-openembedded/meta-webserver/conf/include/non-repro-meta-webserver.inc b/meta-openembedded/meta-webserver/conf/include/non-repro-meta-webserver.inc new file mode 100755 index 0000000000..ee998ea961 --- /dev/null +++ b/meta-openembedded/meta-webserver/conf/include/non-repro-meta-webserver.inc @@ -0,0 +1,7 @@ +# List of known non-reproducible package of the meta-webserver layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_WEBSERVER = " \ + netdata \ + netdata-dbg \ + php-phar \ +" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch index 3b080f54f6..1abbe0c41f 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch @@ -8,17 +8,16 @@ Log the SELinux context at startup. Upstream-Status: Inappropriate [other] Note: unlikely to be any interest in this upstream - --- configure.in | 5 +++++ server/core.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/configure.in b/configure.in -index ea6cec3..92b74b7 100644 +index 352711a..f58620f 100644 --- a/configure.in +++ b/configure.in -@@ -491,6 +491,11 @@ getloadavg +@@ -514,6 +514,11 @@ gettid dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -27,11 +26,11 @@ index ea6cec3..92b74b7 100644 + APR_ADDTO(AP_LIBS, [-lselinux]) +]) + - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include <unistd.h> + if test $ac_cv_func_gettid = no; then + # On Linux before glibc 2.30, gettid() is only usable via syscall() + AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, diff --git a/server/core.c b/server/core.c -index 4da7209..d3ca25b 100644 +index 30b317e..81f145f 100644 --- a/server/core.c +++ b/server/core.c @@ -65,6 +65,10 @@ @@ -45,7 +44,7 @@ index 4da7209..d3ca25b 100644 /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ -@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5139,6 +5143,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif @@ -74,3 +73,5 @@ index 4da7209..d3ca25b 100644 return OK; } +-- +2.40.0 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch index 3ff6894409..7163dc2b80 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch @@ -11,10 +11,10 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in -index 76811e7..4df3ff3 100644 +index f58620f..b5971b7 100644 --- a/configure.in +++ b/configure.in -@@ -491,10 +491,16 @@ getloadavg +@@ -514,10 +514,16 @@ gettid dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -33,8 +33,8 @@ index 76811e7..4df3ff3 100644 + ]) +fi - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE + if test $ac_cv_func_gettid = no; then + # On Linux before glibc 2.30, gettid() is only usable via syscall() -- -2.25.1 +2.40.0 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb index a6cdfd1659..b96e8b4e17 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" +SRC_URI[sha256sum] = "ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323" S = "${WORKDIR}/httpd-${PV}" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb index b40b148512..601ec7bcd1 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -57,3 +57,5 @@ SYSTEMD_SERVICE:${PN} = "thttpd.service" FILES:${PN} += "${SRV_DIR}" FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" + +CVE_STATUS[CVE-2017-10671] = "fixed-version: No action required. The current version (2.27.1) is not affected by the CVE." diff --git a/meta-openembedded/meta-xfce/README.md b/meta-openembedded/meta-xfce/README.md index 3d6158628f..92c2e65584 100644 --- a/meta-openembedded/meta-xfce/README.md +++ b/meta-openembedded/meta-xfce/README.md @@ -1,10 +1,10 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: scarthgap URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: scarthgap meta-xfce depends on meta-oe, meta-gnome and meta-multimedia in this repository. @@ -13,10 +13,9 @@ this to local.conf: BBMASK = "meta-xfce/recipes-multimedia" -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-xfce]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-xfce][scarthgap]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-xfce][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-xfce][scarthgap][PATCH' -Layer maintainer: Kai Kang <kai.kang@windriver.com> -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-xfce/conf/include/non-repro-meta-xfce.inc b/meta-openembedded/meta-xfce/conf/include/non-repro-meta-xfce.inc new file mode 100755 index 0000000000..aad6b0c24d --- /dev/null +++ b/meta-openembedded/meta-xfce/conf/include/non-repro-meta-xfce.inc @@ -0,0 +1,7 @@ +# List of known non-reproducible package of the meta-xfce layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_XFCE = " \ + catfish \ + libsamba-util0 \ + samba-dbg \ +" diff --git a/meta-raspberrypi/conf/layer.conf b/meta-raspberrypi/conf/layer.conf index 9488ac9380..deea4a1a89 100644 --- a/meta-raspberrypi/conf/layer.conf +++ b/meta-raspberrypi/conf/layer.conf @@ -11,6 +11,9 @@ BBFILE_PRIORITY_raspberrypi = "9" LAYERSERIES_COMPAT_raspberrypi = "nanbield scarthgap" LAYERDEPENDS_raspberrypi = "core" +# Recommended for u-boot support for raspberrypi5 +# https://git.yoctoproject.org/meta-lts-mixins 'scarthgap/u-boot' branch +LAYERRECOMMENDS_raspberrypi = "lts-u-boot-mixin" # Additional license directories. LICENSE_PATH += "${LAYERDIR}/files/custom-licenses" diff --git a/meta-raspberrypi/conf/machine/raspberrypi5.conf b/meta-raspberrypi/conf/machine/raspberrypi5.conf index 8c38637a2a..03f15c35fb 100644 --- a/meta-raspberrypi/conf/machine/raspberrypi5.conf +++ b/meta-raspberrypi/conf/machine/raspberrypi5.conf @@ -22,5 +22,11 @@ SERIAL_CONSOLES ?= "115200;ttyAMA10" VC4DTBO ?= "vc4-kms-v3d" +# When u-boot is enabled we need to use the "Image" format and the "booti" +# command to load the kernel +KERNEL_IMAGETYPE_UBOOT ?= "Image" # "zImage" not supported on arm64 and ".gz" images not supported by bootloader yet KERNEL_IMAGETYPE_DIRECT ?= "Image" +KERNEL_BOOTCMD ?= "booti" + +UBOOT_MACHINE = "rpi_arm64_config" diff --git a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb index a22f50d643..461934b9e4 100644 --- a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb +++ b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb @@ -46,6 +46,9 @@ CMDLINE_ISOL_CPUS ?= "${@setup_isolcpus(d)}" # if the MAC addresses are omitted, random values will be used CMDLINE_RNDIS ?= "" +# That allows to keep the traditional network interface names +CMDLINE_IFNAMES ?= "net.ifnames=0" + CMDLINE = " \ ${CMDLINE_ISOL_CPUS} \ ${CMDLINE_DWC_OTG} \ @@ -57,6 +60,7 @@ CMDLINE = " \ ${CMDLINE_PITFT} \ ${CMDLINE_DEBUG} \ ${CMDLINE_RNDIS} \ + ${CMDLINE_IFNAMES} \ " do_compile() { diff --git a/meta-raspberrypi/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-raspberrypi/recipes-bsp/u-boot/u-boot_%.bbappend index 78b3e484aa..e50acf5fb3 100644 --- a/meta-raspberrypi/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-raspberrypi/recipes-bsp/u-boot/u-boot_%.bbappend @@ -12,6 +12,3 @@ do_install:append:rpi () { install -d ${D}${sysconfdir} install -m 0644 ${WORKDIR}/fw_env.config ${D}${sysconfdir}/fw_env.config } - -# Temporary avoid Raspberry Pi 5 because U-Boot has not been ported yet -COMPATIBLE_MACHINE:raspberrypi5 = "(-)" diff --git a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb index 959513dcac..1b4305820e 100644 --- a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb +++ b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb @@ -34,6 +34,7 @@ do_install() { for fw in \ brcmfmac43430-sdio \ + brcmfmac43430b0-sdio \ brcmfmac43436-sdio \ brcmfmac43436s-sdio \ brcmfmac43455-sdio \ @@ -69,7 +70,10 @@ FILES:${PN}-bcm43430 = " \ ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.bin \ ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.clm_blob \ " -FILES:${PN}-bcm43436 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43436-*" +FILES:${PN}-bcm43436 = " \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43436-* \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43430b0-* \ +" FILES:${PN}-bcm43436s = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43436s*" FILES:${PN}-bcm43439 = " \ ${nonarch_base_libdir}/firmware/cypress/43439A0-7.95.49.00.combined \ diff --git a/meta-raspberrypi/recipes-kernel/linux/files/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch b/meta-raspberrypi/recipes-kernel/linux/files/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch deleted file mode 100644 index 4f6468761c..0000000000 --- a/meta-raspberrypi/recipes-kernel/linux/files/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 32f53700aeef2f5c7797ddda66348fc0b29e1047 Mon Sep 17 00:00:00 2001 -From: Kees Cook <keescook@chromium.org> -Date: Wed, 18 Jan 2023 12:21:35 -0800 -Subject: [PATCH] gcc-plugins: Reorganize gimple includes for GCC 13 - -The gimple-iterator.h header must be included before gimple-fold.h -starting with GCC 13. Reorganize gimple headers to work for all GCC -versions. - -Reported-by: Palmer Dabbelt <palmer@rivosinc.com> -Acked-by: Palmer Dabbelt <palmer@rivosinc.com> -Link: https://lore.kernel.org/all/20230113173033.4380-1-palmer@rivosinc.com/ -Cc: linux-hardening@vger.kernel.org -Signed-off-by: Kees Cook <keescook@chromium.org> ---- -Upstream-Status: Pending - - scripts/gcc-plugins/gcc-common.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index 0c087614fc3e..27770c31214c 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -77,8 +77,10 @@ - #include "varasm.h" - #include "stor-layout.h" - #include "internal-fn.h" -+#include "gimple.h" - #include "gimple-expr.h" - #include "gimple-fold.h" -+#include "gimple-iterator.h" - #include "context.h" - #include "tree-ssa-alias.h" - #include "tree-ssa.h" -@@ -91,11 +93,9 @@ - #include "tree-eh.h" - #include "stmt.h" - #include "gimplify.h" --#include "gimple.h" - #include "tree-ssa-operands.h" - #include "tree-phinodes.h" - #include "tree-cfg.h" --#include "gimple-iterator.h" - #include "gimple-ssa.h" - #include "ssa-iterators.h" - --- -2.39.1 - diff --git a/meta-raspberrypi/recipes-kernel/linux/files/raspberrypi4-64/rpi4-64-kernel-misc.cfg b/meta-raspberrypi/recipes-kernel/linux/files/raspberrypi4-64/rpi4-64-kernel-misc.cfg deleted file mode 100644 index fd97ed71f1..0000000000 --- a/meta-raspberrypi/recipes-kernel/linux/files/raspberrypi4-64/rpi4-64-kernel-misc.cfg +++ /dev/null @@ -1,2 +0,0 @@ -# see emmc node -CONFIG_MMC_SDHCI_IPROC=y diff --git a/meta-raspberrypi/recipes-kernel/linux/files/rpi.scc b/meta-raspberrypi/recipes-kernel/linux/files/rpi.scc deleted file mode 100644 index bb6fffd978..0000000000 --- a/meta-raspberrypi/recipes-kernel/linux/files/rpi.scc +++ /dev/null @@ -1 +0,0 @@ -patch 0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_5.15.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_5.15.bb deleted file mode 100644 index 788398514f..0000000000 --- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_5.15.bb +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> -# -# SPDX-License-Identifier: MIT - -require linux-raspberrypi-v7.inc -require linux-raspberrypi_5.15.bb diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb deleted file mode 100644 index 3f167bb29d..0000000000 --- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb +++ /dev/null @@ -1,32 +0,0 @@ -LINUX_VERSION ?= "5.15.92" -LINUX_RPI_BRANCH ?= "rpi-5.15.y" -LINUX_RPI_KMETA_BRANCH ?= "yocto-5.15" - -SRCREV_machine = "14b35093ca68bf2c81bbc90aace5007142b40b40" -SRCREV_meta = "509f4b9d68337f103633d48b621c1c9aa0dc975d" - -KMETA = "kernel-meta" - -SRC_URI = " \ - git://github.com/raspberrypi/linux.git;name=machine;branch=${LINUX_RPI_BRANCH};protocol=https \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=${LINUX_RPI_KMETA_BRANCH};destsuffix=${KMETA} \ - file://rpi.scc \ - file://powersave.cfg \ - file://android-drivers.cfg \ - " - -require linux-raspberrypi.inc - -KERNEL_DTC_FLAGS += "-@ -H epapr" - -RDEPENDS:${KERNEL_PACKAGE_NAME}:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}" -RDEPENDS:${KERNEL_PACKAGE_NAME}-base:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-base" -RDEPENDS:${KERNEL_PACKAGE_NAME}-image:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-image" -RDEPENDS:${KERNEL_PACKAGE_NAME}-dev:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dev" -RDEPENDS:${KERNEL_PACKAGE_NAME}-vmlinux:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-vmlinux" -RDEPENDS:${KERNEL_PACKAGE_NAME}-modules:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-modules" -RDEPENDS:${KERNEL_PACKAGE_NAME}-dbg:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dbg" - -DEPLOYDEP = "" -DEPLOYDEP:raspberrypi-armv7 = "${RASPBERRYPI_v7_KERNEL}:do_deploy" -do_deploy[depends] += "${DEPLOYDEP}" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb index 7060a643b8..7ed9569df2 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb @@ -19,13 +19,13 @@ DEPENDS = "openssl" SRC_URI = "git://git.code.sf.net/p/ibmswtpm2/tpm2;protocol=https;branch=master \ file://tune-makefile.patch \ " -SRCREV = "5452af422edeff70fcae8ea99dd28a0922051d7b" +SRCREV = "c37c74438429e1d5fe465232e7bf894b239a2cd4" -UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2" +UPSTREAM_CHECK_GITTAGREGEX = "rev(?P<pver>\d+(\-\d+)+)" S = "${WORKDIR}/git/src" -CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO" +CFLAGS += "-Wno-error=maybe-uninitialized" do_compile () { make CC='${CC}' diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch index cfda80f41f..46af137f45 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch @@ -1,4 +1,4 @@ -From 26091b7830d84a12308442b238652ee9475d407b Mon Sep 17 00:00:00 2001 +From 68fafb3516b6004d27f882273f934bda3f4714b4 Mon Sep 17 00:00:00 2001 From: Jens Rehsack <sno@netbsd.org> Date: Fri, 11 Sep 2020 07:46:41 +0200 Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs @@ -15,15 +15,17 @@ Signed-off-by: Jens Rehsack <sno@netbsd.org> utils12/Makefile.am | 8 ++++- 2 files changed, 79 insertions(+), 4 deletions(-) -Index: git/utils/Makefile.am -=================================================================== ---- git.orig/utils/Makefile.am -+++ git/utils/Makefile.am -@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la +diff --git a/utils/Makefile.am b/utils/Makefile.am +index 7457269..14689c0 100755 +--- a/utils/Makefile.am ++++ b/utils/Makefile.am +@@ -93,9 +93,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS) $(EFIBOOT_LIBS) noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h # install every header in ibmtss -nobase_include_HEADERS = ibmtss/*.h +- +-notrans_man_MANS = man/man1/*.1 +nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \ + ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \ + ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \ @@ -63,8 +65,7 @@ Index: git/utils/Makefile.am + ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \ + ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \ + ibmtss/ZGen_2Phase_fp.h - --notrans_man_MANS = man/man1/*.1 ++ +notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \ + man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \ + man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \ @@ -100,11 +101,11 @@ Index: git/utils/Makefile.am if CONFIG_TPM20 noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h -Index: git/utils12/Makefile.am -=================================================================== ---- git.orig/utils12/Makefile.am -+++ git/utils12/Makefile.am -@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src +diff --git a/utils12/Makefile.am b/utils12/Makefile.am +index 031d0de..02f4e21 100644 +--- a/utils12/Makefile.am ++++ b/utils12/Makefile.am +@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils # result: [current-age].age.revision libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la @@ -118,4 +119,7 @@ Index: git/utils12/Makefile.am + man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1 noinst_HEADERS = ekutils12.h - bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend + if !CONFIG_TSS_NOPRINT +-- +2.25.1 + diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb index 2daca5a280..8e941d118e 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb @@ -17,14 +17,12 @@ DEPENDS = "openssl ibmswtpm2" inherit autotools pkgconfig -SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573" SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \ file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ - " + " +SRCREV = "0b9d77e304f68228b13b20ff0d72b0c16ffd2651" -UPSTREAM_CHECK_COMMITS = "1" -UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2" -UPSTREAM_CHECK_GITTAGREGEX = "rev.*)" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" EXTRA_OECONF = "--disable-tpm-1.2" diff --git a/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch b/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch deleted file mode 100644 index d365ec11b8..0000000000 --- a/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4b1de197ee0dd259cc05d5faf7fd38b580d841d2 Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster808@gmail.com> -Date: Tue, 2 May 2023 16:22:13 -0400 -Subject: [PATCH] osdetection: add OpenEmbedded and Poky - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Upstream-Status: Pending -https://github.com/CISOfy/lynis/pull/1390 - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - ---- - include/osdetection | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/include/osdetection b/include/osdetection -index 989b1b3..e5974e5 100644 ---- a/include/osdetection -+++ b/include/osdetection -@@ -308,6 +308,12 @@ - OS_REDHAT_OR_CLONE=1 - OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') - ;; -+ "nodistro") -+ LINUX_VERSION="openembedded" -+ OS_NAME="OpenEmbedded" -+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -+ ;; - "opensuse-tumbleweed") - LINUX_VERSION="openSUSE Tumbleweed" - # It's rolling release but has a snapshot version (the date of the snapshot) -@@ -330,6 +336,14 @@ - OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') - OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') - ;; -+ "poky") -+ LINUX_VERSION="Poky" -+ OS_NAME="openembedded" -+ LINUX_VERSION_LIKE="openembedded" -+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -+ OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -+ -+ ;; - "pop") - LINUX_VERSION="Pop!_OS" - LINUX_VERSION_LIKE="Ubuntu" --- -2.25.1 - diff --git a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb b/meta-security/recipes-compliance/lynis/lynis_3.1.1.bb index b8b97a53a1..b69f4dfd6d 100644 --- a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb +++ b/meta-security/recipes-compliance/lynis/lynis_3.1.1.bb @@ -6,11 +6,9 @@ HOMEDIR = "https://cisofy.com/" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" -SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz \ - file://0001-osdetection-add-OpenEmbedded-and-Poky.patch \ - " +SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "f394df7d20391fb76e975ae88f3eba1da05ac9c4945e2c7f709326e185e17025" +SRC_URI[sha256sum] = "d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3" #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis" diff --git a/poky/bitbake/bin/bitbake b/poky/bitbake/bin/bitbake index 382983e087..f494eaa132 100755 --- a/poky/bitbake/bin/bitbake +++ b/poky/bitbake/bin/bitbake @@ -27,7 +27,7 @@ from bb.main import bitbake_main, BitBakeConfigParameters, BBMainException bb.utils.check_system_locale() -__version__ = "2.9.0" +__version__ = "2.8.0" if __name__ == "__main__": if __version__ != bb.__version__: diff --git a/poky/bitbake/lib/bb/__init__.py b/poky/bitbake/lib/bb/__init__.py index 15013540c2..cdec9e4d6c 100644 --- a/poky/bitbake/lib/bb/__init__.py +++ b/poky/bitbake/lib/bb/__init__.py @@ -9,7 +9,7 @@ # SPDX-License-Identifier: GPL-2.0-only # -__version__ = "2.9.0" +__version__ = "2.8.0" import sys if sys.version_info < (3, 8, 0): @@ -36,6 +36,7 @@ class BBHandledException(Exception): import os import logging +from collections import namedtuple class NullHandler(logging.Handler): @@ -227,3 +228,14 @@ def deprecate_import(current, modulename, fromlist, renames = None): setattr(sys.modules[current], newname, newobj) +TaskData = namedtuple("TaskData", [ + "pn", + "taskname", + "fn", + "deps", + "provides", + "taskhash", + "unihash", + "hashfn", + "taskhash_deps", +]) diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py index c5bfef55d6..6318ef4a8f 100644 --- a/poky/bitbake/lib/bb/cooker.py +++ b/poky/bitbake/lib/bb/cooker.py @@ -315,13 +315,13 @@ class BBCooker: dbfile = (self.data.getVar("PERSISTENT_DIR") or self.data.getVar("CACHE")) + "/hashserv.db" upstream = self.data.getVar("BB_HASHSERVE_UPSTREAM") or None if upstream: - import socket try: - sock = socket.create_connection(upstream.split(":"), 5) - sock.close() - except socket.error as e: + with hashserv.create_client(upstream) as client: + client.ping() + except (ConnectionError, ImportError) as e: bb.warn("BB_HASHSERVE_UPSTREAM is not valid, unable to connect hash equivalence server at '%s': %s" % (upstream, repr(e))) + upstream = None self.hashservaddr = "unix://%s/hashserve.sock" % self.data.getVar("TOPDIR") self.hashserv = hashserv.create_server( @@ -1459,7 +1459,6 @@ class BBCooker: if t in task or getAllTaskSignatures: try: - rq.rqdata.prepare_task_hash(tid) sig.append([pn, t, rq.rqdata.get_task_unihash(tid)]) except KeyError: sig.append(self.getTaskSignatures(target, [t])[0]) diff --git a/poky/bitbake/lib/bb/fetch2/gcp.py b/poky/bitbake/lib/bb/fetch2/gcp.py index f40ce2eaa5..eb3e0c6a6b 100644 --- a/poky/bitbake/lib/bb/fetch2/gcp.py +++ b/poky/bitbake/lib/bb/fetch2/gcp.py @@ -23,6 +23,7 @@ import urllib.parse, urllib.error from bb.fetch2 import FetchMethod from bb.fetch2 import FetchError from bb.fetch2 import logger +from bb.fetch2 import runfetchcmd class GCP(FetchMethod): """ diff --git a/poky/bitbake/lib/bb/fetch2/wget.py b/poky/bitbake/lib/bb/fetch2/wget.py index fbfa6938ac..2e92117634 100644 --- a/poky/bitbake/lib/bb/fetch2/wget.py +++ b/poky/bitbake/lib/bb/fetch2/wget.py @@ -108,7 +108,8 @@ class Wget(FetchMethod): fetchcmd = self.basecmd - localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile) + ".tmp" + dldir = os.path.realpath(d.getVar("DL_DIR")) + localpath = os.path.join(dldir, ud.localfile) + ".tmp" bb.utils.mkdirhier(os.path.dirname(localpath)) fetchcmd += " -O %s" % shlex.quote(localpath) @@ -128,12 +129,21 @@ class Wget(FetchMethod): uri = ud.url.split(";")[0] if os.path.exists(ud.localpath): # file exists, but we didnt complete it.. trying again.. - fetchcmd += d.expand(" -c -P ${DL_DIR} '%s'" % uri) + fetchcmd += " -c -P " + dldir + " '" + uri + "'" else: - fetchcmd += d.expand(" -P ${DL_DIR} '%s'" % uri) + fetchcmd += " -P " + dldir + " '" + uri + "'" self._runwget(ud, d, fetchcmd, False) + # Sanity check since wget can pretend it succeed when it didn't + # Also, this used to happen if sourceforge sent us to the mirror page + if not os.path.exists(localpath): + raise FetchError("The fetch command returned success for url %s but %s doesn't exist?!" % (uri, localpath), uri) + + if os.path.getsize(localpath) == 0: + os.remove(localpath) + raise FetchError("The fetch of %s resulted in a zero size file?! Deleting and failing since this isn't right." % (uri), uri) + # Try and verify any checksum now, meaning if it isn't correct, we don't remove the # original file, which might be a race (imagine two recipes referencing the same # source, one with an incorrect checksum) @@ -143,15 +153,6 @@ class Wget(FetchMethod): # Our lock prevents multiple writers but mirroring code may grab incomplete files os.rename(localpath, localpath[:-4]) - # Sanity check since wget can pretend it succeed when it didn't - # Also, this used to happen if sourceforge sent us to the mirror page - if not os.path.exists(ud.localpath): - raise FetchError("The fetch command returned success for url %s but %s doesn't exist?!" % (uri, ud.localpath), uri) - - if os.path.getsize(ud.localpath) == 0: - os.remove(ud.localpath) - raise FetchError("The fetch of %s resulted in a zero size file?! Deleting and failing since this isn't right." % (uri), uri) - return True def checkstatus(self, fetch, ud, d, try_again=True): diff --git a/poky/bitbake/lib/bb/parse/__init__.py b/poky/bitbake/lib/bb/parse/__init__.py index a4358f1374..7ffdaa6fd7 100644 --- a/poky/bitbake/lib/bb/parse/__init__.py +++ b/poky/bitbake/lib/bb/parse/__init__.py @@ -49,20 +49,23 @@ class SkipPackage(SkipRecipe): __mtime_cache = {} def cached_mtime(f): if f not in __mtime_cache: - __mtime_cache[f] = os.stat(f)[stat.ST_MTIME] + res = os.stat(f) + __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino) return __mtime_cache[f] def cached_mtime_noerror(f): if f not in __mtime_cache: try: - __mtime_cache[f] = os.stat(f)[stat.ST_MTIME] + res = os.stat(f) + __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino) except OSError: return 0 return __mtime_cache[f] def check_mtime(f, mtime): try: - current_mtime = os.stat(f)[stat.ST_MTIME] + res = os.stat(f) + current_mtime = (res.st_mtime_ns, res.st_size, res.st_ino) __mtime_cache[f] = current_mtime except OSError: current_mtime = 0 @@ -70,7 +73,8 @@ def check_mtime(f, mtime): def update_mtime(f): try: - __mtime_cache[f] = os.stat(f)[stat.ST_MTIME] + res = os.stat(f) + __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino) except OSError: if f in __mtime_cache: del __mtime_cache[f] diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index bc7e18175d..93079a9776 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -1273,27 +1273,41 @@ class RunQueueData: bb.parse.siggen.set_setscene_tasks(self.runq_setscene_tids) + starttime = time.time() + lasttime = starttime + # Iterate over the task list and call into the siggen code dealtwith = set() todeal = set(self.runtaskentries) while todeal: + ready = set() for tid in todeal.copy(): if not (self.runtaskentries[tid].depends - dealtwith): - dealtwith.add(tid) - todeal.remove(tid) - self.prepare_task_hash(tid) - bb.event.check_for_interrupts(self.cooker.data) + self.runtaskentries[tid].taskhash_deps = bb.parse.siggen.prep_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches) + # get_taskhash for a given tid *must* be called before get_unihash* below + self.runtaskentries[tid].hash = bb.parse.siggen.get_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches) + ready.add(tid) + unihashes = bb.parse.siggen.get_unihashes(ready) + for tid in ready: + dealtwith.add(tid) + todeal.remove(tid) + self.runtaskentries[tid].unihash = unihashes[tid] + + bb.event.check_for_interrupts(self.cooker.data) + + if time.time() > (lasttime + 30): + lasttime = time.time() + hashequiv_logger.verbose("Initial setup loop progress: %s of %s in %s" % (len(todeal), len(self.runtaskentries), lasttime - starttime)) + + endtime = time.time() + if (endtime-starttime > 60): + hashequiv_logger.verbose("Initial setup loop took: %s" % (endtime-starttime)) bb.parse.siggen.writeout_file_checksum_cache() #self.dump_data() return len(self.runtaskentries) - def prepare_task_hash(self, tid): - bb.parse.siggen.prep_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches) - self.runtaskentries[tid].hash = bb.parse.siggen.get_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches) - self.runtaskentries[tid].unihash = bb.parse.siggen.get_unihash(tid) - def dump_data(self): """ Dump some debug information on the internal data structures @@ -2438,14 +2452,17 @@ class RunQueueExecute: taskdepdata_cache = {} for task in self.rqdata.runtaskentries: (mc, fn, taskname, taskfn) = split_tid_mcfn(task) - pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn] - deps = self.rqdata.runtaskentries[task].depends - provides = self.rqdata.dataCaches[mc].fn_provides[taskfn] - taskhash = self.rqdata.runtaskentries[task].hash - unihash = self.rqdata.runtaskentries[task].unihash - deps = self.filtermcdeps(task, mc, deps) - hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn] - taskdepdata_cache[task] = [pn, taskname, fn, deps, provides, taskhash, unihash, hashfn] + taskdepdata_cache[task] = bb.TaskData( + pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn], + taskname = taskname, + fn = fn, + deps = self.filtermcdeps(task, mc, self.rqdata.runtaskentries[task].depends), + provides = self.rqdata.dataCaches[mc].fn_provides[taskfn], + taskhash = self.rqdata.runtaskentries[task].hash, + unihash = self.rqdata.runtaskentries[task].unihash, + hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn], + taskhash_deps = self.rqdata.runtaskentries[task].taskhash_deps, + ) self.taskdepdata_cache = taskdepdata_cache @@ -2460,9 +2477,11 @@ class RunQueueExecute: while next: additional = [] for revdep in next: - self.taskdepdata_cache[revdep][6] = self.rqdata.runtaskentries[revdep].unihash + self.taskdepdata_cache[revdep] = self.taskdepdata_cache[revdep]._replace( + unihash=self.rqdata.runtaskentries[revdep].unihash + ) taskdepdata[revdep] = self.taskdepdata_cache[revdep] - for revdep2 in self.taskdepdata_cache[revdep][3]: + for revdep2 in self.taskdepdata_cache[revdep].deps: if revdep2 not in taskdepdata: additional.append(revdep2) next = additional @@ -2556,17 +2575,28 @@ class RunQueueExecute: elif self.rqdata.runtaskentries[p].depends.isdisjoint(total): next.add(p) + starttime = time.time() + lasttime = starttime + # When an item doesn't have dependencies in total, we can process it. Drop items from total when handled while next: current = next.copy() next = set() + ready = {} for tid in current: if self.rqdata.runtaskentries[p].depends and not self.rqdata.runtaskentries[tid].depends.isdisjoint(total): continue + # get_taskhash for a given tid *must* be called before get_unihash* below + ready[tid] = bb.parse.siggen.get_taskhash(tid, self.rqdata.runtaskentries[tid].depends, self.rqdata.dataCaches) + + unihashes = bb.parse.siggen.get_unihashes(ready.keys()) + + for tid in ready: orighash = self.rqdata.runtaskentries[tid].hash - newhash = bb.parse.siggen.get_taskhash(tid, self.rqdata.runtaskentries[tid].depends, self.rqdata.dataCaches) + newhash = ready[tid] origuni = self.rqdata.runtaskentries[tid].unihash - newuni = bb.parse.siggen.get_unihash(tid) + newuni = unihashes[tid] + # FIXME, need to check it can come from sstate at all for determinism? remapped = False if newuni == origuni: @@ -2587,6 +2617,15 @@ class RunQueueExecute: next |= self.rqdata.runtaskentries[tid].revdeps total.remove(tid) next.intersection_update(total) + bb.event.check_for_interrupts(self.cooker.data) + + if time.time() > (lasttime + 30): + lasttime = time.time() + hashequiv_logger.verbose("Rehash loop slow progress: %s in %s" % (len(total), lasttime - starttime)) + + endtime = time.time() + if (endtime-starttime > 60): + hashequiv_logger.verbose("Rehash loop took more than 60s: %s" % (endtime-starttime)) if changed: for mc in self.rq.worker: @@ -2806,13 +2845,19 @@ class RunQueueExecute: additional = [] for revdep in next: (mc, fn, taskname, taskfn) = split_tid_mcfn(revdep) - pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn] deps = getsetscenedeps(revdep) - provides = self.rqdata.dataCaches[mc].fn_provides[taskfn] - taskhash = self.rqdata.runtaskentries[revdep].hash - unihash = self.rqdata.runtaskentries[revdep].unihash - hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn] - taskdepdata[revdep] = [pn, taskname, fn, deps, provides, taskhash, unihash, hashfn] + + taskdepdata[revdep] = bb.TaskData( + pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn], + taskname = taskname, + fn = fn, + deps = deps, + provides = self.rqdata.dataCaches[mc].fn_provides[taskfn], + taskhash = self.rqdata.runtaskentries[revdep].hash, + unihash = self.rqdata.runtaskentries[revdep].unihash, + hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn], + taskhash_deps = self.rqdata.runtaskentries[revdep].taskhash_deps, + ) for revdep2 in deps: if revdep2 not in taskdepdata: additional.append(revdep2) diff --git a/poky/bitbake/lib/bb/siggen.py b/poky/bitbake/lib/bb/siggen.py index 8ab08ec961..65ca0811d5 100644 --- a/poky/bitbake/lib/bb/siggen.py +++ b/poky/bitbake/lib/bb/siggen.py @@ -381,7 +381,7 @@ class SignatureGeneratorBasic(SignatureGenerator): self.taints[tid] = taint logger.warning("%s is tainted from a forced run" % tid) - return + return set(dep for _, dep in self.runtaskdeps[tid]) def get_taskhash(self, tid, deps, dataCaches): @@ -726,10 +726,13 @@ class SignatureGeneratorUniHashMixIn(object): return result if self.max_parallel <= 1 or len(queries) <= 1: - # No parallelism required. Make the query serially with the single client + # No parallelism required. Make the query using a single client with self.client() as client: - for tid, args in queries.items(): - query_result[tid] = client.get_unihash(*args) + keys = list(queries.keys()) + unihashes = client.get_unihash_batch(queries[k] for k in keys) + + for idx, k in enumerate(keys): + query_result[k] = unihashes[idx] else: with self.client_pool() as client_pool: query_result = client_pool.get_unihashes(queries) diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index 85c1f79ff3..33cc9bcac6 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -1421,7 +1421,7 @@ class FetchLatestVersionTest(FetcherTest): # combination version pattern ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof.git;protocol=https;branch=master", "cd44ee6644c3641507fb53b8a2a69137f2971219", "", "") : "1.2.0", - ("u-boot-mkimage", "git://git.denx.de/u-boot.git;branch=master;protocol=git", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "", "") + ("u-boot-mkimage", "git://source.denx.de/u-boot/u-boot.git;branch=master;protocol=https", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "", "") : "2014.01", # version pattern "yyyymmdd" ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master", "4ed19e11c2975105b71b956440acdb25d46a347d", "", "") @@ -1511,7 +1511,7 @@ class FetchLatestVersionTest(FetcherTest): def test_wget_latest_versionstring(self): testdata = os.path.dirname(os.path.abspath(__file__)) + "/fetch-testdata" - server = HTTPService(testdata) + server = HTTPService(testdata, host="127.0.0.1") server.start() port = server.port try: @@ -1519,10 +1519,10 @@ class FetchLatestVersionTest(FetcherTest): self.d.setVar("PN", k[0]) checkuri = "" if k[2]: - checkuri = "http://localhost:%s/" % port + k[2] + checkuri = "http://127.0.0.1:%s/" % port + k[2] self.d.setVar("UPSTREAM_CHECK_URI", checkuri) self.d.setVar("UPSTREAM_CHECK_REGEX", k[3]) - url = "http://localhost:%s/" % port + k[1] + url = "http://127.0.0.1:%s/" % port + k[1] ud = bb.fetch2.FetchData(url, self.d) pupver = ud.method.latest_versionstring(ud, self.d) verstring = pupver[0] diff --git a/poky/bitbake/lib/hashserv/client.py b/poky/bitbake/lib/hashserv/client.py index 0b254beddd..775faf935a 100644 --- a/poky/bitbake/lib/hashserv/client.py +++ b/poky/bitbake/lib/hashserv/client.py @@ -5,6 +5,7 @@ import logging import socket +import asyncio import bb.asyncrpc import json from . import create_async_client @@ -13,6 +14,66 @@ from . import create_async_client logger = logging.getLogger("hashserv.client") +class Batch(object): + def __init__(self): + self.done = False + self.cond = asyncio.Condition() + self.pending = [] + self.results = [] + self.sent_count = 0 + + async def recv(self, socket): + while True: + async with self.cond: + await self.cond.wait_for(lambda: self.pending or self.done) + + if not self.pending: + if self.done: + return + continue + + r = await socket.recv() + self.results.append(r) + + async with self.cond: + self.pending.pop(0) + + async def send(self, socket, msgs): + try: + # In the event of a restart due to a reconnect, all in-flight + # messages need to be resent first to keep to result count in sync + for m in self.pending: + await socket.send(m) + + for m in msgs: + # Add the message to the pending list before attempting to send + # it so that if the send fails it will be retried + async with self.cond: + self.pending.append(m) + self.cond.notify() + self.sent_count += 1 + + await socket.send(m) + + finally: + async with self.cond: + self.done = True + self.cond.notify() + + async def process(self, socket, msgs): + await asyncio.gather( + self.recv(socket), + self.send(socket, msgs), + ) + + if len(self.results) != self.sent_count: + raise ValueError( + f"Expected result count {len(self.results)}. Expected {self.sent_count}" + ) + + return self.results + + class AsyncClient(bb.asyncrpc.AsyncClient): MODE_NORMAL = 0 MODE_GET_STREAM = 1 @@ -36,11 +97,27 @@ class AsyncClient(bb.asyncrpc.AsyncClient): if become: await self.become_user(become) - async def send_stream(self, mode, msg): + async def send_stream_batch(self, mode, msgs): + """ + Does a "batch" process of stream messages. This sends the query + messages as fast as possible, and simultaneously attempts to read the + messages back. This helps to mitigate the effects of latency to the + hash equivalence server be allowing multiple queries to be "in-flight" + at once + + The implementation does more complicated tracking using a count of sent + messages so that `msgs` can be a generator function (i.e. its length is + unknown) + + """ + + b = Batch() + async def proc(): + nonlocal b + await self._set_mode(mode) - await self.socket.send(msg) - return await self.socket.recv() + return await b.process(self.socket, msgs) return await self._send_wrapper(proc) @@ -89,10 +166,15 @@ class AsyncClient(bb.asyncrpc.AsyncClient): self.mode = new_mode async def get_unihash(self, method, taskhash): - r = await self.send_stream(self.MODE_GET_STREAM, "%s %s" % (method, taskhash)) - if not r: - return None - return r + r = await self.get_unihash_batch([(method, taskhash)]) + return r[0] + + async def get_unihash_batch(self, args): + result = await self.send_stream_batch( + self.MODE_GET_STREAM, + (f"{method} {taskhash}" for method, taskhash in args), + ) + return [r if r else None for r in result] async def report_unihash(self, taskhash, method, outhash, unihash, extra={}): m = extra.copy() @@ -115,8 +197,12 @@ class AsyncClient(bb.asyncrpc.AsyncClient): ) async def unihash_exists(self, unihash): - r = await self.send_stream(self.MODE_EXIST_STREAM, unihash) - return r == "true" + r = await self.unihash_exists_batch([unihash]) + return r[0] + + async def unihash_exists_batch(self, unihashes): + result = await self.send_stream_batch(self.MODE_EXIST_STREAM, unihashes) + return [r == "true" for r in result] async def get_outhash(self, method, outhash, taskhash, with_unihash=True): return await self.invoke( @@ -237,10 +323,12 @@ class Client(bb.asyncrpc.Client): "connect_tcp", "connect_websocket", "get_unihash", + "get_unihash_batch", "report_unihash", "report_unihash_equiv", "get_taskhash", "unihash_exists", + "unihash_exists_batch", "get_outhash", "get_stats", "reset_stats", diff --git a/poky/bitbake/lib/hashserv/tests.py b/poky/bitbake/lib/hashserv/tests.py index 0809453cf8..5349cd5867 100644 --- a/poky/bitbake/lib/hashserv/tests.py +++ b/poky/bitbake/lib/hashserv/tests.py @@ -594,6 +594,43 @@ class HashEquivalenceCommonTests(object): 7: None, }) + def test_get_unihash_batch(self): + TEST_INPUT = ( + # taskhash outhash unihash + ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'), + # Duplicated taskhash with multiple output hashes and unihashes. + ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'), + # Equivalent hash + ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"), + ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"), + ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'), + ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'), + ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'), + ) + EXTRA_QUERIES = ( + "6b6be7a84ab179b4240c4302518dc3f6", + ) + + for taskhash, outhash, unihash in TEST_INPUT: + self.client.report_unihash(taskhash, self.METHOD, outhash, unihash) + + + result = self.client.get_unihash_batch( + [(self.METHOD, data[0]) for data in TEST_INPUT] + + [(self.METHOD, e) for e in EXTRA_QUERIES] + ) + + self.assertListEqual(result, [ + "218e57509998197d570e2c98512d0105985dffc9", + "218e57509998197d570e2c98512d0105985dffc9", + "218e57509998197d570e2c98512d0105985dffc9", + "3b5d3d83f07f259e9086fcb422c855286e18a57d", + "f46d3fbb439bd9b921095da657a4de906510d2cd", + "f46d3fbb439bd9b921095da657a4de906510d2cd", + "05d2a63c81e32f0a36542ca677e8ad852365c538", + None, + ]) + def test_client_pool_unihash_exists(self): TEST_INPUT = ( # taskhash outhash unihash @@ -636,6 +673,44 @@ class HashEquivalenceCommonTests(object): result = client_pool.unihashes_exist(query) self.assertDictEqual(result, expected) + def test_unihash_exists_batch(self): + TEST_INPUT = ( + # taskhash outhash unihash + ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'), + # Duplicated taskhash with multiple output hashes and unihashes. + ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'), + # Equivalent hash + ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"), + ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"), + ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'), + ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'), + ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'), + ) + EXTRA_QUERIES = ( + "6b6be7a84ab179b4240c4302518dc3f6", + ) + + result_unihashes = set() + + + for taskhash, outhash, unihash in TEST_INPUT: + result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash) + result_unihashes.add(result["unihash"]) + + query = [] + expected = [] + + for _, _, unihash in TEST_INPUT: + query.append(unihash) + expected.append(unihash in result_unihashes) + + + for unihash in EXTRA_QUERIES: + query.append(unihash) + expected.append(False) + + result = self.client.unihash_exists_batch(query) + self.assertListEqual(result, expected) def test_auth_read_perms(self): admin_client = self.start_auth_server() diff --git a/poky/documentation/brief-yoctoprojectqs/index.rst b/poky/documentation/brief-yoctoprojectqs/index.rst index 61c5cbec36..c5400e4ac8 100644 --- a/poky/documentation/brief-yoctoprojectqs/index.rst +++ b/poky/documentation/brief-yoctoprojectqs/index.rst @@ -251,11 +251,17 @@ an entire Linux distribution, including the toolchain, from source. To use such mirrors, uncomment the below lines in your ``conf/local.conf`` file in the :term:`Build Directory`:: - BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" + BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws" SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH" BB_HASHSERVE = "auto" BB_SIGNATURE_HANDLER = "OEEquivHash" + The hash equivalence server needs the websockets python module version 9.1 + or later. Debian GNU/Linux 12 (Bookworm) and later, Fedora, CentOS Stream + 9 and later, and Ubuntu 22.04 (LTS) and later, all have a recent enough + package. Other supported distributions need to get the module some other + place than their package feed, e.g. via ``pip``. + #. **Start the Build:** Continue with the following command to build an OS image for the target, which is ``core-image-sato`` in this example: diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index 685799e268..d848b3ef64 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -24,3 +24,4 @@ Release 4.0 (kirkstone) release-notes-4.0.15 release-notes-4.0.16 release-notes-4.0.17 + release-notes-4.0.18 diff --git a/poky/documentation/migration-guides/release-notes-4.0.18.rst b/poky/documentation/migration-guides/release-notes-4.0.18.rst new file mode 100644 index 0000000000..fc8cd83c02 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.18.rst @@ -0,0 +1,191 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.18 (Kirkstone) +------------------------------------------ + +Security Fixes in Yocto-4.0.18 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- curl: Fix :cve:`2024-2398` +- expat: fix :cve:`2023-52426` and :cve:`2024-28757` +- libssh2: fix :cve:`2023-48795` +- ncurses: Fix :cve:`2023-50495` +- nghttp2: Fix :cve:`2024-28182` and :cve:`2023-44487` +- openssh: Ignore :cve:`2023-51767` +- openssl: Fix :cve:`2024-2511` +- perl: Ignore :cve:`2023-47100` +- python3-cryptography: Fix :cve:`2024-26130` +- python3-urllib3: Fix :cve:`2023-45803` +- qemu: Fix :cve:`2023-6683` +- ruby: fix :cve_mitre:`2024-27281` +- rust: Ignore :cve:`2024-24576` +- tiff: Fix :cve:`2023-52356` and :cve:`2023-6277` +- xserver-xorg: Fix :cve:`2024-31080` and :cve:`2024-31081` +- xwayland: Fix :cve:`2023-6816`, :cve:`2024-0408` and :cve:`2024-0409` + + +Fixes in Yocto-4.0.18 +~~~~~~~~~~~~~~~~~~~~~ + +- build-appliance-image: Update to kirkstone head revision +- common-licenses: Backport missing license +- contributor-guide: add notes for tests +- contributor-guide: be more specific about meta-* trees +- cups: fix typo in :cve:`2023-32360` backport patch +- cve-update-nvd2-native: Add an age threshold for incremental update +- cve-update-nvd2-native: Fix CVE configuration update +- cve-update-nvd2-native: Fix typo in comment +- cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition +- cve-update-nvd2-native: Remove rejected CVE from database +- cve-update-nvd2-native: nvd_request_next: Improve comment +- dev-manual: improve descriptions of 'bitbake -S printdiff' +- dev-manual: packages: fix capitalization +- docs: conf.py: properly escape backslashes for latex_elements +- gcc: Backport sanitizer fix for 32-bit ALSR +- glibc: Fix subscript typos for get_nscd_addresses +- kernel-dev: join mkdir commands with -p +- linux-firmware: Upgrade to 20240220 +- manuals: add initial sphinx-lint support +- manuals: add initial stylechecks with Vale +- manuals: document VIRTUAL-RUNTIME variables +- manuals: fix duplicate "stylecheck" target +- manuals: fix incorrect double backticks +- manuals: fix trailing spaces +- manuals: refer to new yocto-patches mailing list wherever appropriate +- manuals: remove tab characters +- manuals: replace hyphens with em dashes +- manuals: use "manual page(s)" +- migration-guides: add release notes for 4.0.17 +- poky.conf: bump version for 4.0.18 +- profile-manual: usage.rst: fix reference to bug report +- profile-manual: usage.rst: formatting fixes +- profile-manual: usage.rst: further style improvements +- python3-urllib3: Upgrade to v1.26.18 +- ref-manual: add documentation of the variable :term:`SPDX_NAMESPACE_PREFIX` +- ref-manual: tasks: do_cleanall: recommend using '-f' instead +- ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared sstate +- ref-manual: variables: adding multiple groups in :term:`GROUPADD_PARAM` +- ref-manual: variables: correct sdk installation default path +- stress-ng: avoid calling sync during do_compile +- systemd: Fix vlan qos mapping +- tcl: Add a way to skip ptests +- tcl: skip async and event tests in run-ptest +- tcl: skip timing-dependent tests in run-ptest +- valgrind: skip intermittently failing ptest +- wireless-regdb: Upgrade to 2024.01.23 +- yocto-uninative: Update to 4.4 for glibc 2.39 + + +Known Issues in Yocto-4.0.18 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.18 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alex Kiernan +- Alex Stewart +- Alexander Kanavin +- BELOUARGA Mohamed +- Claus Stovgaard +- Colin McAllister +- Geoff Parker +- Haitao Liu +- Harish Sadineni +- Johan Bezem +- Jonathan GUILLOT +- Jörg Sommer +- Khem Raj +- Lee Chee Yang +- Luca Ceresoli +- Martin Jansa +- Meenali Gupta +- Michael Halstead +- Michael Opdenacker +- Peter Marko +- Quentin Schulz +- Ross Burton +- Sana Kazi +- Simone Weiß +- Soumya Sambu +- Steve Sakoman +- Tan Wen Yan +- Vijay Anusuri +- Wang Mingyu +- Yoann Congal +- Yogita Urade +- Zahir Hussain + + +Repositories / Downloads for Yocto-4.0.18 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.18 </poky/log/?h=yocto-4.0.18>` +- Git Revision: :yocto_git:`31751bba1c789f15f574773a659b8017d7bcf440 </poky/commit/?id=31751bba1c789f15f574773a659b8017d7bcf440>` +- Release Artefact: poky-31751bba1c789f15f574773a659b8017d7bcf440 +- sha: 72d5aa65c3c37766ebc24b212740272c1d52342468548f9c070241d3522ad2ca +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/poky-31751bba1c789f15f574773a659b8017d7bcf440.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/poky-31751bba1c789f15f574773a659b8017d7bcf440.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.18 </openembedded-core/log/?h=yocto-4.0.18>` +- Git Revision: :oe_git:`b7182571242dc4e23e5250a449d90348e62a6abc </openembedded-core/commit/?id=b7182571242dc4e23e5250a449d90348e62a6abc>` +- Release Artefact: oecore-b7182571242dc4e23e5250a449d90348e62a6abc +- sha: 6f257e50c10ebae673dcf61a833b3270db6d22781f02f6794a370aac839f1020 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/oecore-b7182571242dc4e23e5250a449d90348e62a6abc.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/oecore-b7182571242dc4e23e5250a449d90348e62a6abc.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.18 </meta-mingw/log/?h=yocto-4.0.18>` +- Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>` +- Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7 +- sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.18 </meta-gplv2/log/?h=yocto-4.0.18>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.18 </bitbake/log/?h=yocto-4.0.18>` +- Git Revision: :oe_git:`40fd5f4eef7460ca67f32cfce8e229e67e1ff607 </bitbake/commit/?id=40fd5f4eef7460ca67f32cfce8e229e67e1ff607>` +- Release Artefact: bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607 +- sha: 5d20a0e4c5d0fce44bd84778168714a261a30a4b83f67c88df3b8a7e7115e444 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.18 </yocto-docs/log/?h=yocto-4.0.18>` +- Git Revision: :yocto_git:`fd1423141e7458ba557db465c171b0b4e9063987 </yocto-docs/commit/?id=fd1423141e7458ba557db465c171b0b4e9063987>` + diff --git a/poky/documentation/migration-guides/release-notes-5.0.rst b/poky/documentation/migration-guides/release-notes-5.0.rst index 4bd9125d17..800ba20a27 100644 --- a/poky/documentation/migration-guides/release-notes-5.0.rst +++ b/poky/documentation/migration-guides/release-notes-5.0.rst @@ -25,6 +25,10 @@ New Features / Enhancements in 5.0 - :term:`TARGET_DBGSRC_DIR`: specifies the target path to debug source files + - :term:`USERADD_DEPENDS`: provides a way to declare dependencies on the users + and/or groups created by other recipes, resolving a long-standing build + ordering issue + - Architecture-specific enhancements: - ``genericarm64``: a new :term:`MACHINE` to represent a 64-bit General Arm @@ -84,6 +88,9 @@ New Features / Enhancements in 5.0 a Sphinx extension to include jQuery on newer Sphinx releases. Recent versions of ``python3-sphinx-rtd-theme`` depend on it. + - `python3-websockets <https://pypi.org/project/websockets/>`__: a + library for building WebSocket servers and clients in Python. + - `python3-yamllint <https://github.com/adrienverge/yamllint>`__: a linter for YAML files. In U-Boot, the ``binman`` tool uses this linter to verify the configurations at compile time. @@ -155,6 +162,12 @@ New Features / Enhancements in 5.0 - Testing: + - Move `patchtest` to the core (as ``scripts/patchtest``, test cases under + ``meta/lib/patchtest/tests``) and make a number of improvements to enable + it to validate patches submitted on the mailing list again. Additionally, + make it work with the original upstream version of + `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__. + - Add an optional ``unimplemented-ptest`` QA warning to detect upstream packages with tests, that do not use ptest. @@ -163,6 +176,9 @@ New Features / Enhancements in 5.0 - ``oeqa``, ``oe-selftest``: add test cases for Maturin (SDK and runtime). + - Proof-of-concept of screenshot-based runtime UI test + (``meta/lib/oeqa/runtime/cases/login.py``) + - Enable ptests for ``python3-attrs``, ``python3-pyyaml``, ``xz`` - Utility script changes: @@ -191,8 +207,6 @@ New Features / Enhancements in 5.0 extra tasks if the system load is too high, especially in distributions where ``/proc/pressure`` is disabled. - - Add garbage collection to remove unused unihashes from the database. - - ``taskexp_ncurses``: add ncurses version of ``taskexp``, the dependency explorer originally implemented with GTK. @@ -208,6 +222,17 @@ New Features / Enhancements in 5.0 - ``git-make-shallow`` script: add support for Git's ``safe.bareRepository=explicit`` configuration setting. + - Hash equivalence gained a number of scalability improvements including: + + - Support for a wide range of database backends through `SQLAlchemy` + + - Support for hash equivalence server and client to communicate over websockets + + - Support for per-user permissions in the hashserver, and on the client side + specifying credentials via the environment or ``.netrc`` + + - Add garbage collection to remove unused unihashes from the database. + - devtool improvements: - Introduce a new ``ide-sdk`` plugin to generate a configuration to use @@ -255,6 +280,12 @@ New Features / Enhancements in 5.0 incremental update can be configured with :term:`CVE_DB_INCR_UPDATE_AGE_THRES` variable. +- Toaster Web UI improvements: + + - Numerous bugfixes, and additional input validation + + - Add `pytest` support and add/update test cases + - Prominent documentation updates: - Documentation for using the new ``devtool ide-sdk`` command and features. @@ -318,6 +349,7 @@ The following corrections have been made to the :term:`LICENSE` values set by re - ``elfutils``: split license for libraries & backend and utilities. - ``ghostscript``: correct :term:`LICENSE` to ``AGPL-3.0-or-later``. +- ``kbd``: update license for consolefont and keymaps. - ``libsystemd``: set its own :term:`LICENSE` value (``LGPL-2.1-or-later``) to add more granularity. - ``libtest-warnings-perl``: update :term:`LICENSE` ``Artistic-1.0`` to ``Artistic-1.0-Perl``. - ``linux-firmware``: set package :term:`LICENSE` appropriately for ``carl9170``, ``rockchip`` and ``powerpr``. @@ -350,7 +382,7 @@ Security Fixes in 5.0 - libxml2: :cve:`2023-45322` (ignored) - linux-yocto/6.6: :cve:`2020-16119` - openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385` -- openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve_mitre:`2023-6237`, :cve:`2024-0727` +- openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve_mitre:`2023-6237`, :cve:`2024-0727`, :cve:`2024-2511` - perl: :cve:`2023-47100` - pixman: :cve:`2023-37769` (ignored) - python3-cryptography{-vectors}: :cve:`2023-49083`, :cve:`2024-26130` @@ -526,7 +558,7 @@ Recipe Upgrades in 5.0 - linux-yocto-dev 6.6+git -> 6.9+git - linux-yocto-rt 6.1.78+git, 6.5.13+git -> 6.6.23+git - linux-yocto-tiny 6.1.78+git, 6.5.13+git -> 6.6.23+git -- llvm 17.0.3 -> 18.1.2 +- llvm 17.0.3 -> 18.1.3 - lsof 4.98.0 -> 4.99.3 - ltp 20230516 -> 20240129 - lttng-modules 2.13.10 -> 2.13.12 @@ -562,7 +594,7 @@ Recipe Upgrades in 5.0 - ptest-runner 2.4.2+git -> 2.4.3+git - pulseaudio 16.1 -> 17.0 - puzzles 0.0+git (2d9e414ee316…) -> 0.0+git (80aac3104096…) -- python3 3.11.5 -> 3.12.2 +- python3 3.11.5 -> 3.12.3 - python3-alabaster 0.7.13 -> 0.7.16 - python3-attrs 23.1.0 -> 23.2.0 - python3-babel 2.12.1 -> 2.14.0 @@ -904,3 +936,58 @@ Thanks to the following people who contributed to this release: Repositories / Downloads for Yocto-5.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>` +- Tag: :yocto_git:`yocto-5.0 </poky/log/?h=yocto-5.0>` +- Git Revision: :yocto_git:`fb91a49387cfb0c8d48303bb3354325ba2a05587 </poky/commit/?id=fb91a49387cfb0c8d48303bb3354325ba2a05587>` +- Release Artefact: poky-fb91a49387cfb0c8d48303bb3354325ba2a05587 +- sha: 8a0dff4b677b9414ab814ed35d1880196123732ea16ab2fafa388bcc509b32ab +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/poky-fb91a49387cfb0c8d48303bb3354325ba2a05587.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-5.0/poky-fb91a49387cfb0c8d48303bb3354325ba2a05587.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>` +- Tag: :oe_git:`yocto-5.0 </openembedded-core/log/?h=yocto-5.0>` +- Git Revision: :oe_git:`b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277 </openembedded-core/commit/?id=b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277>` +- Release Artefact: oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277 +- sha: c7fd05d1a00c70acba2540e60dce01a1bdc4701ebff9a808784960240c69261d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-5.0/oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>` +- Tag: :yocto_git:`yocto-5.0 </meta-mingw/log/?h=yocto-5.0>` +- Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>` +- Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852 +- sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-5.0/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>` +- Tag: :oe_git:`yocto-5.0 </bitbake/log/?h=yocto-5.0>` +- Git Revision: :oe_git:`c86466d51e8ff14e57a734c1eec5bb651fdc73ef </bitbake/commit/?id=c86466d51e8ff14e57a734c1eec5bb651fdc73ef>` +- Release Artefact: bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef +- sha: 45c91294c1fa5a0044f1bb72a9bb69456bb458747114115af85c7664bf672d48 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-5.0/bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>` +- Tag: :yocto_git:`yocto-5.0 </yocto-docs/log/?h=yocto-5.0>` +- Git Revision: :yocto_git:`0cdc0afd3332459d30cfc8f4c2e62bdcc23f5ed5 </yocto-docs/commit/?id=0cdc0afd3332459d30cfc8f4c2e62bdcc23f5ed5>` + diff --git a/poky/documentation/poky.yaml.in b/poky/documentation/poky.yaml.in index 7a686ac4e1..0c04b615ea 100644 --- a/poky/documentation/poky.yaml.in +++ b/poky/documentation/poky.yaml.in @@ -1,10 +1,10 @@ -DISTRO : "4.3" -DISTRO_NAME_NO_CAP : "nanbield" -DISTRO_NAME : "Nanbield" -DISTRO_NAME_NO_CAP_MINUS_ONE : "mickledore" -DISTRO_NAME_NO_CAP_LTS : "kirkstone" -YOCTO_DOC_VERSION : "4.3" -DISTRO_REL_TAG : "yocto-4.3" +DISTRO : "5.0" +DISTRO_NAME_NO_CAP : "scarthgap" +DISTRO_NAME : "Scarthgap" +DISTRO_NAME_NO_CAP_MINUS_ONE : "nanbield" +DISTRO_NAME_NO_CAP_LTS : "scarthgap" +YOCTO_DOC_VERSION : "5.0" +DISTRO_REL_TAG : "yocto-5.0" DOCCONF_VERSION : "dev" BITBAKE_SERIES : "" YOCTO_DL_URL : "https://downloads.yoctoproject.org" @@ -12,18 +12,18 @@ YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" YOCTO_RELEASE_DL_URL : "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;" UBUNTU_HOST_PACKAGES_ESSENTIAL : "gawk wget git diffstat unzip texinfo gcc \ build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ - xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \ - python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 + xz-utils debianutils iputils-ping python3-git python3-jinja2 \ + python3-subunit zstd liblz4-tool file locales libacl1 \n\ $ sudo locale-gen en_US.UTF-8" FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip perl patch \ diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \ ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \ python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \ - python3-jinja2 SDL-devel rpcgen mesa-libGL-devel perl-FindBin perl-File-Compare \ + python3-jinja2 rpcgen perl-FindBin perl-File-Compare \ perl-File-Copy perl-locale zstd lz4 hostname glibc-langpack-en libacl" OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \ diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \ - python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel rpcgen Mesa-dri-devel \ + python3-pexpect xz which python3-Jinja2 rpcgen \ zstd lz4 bzip2 gzip hostname libacl1 \n\ $ sudo pip3 install GitPython" ALMALINUX_HOST_PACKAGES_ESSENTIAL : "-y epel-release @@ -33,8 +33,8 @@ ALMALINUX_HOST_PACKAGES_ESSENTIAL : "-y epel-release \n\ $ sudo dnf install gawk make wget tar bzip2 gzip python3 unzip perl patch \ diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath ccache \ socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip \ - python3-GitPython python3-jinja2 python3-pexpect xz which SDL-devel \ - rpcgen mesa-libGL-devel zstd lz4 cpio glibc-langpack-en libacl" + python3-GitPython python3-jinja2 python3-pexpect xz which \ + rpcgen zstd lz4 cpio glibc-langpack-en libacl" PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml" MIN_PYTHON_VERSION : "3.8.0" MIN_TAR_VERSION : "1.28" diff --git a/poky/documentation/ref-manual/svg/releases.svg b/poky/documentation/ref-manual/svg/releases.svg index 198d4632b1..036aa467cc 100644 --- a/poky/documentation/ref-manual/svg/releases.svg +++ b/poky/documentation/ref-manual/svg/releases.svg @@ -3,8 +3,8 @@ version="1.1" id="svg2" width="2040.0006" - height="624.30518" - viewBox="0 0 2040.0006 624.30515" + height="669.30511" + viewBox="0 0 2040.0006 669.30509" sodipodi:docname="releases.svg" inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" @@ -409,8 +409,8 @@ id="namedview4" showgrid="true" inkscape:zoom="1.4472045" - inkscape:cx="736.24703" - inkscape:cy="312.32629" + inkscape:cx="987.76641" + inkscape:cy="357.93145" inkscape:window-x="1728" inkscape:window-y="0" inkscape:window-maximized="1" @@ -427,13 +427,13 @@ type="xygrid" id="grid1257" originx="-289.99936" - originy="325" /> + originy="369.99998" /> </sodipodi:namedview> <g inkscape:groupmode="layer" inkscape:label="Image" id="g10" - transform="translate(-289.99936,325.00004)"> + transform="translate(-289.99936,370.00003)"> <path style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" d="m 1080,220.00003 v -515.00007 0 0" @@ -669,11 +669,11 @@ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" id="tspan10317-2-9-1-4">4.2</tspan></text> <g - id="g1379"> + id="g1258"> <rect style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" id="rect917-0-0-4-4-9-4-5-38" - width="140.00003" + width="120.00002" height="45.000004" x="1220" y="-230.00005" @@ -696,53 +696,76 @@ id="tspan10317-2-9-1-4-6">4.3</tspan></text> </g> <rect - style="opacity:0.75;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" - id="rect917-0-0-4-4-9-4-5-3-9" - width="979.99994" + style="opacity:0.75;fill:#241f31;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" + id="rect917-0-0-4-4-9-4-5-3-9-2" + width="140" height="45.000004" - x="1320" - y="-285.00003" + x="1440" + y="-340.00003" ry="2.2558987" /> <text xml:space="preserve" style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="1373.233" - y="-265.32928" - id="text1185-3-55-4-0-0-0-1-1-6"><tspan + x="1487.233" + y="-320.32928" + id="text1185-3-55-4-0-0-0-1-1-6-4"><tspan sodipodi:role="line" - x="1373.233" - y="-265.32928" + x="1487.233" + y="-320.32928" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" - id="tspan957-2-8-6-3-9-7-4-2">Scarthgap</tspan><tspan + id="tspan957-2-8-6-3-9-7-4-2-0">Styhead</tspan><tspan sodipodi:role="line" - x="1373.233" - y="-247.33261" + x="1487.233" + y="-302.33261" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" - id="tspan10317-2-9-1-4-6-5">5.0</tspan></text> - <rect + id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text> + <g + id="g1591"> + <rect + style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" + id="rect917-0-0-4-4-9-9" + width="960.00012" + height="45.000004" + x="859.99994" + y="-64.999992" + ry="2.2558987" /> + <text + xml:space="preserve" + style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" + x="928.49872" + y="-45.648258" + id="text1185-3-55-4-0-0-9"><tspan + sodipodi:role="line" + x="928.49872" + y="-45.648258" + style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" + id="tspan957-2-8-6-3-6">Kirkstone (LTS)</tspan><tspan + sodipodi:role="line" + x="928.49872" + y="-27.651579" + style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" + id="tspan10317-2-9-0">4.0</tspan></text> + </g> + <path + id="rect917-0-0-4-4-9-9-9" style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" - id="rect917-0-0-4-4-9-9" - width="960.00012" - height="45.000004" - x="859.99994" - y="-64.999992" - ry="2.2558987" /> + d="m 1322.3015,-285.00003 c -1.2753,0 -2.302,1.00609 -2.302,2.25586 v 40.48828 c 0,1.24977 1.0267,2.25586 2.302,2.25586 h 975.0412 c 1.2754,0 2.302,-1.00609 2.302,-2.25586 v -40.48828 c 0,-1.24977 -1.0266,-2.25586 -2.302,-2.25586 z" /> <text xml:space="preserve" style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="928.49872" - y="-45.648258" - id="text1185-3-55-4-0-0-9"><tspan + x="1390.4988" + y="-265.64832" + id="text1185-3-55-4-0-0-9-0"><tspan sodipodi:role="line" - x="928.49872" - y="-45.648258" + x="1390.4988" + y="-265.64832" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" - id="tspan957-2-8-6-3-6">Kirkstone (LTS)</tspan><tspan + id="tspan957-2-8-6-3-6-8">Scarthgap (LTS)</tspan><tspan sodipodi:role="line" - x="928.49872" - y="-27.651579" + x="1390.4988" + y="-247.65164" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" - id="tspan10317-2-9-0">4.0</tspan></text> + id="tspan10317-2-9-0-1">5.0</tspan></text> <text xml:space="preserve" style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst index 9cdcc1b61b..3f37f42f21 100644 --- a/poky/documentation/ref-manual/variables.rst +++ b/poky/documentation/ref-manual/variables.rst @@ -9771,6 +9771,12 @@ system and gives an overview of their function and contents. ``meta-poky/conf/templates/default/local.conf.sample`` in the :term:`Source Directory`. + :term:`USERADD_DEPENDS` + Specifies a list of recipes that create users / groups (via + :term:`USERADD_PARAM` / :term:`GROUPADD_PARAM`) which a recipe + depends upon. This ensures that those users / groups are available + when building a recipe. + :term:`USERADD_ERROR_DYNAMIC` If set to ``error``, forces the OpenEmbedded build system to produce an error if the user identification (``uid``) and group diff --git a/poky/documentation/set_versions.py b/poky/documentation/set_versions.py index 90e08fc5e0..dec0780834 100755 --- a/poky/documentation/set_versions.py +++ b/poky/documentation/set_versions.py @@ -26,9 +26,9 @@ ourversion = None if len(sys.argv) == 2: ourversion = sys.argv[1] -activereleases = ["nanbield", "kirkstone", "dunfell"] -devbranch = "scarthgap" -ltsseries = ["kirkstone", "dunfell"] +activereleases = ["scarthgap", "nanbield", "kirkstone", "dunfell"] +devbranch = "styhead" +ltsseries = ["scarthgap", "kirkstone", "dunfell"] # used by run-docs-builds to get the default page if ourversion == "getlatest": @@ -36,6 +36,7 @@ if ourversion == "getlatest": sys.exit(0) release_series = collections.OrderedDict() +release_series["styhead"] = "5.1" release_series["scarthgap"] = "5.0" release_series["nanbield"] = "4.3" release_series["mickledore"] = "4.2" @@ -68,6 +69,7 @@ release_series["laverne"] = "0.9" bitbake_mapping = { + "styhead" : "2.10", "scarthgap" : "2.8", "nanbield" : "2.6", "mickledore" : "2.4", diff --git a/poky/documentation/standards.md b/poky/documentation/standards.md index e0c0cba83c..bc403e393e 100644 --- a/poky/documentation/standards.md +++ b/poky/documentation/standards.md @@ -70,27 +70,30 @@ cannot be split without infringing syntactic rules or reducing readability, as well as for command output which should be kept unmodified. -### Project names +### File, tool and command names -Project names should be capitalized in the same -way they are on Wikipedia, in particular: +File, tool, command and package names should be double tick-quoted. +For example, ``` ``conf/local.conf`` ``` is preferred over +`"conf/local.conf"`. -* BitBake -* OpenEmbedded +### Project names -There are exceptions in which such names can be used -in lower case: +Project names should be introduced with single quotes, to have them rendered +with an italic font and make them easier to distinguish from command names +(double tick-quoted) and from regular English words. -* When referring to a package name -* When referring to the corresponding command name -* When used in a cross-reference title. Such - titles are usually in lower case. +An exception is when project names appear in hyperlinks, as nested markup +is not supported by Sphinx yet. -### File, tool and command names +Project names should also be capitalized (or not) in the same way they are on +Wikipedia, or on their own project pages if they are not described on +Wikipedia. If a project name isn't capitalized, it should remain so even +at the beginning of a sentence. -File, tool and command names should be double tick-quoted. -For example, ``` ``conf/local.conf`` ``` is preferred over -`"conf/local.conf"`. +For example: + +* ``` `BitBake` ``` +* ``` `ftrace` ``` ### Variables diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 5285753c31..23d279db3b 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "5.0+snapshot-${METADATA_REVISION}" -DISTRO_CODENAME = "styhead" +DISTRO_VERSION = "5.0.2" +DISTRO_CODENAME = "scarthgap" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" SDK_VERSION[vardepvalue] = "${SDK_VERSION}" diff --git a/poky/meta-poky/conf/templates/default/local.conf.sample b/poky/meta-poky/conf/templates/default/local.conf.sample index 1a93c9bdcf..72d3566294 100644 --- a/poky/meta-poky/conf/templates/default/local.conf.sample +++ b/poky/meta-poky/conf/templates/default/local.conf.sample @@ -238,7 +238,7 @@ BB_DISKMON_DIRS ??= "\ # (CDN) kindly provided by JSDelivr, uncomment one of the SSTATE_MIRRORS lines, not both. # Using the CDN rather than the yoctoproject.org address is suggested/preferred. # -#BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" +#BB_HASHSERVE_UPSTREAM = 'wss://hashserv.yoctoproject.org/ws' #SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH" # ###SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH" diff --git a/poky/meta-selftest/classes/localpkgfeed.bbclass b/poky/meta-selftest/classes/localpkgfeed.bbclass new file mode 100644 index 0000000000..b796375e55 --- /dev/null +++ b/poky/meta-selftest/classes/localpkgfeed.bbclass @@ -0,0 +1,27 @@ +# Create a subset of the package feed that just contain the +# packages depended on by this recipe. + +LOCALPKGFEED_DIR = "${WORKDIR}/localpkgfeed" + +addtask localpkgfeed after do_build +do_localpkgfeed[cleandirs] = "${LOCALPKGFEED_DIR}" +do_localpkgfeed[nostamp] = "1" + +def get_packaging_class(d): + package_class = d.getVar("PACKAGE_CLASSES").split()[0] + return package_class.replace("package_", "") + +python () { + packaging = get_packaging_class(d) + d.setVarFlag("do_localpkgfeed", "rdeptask", "do_package_write_" + packaging) +} + +python do_localpkgfeed() { + import oe.package_manager + + packaging = get_packaging_class(d) + deploydir = d.getVar("DEPLOY_DIR_" + packaging.upper()) + task = "package_write_" + packaging + + oe.package_manager.create_packages_dir(d, d.getVar("LOCALPKGFEED_DIR"), deploydir, task, True, True) +} diff --git a/poky/meta-selftest/conf/layer.conf b/poky/meta-selftest/conf/layer.conf index 763ea011d4..48ca8464f9 100644 --- a/poky/meta-selftest/conf/layer.conf +++ b/poky/meta-selftest/conf/layer.conf @@ -11,4 +11,4 @@ BBFILE_PRIORITY_selftest = "5" addpylib ${LAYERDIR}/lib oeqa -LAYERSERIES_COMPAT_selftest = "styhead" +LAYERSERIES_COMPAT_selftest = "scarthgap" diff --git a/poky/meta-skeleton/conf/layer.conf b/poky/meta-skeleton/conf/layer.conf index 963d2d5ce9..0414fb51b6 100644 --- a/poky/meta-skeleton/conf/layer.conf +++ b/poky/meta-skeleton/conf/layer.conf @@ -14,4 +14,4 @@ LAYERVERSION_skeleton = "1" LAYERDEPENDS_skeleton = "core" -LAYERSERIES_COMPAT_skeleton = "styhead" +LAYERSERIES_COMPAT_skeleton = "scarthgap" diff --git a/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb b/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb index 9437240fcf..0879bb17b9 100644 --- a/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb +++ b/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb @@ -7,7 +7,7 @@ SUMMARY = "An example kernel recipe that uses the linux-yocto and oe-core" # To use linux-yocto-custom in your layer, copy this recipe (optionally # rename it as well) and modify it appropriately for your machine. i.e.: # -# COMPATIBLE_MACHINE_yourmachine = "yourmachine" +# COMPATIBLE_MACHINE:yourmachine = "yourmachine" # # You must also provide a Linux kernel configuration. The most direct # method is to copy your .config to files/defconfig in your layer, diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass index e963001d09..c32dfffd83 100644 --- a/poky/meta/classes-global/insane.bbclass +++ b/poky/meta/classes-global/insane.bbclass @@ -298,7 +298,7 @@ def package_qa_check_libdir(d): try: elf.open() messages.append("%s: found library in wrong location: %s" % (package, rel_path)) - except (oe.qa.NotELFFileError): + except (oe.qa.NotELFFileError, FileNotFoundError): pass if exec_re.match(rel_path): if libdir not in rel_path and libexecdir not in rel_path: @@ -307,7 +307,7 @@ def package_qa_check_libdir(d): try: elf.open() messages.append("%s: found library in wrong location: %s" % (package, rel_path)) - except (oe.qa.NotELFFileError): + except (oe.qa.NotELFFileError, FileNotFoundError): pass if messages: diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass index 04539bbb99..76a7b59636 100644 --- a/poky/meta/classes-global/sstate.bbclass +++ b/poky/meta/classes-global/sstate.bbclass @@ -1115,7 +1115,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, bb.parse.siggen.checkhashes(sq_data, missed, found, d) return found -setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT" +setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT _SSTATE_EXCLUDEDEPS_SYSROOT" BB_SETSCENE_DEPVALID = "setscene_depvalid" diff --git a/poky/meta/classes-recipe/go.bbclass b/poky/meta/classes-recipe/go.bbclass index cc3564c36a..d32509aa6d 100644 --- a/poky/meta/classes-recipe/go.bbclass +++ b/poky/meta/classes-recipe/go.bbclass @@ -48,8 +48,6 @@ GO_RPATH:class-native = "${@'-r ${STAGING_LIBDIR_NATIVE}/go/pkg/${TARGET_GOTUPLE GO_RPATH_LINK:class-native = "${@'-Wl,-rpath-link=${STAGING_LIBDIR_NATIVE}/go/pkg/${TARGET_GOTUPLE}_dynlink' if d.getVar('GO_DYNLINK') else ''}" GO_EXTLDFLAGS ?= "${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} ${GO_RPATH_LINK} ${LDFLAGS}" GO_LINKMODE ?= "" -GO_LINKMODE:class-nativesdk = "--linkmode=external" -GO_LINKMODE:class-native = "--linkmode=external" GO_EXTRA_LDFLAGS ?= "" GO_LINUXLOADER ?= "-I ${@get_linuxloader(d)}" # Use system loader. If uninative is used, the uninative loader will be patched automatically diff --git a/poky/meta/classes-recipe/goarch.bbclass b/poky/meta/classes-recipe/goarch.bbclass index 6899ec28e4..1ebe03864f 100644 --- a/poky/meta/classes-recipe/goarch.bbclass +++ b/poky/meta/classes-recipe/goarch.bbclass @@ -38,13 +38,13 @@ BASE_GOARM:armv5 = '5' # Go supports dynamic linking on a limited set of architectures. # See the supportsDynlink function in go/src/cmd/compile/internal/gc/main.go GO_DYNLINK = "" -GO_DYNLINK:arm = "" -GO_DYNLINK:aarch64 = "" -GO_DYNLINK:x86 = "" -GO_DYNLINK:x86-64 = "" -GO_DYNLINK:powerpc64 = "" -GO_DYNLINK:powerpc64le = "" -GO_DYNLINK:class-native = "" +GO_DYNLINK:arm ?= "1" +GO_DYNLINK:aarch64 ?= "1" +GO_DYNLINK:x86 ?= "1" +GO_DYNLINK:x86-64 ?= "1" +GO_DYNLINK:powerpc64 ?= "1" +GO_DYNLINK:powerpc64le ?= "1" +GO_DYNLINK:class-native ?= "" GO_DYNLINK:class-nativesdk = "" # define here because everybody inherits this class diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass index 913cb8788c..2f948ecbf8 100644 --- a/poky/meta/classes-recipe/image_types.bbclass +++ b/poky/meta/classes-recipe/image_types.bbclass @@ -112,18 +112,22 @@ IMAGE_CMD:btrfs () { } oe_mksquashfs () { - local comp=$1 - local suffix=$2 + local comp=$1; shift + local extra_imagecmd="$@" + + if [ "$comp" = "zstd" ]; then + suffix="zst" + fi # Use the bitbake reproducible timestamp instead of the hardcoded squashfs one export SOURCE_DATE_EPOCH=$(stat -c '%Y' ${IMAGE_ROOTFS}) - mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp + mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} -noappend ${comp:+-comp }$comp $extra_imagecmd } -IMAGE_CMD:squashfs = "oe_mksquashfs" -IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz" -IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo" -IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4" -IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd zst" +IMAGE_CMD:squashfs = "oe_mksquashfs '' ${EXTRA_IMAGECMD}" +IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz ${EXTRA_IMAGECMD}" +IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo ${EXTRA_IMAGECMD}" +IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4 ${EXTRA_IMAGECMD}" +IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd ${EXTRA_IMAGECMD}" IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs ${IMAGE_ROOTFS}" IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4 ${IMAGE_ROOTFS}" diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass index b084d6d69d..c0a2056fec 100644 --- a/poky/meta/classes-recipe/kernel.bbclass +++ b/poky/meta/classes-recipe/kernel.bbclass @@ -463,7 +463,7 @@ kernel_do_install() { rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build" rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source" # Remove empty module directories to prevent QA issues - find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete + [ -d "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" ] && find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete else bbnote "no modules to install" fi diff --git a/poky/meta/classes-recipe/linuxloader.bbclass b/poky/meta/classes-recipe/linuxloader.bbclass index 2ea1b62254..a2e8f9837b 100644 --- a/poky/meta/classes-recipe/linuxloader.bbclass +++ b/poky/meta/classes-recipe/linuxloader.bbclass @@ -57,7 +57,7 @@ def get_glibc_loader(d): elif re.search("i.86", targetarch): dynamic_loader = "${base_libdir}/ld-linux.so.2" elif targetarch == "arm": - dynamic_loader = "${base_libdir}/ld-linux${@['-armhf', ''][d.getVar('TARGET_FPU') == 'soft']}.so.3" + dynamic_loader = "${base_libdir}/ld-linux${@['', '-armhf'][d.getVar('TARGET_FPU') == 'hard']}.so.3" elif targetarch.startswith("aarch64"): dynamic_loader = "${base_libdir}/ld-linux-aarch64${ARMPKGSFX_ENDIAN_64}.so.1" elif targetarch.startswith("riscv64"): diff --git a/poky/meta/classes-recipe/pypi.bbclass b/poky/meta/classes-recipe/pypi.bbclass index c6bbe8119a..b8c18ccf39 100644 --- a/poky/meta/classes-recipe/pypi.bbclass +++ b/poky/meta/classes-recipe/pypi.bbclass @@ -12,19 +12,14 @@ def pypi_package(d): return bpn[8:] return bpn -# The PyPi package name (defaults to PN without the python3- prefix) PYPI_PACKAGE ?= "${@pypi_package(d)}" -# The file extension of the source archive PYPI_PACKAGE_EXT ?= "tar.gz" -# An optional prefix for the download file in the case of name collisions +PYPI_ARCHIVE_NAME ?= "${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}" PYPI_ARCHIVE_NAME_PREFIX ?= "" def pypi_src_uri(d): - """ - Construct a source URL as per https://warehouse.pypa.io/api-reference/integration-guide.html#predictable-urls. - """ package = d.getVar('PYPI_PACKAGE') - archive_name = d.expand('${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}') + archive_name = d.getVar('PYPI_ARCHIVE_NAME') archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name return 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' % (package[0], package, archive_name, archive_downloadname) diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass index e81b69a239..920da94ba2 100644 --- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass @@ -206,7 +206,9 @@ read_only_rootfs_hook () { # Also tweak the key location for dropbear in the same way. if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then - echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + if ! grep -q "^DROPBEAR_RSAKEY_DIR=" ${IMAGE_ROOTFS}/etc/default/dropbear ; then + echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + fi fi fi fi diff --git a/poky/meta/classes-recipe/uboot-sign.bbclass b/poky/meta/classes-recipe/uboot-sign.bbclass index 7a0b8047e4..c8e097f2f2 100644 --- a/poky/meta/classes-recipe/uboot-sign.bbclass +++ b/poky/meta/classes-recipe/uboot-sign.bbclass @@ -367,7 +367,7 @@ do_uboot_assemble_fitimage() { done for binary in ${UBOOT_BINARIES}; do - k=$(expr $j + 1); + k=$(expr $k + 1); if [ $k -eq $i ]; then break; fi diff --git a/poky/meta/classes/create-spdx-2.2.bbclass b/poky/meta/classes/create-spdx-2.2.bbclass index 486efadba9..4ea91f6499 100644 --- a/poky/meta/classes/create-spdx-2.2.bbclass +++ b/poky/meta/classes/create-spdx-2.2.bbclass @@ -28,7 +28,7 @@ SPDX_ARCHIVE_SOURCES ??= "0" SPDX_ARCHIVE_PACKAGED ??= "0" SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" -SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc" +SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs" SPDX_PRETTY ??= "0" SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 20eb3a0446..180dfc1918 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -190,7 +190,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>" -RECIPE_MAINTAINER:pn-gcc-source-13.2.0 = "Khem Raj <raj.khem@gmail.com>" +RECIPE_MAINTAINER:pn-gcc-source-13.3.0 = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>" @@ -225,7 +225,6 @@ RECIPE_MAINTAINER:pn-go-cross-${TUNE_PKGARCH} = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-go-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-go-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-go-helloworld = "Khem Raj <raj.khem@gmail.com>" -RECIPE_MAINTAINER:pn-go-native = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-go-runtime = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-gobject-introspection = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-gperf = "Alexander Kanavin <alex.kanavin@gmail.com>" diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 4ac66fd506..657c1032f9 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -7,9 +7,9 @@ # UNINATIVE_MAXGLIBCVERSION = "2.39" -UNINATIVE_VERSION = "4.4" +UNINATIVE_VERSION = "4.5" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" -UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" -UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302" +UNINATIVE_CHECKSUM[aarch64] ?= "df2e29e2e6feb187a3499abf3b1322a3b251da819c77a7b19d4fe952351365ab" +UNINATIVE_CHECKSUM[i686] ?= "8ef3eda53428b484c20157f6ec3c130b03080b3d4b3889067e0e184e05102d35" +UNINATIVE_CHECKSUM[x86_64] ?= "43ee6a25bcf5fce16ea87076d6a96e79ead6ced90690a058d07432f902773473" diff --git a/poky/meta/conf/layer.conf b/poky/meta/conf/layer.conf index f2bca0aa5b..efbf2610f9 100644 --- a/poky/meta/conf/layer.conf +++ b/poky/meta/conf/layer.conf @@ -7,12 +7,12 @@ BBFILE_COLLECTIONS += "core" BBFILE_PATTERN_core = "^${LAYERDIR}/" BBFILE_PRIORITY_core = "5" -LAYERSERIES_CORENAMES = "scarthgap styhead" +LAYERSERIES_CORENAMES = "scarthgap" # This should only be incremented on significant changes that will # cause compatibility issues with other layers LAYERVERSION_core = "15" -LAYERSERIES_COMPAT_core = "styhead" +LAYERSERIES_COMPAT_core = "scarthgap" BBLAYERS_LAYERINDEX_NAME_core = "openembedded-core" diff --git a/poky/meta/lib/oe/package_manager/__init__.py b/poky/meta/lib/oe/package_manager/__init__.py index 6774cdb794..d3b2317894 100644 --- a/poky/meta/lib/oe/package_manager/__init__.py +++ b/poky/meta/lib/oe/package_manager/__init__.py @@ -449,7 +449,7 @@ class PackageManager(object, metaclass=ABCMeta): return res return _append(uris, base_paths) -def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencies): +def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencies, include_self=False): """ Go through our do_package_write_X dependencies and hardlink the packages we depend upon into the repo directory. This prevents us seeing other packages that may @@ -486,14 +486,17 @@ def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencie bb.fatal("Couldn't find ourself in BB_TASKDEPDATA?") pkgdeps = set() start = [start] - seen = set(start) + if include_self: + seen = set() + else: + seen = set(start) # Support direct dependencies (do_rootfs -> do_package_write_X) # or indirect dependencies within PN (do_populate_sdk_ext -> do_rootfs -> do_package_write_X) while start: next = [] for dep2 in start: for dep in taskdepdata[dep2][3]: - if taskdepdata[dep][0] != pn: + if include_self or taskdepdata[dep][0] != pn: if "do_" + taskname in dep: pkgdeps.add(dep) elif dep not in seen: diff --git a/poky/meta/lib/oe/package_manager/ipk/__init__.py b/poky/meta/lib/oe/package_manager/ipk/__init__.py index 8cc9953a02..47e72cc7a6 100644 --- a/poky/meta/lib/oe/package_manager/ipk/__init__.py +++ b/poky/meta/lib/oe/package_manager/ipk/__init__.py @@ -4,6 +4,7 @@ # SPDX-License-Identifier: GPL-2.0-only # +import glob import re import shutil import subprocess @@ -134,11 +135,16 @@ class OpkgDpkgPM(PackageManager): tmp_dir = tempfile.mkdtemp() current_dir = os.getcwd() os.chdir(tmp_dir) - data_tar = 'data.tar.zst' try: cmd = [ar_cmd, 'x', pkg_path] output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + data_tar = glob.glob("data.tar.*") + if len(data_tar) != 1: + bb.fatal("Unable to extract %s package. Failed to identify " + "data tarball (found tarballs '%s').", + pkg_path, data_tar) + data_tar = data_tar[0] cmd = [tar_cmd, 'xf', data_tar] output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: @@ -153,6 +159,7 @@ class OpkgDpkgPM(PackageManager): bb.note("Extracted %s to %s" % (pkg_path, tmp_dir)) bb.utils.remove(os.path.join(tmp_dir, "debian-binary")) bb.utils.remove(os.path.join(tmp_dir, "control.tar.gz")) + bb.utils.remove(os.path.join(tmp_dir, data_tar)) os.chdir(current_dir) return tmp_dir @@ -505,7 +512,4 @@ class OpkgPM(OpkgDpkgPM): bb.fatal("Unable to get information for package '%s' while " "trying to extract the package." % pkg) - tmp_dir = super(OpkgPM, self).extract(pkg, pkg_info) - bb.utils.remove(os.path.join(tmp_dir, "data.tar.zst")) - - return tmp_dir + return super(OpkgPM, self).extract(pkg, pkg_info) diff --git a/poky/meta/lib/oeqa/sdk/cases/assimp.py b/poky/meta/lib/oeqa/sdk/cases/assimp.py index e986838aea..d990b1e97d 100644 --- a/poky/meta/lib/oeqa/sdk/cases/assimp.py +++ b/poky/meta/lib/oeqa/sdk/cases/assimp.py @@ -25,10 +25,10 @@ class BuildAssimp(OESDKTestCase): def test_assimp(self): with tempfile.TemporaryDirectory(prefix="assimp", dir=self.tc.sdk_dir) as testdir: - tarball = self.fetch(testdir, self.td["DL_DIR"], "https://github.com/assimp/assimp/archive/v5.3.1.tar.gz") + tarball = self.fetch(testdir, self.td["DL_DIR"], "https://github.com/assimp/assimp/archive/v5.4.1.tar.gz") dirs = {} - dirs["source"] = os.path.join(testdir, "assimp-5.3.1") + dirs["source"] = os.path.join(testdir, "assimp-5.4.1") dirs["build"] = os.path.join(testdir, "build") dirs["install"] = os.path.join(testdir, "install") @@ -39,7 +39,7 @@ class BuildAssimp(OESDKTestCase): self._run("sed -i '/# ifdef _FILE_OFFSET_BITS/I,+2 d' {source}/contrib/zlib/gzguts.h".format(**dirs)) os.makedirs(dirs["build"]) - self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DASSIMP_BUILD_ZLIB=ON {source}".format(**dirs)) + self._run("cd {build} && cmake -DASSIMP_WARNINGS_AS_ERRORS=OFF -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DASSIMP_BUILD_ZLIB=ON {source}".format(**dirs)) self._run("cmake --build {build} -- -j".format(**dirs)) self._run("cmake --build {build} --target install -- DESTDIR={install}".format(**dirs)) - self.check_elf(os.path.join(dirs["install"], "usr", "local", "lib", "libassimp.so.5.3.0")) + self.check_elf(os.path.join(dirs["install"], "usr", "local", "lib", "libassimp.so.5.4.1")) diff --git a/poky/meta/lib/oeqa/sdkext/cases/devtool.py b/poky/meta/lib/oeqa/sdkext/cases/devtool.py index 5ffb732556..d0746e68eb 100644 --- a/poky/meta/lib/oeqa/sdkext/cases/devtool.py +++ b/poky/meta/lib/oeqa/sdkext/cases/devtool.py @@ -69,10 +69,9 @@ class DevtoolTest(OESDKExtTestCase): self._test_devtool_build(self.myapp_cmake_dst) def test_extend_autotools_recipe_creation(self): - req = 'https://github.com/rdfa/librdfa' - recipe = "librdfa" - self._run('devtool sdk-install libxml2') - self._run('devtool add %s %s' % (recipe, req) ) + recipe = "test-dbus-wait" + self._run('devtool sdk-install dbus') + self._run('devtool add %s https://git.yoctoproject.org/git/dbus-wait' % (recipe) ) try: self._run('devtool build %s' % recipe) finally: diff --git a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py index 505b4be837..46c0cd87bb 100644 --- a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py +++ b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py @@ -62,7 +62,7 @@ class Debuginfod(OESelftestTestCase): raise TimeoutError("Cannot connect debuginfod, still %d scan jobs running" % latest) - def start_debuginfod(self): + def start_debuginfod(self, feed_dir): # We assume that the caller has already bitbake'd elfutils-native:do_addto_recipe_sysroot # Save some useful paths for later @@ -82,7 +82,7 @@ class Debuginfod(OESelftestTestCase): # Disable rescanning, this is a one-shot test "--rescan-time=0", "--groom-time=0", - get_bb_var("DEPLOY_DIR"), + feed_dir, ] format = get_bb_var("PACKAGE_CLASSES").split()[0] @@ -114,11 +114,12 @@ class Debuginfod(OESelftestTestCase): self.write_config(""" TMPDIR = "${TOPDIR}/tmp-debuginfod" DISTRO_FEATURES:append = " debuginfod" +INHERIT += "localpkgfeed" """) - bitbake("elfutils-native:do_addto_recipe_sysroot xz xz:do_package") + bitbake("elfutils-native:do_addto_recipe_sysroot xz xz:do_package xz:do_localpkgfeed") try: - self.start_debuginfod() + self.start_debuginfod(get_bb_var("LOCALPKGFEED_DIR", "xz")) env = os.environ.copy() env["DEBUGINFOD_URLS"] = "http://localhost:%d/" % self.port @@ -141,12 +142,13 @@ DISTRO_FEATURES:append = " debuginfod" self.write_config(""" TMPDIR = "${TOPDIR}/tmp-debuginfod" DISTRO_FEATURES:append = " debuginfod" +INHERIT += "localpkgfeed" CORE_IMAGE_EXTRA_INSTALL += "elfutils xz" """) - bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot") + bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot xz:do_localpkgfeed") try: - self.start_debuginfod() + self.start_debuginfod(get_bb_var("LOCALPKGFEED_DIR", "xz")) with runqemu("core-image-minimal", runqemuparams="nographic") as qemu: cmd = "DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/xz" % (qemu.server_ip, self.port) diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index bc1e40ef83..fc08906117 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -286,10 +286,13 @@ class DevtoolTestCase(OESelftestTestCase): else: self.skipTest('No tap devices found - you must set up tap devices with scripts/runqemu-gen-tapdevs before running this test') - def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri): + def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri, srcrev=None): self.track_for_cleanup(self.workspacedir) self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') - result = runCmd('devtool add --version %s %s %s' % (version, pn, git_url)) + command = 'devtool add --version %s %s %s' % (version, pn, git_url) + if srcrev : + command += ' --srcrev %s' %srcrev + result = runCmd(command) self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created') # Check the recipe name is correct recipefile = get_bb_var('FILE', pn) @@ -479,11 +482,12 @@ class DevtoolAddTests(DevtoolBase): def test_devtool_add_git_style2(self): version = 'v3.1.0' + srcrev = 'v3.1.0' pn = 'mbedtls' # this will trigger reformat_git_uri with branch parameter in url git_url = "'git://git@github.com/ARMmbed/mbedtls.git;protocol=https'" - resulting_src_uri = "gitsm://git@github.com/ARMmbed/mbedtls.git;protocol=https;branch=master" - self._test_devtool_add_git_url(git_url, version, pn, resulting_src_uri) + resulting_src_uri = "git://git@github.com/ARMmbed/mbedtls.git;protocol=https;branch=master" + self._test_devtool_add_git_url(git_url, version, pn, resulting_src_uri, srcrev) def test_devtool_add_library(self): # Fetch source @@ -749,6 +753,25 @@ class DevtoolModifyTests(DevtoolBase): result = runCmd('devtool status') self.assertNotIn('mdadm', result.output) + def test_devtool_modify_go(self): + import oe.path + from tempfile import TemporaryDirectory + with TemporaryDirectory(prefix='devtoolqa') as tempdir: + self.track_for_cleanup(self.workspacedir) + self.add_command_to_tearDown('bitbake -c clean go-helloworld') + self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') + result = runCmd('devtool modify go-helloworld -x %s' % tempdir) + self.assertExists( + oe.path.join(tempdir, 'src', 'golang.org', 'x', 'example', 'go.mod'), + 'Extracted source could not be found' + ) + self.assertExists( + oe.path.join(self.workspacedir, 'conf', 'layer.conf'), + 'Workspace directory not created' + ) + matches = glob.glob(oe.path.join(self.workspacedir, 'appends', 'go-helloworld_*.bbappend')) + self.assertTrue(matches, 'bbappend not created %s' % result.output) + def test_devtool_buildclean(self): def assertFile(path, *paths): f = os.path.join(path, *paths) @@ -1405,14 +1428,30 @@ class DevtoolUpdateTests(DevtoolBase): runCmd('echo "Bar" > new-file', cwd=tempdir) runCmd('git add new-file', cwd=tempdir) runCmd('git commit -m "Add new file"', cwd=tempdir) - self.add_command_to_tearDown('cd %s; git clean -fd .; git checkout .' % - os.path.dirname(recipefile)) runCmd('devtool update-recipe %s' % testrecipe) expected_status = [(' M', '.*/%s$' % os.path.basename(recipefile)), (' M', '.*/makedevs/makedevs.c$'), ('??', '.*/makedevs/new-local$'), ('??', '.*/makedevs/0001-Add-new-file.patch$')] self._check_repo_status(os.path.dirname(recipefile), expected_status) + # Now try to update recipe in another layer, so first, clean it + runCmd('cd %s; git clean -fd .; git checkout .' % os.path.dirname(recipefile)) + # Create a temporary layer and add it to bblayers.conf + self._create_temp_layer(templayerdir, True, 'templayer') + # Update recipe in templayer + result = runCmd('devtool update-recipe %s -a %s' % (testrecipe, templayerdir)) + self.assertNotIn('WARNING:', result.output) + # Check recipe is still clean + self._check_repo_status(os.path.dirname(recipefile), []) + splitpath = os.path.dirname(recipefile).split(os.sep) + appenddir = os.path.join(templayerdir, splitpath[-2], splitpath[-1]) + bbappendfile = self._check_bbappend(testrecipe, recipefile, appenddir) + patchfile = os.path.join(appenddir, testrecipe, '0001-Add-new-file.patch') + new_local_file = os.path.join(appenddir, testrecipe, 'new_local') + local_file = os.path.join(appenddir, testrecipe, 'makedevs.c') + self.assertExists(patchfile, 'Patch file 0001-Add-new-file.patch not created') + self.assertExists(local_file, 'File makedevs.c not created') + self.assertExists(patchfile, 'File new_local not created') def test_devtool_update_recipe_local_files_2(self): """Check local source files support when oe-local-files is in Git""" @@ -1753,6 +1792,8 @@ class DevtoolExtractTests(DevtoolBase): # Definitions testrecipe = 'mdadm' testfile = '/sbin/mdadm' + if "usrmerge" in get_bb_var('DISTRO_FEATURES'): + testfile = '/usr/sbin/mdadm' testimage = 'oe-selftest-image' testcommand = '/sbin/mdadm --help' # Build an image to run diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py index aebea42502..126906df50 100644 --- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py @@ -120,9 +120,15 @@ class RecipetoolAppendTests(RecipetoolBase): self._try_recipetool_appendfile_fail('/dev/console', self.testfile, ['ERROR: /dev/console cannot be handled by this tool']) def test_recipetool_appendfile_alternatives(self): + lspath = '/bin/ls' + dirname = "base_bindir" + if "usrmerge" in get_bb_var('DISTRO_FEATURES'): + lspath = '/usr/bin/ls' + dirname = "bindir" + # Now try with a file we know should be an alternative # (this is very much a fake example, but one we know is reliably an alternative) - self._try_recipetool_appendfile_fail('/bin/ls', self.testfile, ['ERROR: File /bin/ls is an alternative possibly provided by the following recipes:', 'coreutils', 'busybox']) + self._try_recipetool_appendfile_fail(lspath, self.testfile, ['ERROR: File %s is an alternative possibly provided by the following recipes:' % lspath, 'coreutils', 'busybox']) # Need a test file - should be executable testfile2 = os.path.join(self.corebase, 'oe-init-build-env') testfile2name = os.path.basename(testfile2) @@ -131,12 +137,12 @@ class RecipetoolAppendTests(RecipetoolBase): 'SRC_URI += "file://%s"\n' % testfile2name, '\n', 'do_install:append() {\n', - ' install -d ${D}${base_bindir}\n', - ' install -m 0755 ${WORKDIR}/%s ${D}${base_bindir}/ls\n' % testfile2name, + ' install -d ${D}${%s}\n' % dirname, + ' install -m 0755 ${WORKDIR}/%s ${D}${%s}/ls\n' % (testfile2name, dirname), '}\n'] - self._try_recipetool_appendfile('coreutils', '/bin/ls', testfile2, '-r coreutils', expectedlines, [testfile2name]) + self._try_recipetool_appendfile('coreutils', lspath, testfile2, '-r coreutils', expectedlines, [testfile2name]) # Now try bbappending the same file again, contents should not change - bbappendfile, _ = self._try_recipetool_appendfile('coreutils', '/bin/ls', self.testfile, '-r coreutils', expectedlines, [testfile2name]) + bbappendfile, _ = self._try_recipetool_appendfile('coreutils', lspath, self.testfile, '-r coreutils', expectedlines, [testfile2name]) # But file should have copiedfile = os.path.join(os.path.dirname(bbappendfile), 'coreutils', testfile2name) result = runCmd('diff -q %s %s' % (testfile2, copiedfile), ignore_status=True) diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py index 57844b289a..99186175e5 100644 --- a/poky/meta/lib/oeqa/selftest/context.py +++ b/poky/meta/lib/oeqa/selftest/context.py @@ -194,8 +194,23 @@ class OESelftestTestContextExecutor(OETestContextExecutor): parser.add_argument('-R', '--skip-tests', required=False, action='store', nargs='+', dest="skips", default=None, help='Skip the tests specified. Format should be <module>[.<class>[.<test_method>]]') + + def check_parallel_support(parameter): + if not parameter.isdigit(): + import argparse + raise argparse.ArgumentTypeError("argument -j/--num-processes: invalid int value: '%s' " % str(parameter)) + + processes = int(parameter) + if processes: + try: + import testtools, subunit + except ImportError: + print("Failed to import testtools or subunit, the testcases will run serially") + processes = None + return processes + parser.add_argument('-j', '--num-processes', dest='processes', action='store', - type=int, help="number of processes to execute in parallel with") + type=check_parallel_support, help="number of processes to execute in parallel with") parser.add_argument('-t', '--select-tag', dest="select_tags", action='append', default=None, diff --git a/poky/meta/lib/oeqa/utils/postactions.py b/poky/meta/lib/oeqa/utils/postactions.py index 8104400ac2..ecdddd2d40 100644 --- a/poky/meta/lib/oeqa/utils/postactions.py +++ b/poky/meta/lib/oeqa/utils/postactions.py @@ -25,7 +25,7 @@ def create_artifacts_directory(d, tc): def get_target_disk_usage(d, tc): output_file = os.path.join(get_json_result_dir(d), "artifacts", "target_disk_usage.txt") try: - (status, output) = tc.target.run('df -hl') + (status, output) = tc.target.run('df -h') with open(output_file, 'w') as f: f.write(output) f.write("\n") diff --git a/poky/meta/lib/patchtest/tests/test_metadata.py b/poky/meta/lib/patchtest/tests/test_metadata.py index be609dbd04..f5dbcf01ed 100644 --- a/poky/meta/lib/patchtest/tests/test_metadata.py +++ b/poky/meta/lib/patchtest/tests/test_metadata.py @@ -18,12 +18,12 @@ class TestMetadata(base.Metadata): lictag_re = pyparsing.AtLineStart("License-Update:") lic_chksum_added = pyparsing.AtLineStart("+" + metadata_chksum) lic_chksum_removed = pyparsing.AtLineStart("-" + metadata_chksum) - add_mark = pyparsing.Regex('\+ ') + add_mark = pyparsing.Regex('\\+ ') max_length = 200 metadata_src_uri = 'SRC_URI' md5sum = 'md5sum' sha256sum = 'sha256sum' - git_regex = pyparsing.Regex('^git\:\/\/.*') + git_regex = pyparsing.Regex('^git\\:\\/\\/.*') metadata_summary = 'SUMMARY' cve_check_ignore_var = 'CVE_CHECK_IGNORE' cve_status_var = 'CVE_STATUS' diff --git a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb index 63edcbd864..3024ddcaf0 100644 --- a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb +++ b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb @@ -46,3 +46,9 @@ ALTERNATIVE_TARGET[rb] = "${bindir}/lrz" ALTERNATIVE_TARGET[sz] = "${bindir}/lsz" ALTERNATIVE_TARGET[sx] = "${bindir}/lsz" ALTERNATIVE_TARGET[sb] = "${bindir}/lsz" + +# http://errors.yoctoproject.org/Errors/Details/766929/ +# lrzsz-0.12.20/src/tcp.c:75:56: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types] +# lrzsz-0.12.20/src/tcp.c:83:52: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types] +# lrzsz-0.12.20/src/tcp.c:103:51: error: passing argument 3 of 'accept' from incompatible pointer type [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc index ca5357392a..1f17bd7d0a 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -12,7 +12,7 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "25049ad560826f7dc1c4740883b0016014a59789" +SRCREV = "866ca972d6c3cabeaf6dbac431e8e08bb30b3c8e" SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2024.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2024.01.bb index 7eaf721ca8..7eaf721ca8 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2024.04.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2024.01.bb diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2024.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2024.01.bb index b15bcaa818..b15bcaa818 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2024.04.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2024.01.bb diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index fcd154b4b0..8875cdc02c 100644 --- a/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -28,3 +28,7 @@ RDEPENDS:${PN} = "connman" do_install:append() { install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ } + +# http://errors.yoctoproject.org/Errors/Details/766926/ +# connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch deleted file mode 100644 index 74e3de1ce9..0000000000 --- a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001 -From: Baruch Siach <baruch@tkos.co.il> -Date: Thu, 22 Dec 2016 15:26:30 +0200 -Subject: [PATCH] libc-compat.h: add musl workaround - -The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and -__USE_MISC) to solve conflicts with libc provided headers. This patch makes -libc-compat.h work for musl libc as well. - -Upstream-Status: Pending - -Taken From: -https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch - -Signed-off-by: Baruch Siach <baruch@tkos.co.il> -Signed-off-by: Maxin B. John <maxin.john@intel.com> - ---- - include/uapi/linux/libc-compat.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h -index a159991..22198fa 100644 ---- a/include/uapi/linux/libc-compat.h -+++ b/include/uapi/linux/libc-compat.h -@@ -50,10 +50,12 @@ - #define _LIBC_COMPAT_H - - /* We have included glibc headers... */ --#if defined(__GLIBC__) -+#if 1 -+#define __USE_MISC - - /* Coordinate with glibc net/if.h header. */ - #if defined(_NET_IF_H) && defined(__USE_MISC) -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 - - /* GLIBC headers included first so don't define anything - * that would already be defined. */ diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb index 8c460adf73..fd05707cec 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb @@ -11,9 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ DEPENDS = "flex-native bison-native iptables libcap" -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ - file://0001-libc-compat.h-add-musl-workaround.patch \ - " +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz" SRC_URI[sha256sum] = "ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d" @@ -28,6 +26,8 @@ PACKAGECONFIG[selinux] = ",,libselinux" IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" +# This is needed with GCC-14 and musl +CFLAGS += "-Wno-error=incompatible-pointer-types" # CFLAGS are computed in Makefile and reference CCOPTS # EXTRA_OEMAKE = "\ @@ -59,7 +59,6 @@ do_install () { INSANE_SKIP:${PN}-tc = "dev-so" IPROUTE2_PACKAGES =+ "\ - ${PN}-bridge \ ${PN}-devlink \ ${PN}-genl \ ${PN}-ifstat \ @@ -92,7 +91,6 @@ FILES:${PN}-tipc = "${base_sbindir}/tipc" FILES:${PN}-devlink = "${base_sbindir}/devlink" FILES:${PN}-rdma = "${base_sbindir}/rdma" FILES:${PN}-routel = "${base_sbindir}/routel" -FILES:${PN}-bridge = "${base_sbindir}/bridge" RDEPENDS:${PN}-routel = "python3-core" diff --git a/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch b/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch deleted file mode 100644 index 8a5bd00302..0000000000 --- a/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch +++ /dev/null @@ -1,62 +0,0 @@ -From f9bcfed5a1d44d9211c5f6eba403a9898c8c9057 Mon Sep 17 00:00:00 2001 -From: Sudip Mukherjee <sudipm.mukherjee@gmail.com> -Date: Tue, 8 Aug 2023 19:03:13 +0100 -Subject: [PATCH] kea: fix reproducible build failure - -New version of Kea has started using path of build-dir instead of -src-dir which results in reproducible builds failure. -Use src-dir as is used in v2.2.0 - -Upstream-Status: Pending -https://gitlab.isc.org/isc-projects/kea/-/issues/3007 - -Upstream has confirmed the patch will not be accepted but discussions -with upstream is still going on, we might have a proper solution later. - -Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> ---- - src/bin/admin/kea-admin.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/bin/admin/kea-admin.in b/src/bin/admin/kea-admin.in -index 034a0ee..8ab11ab 100644 ---- a/src/bin/admin/kea-admin.in -+++ b/src/bin/admin/kea-admin.in -@@ -51,14 +51,14 @@ dump_qry="" - if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then - . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh" - else -- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh" -+ . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh" - fi - - # Find the installed kea-lfc if available. Fallback to sources otherwise. - if test -x "@sbindir@/kea-lfc"; then - kea_lfc="@sbindir@/kea-lfc" - else -- kea_lfc="@abs_top_builddir@/src/bin/lfc/kea-lfc" -+ kea_lfc="@abs_top_srcdir@/src/bin/lfc/kea-lfc" - fi - - # Prints out usage version. -@@ -355,7 +355,7 @@ mysql_upgrade() { - # Check if there are any files in it - num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l) - if [ "$num_files" -eq 0 ]; then -- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/mysql -+ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/mysql - - # Check if the scripts directory exists at all. - if [ ! -d ${upgrade_scripts_dir} ]; then -@@ -405,7 +405,7 @@ pgsql_upgrade() { - # Check if there are any files in it - num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l) - if [ "$num_files" -eq 0 ]; then -- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/pgsql -+ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/pgsql - - # Check if the scripts directory exists at all. - if [ ! -d ${upgrade_scripts_dir} ]; then --- -2.39.2 - diff --git a/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb index c3aa4dc8f0..fcdb4889d9 100644 --- a/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb +++ b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb @@ -17,7 +17,6 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ file://fix-multilib-conflict.patch \ file://fix_pid_keactrl.patch \ file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ - file://0001-kea-fix-reproducible-build-failure.patch \ " SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a" @@ -39,6 +38,7 @@ DEBUG_OPTIMIZATION:append:mipsel = " -O" BUILD_OPTIMIZATION:remove:mipsel = " -Og" BUILD_OPTIMIZATION:append:mipsel = " -O" +CXXFLAGS:remove = "-fvisibility-inlines-hidden" EXTRA_OECONF = "--with-boost-libs=-lboost_system \ --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ --with-openssl=${STAGING_DIR_TARGET}${prefix}" @@ -47,7 +47,7 @@ do_configure:prepend() { # replace abs_top_builddir to avoid introducing the build path # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" - sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in + sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in } # patch out build host paths for reproducibility diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch index f079d936a4..acda8f1ce9 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch +++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch @@ -1,4 +1,4 @@ -From b02ef7621758f06eb686ef4f620636dbad086eda Mon Sep 17 00:00:00 2001 +From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001 From: Matt Jolly <Matt.Jolly@footclan.ninja> Date: Thu, 2 Feb 2023 21:05:40 +1100 Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` @@ -15,10 +15,10 @@ Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> 2 files changed, 37 insertions(+) diff --git a/configure.ac b/configure.ac -index 82e8bb7..d1145d3 100644 +index 22fee70f..486c189f 100644 --- a/configure.ac +++ b/configure.ac -@@ -4870,6 +4870,29 @@ AC_SUBST([GSSLIBS]) +@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS]) AC_SUBST([K5LIBS]) AC_SUBST([CHANNELLIBS]) @@ -48,7 +48,7 @@ index 82e8bb7..d1145d3 100644 # Looking for programs, paths and files PRIVSEP_PATH=/var/empty -@@ -5688,6 +5711,7 @@ echo " libldns support: $LDNS_MSG" +@@ -5634,6 +5657,7 @@ echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" @@ -57,7 +57,7 @@ index 82e8bb7..d1145d3 100644 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/sshd.c b/sshd.c -index b4f2b97..6820a41 100644 +index 6321936c..859d6a0b 100644 --- a/sshd.c +++ b/sshd.c @@ -88,6 +88,10 @@ @@ -71,7 +71,7 @@ index b4f2b97..6820a41 100644 #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -@@ -308,6 +312,10 @@ static void +@@ -310,6 +314,10 @@ static void sighup_restart(void) { logit("Received SIGHUP; restarting."); @@ -82,7 +82,7 @@ index b4f2b97..6820a41 100644 if (options.pid_file != NULL) unlink(options.pid_file); platform_pre_restart(); -@@ -2093,6 +2101,11 @@ main(int ac, char **av) +@@ -2086,6 +2094,11 @@ main(int ac, char **av) } } @@ -94,3 +94,6 @@ index b4f2b97..6820a41 100644 /* Accept a connection and return in a forked child */ server_accept_loop(&sock_in, &sock_out, &newsock, config_s); +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch new file mode 100644 index 0000000000..3e7c707100 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch @@ -0,0 +1,27 @@ +Description: fix signal handler race condition +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497 + +CVE: CVE-2024-6387 + +Upstream-Status: Backport +https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc + +Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> + +--- a/log.c ++++ b/log.c +@@ -452,12 +452,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index d1468c59fc..3cdf0327b0 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -27,8 +27,9 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://add-test-support-for-busybox.patch \ file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ + file://CVE-2024-6387.patch \ " -SRC_URI[sha256sum] = "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd" +SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch deleted file mode 100644 index 8772f716d5..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch +++ /dev/null @@ -1,120 +0,0 @@ -From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 5 Mar 2024 15:43:53 +0000 -Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 - -In TLSv1.3 we create a new session object for each ticket that we send. -We do this by duplicating the original session. If SSL_OP_NO_TICKET is in -use then the new session will be added to the session cache. However, if -early data is not in use (and therefore anti-replay protection is being -used), then multiple threads could be resuming from the same session -simultaneously. If this happens and a problem occurs on one of the threads, -then the original session object could be marked as not_resumable. When we -duplicate the session object this not_resumable status gets copied into the -new session object. The new session object is then added to the session -cache even though it is not_resumable. - -Subsequently, another bug means that the session_id_length is set to 0 for -sessions that are marked as not_resumable - even though that session is -still in the cache. Once this happens the session can never be removed from -the cache. When that object gets to be the session cache tail object the -cache never shrinks again and grows indefinitely. - -CVE-2024-2511 - -Reviewed-by: Neil Horman <nhorman@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/24043) - -CVE: CVE-2024-2511 -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08] -Signed-off-by: Peter Marko <peter.marko@siemens.com> ---- - ssl/ssl_lib.c | 5 +++-- - ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ - ssl/statem/statem_srvr.c | 5 ++--- - 3 files changed, 27 insertions(+), 11 deletions(-) - -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 4afb43bc86e54..c51529ddab5bb 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) - - /* - * If the session_id_length is 0, we are not supposed to cache it, and it -- * would be rather hard to do anyway :-) -+ * would be rather hard to do anyway :-). Also if the session has already -+ * been marked as not_resumable we should not cache it for later reuse. - */ -- if (s->session->session_id_length == 0) -+ if (s->session->session_id_length == 0 || s->session->not_resumable) - return; - - /* -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index 3dcc4d81e5bc6..1fa6d17c46863 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void) - return ss; - } - --SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) --{ -- return ssl_session_dup(src, 1); --} -- - /* - * Create a new SSL_SESSION and duplicate the contents of |src| into it. If - * ticket == 0 then no ticket information is duplicated, otherwise it is. - */ --SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) - { - SSL_SESSION *dest; - -@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) - return NULL; - } - -+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -+{ -+ return ssl_session_dup_intern(src, 1); -+} -+ -+/* -+ * Used internally when duplicating a session which might be already shared. -+ * We will have resumed the original session. Subsequently we might have marked -+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to -+ * resume from. -+ */ -+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+{ -+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); -+ -+ if (sess != NULL) -+ sess->not_resumable = 0; -+ -+ return sess; -+} -+ - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if (len) -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index 853af8c0aa9f9..d5f0ab091dacc 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) - * so the following won't overwrite an ID that we're supposed - * to send back. - */ -- if (s->session->not_resumable || -- (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) -- && !s->hit)) -+ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) -+ && !s->hit) - s->session->session_id_length = 0; - - if (usetls13) { diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch new file mode 100644 index 0000000000..d5c178eeab --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch @@ -0,0 +1,113 @@ +From b63b4db52e10677db4ab46b608aabd55a44668aa Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 31 May 2024 11:14:33 +0100 +Subject: [PATCH 01/10] Fix SSL_select_next_proto + +Ensure that the provided client list is non-NULL and starts with a valid +entry. When called from the ALPN callback the client list should already +have been validated by OpenSSL so this should not cause a problem. When +called from the NPN callback the client list is locally configured and +will not have already been validated. Therefore SSL_select_next_proto +should not assume that it is correctly formatted. + +We implement stricter checking of the client protocol list. We also do the +same for the server list while we are about it. + +CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++------------------- + 1 file changed, 40 insertions(+), 23 deletions(-) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 016135f..cf52b31 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3518,37 +3518,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) + { +- unsigned int i, j; +- const unsigned char *result; +- int status = OPENSSL_NPN_UNSUPPORTED; ++ PACKET cpkt, csubpkt, spkt, ssubpkt; ++ ++ if (!PACKET_buf_init(&cpkt, client, client_len) ++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) ++ || PACKET_remaining(&csubpkt) == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return OPENSSL_NPN_NO_OVERLAP; ++ } ++ ++ /* ++ * Set the default opportunistic protocol. Will be overwritten if we find ++ * a match. ++ */ ++ *out = (unsigned char *)PACKET_data(&csubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&csubpkt); + + /* + * For each protocol in server preference order, see if we support it. + */ +- for (i = 0; i < server_len;) { +- for (j = 0; j < client_len;) { +- if (server[i] == client[j] && +- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { +- /* We found a match */ +- result = &server[i]; +- status = OPENSSL_NPN_NEGOTIATED; +- goto found; ++ if (PACKET_buf_init(&spkt, server, server_len)) { ++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { ++ if (PACKET_remaining(&ssubpkt) == 0) ++ continue; /* Invalid - ignore it */ ++ if (PACKET_buf_init(&cpkt, client, client_len)) { ++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { ++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), ++ PACKET_remaining(&ssubpkt))) { ++ /* We found a match */ ++ *out = (unsigned char *)PACKET_data(&ssubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); ++ return OPENSSL_NPN_NEGOTIATED; ++ } ++ } ++ /* Ignore spurious trailing bytes in the client list */ ++ } else { ++ /* This should never happen */ ++ return OPENSSL_NPN_NO_OVERLAP; + } +- j += client[j]; +- j++; + } +- i += server[i]; +- i++; ++ /* Ignore spurious trailing bytes in the server list */ + } + +- /* There's no overlap between our protocols and the server's list. */ +- result = client; +- status = OPENSSL_NPN_NO_OVERLAP; +- +- found: +- *out = (unsigned char *)result + 1; +- *outlen = result[0]; +- return status; ++ /* ++ * There's no overlap between our protocols and the server's list. We use ++ * the default opportunistic protocol selected earlier ++ */ ++ return OPENSSL_NPN_NO_OVERLAP; + } + + #ifndef OPENSSL_NO_NEXTPROTONEG +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch new file mode 100644 index 0000000000..7cc36f20ab --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch @@ -0,0 +1,203 @@ +From 61cad53901703944d22f1cd6a1b57460f2270599 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 21 Jun 2024 14:29:26 +0100 +Subject: [PATCH 10/10] Add a test for an empty NextProto message + +It is valid according to the spec for a NextProto message to have no +protocols listed in it. The OpenSSL implementation however does not allow +us to create such a message. In order to check that we work as expected +when communicating with a client that does generate such messages we have +to use a TLSProxy test. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/301b870546d1c7b2d8f0d66e04a2596142f0399f] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + test/recipes/70-test_npn.t | 73 +++++++++++++++++++++++++++++++++ + util/perl/TLSProxy/Message.pm | 9 ++++ + util/perl/TLSProxy/NextProto.pm | 54 ++++++++++++++++++++++++ + util/perl/TLSProxy/Proxy.pm | 1 + + 4 files changed, 137 insertions(+) + create mode 100644 test/recipes/70-test_npn.t + create mode 100644 util/perl/TLSProxy/NextProto.pm + +diff --git a/test/recipes/70-test_npn.t b/test/recipes/70-test_npn.t +new file mode 100644 +index 0000000..f82e71a +--- /dev/null ++++ b/test/recipes/70-test_npn.t +@@ -0,0 +1,73 @@ ++#! /usr/bin/env perl ++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; ++use OpenSSL::Test::Utils; ++ ++use TLSProxy::Proxy; ++ ++my $test_name = "test_npn"; ++setup($test_name); ++ ++plan skip_all => "TLSProxy isn't usable on $^O" ++ if $^O =~ /^(VMS)$/; ++ ++plan skip_all => "$test_name needs the dynamic engine feature enabled" ++ if disabled("engine") || disabled("dynamic-engine"); ++ ++plan skip_all => "$test_name needs the sock feature enabled" ++ if disabled("sock"); ++ ++plan skip_all => "$test_name needs NPN enabled" ++ if disabled("nextprotoneg"); ++ ++plan skip_all => "$test_name needs TLSv1.2 enabled" ++ if disabled("tls1_2"); ++ ++my $proxy = TLSProxy::Proxy->new( ++ undef, ++ cmdstr(app(["openssl"]), display => 1), ++ srctop_file("apps", "server.pem"), ++ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ++); ++ ++$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; ++plan tests => 1; ++ ++my $npnseen = 0; ++ ++# Test 1: Check sending an empty NextProto message from the client works. This is ++# valid as per the spec, but OpenSSL does not allow you to send it. ++# Therefore we must be prepared to receive such a message but we cannot ++# generate it except via TLSProxy ++$proxy->clear(); ++$proxy->filter(\&npn_filter); ++$proxy->clientflags("-nextprotoneg foo -no_tls1_3"); ++$proxy->serverflags("-nextprotoneg foo"); ++$proxy->start(); ++ok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); ++ ++sub npn_filter ++{ ++ my $proxy = shift; ++ my $message; ++ ++ # The NextProto message always appears in flight 2 ++ return if $proxy->flight != 2; ++ ++ foreach my $message (@{$proxy->message_list}) { ++ if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { ++ # Our TLSproxy NextProto message support doesn't support parsing of ++ # the message. If we repack it just creates an empty NextProto ++ # message - which is exactly the scenario we want to test here. ++ $message->repack(); ++ $npnseen = 1; ++ } ++ } ++} +diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm +index ce22187..fb41b2f 100644 +--- a/util/perl/TLSProxy/Message.pm ++++ b/util/perl/TLSProxy/Message.pm +@@ -384,6 +384,15 @@ sub create_message + [@message_frag_lens] + ); + $message->parse(); ++ } elsif ($mt == MT_NEXT_PROTO) { ++ $message = TLSProxy::NextProto->new( ++ $server, ++ $data, ++ [@message_rec_list], ++ $startoffset, ++ [@message_frag_lens] ++ ); ++ $message->parse(); + } else { + #Unknown message type + $message = TLSProxy::Message->new( +diff --git a/util/perl/TLSProxy/NextProto.pm b/util/perl/TLSProxy/NextProto.pm +new file mode 100644 +index 0000000..0e18347 +--- /dev/null ++++ b/util/perl/TLSProxy/NextProto.pm +@@ -0,0 +1,54 @@ ++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++ ++package TLSProxy::NextProto; ++ ++use vars '@ISA'; ++push @ISA, 'TLSProxy::Message'; ++ ++sub new ++{ ++ my $class = shift; ++ my ($server, ++ $data, ++ $records, ++ $startoffset, ++ $message_frag_lens) = @_; ++ ++ my $self = $class->SUPER::new( ++ $server, ++ TLSProxy::Message::MT_NEXT_PROTO, ++ $data, ++ $records, ++ $startoffset, ++ $message_frag_lens); ++ ++ return $self; ++} ++ ++sub parse ++{ ++ # We don't support parsing at the moment ++} ++ ++# This is supposed to reconstruct the on-the-wire message data following changes. ++# For now though since we don't support parsing we just create an empty NextProto ++# message - this capability is used in test_npn ++sub set_message_contents ++{ ++ my $self = shift; ++ my $data; ++ ++ $data = pack("C32", 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00); ++ $self->data($data); ++} ++1; +diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm +index 3de10ec..b707722 100644 +--- a/util/perl/TLSProxy/Proxy.pm ++++ b/util/perl/TLSProxy/Proxy.pm +@@ -23,6 +23,7 @@ use TLSProxy::CertificateRequest; + use TLSProxy::CertificateVerify; + use TLSProxy::ServerKeyExchange; + use TLSProxy::NewSessionTicket; ++use TLSProxy::NextProto; + + my $have_IPv6; + my $IP_factory; +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch new file mode 100644 index 0000000000..768304f00b --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch @@ -0,0 +1,43 @@ +From 6de1d37cd129b0af5b4a247c76f97b98e70b108b Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 31 May 2024 11:18:27 +0100 +Subject: [PATCH 02/10] More correctly handle a selected_len of 0 when + processing NPN + +In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but +the selected_len is 0 we should fail. Previously this would fail with an +internal_error alert because calling OPENSSL_malloc(selected_len) will +return NULL when selected_len is 0. We make this error detection more +explicit and return a handshake failure alert. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/015255851371757d54c2560643eb3b3a88123cf1] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + ssl/statem/extensions_clnt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c +index 381a6c9..1ab3c13 100644 +--- a/ssl/statem/extensions_clnt.c ++++ b/ssl/statem/extensions_clnt.c +@@ -1560,8 +1560,8 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), + &selected, &selected_len, + PACKET_data(pkt), PACKET_remaining(pkt), +- sctx->ext.npn_select_cb_arg) != +- SSL_TLSEXT_ERR_OK) { ++ sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK ++ || selected_len == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); + return 0; + } +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch new file mode 100644 index 0000000000..d6d4d869be --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch @@ -0,0 +1,38 @@ +From 4f9334a33da89949f97927c8fe7df1003c42cda4 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 31 May 2024 11:22:13 +0100 +Subject: [PATCH 03/10] Use correctly formatted ALPN data in tserver + +The QUIC test server was using incorrectly formatted ALPN data. With the +previous implementation of SSL_select_next_proto this went unnoticed. With +the new stricter implemenation it was failing. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/6cc511826f09e513b4ec066d9b95acaf4f86d991] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + ssl/quic/quic_tserver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c +index 86187d0..15694e7 100644 +--- a/ssl/quic/quic_tserver.c ++++ b/ssl/quic/quic_tserver.c +@@ -58,7 +58,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out, + + if (srv->args.alpn == NULL) { + alpn = alpndeflt; +- alpnlen = sizeof(alpn); ++ alpnlen = sizeof(alpndeflt); + } else { + alpn = srv->args.alpn; + alpnlen = srv->args.alpnlen; +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch new file mode 100644 index 0000000000..03fc1168f9 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch @@ -0,0 +1,82 @@ +From 5145a1f50e44c9f86127a76f01519a9f25157290 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 31 May 2024 11:46:38 +0100 +Subject: [PATCH 04/10] Clarify the SSL_select_next_proto() documentation + +We clarify the input preconditions and the expected behaviour in the event +of no overlap. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/8e81c57adbbf703dfb63955f65599765fdacc741] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod +index 05fee2f..79e1a25 100644 +--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod ++++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod +@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated + SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to + set the list of protocols available to be negotiated. The B<protos> must be in + protocol-list format, described below. The length of B<protos> is specified in +-B<protos_len>. ++B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN ++protocols and no ALPN extension will be sent to the server. + + SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a + server to select which protocol to use for the incoming connection. When B<cb> +@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format + described below. The first item in the B<server>, B<server_len> list that + matches an item in the B<client>, B<client_len> list is selected, and returned + in B<out>, B<outlen>. The B<out> value will point into either B<server> or +-B<client>, so it should be copied immediately. If no match is found, the first +-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This +-function can also be used in the NPN callback. ++B<client>, so it should be copied immediately. The client list must include at ++least one valid (nonempty) protocol entry in the list. ++ ++The SSL_select_next_proto() helper function can be useful from either the ALPN ++callback or the NPN callback (described below). If no match is found, the first ++item in B<client>, B<client_len> is returned in B<out>, B<outlen> and ++B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating ++the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen> ++must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from ++SSL_select_next_proto(). + + SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a + client needs to select a protocol from the server's provided list, and a +@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>). + The length of the protocol name must be written into B<outlen>. The + server's advertised protocols are provided in B<in> and B<inlen>. The + callback can assume that B<in> is syntactically valid. The client must +-select a protocol. It is fatal to the connection if this callback returns +-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer +-set via SSL_CTX_set_next_proto_select_cb(). ++select a protocol (although it may be an empty, zero length protocol). It is ++fatal to the connection if this callback returns a value other than ++B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg> ++parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). + + SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called + when a TLS server needs a list of supported protocols for Next Protocol +@@ -154,7 +163,8 @@ A match was found and is returned in B<out>, B<outlen>. + =item OPENSSL_NPN_NO_OVERLAP + + No match was found. The first item in B<client>, B<client_len> is returned in +-B<out>, B<outlen>. ++B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in ++B<client> is invalid). + + =back + +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch new file mode 100644 index 0000000000..e439d9b59a --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch @@ -0,0 +1,176 @@ +From 01d44bc7f50670002cad495654fd99a6371d7662 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 31 May 2024 16:35:16 +0100 +Subject: [PATCH 05/10] Add a test for SSL_select_next_proto + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/add5c52a25c549cec4a730cdf96e2252f0a1862d] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + test/sslapitest.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 137 insertions(+) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index ce16332..15cb906 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -11741,6 +11741,142 @@ static int test_multi_resume(int idx) + return testresult; + } + ++static struct next_proto_st { ++ int serverlen; ++ unsigned char server[40]; ++ int clientlen; ++ unsigned char client[40]; ++ int expected_ret; ++ size_t selectedlen; ++ unsigned char selected[40]; ++} next_proto_tests[] = { ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'b', 'c', 'd' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 0, { 0 }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ -1, { 0 }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 0, { 0 }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ -1, { 0 }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ }, ++ { ++ 3, { 3, 'a', 'b', 'c' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 3, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ } ++}; ++ ++static int test_select_next_proto(int idx) ++{ ++ struct next_proto_st *np = &next_proto_tests[idx]; ++ int ret = 0; ++ unsigned char *out, *client, *server; ++ unsigned char outlen; ++ unsigned int clientlen, serverlen; ++ ++ if (np->clientlen == -1) { ++ client = NULL; ++ clientlen = 0; ++ } else { ++ client = np->client; ++ clientlen = (unsigned int)np->clientlen; ++ } ++ if (np->serverlen == -1) { ++ server = NULL; ++ serverlen = 0; ++ } else { ++ server = np->server; ++ serverlen = (unsigned int)np->serverlen; ++ } ++ ++ if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, ++ client, clientlen), ++ np->expected_ret)) ++ goto err; ++ ++ if (np->selectedlen == 0) { ++ if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0)) ++ goto err; ++ } else { ++ if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) ++ goto err; ++ } ++ ++ ret = 1; ++ err: ++ return ret; ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") + + int setup_tests(void) +@@ -12053,6 +12189,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_handshake_retry, 16); + ADD_TEST(test_data_retry); + ADD_ALL_TESTS(test_multi_resume, 5); ++ ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); + return 1; + + err: +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch new file mode 100644 index 0000000000..df24702fa6 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch @@ -0,0 +1,1173 @@ +From e344d0b5860560ffa59415ea4028ba7760b2a773 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 4 Jun 2024 15:47:32 +0100 +Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests + +Allow ourselves to configure an empty NPN/ALPN protocol list and test what +happens if we do. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + test/helpers/handshake.c | 6 + + test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++--------------- + test/ssl-tests/08-npn.cnf.in | 35 +++ + test/ssl-tests/09-alpn.cnf | 66 +++- + test/ssl-tests/09-alpn.cnf.in | 33 ++ + 5 files changed, 449 insertions(+), 244 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index ae2ad59..b66b2f5 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -444,6 +444,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) + + len = strlen(protos); + ++ if (len == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return 1; ++ } ++ + /* Should never have reuse. */ + if (!TEST_ptr_null(*out) + /* Test values are small, so we omit length limit checks. */ +diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf +index f38b3f6..1931d02 100644 +--- a/test/ssl-tests/08-npn.cnf ++++ b/test/ssl-tests/08-npn.cnf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 20 ++num_tests = 22 + + test-0 = 0-npn-simple + test-1 = 1-npn-client-finds-match +@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref + test-3 = 3-npn-client-first-pref-on-mismatch + test-4 = 4-npn-no-server-support + test-5 = 5-npn-no-client-support +-test-6 = 6-npn-with-sni-no-context-switch +-test-7 = 7-npn-with-sni-context-switch +-test-8 = 8-npn-selected-sni-server-supports-npn +-test-9 = 9-npn-selected-sni-server-does-not-support-npn +-test-10 = 10-alpn-preferred-over-npn +-test-11 = 11-sni-npn-preferred-over-alpn +-test-12 = 12-npn-simple-resumption +-test-13 = 13-npn-server-switch-resumption +-test-14 = 14-npn-client-switch-resumption +-test-15 = 15-npn-client-first-pref-on-mismatch-resumption +-test-16 = 16-npn-no-server-support-resumption +-test-17 = 17-npn-no-client-support-resumption +-test-18 = 18-alpn-preferred-over-npn-resumption +-test-19 = 19-npn-used-if-alpn-not-supported-resumption ++test-6 = 6-npn-empty-client-list ++test-7 = 7-npn-empty-server-list ++test-8 = 8-npn-with-sni-no-context-switch ++test-9 = 9-npn-with-sni-context-switch ++test-10 = 10-npn-selected-sni-server-supports-npn ++test-11 = 11-npn-selected-sni-server-does-not-support-npn ++test-12 = 12-alpn-preferred-over-npn ++test-13 = 13-sni-npn-preferred-over-alpn ++test-14 = 14-npn-simple-resumption ++test-15 = 15-npn-server-switch-resumption ++test-16 = 16-npn-client-switch-resumption ++test-17 = 17-npn-client-first-pref-on-mismatch-resumption ++test-18 = 18-npn-no-server-support-resumption ++test-19 = 19-npn-no-client-support-resumption ++test-20 = 20-alpn-preferred-over-npn-resumption ++test-21 = 21-npn-used-if-alpn-not-supported-resumption + # =========================================================== + + [0-npn-simple] +@@ -206,253 +208,318 @@ NPNProtocols = foo + + # =========================================================== + +-[6-npn-with-sni-no-context-switch] +-ssl_conf = 6-npn-with-sni-no-context-switch-ssl ++[6-npn-empty-client-list] ++ssl_conf = 6-npn-empty-client-list-ssl + +-[6-npn-with-sni-no-context-switch-ssl] +-server = 6-npn-with-sni-no-context-switch-server +-client = 6-npn-with-sni-no-context-switch-client +-server2 = 6-npn-with-sni-no-context-switch-server2 ++[6-npn-empty-client-list-ssl] ++server = 6-npn-empty-client-list-server ++client = 6-npn-empty-client-list-client + +-[6-npn-with-sni-no-context-switch-server] ++[6-npn-empty-client-list-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[6-npn-with-sni-no-context-switch-server2] ++[6-npn-empty-client-list-client] ++CipherString = DEFAULT ++MaxProtocol = TLSv1.2 ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-6] ++ExpectedClientAlert = HandshakeFailure ++ExpectedResult = ClientFail ++server = 6-npn-empty-client-list-server-extra ++client = 6-npn-empty-client-list-client-extra ++ ++[6-npn-empty-client-list-server-extra] ++NPNProtocols = foo ++ ++[6-npn-empty-client-list-client-extra] ++NPNProtocols = ++ ++ ++# =========================================================== ++ ++[7-npn-empty-server-list] ++ssl_conf = 7-npn-empty-server-list-ssl ++ ++[7-npn-empty-server-list-ssl] ++server = 7-npn-empty-server-list-server ++client = 7-npn-empty-server-list-client ++ ++[7-npn-empty-server-list-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[6-npn-with-sni-no-context-switch-client] ++[7-npn-empty-server-list-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-6] ++[test-7] ++ExpectedNPNProtocol = foo ++server = 7-npn-empty-server-list-server-extra ++client = 7-npn-empty-server-list-client-extra ++ ++[7-npn-empty-server-list-server-extra] ++NPNProtocols = ++ ++[7-npn-empty-server-list-client-extra] ++NPNProtocols = foo ++ ++ ++# =========================================================== ++ ++[8-npn-with-sni-no-context-switch] ++ssl_conf = 8-npn-with-sni-no-context-switch-ssl ++ ++[8-npn-with-sni-no-context-switch-ssl] ++server = 8-npn-with-sni-no-context-switch-server ++client = 8-npn-with-sni-no-context-switch-client ++server2 = 8-npn-with-sni-no-context-switch-server2 ++ ++[8-npn-with-sni-no-context-switch-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[8-npn-with-sni-no-context-switch-server2] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[8-npn-with-sni-no-context-switch-client] ++CipherString = DEFAULT ++MaxProtocol = TLSv1.2 ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-8] + ExpectedNPNProtocol = foo + ExpectedServerName = server1 +-server = 6-npn-with-sni-no-context-switch-server-extra +-server2 = 6-npn-with-sni-no-context-switch-server2-extra +-client = 6-npn-with-sni-no-context-switch-client-extra ++server = 8-npn-with-sni-no-context-switch-server-extra ++server2 = 8-npn-with-sni-no-context-switch-server2-extra ++client = 8-npn-with-sni-no-context-switch-client-extra + +-[6-npn-with-sni-no-context-switch-server-extra] ++[8-npn-with-sni-no-context-switch-server-extra] + NPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[6-npn-with-sni-no-context-switch-server2-extra] ++[8-npn-with-sni-no-context-switch-server2-extra] + NPNProtocols = bar + +-[6-npn-with-sni-no-context-switch-client-extra] ++[8-npn-with-sni-no-context-switch-client-extra] + NPNProtocols = foo,bar + ServerName = server1 + + + # =========================================================== + +-[7-npn-with-sni-context-switch] +-ssl_conf = 7-npn-with-sni-context-switch-ssl ++[9-npn-with-sni-context-switch] ++ssl_conf = 9-npn-with-sni-context-switch-ssl + +-[7-npn-with-sni-context-switch-ssl] +-server = 7-npn-with-sni-context-switch-server +-client = 7-npn-with-sni-context-switch-client +-server2 = 7-npn-with-sni-context-switch-server2 ++[9-npn-with-sni-context-switch-ssl] ++server = 9-npn-with-sni-context-switch-server ++client = 9-npn-with-sni-context-switch-client ++server2 = 9-npn-with-sni-context-switch-server2 + +-[7-npn-with-sni-context-switch-server] ++[9-npn-with-sni-context-switch-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[7-npn-with-sni-context-switch-server2] ++[9-npn-with-sni-context-switch-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[7-npn-with-sni-context-switch-client] ++[9-npn-with-sni-context-switch-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-7] ++[test-9] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 7-npn-with-sni-context-switch-server-extra +-server2 = 7-npn-with-sni-context-switch-server2-extra +-client = 7-npn-with-sni-context-switch-client-extra ++server = 9-npn-with-sni-context-switch-server-extra ++server2 = 9-npn-with-sni-context-switch-server2-extra ++client = 9-npn-with-sni-context-switch-client-extra + +-[7-npn-with-sni-context-switch-server-extra] ++[9-npn-with-sni-context-switch-server-extra] + NPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[7-npn-with-sni-context-switch-server2-extra] ++[9-npn-with-sni-context-switch-server2-extra] + NPNProtocols = bar + +-[7-npn-with-sni-context-switch-client-extra] ++[9-npn-with-sni-context-switch-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[8-npn-selected-sni-server-supports-npn] +-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl ++[10-npn-selected-sni-server-supports-npn] ++ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl + +-[8-npn-selected-sni-server-supports-npn-ssl] +-server = 8-npn-selected-sni-server-supports-npn-server +-client = 8-npn-selected-sni-server-supports-npn-client +-server2 = 8-npn-selected-sni-server-supports-npn-server2 ++[10-npn-selected-sni-server-supports-npn-ssl] ++server = 10-npn-selected-sni-server-supports-npn-server ++client = 10-npn-selected-sni-server-supports-npn-client ++server2 = 10-npn-selected-sni-server-supports-npn-server2 + +-[8-npn-selected-sni-server-supports-npn-server] ++[10-npn-selected-sni-server-supports-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[8-npn-selected-sni-server-supports-npn-server2] ++[10-npn-selected-sni-server-supports-npn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[8-npn-selected-sni-server-supports-npn-client] ++[10-npn-selected-sni-server-supports-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-8] ++[test-10] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 8-npn-selected-sni-server-supports-npn-server-extra +-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +-client = 8-npn-selected-sni-server-supports-npn-client-extra ++server = 10-npn-selected-sni-server-supports-npn-server-extra ++server2 = 10-npn-selected-sni-server-supports-npn-server2-extra ++client = 10-npn-selected-sni-server-supports-npn-client-extra + +-[8-npn-selected-sni-server-supports-npn-server-extra] ++[10-npn-selected-sni-server-supports-npn-server-extra] + ServerNameCallback = IgnoreMismatch + +-[8-npn-selected-sni-server-supports-npn-server2-extra] ++[10-npn-selected-sni-server-supports-npn-server2-extra] + NPNProtocols = bar + +-[8-npn-selected-sni-server-supports-npn-client-extra] ++[10-npn-selected-sni-server-supports-npn-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[9-npn-selected-sni-server-does-not-support-npn] +-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl ++[11-npn-selected-sni-server-does-not-support-npn] ++ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl + +-[9-npn-selected-sni-server-does-not-support-npn-ssl] +-server = 9-npn-selected-sni-server-does-not-support-npn-server +-client = 9-npn-selected-sni-server-does-not-support-npn-client +-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 ++[11-npn-selected-sni-server-does-not-support-npn-ssl] ++server = 11-npn-selected-sni-server-does-not-support-npn-server ++client = 11-npn-selected-sni-server-does-not-support-npn-client ++server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 + +-[9-npn-selected-sni-server-does-not-support-npn-server] ++[11-npn-selected-sni-server-does-not-support-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[9-npn-selected-sni-server-does-not-support-npn-server2] ++[11-npn-selected-sni-server-does-not-support-npn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[9-npn-selected-sni-server-does-not-support-npn-client] ++[11-npn-selected-sni-server-does-not-support-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-9] ++[test-11] + ExpectedServerName = server2 +-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra ++server = 11-npn-selected-sni-server-does-not-support-npn-server-extra ++client = 11-npn-selected-sni-server-does-not-support-npn-client-extra + +-[9-npn-selected-sni-server-does-not-support-npn-server-extra] ++[11-npn-selected-sni-server-does-not-support-npn-server-extra] + NPNProtocols = bar + ServerNameCallback = IgnoreMismatch + +-[9-npn-selected-sni-server-does-not-support-npn-client-extra] ++[11-npn-selected-sni-server-does-not-support-npn-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[10-alpn-preferred-over-npn] +-ssl_conf = 10-alpn-preferred-over-npn-ssl ++[12-alpn-preferred-over-npn] ++ssl_conf = 12-alpn-preferred-over-npn-ssl + +-[10-alpn-preferred-over-npn-ssl] +-server = 10-alpn-preferred-over-npn-server +-client = 10-alpn-preferred-over-npn-client ++[12-alpn-preferred-over-npn-ssl] ++server = 12-alpn-preferred-over-npn-server ++client = 12-alpn-preferred-over-npn-client + +-[10-alpn-preferred-over-npn-server] ++[12-alpn-preferred-over-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[10-alpn-preferred-over-npn-client] ++[12-alpn-preferred-over-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-10] ++[test-12] + ExpectedALPNProtocol = foo +-server = 10-alpn-preferred-over-npn-server-extra +-client = 10-alpn-preferred-over-npn-client-extra ++server = 12-alpn-preferred-over-npn-server-extra ++client = 12-alpn-preferred-over-npn-client-extra + +-[10-alpn-preferred-over-npn-server-extra] ++[12-alpn-preferred-over-npn-server-extra] + ALPNProtocols = foo + NPNProtocols = bar + +-[10-alpn-preferred-over-npn-client-extra] ++[12-alpn-preferred-over-npn-client-extra] + ALPNProtocols = foo + NPNProtocols = bar + + + # =========================================================== + +-[11-sni-npn-preferred-over-alpn] +-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl ++[13-sni-npn-preferred-over-alpn] ++ssl_conf = 13-sni-npn-preferred-over-alpn-ssl + +-[11-sni-npn-preferred-over-alpn-ssl] +-server = 11-sni-npn-preferred-over-alpn-server +-client = 11-sni-npn-preferred-over-alpn-client +-server2 = 11-sni-npn-preferred-over-alpn-server2 ++[13-sni-npn-preferred-over-alpn-ssl] ++server = 13-sni-npn-preferred-over-alpn-server ++client = 13-sni-npn-preferred-over-alpn-client ++server2 = 13-sni-npn-preferred-over-alpn-server2 + +-[11-sni-npn-preferred-over-alpn-server] ++[13-sni-npn-preferred-over-alpn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[11-sni-npn-preferred-over-alpn-server2] ++[13-sni-npn-preferred-over-alpn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[11-sni-npn-preferred-over-alpn-client] ++[13-sni-npn-preferred-over-alpn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-11] ++[test-13] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 11-sni-npn-preferred-over-alpn-server-extra +-server2 = 11-sni-npn-preferred-over-alpn-server2-extra +-client = 11-sni-npn-preferred-over-alpn-client-extra ++server = 13-sni-npn-preferred-over-alpn-server-extra ++server2 = 13-sni-npn-preferred-over-alpn-server2-extra ++client = 13-sni-npn-preferred-over-alpn-client-extra + +-[11-sni-npn-preferred-over-alpn-server-extra] ++[13-sni-npn-preferred-over-alpn-server-extra] + ALPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[11-sni-npn-preferred-over-alpn-server2-extra] ++[13-sni-npn-preferred-over-alpn-server2-extra] + NPNProtocols = bar + +-[11-sni-npn-preferred-over-alpn-client-extra] ++[13-sni-npn-preferred-over-alpn-client-extra] + ALPNProtocols = foo + NPNProtocols = bar + ServerName = server2 +@@ -460,356 +527,356 @@ ServerName = server2 + + # =========================================================== + +-[12-npn-simple-resumption] +-ssl_conf = 12-npn-simple-resumption-ssl ++[14-npn-simple-resumption] ++ssl_conf = 14-npn-simple-resumption-ssl + +-[12-npn-simple-resumption-ssl] +-server = 12-npn-simple-resumption-server +-client = 12-npn-simple-resumption-client +-resume-server = 12-npn-simple-resumption-server +-resume-client = 12-npn-simple-resumption-client ++[14-npn-simple-resumption-ssl] ++server = 14-npn-simple-resumption-server ++client = 14-npn-simple-resumption-client ++resume-server = 14-npn-simple-resumption-server ++resume-client = 14-npn-simple-resumption-client + +-[12-npn-simple-resumption-server] ++[14-npn-simple-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[12-npn-simple-resumption-client] ++[14-npn-simple-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-12] ++[test-14] + ExpectedNPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 12-npn-simple-resumption-server-extra +-resume-server = 12-npn-simple-resumption-server-extra +-client = 12-npn-simple-resumption-client-extra +-resume-client = 12-npn-simple-resumption-client-extra ++server = 14-npn-simple-resumption-server-extra ++resume-server = 14-npn-simple-resumption-server-extra ++client = 14-npn-simple-resumption-client-extra ++resume-client = 14-npn-simple-resumption-client-extra + +-[12-npn-simple-resumption-server-extra] ++[14-npn-simple-resumption-server-extra] + NPNProtocols = foo + +-[12-npn-simple-resumption-client-extra] ++[14-npn-simple-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[13-npn-server-switch-resumption] +-ssl_conf = 13-npn-server-switch-resumption-ssl ++[15-npn-server-switch-resumption] ++ssl_conf = 15-npn-server-switch-resumption-ssl + +-[13-npn-server-switch-resumption-ssl] +-server = 13-npn-server-switch-resumption-server +-client = 13-npn-server-switch-resumption-client +-resume-server = 13-npn-server-switch-resumption-resume-server +-resume-client = 13-npn-server-switch-resumption-client ++[15-npn-server-switch-resumption-ssl] ++server = 15-npn-server-switch-resumption-server ++client = 15-npn-server-switch-resumption-client ++resume-server = 15-npn-server-switch-resumption-resume-server ++resume-client = 15-npn-server-switch-resumption-client + +-[13-npn-server-switch-resumption-server] ++[15-npn-server-switch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[13-npn-server-switch-resumption-resume-server] ++[15-npn-server-switch-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[13-npn-server-switch-resumption-client] ++[15-npn-server-switch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-13] ++[test-15] + ExpectedNPNProtocol = baz + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 13-npn-server-switch-resumption-server-extra +-resume-server = 13-npn-server-switch-resumption-resume-server-extra +-client = 13-npn-server-switch-resumption-client-extra +-resume-client = 13-npn-server-switch-resumption-client-extra ++server = 15-npn-server-switch-resumption-server-extra ++resume-server = 15-npn-server-switch-resumption-resume-server-extra ++client = 15-npn-server-switch-resumption-client-extra ++resume-client = 15-npn-server-switch-resumption-client-extra + +-[13-npn-server-switch-resumption-server-extra] ++[15-npn-server-switch-resumption-server-extra] + NPNProtocols = bar,foo + +-[13-npn-server-switch-resumption-resume-server-extra] ++[15-npn-server-switch-resumption-resume-server-extra] + NPNProtocols = baz,foo + +-[13-npn-server-switch-resumption-client-extra] ++[15-npn-server-switch-resumption-client-extra] + NPNProtocols = foo,bar,baz + + + # =========================================================== + +-[14-npn-client-switch-resumption] +-ssl_conf = 14-npn-client-switch-resumption-ssl ++[16-npn-client-switch-resumption] ++ssl_conf = 16-npn-client-switch-resumption-ssl + +-[14-npn-client-switch-resumption-ssl] +-server = 14-npn-client-switch-resumption-server +-client = 14-npn-client-switch-resumption-client +-resume-server = 14-npn-client-switch-resumption-server +-resume-client = 14-npn-client-switch-resumption-resume-client ++[16-npn-client-switch-resumption-ssl] ++server = 16-npn-client-switch-resumption-server ++client = 16-npn-client-switch-resumption-client ++resume-server = 16-npn-client-switch-resumption-server ++resume-client = 16-npn-client-switch-resumption-resume-client + +-[14-npn-client-switch-resumption-server] ++[16-npn-client-switch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[14-npn-client-switch-resumption-client] ++[16-npn-client-switch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[14-npn-client-switch-resumption-resume-client] ++[16-npn-client-switch-resumption-resume-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-14] ++[test-16] + ExpectedNPNProtocol = bar + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 14-npn-client-switch-resumption-server-extra +-resume-server = 14-npn-client-switch-resumption-server-extra +-client = 14-npn-client-switch-resumption-client-extra +-resume-client = 14-npn-client-switch-resumption-resume-client-extra ++server = 16-npn-client-switch-resumption-server-extra ++resume-server = 16-npn-client-switch-resumption-server-extra ++client = 16-npn-client-switch-resumption-client-extra ++resume-client = 16-npn-client-switch-resumption-resume-client-extra + +-[14-npn-client-switch-resumption-server-extra] ++[16-npn-client-switch-resumption-server-extra] + NPNProtocols = foo,bar,baz + +-[14-npn-client-switch-resumption-client-extra] ++[16-npn-client-switch-resumption-client-extra] + NPNProtocols = foo,baz + +-[14-npn-client-switch-resumption-resume-client-extra] ++[16-npn-client-switch-resumption-resume-client-extra] + NPNProtocols = bar,baz + + + # =========================================================== + +-[15-npn-client-first-pref-on-mismatch-resumption] +-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl ++[17-npn-client-first-pref-on-mismatch-resumption] ++ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl + +-[15-npn-client-first-pref-on-mismatch-resumption-ssl] +-server = 15-npn-client-first-pref-on-mismatch-resumption-server +-client = 15-npn-client-first-pref-on-mismatch-resumption-client +-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client ++[17-npn-client-first-pref-on-mismatch-resumption-ssl] ++server = 17-npn-client-first-pref-on-mismatch-resumption-server ++client = 17-npn-client-first-pref-on-mismatch-resumption-client ++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server ++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client + +-[15-npn-client-first-pref-on-mismatch-resumption-server] ++[17-npn-client-first-pref-on-mismatch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[15-npn-client-first-pref-on-mismatch-resumption-resume-server] ++[17-npn-client-first-pref-on-mismatch-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[15-npn-client-first-pref-on-mismatch-resumption-client] ++[17-npn-client-first-pref-on-mismatch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-15] ++[test-17] + ExpectedNPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra ++server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra ++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra ++client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra ++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra + +-[15-npn-client-first-pref-on-mismatch-resumption-server-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-server-extra] + NPNProtocols = bar + +-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] + NPNProtocols = baz + +-[15-npn-client-first-pref-on-mismatch-resumption-client-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-client-extra] + NPNProtocols = foo,bar + + + # =========================================================== + +-[16-npn-no-server-support-resumption] +-ssl_conf = 16-npn-no-server-support-resumption-ssl ++[18-npn-no-server-support-resumption] ++ssl_conf = 18-npn-no-server-support-resumption-ssl + +-[16-npn-no-server-support-resumption-ssl] +-server = 16-npn-no-server-support-resumption-server +-client = 16-npn-no-server-support-resumption-client +-resume-server = 16-npn-no-server-support-resumption-resume-server +-resume-client = 16-npn-no-server-support-resumption-client ++[18-npn-no-server-support-resumption-ssl] ++server = 18-npn-no-server-support-resumption-server ++client = 18-npn-no-server-support-resumption-client ++resume-server = 18-npn-no-server-support-resumption-resume-server ++resume-client = 18-npn-no-server-support-resumption-client + +-[16-npn-no-server-support-resumption-server] ++[18-npn-no-server-support-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[16-npn-no-server-support-resumption-resume-server] ++[18-npn-no-server-support-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[16-npn-no-server-support-resumption-client] ++[18-npn-no-server-support-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-16] ++[test-18] + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 16-npn-no-server-support-resumption-server-extra +-client = 16-npn-no-server-support-resumption-client-extra +-resume-client = 16-npn-no-server-support-resumption-client-extra ++server = 18-npn-no-server-support-resumption-server-extra ++client = 18-npn-no-server-support-resumption-client-extra ++resume-client = 18-npn-no-server-support-resumption-client-extra + +-[16-npn-no-server-support-resumption-server-extra] ++[18-npn-no-server-support-resumption-server-extra] + NPNProtocols = foo + +-[16-npn-no-server-support-resumption-client-extra] ++[18-npn-no-server-support-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[17-npn-no-client-support-resumption] +-ssl_conf = 17-npn-no-client-support-resumption-ssl ++[19-npn-no-client-support-resumption] ++ssl_conf = 19-npn-no-client-support-resumption-ssl + +-[17-npn-no-client-support-resumption-ssl] +-server = 17-npn-no-client-support-resumption-server +-client = 17-npn-no-client-support-resumption-client +-resume-server = 17-npn-no-client-support-resumption-server +-resume-client = 17-npn-no-client-support-resumption-resume-client ++[19-npn-no-client-support-resumption-ssl] ++server = 19-npn-no-client-support-resumption-server ++client = 19-npn-no-client-support-resumption-client ++resume-server = 19-npn-no-client-support-resumption-server ++resume-client = 19-npn-no-client-support-resumption-resume-client + +-[17-npn-no-client-support-resumption-server] ++[19-npn-no-client-support-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[17-npn-no-client-support-resumption-client] ++[19-npn-no-client-support-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[17-npn-no-client-support-resumption-resume-client] ++[19-npn-no-client-support-resumption-resume-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-17] ++[test-19] + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 17-npn-no-client-support-resumption-server-extra +-resume-server = 17-npn-no-client-support-resumption-server-extra +-client = 17-npn-no-client-support-resumption-client-extra ++server = 19-npn-no-client-support-resumption-server-extra ++resume-server = 19-npn-no-client-support-resumption-server-extra ++client = 19-npn-no-client-support-resumption-client-extra + +-[17-npn-no-client-support-resumption-server-extra] ++[19-npn-no-client-support-resumption-server-extra] + NPNProtocols = foo + +-[17-npn-no-client-support-resumption-client-extra] ++[19-npn-no-client-support-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[18-alpn-preferred-over-npn-resumption] +-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl ++[20-alpn-preferred-over-npn-resumption] ++ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl + +-[18-alpn-preferred-over-npn-resumption-ssl] +-server = 18-alpn-preferred-over-npn-resumption-server +-client = 18-alpn-preferred-over-npn-resumption-client +-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +-resume-client = 18-alpn-preferred-over-npn-resumption-client ++[20-alpn-preferred-over-npn-resumption-ssl] ++server = 20-alpn-preferred-over-npn-resumption-server ++client = 20-alpn-preferred-over-npn-resumption-client ++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server ++resume-client = 20-alpn-preferred-over-npn-resumption-client + +-[18-alpn-preferred-over-npn-resumption-server] ++[20-alpn-preferred-over-npn-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[18-alpn-preferred-over-npn-resumption-resume-server] ++[20-alpn-preferred-over-npn-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[18-alpn-preferred-over-npn-resumption-client] ++[20-alpn-preferred-over-npn-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-18] ++[test-20] + ExpectedALPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 18-alpn-preferred-over-npn-resumption-server-extra +-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +-client = 18-alpn-preferred-over-npn-resumption-client-extra +-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra ++server = 20-alpn-preferred-over-npn-resumption-server-extra ++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra ++client = 20-alpn-preferred-over-npn-resumption-client-extra ++resume-client = 20-alpn-preferred-over-npn-resumption-client-extra + +-[18-alpn-preferred-over-npn-resumption-server-extra] ++[20-alpn-preferred-over-npn-resumption-server-extra] + NPNProtocols = bar + +-[18-alpn-preferred-over-npn-resumption-resume-server-extra] ++[20-alpn-preferred-over-npn-resumption-resume-server-extra] + ALPNProtocols = foo + NPNProtocols = baz + +-[18-alpn-preferred-over-npn-resumption-client-extra] ++[20-alpn-preferred-over-npn-resumption-client-extra] + ALPNProtocols = foo + NPNProtocols = bar,baz + + + # =========================================================== + +-[19-npn-used-if-alpn-not-supported-resumption] +-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl ++[21-npn-used-if-alpn-not-supported-resumption] ++ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl + +-[19-npn-used-if-alpn-not-supported-resumption-ssl] +-server = 19-npn-used-if-alpn-not-supported-resumption-server +-client = 19-npn-used-if-alpn-not-supported-resumption-client +-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client ++[21-npn-used-if-alpn-not-supported-resumption-ssl] ++server = 21-npn-used-if-alpn-not-supported-resumption-server ++client = 21-npn-used-if-alpn-not-supported-resumption-client ++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server ++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client + +-[19-npn-used-if-alpn-not-supported-resumption-server] ++[21-npn-used-if-alpn-not-supported-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[19-npn-used-if-alpn-not-supported-resumption-resume-server] ++[21-npn-used-if-alpn-not-supported-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[19-npn-used-if-alpn-not-supported-resumption-client] ++[21-npn-used-if-alpn-not-supported-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-19] ++[test-21] + ExpectedNPNProtocol = baz + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra ++server = 21-npn-used-if-alpn-not-supported-resumption-server-extra ++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra ++client = 21-npn-used-if-alpn-not-supported-resumption-client-extra ++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra + +-[19-npn-used-if-alpn-not-supported-resumption-server-extra] ++[21-npn-used-if-alpn-not-supported-resumption-server-extra] + ALPNProtocols = foo + NPNProtocols = bar + +-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] ++[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] + NPNProtocols = baz + +-[19-npn-used-if-alpn-not-supported-resumption-client-extra] ++[21-npn-used-if-alpn-not-supported-resumption-client-extra] + ALPNProtocols = foo + NPNProtocols = bar,baz + +diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in +index 30783e4..1dc2704 100644 +--- a/test/ssl-tests/08-npn.cnf.in ++++ b/test/ssl-tests/08-npn.cnf.in +@@ -110,6 +110,41 @@ our @tests = ( + "ExpectedNPNProtocol" => undef, + }, + }, ++ { ++ name => "npn-empty-client-list", ++ server => { ++ extra => { ++ "NPNProtocols" => "foo", ++ }, ++ }, ++ client => { ++ extra => { ++ "NPNProtocols" => "", ++ }, ++ "MaxProtocol" => "TLSv1.2" ++ }, ++ test => { ++ "ExpectedResult" => "ClientFail", ++ "ExpectedClientAlert" => "HandshakeFailure" ++ }, ++ }, ++ { ++ name => "npn-empty-server-list", ++ server => { ++ extra => { ++ "NPNProtocols" => "", ++ }, ++ }, ++ client => { ++ extra => { ++ "NPNProtocols" => "foo", ++ }, ++ "MaxProtocol" => "TLSv1.2" ++ }, ++ test => { ++ "ExpectedNPNProtocol" => "foo" ++ }, ++ }, + { + name => "npn-with-sni-no-context-switch", + server => { +diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf +index e7e6cb9..dd66873 100644 +--- a/test/ssl-tests/09-alpn.cnf ++++ b/test/ssl-tests/09-alpn.cnf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 16 ++num_tests = 18 + + test-0 = 0-alpn-simple + test-1 = 1-alpn-server-finds-match +@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption + test-13 = 13-alpn-alert-on-mismatch-resumption + test-14 = 14-alpn-no-server-support-resumption + test-15 = 15-alpn-no-client-support-resumption ++test-16 = 16-alpn-empty-client-list ++test-17 = 17-alpn-empty-server-list + # =========================================================== + + [0-alpn-simple] +@@ -617,3 +619,65 @@ ALPNProtocols = foo + ALPNProtocols = foo + + ++# =========================================================== ++ ++[16-alpn-empty-client-list] ++ssl_conf = 16-alpn-empty-client-list-ssl ++ ++[16-alpn-empty-client-list-ssl] ++server = 16-alpn-empty-client-list-server ++client = 16-alpn-empty-client-list-client ++ ++[16-alpn-empty-client-list-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[16-alpn-empty-client-list-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-16] ++server = 16-alpn-empty-client-list-server-extra ++client = 16-alpn-empty-client-list-client-extra ++ ++[16-alpn-empty-client-list-server-extra] ++ALPNProtocols = foo ++ ++[16-alpn-empty-client-list-client-extra] ++ALPNProtocols = ++ ++ ++# =========================================================== ++ ++[17-alpn-empty-server-list] ++ssl_conf = 17-alpn-empty-server-list-ssl ++ ++[17-alpn-empty-server-list-ssl] ++server = 17-alpn-empty-server-list-server ++client = 17-alpn-empty-server-list-client ++ ++[17-alpn-empty-server-list-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[17-alpn-empty-server-list-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-17] ++ExpectedResult = ServerFail ++ExpectedServerAlert = NoApplicationProtocol ++server = 17-alpn-empty-server-list-server-extra ++client = 17-alpn-empty-server-list-client-extra ++ ++[17-alpn-empty-server-list-server-extra] ++ALPNProtocols = ++ ++[17-alpn-empty-server-list-client-extra] ++ALPNProtocols = foo ++ ++ +diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in +index 8133075..322b709 100644 +--- a/test/ssl-tests/09-alpn.cnf.in ++++ b/test/ssl-tests/09-alpn.cnf.in +@@ -322,4 +322,37 @@ our @tests = ( + "ExpectedALPNProtocol" => undef, + }, + }, ++ { ++ name => "alpn-empty-client-list", ++ server => { ++ extra => { ++ "ALPNProtocols" => "foo", ++ }, ++ }, ++ client => { ++ extra => { ++ "ALPNProtocols" => "", ++ }, ++ }, ++ test => { ++ "ExpectedALPNProtocol" => undef, ++ }, ++ }, ++ { ++ name => "alpn-empty-server-list", ++ server => { ++ extra => { ++ "ALPNProtocols" => "", ++ }, ++ }, ++ client => { ++ extra => { ++ "ALPNProtocols" => "foo", ++ }, ++ }, ++ test => { ++ "ExpectedResult" => "ServerFail", ++ "ExpectedServerAlert" => "NoApplicationProtocol", ++ }, ++ }, + ); +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch new file mode 100644 index 0000000000..7319d27bb8 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch @@ -0,0 +1,43 @@ +From 86351b8dd4c499de7a0c02313ee54966e978150f Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 21 Jun 2024 10:41:55 +0100 +Subject: [PATCH 07/10] Correct return values for + tls_construct_stoc_next_proto_neg + +Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, +rather than EXT_RETURN_SENT. This actually makes no difference at all to +the current control flow since this return value is ignored in this case +anyway. But lets make it correct anyway. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/53f5677f358c4a4f69830d944ea40e71950673b8] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + ssl/statem/extensions_srvr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c +index 64ccb3e..b821c7c 100644 +--- a/ssl/statem/extensions_srvr.c ++++ b/ssl/statem/extensions_srvr.c +@@ -1496,9 +1496,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, + return EXT_RETURN_FAIL; + } + s->s3.npn_seen = 1; ++ return EXT_RETURN_SENT; + } + +- return EXT_RETURN_SENT; ++ return EXT_RETURN_NOT_SENT; + } + #endif + +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch new file mode 100644 index 0000000000..f64938a5ca --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch @@ -0,0 +1,66 @@ +From 29f860914824cde6b0aea6ad818b93132930137f Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 21 Jun 2024 11:51:54 +0100 +Subject: [PATCH 08/10] Add ALPN validation in the client + +The ALPN protocol selected by the server must be one that we originally +advertised. We should verify that it is. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/195e15421df113d7283aab2ccff8b8fb06df5465] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c +index 1ab3c13..ff9c009 100644 +--- a/ssl/statem/extensions_clnt.c ++++ b/ssl/statem/extensions_clnt.c +@@ -1590,6 +1590,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) + { + size_t len; ++ PACKET confpkt, protpkt; ++ int valid = 0; + + /* We must have requested it. */ + if (!s->s3.alpn_sent) { +@@ -1608,6 +1610,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); + return 0; + } ++ ++ /* It must be a protocol that we sent */ ++ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { ++ if (PACKET_remaining(&protpkt) != len) ++ continue; ++ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { ++ /* Valid protocol found */ ++ valid = 1; ++ break; ++ } ++ } ++ ++ if (!valid) { ++ /* The protocol sent from the server does not match one we advertised */ ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); ++ return 0; ++ } ++ + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_malloc(len); + if (s->s3.alpn_selected == NULL) { +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch new file mode 100644 index 0000000000..fb1cef5067 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch @@ -0,0 +1,271 @@ +From 6a5484b0d3fcf9a868c7e3e5b62e5eedc90b6080 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 21 Jun 2024 10:09:41 +0100 +Subject: [PATCH 09/10] Add explicit testing of ALN and NPN in sslapitest + +We already had some tests elsewhere - but this extends that testing with +additional tests. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24717) + +Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/7c95191434415d1c9b7fe9b130df13cce630b6b5] +CVE: CVE-2024-5535 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + test/sslapitest.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 229 insertions(+) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 15cb906..7a55a2b 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -11877,6 +11877,231 @@ static int test_select_next_proto(int idx) + return ret; + } + ++static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; ++static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; ++ ++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) ++static int npn_advert_cb(SSL *ssl, const unsigned char **out, ++ unsigned int *outlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ default: ++ case 0: ++ *out = fooprot; ++ *outlen = sizeof(fooprot); ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 1: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 2: ++ return SSL_TLSEXT_ERR_NOACK; ++ } ++} ++ ++static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ case 0: ++ case 1: ++ *out = (unsigned char *)(fooprot + 1); ++ *outlen = *fooprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 3: ++ *out = (unsigned char *)(barprot + 1); ++ *outlen = *barprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 4: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ default: ++ case 2: ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++} ++ ++/* ++ * Test the NPN callbacks ++ * Test 0: advert = foo, select = foo ++ * Test 1: advert = <empty>, select = foo ++ * Test 2: no advert ++ * Test 3: advert = foo, select = bar ++ * Test 4: advert = foo, select = <empty> (should fail) ++ */ ++static int test_npn(int idx) ++{ ++ SSL_CTX *sctx = NULL, *cctx = NULL; ++ SSL *serverssl = NULL, *clientssl = NULL; ++ int testresult = 0; ++ ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), ++ TLS_client_method(), 0, TLS1_2_VERSION, ++ &sctx, &cctx, cert, privkey))) ++ goto end; ++ ++ SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); ++ SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, ++ NULL))) ++ goto end; ++ ++ if (idx == 4) { ++ /* We don't allow empty selection of NPN, so this should fail */ ++ if (!TEST_false(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ } else { ++ const unsigned char *prot; ++ unsigned int protlen; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); ++ switch (idx) { ++ case 0: ++ case 1: ++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) ++ goto end; ++ break; ++ case 2: ++ if (!TEST_uint_eq(protlen, 0)) ++ goto end; ++ break; ++ case 3: ++ if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot)) ++ goto end; ++ break; ++ default: ++ TEST_error("Should not get here"); ++ goto end; ++ } ++ } ++ ++ testresult = 1; ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++} ++#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ ++ ++static int alpn_select_cb2(SSL *ssl, const unsigned char **out, ++ unsigned char *outlen, const unsigned char *in, ++ unsigned int inlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ case 0: ++ *out = (unsigned char *)(fooprot + 1); ++ *outlen = *fooprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 2: ++ *out = (unsigned char *)(barprot + 1); ++ *outlen = *barprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 3: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ default: ++ case 1: ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++ return 0; ++} ++ ++/* ++ * Test the ALPN callbacks ++ * Test 0: client = foo, select = foo ++ * Test 1: client = <empty>, select = none ++ * Test 2: client = foo, select = bar (should fail) ++ * Test 3: client = foo, select = <empty> (should fail) ++ */ ++static int test_alpn(int idx) ++{ ++ SSL_CTX *sctx = NULL, *cctx = NULL; ++ SSL *serverssl = NULL, *clientssl = NULL; ++ int testresult = 0; ++ const unsigned char *prots = fooprot; ++ unsigned int protslen = sizeof(fooprot); ++ ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), ++ TLS_client_method(), 0, 0, ++ &sctx, &cctx, cert, privkey))) ++ goto end; ++ ++ SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, ++ NULL))) ++ goto end; ++ ++ if (idx == 1) { ++ prots = NULL; ++ protslen = 0; ++ } ++ ++ /* SSL_set_alpn_protos returns 0 for success! */ ++ if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen))) ++ goto end; ++ ++ if (idx == 2 || idx == 3) { ++ /* We don't allow empty selection of NPN, so this should fail */ ++ if (!TEST_false(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ } else { ++ const unsigned char *prot; ++ unsigned int protlen; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ SSL_get0_alpn_selected(clientssl, &prot, &protlen); ++ switch (idx) { ++ case 0: ++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) ++ goto end; ++ break; ++ case 1: ++ if (!TEST_uint_eq(protlen, 0)) ++ goto end; ++ break; ++ default: ++ TEST_error("Should not get here"); ++ goto end; ++ } ++ } ++ ++ testresult = 1; ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") + + int setup_tests(void) +@@ -12190,6 +12415,10 @@ int setup_tests(void) + ADD_TEST(test_data_retry); + ADD_ALL_TESTS(test_multi_resume, 5); + ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); ++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ADD_ALL_TESTS(test_npn, 5); ++#endif ++ ADD_ALL_TESTS(test_alpn, 4); + return 1; + + err: +-- +2.44.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/bti.patch b/poky/meta/recipes-connectivity/openssl/openssl/bti.patch deleted file mode 100644 index 748576c30c..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/bti.patch +++ /dev/null @@ -1,58 +0,0 @@ -From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 -From: Tom Cosgrove <tom.cosgrove@arm.com> -Date: Tue, 26 Mar 2024 13:18:00 +0000 -Subject: [PATCH] aarch64: fix BTI in bsaes assembly code - -In Arm systems where BTI is enabled but the Crypto extensions are not (more -likely in FVPs than in real hardware), the bit-sliced assembler code will -be used. However, this wasn't annotated with BTI instructions when BTI was -enabled, so the moment libssl jumps into this code it (correctly) aborts. - -Solve this by adding the missing BTI landing pads. - -Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - crypto/aes/asm/bsaes-armv8.pl | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl -index b3c97e439f..c3c5ff3e05 100644 ---- a/crypto/aes/asm/bsaes-armv8.pl -+++ b/crypto/aes/asm/bsaes-armv8.pl -@@ -1018,6 +1018,7 @@ _bsaes_key_convert: - // Initialisation vector overwritten with last quadword of ciphertext - // No output registers, usual AAPCS64 register preservation - ossl_bsaes_cbc_encrypt: -+ AARCH64_VALID_CALL_TARGET - cmp x2, #128 - bhs .Lcbc_do_bsaes - b AES_cbc_encrypt -@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: - // Output text filled in - // No output registers, usual AAPCS64 register preservation - ossl_bsaes_ctr32_encrypt_blocks: -- -+ AARCH64_VALID_CALL_TARGET - cmp x2, #8 // use plain AES for - blo .Lctr_enc_short // small sizes - -@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: - // Output ciphertext filled in - // No output registers, usual AAPCS64 register preservation - ossl_bsaes_xts_encrypt: -+ AARCH64_VALID_CALL_TARGET - // Stack layout: - // sp -> - // nrounds*128-96 bytes: key schedule -@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: - // Output plaintext filled in - // No output registers, usual AAPCS64 register preservation - ossl_bsaes_xts_decrypt: -+ AARCH64_VALID_CALL_TARGET - // Stack layout: - // sp -> - // nrounds*128-96 bytes: key schedule --- -2.34.1 - diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.2.2.bb index d37b68abbb..3242dd69c6 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.2.2.bb @@ -12,15 +12,23 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ - file://bti.patch \ - file://CVE-2024-2511.patch \ + file://CVE-2024-5535_1.patch \ + file://CVE-2024-5535_2.patch \ + file://CVE-2024-5535_3.patch \ + file://CVE-2024-5535_4.patch \ + file://CVE-2024-5535_5.patch \ + file://CVE-2024-5535_6.patch \ + file://CVE-2024-5535_7.patch \ + file://CVE-2024-5535_8.patch \ + file://CVE-2024-5535_9.patch \ + file://CVE-2024-5535_10.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39" +SRC_URI[sha256sum] = "197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.5.0.bb index 4b052f8ed9..5f0c75de83 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.5.0.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.5.0.bb @@ -5,7 +5,7 @@ SECTION = "console/network" HOMEPAGE = "http://samba.org/ppp/" BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" DEPENDS = "libpcap openssl virtual/crypt" -LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD" +LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ diff --git a/poky/meta/recipes-core/base-files/base-files/profile b/poky/meta/recipes-core/base-files/base-files/profile index bded3757cc..5e8393c91c 100644 --- a/poky/meta/recipes-core/base-files/base-files/profile +++ b/poky/meta/recipes-core/base-files/base-files/profile @@ -58,7 +58,7 @@ resize() { fi # only do this for /dev/tty[A-z] which are typically # serial ports - if [ $FIRSTTIMESETUP -eq 1 -a $SHLVL -eq 1 ] ; then + if [ $FIRSTTIMESETUP -eq 1 -a ${SHLVL:-1} -eq 1 ] ; then case $(tty 2>/dev/null) in /dev/tty[A-z]*) resize >/dev/null;; esac diff --git a/poky/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/poky/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch index 4635250170..ceb3ad7250 100644 --- a/poky/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch +++ b/poky/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch @@ -5,7 +5,7 @@ Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are returned for the hostname part CVE: CVE-2022-28391 -Upstream-Status: Pending +Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15001] Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- diff --git a/poky/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/poky/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch index 0d7409ddc3..1dbc3388a4 100644 --- a/poky/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch +++ b/poky/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch @@ -8,7 +8,7 @@ Otherwise, terminal sequences can be injected, which enables various terminal in attacks from DNS results. CVE: CVE-2022-28391 -Upstream-Status: Pending +Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15001] Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- diff --git a/poky/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch b/poky/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch index 97a6357ab9..66f9a716c9 100644 --- a/poky/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch +++ b/poky/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch @@ -1,7 +1,4 @@ -From 7cb2d20cfa2a27191255031d231cd41917dcffe8 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Mon, 26 Dec 2016 16:10:35 +0800 -Subject: [PATCH] local.mk: fix cross compiling problem +Subject: local.mk: fix cross compiling problem We meet the following error when cross compiling. | Makefile:3418: *** Recursive variable 'INSTALL' references itself (eventually). Stop. @@ -15,12 +12,15 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/local.mk b/src/local.mk -index 96ee941..cdd47d6 100644 +index 36dfa4e..c5898cc 100644 --- a/src/local.mk +++ b/src/local.mk -@@ -704,4 +704,4 @@ cu_install_program = @INSTALL@ +@@ -649,4 +649,4 @@ cu_install_program = @INSTALL_PROGRAM@ else cu_install_program = src/ginstall endif -INSTALL = $(cu_install_program) -c +INSTALL_PROGRAM = $(cu_install_program) +-- +2.1.0 + diff --git a/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch new file mode 100644 index 0000000000..e6c84be3c4 --- /dev/null +++ b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch @@ -0,0 +1,38 @@ +From 67c298c36f69b6906840b7584be06b7b5f33f829 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Tue, 16 Jan 2024 17:21:08 -0800 +Subject: [PATCH] posixtm: pacify clang 18 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem reported by Khem Raj in: +https://lists.gnu.org/r/bug-gnulib/2024-01/msg00045.html +* lib/posixtm.c (posixtime): Pacify clang 18 by converting bool to int. +Arguably this is a bug in draft C2x, since the non-pointer args to +ckd_add should promote just like any other expressions do; +but that’s not clang’s fault. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-gnulib/2024-01/msg00046.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + ChangeLog | 10 ++++++++++ + lib/posixtm.c | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/posixtm.c b/lib/posixtm.c +index ef9f55f873..a072c7cad0 100644 +--- a/lib/posixtm.c ++++ b/lib/posixtm.c +@@ -191,7 +191,7 @@ posixtime (time_t *p, const char *s, unsigned int syntax_bits) + | (tm0.tm_min ^ tm1.tm_min) + | (tm0.tm_sec ^ tm1.tm_sec))) + { +- if (ckd_add (&t, t, leapsec)) ++ if (ckd_add (&t, t, +leapsec)) + return false; + *p = t; + return true; +-- +2.43.0 + diff --git a/poky/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch b/poky/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch new file mode 100644 index 0000000000..0c68e2dce0 --- /dev/null +++ b/poky/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch @@ -0,0 +1,39 @@ +From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Tue, 16 Jan 2024 13:48:32 -0800 +Subject: [PATCH 1/1] split: do not shrink hold buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +* src/split.c (line_bytes_split): Do not shrink hold buffer. +If it’s large for this batch it’s likely to be large for the next +batch, and for ‘split’ it’s not worth the complexity/CPU hassle to +shrink it. Do not assume hold_size can be bufsize. + +CVE: CVE-2024-0684 +Upstream-Status: Backport [https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9] +Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> +--- + src/split.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/split.c b/src/split.c +index 64020c859..037960a59 100644 +--- a/src/split.c ++++ b/src/split.c +@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize) + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xirealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */ +-- +2.11.4.GIT + + diff --git a/poky/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch b/poky/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch index 718de0ab78..1a8a9b9983 100644 --- a/poky/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch +++ b/poky/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch @@ -1,4 +1,4 @@ -From f53ffb5b27ab7d4a4c62df00ebd6a1a6936d1709 Mon Sep 17 00:00:00 2001 +From a26530083a29eeee910bfd606ecc621acecd547a Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 3 Aug 2011 14:12:30 -0700 Subject: [PATCH] coreutils: Fix build on uclibc @@ -12,15 +12,16 @@ and make life easier for cross compilation process. Signed-off-by: Khem Raj <raj.khem@gmail.com> Upstream-Status: Inappropriate [Upstream does care for AIX while we may not] + --- m4/getloadavg.m4 | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4 -index 9d0236f..68f7c52 100644 +index 8e96965..63782a2 100644 --- a/m4/getloadavg.m4 +++ b/m4/getloadavg.m4 -@@ -46,18 +46,6 @@ if test $ac_cv_func_getloadavg != yes; then +@@ -41,18 +41,6 @@ AC_CHECK_FUNC([getloadavg], [], [LIBS="-lutil $LIBS" gl_func_getloadavg_done=yes]) fi diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.5.bb b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb index 9a5f836ebe..62ecdea6ec 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.5.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb @@ -6,7 +6,7 @@ HOMEPAGE = "http://www.gnu.org/software/coreutils/" BUGTRACKER = "http://debbugs.gnu.org/coreutils" LICENSE = "GPL-3.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ - file://src/ls.c;beginline=1;endline=15;md5=9ac94aaed7fd46fd8df7147a9e3410cb \ + file://src/ls.c;beginline=1;endline=15;md5=b720a8b317035d66c555fc6d89e3674c \ " DEPENDS = "gmp libcap" DEPENDS:class-native = "" @@ -16,9 +16,11 @@ inherit autotools gettext texinfo SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://remove-usr-local-lib-from-m4.patch \ file://0001-local.mk-fix-cross-compiling-problem.patch \ + file://0001-posixtm-pacify-clang-18.patch \ + file://CVE-2024-0684.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "cd328edeac92f6a665de9f323c93b712af1858bc2e0d88f3f7100469470a1b8a" +SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52" # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 # diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch deleted file mode 100644 index bdfbd55899..0000000000 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch +++ /dev/null @@ -1,54 +0,0 @@ -From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001 -From: Philip Withnall <pwithnall@gnome.org> -Date: Mon, 26 Feb 2024 16:55:44 +0000 -Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -PCRE2 10.43 has now introduced support for variable-length lookbehind, -so these tests now fail if GLib is built against PCRE2 10.43 or higher. - -See -https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94. - -Rather than making the tests conditional on the version of PCRE2 in use, -just remove them. They are mostly testing the PCRE2 code rather than -any code in GLib, so don’t have much value. - -This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2 -days ago. - -Signed-off-by: Philip Withnall <pwithnall@gnome.org> - -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - glib/tests/regex.c | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/glib/tests/regex.c b/glib/tests/regex.c -index 1082526292..d7a698ec67 100644 ---- a/glib/tests/regex.c -+++ b/glib/tests/regex.c -@@ -1885,16 +1885,6 @@ test_lookbehind (void) - g_match_info_free (match); - g_regex_unref (regex); - -- regex = g_regex_new ("(?<!dogs?|cats?) x", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); -- g_assert (regex == NULL); -- g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND); -- g_clear_error (&error); -- -- regex = g_regex_new ("(?<=ab(c|de)) foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); -- g_assert (regex == NULL); -- g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND); -- g_clear_error (&error); -- - regex = g_regex_new ("(?<=abc|abde)foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); - g_assert (regex); - g_assert_no_error (error); --- -GitLab - - diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index b1669ead75..1a4278b1bc 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -16,14 +16,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \ file://memory-monitor.patch \ - file://fix-regex.patch \ file://skip-timeout.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "24b8e0672dca120cc32d394bccb85844e732e04fe75d18bb0573b2dbc7548f63" +SRC_URI[sha256sum] = "244854654dd82c7ebcb2f8e246156d2a05eb9cd1ad07ed7a779659b4602c9fae" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. diff --git a/poky/meta/recipes-core/glibc/glibc-common.inc b/poky/meta/recipes-core/glibc/glibc-common.inc index b9516e77f0..91a3f5bcd5 100644 --- a/poky/meta/recipes-core/glibc/glibc-common.inc +++ b/poky/meta/recipes-core/glibc/glibc-common.inc @@ -2,7 +2,7 @@ SUMMARY = "GLIBC (GNU C Library)" DESCRIPTION = "The GNU C Library is used as the system C library in most systems with the Linux kernel." HOMEPAGE = "http://www.gnu.org/software/libc/libc.html" SECTION = "libs" -LICENSE = "GPL-2.0-only & LGPL-2.1-only" +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later" LIC_FILES_CHKSUM ?= "file://LICENSES;md5=f77e878d320e99e94ae9a4aea7f491d1 \ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 618a574566..1e4a323d64 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.39/master" PV = "2.39+git" -SRCREV_glibc ?= "1b9c1a0047fb26a65a9b2a7b8cd977243f7d353c" +SRCREV_glibc ?= "273a835fe7c685cc54266bb8b502787bad5e9bae" SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/poky/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/poky/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch index 066c3b1ea2..9bdfa76318 100644 --- a/poky/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch +++ b/poky/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch @@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [ OE-Specific ] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - sysdeps/aarch64/bits/wordsize.h | 8 ++++++-- - sysdeps/arm/bits/wordsize.h | 1 + - 2 files changed, 7 insertions(+), 2 deletions(-) - create mode 120000 sysdeps/arm/bits/wordsize.h + sysdeps/aarch64/bits/wordsize.h | 11 +++++++++-- + sysdeps/arm/bits/wordsize.h | 22 +--------------------- + 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h -index 118e59172d..b4b0692eb5 100644 +index 118e59172d..ff86359fe8 100644 --- a/sysdeps/aarch64/bits/wordsize.h +++ b/sysdeps/aarch64/bits/wordsize.h -@@ -17,12 +17,16 @@ +@@ -17,12 +17,19 @@ License along with the GNU C Library; if not, see <https://www.gnu.org/licenses/>. */ @@ -33,12 +32,42 @@ index 118e59172d..b4b0692eb5 100644 # define __WORDSIZE32_SIZE_ULONG 1 # define __WORDSIZE32_PTRDIFF_LONG 1 +#else -+# define __WORDSIZE 32 -+# define __WORDSIZE32_SIZE_ULONG 0 -+# define __WORDSIZE32_PTRDIFF_LONG 0 ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 #endif ++#ifdef __aarch64__ #define __WORDSIZE_TIME64_COMPAT32 0 ++#endif +diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h +deleted file mode 100644 +index 6ecbfe7c86..0000000000 +--- a/sysdeps/arm/bits/wordsize.h ++++ /dev/null +@@ -1,21 +0,0 @@ +-/* Copyright (C) 1999-2024 Free Software Foundation, Inc. +- This file is part of the GNU C Library. +- +- The GNU C Library is free software; you can redistribute it and/or +- modify it under the terms of the GNU Lesser General Public +- License as published by the Free Software Foundation; either +- version 2.1 of the License, or (at your option) any later version. +- +- The GNU C Library is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public +- License along with the GNU C Library; if not, see +- <https://www.gnu.org/licenses/>. */ +- +-#define __WORDSIZE 32 +-#define __WORDSIZE_TIME64_COMPAT32 1 +-#define __WORDSIZE32_SIZE_ULONG 0 +-#define __WORDSIZE32_PTRDIFF_LONG 0 diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h new file mode 120000 index 0000000000..4c4a788ec2 diff --git a/poky/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch b/poky/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch deleted file mode 100644 index f6523c5498..0000000000 --- a/poky/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 73c26018ed0ecd9c807bb363cc2c2ab4aca66a82 Mon Sep 17 00:00:00 2001 -From: Szabolcs Nagy <szabolcs.nagy@arm.com> -Date: Wed, 13 Mar 2024 14:34:14 +0000 -Subject: [PATCH] aarch64: fix check for SVE support in assembler - -Due to GCC bug 110901 -mcpu can override -march setting when compiling -asm code and thus a compiler targetting a specific cpu can fail the -configure check even when binutils gas supports SVE. - -The workaround is that explicit .arch directive overrides both -mcpu -and -march, and since that's what the actual SVE memcpy uses the -configure check should use that too even if the GCC issue is fixed -independently. - -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=73c26018ed0ecd9c807bb363cc2c2ab4aca66a82] -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Reviewed-by: Florian Weimer <fweimer@redhat.com> ---- - sysdeps/aarch64/configure | 5 +++-- - sysdeps/aarch64/configure.ac | 5 +++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - mode change 100644 => 100755 sysdeps/aarch64/configure - -diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure -old mode 100644 -new mode 100755 -index ca57edce47..9606137e8d ---- a/sysdeps/aarch64/configure -+++ b/sysdeps/aarch64/configure -@@ -325,9 +325,10 @@ then : - printf %s "(cached) " >&6 - else $as_nop - cat > conftest.s <<\EOF -- ptrue p0.b -+ .arch armv8.2-a+sve -+ ptrue p0.b - EOF --if { ac_try='${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&5' -+if { ac_try='${CC-cc} -c conftest.s 1>&5' - { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 - (eval $ac_try) 2>&5 - ac_status=$? -diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac -index 27874eceb4..56d12d661d 100644 ---- a/sysdeps/aarch64/configure.ac -+++ b/sysdeps/aarch64/configure.ac -@@ -90,9 +90,10 @@ LIBC_CONFIG_VAR([aarch64-variant-pcs], [$libc_cv_aarch64_variant_pcs]) - # Check if asm support armv8.2-a+sve - AC_CACHE_CHECK([for SVE support in assembler], [libc_cv_aarch64_sve_asm], [dnl - cat > conftest.s <<\EOF -- ptrue p0.b -+ .arch armv8.2-a+sve -+ ptrue p0.b - EOF --if AC_TRY_COMMAND(${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&AS_MESSAGE_LOG_FD); then -+if AC_TRY_COMMAND(${CC-cc} -c conftest.s 1>&AS_MESSAGE_LOG_FD); then - libc_cv_aarch64_sve_asm=yes - else - libc_cv_aarch64_sve_asm=no --- -2.44.0 - diff --git a/poky/meta/recipes-core/glibc/glibc/0024-qemu-stale-process.patch b/poky/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch index c0a467fcec..c0a467fcec 100644 --- a/poky/meta/recipes-core/glibc/glibc/0024-qemu-stale-process.patch +++ b/poky/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch diff --git a/poky/meta/recipes-core/glibc/glibc_2.39.bb b/poky/meta/recipes-core/glibc/glibc_2.39.bb index 9122472689..2484ae1cd9 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.39.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.39.bb @@ -16,6 +16,10 @@ CVE_STATUS[CVE-2019-1010025] = "disputed: \ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ easier access for another. 'ASLR bypass itself is not a vulnerability.'" +CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" +CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602" +CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" + DEPENDS += "gperf-native bison-native" NATIVESDKFIXES ?= "" @@ -48,8 +52,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ - file://0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch \ - file://0024-qemu-stale-process.patch \ + file://0023-qemu-stale-process.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 4cf55519cc..bceeb4866f 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,8 +26,8 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "17723c6e34096a53fb186cc70cfc604bb30da8b9" -SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ +SRCREV ?= "5d657e0f472ce481ab62bc9ebf3d2b81c04cf3f3" +SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/poky/meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch b/poky/meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch new file mode 100644 index 0000000000..4b743f9b33 --- /dev/null +++ b/poky/meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch @@ -0,0 +1,37 @@ +From 592dcdcf243576bd2517d3da9bc18990de08e37e Mon Sep 17 00:00:00 2001 +From: Kamalesh Babulal <kamalesh.babulal@oracle.com> +Date: Mon, 27 Nov 2023 20:07:33 +0530 +Subject: [PATCH 1/1] include/Makefile: install systemd.h by default + +Install systemd.h header file by default, as we have stub and defined +versions of the systemd functions for both non-systemd and systemd +enabled configurations. This will help packagers to ship package +without systemd support (--enable-systemd=no). + +Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> +Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> + +Upstream-Status: Backport [https://github.com/libcgroup/libcgroup/commit/592dcdcf243576bd2517d3da9bc18990de08e37e] + +Signed-off-by: Adriaan Schmidt <adriaan.schmidt@siemens.com> +--- + include/Makefile.am | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/include/Makefile.am b/include/Makefile.am +index 23cebaac..4cb05529 100644 +--- a/include/Makefile.am ++++ b/include/Makefile.am +@@ -2,8 +2,4 @@ + nobase_include_HEADERS = libcgroup.h libcgroup/error.h libcgroup/init.h \ + libcgroup/groups.h libcgroup/tasks.h \ + libcgroup/iterators.h libcgroup/config.h \ +- libcgroup/log.h libcgroup/tools.h +- +-if WITH_SYSTEMD +-nobase_include_HEADERS += libcgroup/systemd.h +-endif ++ libcgroup/log.h libcgroup/tools.h libcgroup/systemd.h +-- +2.39.2 + diff --git a/poky/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb b/poky/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb index 4b4f19e36f..a1d27c7e7f 100644 --- a/poky/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb +++ b/poky/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb @@ -13,6 +13,7 @@ DEPENDS = "bison-native flex-native" DEPENDS:append:libc-musl = " fts" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ + file://0001-include-Makefile-install-systemd.h-by-default.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libcgroup/libcgroup/tags" diff --git a/poky/meta/recipes-core/libxcrypt/files/configure-c99.patch b/poky/meta/recipes-core/libxcrypt/files/configure-c99.patch new file mode 100644 index 0000000000..b77ea7af07 --- /dev/null +++ b/poky/meta/recipes-core/libxcrypt/files/configure-c99.patch @@ -0,0 +1,39 @@ +From cfe9f4d6b0a5d10a15e10e987d528c5c513a42f1 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Tue, 19 Dec 2023 11:00:11 +0100 +Subject: [PATCH] configure: Only text the makecontext signature we need + +The test/explicit-bzero.c test uses a start routine without any +arguments. There is no need for the multi-argument version. + +This avoids a build failure with glibc and future compilers. +The GNU C library declares the makecontext callback of +type void (*) (void), so no cast is needed. On other systems, +the type may be the (currently distinct) type void (*) (), +but given that this only affects the ability to execute a test, +no further machinery is added here to detect that different type. + +Upstream-Status: Submitted [https://github.com/besser82/libxcrypt/pull/178/] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + configure.ac | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 016997c..4b8afd8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -303,13 +303,11 @@ AS_IF([test $ac_cv_header_ucontext_h = yes], + #include <ucontext.h> + static int x; + static void fn1(void) {} +-static void fn2(int a, int b) { x = a - b; } + ]], [[ + ucontext_t uc1, uc2; + if (getcontext(&uc1)) return 1; + if (setcontext(&uc1)) return 1; + makecontext(&uc1, fn1, 0); +- makecontext(&uc2, fn2, 2, 1, 1); + if (swapcontext(&uc1, &uc2)) return 1; + return x; + ]])], diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index ba93d91aef..ee6875aa05 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -13,7 +13,8 @@ SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol= SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf" SRCBRANCH ?= "master" -SRC_URI += "file://fix_cflags_handling.patch" +SRC_URI += "file://fix_cflags_handling.patch \ + file://configure-c99.patch" PROVIDES = "virtual/crypt" diff --git a/poky/meta/recipes-core/libxml/libxml2_2.12.6.bb b/poky/meta/recipes-core/libxml/libxml2_2.12.8.bb index 14fcff7fa4..fb103f0273 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.12.6.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.12.8.bb @@ -20,7 +20,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ " -SRC_URI[archive.sha256sum] = "889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb" +SRC_URI[archive.sha256sum] = "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780 diff --git a/poky/meta/recipes-core/ncurses/files/CVE-2023-45918.patch b/poky/meta/recipes-core/ncurses/files/CVE-2023-45918.patch new file mode 100644 index 0000000000..fbdae49a61 --- /dev/null +++ b/poky/meta/recipes-core/ncurses/files/CVE-2023-45918.patch @@ -0,0 +1,180 @@ +From bcf02d3242f1c7d57224a95f7903fcf4b5e7695d Mon Sep 17 00:00:00 2001 +From: Thomas E. Dickey <dickey@invisible-island.net> +Date: Fri, 16 Jun 2023 02:54:29 +0530 +Subject: [PATCH] Fix CVE-2023-45918 + +CVE: CVE-2023-45918 + +Upstream-Status: Backport [https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=bcf02d3242f1c7d57224a95f7903fcf4b5e7695d] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + ncurses/tinfo/comp_error.c | 15 ++++++--- + ncurses/tinfo/read_entry.c | 65 ++++++++++++++++++++++++++------------ + 2 files changed, 56 insertions(+), 24 deletions(-) + +diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c +index 48f48784..ee518e28 100644 +--- a/ncurses/tinfo/comp_error.c ++++ b/ncurses/tinfo/comp_error.c +@@ -60,8 +60,15 @@ _nc_get_source(void) + NCURSES_EXPORT(void) + _nc_set_source(const char *const name) + { +- FreeIfNeeded(SourceName); +- SourceName = strdup(name); ++ if (name == NULL) { ++ free(SourceName); ++ SourceName = NULL; ++ } else if (SourceName == NULL) { ++ SourceName = strdup(name); ++ } else if (strcmp(name, SourceName)) { ++ free(SourceName); ++ SourceName = strdup(name); ++ } + } + + NCURSES_EXPORT(void) +@@ -95,9 +102,9 @@ static NCURSES_INLINE void + where_is_problem(void) + { + fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?"); +- if (_nc_curr_line >= 0) ++ if (_nc_curr_line > 0) + fprintf(stderr, ", line %d", _nc_curr_line); +- if (_nc_curr_col >= 0) ++ if (_nc_curr_col > 0) + fprintf(stderr, ", col %d", _nc_curr_col); + if (TermType != 0 && TermType[0] != '\0') + fprintf(stderr, ", terminal '%s'", TermType); +diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c +index 341337d2..b0c3ad26 100644 +--- a/ncurses/tinfo/read_entry.c ++++ b/ncurses/tinfo/read_entry.c +@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count) + } + #endif + +-static void +-convert_strings(char *buf, char **Strings, int count, int size, char *table) ++static bool ++convert_strings(char *buf, char **Strings, int count, int size, ++ char *table, bool always) + { + int i; + char *p; +- bool corrupt = FALSE; ++ bool success = TRUE; + + for (i = 0; i < count; i++) { + if (IS_NEG1(buf + 2 * i)) { +@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) + TR(TRACE_DATABASE, ("Strings[%d] = %s", i, + _nc_visbuf(Strings[i]))); + } else { +- if (!corrupt) { +- corrupt = TRUE; +- TR(TRACE_DATABASE, +- ("ignore out-of-range index %d to Strings[]", nn)); +- _nc_warning("corrupt data found in convert_strings"); +- } +- Strings[i] = ABSENT_STRING; ++ TR(TRACE_DATABASE, ++ ("found out-of-range index %d to Strings[%d]", nn, i)); ++ success = FALSE; ++ break; + } + } + +@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) + if (*p == '\0') + break; + /* if there is no NUL, ignore the string */ +- if (p >= table + size) ++ if (p >= table + size) { + Strings[i] = ABSENT_STRING; ++ } else if (p == Strings[i] && always) { ++ TR(TRACE_DATABASE, ++ ("found empty but required Strings[%d]", i)); ++ success = FALSE; ++ break; ++ } ++ } else if (always) { /* names are always needed */ ++ TR(TRACE_DATABASE, ++ ("found invalid but required Strings[%d]", i)); ++ success = FALSE; ++ break; + } + } ++ if (!success) { ++ _nc_warning("corrupt data found in convert_strings"); ++ } ++ return success; + } + + static int +@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) + if (Read(string_table, (unsigned) str_size) != str_size) { + returnDB(TGETENT_NO); + } +- convert_strings(buf, ptr->Strings, str_count, str_size, string_table); ++ if (!convert_strings(buf, ptr->Strings, str_count, str_size, ++ string_table, FALSE)) { ++ returnDB(TGETENT_NO); ++ } + } + #if NCURSES_XNAMES + +@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) + ("Before computing extended-string capabilities " + "str_count=%d, ext_str_count=%d", + str_count, ext_str_count)); +- convert_strings(buf, ptr->Strings + str_count, ext_str_count, +- ext_str_limit, ptr->ext_str_table); ++ if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count, ++ ext_str_limit, ptr->ext_str_table, FALSE)) { ++ returnDB(TGETENT_NO); ++ } + for (i = ext_str_count - 1; i >= 0; i--) { + TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s", + i, i + str_count, +@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) + TR(TRACE_DATABASE, + ("ext_NAMES starting @%d in extended_strings, first = %s", + base, _nc_visbuf(ptr->ext_str_table + base))); +- convert_strings(buf + (2 * ext_str_count), +- ptr->ext_Names, +- (int) need, +- ext_str_limit, ptr->ext_str_table + base); ++ if (!convert_strings(buf + (2 * ext_str_count), ++ ptr->ext_Names, ++ (int) need, ++ ext_str_limit, ptr->ext_str_table + base, ++ TRUE)) { ++ returnDB(TGETENT_NO); ++ } + } + + TR(TRACE_DATABASE, +@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr) + int limit; + char buffer[MAX_ENTRY_SIZE + 1]; + +- if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp)) +- > 0) { ++ limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp); ++ if (limit > 0) { ++ const char *old_source = _nc_get_source(); + + TR(TRACE_DATABASE, ("read terminfo %s", filename)); ++ if (old_source == NULL) ++ _nc_set_source(filename); + if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) { + _nc_free_termtype2(ptr); + } ++ _nc_set_source(old_source); + } else { + code = TGETENT_NO; + } +-- +2.40.0 diff --git a/poky/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/poky/meta/recipes-core/ncurses/files/CVE-2023-50495.patch new file mode 100644 index 0000000000..7d90ddd30f --- /dev/null +++ b/poky/meta/recipes-core/ncurses/files/CVE-2023-50495.patch @@ -0,0 +1,301 @@ +From 7daae3f2139a678fe0ae0b42fcf8d807cbff485c Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Sun, 4 Feb 2024 13:42:38 +0800 +Subject: [PATCH] parse_entry.c: check return value of _nc_save_str + +* check return value of _nc_save_str(), in special case for tic where +extended capabilities are processed but the terminal description was +not initialized (report by Ziqiao Kong). + +* regenerate llib-* files. + +CVE: CVE-2023-50495 + +Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + ncurses/llib-lncurses | 15 +++++++++++++++ + ncurses/llib-lncursest | 15 +++++++++++++++ + ncurses/llib-lncursestw | 15 +++++++++++++++ + ncurses/llib-lncursesw | 15 +++++++++++++++ + ncurses/llib-ltinfo | 15 +++++++++++++++ + ncurses/llib-ltinfot | 15 +++++++++++++++ + ncurses/llib-ltinfotw | 15 +++++++++++++++ + ncurses/llib-ltinfow | 15 +++++++++++++++ + ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++------- + 9 files changed, 136 insertions(+), 7 deletions(-) + +diff --git a/ncurses/llib-lncurses b/ncurses/llib-lncurses +index 211cf3b7..e4190aa2 100644 +--- a/ncurses/llib-lncurses ++++ b/ncurses/llib-lncurses +@@ -3656,6 +3656,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-lncursest b/ncurses/llib-lncursest +index 1b09d676..e07abba6 100644 +--- a/ncurses/llib-lncursest ++++ b/ncurses/llib-lncursest +@@ -3741,6 +3741,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw +index 4576e0fc..747c6be8 100644 +--- a/ncurses/llib-lncursestw ++++ b/ncurses/llib-lncursestw +@@ -4702,6 +4702,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw +index 127350d2..862305d9 100644 +--- a/ncurses/llib-lncursesw ++++ b/ncurses/llib-lncursesw +@@ -4617,6 +4617,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-ltinfo b/ncurses/llib-ltinfo +index a5cd7cd3..31e5e9a6 100644 +--- a/ncurses/llib-ltinfo ++++ b/ncurses/llib-ltinfo +@@ -927,6 +927,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-ltinfot b/ncurses/llib-ltinfot +index bd3de812..48e5c25a 100644 +--- a/ncurses/llib-ltinfot ++++ b/ncurses/llib-ltinfot +@@ -1003,6 +1003,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw +index 4d35a1e1..64dfdfa5 100644 +--- a/ncurses/llib-ltinfotw ++++ b/ncurses/llib-ltinfotw +@@ -1025,6 +1025,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow +index db846764..7e17a35f 100644 +--- a/ncurses/llib-ltinfow ++++ b/ncurses/llib-ltinfow +@@ -949,6 +949,21 @@ char *tiparm( + ...) + { return(*(char **)0); } + ++#undef tiparm_s ++char *tiparm_s( ++ int num_expected, ++ int tparm_type, ++ const char *string, ++ ...) ++ { return(*(char **)0); } ++ ++#undef tiscan_s ++int tiscan_s( ++ int *num_expected, ++ int *tparm_type, ++ const char *string) ++ { return(*(int *)0); } ++ + #undef _nc_tiparm + char *_nc_tiparm( + int expected, +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index 14bcb67e..0a0b5637 100644 +--- a/ncurses/tinfo/parse_entry.c ++++ b/ncurses/tinfo/parse_entry.c +@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + /* Well, we are given a cancel for a name that we don't recognize */ + return _nc_extend_names(entryp, name, STRING); + default: +- return 0; ++ return NULL; + } + + /* Adjust the 'offset' (insertion-point) to keep the lists of extended +@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + for (last = (unsigned) (max - 1); last > tindex; last--) + + if (!found) { ++ char *saved; ++ ++ if ((saved = _nc_save_str(name)) == NULL) ++ return NULL; ++ + switch (token_type) { + case BOOLEAN: + tp->ext_Booleans++; +@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + TYPE_REALLOC(char *, actual, tp->ext_Names); + while (--actual > offset) + tp->ext_Names[actual] = tp->ext_Names[actual - 1]; +- tp->ext_Names[offset] = _nc_save_str(name); ++ tp->ext_Names[offset] = saved; + } + + temp.nte_name = tp->ext_Names[offset]; +@@ -364,6 +369,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); + bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); + if (is_use || is_tc) { ++ char *saved; ++ + if (!VALID_STRING(_nc_curr_token.tk_valstring) + || _nc_curr_token.tk_valstring[0] == '\0') { + _nc_warning("missing name for use-clause"); +@@ -377,11 +384,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + _nc_curr_token.tk_valstring); + continue; + } +- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); +- entryp->uses[entryp->nuses].line = _nc_curr_line; +- entryp->nuses++; +- if (entryp->nuses > 1 && is_tc) { +- BAD_TC_USAGE ++ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) { ++ entryp->uses[entryp->nuses].name = saved; ++ entryp->uses[entryp->nuses].line = _nc_curr_line; ++ entryp->nuses++; ++ if (entryp->nuses > 1 && is_tc) { ++ BAD_TC_USAGE ++ } + } + } else { + /* normal token lookup */ +-- +2.25.1 + diff --git a/poky/meta/recipes-core/ncurses/ncurses_6.4.bb b/poky/meta/recipes-core/ncurses/ncurses_6.4.bb index 2c621525f9..97130c06d6 100644 --- a/poky/meta/recipes-core/ncurses/ncurses_6.4.bb +++ b/poky/meta/recipes-core/ncurses/ncurses_6.4.bb @@ -6,6 +6,8 @@ SRC_URI += "file://0001-tic-hang.patch \ file://exit_prototype.patch \ file://0001-Fix-CVE-2023-29491.patch \ file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \ + file://CVE-2023-50495.patch \ + file://CVE-2023-45918.patch \ " # commit id corresponds to the revision in package version SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f" diff --git a/poky/meta/recipes-core/newlib/libgloss_git.bb b/poky/meta/recipes-core/newlib/libgloss_git.bb index 7e34e33c7a..3c97a7f296 100644 --- a/poky/meta/recipes-core/newlib/libgloss_git.bb +++ b/poky/meta/recipes-core/newlib/libgloss_git.bb @@ -6,7 +6,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/libgloss:" SRC_URI:append = " file://libgloss-build-without-nostdinc.patch" SRC_URI:append:powerpc = " file://fix-rs6000-crt0.patch" -SRC_URI:append:powerpc = " file://fix-rs6000-cflags.patch" do_configure() { ${S}/libgloss/configure ${EXTRA_OECONF} diff --git a/poky/meta/recipes-core/systemd/systemd_255.4.bb b/poky/meta/recipes-core/systemd/systemd_255.4.bb index e7498c802d..f58a1bc2b6 100644 --- a/poky/meta/recipes-core/systemd/systemd_255.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_255.4.bb @@ -271,14 +271,16 @@ WATCHDOG_TIMEOUT ??= "60" do_install() { meson_do_install - # Change the root user's home directory in /lib/sysusers.d/basic.conf. - # This is done merely for backward compatibility with previous systemd recipes. - # systemd hardcodes root user's HOME to be "/root". Changing to use other values - # may have unexpected runtime behaviors. - if [ "${ROOT_HOME}" != "/root" ]; then - bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd" - sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf - fi + if ${@bb.utils.contains('PACKAGECONFIG', 'sysusers', 'true', 'false', d)}; then + # Change the root user's home directory in /lib/sysusers.d/basic.conf. + # This is done merely for backward compatibility with previous systemd recipes. + # systemd hardcodes root user's HOME to be "/root". Changing to use other values + # may have unexpected runtime behaviors. + if [ "${ROOT_HOME}" != "/root" ]; then + bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd" + sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf + fi + fi install -d ${D}/${base_sbindir} if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then # Provided by a separate recipe diff --git a/poky/meta/recipes-core/ttyrun/ttyrun_2.32.0.bb b/poky/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb index 9a8be15dab..fac11d6310 100644 --- a/poky/meta/recipes-core/ttyrun/ttyrun_2.32.0.bb +++ b/poky/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb @@ -7,7 +7,9 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=f5118f167b055bfd7c3450803f1847af" SRC_URI = "git://github.com/ibm-s390-linux/s390-tools;protocol=https;branch=master" -SRCREV = "9eea78b3ad8ab3710fb3b2d80b9cd058d7c8aba7" +SRCREV = "6f15ed326491a17d83ca60cd2bda47fb5e8a0175" + +CVE_PRODUCT = "s390-tools" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb index ba622fe716..27723c88ef 100644 --- a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb +++ b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f5354 SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master;protocol=https" SRCREV = "b8f950105010270a768aa12245d6abf166346015" +PV .= "+git" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-core/util-linux/util-linux.inc b/poky/meta/recipes-core/util-linux/util-linux.inc index d506783f9a..48520ef951 100644 --- a/poky/meta/recipes-core/util-linux/util-linux.inc +++ b/poky/meta/recipes-core/util-linux/util-linux.inc @@ -40,6 +40,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin file://avoid_parallel_tests.patch \ file://0001-login-utils-include-libgen.h-for-basename-API.patch \ file://fcntl-lock.c \ + file://CVE-2024-28085-0001.patch \ + file://CVE-2024-28085-0002.patch \ " SRC_URI[sha256sum] = "7b6605e48d1a49f43cc4b4cfc59f313d0dd5402fa40b96810bd572e167dfed0f" diff --git a/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch b/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch new file mode 100644 index 0000000000..af39931b3f --- /dev/null +++ b/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch @@ -0,0 +1,36 @@ +From 07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Wed, 17 Jan 2024 12:37:08 +0100 +Subject: [PATCH] wall: fix calloc cal [-Werror=calloc-transposed-args] + +term-utils/wall.c:143:37: error: xcalloc sizes specified with sizeof in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] + 143 | buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups); + | ^ +term-utils/wall.c:143:37: note: earlier argument should specify number of elements, later size of each element + +Signed-off-by: Karel Zak <kzak@redhat.com> + +CVE: CVE-2024-28085 + +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index 377db45..85c006a 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -135,7 +135,7 @@ static struct group_workspace *init_group_workspace(const char *group) + + buf->requested_group = get_group_gid(group); + buf->ngroups = sysconf(_SC_NGROUPS_MAX) + 1; /* room for the primary gid */ +- buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups); ++ buf->groups = xcalloc(buf->ngroups, sizeof(*buf->groups)); + + return buf; + } +-- +2.40.0 diff --git a/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch b/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch new file mode 100644 index 0000000000..a2b914d580 --- /dev/null +++ b/poky/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch @@ -0,0 +1,34 @@ +From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Thu, 21 Mar 2024 11:16:20 +0100 +Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085] + +Let's use for all cases the same output function. + +Reported-by: Skyler Ferrante <sjf5462@rit.edu> +Signed-off-by: Karel Zak <kzak@redhat.com> + +CVE: CVE-2024-28085 + +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index 85c006a..0212c03 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + int i; + + for (i = 0; i < mvecsz; i++) { +- fputs(mvec[i], fs); ++ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH); + if (i < mvecsz - 1) + fputc(' ', fs); + } +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.42.inc b/poky/meta/recipes-devtools/binutils/binutils-2.42.inc index 3b6f47d4ce..c8f526b5c7 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -20,7 +20,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier" -SRCREV ?= "553c7f61b74badf91df484450944675efd9cd485" +SRCREV ?= "cbec9028dd3fa9b49e0204f1a989cea67cae32c6" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" SRC_URI = "\ ${BINUTILS_GIT_URI} \ diff --git a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.8.bb b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.7.1.bb index 15cc7ac244..8132c2cc72 100644 --- a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.8.bb +++ b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.7.1.bb @@ -18,7 +18,7 @@ DEPENDS = "util-linux zlib" SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master;protocol=https \ file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \ " -SRCREV = "3793e987d2b4e878410da16f33d963043d137d48" +SRCREV = "60abf7a90776c2405f616182ef6129474bbcb109" S = "${WORKDIR}/git" PACKAGECONFIG ??= " \ diff --git a/poky/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb b/poky/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb index bf8be1ad0c..ca9fc5988a 100644 --- a/poky/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb +++ b/poky/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb @@ -13,20 +13,28 @@ DEPENDS += "gnu-config-native" SRC_URI = " \ ${SOURCEFORGE_MIRROR}/project/cdrtools/cdrtools-${PV}.tar.bz2 \ file://0001-Don-t-set-uid-gid-during-install.patch \ - file://riscv64-linux-gcc.rul \ + file://riscv64-linux-gcc.rul \ + file://gcc14-fix.patch \ " SRC_URI[md5sum] = "7d45c5b7e1f78d85d1583b361aee6e8b" SRC_URI[sha256sum] = "ed282eb6276c4154ce6a0b5dee0bdb81940d0cbbfc7d03f769c4735ef5f5860f" -EXTRA_OEMAKE = "-e MAKEFLAGS=" +EXTRA_OEMAKE = "-e MAKEFLAGS= CPPOPTX='${CPPFLAGS}' COPTX='${CFLAGS}' C++OPTX='${CXXFLAGS}' LDOPTX='${LDFLAGS}' GMAKE_NOWARN='true'" # Stop failures when 'cc' can't be found export ac_cv_prog_CC = "${CC}" inherit native +# Use -std=gnu89 to build with gcc-14 (https://bugs.gentoo.org/903876) +# this needs to be after native inherit (which sets CFLAGS to BUILD_CFLAGS) +CFLAGS += "-std=gnu89" + do_configure() { + # cdda2wav does not build with GCC 14 + rm -f ${S}/TARGETS/55cdda2wav + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}/autoconf install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}/autoconf install -m 0644 ${WORKDIR}/riscv64-linux-gcc.rul ${S}/RULES/ diff --git a/poky/meta/recipes-devtools/cdrtools/cdrtools/gcc14-fix.patch b/poky/meta/recipes-devtools/cdrtools/cdrtools/gcc14-fix.patch new file mode 100644 index 0000000000..ce02bb8bcf --- /dev/null +++ b/poky/meta/recipes-devtools/cdrtools/cdrtools/gcc14-fix.patch @@ -0,0 +1,13 @@ +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> +Upstream-Status: Inappropriate [native] +--- cdrtools-3.01/autoconf/configure~ 2015-07-06 23:41:27.000000000 +0200 ++++ cdrtools-3.01/autoconf/configure 2024-05-01 09:37:40.897253690 +0200 +@@ -1205,7 +1205,7 @@ + #line 1206 "configure" + #include "confdefs.h" + +-main(){return(0);} ++int main(){return(0);} + EOF + if { (eval echo configure:1211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.1.0.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.4.bb index 1f97c99bde..f498bcb655 100644 --- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.1.0.bb +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.4.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;p file://0001-include-rpm-rpmstring.h.patch \ " -SRCREV = "10a8a7af4f1de3f98a21a7d08fe3a46ef306d197" +SRCREV = "4ade5ea5c4c636f045f29a2d8d8a57241fc5d24e" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.19.2.bb b/poky/meta/recipes-devtools/dnf/dnf_4.19.0.bb index cc91dbe400..184dbea963 100644 --- a/poky/meta/recipes-devtools/dnf/dnf_4.19.2.bb +++ b/poky/meta/recipes-devtools/dnf/dnf_4.19.0.bb @@ -20,7 +20,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" -SRCREV = "9b2b2e8ddab99caba4bc8059cab4263163172e81" +SRCREV = "566a61f9d8a2830ac6dcc3a94c59224cef1c3d03" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/dpkg/dpkg.inc b/poky/meta/recipes-devtools/dpkg/dpkg.inc index 4c1d42e0af..b3e8c05d62 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg.inc +++ b/poky/meta/recipes-devtools/dpkg/dpkg.inc @@ -11,7 +11,7 @@ RDEPENDS:${PN}:class-native = "" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" -inherit autotools gettext perlnative pkgconfig perl-version update-alternatives bash-completion +inherit autotools gettext perlnative pkgconfig perl-version update-alternatives PERL:class-native = "${STAGING_BINDIR_NATIVE}/perl-native/perl" diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch index b8a8697585..52e85705fa 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch @@ -1,4 +1,4 @@ -From 21459bb8d9a997e6a92885a4ef337ede9cc5aba7 Mon Sep 17 00:00:00 2001 +From 279e4c274f5f295823cf9fa95d3ba131f6d711db Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 29 Apr 2020 22:02:23 -0700 Subject: [PATCH] Add support for riscv32 CPU @@ -11,10 +11,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 2 files changed, 2 insertions(+) diff --git a/data/cputable b/data/cputable -index 575c008e3..7a801a03a 100644 +index 9f2a8e0..1d935b1 100644 --- a/data/cputable +++ b/data/cputable -@@ -43,6 +43,7 @@ powerpc powerpc (powerpc|ppc) 32 big +@@ -41,6 +41,7 @@ powerpc powerpc (powerpc|ppc) 32 big powerpcel powerpcle powerpcle 32 little ppc64 powerpc64 (powerpc|ppc)64 64 big ppc64el powerpc64le powerpc64le 64 little @@ -23,10 +23,10 @@ index 575c008e3..7a801a03a 100644 s390 s390 s390 32 big s390x s390x s390x 64 big diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm -index fcf5b1e2a..175c9f436 100644 +index a352bbd..fa1d90b 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm -@@ -202,6 +202,7 @@ sub set_build_features { +@@ -306,6 +306,7 @@ sub _add_build_flags { powerpc ppc64 ppc64el @@ -34,3 +34,6 @@ index fcf5b1e2a..175c9f436 100644 riscv64 s390x sparc +-- +2.26.2 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0001-build.c-ignore-return-of-1-from-tar-cf.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0001-build.c-ignore-return-of-1-from-tar-cf.patch index 95a49053e8..f2367c95e9 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0001-build.c-ignore-return-of-1-from-tar-cf.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0001-build.c-ignore-return-of-1-from-tar-cf.patch @@ -1,4 +1,4 @@ -From 4c5e6c280a2ab4d2009d3264e94286f5fe244d0b Mon Sep 17 00:00:00 2001 +From e3ade3464b8a1129a55c2790cf114d9ae01e3cda Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.microsoft.com> Date: Tue, 16 Jun 2020 03:57:25 +0000 Subject: [PATCH] build.c: ignore return of 1 from tar -cf @@ -23,15 +23,16 @@ Upstream-Status: Inappropriate [OE specific] Original patch by RP 2015/3/27, rebased by Paul Eggleton Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> + --- src/deb/build.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/deb/build.c b/src/deb/build.c -index 92aba9553..6436b33da 100644 +index 76613adec..7c216d1a9 100644 --- a/src/deb/build.c +++ b/src/deb/build.c -@@ -481,6 +481,7 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, +@@ -482,6 +482,7 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, { int pipe_filenames[2], pipe_tarball[2]; pid_t pid_tar, pid_comp; @@ -39,7 +40,7 @@ index 92aba9553..6436b33da 100644 /* Fork off a tar. We will feed it a list of filenames on stdin later. */ m_pipe(pipe_filenames); -@@ -533,7 +534,9 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, +@@ -534,7 +535,9 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, /* All done, clean up wait for tar and <compress> to finish their job. */ close(pipe_filenames[1]); subproc_reap(pid_comp, _("<compress> from tar -cf"), 0); diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch index e8d8576f85..d66ab4476a 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch @@ -1,4 +1,4 @@ -From 1d192b60fc43e24e1c2d6ff452dabeee7a227cc0 Mon Sep 17 00:00:00 2001 +From a328c8bec0bf8071ae8f20fee4c7475205064ba1 Mon Sep 17 00:00:00 2001 From: sweeaun <swee.aun.khor@intel.com> Date: Sun, 10 Sep 2017 00:14:15 -0700 Subject: [PATCH] dpkg: Support muslx32 build @@ -13,10 +13,10 @@ Signed-off-by: sweeaun <swee.aun.khor@intel.com> 2 files changed, 2 insertions(+) diff --git a/data/ostable b/data/ostable -index 860355774..28779beca 100644 +index be64342..87db273 100644 --- a/data/ostable +++ b/data/ostable -@@ -21,6 +21,7 @@ base-uclibc-linux linux-uclibc linux[^-]*-uclibc +@@ -19,6 +19,7 @@ base-uclibc-linux linux-uclibc linux[^-]*-uclibc eabihf-musl-linux linux-musleabihf linux[^-]*-musleabihf eabi-musl-linux linux-musleabi linux[^-]*-musleabi base-musl-linux linux-musl linux[^-]*-musl @@ -25,14 +25,17 @@ index 860355774..28779beca 100644 eabi-gnu-linux linux-gnueabi linux[^-]*-gnueabi abin32-gnu-linux linux-gnuabin32 linux[^-]*-gnuabin32 diff --git a/data/tupletable b/data/tupletable -index 82ae3604e..707d85bdb 100644 +index 28f00bf..748ffab 100644 --- a/data/tupletable +++ b/data/tupletable -@@ -26,6 +26,7 @@ base-uclibc-linux-<cpu> uclibc-linux-<cpu> +@@ -10,6 +10,7 @@ base-uclibc-linux-<cpu> uclibc-linux-<cpu> eabihf-musl-linux-arm musl-linux-armhf eabi-musl-linux-arm musl-linux-armel base-musl-linux-<cpu> musl-linux-<cpu> +x32-musl-linux-amd64 x32 + ilp32-gnu-linux-arm64 arm64ilp32 eabihf-gnu-linux-arm armhf eabi-gnu-linux-arm armel - eabi-gnu-linux-armeb armeb +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0002-Adapt-to-linux-wrs-kernel-version-which-has-characte.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0002-Adapt-to-linux-wrs-kernel-version-which-has-characte.patch index fc097e5a66..ef5f7c3ec3 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0002-Adapt-to-linux-wrs-kernel-version-which-has-characte.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0002-Adapt-to-linux-wrs-kernel-version-which-has-characte.patch @@ -1,8 +1,8 @@ -From 0cac67ce5920d6d0c9df4278bfa77da878a8a37a Mon Sep 17 00:00:00 2001 +From b4ea54158c399874e12394ebc91afe98954695e2 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 26 Aug 2015 16:16:16 +0300 -Subject: [PATCH] Adapt to linux-wrs kernel version, which has character '_' - inside. Remove the first-char-digit-check (as the 1.15.8.5 version does). +Subject: [PATCH 2/5] Adapt to linux-wrs kernel version, which has character + '_' inside. Remove the first-char-digit-check (as the 1.15.8.5 version does). Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Constantin Musca <constantinx.musca@intel.com> @@ -32,4 +32,6 @@ index 63a36f55c..81901bd5a 100644 + if (!c_isdigit(*ptr) && !c_isalpha(*ptr) && strchr(".-+~_", *ptr) == NULL) return dpkg_put_warn(err, _("invalid character in revision number")); } - + +-- +2.11.0 diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch index 916c7dfb00..bd4d5d5353 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch @@ -1,4 +1,4 @@ -From b6c28222276704a1e1a544983e38dfa2f3fb481a Mon Sep 17 00:00:00 2001 +From ff325b35639a797edd92b373fbebf7b8b9f3f0c3 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 26 Aug 2015 16:25:45 +0300 Subject: [PATCH] Our pre/postinsts expect $D to be set when running in a @@ -11,12 +11,13 @@ RP 2011/12/07 ALIMON 2016/05/26 ALIMON 2017/02/21 KKang 2019/02/20 + --- src/main/script.c | 53 +++-------------------------------------------- 1 file changed, 3 insertions(+), 50 deletions(-) diff --git a/src/main/script.c b/src/main/script.c -index 017d92efe..181e7c710 100644 +index ecce4d842..16f4e6ff5 100644 --- a/src/main/script.c +++ b/src/main/script.c @@ -97,58 +97,11 @@ static const char * diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0004-The-lutimes-function-doesn-t-work-properly-for-all-s.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0004-The-lutimes-function-doesn-t-work-properly-for-all-s.patch index 35c0c246f6..bbd5aba418 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0004-The-lutimes-function-doesn-t-work-properly-for-all-s.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0004-The-lutimes-function-doesn-t-work-properly-for-all-s.patch @@ -1,7 +1,8 @@ -From 80ad29d22f8ca4033a6a79a726580fee17bdade9 Mon Sep 17 00:00:00 2001 +From adb6bfd0feeceaf030df0debe3343d7f73e708a0 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 26 Aug 2015 16:27:45 +0300 -Subject: [PATCH] The lutimes function doesn't work properly for all systems. +Subject: [PATCH 4/5] The lutimes function doesn't work properly for all + systems. Signed-off-by: Constantin Musca <constantinx.musca@intel.com> @@ -11,10 +12,10 @@ Upstream-Status: Inappropriate [embedded specific] 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/archives.c b/src/main/archives.c -index 7e399f922..ec3b6878f 100644 +index 92340b9..7a55c27 100644 --- a/src/main/archives.c +++ b/src/main/archives.c -@@ -491,8 +491,9 @@ tarobject_set_mtime(struct tar_entry *te, const char *path) +@@ -490,8 +490,9 @@ tarobject_set_mtime(struct tar_entry *te, const char *path) if (te->type == TAR_FILETYPE_SYMLINK) { #ifdef HAVE_LUTIMES @@ -25,3 +26,6 @@ index 7e399f922..ec3b6878f 100644 #endif } else { if (utimes(path, tv)) +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch index 8ac646b1a1..8797ea55c6 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch @@ -1,10 +1,7 @@ -From 1c9e78dda91ba66fbd8fe02b66b6c603d08d3343 Mon Sep 17 00:00:00 2001 +From f8910022dc3ec622272f168cd0022dbdf6dff93a Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 30 Dec 2015 23:05:41 +0000 Subject: [PATCH] add musleabi to known target tripets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit helps compiling dpkg for musl/arm-softfloat @@ -17,10 +14,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> 2 files changed, 2 insertions(+) diff --git a/data/ostable b/data/ostable -index 64f424490..860355774 100644 +index 99c1f889d..be6434271 100644 --- a/data/ostable +++ b/data/ostable -@@ -19,6 +19,7 @@ +@@ -17,6 +17,7 @@ eabi-uclibc-linux linux-uclibceabi linux[^-]*-uclibceabi base-uclibc-linux linux-uclibc linux[^-]*-uclibc eabihf-musl-linux linux-musleabihf linux[^-]*-musleabihf @@ -29,14 +26,17 @@ index 64f424490..860355774 100644 eabihf-gnu-linux linux-gnueabihf linux[^-]*-gnueabihf eabi-gnu-linux linux-gnueabi linux[^-]*-gnueabi diff --git a/data/tupletable b/data/tupletable -index 7436f8056..82ae3604e 100644 +index 5f500f6ca..28f00bfe6 100644 --- a/data/tupletable +++ b/data/tupletable -@@ -24,6 +24,7 @@ +@@ -8,6 +8,7 @@ eabi-uclibc-linux-arm uclibc-linux-armel base-uclibc-linux-<cpu> uclibc-linux-<cpu> eabihf-musl-linux-arm musl-linux-armhf +eabi-musl-linux-arm musl-linux-armel base-musl-linux-<cpu> musl-linux-<cpu> + ilp32-gnu-linux-arm64 arm64ilp32 eabihf-gnu-linux-arm armhf - eabi-gnu-linux-arm armel +-- +2.11.0 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch index 3d3a4f0bb9..117f9234ad 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch @@ -1,10 +1,7 @@ -From 6dd80236a91a505b5753bb74e5f1b47330d8b16b Mon Sep 17 00:00:00 2001 +From 8659eeeeda74d71e12080121f0b13a88cbdda433 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> Date: Tue, 21 Feb 2017 11:23:27 -0600 Subject: [PATCH] dpkg-deb/build.c: Remove usage of --clamp-mtime in tar -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit Recently dpkg added --clamp-mtime to tar to create reproducible build tarballs [1]. @@ -27,10 +24,10 @@ Signed-off-by: Kai Kang <kai.kang@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/build.c b/src/deb/build.c -index 1f0c050ee..92aba9553 100644 +index 5c74ff3..76613ad 100644 --- a/src/deb/build.c +++ b/src/deb/build.c -@@ -504,7 +504,7 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, +@@ -505,7 +505,7 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, command_init(&cmd, TAR, "tar -cf"); command_add_args(&cmd, "tar", "-cf", "-", "--format=gnu", @@ -39,3 +36,6 @@ index 1f0c050ee..92aba9553 100644 /* Mode might become a positional argument, pass it before -T. */ if (options->mode) command_add_args(&cmd, "--mode", options->mode, NULL); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch b/poky/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch index cbdf01dbd9..d165616a19 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch @@ -1,11 +1,5 @@ -From 1c3a109df54b6092fa85a1fe2b7771e3b959655f Mon Sep 17 00:00:00 2001 -From: "Krishnanjanappa, Jagadeesh" - <jagadeesh.krishnanjanappa@caviumnetworks.com> -Date: Wed, 8 Apr 2015 18:08:14 +0530 -Subject: [PATCH] dpkg: add triplet entry to fix build error for armeb -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Author: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com> +Date: Wed Apr 8 18:08:14 2015 +0530 [PATCH] add armeb triplet entry into triplettable. @@ -31,19 +25,24 @@ Upstream-Status: Pending Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com> Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> + --- data/tupletable | 1 + 1 file changed, 1 insertion(+) diff --git a/data/tupletable b/data/tupletable -index ae9f2ddb4..7436f8056 100644 +index b7802bec3..5f500f6ca 100644 --- a/data/tupletable +++ b/data/tupletable -@@ -27,6 +27,7 @@ eabihf-musl-linux-arm musl-linux-armhf - base-musl-linux-<cpu> musl-linux-<cpu> +@@ -12,6 +12,7 @@ base-musl-linux-<cpu> musl-linux-<cpu> + ilp32-gnu-linux-arm64 arm64ilp32 eabihf-gnu-linux-arm armhf eabi-gnu-linux-arm armel +eabi-gnu-linux-armeb armeb abin32-gnu-linux-mips64r6el mipsn32r6el abin32-gnu-linux-mips64r6 mipsn32r6 abin32-gnu-linux-mips64el mipsn32el +-- +2.11.0 + + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch b/poky/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch index df2cd88ca4..4e0d22acbb 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch @@ -1,8 +1,3 @@ -From bdf60ebbeb433a80e6cfcbde9d83d89564e79e20 Mon Sep 17 00:00:00 2001 -From: Joe Slater <jslater@windriver.com> -Date: Mon, 26 Aug 2013 23:38:45 +0000 -Subject: [PATCH] dpkg: fix configuration issue for mips64 - configure cannot determine the proper cpu, os, or architecture for mips64, and possibly other arch's because of faulty code added to Arch.pm in the latest @@ -11,15 +6,16 @@ release from upstream. We remove that code. Upstream-Status: Pending Signed-off-by: Joe Slater <jslater@windriver.com> + --- scripts/Dpkg/Arch.pm | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/Dpkg/Arch.pm b/scripts/Dpkg/Arch.pm -index 0d352eeb9..4ef5fa307 100644 +index 1720847b8..6345ce3b9 100644 --- a/scripts/Dpkg/Arch.pm +++ b/scripts/Dpkg/Arch.pm -@@ -326,9 +326,6 @@ sub _load_tupletable() +@@ -323,9 +323,6 @@ sub _load_tupletable() (my $dt = $debtuple) =~ s/<cpu>/$_cpu/; (my $da = $debarch) =~ s/<cpu>/$_cpu/; @@ -29,3 +25,5 @@ index 0d352eeb9..4ef5fa307 100644 $debarch_to_debtuple{$da} = $dt; $debtuple_to_debarch{$dt} = $da; } +-- +2.11.0 diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/noman.patch b/poky/meta/recipes-devtools/dpkg/dpkg/noman.patch index e80549d740..6900716b11 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/noman.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/noman.patch @@ -1,15 +1,11 @@ -From 008ec5150dd086ffa3940cb520f1ca91939f138d Mon Sep 17 00:00:00 2001 -From: Chris Larson <kergoth@openedhand.com> -Date: Tue, 5 Sep 2006 07:24:58 +0000 -Subject: [PATCH] Add dpkg, modified from upstream oe. - Upstream-Status: Inappropriate [disable feature] + --- Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile.am b/Makefile.am -index 7186045d4..daca9faf2 100644 +index d963a10..7cef7f5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -11,7 +11,6 @@ SUBDIRS = \ @@ -20,3 +16,6 @@ index 7186045d4..daca9faf2 100644 # EOL ACLOCAL_AMFLAGS = -I m4 +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/pager.patch b/poky/meta/recipes-devtools/dpkg/dpkg/pager.patch new file mode 100644 index 0000000000..e56b9d28af --- /dev/null +++ b/poky/meta/recipes-devtools/dpkg/dpkg/pager.patch @@ -0,0 +1,21 @@ +pager: Use less instead of pager + +pager is a Debianism. Istead use directly pager. + +Upstream-Status: Inappropriate [OE-Core integration specific] + +Suggested-by: Burton, Ross <ross.burton@intel.com> +Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com> +diff --git a/lib/dpkg/dpkg.h b/lib/dpkg/dpkg.h +index 2bb067a..6cbce80 100644 +--- a/lib/dpkg/dpkg.h ++++ b/lib/dpkg/dpkg.h +@@ -95,7 +95,7 @@ DPKG_BEGIN_DECLS + #define MAXUPDATES 250 + + #define DEFAULTSHELL "sh" +-#define DEFAULTPAGER "pager" ++#define DEFAULTPAGER "less" + + #define MD5HASHLEN 32 + #define MAXTRIGDIRECTIVE 256 diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/remove-tar-no-timestamp.patch b/poky/meta/recipes-devtools/dpkg/dpkg/remove-tar-no-timestamp.patch index 9307725e8b..ebf838ffe9 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/remove-tar-no-timestamp.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/remove-tar-no-timestamp.patch @@ -1,8 +1,4 @@ -From add92699ca1397205e1d7b46c3ab43de06b9a6c7 Mon Sep 17 00:00:00 2001 -From: Constantin Musca <constantinx.musca@intel.com> -Date: Tue, 28 Aug 2012 17:02:40 +0300 -Subject: [PATCH] busybox-1.19.4 tar utility doesn't support - --warning=no-timestamp +busybox-1.19.4 tar utility doesn't support --warning=no-timestamp Signed-off-by: Constantin Musca <constantinx.musca@intel.com> @@ -12,10 +8,10 @@ Upstream-Status: Inappropriate [configuration] 1 file changed, 1 deletion(-) diff --git a/src/deb/extract.c b/src/deb/extract.c -index 8b78a7eab..fd7595808 100644 +index a1b2dc0..95e2372 100644 --- a/src/deb/extract.c +++ b/src/deb/extract.c -@@ -338,7 +338,6 @@ extracthalf(const char *debar, const char *dir, +@@ -333,7 +333,6 @@ extracthalf(const char *debar, const char *dir, command_add_arg(&cmd, "-f"); command_add_arg(&cmd, "-"); @@ -23,3 +19,6 @@ index 8b78a7eab..fd7595808 100644 m_dup2(p2[0],0); close(p2[0]); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/dpkg/dpkg_1.22.5.bb b/poky/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb index 9f1d00e208..7eaae9f22e 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg_1.22.5.bb +++ b/poky/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb @@ -12,11 +12,12 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main file://0006-add-musleabi-to-known-target-tripets.patch \ file://0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch \ file://0001-dpkg-Support-muslx32-build.patch \ + file://pager.patch \ file://0001-Add-support-for-riscv32-CPU.patch \ " SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch" -SRCREV = "1c92a4a8bfbeea30ceb0109b096c4ec845e3c6ce" +SRCREV = "744487c98a622b9b38c22c6ca330315af4a30a11" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch b/poky/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch index af1d8c626c..bfb6dcd89a 100644 --- a/poky/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch +++ b/poky/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch @@ -3,7 +3,7 @@ From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Thu, 23 Mar 2017 13:44:41 +0200 Subject: [PATCH] Resolve string formatting issues. -Upstream-Status: Inappropriate [upstream seems dead] +Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> --- exp_clib.c | 4 ++-- diff --git a/poky/meta/recipes-devtools/expect/expect/0001-configure.in.patch b/poky/meta/recipes-devtools/expect/expect/0001-configure.in.patch index 7595a254a8..618c4bee8e 100644 --- a/poky/meta/recipes-devtools/expect/expect/0001-configure.in.patch +++ b/poky/meta/recipes-devtools/expect/expect/0001-configure.in.patch @@ -1,7 +1,7 @@ Allow cross compiling. Signed-off-by: Anders Roxell <anders.roxell@enea.com> -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only] --- diff -uNr a/configure.in b/configure.in --- a/configure.in 2012-12-14 15:31:32.623180450 +0100 diff --git a/poky/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch b/poky/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch index 37512fb9bc..d73f4c3421 100644 --- a/poky/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch +++ b/poky/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch @@ -10,7 +10,7 @@ Aborted (core dumped) Use PATH_MAX to fix the problem. -Upstream-Status: Pending [Upstream seems dead] +Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- diff --git a/poky/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch b/poky/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch index b1d322d5c9..40f7f3bd85 100644 --- a/poky/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch +++ b/poky/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch @@ -42,7 +42,7 @@ Example: } Author: Sergei Golovan <sgolovan@debian.org> -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only] This patch is backported from fedora changes for expect: http://pkgs.fedoraproject.org/cgit/rpms/expect.git/commit/ ?h=master&id=b6737eed550be93182f2ed194e836a6cbbcf4fa3 diff --git a/poky/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch b/poky/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch index dc4c6ba406..eb178f462a 100644 --- a/poky/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch +++ b/poky/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch @@ -1,7 +1,7 @@ Use proper -L path when cross compiling. Signed-off-by: Anders Roxell <anders.roxell@enea.com> -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only] --- diff -uNr a/tclconfig/tcl.m4 b/tclconfig/tcl.m4 --- a/tclconfig/tcl.m4 2012-12-14 09:16:58.789861281 +0100 diff --git a/poky/meta/recipes-devtools/expect/expect/expect-configure-c99.patch b/poky/meta/recipes-devtools/expect/expect/expect-configure-c99.patch new file mode 100644 index 0000000000..09bf180df7 --- /dev/null +++ b/poky/meta/recipes-devtools/expect/expect/expect-configure-c99.patch @@ -0,0 +1,201 @@ +Avoid calling exit without declaring the function. + +Add missing <string.h> include for memcpy. + +Use AC_TYPE_SIGNAL to fix REARM_SIG check. Add missing includes. + +Fix various implicit int return types of main. + +Upstream-Status: Submitted [https://sourceforge.net/p/expect/patches/24/] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/configure.in b/configure.in +index 51558fa14d2bcf7e..055c88fbd8797eaa 100755 +--- a/configure.in ++++ b/configure.in +@@ -452,7 +452,11 @@ AC_CHECK_FUNC(siglongjmp, AC_DEFINE(HAVE_SIGLONGJMP)) + # because Unixware 2.0 handles it specially and refuses to compile + # autoconf's automatic test that is a call with no arguments + AC_MSG_CHECKING([for memcpy]) +-AC_TRY_LINK(,[ ++AC_TRY_LINK([ ++#ifdef HAVE_STRING_H ++#include <string.h> ++#endif ++],[ + char *s1, *s2; + memcpy(s1,s2,0); + ], +@@ -469,6 +473,7 @@ memcpy(s1,s2,0); + AC_MSG_CHECKING([if WNOHANG requires _POSIX_SOURCE]) + AC_TRY_RUN([ + #include <sys/wait.h> ++int + main() { + #ifndef WNOHANG + return 0; +@@ -489,6 +494,7 @@ rm -rf wnohang + AC_TRY_RUN([ + #include <stdio.h> + #include <sys/wait.h> ++int + main() { + #ifdef WNOHANG + FILE *fp = fopen("wnohang","w"); +@@ -527,16 +533,21 @@ else + AC_DEFINE(SELECT_MASK_TYPE, fd_set) + fi + +-dnl # Check for the data type of the function used in signal(). This +-dnl # must be before the test for rearming. +-dnl # echo checking return type of signal handlers +-dnl AC_HEADER_EGREP([(void|sighandler_t).*signal], signal.h, retsigtype=void,AC_DEFINE(RETSIGTYPE, int) retsigtype=int) ++AC_TYPE_SIGNAL + + # FIXME: check if alarm exists + AC_MSG_CHECKING([if signals need to be re-armed]) + AC_TRY_RUN([ + #include <signal.h> +-#define RETSIGTYPE $retsigtype ++#ifdef HAVE_STDLIB_H ++# include <stdlib.h> ++#endif ++#ifdef HAVE_UNISTD_H ++# include <unistd.h> ++#endif ++#ifndef NO_SYS_WAIT_H ++# include <sys/wait.h> ++#endif + + int signal_rearms = 0; + +@@ -553,6 +564,7 @@ int n; + signal_rearms++; + } + ++int + main() + { + signal(SIGINT,parent_sigint_handler); +@@ -714,10 +726,11 @@ fi + AC_MSG_CHECKING([for struct sgttyb]) + AC_TRY_RUN([ + #include <sgtty.h> ++int + main() + { + struct sgttyb tmp; +- exit(0); ++ return 0; + }], + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_SGTTYB) +@@ -738,10 +751,11 @@ if test $mach -eq 0 ; then + # pty_termios.c is set up to handle pty_termio. + AC_MSG_CHECKING([for struct termio]) + AC_TRY_RUN([#include <termio.h> ++ int + main() + { + struct termio tmp; +- exit(0); ++ return 0; + }], + AC_DEFINE(HAVE_TERMIO) + PTY_TYPE=termios +@@ -760,10 +774,11 @@ if test $mach -eq 0 ; then + # include <inttypes.h> + # endif + # include <termios.h> ++ int + main() + { + struct termios tmp; +- exit(0); ++ return 0; + }], + AC_DEFINE(HAVE_TERMIOS) + PTY_TYPE=termios +@@ -782,6 +797,7 @@ AC_TRY_RUN([ + #include <inttypes.h> + #endif + #include <termios.h> ++int + main() { + #if defined(TCGETS) || defined(TCGETA) + return 0; +@@ -804,6 +820,7 @@ AC_TRY_RUN([ + #include <inttypes.h> + #endif + #include <termios.h> ++int + main() { + #ifdef TIOCGWINSZ + return 0; +@@ -823,6 +840,7 @@ main() { + AC_MSG_CHECKING([for Cray-style ptys]) + SETUID=":" + AC_TRY_RUN([ ++int + main(){ + #ifdef CRAY + return 0; +@@ -878,12 +896,13 @@ AC_MSG_CHECKING([for SV-style timezone]) + AC_TRY_RUN([ + extern char *tzname[2]; + extern int daylight; ++int + main() + { + int *x = &daylight; + char **y = tzname; + +- exit(0); ++ return 0; + }], + AC_DEFINE(HAVE_SV_TIMEZONE) + AC_MSG_RESULT(yes), +diff --git a/tclconfig/tcl.m4 b/tclconfig/tcl.m4 +index 0689cab3da994068..ebe839e5553ba520 100644 +--- a/tclconfig/tcl.m4 ++++ b/tclconfig/tcl.m4 +@@ -2400,7 +2400,7 @@ AC_DEFUN([TEA_TIME_HANDLER], [ + AC_TRY_COMPILE([#include <time.h>], + [extern long timezone; + timezone += 1; +- exit (0);], ++ return 0;], + tcl_cv_timezone_long=yes, tcl_cv_timezone_long=no)]) + if test $tcl_cv_timezone_long = yes ; then + AC_DEFINE(HAVE_TIMEZONE_VAR, 1, [Should we use the global timezone variable?]) +@@ -2412,7 +2412,7 @@ AC_DEFUN([TEA_TIME_HANDLER], [ + AC_TRY_COMPILE([#include <time.h>], + [extern time_t timezone; + timezone += 1; +- exit (0);], ++ return 0;], + tcl_cv_timezone_time=yes, tcl_cv_timezone_time=no)]) + if test $tcl_cv_timezone_time = yes ; then + AC_DEFINE(HAVE_TIMEZONE_VAR, 1, [Should we use the global timezone variable?]) +@@ -2452,17 +2452,17 @@ AC_DEFUN([TEA_BUGGY_STRTOD], [ + double value; + value = strtod(infString, &term); + if ((term != infString) && (term[-1] == 0)) { +- exit(1); ++ return 1; + } + value = strtod(nanString, &term); + if ((term != nanString) && (term[-1] == 0)) { +- exit(1); ++ return 1; + } + value = strtod(spaceString, &term); + if (term == (spaceString+1)) { +- exit(1); ++ return 1; + } +- exit(0); ++ return 0; + }], tcl_cv_strtod_buggy=ok, tcl_cv_strtod_buggy=buggy, + tcl_cv_strtod_buggy=buggy)]) + if test "$tcl_cv_strtod_buggy" = buggy; then diff --git a/poky/meta/recipes-devtools/expect/expect_5.45.4.bb b/poky/meta/recipes-devtools/expect/expect_5.45.4.bb index 7b610b1ff2..174b35ec73 100644 --- a/poky/meta/recipes-devtools/expect/expect_5.45.4.bb +++ b/poky/meta/recipes-devtools/expect/expect_5.45.4.bb @@ -27,6 +27,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expect/Expect/${PV}/${BPN}${PV}.tar.gz \ file://0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch \ file://0001-fixline1-fix-line-1.patch \ file://0001-Add-prototype-to-function-definitions.patch \ + file://expect-configure-c99.patch \ file://run-ptest \ " SRC_URI[md5sum] = "00fce8de158422f5ccd2666512329bd2" @@ -81,3 +82,7 @@ FILES:${PN} += "${libdir}/libexpect${PV}.so \ " BBCLASSEXTEND = "native nativesdk" + +# http://errors.yoctoproject.org/Errors/Details/766950/ +# expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch new file mode 100644 index 0000000000..095d00b1e2 --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch @@ -0,0 +1,46 @@ +From e7f9c9909c27d6ceed5aa4ca17023a1bc94b620a Mon Sep 17 00:00:00 2001 +From: Rod Smith <rodsmith@rodsbooks.com> +Date: Fri, 15 Apr 2022 18:10:14 -0400 +Subject: [PATCH] Fix failure & crash of sgdisk when compiled with latest popt + (commit 740; presumably eventually release 1.19) + +Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/5d5e76d369a412bfb3d2cebb5fc0a7509cef878d/] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + NEWS | 8 ++++++++ + gptcl.cc | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index c7add56..9e153fd 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,11 @@ ++1.0.10 (?/??/2022): ++------------------- ++ ++- Fixed problem that caused sgdisk to crash with errors about being unable ++ to read the disk's partition table when compiled with the latest popt ++ (commit 740, which is pre-release as I type; presumably version 1.19 and ++ later once released). ++ + 1.0.9 (4/14/2022): + ------------------ + +diff --git a/gptcl.cc b/gptcl.cc +index 34c9421..0d578eb 100644 +--- a/gptcl.cc ++++ b/gptcl.cc +@@ -155,7 +155,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + } // while + + // Assume first non-option argument is the device filename.... +- device = (char*) poptGetArg(poptCon); ++ device = strdup((char*) poptGetArg(poptCon)); + poptResetContext(poptCon); + + if (device != NULL) { +-- +2.35.5 + diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch new file mode 100644 index 0000000000..f358081092 --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch @@ -0,0 +1,27 @@ +From c640d9011a8330ebaad501784fb0ee1ce5e7a5ef Mon Sep 17 00:00:00 2001 +From: Rod Smith <rodsmith@rodsbooks.com> +Date: Sat, 16 Apr 2022 09:32:04 -0400 +Subject: [PATCH] Updated guid.cc to deal with minor change in libuuid + +Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/6a8416cbd12d55f882bb751993b94f72d338d96f/] +Signed-off-by: Peter Bergin <peter@berginkonsult.se> +--- + guid.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/guid.cc b/guid.cc +index 1e73ab7..d3e4fd5 100644 +--- a/guid.cc ++++ b/guid.cc +@@ -141,7 +141,7 @@ void GUIDData::Zero(void) { + void GUIDData::Randomize(void) { + int i, uuidGenerated = 0; + +-#ifdef _UUID_UUID_H ++#if defined (_UUID_UUID_H) || defined (_UL_LIBUUID_UUID_H) + uuid_generate(uuidData); + ReverseBytes(&uuidData[0], 4); + ReverseBytes(&uuidData[4], 2); +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Use-64bit-time_t-on-linux-as-well.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Use-64bit-time_t-on-linux-as-well.patch new file mode 100644 index 0000000000..80e6f1bc9c --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Use-64bit-time_t-on-linux-as-well.patch @@ -0,0 +1,32 @@ +From cbdbabcc14e4ae4debcc64e41c0bb97d47b4eeef Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 12 Dec 2022 12:50:07 -0800 +Subject: [PATCH] Use 64bit time_t on linux as well + +Alias 64bit version of stat functions to original functions +we are already passing -D_FILE_OFFSET_BITS=64 in linux Makefile + +Upstream-Status: Submitted [https://sourceforge.net/p/gptfdisk/code/merge-requests/29/] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + diskio-unix.cc | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/diskio-unix.cc b/diskio-unix.cc +index 7780aeb..0897c56 100644 +--- a/diskio-unix.cc ++++ b/diskio-unix.cc +@@ -37,8 +37,12 @@ + + using namespace std; + +-#ifdef __APPLE__ ++#if defined(__APPLE__) || defined(__linux__) + #define off64_t off_t ++#define stat64 stat ++#define fstat64 fstat ++#define lstat64 lstat ++#define lseek64 lseek + #endif + + // Returns the official "real" name for a shortened version of same. diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-gptcurses-correctly-include-curses.h.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-gptcurses-correctly-include-curses.h.patch index 011eec36f9..266afbfa11 100644 --- a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-gptcurses-correctly-include-curses.h.patch +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-gptcurses-correctly-include-curses.h.patch @@ -1,16 +1,17 @@ -From 510d0d27f90dfb1c4afd0722580bb8a828b52b7f Mon Sep 17 00:00:00 2001 +From 6bc6e867c5b3a774c0d7819ee5a3d2885e97caa9 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 30 Mar 2020 17:11:19 +0200 Subject: [PATCH] gptcurses: correctly include curses.h Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- gptcurses.cc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/gptcurses.cc b/gptcurses.cc -index b476700..476fc43 100644 +index 71aa734..4ebfde1 100644 --- a/gptcurses.cc +++ b/gptcurses.cc @@ -23,11 +23,7 @@ diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/popt-1.19-follow-up.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/popt-1.19-follow-up.patch new file mode 100644 index 0000000000..c7fa965ec9 --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/popt-1.19-follow-up.patch @@ -0,0 +1,41 @@ +From f5de3401b974ce103ffd93af8f9d43505a04aaf9 Mon Sep 17 00:00:00 2001 +From: Damian Kurek <starfire24680@gmail.com> +Date: Thu, 7 Jul 2022 03:39:16 +0000 +Subject: [PATCH] Fix NULL dereference when duplicating string argument + +poptGetArg can return NULL if there are no additional arguments, which +makes strdup dereference NULL on strlen + +Upstream-Status: Submitted [https://sourceforge.net/p/gptfdisk/code/merge-requests/28/] + +--- + gptcl.cc | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/gptcl.cc b/gptcl.cc +index 0d578eb..ab95239 100644 +--- a/gptcl.cc ++++ b/gptcl.cc +@@ -155,10 +155,11 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + } // while + + // Assume first non-option argument is the device filename.... +- device = strdup((char*) poptGetArg(poptCon)); +- poptResetContext(poptCon); ++ device = (char*) poptGetArg(poptCon); + + if (device != NULL) { ++ device = strdup(device); ++ poptResetContext(poptCon); + JustLooking(); // reset as necessary + BeQuiet(); // Tell called functions to be less verbose & interactive + if (LoadPartitions((string) device)) { +@@ -498,6 +499,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + cerr << "Error encountered; not saving changes.\n"; + retval = 4; + } // if ++ free(device); + } // if (device != NULL) + poptFreeContext(poptCon); + return retval; + diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.10.bb b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb index ba891931ac..cf0a60a1a9 100644 --- a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.10.bb +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb @@ -9,8 +9,12 @@ DEPENDS = "util-linux" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${PV}/${BP}.tar.gz \ file://0001-gptcurses-correctly-include-curses.h.patch \ + file://0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch \ + file://0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch \ + file://0001-Use-64bit-time_t-on-linux-as-well.patch \ + file://popt-1.19-follow-up.patch \ " -SRC_URI[sha256sum] = "2abed61bc6d2b9ec498973c0440b8b804b7a72d7144069b5a9209b2ad693a282" +SRC_URI[sha256sum] = "dafead2693faeb8e8b97832b23407f6ed5b3219bc1784f482dd855774e2d50c2" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/gptfdisk/files/gptfdisk/" UPSTREAM_CHECK_REGEX = "/gptfdisk/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc b/poky/meta/recipes-devtools/gcc/gcc-13.3.inc index 603377a49a..90f5ef88a9 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-13.3.inc @@ -2,11 +2,11 @@ require gcc-common.inc # Third digit in PV should be incremented after a minor release -PV = "13.2.0" +PV = "13.3.0" # BINV should be incremented to a revision after a minor gcc release -BINV = "13.2.0" +BINV = "13.3.0" FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:" @@ -65,11 +65,9 @@ SRC_URI = "${BASEURI} \ file://0023-Fix-install-path-of-linux64.h.patch \ file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \ file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \ - file://CVE-2023-4039.patch \ - file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \ file://0027-Fix-gcc-vect-module-testcases.patch \ " -SRC_URI[sha256sum] = "e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da" +SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083" S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/${SOURCEDIR}" B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}" diff --git a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb index bf53c5cd78..bf53c5cd78 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc-cross_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-cross_13.3.bb index b43cca0c52..b43cca0c52 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-cross_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-cross_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc-crosssdk_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb index 40a6c4feff..40a6c4feff 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-crosssdk_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc index dbc9141000..89b0bebcfb 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -92,7 +92,7 @@ do_install () { mv ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/* ${D}${libdir}/${TARGET_SYS}/${BINV}/include rmdir --ignore-fail-on-non-empty -p ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include fi - rm -rf ${D}${infodir}/libgomp.info ${D}${infodir}/dir + rm -rf ${D}${infodir}/libgomp.info* ${D}${infodir}/dir rm -rf ${D}${infodir}/libitm.info ${D}${infodir}/dir rm -rf ${D}${infodir}/libquadmath.info ${D}${infodir}/dir if [ -d ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/finclude ]; then diff --git a/poky/meta/recipes-devtools/gcc/gcc-runtime_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb index dd430b57eb..dd430b57eb 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-runtime_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc-sanitizers_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb index 8bda2ccad6..8bda2ccad6 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-sanitizers_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc-source_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc-source_13.3.bb index b890fa33ea..b890fa33ea 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-source_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc-source_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/poky/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch index 079142c540..b0b77dbfa0 100644 --- a/poky/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch +++ b/poky/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch @@ -165,16 +165,21 @@ diff --git a/gcc/config/loongarch/gnu-user.h b/gcc/config/loongarch/gnu-user.h index aecaa02a199..62f88f7f9a2 100644 --- a/gcc/config/loongarch/gnu-user.h +++ b/gcc/config/loongarch/gnu-user.h -@@ -31,11 +31,11 @@ along with GCC; see the file COPYING3. If not see +@@ -31,16 +31,16 @@ along with GCC; see the file COPYING3. If not see #undef GLIBC_DYNAMIC_LINKER #define GLIBC_DYNAMIC_LINKER \ - "/lib" ABI_GRLEN_SPEC "/ld-linux-loongarch-" ABI_SPEC ".so.1" + SYSTEMLIBS_DIR "ld-linux-loongarch-" ABI_SPEC ".so.1" + + #define MUSL_ABI_SPEC \ + "%{mabi=lp64d:}" \ + "%{mabi=lp64f:-sp}" \ + "%{mabi=lp64s:-sf}" #undef MUSL_DYNAMIC_LINKER #define MUSL_DYNAMIC_LINKER \ -- "/lib" ABI_GRLEN_SPEC "/ld-musl-loongarch-" ABI_SPEC ".so.1" +- "/lib/ld-musl-loongarch" ABI_GRLEN_SPEC MUSL_ABI_SPEC ".so.1" + SYSTEMLIBS_DIR "ld-musl-loongarch-" ABI_SPEC ".so.1" #undef GNU_USER_TARGET_LINK_SPEC diff --git a/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch b/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch deleted file mode 100644 index a408a98698..0000000000 --- a/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch +++ /dev/null @@ -1,117 +0,0 @@ -From adb60dc78e0da4877747f32347cee339364775be Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Fri, 15 Sep 2023 09:19:14 +0100 -Subject: [PATCH] aarch64: Fix loose ldpstp check [PR111411] - -aarch64_operands_ok_for_ldpstp contained the code: - - /* One of the memory accesses must be a mempair operand. - If it is not the first one, they need to be swapped by the - peephole. */ - if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1)) - && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2))) - return false; - -But the requirement isn't just that one of the accesses must be a -valid mempair operand. It's that the lower access must be, since -that's the access that will be used for the instruction operand. - -gcc/ - PR target/111411 - * config/aarch64/aarch64.cc (aarch64_operands_ok_for_ldpstp): Require - the lower memory access to a mem-pair operand. - -gcc/testsuite/ - PR target/111411 - * gcc.dg/rtl/aarch64/pr111411.c: New test. - -Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=2d38f45bcca62ca0c7afef4b579f82c5c2a01610] -Signed-off-by: Martin Jansa <martin.jansa@gmail.com> ---- - gcc/config/aarch64/aarch64.cc | 8 ++- - gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c | 57 +++++++++++++++++++++ - 2 files changed, 60 insertions(+), 5 deletions(-) - create mode 100644 gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 6118a3354ac..9b1f791ca8b 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -26154,11 +26154,9 @@ aarch64_operands_ok_for_ldpstp (rtx *operands, bool load, - gcc_assert (known_eq (GET_MODE_SIZE (GET_MODE (mem_1)), - GET_MODE_SIZE (GET_MODE (mem_2)))); - -- /* One of the memory accesses must be a mempair operand. -- If it is not the first one, they need to be swapped by the -- peephole. */ -- if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1)) -- && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2))) -+ /* The lower memory access must be a mem-pair operand. */ -+ rtx lower_mem = reversed ? mem_2 : mem_1; -+ if (!aarch64_mem_pair_operand (lower_mem, GET_MODE (lower_mem))) - return false; - - if (REG_P (reg_1) && FP_REGNUM_P (REGNO (reg_1))) -diff --git a/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c -new file mode 100644 -index 00000000000..ad07e9c6c89 ---- /dev/null -+++ b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c -@@ -0,0 +1,57 @@ -+/* { dg-do compile { target aarch64*-*-* } } */ -+/* { dg-require-effective-target lp64 } */ -+/* { dg-options "-O -fdisable-rtl-postreload -fpeephole2 -fno-schedule-fusion" } */ -+ -+extern int data[]; -+ -+void __RTL (startwith ("ira")) foo (void *ptr) -+{ -+ (function "foo" -+ (param "ptr" -+ (DECL_RTL (reg/v:DI <0> [ ptr ])) -+ (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ])) -+ ) ;; param "ptr" -+ (insn-chain -+ (block 2 -+ (edge-from entry (flags "FALLTHRU")) -+ (cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK) -+ (insn 4 (set (reg:DI <0>) (reg:DI x0))) -+ (insn 5 (set (reg:DI <1>) -+ (plus:DI (reg:DI <0>) (const_int 768)))) -+ (insn 6 (set (mem:SI (plus:DI (reg:DI <0>) -+ (const_int 508)) [1 &data+508 S4 A4]) -+ (const_int 0))) -+ (insn 7 (set (mem:SI (plus:DI (reg:DI <1>) -+ (const_int -256)) [1 &data+512 S4 A4]) -+ (const_int 0))) -+ (edge-to exit (flags "FALLTHRU")) -+ ) ;; block 2 -+ ) ;; insn-chain -+ ) ;; function -+} -+ -+void __RTL (startwith ("ira")) bar (void *ptr) -+{ -+ (function "bar" -+ (param "ptr" -+ (DECL_RTL (reg/v:DI <0> [ ptr ])) -+ (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ])) -+ ) ;; param "ptr" -+ (insn-chain -+ (block 2 -+ (edge-from entry (flags "FALLTHRU")) -+ (cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK) -+ (insn 4 (set (reg:DI <0>) (reg:DI x0))) -+ (insn 5 (set (reg:DI <1>) -+ (plus:DI (reg:DI <0>) (const_int 768)))) -+ (insn 6 (set (mem:SI (plus:DI (reg:DI <1>) -+ (const_int -256)) [1 &data+512 S4 A4]) -+ (const_int 0))) -+ (insn 7 (set (mem:SI (plus:DI (reg:DI <0>) -+ (const_int 508)) [1 &data+508 S4 A4]) -+ (const_int 0))) -+ (edge-to exit (flags "FALLTHRU")) -+ ) ;; block 2 -+ ) ;; insn-chain -+ ) ;; function -+} diff --git a/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch b/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch deleted file mode 100644 index 81b5067c33..0000000000 --- a/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch +++ /dev/null @@ -1,3093 +0,0 @@ -From: Richard Sandiford <richard.sandiford@arm.com> -Subject: [PATCH 00/19] aarch64: Fix -fstack-protector issue -Date: Tue, 12 Sep 2023 16:25:10 +0100 - -This series of patches fixes deficiencies in GCC's -fstack-protector -implementation for AArch64 when using dynamically allocated stack space. -This is CVE-2023-4039. See: - -https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 -https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf - -for more details. - -The fix is to put the saved registers above the locals area when --fstack-protector is used. - -The series also fixes a stack-clash problem that I found while working -on the CVE. In unpatched sources, the stack-clash problem would only -trigger for unrealistic numbers of arguments (8K 64-bit arguments, or an -equivalent). But it would be a more significant issue with the new --fstack-protector frame layout. It's therefore important that both -problems are fixed together. - -Some reorganisation of the code seemed necessary to fix the problems in a -cleanish way. The series is therefore quite long, but only a handful of -patches should have any effect on code generation. - -See the individual patches for a detailed description. - -Tested on aarch64-linux-gnu. Pushed to trunk and to all active branches. -I've also pushed backports to GCC 7+ to vendors/ARM/heads/CVE-2023-4039. - -CVE: CVE-2023-4039 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - - -From 71a2aa2127283f450c623d3604dbcabe0e14a8d4 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:12 +0100 -Subject: [PATCH 01/19] aarch64: Use local frame vars in shrink-wrapping code - -aarch64_layout_frame uses a shorthand for referring to -cfun->machine->frame: - - aarch64_frame &frame = cfun->machine->frame; - -This patch does the same for some other heavy users of the structure. -No functional change intended. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_save_callee_saves): Use - a local shorthand for cfun->machine->frame. - (aarch64_restore_callee_saves, aarch64_get_separate_components): - (aarch64_process_components): Likewise. - (aarch64_allocate_and_probe_stack_space): Likewise. - (aarch64_expand_prologue, aarch64_expand_epilogue): Likewise. - (aarch64_layout_frame): Use existing shorthand for one more case. ---- - gcc/config/aarch64/aarch64.cc | 123 ++++++++++++++++++---------------- - 1 file changed, 64 insertions(+), 59 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 822a2b49a46..5d473d161d9 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8612,7 +8612,7 @@ aarch64_layout_frame (void) - frame.is_scs_enabled - = (!crtl->calls_eh_return - && sanitize_flags_p (SANITIZE_SHADOW_CALL_STACK) -- && known_ge (cfun->machine->frame.reg_offset[LR_REGNUM], 0)); -+ && known_ge (frame.reg_offset[LR_REGNUM], 0)); - - /* When shadow call stack is enabled, the scs_pop in the epilogue will - restore x30, and we don't need to pop x30 again in the traditional -@@ -9078,6 +9078,7 @@ aarch64_save_callee_saves (poly_int64 start_offset, - unsigned start, unsigned limit, bool skip_wb, - bool hard_fp_valid_p) - { -+ aarch64_frame &frame = cfun->machine->frame; - rtx_insn *insn; - unsigned regno; - unsigned regno2; -@@ -9092,8 +9093,8 @@ aarch64_save_callee_saves (poly_int64 start_offset, - bool frame_related_p = aarch64_emit_cfi_for_reg_p (regno); - - if (skip_wb -- && (regno == cfun->machine->frame.wb_push_candidate1 -- || regno == cfun->machine->frame.wb_push_candidate2)) -+ && (regno == frame.wb_push_candidate1 -+ || regno == frame.wb_push_candidate2)) - continue; - - if (cfun->machine->reg_is_wrapped_separately[regno]) -@@ -9101,7 +9102,7 @@ aarch64_save_callee_saves (poly_int64 start_offset, - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = start_offset + cfun->machine->frame.reg_offset[regno]; -+ offset = start_offset + frame.reg_offset[regno]; - rtx base_rtx = stack_pointer_rtx; - poly_int64 sp_offset = offset; - -@@ -9114,7 +9115,7 @@ aarch64_save_callee_saves (poly_int64 start_offset, - { - gcc_assert (known_eq (start_offset, 0)); - poly_int64 fp_offset -- = cfun->machine->frame.below_hard_fp_saved_regs_size; -+ = frame.below_hard_fp_saved_regs_size; - if (hard_fp_valid_p) - base_rtx = hard_frame_pointer_rtx; - else -@@ -9136,8 +9137,7 @@ aarch64_save_callee_saves (poly_int64 start_offset, - && (regno2 = aarch64_next_callee_save (regno + 1, limit)) <= limit - && !cfun->machine->reg_is_wrapped_separately[regno2] - && known_eq (GET_MODE_SIZE (mode), -- cfun->machine->frame.reg_offset[regno2] -- - cfun->machine->frame.reg_offset[regno])) -+ frame.reg_offset[regno2] - frame.reg_offset[regno])) - { - rtx reg2 = gen_rtx_REG (mode, regno2); - rtx mem2; -@@ -9187,6 +9187,7 @@ static void - aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start, - unsigned limit, bool skip_wb, rtx *cfi_ops) - { -+ aarch64_frame &frame = cfun->machine->frame; - unsigned regno; - unsigned regno2; - poly_int64 offset; -@@ -9203,13 +9204,13 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start, - rtx reg, mem; - - if (skip_wb -- && (regno == cfun->machine->frame.wb_pop_candidate1 -- || regno == cfun->machine->frame.wb_pop_candidate2)) -+ && (regno == frame.wb_pop_candidate1 -+ || regno == frame.wb_pop_candidate2)) - continue; - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = start_offset + cfun->machine->frame.reg_offset[regno]; -+ offset = start_offset + frame.reg_offset[regno]; - rtx base_rtx = stack_pointer_rtx; - if (mode == VNx2DImode && BYTES_BIG_ENDIAN) - aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg, -@@ -9220,8 +9221,7 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start, - && (regno2 = aarch64_next_callee_save (regno + 1, limit)) <= limit - && !cfun->machine->reg_is_wrapped_separately[regno2] - && known_eq (GET_MODE_SIZE (mode), -- cfun->machine->frame.reg_offset[regno2] -- - cfun->machine->frame.reg_offset[regno])) -+ frame.reg_offset[regno2] - frame.reg_offset[regno])) - { - rtx reg2 = gen_rtx_REG (mode, regno2); - rtx mem2; -@@ -9326,6 +9326,7 @@ offset_12bit_unsigned_scaled_p (machine_mode mode, poly_int64 offset) - static sbitmap - aarch64_get_separate_components (void) - { -+ aarch64_frame &frame = cfun->machine->frame; - sbitmap components = sbitmap_alloc (LAST_SAVED_REGNUM + 1); - bitmap_clear (components); - -@@ -9342,18 +9343,18 @@ aarch64_get_separate_components (void) - if (mode == VNx2DImode && BYTES_BIG_ENDIAN) - continue; - -- poly_int64 offset = cfun->machine->frame.reg_offset[regno]; -+ poly_int64 offset = frame.reg_offset[regno]; - - /* If the register is saved in the first SVE save slot, we use - it as a stack probe for -fstack-clash-protection. */ - if (flag_stack_clash_protection -- && maybe_ne (cfun->machine->frame.below_hard_fp_saved_regs_size, 0) -+ && maybe_ne (frame.below_hard_fp_saved_regs_size, 0) - && known_eq (offset, 0)) - continue; - - /* Get the offset relative to the register we'll use. */ - if (frame_pointer_needed) -- offset -= cfun->machine->frame.below_hard_fp_saved_regs_size; -+ offset -= frame.below_hard_fp_saved_regs_size; - else - offset += crtl->outgoing_args_size; - -@@ -9372,11 +9373,11 @@ aarch64_get_separate_components (void) - /* If the spare predicate register used by big-endian SVE code - is call-preserved, it must be saved in the main prologue - before any saves that use it. */ -- if (cfun->machine->frame.spare_pred_reg != INVALID_REGNUM) -- bitmap_clear_bit (components, cfun->machine->frame.spare_pred_reg); -+ if (frame.spare_pred_reg != INVALID_REGNUM) -+ bitmap_clear_bit (components, frame.spare_pred_reg); - -- unsigned reg1 = cfun->machine->frame.wb_push_candidate1; -- unsigned reg2 = cfun->machine->frame.wb_push_candidate2; -+ unsigned reg1 = frame.wb_push_candidate1; -+ unsigned reg2 = frame.wb_push_candidate2; - /* If registers have been chosen to be stored/restored with - writeback don't interfere with them to avoid having to output explicit - stack adjustment instructions. */ -@@ -9485,6 +9486,7 @@ aarch64_get_next_set_bit (sbitmap bmp, unsigned int start) - static void - aarch64_process_components (sbitmap components, bool prologue_p) - { -+ aarch64_frame &frame = cfun->machine->frame; - rtx ptr_reg = gen_rtx_REG (Pmode, frame_pointer_needed - ? HARD_FRAME_POINTER_REGNUM - : STACK_POINTER_REGNUM); -@@ -9499,9 +9501,9 @@ aarch64_process_components (sbitmap components, bool prologue_p) - machine_mode mode = aarch64_reg_save_mode (regno); - - rtx reg = gen_rtx_REG (mode, regno); -- poly_int64 offset = cfun->machine->frame.reg_offset[regno]; -+ poly_int64 offset = frame.reg_offset[regno]; - if (frame_pointer_needed) -- offset -= cfun->machine->frame.below_hard_fp_saved_regs_size; -+ offset -= frame.below_hard_fp_saved_regs_size; - else - offset += crtl->outgoing_args_size; - -@@ -9526,14 +9528,14 @@ aarch64_process_components (sbitmap components, bool prologue_p) - break; - } - -- poly_int64 offset2 = cfun->machine->frame.reg_offset[regno2]; -+ poly_int64 offset2 = frame.reg_offset[regno2]; - /* The next register is not of the same class or its offset is not - mergeable with the current one into a pair. */ - if (aarch64_sve_mode_p (mode) - || !satisfies_constraint_Ump (mem) - || GP_REGNUM_P (regno) != GP_REGNUM_P (regno2) - || (crtl->abi->id () == ARM_PCS_SIMD && FP_REGNUM_P (regno)) -- || maybe_ne ((offset2 - cfun->machine->frame.reg_offset[regno]), -+ || maybe_ne ((offset2 - frame.reg_offset[regno]), - GET_MODE_SIZE (mode))) - { - insn = emit_insn (set); -@@ -9555,7 +9557,7 @@ aarch64_process_components (sbitmap components, bool prologue_p) - /* REGNO2 can be saved/restored in a pair with REGNO. */ - rtx reg2 = gen_rtx_REG (mode, regno2); - if (frame_pointer_needed) -- offset2 -= cfun->machine->frame.below_hard_fp_saved_regs_size; -+ offset2 -= frame.below_hard_fp_saved_regs_size; - else - offset2 += crtl->outgoing_args_size; - rtx addr2 = plus_constant (Pmode, ptr_reg, offset2); -@@ -9650,6 +9652,7 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - bool frame_related_p, - bool final_adjustment_p) - { -+ aarch64_frame &frame = cfun->machine->frame; - HOST_WIDE_INT guard_size - = 1 << param_stack_clash_protection_guard_size; - HOST_WIDE_INT guard_used_by_caller = STACK_CLASH_CALLER_GUARD; -@@ -9670,25 +9673,25 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - register as a probe. We can't assume that LR was saved at position 0 - though, so treat any space below it as unprobed. */ - if (final_adjustment_p -- && known_eq (cfun->machine->frame.below_hard_fp_saved_regs_size, 0)) -+ && known_eq (frame.below_hard_fp_saved_regs_size, 0)) - { -- poly_int64 lr_offset = cfun->machine->frame.reg_offset[LR_REGNUM]; -+ poly_int64 lr_offset = frame.reg_offset[LR_REGNUM]; - if (known_ge (lr_offset, 0)) - min_probe_threshold -= lr_offset.to_constant (); - else - gcc_assert (!flag_stack_clash_protection || known_eq (poly_size, 0)); - } - -- poly_int64 frame_size = cfun->machine->frame.frame_size; -+ poly_int64 frame_size = frame.frame_size; - - /* We should always have a positive probe threshold. */ - gcc_assert (min_probe_threshold > 0); - - if (flag_stack_clash_protection && !final_adjustment_p) - { -- poly_int64 initial_adjust = cfun->machine->frame.initial_adjust; -- poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust; -- poly_int64 final_adjust = cfun->machine->frame.final_adjust; -+ poly_int64 initial_adjust = frame.initial_adjust; -+ poly_int64 sve_callee_adjust = frame.sve_callee_adjust; -+ poly_int64 final_adjust = frame.final_adjust; - - if (known_eq (frame_size, 0)) - { -@@ -9977,17 +9980,18 @@ aarch64_epilogue_uses (int regno) - void - aarch64_expand_prologue (void) - { -- poly_int64 frame_size = cfun->machine->frame.frame_size; -- poly_int64 initial_adjust = cfun->machine->frame.initial_adjust; -- HOST_WIDE_INT callee_adjust = cfun->machine->frame.callee_adjust; -- poly_int64 final_adjust = cfun->machine->frame.final_adjust; -- poly_int64 callee_offset = cfun->machine->frame.callee_offset; -- poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust; -+ aarch64_frame &frame = cfun->machine->frame; -+ poly_int64 frame_size = frame.frame_size; -+ poly_int64 initial_adjust = frame.initial_adjust; -+ HOST_WIDE_INT callee_adjust = frame.callee_adjust; -+ poly_int64 final_adjust = frame.final_adjust; -+ poly_int64 callee_offset = frame.callee_offset; -+ poly_int64 sve_callee_adjust = frame.sve_callee_adjust; - poly_int64 below_hard_fp_saved_regs_size -- = cfun->machine->frame.below_hard_fp_saved_regs_size; -- unsigned reg1 = cfun->machine->frame.wb_push_candidate1; -- unsigned reg2 = cfun->machine->frame.wb_push_candidate2; -- bool emit_frame_chain = cfun->machine->frame.emit_frame_chain; -+ = frame.below_hard_fp_saved_regs_size; -+ unsigned reg1 = frame.wb_push_candidate1; -+ unsigned reg2 = frame.wb_push_candidate2; -+ bool emit_frame_chain = frame.emit_frame_chain; - rtx_insn *insn; - - if (flag_stack_clash_protection && known_eq (callee_adjust, 0)) -@@ -10018,7 +10022,7 @@ aarch64_expand_prologue (void) - } - - /* Push return address to shadow call stack. */ -- if (cfun->machine->frame.is_scs_enabled) -+ if (frame.is_scs_enabled) - emit_insn (gen_scs_push ()); - - if (flag_stack_usage_info) -@@ -10057,7 +10061,7 @@ aarch64_expand_prologue (void) - - /* The offset of the frame chain record (if any) from the current SP. */ - poly_int64 chain_offset = (initial_adjust + callee_adjust -- - cfun->machine->frame.hard_fp_offset); -+ - frame.hard_fp_offset); - gcc_assert (known_ge (chain_offset, 0)); - - /* The offset of the bottom of the save area from the current SP. */ -@@ -10160,16 +10164,17 @@ aarch64_use_return_insn_p (void) - void - aarch64_expand_epilogue (bool for_sibcall) - { -- poly_int64 initial_adjust = cfun->machine->frame.initial_adjust; -- HOST_WIDE_INT callee_adjust = cfun->machine->frame.callee_adjust; -- poly_int64 final_adjust = cfun->machine->frame.final_adjust; -- poly_int64 callee_offset = cfun->machine->frame.callee_offset; -- poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust; -+ aarch64_frame &frame = cfun->machine->frame; -+ poly_int64 initial_adjust = frame.initial_adjust; -+ HOST_WIDE_INT callee_adjust = frame.callee_adjust; -+ poly_int64 final_adjust = frame.final_adjust; -+ poly_int64 callee_offset = frame.callee_offset; -+ poly_int64 sve_callee_adjust = frame.sve_callee_adjust; - poly_int64 below_hard_fp_saved_regs_size -- = cfun->machine->frame.below_hard_fp_saved_regs_size; -- unsigned reg1 = cfun->machine->frame.wb_pop_candidate1; -- unsigned reg2 = cfun->machine->frame.wb_pop_candidate2; -- unsigned int last_gpr = (cfun->machine->frame.is_scs_enabled -+ = frame.below_hard_fp_saved_regs_size; -+ unsigned reg1 = frame.wb_pop_candidate1; -+ unsigned reg2 = frame.wb_pop_candidate2; -+ unsigned int last_gpr = (frame.is_scs_enabled - ? R29_REGNUM : R30_REGNUM); - rtx cfi_ops = NULL; - rtx_insn *insn; -@@ -10203,7 +10208,7 @@ aarch64_expand_epilogue (bool for_sibcall) - /* We need to add memory barrier to prevent read from deallocated stack. */ - bool need_barrier_p - = maybe_ne (get_frame_size () -- + cfun->machine->frame.saved_varargs_size, 0); -+ + frame.saved_varargs_size, 0); - - /* Emit a barrier to prevent loads from a deallocated stack. */ - if (maybe_gt (final_adjust, crtl->outgoing_args_size) -@@ -10284,7 +10289,7 @@ aarch64_expand_epilogue (bool for_sibcall) - } - - /* Pop return address from shadow call stack. */ -- if (cfun->machine->frame.is_scs_enabled) -+ if (frame.is_scs_enabled) - { - machine_mode mode = aarch64_reg_save_mode (R30_REGNUM); - rtx reg = gen_rtx_REG (mode, R30_REGNUM); -@@ -12740,24 +12745,24 @@ aarch64_can_eliminate (const int from ATTRIBUTE_UNUSED, const int to) - poly_int64 - aarch64_initial_elimination_offset (unsigned from, unsigned to) - { -+ aarch64_frame &frame = cfun->machine->frame; -+ - if (to == HARD_FRAME_POINTER_REGNUM) - { - if (from == ARG_POINTER_REGNUM) -- return cfun->machine->frame.hard_fp_offset; -+ return frame.hard_fp_offset; - - if (from == FRAME_POINTER_REGNUM) -- return cfun->machine->frame.hard_fp_offset -- - cfun->machine->frame.locals_offset; -+ return frame.hard_fp_offset - frame.locals_offset; - } - - if (to == STACK_POINTER_REGNUM) - { - if (from == FRAME_POINTER_REGNUM) -- return cfun->machine->frame.frame_size -- - cfun->machine->frame.locals_offset; -+ return frame.frame_size - frame.locals_offset; - } - -- return cfun->machine->frame.frame_size; -+ return frame.frame_size; - } - - --- -2.34.1 - - -From 89a9fa287706c5011f61926eaf65e7b996b963a3 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:12 +0100 -Subject: [PATCH 02/19] aarch64: Avoid a use of callee_offset - -When we emit the frame chain, i.e. when we reach Here in this statement -of aarch64_expand_prologue: - - if (emit_frame_chain) - { - // Here - ... - } - -the stack is in one of two states: - -- We've allocated up to the frame chain, but no more. - -- We've allocated the whole frame, and the frame chain is within easy - reach of the new SP. - -The offset of the frame chain from the current SP is available -in aarch64_frame as callee_offset. It is also available as the -chain_offset local variable, where the latter is calculated from other -data. (However, chain_offset is not always equal to callee_offset when -!emit_frame_chain, so chain_offset isn't redundant.) - -In c600df9a4060da3c6121ff4d0b93f179eafd69d1 I switched to using -chain_offset for the initialisation of the hard frame pointer: - - aarch64_add_offset (Pmode, hard_frame_pointer_rtx, -- stack_pointer_rtx, callee_offset, -+ stack_pointer_rtx, chain_offset, - tmp1_rtx, tmp0_rtx, frame_pointer_needed); - -But the later REG_CFA_ADJUST_CFA handling still used callee_offset. - -I think the difference is harmless, but it's more logical for the -CFA note to be in sync, and it's more convenient for later patches -if it uses chain_offset. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_expand_prologue): Use - chain_offset rather than callee_offset. ---- - gcc/config/aarch64/aarch64.cc | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 5d473d161d9..4f233c95140 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -9985,7 +9985,6 @@ aarch64_expand_prologue (void) - poly_int64 initial_adjust = frame.initial_adjust; - HOST_WIDE_INT callee_adjust = frame.callee_adjust; - poly_int64 final_adjust = frame.final_adjust; -- poly_int64 callee_offset = frame.callee_offset; - poly_int64 sve_callee_adjust = frame.sve_callee_adjust; - poly_int64 below_hard_fp_saved_regs_size - = frame.below_hard_fp_saved_regs_size; -@@ -10098,8 +10097,7 @@ aarch64_expand_prologue (void) - implicit. */ - if (!find_reg_note (insn, REG_CFA_ADJUST_CFA, NULL_RTX)) - { -- rtx src = plus_constant (Pmode, stack_pointer_rtx, -- callee_offset); -+ rtx src = plus_constant (Pmode, stack_pointer_rtx, chain_offset); - add_reg_note (insn, REG_CFA_ADJUST_CFA, - gen_rtx_SET (hard_frame_pointer_rtx, src)); - } --- -2.34.1 - - -From b36a2a78040722dab6124366c5d6baf8eaf80aef Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:13 +0100 -Subject: [PATCH 03/19] aarch64: Explicitly handle frames with no saved - registers - -If a frame has no saved registers, it can be allocated in one go. -There is no need to treat the areas below and above the saved -registers as separate. - -And if we allocate the frame in one go, it should be allocated -as the initial_adjust rather than the final_adjust. This allows the -frame size to grow to guard_size - guard_used_by_caller before a stack -probe is needed. (A frame with no register saves is necessarily a -leaf frame.) - -This is a no-op as thing stand, since a leaf function will have -no outgoing arguments, and so all the frame will be above where -the saved registers normally go. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_layout_frame): Explicitly - allocate the frame in one go if there are no saved registers. ---- - gcc/config/aarch64/aarch64.cc | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 4f233c95140..37643041ffb 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8639,9 +8639,11 @@ aarch64_layout_frame (void) - - HOST_WIDE_INT const_size, const_outgoing_args_size, const_fp_offset; - HOST_WIDE_INT const_saved_regs_size; -- if (frame.frame_size.is_constant (&const_size) -- && const_size < max_push_offset -- && known_eq (frame.hard_fp_offset, const_size)) -+ if (known_eq (frame.saved_regs_size, 0)) -+ frame.initial_adjust = frame.frame_size; -+ else if (frame.frame_size.is_constant (&const_size) -+ && const_size < max_push_offset -+ && known_eq (frame.hard_fp_offset, const_size)) - { - /* Simple, small frame with no outgoing arguments: - --- -2.34.1 - - -From ada2ab0093596be707f23a3466ac82cff59fcffe Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:13 +0100 -Subject: [PATCH 04/19] aarch64: Add bytes_below_saved_regs to frame info - -The frame layout code currently hard-codes the assumption that -the number of bytes below the saved registers is equal to the -size of the outgoing arguments. This patch abstracts that -value into a new field of aarch64_frame. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::bytes_below_saved_regs): New - field. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize it, - and use it instead of crtl->outgoing_args_size. - (aarch64_get_separate_components): Use bytes_below_saved_regs instead - of outgoing_args_size. - (aarch64_process_components): Likewise. ---- - gcc/config/aarch64/aarch64.cc | 71 ++++++++++++++++++----------------- - gcc/config/aarch64/aarch64.h | 5 +++ - 2 files changed, 41 insertions(+), 35 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 37643041ffb..dacc2b0e4dd 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8478,6 +8478,8 @@ aarch64_layout_frame (void) - gcc_assert (crtl->is_leaf - || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED)); - -+ frame.bytes_below_saved_regs = crtl->outgoing_args_size; -+ - /* Now assign stack slots for the registers. Start with the predicate - registers, since predicate LDR and STR have a relatively small - offset range. These saves happen below the hard frame pointer. */ -@@ -8582,18 +8584,18 @@ aarch64_layout_frame (void) - - poly_int64 varargs_and_saved_regs_size = offset + frame.saved_varargs_size; - -- poly_int64 above_outgoing_args -+ poly_int64 saved_regs_and_above - = aligned_upper_bound (varargs_and_saved_regs_size - + get_frame_size (), - STACK_BOUNDARY / BITS_PER_UNIT); - - frame.hard_fp_offset -- = above_outgoing_args - frame.below_hard_fp_saved_regs_size; -+ = saved_regs_and_above - frame.below_hard_fp_saved_regs_size; - - /* Both these values are already aligned. */ -- gcc_assert (multiple_p (crtl->outgoing_args_size, -+ gcc_assert (multiple_p (frame.bytes_below_saved_regs, - STACK_BOUNDARY / BITS_PER_UNIT)); -- frame.frame_size = above_outgoing_args + crtl->outgoing_args_size; -+ frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs; - - frame.locals_offset = frame.saved_varargs_size; - -@@ -8637,7 +8639,7 @@ aarch64_layout_frame (void) - else if (frame.wb_pop_candidate1 != INVALID_REGNUM) - max_push_offset = 256; - -- HOST_WIDE_INT const_size, const_outgoing_args_size, const_fp_offset; -+ HOST_WIDE_INT const_size, const_below_saved_regs, const_fp_offset; - HOST_WIDE_INT const_saved_regs_size; - if (known_eq (frame.saved_regs_size, 0)) - frame.initial_adjust = frame.frame_size; -@@ -8645,31 +8647,31 @@ aarch64_layout_frame (void) - && const_size < max_push_offset - && known_eq (frame.hard_fp_offset, const_size)) - { -- /* Simple, small frame with no outgoing arguments: -+ /* Simple, small frame with no data below the saved registers. - - stp reg1, reg2, [sp, -frame_size]! - stp reg3, reg4, [sp, 16] */ - frame.callee_adjust = const_size; - } -- else if (crtl->outgoing_args_size.is_constant (&const_outgoing_args_size) -+ else if (frame.bytes_below_saved_regs.is_constant (&const_below_saved_regs) - && frame.saved_regs_size.is_constant (&const_saved_regs_size) -- && const_outgoing_args_size + const_saved_regs_size < 512 -- /* We could handle this case even with outgoing args, provided -- that the number of args left us with valid offsets for all -- predicate and vector save slots. It's such a rare case that -- it hardly seems worth the effort though. */ -- && (!saves_below_hard_fp_p || const_outgoing_args_size == 0) -+ && const_below_saved_regs + const_saved_regs_size < 512 -+ /* We could handle this case even with data below the saved -+ registers, provided that that data left us with valid offsets -+ for all predicate and vector save slots. It's such a rare -+ case that it hardly seems worth the effort though. */ -+ && (!saves_below_hard_fp_p || const_below_saved_regs == 0) - && !(cfun->calls_alloca - && frame.hard_fp_offset.is_constant (&const_fp_offset) - && const_fp_offset < max_push_offset)) - { -- /* Frame with small outgoing arguments: -+ /* Frame with small area below the saved registers: - - sub sp, sp, frame_size -- stp reg1, reg2, [sp, outgoing_args_size] -- stp reg3, reg4, [sp, outgoing_args_size + 16] */ -+ stp reg1, reg2, [sp, bytes_below_saved_regs] -+ stp reg3, reg4, [sp, bytes_below_saved_regs + 16] */ - frame.initial_adjust = frame.frame_size; -- frame.callee_offset = const_outgoing_args_size; -+ frame.callee_offset = const_below_saved_regs; - } - else if (saves_below_hard_fp_p - && known_eq (frame.saved_regs_size, -@@ -8679,30 +8681,29 @@ aarch64_layout_frame (void) - - sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size - save SVE registers relative to SP -- sub sp, sp, outgoing_args_size */ -+ sub sp, sp, bytes_below_saved_regs */ - frame.initial_adjust = (frame.hard_fp_offset - + frame.below_hard_fp_saved_regs_size); -- frame.final_adjust = crtl->outgoing_args_size; -+ frame.final_adjust = frame.bytes_below_saved_regs; - } - else if (frame.hard_fp_offset.is_constant (&const_fp_offset) - && const_fp_offset < max_push_offset) - { -- /* Frame with large outgoing arguments or SVE saves, but with -- a small local area: -+ /* Frame with large area below the saved registers, or with SVE saves, -+ but with a small area above: - - stp reg1, reg2, [sp, -hard_fp_offset]! - stp reg3, reg4, [sp, 16] - [sub sp, sp, below_hard_fp_saved_regs_size] - [save SVE registers relative to SP] -- sub sp, sp, outgoing_args_size */ -+ sub sp, sp, bytes_below_saved_regs */ - frame.callee_adjust = const_fp_offset; - frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; -- frame.final_adjust = crtl->outgoing_args_size; -+ frame.final_adjust = frame.bytes_below_saved_regs; - } - else - { -- /* Frame with large local area and outgoing arguments or SVE saves, -- using frame pointer: -+ /* General case: - - sub sp, sp, hard_fp_offset - stp x29, x30, [sp, 0] -@@ -8710,10 +8711,10 @@ aarch64_layout_frame (void) - stp reg3, reg4, [sp, 16] - [sub sp, sp, below_hard_fp_saved_regs_size] - [save SVE registers relative to SP] -- sub sp, sp, outgoing_args_size */ -+ sub sp, sp, bytes_below_saved_regs */ - frame.initial_adjust = frame.hard_fp_offset; - frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; -- frame.final_adjust = crtl->outgoing_args_size; -+ frame.final_adjust = frame.bytes_below_saved_regs; - } - - /* Make sure the individual adjustments add up to the full frame size. */ -@@ -9358,7 +9359,7 @@ aarch64_get_separate_components (void) - if (frame_pointer_needed) - offset -= frame.below_hard_fp_saved_regs_size; - else -- offset += crtl->outgoing_args_size; -+ offset += frame.bytes_below_saved_regs; - - /* Check that we can access the stack slot of the register with one - direct load with no adjustments needed. */ -@@ -9507,7 +9508,7 @@ aarch64_process_components (sbitmap components, bool prologue_p) - if (frame_pointer_needed) - offset -= frame.below_hard_fp_saved_regs_size; - else -- offset += crtl->outgoing_args_size; -+ offset += frame.bytes_below_saved_regs; - - rtx addr = plus_constant (Pmode, ptr_reg, offset); - rtx mem = gen_frame_mem (mode, addr); -@@ -9561,7 +9562,7 @@ aarch64_process_components (sbitmap components, bool prologue_p) - if (frame_pointer_needed) - offset2 -= frame.below_hard_fp_saved_regs_size; - else -- offset2 += crtl->outgoing_args_size; -+ offset2 += frame.bytes_below_saved_regs; - rtx addr2 = plus_constant (Pmode, ptr_reg, offset2); - rtx mem2 = gen_frame_mem (mode, addr2); - rtx set2 = prologue_p ? gen_rtx_SET (mem2, reg2) -@@ -9635,10 +9636,10 @@ aarch64_stack_clash_protection_alloca_probe_range (void) - registers. If POLY_SIZE is not large enough to require a probe this function - will only adjust the stack. When allocating the stack space - FRAME_RELATED_P is then used to indicate if the allocation is frame related. -- FINAL_ADJUSTMENT_P indicates whether we are allocating the outgoing -- arguments. If we are then we ensure that any allocation larger than the ABI -- defined buffer needs a probe so that the invariant of having a 1KB buffer is -- maintained. -+ FINAL_ADJUSTMENT_P indicates whether we are allocating the area below -+ the saved registers. If we are then we ensure that any allocation -+ larger than the ABI defined buffer needs a probe so that the -+ invariant of having a 1KB buffer is maintained. - - We emit barriers after each stack adjustment to prevent optimizations from - breaking the invariant that we never drop the stack more than a page. This -@@ -9847,7 +9848,7 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - /* Handle any residuals. Residuals of at least MIN_PROBE_THRESHOLD have to - be probed. This maintains the requirement that each page is probed at - least once. For initial probing we probe only if the allocation is -- more than GUARD_SIZE - buffer, and for the outgoing arguments we probe -+ more than GUARD_SIZE - buffer, and below the saved registers we probe - if the amount is larger than buffer. GUARD_SIZE - buffer + buffer == - GUARD_SIZE. This works that for any allocation that is large enough to - trigger a probe here, we'll have at least one, and if they're not large -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 73b09e20508..0b6faa3ddf1 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -777,6 +777,11 @@ struct GTY (()) aarch64_frame - /* The size of the callee-save registers with a slot in REG_OFFSET. */ - poly_int64 saved_regs_size; - -+ /* The number of bytes between the bottom of the static frame (the bottom -+ of the outgoing arguments) and the bottom of the register save area. -+ This value is always a multiple of STACK_BOUNDARY. */ -+ poly_int64 bytes_below_saved_regs; -+ - /* The size of the callee-save registers with a slot in REG_OFFSET that - are saved below the hard frame pointer. */ - poly_int64 below_hard_fp_saved_regs_size; --- -2.34.1 - - -From 82f6b3e1b596ef0f4e3ac3bb9c6e88fb4458f402 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:14 +0100 -Subject: [PATCH 05/19] aarch64: Add bytes_below_hard_fp to frame info - -Following on from the previous bytes_below_saved_regs patch, this one -records the number of bytes that are below the hard frame pointer. -This eventually replaces below_hard_fp_saved_regs_size. - -If a frame pointer is not needed, the epilogue adds final_adjust -to the stack pointer before restoring registers: - - aarch64_add_sp (tmp1_rtx, tmp0_rtx, final_adjust, true); - -Therefore, if the epilogue needs to restore the stack pointer from -the hard frame pointer, the directly corresponding offset is: - - -bytes_below_hard_fp + final_adjust - -i.e. go from the hard frame pointer to the bottom of the frame, -then add the same amount as if we were using the stack pointer -from the outset. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::bytes_below_hard_fp): New - field. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize it. - (aarch64_expand_epilogue): Use it instead of - below_hard_fp_saved_regs_size. ---- - gcc/config/aarch64/aarch64.cc | 6 +++--- - gcc/config/aarch64/aarch64.h | 5 +++++ - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index dacc2b0e4dd..a3f7aabcc59 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8530,6 +8530,7 @@ aarch64_layout_frame (void) - of the callee save area. */ - bool saves_below_hard_fp_p = maybe_ne (offset, 0); - frame.below_hard_fp_saved_regs_size = offset; -+ frame.bytes_below_hard_fp = offset + frame.bytes_below_saved_regs; - if (frame.emit_frame_chain) - { - /* FP and LR are placed in the linkage record. */ -@@ -10171,8 +10172,7 @@ aarch64_expand_epilogue (bool for_sibcall) - poly_int64 final_adjust = frame.final_adjust; - poly_int64 callee_offset = frame.callee_offset; - poly_int64 sve_callee_adjust = frame.sve_callee_adjust; -- poly_int64 below_hard_fp_saved_regs_size -- = frame.below_hard_fp_saved_regs_size; -+ poly_int64 bytes_below_hard_fp = frame.bytes_below_hard_fp; - unsigned reg1 = frame.wb_pop_candidate1; - unsigned reg2 = frame.wb_pop_candidate2; - unsigned int last_gpr = (frame.is_scs_enabled -@@ -10230,7 +10230,7 @@ aarch64_expand_epilogue (bool for_sibcall) - is restored on the instruction doing the writeback. */ - aarch64_add_offset (Pmode, stack_pointer_rtx, - hard_frame_pointer_rtx, -- -callee_offset - below_hard_fp_saved_regs_size, -+ -bytes_below_hard_fp + final_adjust, - tmp1_rtx, tmp0_rtx, callee_adjust == 0); - else - /* The case where we need to re-use the register here is very rare, so -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 0b6faa3ddf1..4263d29d29d 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -786,6 +786,11 @@ struct GTY (()) aarch64_frame - are saved below the hard frame pointer. */ - poly_int64 below_hard_fp_saved_regs_size; - -+ /* The number of bytes between the bottom of the static frame (the bottom -+ of the outgoing arguments) and the hard frame pointer. This value is -+ always a multiple of STACK_BOUNDARY. */ -+ poly_int64 bytes_below_hard_fp; -+ - /* Offset from the base of the frame (incomming SP) to the - top of the locals area. This value is always a multiple of - STACK_BOUNDARY. */ --- -2.34.1 - - -From 86fa43e9fe4a8bf954f2919f07cbe3646d1d1df3 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:14 +0100 -Subject: [PATCH 06/19] aarch64: Tweak aarch64_save/restore_callee_saves - -aarch64_save_callee_saves and aarch64_restore_callee_saves took -a parameter called start_offset that gives the offset of the -bottom of the saved register area from the current stack pointer. -However, it's more convenient for later patches if we use the -bottom of the entire frame as the reference point, rather than -the bottom of the saved registers. - -Doing that removes the need for the callee_offset field. -Other than that, this is not a win on its own. It only really -makes sense in combination with the follow-on patches. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::callee_offset): Delete. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Remove - callee_offset handling. - (aarch64_save_callee_saves): Replace the start_offset parameter - with a bytes_below_sp parameter. - (aarch64_restore_callee_saves): Likewise. - (aarch64_expand_prologue): Update accordingly. - (aarch64_expand_epilogue): Likewise. ---- - gcc/config/aarch64/aarch64.cc | 56 +++++++++++++++++------------------ - gcc/config/aarch64/aarch64.h | 4 --- - 2 files changed, 28 insertions(+), 32 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index a3f7aabcc59..46ae5cf7673 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8604,7 +8604,6 @@ aarch64_layout_frame (void) - frame.final_adjust = 0; - frame.callee_adjust = 0; - frame.sve_callee_adjust = 0; -- frame.callee_offset = 0; - - frame.wb_pop_candidate1 = frame.wb_push_candidate1; - frame.wb_pop_candidate2 = frame.wb_push_candidate2; -@@ -8672,7 +8671,6 @@ aarch64_layout_frame (void) - stp reg1, reg2, [sp, bytes_below_saved_regs] - stp reg3, reg4, [sp, bytes_below_saved_regs + 16] */ - frame.initial_adjust = frame.frame_size; -- frame.callee_offset = const_below_saved_regs; - } - else if (saves_below_hard_fp_p - && known_eq (frame.saved_regs_size, -@@ -9073,12 +9071,13 @@ aarch64_add_cfa_expression (rtx_insn *insn, rtx reg, - } - - /* Emit code to save the callee-saved registers from register number START -- to LIMIT to the stack at the location starting at offset START_OFFSET, -- skipping any write-back candidates if SKIP_WB is true. HARD_FP_VALID_P -- is true if the hard frame pointer has been set up. */ -+ to LIMIT to the stack. The stack pointer is currently BYTES_BELOW_SP -+ bytes above the bottom of the static frame. Skip any write-back -+ candidates if SKIP_WB is true. HARD_FP_VALID_P is true if the hard -+ frame pointer has been set up. */ - - static void --aarch64_save_callee_saves (poly_int64 start_offset, -+aarch64_save_callee_saves (poly_int64 bytes_below_sp, - unsigned start, unsigned limit, bool skip_wb, - bool hard_fp_valid_p) - { -@@ -9106,7 +9105,9 @@ aarch64_save_callee_saves (poly_int64 start_offset, - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = start_offset + frame.reg_offset[regno]; -+ offset = (frame.reg_offset[regno] -+ + frame.bytes_below_saved_regs -+ - bytes_below_sp); - rtx base_rtx = stack_pointer_rtx; - poly_int64 sp_offset = offset; - -@@ -9117,9 +9118,7 @@ aarch64_save_callee_saves (poly_int64 start_offset, - else if (GP_REGNUM_P (regno) - && (!offset.is_constant (&const_offset) || const_offset >= 512)) - { -- gcc_assert (known_eq (start_offset, 0)); -- poly_int64 fp_offset -- = frame.below_hard_fp_saved_regs_size; -+ poly_int64 fp_offset = frame.bytes_below_hard_fp - bytes_below_sp; - if (hard_fp_valid_p) - base_rtx = hard_frame_pointer_rtx; - else -@@ -9183,12 +9182,13 @@ aarch64_save_callee_saves (poly_int64 start_offset, - } - - /* Emit code to restore the callee registers from register number START -- up to and including LIMIT. Restore from the stack offset START_OFFSET, -- skipping any write-back candidates if SKIP_WB is true. Write the -- appropriate REG_CFA_RESTORE notes into CFI_OPS. */ -+ up to and including LIMIT. The stack pointer is currently BYTES_BELOW_SP -+ bytes above the bottom of the static frame. Skip any write-back -+ candidates if SKIP_WB is true. Write the appropriate REG_CFA_RESTORE -+ notes into CFI_OPS. */ - - static void --aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start, -+aarch64_restore_callee_saves (poly_int64 bytes_below_sp, unsigned start, - unsigned limit, bool skip_wb, rtx *cfi_ops) - { - aarch64_frame &frame = cfun->machine->frame; -@@ -9214,7 +9214,9 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start, - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = start_offset + frame.reg_offset[regno]; -+ offset = (frame.reg_offset[regno] -+ + frame.bytes_below_saved_regs -+ - bytes_below_sp); - rtx base_rtx = stack_pointer_rtx; - if (mode == VNx2DImode && BYTES_BIG_ENDIAN) - aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg, -@@ -9990,8 +9992,6 @@ aarch64_expand_prologue (void) - HOST_WIDE_INT callee_adjust = frame.callee_adjust; - poly_int64 final_adjust = frame.final_adjust; - poly_int64 sve_callee_adjust = frame.sve_callee_adjust; -- poly_int64 below_hard_fp_saved_regs_size -- = frame.below_hard_fp_saved_regs_size; - unsigned reg1 = frame.wb_push_candidate1; - unsigned reg2 = frame.wb_push_candidate2; - bool emit_frame_chain = frame.emit_frame_chain; -@@ -10067,8 +10067,8 @@ aarch64_expand_prologue (void) - - frame.hard_fp_offset); - gcc_assert (known_ge (chain_offset, 0)); - -- /* The offset of the bottom of the save area from the current SP. */ -- poly_int64 saved_regs_offset = chain_offset - below_hard_fp_saved_regs_size; -+ /* The offset of the current SP from the bottom of the static frame. */ -+ poly_int64 bytes_below_sp = frame_size - initial_adjust - callee_adjust; - - if (emit_frame_chain) - { -@@ -10076,7 +10076,7 @@ aarch64_expand_prologue (void) - { - reg1 = R29_REGNUM; - reg2 = R30_REGNUM; -- aarch64_save_callee_saves (saved_regs_offset, reg1, reg2, -+ aarch64_save_callee_saves (bytes_below_sp, reg1, reg2, - false, false); - } - else -@@ -10116,7 +10116,7 @@ aarch64_expand_prologue (void) - emit_insn (gen_stack_tie (stack_pointer_rtx, hard_frame_pointer_rtx)); - } - -- aarch64_save_callee_saves (saved_regs_offset, R0_REGNUM, R30_REGNUM, -+ aarch64_save_callee_saves (bytes_below_sp, R0_REGNUM, R30_REGNUM, - callee_adjust != 0 || emit_frame_chain, - emit_frame_chain); - if (maybe_ne (sve_callee_adjust, 0)) -@@ -10126,16 +10126,17 @@ aarch64_expand_prologue (void) - aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx, - sve_callee_adjust, - !frame_pointer_needed, false); -- saved_regs_offset += sve_callee_adjust; -+ bytes_below_sp -= sve_callee_adjust; - } -- aarch64_save_callee_saves (saved_regs_offset, P0_REGNUM, P15_REGNUM, -+ aarch64_save_callee_saves (bytes_below_sp, P0_REGNUM, P15_REGNUM, - false, emit_frame_chain); -- aarch64_save_callee_saves (saved_regs_offset, V0_REGNUM, V31_REGNUM, -+ aarch64_save_callee_saves (bytes_below_sp, V0_REGNUM, V31_REGNUM, - callee_adjust != 0 || emit_frame_chain, - emit_frame_chain); - - /* We may need to probe the final adjustment if it is larger than the guard - that is assumed by the called. */ -+ gcc_assert (known_eq (bytes_below_sp, final_adjust)); - aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx, final_adjust, - !frame_pointer_needed, true); - } -@@ -10170,7 +10171,6 @@ aarch64_expand_epilogue (bool for_sibcall) - poly_int64 initial_adjust = frame.initial_adjust; - HOST_WIDE_INT callee_adjust = frame.callee_adjust; - poly_int64 final_adjust = frame.final_adjust; -- poly_int64 callee_offset = frame.callee_offset; - poly_int64 sve_callee_adjust = frame.sve_callee_adjust; - poly_int64 bytes_below_hard_fp = frame.bytes_below_hard_fp; - unsigned reg1 = frame.wb_pop_candidate1; -@@ -10240,9 +10240,9 @@ aarch64_expand_epilogue (bool for_sibcall) - - /* Restore the vector registers before the predicate registers, - so that we can use P4 as a temporary for big-endian SVE frames. */ -- aarch64_restore_callee_saves (callee_offset, V0_REGNUM, V31_REGNUM, -+ aarch64_restore_callee_saves (final_adjust, V0_REGNUM, V31_REGNUM, - callee_adjust != 0, &cfi_ops); -- aarch64_restore_callee_saves (callee_offset, P0_REGNUM, P15_REGNUM, -+ aarch64_restore_callee_saves (final_adjust, P0_REGNUM, P15_REGNUM, - false, &cfi_ops); - if (maybe_ne (sve_callee_adjust, 0)) - aarch64_add_sp (NULL_RTX, NULL_RTX, sve_callee_adjust, true); -@@ -10250,7 +10250,7 @@ aarch64_expand_epilogue (bool for_sibcall) - /* When shadow call stack is enabled, the scs_pop in the epilogue will - restore x30, we don't need to restore x30 again in the traditional - way. */ -- aarch64_restore_callee_saves (callee_offset - sve_callee_adjust, -+ aarch64_restore_callee_saves (final_adjust + sve_callee_adjust, - R0_REGNUM, last_gpr, - callee_adjust != 0, &cfi_ops); - -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 4263d29d29d..fd820b1be4e 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -813,10 +813,6 @@ struct GTY (()) aarch64_frame - It is zero when no push is used. */ - HOST_WIDE_INT callee_adjust; - -- /* The offset from SP to the callee-save registers after initial_adjust. -- It may be non-zero if no push is used (ie. callee_adjust == 0). */ -- poly_int64 callee_offset; -- - /* The size of the stack adjustment before saving or after restoring - SVE registers. */ - poly_int64 sve_callee_adjust; --- -2.34.1 - - -From 8ae9181426f2700c2e5a2909487fa630e6fa406b Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:15 +0100 -Subject: [PATCH 07/19] aarch64: Only calculate chain_offset if there is a - chain - -After previous patches, it is no longer necessary to calculate -a chain_offset in cases where there is no chain record. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_expand_prologue): Move the - calculation of chain_offset into the emit_frame_chain block. ---- - gcc/config/aarch64/aarch64.cc | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 46ae5cf7673..0e9b9717c08 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -10062,16 +10062,16 @@ aarch64_expand_prologue (void) - if (callee_adjust != 0) - aarch64_push_regs (reg1, reg2, callee_adjust); - -- /* The offset of the frame chain record (if any) from the current SP. */ -- poly_int64 chain_offset = (initial_adjust + callee_adjust -- - frame.hard_fp_offset); -- gcc_assert (known_ge (chain_offset, 0)); -- - /* The offset of the current SP from the bottom of the static frame. */ - poly_int64 bytes_below_sp = frame_size - initial_adjust - callee_adjust; - - if (emit_frame_chain) - { -+ /* The offset of the frame chain record (if any) from the current SP. */ -+ poly_int64 chain_offset = (initial_adjust + callee_adjust -+ - frame.hard_fp_offset); -+ gcc_assert (known_ge (chain_offset, 0)); -+ - if (callee_adjust == 0) - { - reg1 = R29_REGNUM; --- -2.34.1 - - -From 375794feb614cee1f41b710b9cc1b6f25da6c1cb Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:15 +0100 -Subject: [PATCH 08/19] aarch64: Rename locals_offset to bytes_above_locals -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -locals_offset was described as: - - /* Offset from the base of the frame (incomming SP) to the - top of the locals area. This value is always a multiple of - STACK_BOUNDARY. */ - -This is implicitly an “upside down” view of the frame: the incoming -SP is at offset 0, and anything N bytes below the incoming SP is at -offset N (rather than -N). - -However, reg_offset instead uses a “right way up” view; that is, -it views offsets in address terms. Something above X is at a -positive offset from X and something below X is at a negative -offset from X. - -Also, even on FRAME_GROWS_DOWNWARD targets like AArch64, -target-independent code views offsets in address terms too: -locals are allocated at negative offsets to virtual_stack_vars. - -It seems confusing to have *_offset fields of the same structure -using different polarities like this. This patch tries to avoid -that by renaming locals_offset to bytes_above_locals. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::locals_offset): Rename to... - (aarch64_frame::bytes_above_locals): ...this. - * config/aarch64/aarch64.cc (aarch64_layout_frame) - (aarch64_initial_elimination_offset): Update accordingly. ---- - gcc/config/aarch64/aarch64.cc | 6 +++--- - gcc/config/aarch64/aarch64.h | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 0e9b9717c08..0a22f91520e 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8598,7 +8598,7 @@ aarch64_layout_frame (void) - STACK_BOUNDARY / BITS_PER_UNIT)); - frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs; - -- frame.locals_offset = frame.saved_varargs_size; -+ frame.bytes_above_locals = frame.saved_varargs_size; - - frame.initial_adjust = 0; - frame.final_adjust = 0; -@@ -12754,13 +12754,13 @@ aarch64_initial_elimination_offset (unsigned from, unsigned to) - return frame.hard_fp_offset; - - if (from == FRAME_POINTER_REGNUM) -- return frame.hard_fp_offset - frame.locals_offset; -+ return frame.hard_fp_offset - frame.bytes_above_locals; - } - - if (to == STACK_POINTER_REGNUM) - { - if (from == FRAME_POINTER_REGNUM) -- return frame.frame_size - frame.locals_offset; -+ return frame.frame_size - frame.bytes_above_locals; - } - - return frame.frame_size; -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index fd820b1be4e..7ae12d13e2b 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -791,10 +791,10 @@ struct GTY (()) aarch64_frame - always a multiple of STACK_BOUNDARY. */ - poly_int64 bytes_below_hard_fp; - -- /* Offset from the base of the frame (incomming SP) to the -- top of the locals area. This value is always a multiple of -+ /* The number of bytes between the top of the locals area and the top -+ of the frame (the incomming SP). This value is always a multiple of - STACK_BOUNDARY. */ -- poly_int64 locals_offset; -+ poly_int64 bytes_above_locals; - - /* Offset from the base of the frame (incomming SP) to the - hard_frame_pointer. This value is always a multiple of --- -2.34.1 - - -From 1a9ea1c45c75615ffbfabe652b3598a1d7be2168 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:16 +0100 -Subject: [PATCH 09/19] aarch64: Rename hard_fp_offset to bytes_above_hard_fp -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Similarly to the previous locals_offset patch, hard_fp_offset -was described as: - - /* Offset from the base of the frame (incomming SP) to the - hard_frame_pointer. This value is always a multiple of - STACK_BOUNDARY. */ - poly_int64 hard_fp_offset; - -which again took an “upside-down” view: higher offsets meant lower -addresses. This patch renames the field to bytes_above_hard_fp instead. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::hard_fp_offset): Rename - to... - (aarch64_frame::bytes_above_hard_fp): ...this. - * config/aarch64/aarch64.cc (aarch64_layout_frame) - (aarch64_expand_prologue): Update accordingly. - (aarch64_initial_elimination_offset): Likewise. ---- - gcc/config/aarch64/aarch64.cc | 26 +++++++++++++------------- - gcc/config/aarch64/aarch64.h | 6 +++--- - 2 files changed, 16 insertions(+), 16 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 0a22f91520e..95499ae49ba 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8590,7 +8590,7 @@ aarch64_layout_frame (void) - + get_frame_size (), - STACK_BOUNDARY / BITS_PER_UNIT); - -- frame.hard_fp_offset -+ frame.bytes_above_hard_fp - = saved_regs_and_above - frame.below_hard_fp_saved_regs_size; - - /* Both these values are already aligned. */ -@@ -8639,13 +8639,13 @@ aarch64_layout_frame (void) - else if (frame.wb_pop_candidate1 != INVALID_REGNUM) - max_push_offset = 256; - -- HOST_WIDE_INT const_size, const_below_saved_regs, const_fp_offset; -+ HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp; - HOST_WIDE_INT const_saved_regs_size; - if (known_eq (frame.saved_regs_size, 0)) - frame.initial_adjust = frame.frame_size; - else if (frame.frame_size.is_constant (&const_size) - && const_size < max_push_offset -- && known_eq (frame.hard_fp_offset, const_size)) -+ && known_eq (frame.bytes_above_hard_fp, const_size)) - { - /* Simple, small frame with no data below the saved registers. - -@@ -8662,8 +8662,8 @@ aarch64_layout_frame (void) - case that it hardly seems worth the effort though. */ - && (!saves_below_hard_fp_p || const_below_saved_regs == 0) - && !(cfun->calls_alloca -- && frame.hard_fp_offset.is_constant (&const_fp_offset) -- && const_fp_offset < max_push_offset)) -+ && frame.bytes_above_hard_fp.is_constant (&const_above_fp) -+ && const_above_fp < max_push_offset)) - { - /* Frame with small area below the saved registers: - -@@ -8681,12 +8681,12 @@ aarch64_layout_frame (void) - sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size - save SVE registers relative to SP - sub sp, sp, bytes_below_saved_regs */ -- frame.initial_adjust = (frame.hard_fp_offset -+ frame.initial_adjust = (frame.bytes_above_hard_fp - + frame.below_hard_fp_saved_regs_size); - frame.final_adjust = frame.bytes_below_saved_regs; - } -- else if (frame.hard_fp_offset.is_constant (&const_fp_offset) -- && const_fp_offset < max_push_offset) -+ else if (frame.bytes_above_hard_fp.is_constant (&const_above_fp) -+ && const_above_fp < max_push_offset) - { - /* Frame with large area below the saved registers, or with SVE saves, - but with a small area above: -@@ -8696,7 +8696,7 @@ aarch64_layout_frame (void) - [sub sp, sp, below_hard_fp_saved_regs_size] - [save SVE registers relative to SP] - sub sp, sp, bytes_below_saved_regs */ -- frame.callee_adjust = const_fp_offset; -+ frame.callee_adjust = const_above_fp; - frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; - frame.final_adjust = frame.bytes_below_saved_regs; - } -@@ -8711,7 +8711,7 @@ aarch64_layout_frame (void) - [sub sp, sp, below_hard_fp_saved_regs_size] - [save SVE registers relative to SP] - sub sp, sp, bytes_below_saved_regs */ -- frame.initial_adjust = frame.hard_fp_offset; -+ frame.initial_adjust = frame.bytes_above_hard_fp; - frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; - frame.final_adjust = frame.bytes_below_saved_regs; - } -@@ -10069,7 +10069,7 @@ aarch64_expand_prologue (void) - { - /* The offset of the frame chain record (if any) from the current SP. */ - poly_int64 chain_offset = (initial_adjust + callee_adjust -- - frame.hard_fp_offset); -+ - frame.bytes_above_hard_fp); - gcc_assert (known_ge (chain_offset, 0)); - - if (callee_adjust == 0) -@@ -12751,10 +12751,10 @@ aarch64_initial_elimination_offset (unsigned from, unsigned to) - if (to == HARD_FRAME_POINTER_REGNUM) - { - if (from == ARG_POINTER_REGNUM) -- return frame.hard_fp_offset; -+ return frame.bytes_above_hard_fp; - - if (from == FRAME_POINTER_REGNUM) -- return frame.hard_fp_offset - frame.bytes_above_locals; -+ return frame.bytes_above_hard_fp - frame.bytes_above_locals; - } - - if (to == STACK_POINTER_REGNUM) -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 7ae12d13e2b..3808f49e9ca 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -796,10 +796,10 @@ struct GTY (()) aarch64_frame - STACK_BOUNDARY. */ - poly_int64 bytes_above_locals; - -- /* Offset from the base of the frame (incomming SP) to the -- hard_frame_pointer. This value is always a multiple of -+ /* The number of bytes between the hard_frame_pointer and the top of -+ the frame (the incomming SP). This value is always a multiple of - STACK_BOUNDARY. */ -- poly_int64 hard_fp_offset; -+ poly_int64 bytes_above_hard_fp; - - /* The size of the frame. This value is the offset from base of the - frame (incomming SP) to the stack_pointer. This value is always --- -2.34.1 - - -From d202ce1ecf60a36a3e1009917dd76109248ce9be Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:16 +0100 -Subject: [PATCH 10/19] aarch64: Tweak frame_size comment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch fixes another case in which a value was described with -an “upside-down” view. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::frame_size): Tweak comment. ---- - gcc/config/aarch64/aarch64.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 3808f49e9ca..108a5731b0d 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -801,8 +801,8 @@ struct GTY (()) aarch64_frame - STACK_BOUNDARY. */ - poly_int64 bytes_above_hard_fp; - -- /* The size of the frame. This value is the offset from base of the -- frame (incomming SP) to the stack_pointer. This value is always -+ /* The size of the frame, i.e. the number of bytes between the bottom -+ of the outgoing arguments and the incoming SP. This value is always - a multiple of STACK_BOUNDARY. */ - poly_int64 frame_size; - --- -2.34.1 - - -From f2b585375205b0a1802d79c682ba33766ecd1f0f Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:17 +0100 -Subject: [PATCH 11/19] aarch64: Measure reg_offset from the bottom of the - frame - -reg_offset was measured from the bottom of the saved register area. -This made perfect sense with the original layout, since the bottom -of the saved register area was also the hard frame pointer address. -It became slightly less obvious with SVE, since we save SVE -registers below the hard frame pointer, but it still made sense. - -However, if we want to allow different frame layouts, it's more -convenient and obvious to measure reg_offset from the bottom of -the frame. After previous patches, it's also a slight simplification -in its own right. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame): Add comment above - reg_offset. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Walk offsets - from the bottom of the frame, rather than the bottom of the saved - register area. Measure reg_offset from the bottom of the frame - rather than the bottom of the saved register area. - (aarch64_save_callee_saves): Update accordingly. - (aarch64_restore_callee_saves): Likewise. - (aarch64_get_separate_components): Likewise. - (aarch64_process_components): Likewise. ---- - gcc/config/aarch64/aarch64.cc | 53 ++++++++++++++++------------------- - gcc/config/aarch64/aarch64.h | 3 ++ - 2 files changed, 27 insertions(+), 29 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 95499ae49ba..af99807ef8a 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8400,7 +8400,6 @@ aarch64_needs_frame_chain (void) - static void - aarch64_layout_frame (void) - { -- poly_int64 offset = 0; - int regno, last_fp_reg = INVALID_REGNUM; - machine_mode vector_save_mode = aarch64_reg_save_mode (V8_REGNUM); - poly_int64 vector_save_size = GET_MODE_SIZE (vector_save_mode); -@@ -8478,7 +8477,9 @@ aarch64_layout_frame (void) - gcc_assert (crtl->is_leaf - || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED)); - -- frame.bytes_below_saved_regs = crtl->outgoing_args_size; -+ poly_int64 offset = crtl->outgoing_args_size; -+ gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT)); -+ frame.bytes_below_saved_regs = offset; - - /* Now assign stack slots for the registers. Start with the predicate - registers, since predicate LDR and STR have a relatively small -@@ -8490,7 +8491,8 @@ aarch64_layout_frame (void) - offset += BYTES_PER_SVE_PRED; - } - -- if (maybe_ne (offset, 0)) -+ poly_int64 saved_prs_size = offset - frame.bytes_below_saved_regs; -+ if (maybe_ne (saved_prs_size, 0)) - { - /* If we have any vector registers to save above the predicate registers, - the offset of the vector register save slots need to be a multiple -@@ -8508,10 +8510,10 @@ aarch64_layout_frame (void) - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); - else - { -- if (known_le (offset, vector_save_size)) -- offset = vector_save_size; -- else if (known_le (offset, vector_save_size * 2)) -- offset = vector_save_size * 2; -+ if (known_le (saved_prs_size, vector_save_size)) -+ offset = frame.bytes_below_saved_regs + vector_save_size; -+ else if (known_le (saved_prs_size, vector_save_size * 2)) -+ offset = frame.bytes_below_saved_regs + vector_save_size * 2; - else - gcc_unreachable (); - } -@@ -8528,9 +8530,10 @@ aarch64_layout_frame (void) - - /* OFFSET is now the offset of the hard frame pointer from the bottom - of the callee save area. */ -- bool saves_below_hard_fp_p = maybe_ne (offset, 0); -- frame.below_hard_fp_saved_regs_size = offset; -- frame.bytes_below_hard_fp = offset + frame.bytes_below_saved_regs; -+ frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs; -+ bool saves_below_hard_fp_p -+ = maybe_ne (frame.below_hard_fp_saved_regs_size, 0); -+ frame.bytes_below_hard_fp = offset; - if (frame.emit_frame_chain) - { - /* FP and LR are placed in the linkage record. */ -@@ -8581,9 +8584,10 @@ aarch64_layout_frame (void) - - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); - -- frame.saved_regs_size = offset; -+ frame.saved_regs_size = offset - frame.bytes_below_saved_regs; - -- poly_int64 varargs_and_saved_regs_size = offset + frame.saved_varargs_size; -+ poly_int64 varargs_and_saved_regs_size -+ = frame.saved_regs_size + frame.saved_varargs_size; - - poly_int64 saved_regs_and_above - = aligned_upper_bound (varargs_and_saved_regs_size -@@ -9105,9 +9109,7 @@ aarch64_save_callee_saves (poly_int64 bytes_below_sp, - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = (frame.reg_offset[regno] -- + frame.bytes_below_saved_regs -- - bytes_below_sp); -+ offset = frame.reg_offset[regno] - bytes_below_sp; - rtx base_rtx = stack_pointer_rtx; - poly_int64 sp_offset = offset; - -@@ -9214,9 +9216,7 @@ aarch64_restore_callee_saves (poly_int64 bytes_below_sp, unsigned start, - - machine_mode mode = aarch64_reg_save_mode (regno); - reg = gen_rtx_REG (mode, regno); -- offset = (frame.reg_offset[regno] -- + frame.bytes_below_saved_regs -- - bytes_below_sp); -+ offset = frame.reg_offset[regno] - bytes_below_sp; - rtx base_rtx = stack_pointer_rtx; - if (mode == VNx2DImode && BYTES_BIG_ENDIAN) - aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg, -@@ -9355,14 +9355,12 @@ aarch64_get_separate_components (void) - it as a stack probe for -fstack-clash-protection. */ - if (flag_stack_clash_protection - && maybe_ne (frame.below_hard_fp_saved_regs_size, 0) -- && known_eq (offset, 0)) -+ && known_eq (offset, frame.bytes_below_saved_regs)) - continue; - - /* Get the offset relative to the register we'll use. */ - if (frame_pointer_needed) -- offset -= frame.below_hard_fp_saved_regs_size; -- else -- offset += frame.bytes_below_saved_regs; -+ offset -= frame.bytes_below_hard_fp; - - /* Check that we can access the stack slot of the register with one - direct load with no adjustments needed. */ -@@ -9509,9 +9507,7 @@ aarch64_process_components (sbitmap components, bool prologue_p) - rtx reg = gen_rtx_REG (mode, regno); - poly_int64 offset = frame.reg_offset[regno]; - if (frame_pointer_needed) -- offset -= frame.below_hard_fp_saved_regs_size; -- else -- offset += frame.bytes_below_saved_regs; -+ offset -= frame.bytes_below_hard_fp; - - rtx addr = plus_constant (Pmode, ptr_reg, offset); - rtx mem = gen_frame_mem (mode, addr); -@@ -9563,9 +9559,7 @@ aarch64_process_components (sbitmap components, bool prologue_p) - /* REGNO2 can be saved/restored in a pair with REGNO. */ - rtx reg2 = gen_rtx_REG (mode, regno2); - if (frame_pointer_needed) -- offset2 -= frame.below_hard_fp_saved_regs_size; -- else -- offset2 += frame.bytes_below_saved_regs; -+ offset2 -= frame.bytes_below_hard_fp; - rtx addr2 = plus_constant (Pmode, ptr_reg, offset2); - rtx mem2 = gen_frame_mem (mode, addr2); - rtx set2 = prologue_p ? gen_rtx_SET (mem2, reg2) -@@ -9681,7 +9675,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - if (final_adjustment_p - && known_eq (frame.below_hard_fp_saved_regs_size, 0)) - { -- poly_int64 lr_offset = frame.reg_offset[LR_REGNUM]; -+ poly_int64 lr_offset = (frame.reg_offset[LR_REGNUM] -+ - frame.bytes_below_saved_regs); - if (known_ge (lr_offset, 0)) - min_probe_threshold -= lr_offset.to_constant (); - else -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 108a5731b0d..c8becb098c8 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -766,6 +766,9 @@ extern enum aarch64_processor aarch64_tune; - #ifdef HAVE_POLY_INT_H - struct GTY (()) aarch64_frame - { -+ /* The offset from the bottom of the static frame (the bottom of the -+ outgoing arguments) of each register save slot, or -2 if no save is -+ needed. */ - poly_int64 reg_offset[LAST_SAVED_REGNUM + 1]; - - /* The number of extra stack bytes taken up by register varargs. --- -2.34.1 - - -From 79faabda181d0d9fd29a3cf5726ba65bdee945b5 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:17 +0100 -Subject: [PATCH 12/19] aarch64: Simplify top of frame allocation - -After previous patches, it no longer really makes sense to allocate -the top of the frame in terms of varargs_and_saved_regs_size and -saved_regs_and_above. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_layout_frame): Simplify - the allocation of the top of the frame. ---- - gcc/config/aarch64/aarch64.cc | 23 ++++++++--------------- - 1 file changed, 8 insertions(+), 15 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index af99807ef8a..31b00094c2a 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8586,23 +8586,16 @@ aarch64_layout_frame (void) - - frame.saved_regs_size = offset - frame.bytes_below_saved_regs; - -- poly_int64 varargs_and_saved_regs_size -- = frame.saved_regs_size + frame.saved_varargs_size; -- -- poly_int64 saved_regs_and_above -- = aligned_upper_bound (varargs_and_saved_regs_size -- + get_frame_size (), -- STACK_BOUNDARY / BITS_PER_UNIT); -- -- frame.bytes_above_hard_fp -- = saved_regs_and_above - frame.below_hard_fp_saved_regs_size; -+ offset += get_frame_size (); -+ offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -+ auto top_of_locals = offset; - -- /* Both these values are already aligned. */ -- gcc_assert (multiple_p (frame.bytes_below_saved_regs, -- STACK_BOUNDARY / BITS_PER_UNIT)); -- frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs; -+ offset += frame.saved_varargs_size; -+ gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT)); -+ frame.frame_size = offset; - -- frame.bytes_above_locals = frame.saved_varargs_size; -+ frame.bytes_above_hard_fp = frame.frame_size - frame.bytes_below_hard_fp; -+ frame.bytes_above_locals = frame.frame_size - top_of_locals; - - frame.initial_adjust = 0; - frame.final_adjust = 0; --- -2.34.1 - - -From 4e62049e403b141e6f916176160dac8cbd65fe47 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:18 +0100 -Subject: [PATCH 13/19] aarch64: Minor initial adjustment tweak - -This patch just changes a calculation of initial_adjust -to one that makes it slightly more obvious that the total -adjustment is frame.frame_size. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_layout_frame): Tweak - calculation of initial_adjust for frames in which all saves - are SVE saves. ---- - gcc/config/aarch64/aarch64.cc | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 31b00094c2a..1aa79da0673 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8675,11 +8675,10 @@ aarch64_layout_frame (void) - { - /* Frame in which all saves are SVE saves: - -- sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size -+ sub sp, sp, frame_size - bytes_below_saved_regs - save SVE registers relative to SP - sub sp, sp, bytes_below_saved_regs */ -- frame.initial_adjust = (frame.bytes_above_hard_fp -- + frame.below_hard_fp_saved_regs_size); -+ frame.initial_adjust = frame.frame_size - frame.bytes_below_saved_regs; - frame.final_adjust = frame.bytes_below_saved_regs; - } - else if (frame.bytes_above_hard_fp.is_constant (&const_above_fp) --- -2.34.1 - - -From aaa1a0a5912d9e5d571e5f1c6f09ceac99544ab5 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:18 +0100 -Subject: [PATCH 14/19] aarch64: Tweak stack clash boundary condition - -The AArch64 ABI says that, when stack clash protection is used, -there can be a maximum of 1KiB of unprobed space at sp on entry -to a function. Therefore, we need to probe when allocating ->= guard_size - 1KiB of data (>= rather than >). This is what -GCC does. - -If an allocation is exactly guard_size bytes, it is enough to allocate -those bytes and probe once at offset 1024. It isn't possible to use a -single probe at any other offset: higher would conmplicate later code, -by leaving more unprobed space than usual, while lower would risk -leaving an entire page unprobed. For simplicity, the code probes all -allocations at offset 1024. - -Some register saves also act as probes. If we need to allocate -more space below the last such register save probe, we need to -probe the allocation if it is > 1KiB. Again, this allocation is -then sometimes (but not always) probed at offset 1024. This sort of -allocation is currently only used for outgoing arguments, which are -rarely this big. - -However, the code also probed if this final outgoing-arguments -allocation was == 1KiB, rather than just > 1KiB. This isn't -necessary, since the register save then probes at offset 1024 -as required. Continuing to probe allocations of exactly 1KiB -would complicate later patches. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_allocate_and_probe_stack_space): - Don't probe final allocations that are exactly 1KiB in size (after - unprobed space above the final allocation has been deducted). - -gcc/testsuite/ - * gcc.target/aarch64/stack-check-prologue-17.c: New test. ---- - gcc/config/aarch64/aarch64.cc | 4 +- - .../aarch64/stack-check-prologue-17.c | 55 +++++++++++++++++++ - 2 files changed, 58 insertions(+), 1 deletion(-) - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 1aa79da0673..5cad847977a 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -9648,9 +9648,11 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - HOST_WIDE_INT guard_size - = 1 << param_stack_clash_protection_guard_size; - HOST_WIDE_INT guard_used_by_caller = STACK_CLASH_CALLER_GUARD; -+ HOST_WIDE_INT byte_sp_alignment = STACK_BOUNDARY / BITS_PER_UNIT; -+ gcc_assert (multiple_p (poly_size, byte_sp_alignment)); - HOST_WIDE_INT min_probe_threshold - = (final_adjustment_p -- ? guard_used_by_caller -+ ? guard_used_by_caller + byte_sp_alignment - : guard_size - guard_used_by_caller); - /* When doing the final adjustment for the outgoing arguments, take into - account any unprobed space there is above the current SP. There are -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c -new file mode 100644 -index 00000000000..0d8a25d73a2 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c -@@ -0,0 +1,55 @@ -+/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12" } */ -+/* { dg-final { check-function-bodies "**" "" } } */ -+ -+void f(int, ...); -+void g(); -+ -+/* -+** test1: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1024 -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test1(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x); -+ } -+ g(); -+ return 1; -+} -+ -+/* -+** test2: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1040 -+** str xzr, \[sp\] -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test2(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x); -+ } -+ g(); -+ return 1; -+} --- -2.34.1 - - -From 8433953434a7b58c0923140d39eb3c5988c1d097 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:19 +0100 -Subject: [PATCH 15/19] aarch64: Put LR save probe in first 16 bytes - --fstack-clash-protection uses the save of LR as a probe for the next -allocation. The next allocation could be: - -* another part of the static frame, e.g. when allocating SVE save slots - or outgoing arguments - -* an alloca in the same function - -* an allocation made by a callee function - -However, when -fomit-frame-pointer is used, the LR save slot is placed -above the other GPR save slots. It could therefore be up to 80 bytes -above the base of the GPR save area (which is also the hard fp address). - -aarch64_allocate_and_probe_stack_space took this into account when -deciding how much subsequent space could be allocated without needing -a probe. However, it interacted badly with: - - /* If doing a small final adjustment, we always probe at offset 0. - This is done to avoid issues when LR is not at position 0 or when - the final adjustment is smaller than the probing offset. */ - else if (final_adjustment_p && rounded_size == 0) - residual_probe_offset = 0; - -which forces any allocation that is smaller than the guard page size -to be probed at offset 0 rather than the usual offset 1024. It was -therefore possible to construct cases in which we had: - -* a probe using LR at SP + 80 bytes (or some other value >= 16) -* an allocation of the guard page size - 16 bytes -* a probe at SP + 0 - -which allocates guard page size + 64 consecutive unprobed bytes. - -This patch requires the LR probe to be in the first 16 bytes of the -save area when stack clash protection is active. Doing it -unconditionally would cause code-quality regressions. - -Putting LR before other registers prevents push/pop allocation -when shadow call stacks are enabled, since LR is restored -separately from the other callee-saved registers. - -The new comment doesn't say that the probe register is required -to be LR, since a later patch removes that restriction. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_layout_frame): Ensure that - the LR save slot is in the first 16 bytes of the register save area. - Only form STP/LDP push/pop candidates if both registers are valid. - (aarch64_allocate_and_probe_stack_space): Remove workaround for - when LR was not in the first 16 bytes. - -gcc/testsuite/ - * gcc.target/aarch64/stack-check-prologue-18.c: New test. - * gcc.target/aarch64/stack-check-prologue-19.c: Likewise. - * gcc.target/aarch64/stack-check-prologue-20.c: Likewise. ---- - gcc/config/aarch64/aarch64.cc | 72 ++++++------- - .../aarch64/stack-check-prologue-18.c | 100 ++++++++++++++++++ - .../aarch64/stack-check-prologue-19.c | 100 ++++++++++++++++++ - .../aarch64/stack-check-prologue-20.c | 3 + - 4 files changed, 233 insertions(+), 42 deletions(-) - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 5cad847977a..a765f92329d 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8534,26 +8534,34 @@ aarch64_layout_frame (void) - bool saves_below_hard_fp_p - = maybe_ne (frame.below_hard_fp_saved_regs_size, 0); - frame.bytes_below_hard_fp = offset; -+ -+ auto allocate_gpr_slot = [&](unsigned int regno) -+ { -+ frame.reg_offset[regno] = offset; -+ if (frame.wb_push_candidate1 == INVALID_REGNUM) -+ frame.wb_push_candidate1 = regno; -+ else if (frame.wb_push_candidate2 == INVALID_REGNUM) -+ frame.wb_push_candidate2 = regno; -+ offset += UNITS_PER_WORD; -+ }; -+ - if (frame.emit_frame_chain) - { - /* FP and LR are placed in the linkage record. */ -- frame.reg_offset[R29_REGNUM] = offset; -- frame.wb_push_candidate1 = R29_REGNUM; -- frame.reg_offset[R30_REGNUM] = offset + UNITS_PER_WORD; -- frame.wb_push_candidate2 = R30_REGNUM; -- offset += 2 * UNITS_PER_WORD; -+ allocate_gpr_slot (R29_REGNUM); -+ allocate_gpr_slot (R30_REGNUM); - } -+ else if (flag_stack_clash_protection -+ && known_eq (frame.reg_offset[R30_REGNUM], SLOT_REQUIRED)) -+ /* Put the LR save slot first, since it makes a good choice of probe -+ for stack clash purposes. The idea is that the link register usually -+ has to be saved before a call anyway, and so we lose little by -+ stopping it from being individually shrink-wrapped. */ -+ allocate_gpr_slot (R30_REGNUM); - - for (regno = R0_REGNUM; regno <= R30_REGNUM; regno++) - if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED)) -- { -- frame.reg_offset[regno] = offset; -- if (frame.wb_push_candidate1 == INVALID_REGNUM) -- frame.wb_push_candidate1 = regno; -- else if (frame.wb_push_candidate2 == INVALID_REGNUM) -- frame.wb_push_candidate2 = regno; -- offset += UNITS_PER_WORD; -- } -+ allocate_gpr_slot (regno); - - poly_int64 max_int_offset = offset; - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -@@ -8631,10 +8639,13 @@ aarch64_layout_frame (void) - max_push_offset to 0, because no registers are popped at this time, - so callee_adjust cannot be adjusted. */ - HOST_WIDE_INT max_push_offset = 0; -- if (frame.wb_pop_candidate2 != INVALID_REGNUM) -- max_push_offset = 512; -- else if (frame.wb_pop_candidate1 != INVALID_REGNUM) -- max_push_offset = 256; -+ if (frame.wb_pop_candidate1 != INVALID_REGNUM) -+ { -+ if (frame.wb_pop_candidate2 != INVALID_REGNUM) -+ max_push_offset = 512; -+ else -+ max_push_offset = 256; -+ } - - HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp; - HOST_WIDE_INT const_saved_regs_size; -@@ -9654,29 +9665,6 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - = (final_adjustment_p - ? guard_used_by_caller + byte_sp_alignment - : guard_size - guard_used_by_caller); -- /* When doing the final adjustment for the outgoing arguments, take into -- account any unprobed space there is above the current SP. There are -- two cases: -- -- - When saving SVE registers below the hard frame pointer, we force -- the lowest save to take place in the prologue before doing the final -- adjustment (i.e. we don't allow the save to be shrink-wrapped). -- This acts as a probe at SP, so there is no unprobed space. -- -- - When there are no SVE register saves, we use the store of the link -- register as a probe. We can't assume that LR was saved at position 0 -- though, so treat any space below it as unprobed. */ -- if (final_adjustment_p -- && known_eq (frame.below_hard_fp_saved_regs_size, 0)) -- { -- poly_int64 lr_offset = (frame.reg_offset[LR_REGNUM] -- - frame.bytes_below_saved_regs); -- if (known_ge (lr_offset, 0)) -- min_probe_threshold -= lr_offset.to_constant (); -- else -- gcc_assert (!flag_stack_clash_protection || known_eq (poly_size, 0)); -- } -- - poly_int64 frame_size = frame.frame_size; - - /* We should always have a positive probe threshold. */ -@@ -9856,8 +9844,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - if (final_adjustment_p && rounded_size != 0) - min_probe_threshold = 0; - /* If doing a small final adjustment, we always probe at offset 0. -- This is done to avoid issues when LR is not at position 0 or when -- the final adjustment is smaller than the probing offset. */ -+ This is done to avoid issues when the final adjustment is smaller -+ than the probing offset. */ - else if (final_adjustment_p && rounded_size == 0) - residual_probe_offset = 0; - -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c -new file mode 100644 -index 00000000000..82447d20fff ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c -@@ -0,0 +1,100 @@ -+/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12" } */ -+/* { dg-final { check-function-bodies "**" "" } } */ -+ -+void f(int, ...); -+void g(); -+ -+/* -+** test1: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #4064 -+** str xzr, \[sp\] -+** cbnz w0, .* -+** bl g -+** ... -+** str x26, \[sp, #?4128\] -+** ... -+*/ -+int test1(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x); -+ } -+ g(); -+ return 1; -+} -+ -+/* -+** test2: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1040 -+** str xzr, \[sp\] -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test2(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x); -+ } -+ g(); -+ return 1; -+} -+ -+/* -+** test3: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1024 -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test3(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x); -+ } -+ g(); -+ return 1; -+} -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c -new file mode 100644 -index 00000000000..73ac3e4e4eb ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c -@@ -0,0 +1,100 @@ -+/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12 -fsanitize=shadow-call-stack -ffixed-x18" } */ -+/* { dg-final { check-function-bodies "**" "" } } */ -+ -+void f(int, ...); -+void g(); -+ -+/* -+** test1: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #4064 -+** str xzr, \[sp\] -+** cbnz w0, .* -+** bl g -+** ... -+** str x26, \[sp, #?4128\] -+** ... -+*/ -+int test1(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x); -+ } -+ g(); -+ return 1; -+} -+ -+/* -+** test2: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1040 -+** str xzr, \[sp\] -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test2(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x); -+ } -+ g(); -+ return 1; -+} -+ -+/* -+** test3: -+** ... -+** str x30, \[sp\] -+** sub sp, sp, #1024 -+** cbnz w0, .* -+** bl g -+** ... -+*/ -+int test3(int z) { -+ __uint128_t x = 0; -+ int y[0x400]; -+ if (z) -+ { -+ asm volatile ("" ::: -+ "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26"); -+ f(0, 0, 0, 0, 0, 0, 0, &y, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, -+ x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x); -+ } -+ g(); -+ return 1; -+} -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c -new file mode 100644 -index 00000000000..690aae8dfd5 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c -@@ -0,0 +1,3 @@ -+/* { dg-options "-O2 -fstack-protector-all -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12 -fsanitize=shadow-call-stack -ffixed-x18" } */ -+ -+#include "stack-check-prologue-19.c" --- -2.34.1 - - -From eea1759073e09dd1aefbc9a881601ab1eebfdd18 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:19 +0100 -Subject: [PATCH 16/19] aarch64: Simplify probe of final frame allocation - -Previous patches ensured that the final frame allocation only needs -a probe when the size is strictly greater than 1KiB. It's therefore -safe to use the normal 1024 probe offset in all cases. - -The main motivation for doing this is to simplify the code and -remove the number of special cases. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_allocate_and_probe_stack_space): - Always probe the residual allocation at offset 1024, asserting - that that is in range. - -gcc/testsuite/ - * gcc.target/aarch64/stack-check-prologue-17.c: Expect the probe - to be at offset 1024 rather than offset 0. - * gcc.target/aarch64/stack-check-prologue-18.c: Likewise. - * gcc.target/aarch64/stack-check-prologue-19.c: Likewise. ---- - gcc/config/aarch64/aarch64.cc | 12 ++++-------- - .../gcc.target/aarch64/stack-check-prologue-17.c | 2 +- - .../gcc.target/aarch64/stack-check-prologue-18.c | 4 ++-- - .../gcc.target/aarch64/stack-check-prologue-19.c | 4 ++-- - 4 files changed, 9 insertions(+), 13 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index a765f92329d..37809a306f7 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -9838,16 +9838,12 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - are still safe. */ - if (residual) - { -- HOST_WIDE_INT residual_probe_offset = guard_used_by_caller; -+ gcc_assert (guard_used_by_caller + byte_sp_alignment <= size); -+ - /* If we're doing final adjustments, and we've done any full page - allocations then any residual needs to be probed. */ - if (final_adjustment_p && rounded_size != 0) - min_probe_threshold = 0; -- /* If doing a small final adjustment, we always probe at offset 0. -- This is done to avoid issues when the final adjustment is smaller -- than the probing offset. */ -- else if (final_adjustment_p && rounded_size == 0) -- residual_probe_offset = 0; - - aarch64_sub_sp (temp1, temp2, residual, frame_related_p); - if (residual >= min_probe_threshold) -@@ -9858,8 +9854,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2, - HOST_WIDE_INT_PRINT_DEC " bytes, probing will be required." - "\n", residual); - -- emit_stack_probe (plus_constant (Pmode, stack_pointer_rtx, -- residual_probe_offset)); -+ emit_stack_probe (plus_constant (Pmode, stack_pointer_rtx, -+ guard_used_by_caller)); - emit_insn (gen_blockage ()); - } - } -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c -index 0d8a25d73a2..f0ec1389771 100644 ---- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c -@@ -33,7 +33,7 @@ int test1(int z) { - ** ... - ** str x30, \[sp\] - ** sub sp, sp, #1040 --** str xzr, \[sp\] -+** str xzr, \[sp, #?1024\] - ** cbnz w0, .* - ** bl g - ** ... -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c -index 82447d20fff..6383bec5ebc 100644 ---- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c -@@ -9,7 +9,7 @@ void g(); - ** ... - ** str x30, \[sp\] - ** sub sp, sp, #4064 --** str xzr, \[sp\] -+** str xzr, \[sp, #?1024\] - ** cbnz w0, .* - ** bl g - ** ... -@@ -50,7 +50,7 @@ int test1(int z) { - ** ... - ** str x30, \[sp\] - ** sub sp, sp, #1040 --** str xzr, \[sp\] -+** str xzr, \[sp, #?1024\] - ** cbnz w0, .* - ** bl g - ** ... -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c -index 73ac3e4e4eb..562039b5e9b 100644 ---- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c -+++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c -@@ -9,7 +9,7 @@ void g(); - ** ... - ** str x30, \[sp\] - ** sub sp, sp, #4064 --** str xzr, \[sp\] -+** str xzr, \[sp, #?1024\] - ** cbnz w0, .* - ** bl g - ** ... -@@ -50,7 +50,7 @@ int test1(int z) { - ** ... - ** str x30, \[sp\] - ** sub sp, sp, #1040 --** str xzr, \[sp\] -+** str xzr, \[sp, #?1024\] - ** cbnz w0, .* - ** bl g - ** ... --- -2.34.1 - - -From 96d85187c3b9c9a7efc2fd698c3d452e80d8aa47 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:20 +0100 -Subject: [PATCH 17/19] aarch64: Explicitly record probe registers in frame - info - -The stack frame is currently divided into three areas: - -A: the area above the hard frame pointer -B: the SVE saves below the hard frame pointer -C: the outgoing arguments - -If the stack frame is allocated in one chunk, the allocation needs a -probe if the frame size is >= guard_size - 1KiB. In addition, if the -function is not a leaf function, it must probe an address no more than -1KiB above the outgoing SP. We ensured the second condition by - -(1) using single-chunk allocations for non-leaf functions only if - the link register save slot is within 512 bytes of the bottom - of the frame; and - -(2) using the link register save as a probe (meaning, for instance, - that it can't be individually shrink wrapped) - -If instead the stack is allocated in multiple chunks, then: - -* an allocation involving only the outgoing arguments (C above) requires - a probe if the allocation size is > 1KiB - -* any other allocation requires a probe if the allocation size - is >= guard_size - 1KiB - -* second and subsequent allocations require the previous allocation - to probe at the bottom of the allocated area, regardless of the size - of that previous allocation - -The final point means that, unlike for single allocations, -it can be necessary to have both a non-SVE register probe and -an SVE register probe. For example: - -* allocate A, probe using a non-SVE register save -* allocate B, probe using an SVE register save -* allocate C - -The non-SVE register used in this case was again the link register. -It was previously used even if the link register save slot was some -bytes above the bottom of the non-SVE register saves, but an earlier -patch avoided that by putting the link register save slot first. - -As a belt-and-braces fix, this patch explicitly records which -probe registers we're using and allows the non-SVE probe to be -whichever register comes first (as for SVE). - -The patch also avoids unnecessary probes in sve/pcs/stack_clash_3.c. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::sve_save_and_probe) - (aarch64_frame::hard_fp_save_and_probe): New fields. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize them. - Rather than asserting that a leaf function saves LR, instead assert - that a leaf function saves something. - (aarch64_get_separate_components): Prevent the chosen probe - registers from being individually shrink-wrapped. - (aarch64_allocate_and_probe_stack_space): Remove workaround for - probe registers that aren't at the bottom of the previous allocation. - -gcc/testsuite/ - * gcc.target/aarch64/sve/pcs/stack_clash_3.c: Avoid redundant probes. ---- - gcc/config/aarch64/aarch64.cc | 68 +++++++++++++++---- - gcc/config/aarch64/aarch64.h | 8 +++ - .../aarch64/sve/pcs/stack_clash_3.c | 6 +- - 3 files changed, 64 insertions(+), 18 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 37809a306f7..6c59c39a639 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8471,15 +8471,11 @@ aarch64_layout_frame (void) - && !crtl->abi->clobbers_full_reg_p (regno)) - frame.reg_offset[regno] = SLOT_REQUIRED; - -- /* With stack-clash, LR must be saved in non-leaf functions. The saving of -- LR counts as an implicit probe which allows us to maintain the invariant -- described in the comment at expand_prologue. */ -- gcc_assert (crtl->is_leaf -- || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED)); - - poly_int64 offset = crtl->outgoing_args_size; - gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT)); - frame.bytes_below_saved_regs = offset; -+ frame.sve_save_and_probe = INVALID_REGNUM; - - /* Now assign stack slots for the registers. Start with the predicate - registers, since predicate LDR and STR have a relatively small -@@ -8487,6 +8483,8 @@ aarch64_layout_frame (void) - for (regno = P0_REGNUM; regno <= P15_REGNUM; regno++) - if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED)) - { -+ if (frame.sve_save_and_probe == INVALID_REGNUM) -+ frame.sve_save_and_probe = regno; - frame.reg_offset[regno] = offset; - offset += BYTES_PER_SVE_PRED; - } -@@ -8524,6 +8522,8 @@ aarch64_layout_frame (void) - for (regno = V0_REGNUM; regno <= V31_REGNUM; regno++) - if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED)) - { -+ if (frame.sve_save_and_probe == INVALID_REGNUM) -+ frame.sve_save_and_probe = regno; - frame.reg_offset[regno] = offset; - offset += vector_save_size; - } -@@ -8533,10 +8533,18 @@ aarch64_layout_frame (void) - frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs; - bool saves_below_hard_fp_p - = maybe_ne (frame.below_hard_fp_saved_regs_size, 0); -+ gcc_assert (!saves_below_hard_fp_p -+ || (frame.sve_save_and_probe != INVALID_REGNUM -+ && known_eq (frame.reg_offset[frame.sve_save_and_probe], -+ frame.bytes_below_saved_regs))); -+ - frame.bytes_below_hard_fp = offset; -+ frame.hard_fp_save_and_probe = INVALID_REGNUM; - - auto allocate_gpr_slot = [&](unsigned int regno) - { -+ if (frame.hard_fp_save_and_probe == INVALID_REGNUM) -+ frame.hard_fp_save_and_probe = regno; - frame.reg_offset[regno] = offset; - if (frame.wb_push_candidate1 == INVALID_REGNUM) - frame.wb_push_candidate1 = regno; -@@ -8570,6 +8578,8 @@ aarch64_layout_frame (void) - for (regno = V0_REGNUM; regno <= V31_REGNUM; regno++) - if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED)) - { -+ if (frame.hard_fp_save_and_probe == INVALID_REGNUM) -+ frame.hard_fp_save_and_probe = regno; - /* If there is an alignment gap between integer and fp callee-saves, - allocate the last fp register to it if possible. */ - if (regno == last_fp_reg -@@ -8593,6 +8603,17 @@ aarch64_layout_frame (void) - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); - - frame.saved_regs_size = offset - frame.bytes_below_saved_regs; -+ gcc_assert (known_eq (frame.saved_regs_size, -+ frame.below_hard_fp_saved_regs_size) -+ || (frame.hard_fp_save_and_probe != INVALID_REGNUM -+ && known_eq (frame.reg_offset[frame.hard_fp_save_and_probe], -+ frame.bytes_below_hard_fp))); -+ -+ /* With stack-clash, a register must be saved in non-leaf functions. -+ The saving of the bottommost register counts as an implicit probe, -+ which allows us to maintain the invariant described in the comment -+ at expand_prologue. */ -+ gcc_assert (crtl->is_leaf || maybe_ne (frame.saved_regs_size, 0)); - - offset += get_frame_size (); - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -@@ -8723,6 +8744,25 @@ aarch64_layout_frame (void) - frame.final_adjust = frame.bytes_below_saved_regs; - } - -+ /* The frame is allocated in pieces, with each non-final piece -+ including a register save at offset 0 that acts as a probe for -+ the following piece. In addition, the save of the bottommost register -+ acts as a probe for callees and allocas. Roll back any probes that -+ aren't needed. -+ -+ A probe isn't needed if it is associated with the final allocation -+ (including callees and allocas) that happens before the epilogue is -+ executed. */ -+ if (crtl->is_leaf -+ && !cfun->calls_alloca -+ && known_eq (frame.final_adjust, 0)) -+ { -+ if (maybe_ne (frame.sve_callee_adjust, 0)) -+ frame.sve_save_and_probe = INVALID_REGNUM; -+ else -+ frame.hard_fp_save_and_probe = INVALID_REGNUM; -+ } -+ - /* Make sure the individual adjustments add up to the full frame size. */ - gcc_assert (known_eq (frame.initial_adjust - + frame.callee_adjust -@@ -9354,13 +9394,6 @@ aarch64_get_separate_components (void) - - poly_int64 offset = frame.reg_offset[regno]; - -- /* If the register is saved in the first SVE save slot, we use -- it as a stack probe for -fstack-clash-protection. */ -- if (flag_stack_clash_protection -- && maybe_ne (frame.below_hard_fp_saved_regs_size, 0) -- && known_eq (offset, frame.bytes_below_saved_regs)) -- continue; -- - /* Get the offset relative to the register we'll use. */ - if (frame_pointer_needed) - offset -= frame.bytes_below_hard_fp; -@@ -9395,6 +9428,13 @@ aarch64_get_separate_components (void) - - bitmap_clear_bit (components, LR_REGNUM); - bitmap_clear_bit (components, SP_REGNUM); -+ if (flag_stack_clash_protection) -+ { -+ if (frame.sve_save_and_probe != INVALID_REGNUM) -+ bitmap_clear_bit (components, frame.sve_save_and_probe); -+ if (frame.hard_fp_save_and_probe != INVALID_REGNUM) -+ bitmap_clear_bit (components, frame.hard_fp_save_and_probe); -+ } - - return components; - } -@@ -9931,8 +9971,8 @@ aarch64_epilogue_uses (int regno) - When probing is needed, we emit a probe at the start of the prologue - and every PARAM_STACK_CLASH_PROTECTION_GUARD_SIZE bytes thereafter. - -- We have to track how much space has been allocated and the only stores -- to the stack we track as implicit probes are the FP/LR stores. -+ We can also use register saves as probes. These are stored in -+ sve_save_and_probe and hard_fp_save_and_probe. - - For outgoing arguments we probe if the size is larger than 1KB, such that - the ABI specified buffer is maintained for the next callee. -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index c8becb098c8..fbfb73545ba 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -863,6 +863,14 @@ struct GTY (()) aarch64_frame - This is the register they should use. */ - unsigned spare_pred_reg; - -+ /* An SVE register that is saved below the hard frame pointer and that acts -+ as a probe for later allocations, or INVALID_REGNUM if none. */ -+ unsigned sve_save_and_probe; -+ -+ /* A register that is saved at the hard frame pointer and that acts -+ as a probe for later allocations, or INVALID_REGNUM if none. */ -+ unsigned hard_fp_save_and_probe; -+ - bool laid_out; - - /* True if shadow call stack should be enabled for the current function. */ -diff --git a/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c b/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c -index 3e01ec36c3a..3530a0d504b 100644 ---- a/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c -+++ b/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c -@@ -11,11 +11,10 @@ - ** mov x11, sp - ** ... - ** sub sp, sp, x13 --** str p4, \[sp\] - ** cbz w0, [^\n]* -+** str p4, \[sp\] - ** ... - ** ptrue p0\.b, all --** ldr p4, \[sp\] - ** addvl sp, sp, #1 - ** ldr x24, \[sp\], 32 - ** ret -@@ -39,13 +38,12 @@ test_1 (int n) - ** mov x11, sp - ** ... - ** sub sp, sp, x13 --** str p4, \[sp\] - ** cbz w0, [^\n]* -+** str p4, \[sp\] - ** str p5, \[sp, #1, mul vl\] - ** str p6, \[sp, #2, mul vl\] - ** ... - ** ptrue p0\.b, all --** ldr p4, \[sp\] - ** addvl sp, sp, #1 - ** ldr x24, \[sp\], 32 - ** ret --- -2.34.1 - - -From 56df065080950bb30dda9c260f71be54269bdda5 Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:20 +0100 -Subject: [PATCH 18/19] aarch64: Remove below_hard_fp_saved_regs_size - -After previous patches, it's no longer necessary to store -saved_regs_size and below_hard_fp_saved_regs_size in the frame info. -All measurements instead use the top or bottom of the frame as -reference points. - -gcc/ - * config/aarch64/aarch64.h (aarch64_frame::saved_regs_size) - (aarch64_frame::below_hard_fp_saved_regs_size): Delete. - * config/aarch64/aarch64.cc (aarch64_layout_frame): Update accordingly. ---- - gcc/config/aarch64/aarch64.cc | 45 ++++++++++++++++------------------- - gcc/config/aarch64/aarch64.h | 7 ------ - 2 files changed, 21 insertions(+), 31 deletions(-) - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index 6c59c39a639..b95e805a8cc 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8530,9 +8530,8 @@ aarch64_layout_frame (void) - - /* OFFSET is now the offset of the hard frame pointer from the bottom - of the callee save area. */ -- frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs; -- bool saves_below_hard_fp_p -- = maybe_ne (frame.below_hard_fp_saved_regs_size, 0); -+ auto below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs; -+ bool saves_below_hard_fp_p = maybe_ne (below_hard_fp_saved_regs_size, 0); - gcc_assert (!saves_below_hard_fp_p - || (frame.sve_save_and_probe != INVALID_REGNUM - && known_eq (frame.reg_offset[frame.sve_save_and_probe], -@@ -8602,9 +8601,8 @@ aarch64_layout_frame (void) - - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); - -- frame.saved_regs_size = offset - frame.bytes_below_saved_regs; -- gcc_assert (known_eq (frame.saved_regs_size, -- frame.below_hard_fp_saved_regs_size) -+ auto saved_regs_size = offset - frame.bytes_below_saved_regs; -+ gcc_assert (known_eq (saved_regs_size, below_hard_fp_saved_regs_size) - || (frame.hard_fp_save_and_probe != INVALID_REGNUM - && known_eq (frame.reg_offset[frame.hard_fp_save_and_probe], - frame.bytes_below_hard_fp))); -@@ -8613,7 +8611,7 @@ aarch64_layout_frame (void) - The saving of the bottommost register counts as an implicit probe, - which allows us to maintain the invariant described in the comment - at expand_prologue. */ -- gcc_assert (crtl->is_leaf || maybe_ne (frame.saved_regs_size, 0)); -+ gcc_assert (crtl->is_leaf || maybe_ne (saved_regs_size, 0)); - - offset += get_frame_size (); - offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -@@ -8670,7 +8668,7 @@ aarch64_layout_frame (void) - - HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp; - HOST_WIDE_INT const_saved_regs_size; -- if (known_eq (frame.saved_regs_size, 0)) -+ if (known_eq (saved_regs_size, 0)) - frame.initial_adjust = frame.frame_size; - else if (frame.frame_size.is_constant (&const_size) - && const_size < max_push_offset -@@ -8683,7 +8681,7 @@ aarch64_layout_frame (void) - frame.callee_adjust = const_size; - } - else if (frame.bytes_below_saved_regs.is_constant (&const_below_saved_regs) -- && frame.saved_regs_size.is_constant (&const_saved_regs_size) -+ && saved_regs_size.is_constant (&const_saved_regs_size) - && const_below_saved_regs + const_saved_regs_size < 512 - /* We could handle this case even with data below the saved - registers, provided that that data left us with valid offsets -@@ -8702,8 +8700,7 @@ aarch64_layout_frame (void) - frame.initial_adjust = frame.frame_size; - } - else if (saves_below_hard_fp_p -- && known_eq (frame.saved_regs_size, -- frame.below_hard_fp_saved_regs_size)) -+ && known_eq (saved_regs_size, below_hard_fp_saved_regs_size)) - { - /* Frame in which all saves are SVE saves: - -@@ -8725,7 +8722,7 @@ aarch64_layout_frame (void) - [save SVE registers relative to SP] - sub sp, sp, bytes_below_saved_regs */ - frame.callee_adjust = const_above_fp; -- frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; -+ frame.sve_callee_adjust = below_hard_fp_saved_regs_size; - frame.final_adjust = frame.bytes_below_saved_regs; - } - else -@@ -8740,7 +8737,7 @@ aarch64_layout_frame (void) - [save SVE registers relative to SP] - sub sp, sp, bytes_below_saved_regs */ - frame.initial_adjust = frame.bytes_above_hard_fp; -- frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size; -+ frame.sve_callee_adjust = below_hard_fp_saved_regs_size; - frame.final_adjust = frame.bytes_below_saved_regs; - } - -@@ -9936,17 +9933,17 @@ aarch64_epilogue_uses (int regno) - | local variables | <-- frame_pointer_rtx - | | - +-------------------------------+ -- | padding | \ -- +-------------------------------+ | -- | callee-saved registers | | frame.saved_regs_size -- +-------------------------------+ | -- | LR' | | -- +-------------------------------+ | -- | FP' | | -- +-------------------------------+ |<- hard_frame_pointer_rtx (aligned) -- | SVE vector registers | | \ -- +-------------------------------+ | | below_hard_fp_saved_regs_size -- | SVE predicate registers | / / -+ | padding | -+ +-------------------------------+ -+ | callee-saved registers | -+ +-------------------------------+ -+ | LR' | -+ +-------------------------------+ -+ | FP' | -+ +-------------------------------+ <-- hard_frame_pointer_rtx (aligned) -+ | SVE vector registers | -+ +-------------------------------+ -+ | SVE predicate registers | - +-------------------------------+ - | dynamic allocation | - +-------------------------------+ -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index fbfb73545ba..cfeaf4657ab 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -777,18 +777,11 @@ struct GTY (()) aarch64_frame - STACK_BOUNDARY. */ - HOST_WIDE_INT saved_varargs_size; - -- /* The size of the callee-save registers with a slot in REG_OFFSET. */ -- poly_int64 saved_regs_size; -- - /* The number of bytes between the bottom of the static frame (the bottom - of the outgoing arguments) and the bottom of the register save area. - This value is always a multiple of STACK_BOUNDARY. */ - poly_int64 bytes_below_saved_regs; - -- /* The size of the callee-save registers with a slot in REG_OFFSET that -- are saved below the hard frame pointer. */ -- poly_int64 below_hard_fp_saved_regs_size; -- - /* The number of bytes between the bottom of the static frame (the bottom - of the outgoing arguments) and the hard frame pointer. This value is - always a multiple of STACK_BOUNDARY. */ --- -2.34.1 - - -From b96e66fd4ef3e36983969fb8cdd1956f551a074b Mon Sep 17 00:00:00 2001 -From: Richard Sandiford <richard.sandiford@arm.com> -Date: Tue, 12 Sep 2023 16:07:21 +0100 -Subject: [PATCH 19/19] aarch64: Make stack smash canary protect saved - registers - -AArch64 normally puts the saved registers near the bottom of the frame, -immediately above any dynamic allocations. But this means that a -stack-smash attack on those dynamic allocations could overwrite the -saved registers without needing to reach as far as the stack smash -canary. - -The same thing could also happen for variable-sized arguments that are -passed by value, since those are allocated before a call and popped on -return. - -This patch avoids that by putting the locals (and thus the canary) below -the saved registers when stack smash protection is active. - -The patch fixes CVE-2023-4039. - -gcc/ - * config/aarch64/aarch64.cc (aarch64_save_regs_above_locals_p): - New function. - (aarch64_layout_frame): Use it to decide whether locals should - go above or below the saved registers. - (aarch64_expand_prologue): Update stack layout comment. - Emit a stack tie after the final adjustment. - -gcc/testsuite/ - * gcc.target/aarch64/stack-protector-8.c: New test. - * gcc.target/aarch64/stack-protector-9.c: Likewise. ---- - gcc/config/aarch64/aarch64.cc | 46 +++++++-- - .../gcc.target/aarch64/stack-protector-8.c | 95 +++++++++++++++++++ - .../gcc.target/aarch64/stack-protector-9.c | 33 +++++++ - 3 files changed, 168 insertions(+), 6 deletions(-) - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-protector-8.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-protector-9.c - -diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc -index b95e805a8cc..389c0e29353 100644 ---- a/gcc/config/aarch64/aarch64.cc -+++ b/gcc/config/aarch64/aarch64.cc -@@ -8394,6 +8394,20 @@ aarch64_needs_frame_chain (void) - return aarch64_use_frame_pointer; - } - -+/* Return true if the current function should save registers above -+ the locals area, rather than below it. */ -+ -+static bool -+aarch64_save_regs_above_locals_p () -+{ -+ /* When using stack smash protection, make sure that the canary slot -+ comes between the locals and the saved registers. Otherwise, -+ it would be possible for a carefully sized smash attack to change -+ the saved registers (particularly LR and FP) without reaching the -+ canary. */ -+ return crtl->stack_protect_guard; -+} -+ - /* Mark the registers that need to be saved by the callee and calculate - the size of the callee-saved registers area and frame record (both FP - and LR may be omitted). */ -@@ -8405,6 +8419,7 @@ aarch64_layout_frame (void) - poly_int64 vector_save_size = GET_MODE_SIZE (vector_save_mode); - bool frame_related_fp_reg_p = false; - aarch64_frame &frame = cfun->machine->frame; -+ poly_int64 top_of_locals = -1; - - frame.emit_frame_chain = aarch64_needs_frame_chain (); - -@@ -8471,9 +8486,16 @@ aarch64_layout_frame (void) - && !crtl->abi->clobbers_full_reg_p (regno)) - frame.reg_offset[regno] = SLOT_REQUIRED; - -+ bool regs_at_top_p = aarch64_save_regs_above_locals_p (); - - poly_int64 offset = crtl->outgoing_args_size; - gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT)); -+ if (regs_at_top_p) -+ { -+ offset += get_frame_size (); -+ offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -+ top_of_locals = offset; -+ } - frame.bytes_below_saved_regs = offset; - frame.sve_save_and_probe = INVALID_REGNUM; - -@@ -8613,15 +8635,18 @@ aarch64_layout_frame (void) - at expand_prologue. */ - gcc_assert (crtl->is_leaf || maybe_ne (saved_regs_size, 0)); - -- offset += get_frame_size (); -- offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -- auto top_of_locals = offset; -- -+ if (!regs_at_top_p) -+ { -+ offset += get_frame_size (); -+ offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT); -+ top_of_locals = offset; -+ } - offset += frame.saved_varargs_size; - gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT)); - frame.frame_size = offset; - - frame.bytes_above_hard_fp = frame.frame_size - frame.bytes_below_hard_fp; -+ gcc_assert (known_ge (top_of_locals, 0)); - frame.bytes_above_locals = frame.frame_size - top_of_locals; - - frame.initial_adjust = 0; -@@ -9930,10 +9955,10 @@ aarch64_epilogue_uses (int regno) - | for register varargs | - | | - +-------------------------------+ -- | local variables | <-- frame_pointer_rtx -+ | local variables (1) | <-- frame_pointer_rtx - | | - +-------------------------------+ -- | padding | -+ | padding (1) | - +-------------------------------+ - | callee-saved registers | - +-------------------------------+ -@@ -9945,6 +9970,10 @@ aarch64_epilogue_uses (int regno) - +-------------------------------+ - | SVE predicate registers | - +-------------------------------+ -+ | local variables (2) | -+ +-------------------------------+ -+ | padding (2) | -+ +-------------------------------+ - | dynamic allocation | - +-------------------------------+ - | padding | -@@ -9954,6 +9983,9 @@ aarch64_epilogue_uses (int regno) - +-------------------------------+ - | | <-- stack_pointer_rtx (aligned) - -+ The regions marked (1) and (2) are mutually exclusive. (2) is used -+ when aarch64_save_regs_above_locals_p is true. -+ - Dynamic stack allocations via alloca() decrease stack_pointer_rtx - but leave frame_pointer_rtx and hard_frame_pointer_rtx - unchanged. -@@ -10149,6 +10181,8 @@ aarch64_expand_prologue (void) - gcc_assert (known_eq (bytes_below_sp, final_adjust)); - aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx, final_adjust, - !frame_pointer_needed, true); -+ if (emit_frame_chain && maybe_ne (final_adjust, 0)) -+ emit_insn (gen_stack_tie (stack_pointer_rtx, hard_frame_pointer_rtx)); - } - - /* Return TRUE if we can use a simple_return insn. -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c b/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c -new file mode 100644 -index 00000000000..e71d820e365 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c -@@ -0,0 +1,95 @@ -+/* { dg-options " -O -fstack-protector-strong -mstack-protector-guard=sysreg -mstack-protector-guard-reg=tpidr2_el0 -mstack-protector-guard-offset=16" } */ -+/* { dg-final { check-function-bodies "**" "" } } */ -+ -+void g(void *); -+__SVBool_t *h(void *); -+ -+/* -+** test1: -+** sub sp, sp, #288 -+** stp x29, x30, \[sp, #?272\] -+** add x29, sp, #?272 -+** mrs (x[0-9]+), tpidr2_el0 -+** ldr (x[0-9]+), \[\1, #?16\] -+** str \2, \[sp, #?264\] -+** mov \2, #?0 -+** add x0, sp, #?8 -+** bl g -+** ... -+** mrs .* -+** ... -+** bne .* -+** ... -+** ldp x29, x30, \[sp, #?272\] -+** add sp, sp, #?288 -+** ret -+** bl __stack_chk_fail -+*/ -+int test1() { -+ int y[0x40]; -+ g(y); -+ return 1; -+} -+ -+/* -+** test2: -+** stp x29, x30, \[sp, #?-16\]! -+** mov x29, sp -+** sub sp, sp, #1040 -+** mrs (x[0-9]+), tpidr2_el0 -+** ldr (x[0-9]+), \[\1, #?16\] -+** str \2, \[sp, #?1032\] -+** mov \2, #?0 -+** add x0, sp, #?8 -+** bl g -+** ... -+** mrs .* -+** ... -+** bne .* -+** ... -+** add sp, sp, #?1040 -+** ldp x29, x30, \[sp\], #?16 -+** ret -+** bl __stack_chk_fail -+*/ -+int test2() { -+ int y[0x100]; -+ g(y); -+ return 1; -+} -+ -+#pragma GCC target "+sve" -+ -+/* -+** test3: -+** stp x29, x30, \[sp, #?-16\]! -+** mov x29, sp -+** addvl sp, sp, #-18 -+** ... -+** str p4, \[sp\] -+** ... -+** sub sp, sp, #272 -+** mrs (x[0-9]+), tpidr2_el0 -+** ldr (x[0-9]+), \[\1, #?16\] -+** str \2, \[sp, #?264\] -+** mov \2, #?0 -+** add x0, sp, #?8 -+** bl h -+** ... -+** mrs .* -+** ... -+** bne .* -+** ... -+** add sp, sp, #?272 -+** ... -+** ldr p4, \[sp\] -+** ... -+** addvl sp, sp, #18 -+** ldp x29, x30, \[sp\], #?16 -+** ret -+** bl __stack_chk_fail -+*/ -+__SVBool_t test3() { -+ int y[0x40]; -+ return *h(y); -+} -diff --git a/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c b/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c -new file mode 100644 -index 00000000000..58f322aa480 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c -@@ -0,0 +1,33 @@ -+/* { dg-options "-O2 -mcpu=neoverse-v1 -fstack-protector-all" } */ -+/* { dg-final { check-function-bodies "**" "" } } */ -+ -+/* -+** main: -+** ... -+** stp x29, x30, \[sp, #?-[0-9]+\]! -+** ... -+** sub sp, sp, #[0-9]+ -+** ... -+** str x[0-9]+, \[x29, #?-8\] -+** ... -+*/ -+int f(const char *); -+void g(void *); -+int main(int argc, char* argv[]) -+{ -+ int a; -+ int b; -+ char c[2+f(argv[1])]; -+ int d[0x100]; -+ char y; -+ -+ y=42; a=4; b=10; -+ c[0] = 'h'; c[1] = '\0'; -+ -+ c[f(argv[2])] = '\0'; -+ -+ __builtin_printf("%d %d\n%s\n", a, b, c); -+ g(d); -+ -+ return 0; -+} --- -2.34.1 - diff --git a/poky/meta/recipes-devtools/gcc/gcc_13.2.bb b/poky/meta/recipes-devtools/gcc/gcc_13.3.bb index 255fe552bd..255fe552bd 100644 --- a/poky/meta/recipes-devtools/gcc/gcc_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/gcc_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb b/poky/meta/recipes-devtools/gcc/libgcc-initial_13.3.bb index a259082b47..a259082b47 100644 --- a/poky/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/libgcc-initial_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/libgcc_13.2.bb b/poky/meta/recipes-devtools/gcc/libgcc_13.3.bb index fdcd6cc0da..fdcd6cc0da 100644 --- a/poky/meta/recipes-devtools/gcc/libgcc_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/libgcc_13.3.bb diff --git a/poky/meta/recipes-devtools/gcc/libgfortran_13.2.bb b/poky/meta/recipes-devtools/gcc/libgfortran_13.3.bb index 71dd8b4bdc..71dd8b4bdc 100644 --- a/poky/meta/recipes-devtools/gcc/libgfortran_13.2.bb +++ b/poky/meta/recipes-devtools/gcc/libgfortran_13.3.bb diff --git a/poky/meta/recipes-devtools/git/git_2.44.0.bb b/poky/meta/recipes-devtools/git/git_2.44.1.bb index 90e555eba7..53d67eb40a 100644 --- a/poky/meta/recipes-devtools/git/git_2.44.0.bb +++ b/poky/meta/recipes-devtools/git/git_2.44.1.bb @@ -40,6 +40,7 @@ EXTRA_OECONF = "--with-perl=${STAGING_BINDIR_NATIVE}/perl-native/perl \ --without-iconv \ " EXTRA_OECONF:append:class-nativesdk = " --with-gitconfig=/etc/gitconfig " +EXTRA_OECONF:append:class-native = " --with-gitconfig=/etc/gitconfig " # Needs brokensep as this doesn't use automake inherit autotools-brokensep perlnative bash-completion manpages @@ -163,4 +164,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ " EXTRA_OEMAKE += "NO_GETTEXT=1" -SRC_URI[tarball.sha256sum] = "f9e36f085458fe9688fbbe7846b8c4770b13d161fcd8953655f36b2b85f06b76" +SRC_URI[tarball.sha256sum] = "118214bb8d7ba971a62741416e757562b8f5451cefc087a407e91857897c92cc" diff --git a/poky/meta/recipes-devtools/go/go-1.22.2.inc b/poky/meta/recipes-devtools/go/go-1.22.4.inc index b399207311..44897daba4 100644 --- a/poky/meta/recipes-devtools/go/go-1.22.2.inc +++ b/poky/meta/recipes-devtools/go/go-1.22.4.inc @@ -15,4 +15,4 @@ SRC_URI += "\ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " -SRC_URI[main.sha256sum] = "374ea82b289ec738e968267cac59c7d5ff180f9492250254784b2044e90df5a9" +SRC_URI[main.sha256sum] = "fed720678e728a7ca30ba8d1ded1caafe27d16028fab0232b8ba8e22008fb784" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.22.2.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.22.4.bb index 0f00509f03..61da51be3a 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.22.4.bb @@ -9,9 +9,9 @@ PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17" -SRC_URI[go_linux_arm64.sha256sum] = "36e720b2d564980c162a48c7e97da2e407dfcc4239e1e58d98082dfa2486a0c1" -SRC_URI[go_linux_ppc64le.sha256sum] = "251a8886c5113be6490bdbb955ddee98763b49c9b1bf4c8364c02d3b482dab00" +SRC_URI[go_linux_amd64.sha256sum] = "ba79d4526102575196273416239cca418a651e049c2b099f3159db85e7bade7d" +SRC_URI[go_linux_arm64.sha256sum] = "a8e177c354d2e4a1b61020aca3562e27ea3e8f8247eca3170e3fa1e0c2f9e771" +SRC_URI[go_linux_ppc64le.sha256sum] = "a3e5834657ef92523f570f798fed42f1f87bc18222a16815ec76b84169649ec4" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.22.2.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.22.4.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.22.4.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.22.2.bb b/poky/meta/recipes-devtools/go/go-cross_1.22.4.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.22.4.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.22.2.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.22.4.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.22.4.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.22.2.bb b/poky/meta/recipes-devtools/go/go-native_1.22.2.bb deleted file mode 100644 index ddf25b2c9b..0000000000 --- a/poky/meta/recipes-devtools/go/go-native_1.22.2.bb +++ /dev/null @@ -1,58 +0,0 @@ -# This recipe builds a native Go (written in Go) by first building an old Go 1.4 -# (written in C). However this old Go does not support all hosts platforms. - -require go-${PV}.inc - -inherit native - -SRC_URI += "https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" -SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" - -export GOOS = "${BUILD_GOOS}" -export GOARCH = "${BUILD_GOARCH}" -CC = "${@d.getVar('BUILD_CC').strip()}" - -GOMAKEARGS ?= "--no-banner" - -do_configure() { - cd ${WORKDIR}/go1.4/go/src - CGO_ENABLED=0 GOROOT=${WORKDIR}/go1.4/go ./make.bash -} - -do_compile() { - export GOROOT_FINAL="${libdir_native}/go" - export GOROOT_BOOTSTRAP="${WORKDIR}/go1.4/go" - - cd src - ./make.bash ${GOMAKEARGS} - cd ${B} -} -do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin" - -make_wrapper() { - rm -f ${D}${bindir}/$2$3 - cat <<END >${D}${bindir}/$2$3 -#!/bin/bash -here=\`dirname \$0\` -export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" -\$here/../lib/go/bin/$1 "\$@" -END - chmod +x ${D}${bindir}/$2 -} - -do_install() { - install -d ${D}${libdir}/go - cp --preserve=mode,timestamps -R ${B}/pkg ${D}${libdir}/go/ - install -d ${D}${libdir}/go/src - (cd ${S}/src; for d in *; do \ - [ -d $d ] && cp -a ${S}/src/$d ${D}${libdir}/go/src/; \ - done) - find ${D}${libdir}/go/src -depth -type d -name testdata -exec rm -rf {} \; - install -d ${D}${bindir} ${D}${libdir}/go/bin - for f in ${B}/bin/* - do - base=`basename $f` - install -m755 $f ${D}${libdir}/go/bin - make_wrapper $base $base - done -} diff --git a/poky/meta/recipes-devtools/go/go-runtime.inc b/poky/meta/recipes-devtools/go/go-runtime.inc index 3f1e795dd9..413cf6d33f 100644 --- a/poky/meta/recipes-devtools/go/go-runtime.inc +++ b/poky/meta/recipes-devtools/go/go-runtime.inc @@ -15,7 +15,7 @@ export CGO_LDFLAGS = "${@ ' '.join(filter(lambda f: not f.startswith('-fdebug-pr export GOCACHE = "${B}/.cache" GO_EXTLDFLAGS ?= "${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} ${LDFLAGS}" -GO_SHLIB_LDFLAGS ?= '-ldflags="--linkmode=external -extldflags '${GO_EXTLDFLAGS}'"' +GO_SHLIB_LDFLAGS ?= '-ldflags="-extldflags '${GO_EXTLDFLAGS}'"' do_configure() { : diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.22.2.bb b/poky/meta/recipes-devtools/go/go-runtime_1.22.4.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.22.4.bb diff --git a/poky/meta/recipes-devtools/go/go_1.22.2.bb b/poky/meta/recipes-devtools/go/go_1.22.4.bb index 46f5fbc6be..46f5fbc6be 100644 --- a/poky/meta/recipes-devtools/go/go_1.22.2.bb +++ b/poky/meta/recipes-devtools/go/go_1.22.4.bb diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.21.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.20.bb index 91170dfbed..1f59c5ea1e 100644 --- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.21.bb +++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.20.bb @@ -8,7 +8,7 @@ SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;p file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " -SRCREV = "2e973ce22698dd64f472180e3a689755268fb06b" +SRCREV = "854fbb9fe733b774981e1ffcf825b2d2ce0f8072" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/llvm/llvm/0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch b/poky/meta/recipes-devtools/llvm/llvm/0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch index 48af6fc283..a5c53b6657 100644 --- a/poky/meta/recipes-devtools/llvm/llvm/0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch +++ b/poky/meta/recipes-devtools/llvm/llvm/0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch @@ -1,4 +1,4 @@ -From 86940d87026432683fb6741cd8a34d3b9b18e40d Mon Sep 17 00:00:00 2001 +From 3b30a9bda88374e8f03bf96e972aee5bd214b98b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 27 Nov 2020 10:11:08 +0000 Subject: [PATCH] AsmMatcherEmitter: sort ClassInfo lists by name as well @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/llvm/utils/TableGen/AsmMatcherEmitter.cpp b/llvm/utils/TableGen/AsmMatcherEmitter.cpp -index ccf0959389b..1f801e83b7d 100644 +index 73724e662f9e..1ca9c73415db 100644 --- a/llvm/utils/TableGen/AsmMatcherEmitter.cpp +++ b/llvm/utils/TableGen/AsmMatcherEmitter.cpp -@@ -359,7 +359,10 @@ public: +@@ -361,7 +361,10 @@ public: // name of a class shouldn't be significant. However, some of the backends // accidentally rely on this behaviour, so it will have to stay like this // until they are fixed. diff --git a/poky/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch b/poky/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch new file mode 100644 index 0000000000..c05685e64d --- /dev/null +++ b/poky/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch @@ -0,0 +1,1086 @@ +commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea +Author: Lucas Duarte Prates <lucas.prates@arm.com> +Date: Thu Jun 20 10:22:01 2024 +0100 + + [ARM] CMSE security mitigation on function arguments and returned values (#89944) + + The ABI mandates two things related to function calls: + - Function arguments must be sign- or zero-extended to the register + size by the caller. + - Return values must be sign- or zero-extended to the register size by + the callee. + + As consequence, callees can assume that function arguments have been + extended and so can callers with regards to return values. + + Here lies the problem: Nonsecure code might deliberately ignore this + mandate with the intent of attempting an exploit. It might try to pass + values that lie outside the expected type's value range in order to + trigger undefined behaviour, e.g. out of bounds access. + + With the mitigation implemented, Secure code always performs extension + of values passed by Nonsecure code. + + This addresses the vulnerability described in CVE-2024-0151. + + Patches by Victor Campos. + + --------- + + Co-authored-by: Victor Campos <victor.campos@arm.com> + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea] +CVE: CVE-2024-0151 +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> +--- +diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp +index bfe137b95602..5490c3c9df6c 100644 +--- a/llvm/lib/Target/ARM/ARMISelLowering.cpp ++++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp +@@ -156,6 +156,17 @@ static const MCPhysReg GPRArgRegs[] = { + ARM::R0, ARM::R1, ARM::R2, ARM::R3 + }; + ++static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg, ++ SelectionDAG &DAG, const SDLoc &DL) { ++ assert(Arg.ArgVT.isScalarInteger()); ++ assert(Arg.ArgVT.bitsLT(MVT::i32)); ++ SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value); ++ SDValue Ext = ++ DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL, ++ MVT::i32, Trunc); ++ return Ext; ++} ++ + void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) { + if (VT != PromotedLdStVT) { + setOperationAction(ISD::LOAD, VT, Promote); +@@ -2196,7 +2207,7 @@ SDValue ARMTargetLowering::LowerCallResult( + SDValue Chain, SDValue InGlue, CallingConv::ID CallConv, bool isVarArg, + const SmallVectorImpl<ISD::InputArg> &Ins, const SDLoc &dl, + SelectionDAG &DAG, SmallVectorImpl<SDValue> &InVals, bool isThisReturn, +- SDValue ThisVal) const { ++ SDValue ThisVal, bool isCmseNSCall) const { + // Assign locations to each value returned by this call. + SmallVector<CCValAssign, 16> RVLocs; + CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs, +@@ -2274,6 +2285,15 @@ SDValue ARMTargetLowering::LowerCallResult( + (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) + Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val); + ++ // On CMSE Non-secure Calls, call results (returned values) whose bitwidth ++ // is less than 32 bits must be sign- or zero-extended after the call for ++ // security reasons. Although the ABI mandates an extension done by the ++ // callee, the latter cannot be trusted to follow the rules of the ABI. ++ const ISD::InputArg &Arg = Ins[VA.getValNo()]; ++ if (isCmseNSCall && Arg.ArgVT.isScalarInteger() && ++ VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) ++ Val = handleCMSEValue(Val, Arg, DAG, dl); ++ + InVals.push_back(Val); + } + +@@ -2888,7 +2908,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI, + // return. + return LowerCallResult(Chain, InGlue, CallConv, isVarArg, Ins, dl, DAG, + InVals, isThisReturn, +- isThisReturn ? OutVals[0] : SDValue()); ++ isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall); + } + + /// HandleByVal - Every parameter *after* a byval parameter is passed +@@ -4485,8 +4505,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( + *DAG.getContext()); + CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg)); + +- SmallVector<SDValue, 16> ArgValues; +- SDValue ArgValue; + Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin(); + unsigned CurArgIdx = 0; + +@@ -4541,6 +4559,7 @@ SDValue ARMTargetLowering::LowerFormalArguments( + // Arguments stored in registers. + if (VA.isRegLoc()) { + EVT RegVT = VA.getLocVT(); ++ SDValue ArgValue; + + if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) { + // f64 and vector types are split up into multiple registers or +@@ -4604,16 +4623,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( + case CCValAssign::BCvt: + ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue); + break; +- case CCValAssign::SExt: +- ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue, +- DAG.getValueType(VA.getValVT())); +- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); +- break; +- case CCValAssign::ZExt: +- ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue, +- DAG.getValueType(VA.getValVT())); +- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); +- break; + } + + // f16 arguments have their size extended to 4 bytes and passed as if they +@@ -4623,6 +4632,15 @@ SDValue ARMTargetLowering::LowerFormalArguments( + (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) + ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue); + ++ // On CMSE Entry Functions, formal integer arguments whose bitwidth is ++ // less than 32 bits must be sign- or zero-extended in the callee for ++ // security reasons. Although the ABI mandates an extension done by the ++ // caller, the latter cannot be trusted to follow the rules of the ABI. ++ const ISD::InputArg &Arg = Ins[VA.getValNo()]; ++ if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() && ++ RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) ++ ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl); ++ + InVals.push_back(ArgValue); + } else { // VA.isRegLoc() + // Only arguments passed on the stack should make it here. +diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h +index 62a52bdb03f7..a255e9b6fc36 100644 +--- a/llvm/lib/Target/ARM/ARMISelLowering.h ++++ b/llvm/lib/Target/ARM/ARMISelLowering.h +@@ -891,7 +891,7 @@ class VectorType; + const SmallVectorImpl<ISD::InputArg> &Ins, + const SDLoc &dl, SelectionDAG &DAG, + SmallVectorImpl<SDValue> &InVals, bool isThisReturn, +- SDValue ThisVal) const; ++ SDValue ThisVal, bool isCmseNSCall) const; + + bool supportSplitCSR(MachineFunction *MF) const override { + return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS && +diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll +new file mode 100644 +index 0000000000..58eef443c25e +--- /dev/null ++++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll +@@ -0,0 +1,552 @@ ++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE ++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE ++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE ++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE ++ ++@get_idx = hidden local_unnamed_addr global ptr null, align 4 ++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 ++ ++define i32 @access_i16() { ++; V8M-COMMON-LABEL: access_i16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i16 %0() "cmse_nonsecure_call" ++ %idxprom = sext i16 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u16() { ++; V8M-COMMON-LABEL: access_u16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i16 %0() "cmse_nonsecure_call" ++ %idxprom = zext i16 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i8() { ++; V8M-COMMON-LABEL: access_i8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i8 %0() "cmse_nonsecure_call" ++ %idxprom = sext i8 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u8() { ++; V8M-COMMON-LABEL: access_u8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i8 %0() "cmse_nonsecure_call" ++ %idxprom = zext i8 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i1() { ++; V8M-COMMON-LABEL: access_i1: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i1: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i1 %0() "cmse_nonsecure_call" ++ %idxprom = zext i1 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i5() { ++; V8M-COMMON-LABEL: access_i5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i5 %0() "cmse_nonsecure_call" ++ %idxprom = sext i5 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u5() { ++; V8M-COMMON-LABEL: access_u5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #31 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #31 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i5 %0() "cmse_nonsecure_call" ++ %idxprom = zext i5 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i33(ptr %f) { ++; V8M-COMMON-LABEL: access_i33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: rsb.w r0, r0, #0 ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: rsb.w r0, r0, #0 ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %call = tail call i33 %f() "cmse_nonsecure_call" ++ %shr = ashr i33 %call, 32 ++ %conv = trunc nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u33(ptr %f) { ++; V8M-COMMON-LABEL: access_u33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %call = tail call i33 %f() "cmse_nonsecure_call" ++ %shr = lshr i33 %call, 32 ++ %conv = trunc nuw nsw i33 %shr to i32 ++ ret i32 %conv ++} +diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll +new file mode 100644 +index 0000000000..c66ab00566dd +--- /dev/null ++++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll +@@ -0,0 +1,368 @@ ++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE ++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE ++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE ++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE ++ ++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 ++ ++define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i16 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i16 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i8 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i8 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i1: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: rsbs r0, r0, #0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i1: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: rsbs r0, r0, #0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i1 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i5 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #31 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #31 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i5 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: rsbs r0, r0, #0 ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: rsbs r0, r0, #0 ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %shr = ashr i33 %arg, 32 ++ %conv = trunc nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %shr = lshr i33 %arg, 32 ++ %conv = trunc nuw nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i65: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: sub sp, #16 ++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V8M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V8M-LE-NEXT: and r0, r0, #1 ++; V8M-LE-NEXT: rsbs r0, r0, #0 ++; V8M-BE-NEXT: movs r1, #0 ++; V8M-BE-NEXT: sub.w r0, r1, r0, lsr #24 ++; V8M-COMMON-NEXT: add sp, #16 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i65: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: sub sp, #16 ++; V81M-COMMON-NEXT: add sp, #4 ++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V81M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V81M-LE-NEXT: and r0, r0, #1 ++; V81M-LE-NEXT: rsbs r0, r0, #0 ++; V81M-BE-NEXT: movs r1, #0 ++; V81M-BE-NEXT: sub.w r0, r1, r0, lsr #24 ++; V81M-COMMON-NEXT: sub sp, #4 ++; V81M-COMMON-NEXT: add sp, #16 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %arg = load i65, ptr %0, align 8 ++ %shr = ashr i65 %arg, 64 ++ %conv = trunc nsw i65 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u65: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: sub sp, #16 ++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V8M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V8M-BE-NEXT: lsrs r0, r0, #24 ++; V8M-COMMON-NEXT: add sp, #16 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u65: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: sub sp, #16 ++; V81M-COMMON-NEXT: add sp, #4 ++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V81M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V81M-BE-NEXT: lsrs r0, r0, #24 ++; V81M-COMMON-NEXT: sub sp, #4 ++; V81M-COMMON-NEXT: add sp, #16 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %arg = load i65, ptr %0, align 8 ++ %shr = lshr i65 %arg, 64 ++ %conv = trunc nuw nsw i65 %shr to i32 ++ ret i32 %conv ++} diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_18.1.5.bb index c4fd73f2d7..b03cf1465e 100644 --- a/poky/meta/recipes-devtools/llvm/llvm_git.bb +++ b/poky/meta/recipes-devtools/llvm/llvm_18.1.5.bb @@ -13,27 +13,27 @@ DEPENDS = "libffi libxml2 zlib zstd libedit ninja-native llvm-native" RDEPENDS:${PN}:append:class-target = " ncurses-terminfo" inherit cmake pkgconfig - # could be 'rcX' or 'git' or empty ( for release ) VER_SUFFIX = "" -PV = "18.1.3${VER_SUFFIX}" +PV .= "${VER_SUFFIX}" MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}" LLVM_RELEASE = "${PV}" -BRANCH = "release/${MAJOR_VERSION}.x" -SRCREV = "c13b7485b87909fcf739f62cfa382b55407433c0" -SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \ +SRC_URI = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${PV}/llvm-project-${PV}.src.tar.xz \ file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ + file://0002-llvm-Fix-CVE-2024-0151.patch;striplevel=2 \ file://llvm-config \ " +SRC_URI[sha256sum] = "3591a52761a7d390ede51af01ea73abfecc4b1d16445f9d019b67a57edd7de56" -UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" +UPSTREAM_CHECK_URI = "https://github.com/llvm/llvm-project" +UPSTREAM_CHECK_REGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" -S = "${WORKDIR}/git/llvm" +S = "${WORKDIR}/llvm-project-${PV}.src/llvm" LLVM_INSTALL_DIR = "${WORKDIR}/llvm-install" diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb index a40d79c864..4b27528f64 100644 --- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -11,9 +11,9 @@ inherit autotools pkgconfig update-alternatives DEPENDS = "zlib e2fsprogs util-linux" RDEPENDS:mtd-utils-tests += "bash" -PV = "2.2.0" +PV = "2.1.6" -SRCREV = "31e990c56aba7584cde310685d663bb122f16003" +SRCREV = "219e741f40f4801bae263e0b581b64888d887b4a" SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/perl/liburi-perl_5.28.bb b/poky/meta/recipes-devtools/perl/liburi-perl_5.27.bb index 1fc0efd3e5..e5db7b3cfe 100644 --- a/poky/meta/recipes-devtools/perl/liburi-perl_5.28.bb +++ b/poky/meta/recipes-devtools/perl/liburi-perl_5.27.bb @@ -12,7 +12,7 @@ SRC_URI = "${CPAN_MIRROR}/authors/id/O/OA/OALDERS/URI-${PV}.tar.gz \ file://0001-Skip-TODO-test-cases-that-fail.patch \ " -SRC_URI[sha256sum] = "e7985da359b15efd00917fa720292b711c396f2f9f9a7349e4e7dec74aa79765" +SRC_URI[sha256sum] = "11962d8a8a8496906e5d34774affc235a1c95c112d390c0b4171f3e91e9e2a97" S = "${WORKDIR}/URI-${PV}" diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_2.2.0.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_2.1.1.bb index e98458ea55..33d69451bb 100644 --- a/poky/meta/recipes-devtools/pkgconf/pkgconf_2.2.0.bb +++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_2.1.1.bb @@ -20,7 +20,7 @@ SRC_URI = "\ file://pkg-config-native.in \ file://pkg-config-esdk.in \ " -SRC_URI[sha256sum] = "b06ff63a83536aa8c2f6422fa80ad45e4833f590266feb14eaddfe1d4c853c69" +SRC_URI[sha256sum] = "3a224f2accf091b77a5781316e27b9ee3ba82c083cc2e539e08940b68a44fec5" inherit autotools diff --git a/poky/meta/recipes-devtools/python/python-cython.inc b/poky/meta/recipes-devtools/python/python-cython.inc index 2235aa9332..e54926ae6d 100644 --- a/poky/meta/recipes-devtools/python/python-cython.inc +++ b/poky/meta/recipes-devtools/python/python-cython.inc @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=61c3ee8961575861fa86c7e62bc9f69c" PYPI_PACKAGE = "Cython" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "a2d354f059d1f055d34cfaa62c5b68bc78ac2ceab6407148d47fb508cf3ba4f3" +SRC_URI[sha256sum] = "8333423d8fd5765e7cceea3a9985dd1e0a5dfeb2734629e1a2ed2d6233d39de6" UPSTREAM_CHECK_REGEX = "Cython-(?P<pver>.*)\.tar" inherit pypi diff --git a/poky/meta/recipes-devtools/python/python-pyasn1.inc b/poky/meta/recipes-devtools/python/python-pyasn1.inc index 7b269f2940..530ff1c7c3 100644 --- a/poky/meta/recipes-devtools/python/python-pyasn1.inc +++ b/poky/meta/recipes-devtools/python/python-pyasn1.inc @@ -3,7 +3,7 @@ HOMEPAGE = "http://pyasn1.sourceforge.net/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=190f79253908c986e6cacf380c3a5f6d" -SRC_URI[sha256sum] = "3a35ab2c4b5ef98e17dfdec8ab074046fbda76e281c5a706ccd82328cfc8f64c" +SRC_URI[sha256sum] = "6d391a96e59b23130a5cfa74d6fd7f388dbbe26cc8f1edf39fdddf08d9d6676c" RDEPENDS:${PN}:class-target += " \ python3-codecs \ diff --git a/poky/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb b/poky/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb index 93fa645f33..57b08b3700 100644 --- a/poky/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb @@ -33,5 +33,4 @@ RDEPENDS:${PN}:class-target += "\ python3-cffi \ python3-ctypes \ python3-shell \ - python3-six \ " diff --git a/poky/meta/recipes-devtools/python/python3-beartype_0.18.2.bb b/poky/meta/recipes-devtools/python/python3-beartype_0.17.2.bb index 1b6ab6a42b..05fd74543b 100644 --- a/poky/meta/recipes-devtools/python/python3-beartype_0.18.2.bb +++ b/poky/meta/recipes-devtools/python/python3-beartype_0.17.2.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://beartype.readthedocs.io" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=e71f94261c1b39896cacacfeaf60560e" -SRC_URI[sha256sum] = "a6fbc0be9269889312388bfec6a9ddf41bf8fe31b68bcf9c8239db35cd38f411" +SRC_URI[sha256sum] = "e911e1ae7de4bccd15745f7643609d8732f64de5c2fb844e89cbbed1c5a8d495" inherit setuptools3 pypi diff --git a/poky/meta/recipes-devtools/python/python3-build_1.2.1.bb b/poky/meta/recipes-devtools/python/python3-build_1.1.1.bb index 0156861201..7fc3eef91b 100644 --- a/poky/meta/recipes-devtools/python/python3-build_1.2.1.bb +++ b/poky/meta/recipes-devtools/python/python3-build_1.1.1.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/build" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=310439af287b0fb4780b2ad6907c256c" -SRC_URI[sha256sum] = "526263f4870c26f26c433545579475377b2b7588b6f1eac76a001e873ae3e19d" +SRC_URI[sha256sum] = "8eea65bb45b1aac2e734ba2cc8dad3a6d97d97901a395bd0ed3e7b46953d2a31" inherit pypi python_flit_core diff --git a/poky/meta/recipes-devtools/python/python3-cython_3.0.9.bb b/poky/meta/recipes-devtools/python/python3-cython_3.0.8.bb index 07638d7ad7..07638d7ad7 100644 --- a/poky/meta/recipes-devtools/python/python3-cython_3.0.9.bb +++ b/poky/meta/recipes-devtools/python/python3-cython_3.0.8.bb diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.43.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.42.bb index 45c988117b..19885a58c7 100644 --- a/poky/meta/recipes-devtools/python/python3-git_3.1.43.bb +++ b/poky/meta/recipes-devtools/python/python3-git_3.1.42.bb @@ -12,7 +12,7 @@ PYPI_PACKAGE = "GitPython" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "35f314a9f878467f5453cc1fee295c3e18e52f1b99f10f6cf5b1682e968a9e7c" +SRC_URI[sha256sum] = "2d99869e0fef71a73cbd242528105af1d6c1b108c60dfabd994bf292f76c3ceb" DEPENDS += " python3-gitdb" diff --git a/poky/meta/recipes-devtools/python/python3-hatchling_1.22.4.bb b/poky/meta/recipes-devtools/python/python3-hatchling_1.21.1.bb index d2f32d8b1a..09d936aa7d 100644 --- a/poky/meta/recipes-devtools/python/python3-hatchling_1.22.4.bb +++ b/poky/meta/recipes-devtools/python/python3-hatchling_1.21.1.bb @@ -8,7 +8,7 @@ inherit pypi python_hatchling DEPENDS += "python3-pluggy-native python3-pathspec-native python3-packaging-native python3-editables-native python3-trove-classifiers-native" DEPENDS:remove:class-native = "python3-hatchling-native" -SRC_URI[sha256sum] = "8a2dcec96d7fb848382ef5848e5ac43fdae641f35a08a3fab5116bd495f3416e" +SRC_URI[sha256sum] = "bba440453a224e7d4478457fa2e8d8c3633765bafa02975a6b53b9bf917980bc" do_compile:prepend() { export PYTHONPATH=src diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_6.99.4.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.98.15.bb index 64b8cf2c31..a17abe58c0 100644 --- a/poky/meta/recipes-devtools/python/python3-hypothesis_6.99.4.bb +++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.98.15.bb @@ -13,7 +13,7 @@ SRC_URI += " \ file://test_rle.py \ " -SRC_URI[sha256sum] = "edc8f984dba5d1b69a6a4564246b7850fa7ec351d2b27c9e7a43c91deab8d45c" +SRC_URI[sha256sum] = "1e31210951511b24ce8b3b6e04d791c466385a30ac3af571bf2223954b025d77" RDEPENDS:${PN} += " \ python3-attrs \ diff --git a/poky/meta/recipes-devtools/python/python3-importlib-metadata_7.1.0.bb b/poky/meta/recipes-devtools/python/python3-importlib-metadata_7.0.1.bb index fdb37cecef..0d3f0a5001 100644 --- a/poky/meta/recipes-devtools/python/python3-importlib-metadata_7.1.0.bb +++ b/poky/meta/recipes-devtools/python/python3-importlib-metadata_7.0.1.bb @@ -8,7 +8,7 @@ inherit pypi python_setuptools_build_meta PYPI_PACKAGE = "importlib_metadata" UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P<pver>(\d+[\.\-_]*)+)/" -SRC_URI[sha256sum] = "b78938b926ee8d5f020fc4772d487045805a55ddbad2ecf21c6d60938dc7fcd2" +SRC_URI[sha256sum] = "f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc" S = "${WORKDIR}/importlib_metadata-${PV}" diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb b/poky/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb index 636fb35811..2c02037011 100644 --- a/poky/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb +++ b/poky/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb @@ -2,17 +2,17 @@ SUMMARY = "Python Jinja2: A small but fast and easy to use stand-alone template HOMEPAGE = "https://pypi.org/project/Jinja2/" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90" +SRC_URI[sha256sum] = "4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369" -PYPI_PACKAGE = "Jinja2" +PYPI_PACKAGE = "jinja2" CVE_PRODUCT = "jinja2 jinja" CLEANBROKEN = "1" -inherit pypi setuptools3 ptest +inherit pypi python_flit_core ptest SRC_URI += " \ file://run-ptest \ diff --git a/poky/meta/recipes-devtools/python/python3-libarchive-c_5.1.bb b/poky/meta/recipes-devtools/python/python3-libarchive-c_5.0.bb index 4e318e52f4..6ac86fc7a1 100644 --- a/poky/meta/recipes-devtools/python/python3-libarchive-c_5.1.bb +++ b/poky/meta/recipes-devtools/python/python3-libarchive-c_5.0.bb @@ -9,7 +9,7 @@ PYPI_PACKAGE = "libarchive-c" inherit pypi setuptools3 -SRC_URI[sha256sum] = "7bcce24ea6c0fa3bc62468476c6d2f6264156db2f04878a372027c10615a2721" +SRC_URI[sha256sum] = "d673f56673d87ec740d1a328fa205cafad1d60f5daca4685594deb039d32b159" RDEPENDS:${PN} += "\ libarchive \ diff --git a/poky/meta/recipes-devtools/python/python3-license-expression_30.3.0.bb b/poky/meta/recipes-devtools/python/python3-license-expression_30.2.0.bb index f36336b592..7059cf76ee 100644 --- a/poky/meta/recipes-devtools/python/python3-license-expression_30.3.0.bb +++ b/poky/meta/recipes-devtools/python/python3-license-expression_30.2.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/nexB/license-expression" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://apache-2.0.LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "1295406f736b4f395ff069aec1cebfad53c0fcb3cf57df0f5ec58fc7b905aea5" +SRC_URI[sha256sum] = "599928edd995c43fc335e0af342076144dc71cb858afa1ed9c1c30c4e81794f5" inherit pypi ptest python_setuptools_build_meta diff --git a/poky/meta/recipes-devtools/python/python3-lxml_5.1.0.bb b/poky/meta/recipes-devtools/python/python3-lxml_5.0.0.bb index 43719086f0..66cb8b0938 100644 --- a/poky/meta/recipes-devtools/python/python3-lxml_5.1.0.bb +++ b/poky/meta/recipes-devtools/python/python3-lxml_5.0.0.bb @@ -18,10 +18,11 @@ LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \ DEPENDS += "libxml2 libxslt" -SRC_URI[sha256sum] = "3eea6ed6e6c918e468e693c41ef07f3c3acc310b70ddd9cc72d9ef84bc9564ca" +SRC_URI[sha256sum] = "2219cbf790e701acf9a21a31ead75f983e73daf0eceb9da6990212e4d20ebefe" SRC_URI += "${PYPI_SRC_URI}" inherit pkgconfig pypi setuptools3 +PYPI_PACKAGE_EXT = "zip" # {standard input}: Assembler messages: # {standard input}:1488805: Error: branch out of range diff --git a/poky/meta/recipes-devtools/python/python3-markdown_3.6.bb b/poky/meta/recipes-devtools/python/python3-markdown_3.5.2.bb index 7c64837395..1df7a98183 100644 --- a/poky/meta/recipes-devtools/python/python3-markdown_3.6.bb +++ b/poky/meta/recipes-devtools/python/python3-markdown_3.5.2.bb @@ -1,12 +1,12 @@ SUMMARY = "A Python implementation of John Gruber's Markdown." HOMEPAGE = "https://python-markdown.github.io/" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=ec58cdf7cfed06a21f7a9362627a5480" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=745aaad0c69c60039e638bff9ffc59ed" inherit pypi python_setuptools_build_meta PYPI_PACKAGE = "Markdown" -SRC_URI[sha256sum] = "ed4f41f6daecbeeb96e576ce414c41d2d876daa9a16cb35fa8ed8c2ddfad0224" +SRC_URI[sha256sum] = "e1ac7b3dc550ee80e602e71c1d168002f062e49f1b11e26a36264dafd4df2ef8" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-packaging_24.0.bb b/poky/meta/recipes-devtools/python/python3-packaging_23.2.bb index 0942eeb15e..2d35936615 100644 --- a/poky/meta/recipes-devtools/python/python3-packaging_24.0.bb +++ b/poky/meta/recipes-devtools/python/python3-packaging_23.2.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/packaging" LICENSE = "Apache-2.0 | BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=faadaedca9251a90b205c9167578ce91" -SRC_URI[sha256sum] = "eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9" +SRC_URI[sha256sum] = "048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5" inherit pypi python_flit_core diff --git a/poky/meta/recipes-devtools/python/python3-pyasn1_0.6.0.bb b/poky/meta/recipes-devtools/python/python3-pyasn1_0.5.1.bb index 0519ba5edb..0519ba5edb 100644 --- a/poky/meta/recipes-devtools/python/python3-pyasn1_0.6.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pyasn1_0.5.1.bb diff --git a/poky/meta/recipes-devtools/python/python3-pyelftools_0.31.bb b/poky/meta/recipes-devtools/python/python3-pyelftools_0.30.bb index 551fed6876..837edb7165 100644 --- a/poky/meta/recipes-devtools/python/python3-pyelftools_0.31.bb +++ b/poky/meta/recipes-devtools/python/python3-pyelftools_0.30.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "PD" LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc" -SRC_URI[sha256sum] = "c774416b10310156879443b81187d182d8d9ee499660380e645918b50bc88f99" +SRC_URI[sha256sum] = "2fc92b0d534f8b081f58c7c370967379123d8e00984deb53c209364efd575b40" PYPI_PACKAGE = "pyelftools" diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.48.1.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.46.0.bb index 4754e41c04..73a393051a 100644 --- a/poky/meta/recipes-devtools/python/python3-pygobject_3.48.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.46.0.bb @@ -19,7 +19,7 @@ DEPENDS += "python3 glib-2.0" SRCNAME="pygobject" SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/${SRCNAME}/${@gnome_verdir("${PV}")}/${SRCNAME}-${PV}.tar.xz" -SRC_URI[sha256sum] = "3a0a2c0c0f25931b5840649c54834b9e58a63148d37fa9f6308887b7027e15c2" +SRC_URI[sha256sum] = "426008b2dad548c9af1c7b03b59df0440fde5c33f38fb5406b103a43d653cafc" S = "${WORKDIR}/${SRCNAME}-${PV}" diff --git a/poky/meta/recipes-devtools/python/python3-pyopenssl_24.1.0.bb b/poky/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb index e714ad838e..116f214bfa 100644 --- a/poky/meta/recipes-devtools/python/python3-pyopenssl_24.1.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" DEPENDS += "openssl python3-cryptography" -SRC_URI[sha256sum] = "cabed4bfaa5df9f1a16c0ef64a0cb65318b5cd077a7eda7d6970131ca2f41a6f" +SRC_URI[sha256sum] = "6aa33039a93fffa4563e655b61d11364d01264be8ccb49906101e02a334530bf" PYPI_PACKAGE = "pyOpenSSL" inherit pypi setuptools3 @@ -15,7 +15,6 @@ FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" RDEPENDS:${PN}:class-target = " \ python3-cryptography \ - python3-six \ python3-threading \ " RDEPENDS:${PN}-tests = "${PN}" diff --git a/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.2.bb b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.1.bb index 64210ade53..6f34091c86 100644 --- a/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.1.bb @@ -10,7 +10,7 @@ BUGTRACKER = "https://github.com/pyparsing/pyparsing/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=657a566233888513e1f07ba13e2f47f1" -SRC_URI[sha256sum] = "a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad" +SRC_URI[sha256sum] = "ede28a1a32462f5a9705e07aea48001a08f7cf81a021585011deba701581a0db" UPSTREAM_CHECK_REGEX = "pyparsing-(?P<pver>.*)\.tar" diff --git a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.12.1.bb b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb index 0590be705f..44fa1e2b80 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.12.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb @@ -7,7 +7,7 @@ BUGTRACKER = "https://github.com/pytest-dev/pytest-subtests/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1" -SRC_URI[sha256sum] = "d6605dcb88647e0b7c1889d027f8ef1c17d7a2c60927ebfdc09c7b0d8120476d" +SRC_URI[sha256sum] = "51865c88457545f51fb72011942f0a3c6901ee9e24cbfb6d1b9dc1348bafbe37" inherit pypi python_setuptools_build_meta diff --git a/poky/meta/recipes-devtools/python/python3-pytest_8.1.1.bb b/poky/meta/recipes-devtools/python/python3-pytest_8.0.2.bb index b1cf23fbc4..57e979e909 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest_8.1.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest_8.0.2.bb @@ -5,7 +5,7 @@ DESCRIPTION = "The pytest framework makes it easy to write small tests, yet scal LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c" -SRC_URI[sha256sum] = "ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044" +SRC_URI[sha256sum] = "d4051d623a2e0b7e51960ba963193b09ce6daeb9759a451844a21e4ddedfc1bd" DEPENDS += "python3-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb b/poky/meta/recipes-devtools/python/python3-referencing_0.33.0.bb index 6fbd10d9cf..f675bbc67d 100644 --- a/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb +++ b/poky/meta/recipes-devtools/python/python3-referencing_0.33.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/python-jsonschema/referencing" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=93eb9740964b59e9ba30281255b044e2" -SRC_URI[sha256sum] = "5773bd84ef41799a5a8ca72dc34590c041eb01bf9aa02632b4a973fb0181a844" +SRC_URI[sha256sum] = "c775fedf74bc0f9189c2a3be1c12fd03e8c23f4d371dce795df44e06c5b412f7" inherit pypi python_hatchling diff --git a/poky/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/poky/meta/recipes-devtools/python/python3-requests_2.31.0.bb index df48cd54c3..287b4f8eee 100644 --- a/poky/meta/recipes-devtools/python/python3-requests_2.31.0.bb +++ b/poky/meta/recipes-devtools/python/python3-requests_2.31.0.bb @@ -1,5 +1,5 @@ SUMMARY = "Python HTTP for Humans." -HOMEPAGE = "http://python-requests.org" +HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" @@ -8,12 +8,10 @@ SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd inherit pypi setuptools3 RDEPENDS:${PN} += " \ + python3-certifi \ python3-email \ python3-json \ - python3-ndg-httpsclient \ python3-netserver \ - python3-pyasn1 \ - python3-pyopenssl \ python3-pysocks \ python3-urllib3 \ python3-chardet \ diff --git a/poky/meta/recipes-devtools/python/python3-scons_4.7.0.bb b/poky/meta/recipes-devtools/python/python3-scons_4.6.0.bb index bba6c799d4..c3cc3f0373 100644 --- a/poky/meta/recipes-devtools/python/python3-scons_4.7.0.bb +++ b/poky/meta/recipes-devtools/python/python3-scons_4.6.0.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d903b0b8027f461402bac9b5169b36f7" SRC_URI += " file://0001-Fix-man-page-installation.patch" -SRC_URI[sha256sum] = "d8b617f6610a73e46509de70dcf82f76861b79762ff602d546f4e80918ec81f3" +SRC_URI[sha256sum] = "7db28958b188b800f803c287d0680cc3ac7c422ed0b1cf9895042c52567803ec" PYPI_PACKAGE = "SCons" diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch index e227c2889c..2a3c71fb62 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch +++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch @@ -1,4 +1,4 @@ -From 80fe63816eb3bfd1f5b6d354e1f2442805cff4e0 Mon Sep 17 00:00:00 2001 +From 40648dfa770f9f7b9b9efa501c9ef7af96be9f2d Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Tue, 17 Jul 2018 10:13:38 +0800 Subject: [PATCH] conditionally do not fetch code by easy_install @@ -14,10 +14,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 1 file changed, 5 insertions(+) diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py -index 858fb20..62bd853 100644 +index 5d6fd5c..377e575 100644 --- a/setuptools/command/easy_install.py +++ b/setuptools/command/easy_install.py -@@ -672,6 +672,11 @@ class easy_install(Command): +@@ -676,6 +676,11 @@ class easy_install(Command): os.path.exists(tmpdir) and _rmtree(tmpdir) def easy_install(self, spec, deps=False): diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_69.2.0.bb b/poky/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb index 897398afc5..67475b68eb 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_69.2.0.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb @@ -11,12 +11,11 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e SRC_URI += " \ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" -SRC_URI[sha256sum] = "0ff4183f8f42cd8fa3acea16c45205521a4ef28f73c6391d8a25e92893134f2e" +SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8" DEPENDS += "python3" RDEPENDS:${PN} = "\ - python3-2to3 \ python3-compile \ python3-compression \ python3-ctypes \ diff --git a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2024.3.3.bb b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2024.2.23.bb index b912efcf55..8514a52616 100644 --- a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2024.3.3.bb +++ b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2024.2.23.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/trove-classifiers" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "df7edff9c67ff86b733628998330b180e81d125b1e096536d83ac0fd79673fdc" +SRC_URI[sha256sum] = "8385160a12aac69c93fff058fb613472ed773a24a27eb3cd4b144cfbdd79f38c" inherit pypi python_setuptools_build_meta ptest diff --git a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.11.0.bb b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.10.0.bb index ad45b669ec..8698a80cc5 100644 --- a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.11.0.bb +++ b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.10.0.bb @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2" # The name on PyPi is slightly different. PYPI_PACKAGE = "typing_extensions" -SRC_URI[sha256sum] = "83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0" +SRC_URI[sha256sum] = "b0abd7c89e8fb96f98db18d86106ff1d90ab692004eb746cf6eda2682f91b3cb" inherit pypi python_flit_core diff --git a/poky/meta/recipes-devtools/python/python3-wheel_0.43.0.bb b/poky/meta/recipes-devtools/python/python3-wheel_0.42.0.bb index ba309ae5fc..807888e6c0 100644 --- a/poky/meta/recipes-devtools/python/python3-wheel_0.43.0.bb +++ b/poky/meta/recipes-devtools/python/python3-wheel_0.42.0.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7ffb0db04527cfe380e4f2726bd05ebf" -SRC_URI[sha256sum] = "465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85" +SRC_URI[sha256sum] = "c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8" inherit python_flit_core pypi diff --git a/poky/meta/recipes-devtools/python/python3-zipp_3.18.1.bb b/poky/meta/recipes-devtools/python/python3-zipp_3.17.0.bb index e43432469d..e9e220e315 100644 --- a/poky/meta/recipes-devtools/python/python3-zipp_3.18.1.bb +++ b/poky/meta/recipes-devtools/python/python3-zipp_3.17.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/jaraco/zipp" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" -SRC_URI[sha256sum] = "2884ed22e7d8961de1c9a05142eb69a247f120291bc0206a00a7642f09b5b715" +SRC_URI[sha256sum] = "84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0" DEPENDS += "python3-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/poky/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch new file mode 100644 index 0000000000..1d4cda18b1 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch @@ -0,0 +1,46 @@ +From 9d4cdbde100798ba9fa1cf3f82dbaf18fd10a543 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <tgamblin@baylibre.com> +Date: Wed, 8 May 2024 11:58:09 -0400 +Subject: [PATCH] test_shutdown: skip problematic test + +This test hangs frequently when run on the Autobuilder. Disable it in +testing until the cause can be determined. + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> +--- + Lib/test/test_concurrent_futures/test_shutdown.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Lib/test/test_concurrent_futures/test_shutdown.py b/Lib/test/test_concurrent_futures/test_shutdown.py +index 7a4065afd4..6b878a48bf 100644 +--- a/Lib/test/test_concurrent_futures/test_shutdown.py ++++ b/Lib/test/test_concurrent_futures/test_shutdown.py +@@ -20,6 +20,7 @@ def sleep_and_print(t, msg): + sys.stdout.flush() + + ++@unittest.skip("skipping problematic test") + class ExecutorShutdownTest: + def test_run_after_shutdown(self): + self.executor.shutdown() +@@ -156,6 +157,7 @@ def timeout(_signum, _frame): + signal.signal(signal.SIGALRM, old_handler) + + ++@unittest.skip("skipping problematic test") + class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase): + def test_threads_terminate(self): + def acquire_lock(lock): +@@ -252,6 +254,7 @@ def test_cancel_futures_wait_false(self): + self.assertIn(out.strip(), [b"apple", b""]) + + ++@unittest.skip("skipping problematic test") + class ProcessPoolShutdownTest(ExecutorShutdownTest): + def test_processes_terminate(self): + def acquire_lock(lock): +-- +2.45.0 + diff --git a/poky/meta/recipes-devtools/python/python3_3.12.3.bb b/poky/meta/recipes-devtools/python/python3_3.12.4.bb index b49a58a101..0cb84b91b4 100644 --- a/poky/meta/recipes-devtools/python/python3_3.12.3.bb +++ b/poky/meta/recipes-devtools/python/python3_3.12.4.bb @@ -30,13 +30,14 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \ file://0001-test_storlines-skip-due-to-load-variability.patch \ file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \ + file://0001-test_shutdown-skip-problematic-test.patch \ " SRC_URI:append:class-native = " \ file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ " -SRC_URI[sha256sum] = "56bfef1fdfc1221ce6720e43a661e3eb41785dd914ce99698d8c7896af4bdaa1" +SRC_URI[sha256sum] = "f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 4501f84c2b..d22bc31ce3 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -42,6 +42,11 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-6683.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ + file://CVE-2024-3446-01.patch \ + file://CVE-2024-3446-02.patch \ + file://CVE-2024-3446-03.patch \ + file://CVE-2024-3446-04.patch \ + file://CVE-2024-3567.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch new file mode 100644 index 0000000000..15dbca92cd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch @@ -0,0 +1,73 @@ +rom eb546a3f49f45e6870ec91d792cd09f8a662c16e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Thu, 4 Apr 2024 20:56:11 +0200 +Subject: [PATCH] hw/virtio: Introduce virtio_bh_new_guarded() helper +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded() +but using the transport memory guard, instead of the device one +(there can only be one virtio device per virtio bus). + +Inspired-by: Gerd Hoffmann <kraxel@redhat.com> +Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Message-Id: <20240409105537.18308-2-philmd@linaro.org> +(cherry picked from commit ec0504b989ca61e03636384d3602b7bf07ffe4da) +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e] +CVE: CVE-2024-3446 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + hw/virtio/virtio.c | 10 ++++++++++ + include/hw/virtio/virtio.h | 7 +++++++ + 2 files changed, 17 insertions(+) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index 3a160f86e..8590b8971 100644 +--- a/hw/virtio/virtio.c ++++ b/hw/virtio/virtio.c +@@ -4095,3 +4095,13 @@ static void virtio_register_types(void) + } + + type_init(virtio_register_types) ++ ++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev, ++ QEMUBHFunc *cb, void *opaque, ++ const char *name) ++{ ++ DeviceState *transport = qdev_get_parent_bus(dev)->parent; ++ ++ return qemu_bh_new_full(cb, opaque, name, ++ &transport->mem_reentrancy_guard); ++} +diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h +index c8f72850b..7d5ffdc14 100644 +--- a/include/hw/virtio/virtio.h ++++ b/include/hw/virtio/virtio.h +@@ -22,6 +22,7 @@ + #include "standard-headers/linux/virtio_config.h" + #include "standard-headers/linux/virtio_ring.h" + #include "qom/object.h" ++#include "block/aio.h" + + /* + * A guest should never accept this. It implies negotiation is broken +@@ -508,4 +509,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev) + bool virtio_legacy_allowed(VirtIODevice *vdev); + bool virtio_legacy_check_disabled(VirtIODevice *vdev); + ++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev, ++ QEMUBHFunc *cb, void *opaque, ++ const char *name); ++#define virtio_bh_new_guarded(dev, cb, opaque) \ ++ virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb))) ++ + #endif +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch new file mode 100644 index 0000000000..843ed43ba8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch @@ -0,0 +1,48 @@ +From 4f01537ced3e787bd985b8f8de5869b92657160a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Thu, 4 Apr 2024 20:56:41 +0200 +Subject: [PATCH] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() +so the bus and device use the same guard. Otherwise the +DMA-reentrancy protection can be bypassed. + +Fixes: CVE-2024-3446 +Cc: qemu-stable@nongnu.org +Suggested-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Message-Id: <20240409105537.18308-5-philmd@linaro.org> +(cherry picked from commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc) +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a] +CVE: CVE-2024-3446 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + hw/virtio/virtio-crypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 0e2cc8d5a..4aaced74b 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) + vcrypto->vqs[i].dataq = + virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); + vcrypto->vqs[i].dataq_bh = +- qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], +- &dev->mem_reentrancy_guard); ++ virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh, ++ &vcrypto->vqs[i]); + vcrypto->vqs[i].vcrypto = vcrypto; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch new file mode 100644 index 0000000000..a24652dea3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch @@ -0,0 +1,47 @@ +From fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Thu, 4 Apr 2024 20:56:35 +0200 +Subject: [PATCH] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() +so the bus and device use the same guard. Otherwise the +DMA-reentrancy protection can be bypassed. + +Fixes: CVE-2024-3446 +Cc: qemu-stable@nongnu.org +Suggested-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Message-Id: <20240409105537.18308-4-philmd@linaro.org> +(cherry picked from commit b4295bff25f7b50de1d9cc94a9c6effd40056bca) +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3] +CVE: CVE-2024-3446 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + hw/char/virtio-serial-bus.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c +index dd619f073..1221fb7f1 100644 +--- a/hw/char/virtio-serial-bus.c ++++ b/hw/char/virtio-serial-bus.c +@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) + return; + } + +- port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, +- &dev->mem_reentrancy_guard); ++ port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port); + port->elem = NULL; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch new file mode 100644 index 0000000000..7f0293242d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch @@ -0,0 +1,52 @@ +From 1b2a52712b249e14d246cd9c7db126088e6e64db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Thu, 4 Apr 2024 20:56:27 +0200 +Subject: [PATCH] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6 + +Fixes: CVE-2024-3446 +Cc: qemu-stable@nongnu.org +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Yongkang Jia <kangel@zju.edu.cn> +Reported-by: Xiao Lei <nop.leixiao@gmail.com> +Reported-by: Yiming Tao <taoym@zju.edu.cn> +Buglink: https://bugs.launchpad.net/qemu/+bug/1888606 +Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Message-Id: <20240409105537.18308-3-philmd@linaro.org> +(cherry picked from commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132) +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db] +CVE: CVE-2024-3446 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + hw/display/virtio-gpu.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index b016d3bac..a7b16ba07 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -1463,10 +1463,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) + + g->ctrl_vq = virtio_get_queue(vdev, 0); + g->cursor_vq = virtio_get_queue(vdev, 1); +- g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, +- &qdev->mem_reentrancy_guard); +- g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, +- &qdev->mem_reentrancy_guard); ++ g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g); ++ g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g); + g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); + qemu_cond_init(&g->reset_cond); + QTAILQ_INIT(&g->reslist); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch new file mode 100644 index 0000000000..f14178f881 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch @@ -0,0 +1,48 @@ +From 1cfe45956e03070f894e91b304e233b4d5b99719 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Tue, 9 Apr 2024 19:54:05 +0200 +Subject: [PATCH] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a fragmented packet size is too short, do not try to +calculate its checksum. + +Fixes: CVE-2024-3567 +Cc: qemu-stable@nongnu.org +Reported-by: Zheyu Ma <zheyuma97@gmail.com> +Fixes: f199b13bc1 ("igb: Implement Tx SCTP CSO") +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2273 +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> +Acked-by: Jason Wang <jasowang@redhat.com> +Message-Id: <20240410070459.49112-1-philmd@linaro.org> +(cherry picked from commit 83ddb3dbba2ee0f1767442ae6ee665058aeb1093) +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719] +CVE: CVE-2024-3567 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + hw/net/net_tx_pkt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c +index 2e5f58b3c..d40d508a1 100644 +--- a/hw/net/net_tx_pkt.c ++++ b/hw/net/net_tx_pkt.c +@@ -141,6 +141,10 @@ bool net_tx_pkt_update_sctp_checksum(struct NetTxPkt *pkt) + uint32_t csum = 0; + struct iovec *pl_start_frag = pkt->vec + NET_TX_PKT_PL_START_FRAG; + ++ if (iov_size(pl_start_frag, pkt->payload_frags) < 8 + sizeof(csum)) { ++ return false; ++ } ++ + if (iov_from_buf(pl_start_frag, pkt->payload_frags, 8, &csum, sizeof(csum)) < sizeof(csum)) { + return false; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/repo/repo_2.44.bb b/poky/meta/recipes-devtools/repo/repo_2.42.bb index 875897851a..9bb5000fab 100644 --- a/poky/meta/recipes-devtools/repo/repo_2.44.bb +++ b/poky/meta/recipes-devtools/repo/repo_2.42.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRC_URI = "git://gerrit.googlesource.com/git-repo.git;protocol=https;branch=main \ " -SRCREV = "fff1d2d74c2078b62cc9c2561330e41a842dc197" +SRCREV = "5554572f02537b8646139d59ab520e59e1d5f7b3" MIRRORS += "git://gerrit.googlesource.com/git-repo.git git://github.com/GerritCodeReview/git-repo.git" diff --git a/poky/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/poky/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch index 2379de84f2..8895adad74 100644 --- a/poky/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch +++ b/poky/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -1,4 +1,4 @@ -From 2beb35c34c45320144f37b12ef4d72fb8734280e Mon Sep 17 00:00:00 2001 +From 651425fced0691d9063fe417388ba6ca1c38c40b Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 29 Aug 2022 19:53:28 -0700 Subject: [PATCH] Add missing prototypes to function declarations @@ -15,6 +15,7 @@ Fixes errors like Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html] Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- checksum.c | 2 +- exclude.c | 2 +- @@ -29,10 +30,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 10 files changed, 12 insertions(+), 13 deletions(-) diff --git a/checksum.c b/checksum.c -index cb21882..736818b 100644 +index 60de365..67a9e16 100644 --- a/checksum.c +++ b/checksum.c -@@ -779,7 +779,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) +@@ -778,7 +778,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) } #endif @@ -42,7 +43,7 @@ index cb21882..736818b 100644 #if defined SUPPORT_XXH3 || defined USE_OPENSSL struct name_num_item *nni; diff --git a/exclude.c b/exclude.c -index 87edbcf..ae0de2f 100644 +index ffe55b1..a85ea76 100644 --- a/exclude.c +++ b/exclude.c @@ -363,7 +363,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end) @@ -95,10 +96,10 @@ index e4ba1cc..8482b71 100644 int options = LOG_PID; diff --git a/main.c b/main.c -index 0c60b86..4bc664a 100644 +index d2a7b9b..c50af45 100644 --- a/main.c +++ b/main.c -@@ -246,7 +246,7 @@ void read_del_stats(int f) +@@ -244,7 +244,7 @@ void read_del_stats(int f) stats.deleted_files += stats.deleted_specials = read_varint(f); } diff --git a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 0c9ce8b8e3..92ed1f4419 100644 --- a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From f446686c26c499e15ef17d495a93cfbc20e16090 Mon Sep 17 00:00:00 2001 +From 81700d1a0e51391028c761cc8ef1cd660084d114 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -8,15 +8,16 @@ generally overcomplicated, and we ensure that autoreconf is invoked if required. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@intel.com> + --- Makefile.in | 54 ----------------------------------------------------- 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index a1253e5..a084935 100644 +index 3cde955..d963a70 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -192,60 +192,6 @@ gensend: gen +@@ -190,60 +190,6 @@ gensend: gen fi rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.3.0.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb index b42026331d..130581a785 100644 --- a/poky/meta/recipes-devtools/rsync/rsync_3.3.0.bb +++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -16,7 +16,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://determism.patch \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ " -SRC_URI[sha256sum] = "7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90" +SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" inherit autotools-brokensep diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch index 7402e76333..2e3156880e 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch @@ -1,7 +1,7 @@ -From caa03f46a3204a7e0f0e5d9d9cc9113304dc0382 Mon Sep 17 00:00:00 2001 +From a6e12b25a54d112c899b70c89c0bec9c5e5ebf3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> Date: Mon, 30 Sep 2019 16:57:01 +0100 -Subject: [PATCH] extmk: fix cross-compilation of external gems +Subject: [PATCH 1/3] extmk: fix cross-compilation of external gems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,10 +16,10 @@ Signed-off-by: André Draszik <andre.draszik@jci.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/extmk.rb b/ext/extmk.rb -index 428ffc9..87eff71 100755 +index 1389dc4117..e4d923d7a7 100755 --- a/ext/extmk.rb +++ b/ext/extmk.rb -@@ -420,8 +420,8 @@ else +@@ -413,8 +413,8 @@ def $mflags.defined?(var) end $ruby = [$ruby] $ruby << "-I'$(topdir)'" @@ -29,3 +29,6 @@ index 428ffc9..87eff71 100755 $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout ENV["RUBYLIB"] = "-" end +-- +2.23.0.rc1 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch new file mode 100644 index 0000000000..1dff9c0f8c --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch @@ -0,0 +1,52 @@ +From 6b3c202b46b9312c5bb0789145f13d8086e70948 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 15 Jan 2023 02:34:17 -0800 +Subject: [PATCH] fiddle: Use C11 _Alignof to define ALIGN_OF when possible + +WG14 N2350 made very clear that it is an UB having type definitions +within "offsetof" [1]. This patch enhances the implementation of macro +ALIGN_OF to use builtin "_Alignof" to avoid undefined behavior +when using std=c11 or newer + +clang 16+ has started to flag this [2] + +Fixes build when using -std >= gnu11 and using clang16+ + +Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it +may support C11, exclude those compiler versions + +[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm +[2] https://reviews.llvm.org/D133574 + +Upstream-Status: Submitted [https://github.com/ruby/fiddle/pull/120] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + ext/fiddle/fiddle.h | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/ext/fiddle/fiddle.h b/ext/fiddle/fiddle.h +index 10eb9ce..ffb395e 100644 +--- a/ext/fiddle/fiddle.h ++++ b/ext/fiddle/fiddle.h +@@ -196,7 +196,17 @@ + #endif + #define TYPE_UINTPTR_T (-TYPE_INTPTR_T) + +-#define ALIGN_OF(type) offsetof(struct {char align_c; type align_x;}, align_x) ++/* GCC releases before GCC 4.9 had a bug in _Alignof. See GCC bug 52023 ++ <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>. ++ clang versions < 8.0.0 have the same bug. */ ++#if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \ ++ || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \ ++ && !defined __clang__) \ ++ || (defined __clang__ && __clang_major__ < 8)) ++# define ALIGN_OF(type) offsetof(struct {char align_c; type align_x;}, align_x) ++#else ++# define ALIGN_OF(type) _Alignof(type) ++#endif + + #define ALIGN_VOIDP ALIGN_OF(void*) + #define ALIGN_CHAR ALIGN_OF(char) +-- +2.39.0 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch new file mode 100644 index 0000000000..226ef3af75 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch @@ -0,0 +1,32 @@ +From 2368d07660a93a2c41d63f3ab6054ca4daeef820 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 17 Nov 2020 18:31:40 +0000 +Subject: [PATCH] template/Makefile.in: do not write host cross-cc items into + target config + +This helps reproducibility. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + template/Makefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/template/Makefile.in b/template/Makefile.in +index 10dc826..940ee07 100644 +--- a/template/Makefile.in ++++ b/template/Makefile.in +@@ -657,11 +657,11 @@ mjit_config.h: + echo '#endif'; \ + quote MJIT_MIN_HEADER_NAME "$(MJIT_MIN_HEADER_NAME)"; \ + sep=,; \ +- quote "MJIT_CC_COMMON " $(MJIT_CC); \ ++ quote "MJIT_CC_COMMON " ; \ + quote "MJIT_CFLAGS MJIT_ARCHFLAG" $(MJIT_CFLAGS); \ + quote "MJIT_OPTFLAGS " $(MJIT_OPTFLAGS); \ + quote "MJIT_DEBUGFLAGS " $(MJIT_DEBUGFLAGS); \ +- quote "MJIT_LDSHARED " $(MJIT_LDSHARED); \ ++ quote "MJIT_LDSHARED " ; \ + quote "MJIT_DLDFLAGS MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \ + quote "MJIT_LIBS " $(LIBRUBYARG_SHARED); \ + quote 'PRELOADENV "@PRELOADENV@"'; \ diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch index 67054d6553..f7b7adb3fd 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch @@ -1,4 +1,4 @@ -From 980dcc5380db6f03451357140ae1487117300156 Mon Sep 17 00:00:00 2001 +From dfb22e4d6662bf72879eda806eaa78c7b52b519e Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 25 Jan 2022 20:29:14 -0800 Subject: [PATCH] vm_dump.c: Define REG_S1 and REG_S2 for musl/riscv @@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 5 insertions(+) diff --git a/vm_dump.c b/vm_dump.c -index 444be4a..8a081a7 100644 +index a98f5aa..957b785 100644 --- a/vm_dump.c +++ b/vm_dump.c @@ -39,6 +39,11 @@ @@ -29,3 +29,6 @@ index 444be4a..8a081a7 100644 #define VM_CFP_CNT(ec, cfp) \ ((rb_control_frame_t *)((ec)->vm_stack + (ec)->vm_stack_size) - \ (rb_control_frame_t *)(cfp)) +-- +2.35.0 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch b/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch index f3a65e785d..96ae86263b 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch @@ -1,19 +1,20 @@ -From 7f7facb85bd65adec24230fe8ca7f6a9863a1fd0 Mon Sep 17 00:00:00 2001 +From 21d8e7700fa0a9c4bf569dd366134060ae858832 Mon Sep 17 00:00:00 2001 From: Christopher Larson <chris_larson@mentor.com> Date: Thu, 5 May 2016 10:59:07 -0700 Subject: [PATCH] Obey LDFLAGS for the link of libruby Signed-off-by: Christopher Larson <chris_larson@mentor.com> Upstream-Status: Pending + --- template/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/Makefile.in b/template/Makefile.in -index 8c462f2..2200c8c 100644 +index 1456313..15b98a4 100644 --- a/template/Makefile.in +++ b/template/Makefile.in -@@ -115,7 +115,7 @@ ENABLE_SHARED = @ENABLE_SHARED@ +@@ -127,7 +127,7 @@ ENABLE_SHARED = @ENABLE_SHARED@ LDSHARED = @LIBRUBY_LDSHARED@ DLDSHARED = @DLDSHARED@ XDLDFLAGS = @DLDFLAGS@ @@ -21,4 +22,4 @@ index 8c462f2..2200c8c 100644 +DLDFLAGS = @LIBRUBY_DLDFLAGS@ @LDFLAGS@ $(XLDFLAGS) $(ARCH_FLAG) SOLIBS = @SOLIBS@ ENABLE_DEBUG_ENV = @ENABLE_DEBUG_ENV@ - MAINLIBS = @MAINLIBS@ + MAINLIBS = $(YJIT_LIBS) @MAINLIBS@ diff --git a/poky/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch b/poky/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch new file mode 100644 index 0000000000..2efbad7513 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch @@ -0,0 +1,42 @@ +Subject: [PATCH] template/Makefile.in: filter out -f*prefix-map + +If we add DEBUG_PREFIX_MAP into LDFLAGS, ruby and ruby-dbg are no longer +reproducible. Fix this. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Tony Battersby <tonyb@cybernetics.com> +--- +--- a/tool/mjit_archflag.sh ++++ b/tool/mjit_archflag.sh +@@ -7,6 +7,20 @@ quote() { + echo + } + ++quote_filtered() { ++ printf "#${indent}define $1" ++ while shift && [ "$#" -gt 0 ]; do ++ case "$1" in ++ -ffile-prefix-map=*|-fdebug-prefix-map=*|-fmacro-prefix-map=*) ++ ;; ++ *) ++ printf ' "%s"'$sep "$1" ++ ;; ++ esac ++ done ++ echo ++} ++ + archs="" + arch_flag="" + +--- a/template/Makefile.in ++++ b/template/Makefile.in +@@ -666,7 +666,7 @@ mjit_config.h: + quote "MJIT_OPTFLAGS " $(MJIT_OPTFLAGS); \ + quote "MJIT_DEBUGFLAGS " $(MJIT_DEBUGFLAGS); \ + quote "MJIT_LDSHARED " ; \ +- quote "MJIT_DLDFLAGS MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \ ++ quote_filtered "MJIT_DLDFLAGS MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \ + quote "MJIT_LIBS " $(LIBRUBYARG_SHARED); \ + quote 'PRELOADENV "@PRELOADENV@"'; \ + indent=$${archs:+' '}; \ diff --git a/poky/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch b/poky/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch index e2d5b57c25..f92f0e1ba6 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch @@ -1,7 +1,6 @@ -From 5079e678ce2a81416088c04f9123cd8207d5def2 Mon Sep 17 00:00:00 2001 From: Christian Hofstaedtler <zeha@debian.org> Date: Tue, 10 Oct 2017 15:04:34 -0300 -Subject: [PATCH] rdoc: build reproducible documentation +Subject: rdoc: build reproducible documentation - provide a fixed timestamp to the gzip compression @@ -11,24 +10,23 @@ Signed-off-by: Antonio Terceiro <terceiro@debian.org> Signed-off-by: Christian Hofstaedtler <zeha@debian.org> --- lib/rdoc/generator/json_index.rb | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + lib/rdoc/rdoc.rb | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) -diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb -index c454910..24feab0 100644 --- a/lib/rdoc/generator/json_index.rb +++ b/lib/rdoc/generator/json_index.rb -@@ -178,7 +178,7 @@ class RDoc::Generator::JsonIndex +@@ -178,7 +178,7 @@ debug_msg "Writing gzipped search index to %s" % outfile - + Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(search_index_file) + gz.mtime = -1 gz.orig_name = search_index_file.basename.to_s gz.write search_index gz.close -@@ -196,7 +196,7 @@ class RDoc::Generator::JsonIndex +@@ -196,7 +196,7 @@ debug_msg "Writing gzipped file to %s" % outfile - + Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(dest) + gz.mtime = -1 diff --git a/poky/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch b/poky/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch index b14a731cfb..e0aca0dcfc 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch @@ -1,7 +1,6 @@ -From 99734381652602f76075017576a819c427ebb5f2 Mon Sep 17 00:00:00 2001 From: Reiner Herrmann <reiner@reiner-h.de> Date: Tue, 10 Oct 2017 15:06:13 -0300 -Subject: [PATCH] lib/mkmf.rb: sort list of object files in generated Makefile +Subject: lib/mkmf.rb: sort list of object files in generated Makefile Without sorting the list explicitly, its order is indeterministic, because readdir() is also not deterministic. @@ -16,11 +15,9 @@ Signed-off-by: Reiner Herrmann <reiner@reiner-h.de> lib/mkmf.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/mkmf.rb b/lib/mkmf.rb -index 6da7dde..3af30a9 100644 --- a/lib/mkmf.rb +++ b/lib/mkmf.rb -@@ -2368,7 +2368,7 @@ LOCAL_LIBS = #{$LOCAL_LIBS} +@@ -2315,7 +2315,7 @@ LIBS = #{$LIBRUBYARG} #{$libs} #{$LIBS} ORIG_SRCS = #{orig_srcs.collect(&File.method(:basename)).join(' ')} SRCS = $(ORIG_SRCS) #{(srcs - orig_srcs).collect(&File.method(:basename)).join(' ')} diff --git a/poky/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch b/poky/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch index 24268625a2..41f206523e 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch @@ -1,4 +1,4 @@ -From 3bc324379aa3e322bad9353da8c0064cd671cc74 Mon Sep 17 00:00:00 2001 +From 6e1dc610724a7aa8368cbcddf4bbe21cccc0f731 Mon Sep 17 00:00:00 2001 From: Lucas Kanashiro <kanashiro@debian.org> Date: Fri, 1 Nov 2019 15:25:17 -0300 Subject: [PATCH] Make gemspecs reproducible @@ -12,20 +12,20 @@ Upstream-Status: Backport [debian] 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb -index a0c7faa..f0722d9 100644 +index 0d72cee..eb7bc25 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb -@@ -1774,7 +1774,9 @@ class Gem::Specification < Gem::BasicSpecification - raise(Gem::InvalidSpecificationException, - "invalid date format in specification: #{date.inspect}") - end -- when Time, DateLike then -+ when Time then -+ Time.utc(date.utc.year, date.utc.month, date.utc.day) -+ when DateLike then - Time.utc(date.year, date.month, date.day) - else - TODAY +@@ -1691,7 +1691,9 @@ class Gem::Specification < Gem::BasicSpecification + raise(Gem::InvalidSpecificationException, + "invalid date format in specification: #{date.inspect}") + end +- when Time, DateLike then ++ when Time then ++ Time.utc(date.utc.year, date.utc.month, date.utc.day) ++ when DateLike then + Time.utc(date.year, date.month, date.day) + else + TODAY -- -2.39.2 +2.25.1 diff --git a/poky/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch b/poky/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch index 21604dfc34..0a87cae17f 100644 --- a/poky/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch +++ b/poky/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch @@ -1,4 +1,4 @@ -From 1dc7ef09c3c567c4adb09ccfd97e0e59c58edb9f Mon Sep 17 00:00:00 2001 +From 3f60710bc29c1b08e128314d40101e87b7d2c9a1 Mon Sep 17 00:00:00 2001 From: Lucas Kanashiro <kanashiro@debian.org> Date: Fri, 1 Nov 2019 15:25:17 -0300 Subject: [PATCH] Make gemspecs reproducible @@ -7,6 +7,7 @@ Without an explicit date, they will get the current date and make the build unreproducible Upstream-Status: Backport [debian] + --- ext/bigdecimal/bigdecimal.gemspec | 1 + ext/fiddle/fiddle.gemspec | 1 + @@ -16,12 +17,12 @@ Upstream-Status: Backport [debian] 5 files changed, 5 insertions(+) diff --git a/ext/bigdecimal/bigdecimal.gemspec b/ext/bigdecimal/bigdecimal.gemspec -index f9f3b45..b9a469d 100644 +index d215757..5148d56 100644 --- a/ext/bigdecimal/bigdecimal.gemspec +++ b/ext/bigdecimal/bigdecimal.gemspec -@@ -14,6 +14,7 @@ Gem::Specification.new do |s| - s.name = name - s.version = source_version +@@ -4,6 +4,7 @@ Gem::Specification.new do |s| + s.name = "bigdecimal" + s.version = "3.1.3" s.authors = ["Kenta Murata", "Zachary Scott", "Shigeo Kobayashi"] + s.date = RUBY_RELEASE_DATE s.email = ["mrkn@mrkn.jp"] @@ -40,10 +41,10 @@ index 8781093..efdca32 100644 spec.email = ["aaron@tenderlovemaking.com", "hsbt@ruby-lang.org"] diff --git a/ext/io/console/io-console.gemspec b/ext/io/console/io-console.gemspec -index d4f5276..8f89611 100644 +index d26a757..cc88c55 100644 --- a/ext/io/console/io-console.gemspec +++ b/ext/io/console/io-console.gemspec -@@ -4,6 +4,7 @@ _VERSION = "0.7.1" +@@ -4,6 +4,7 @@ _VERSION = "0.6.0" Gem::Specification.new do |s| s.name = "io-console" s.version = _VERSION @@ -64,7 +65,7 @@ index 1f4798e..48743cf 100644 spec.email = ["knu@idaemons.org", "ume@mahoroba.org"] diff --git a/lib/rdoc/rdoc.gemspec b/lib/rdoc/rdoc.gemspec -index 93a281c..cc5c155 100644 +index 3c96f7d..fec0872 100644 --- a/lib/rdoc/rdoc.gemspec +++ b/lib/rdoc/rdoc.gemspec @@ -7,6 +7,7 @@ end diff --git a/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch new file mode 100644 index 0000000000..17c7e30176 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch @@ -0,0 +1,56 @@ +From 2ebb50d2dc302917a6f57c1239dc9e700dfe0e34 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <nobu@ruby-lang.org> +Date: Thu, 27 Jul 2023 15:53:01 +0800 +Subject: [PATCH] Fix quadratic backtracking on invalid relative URI + +https://hackerone.com/reports/1958260 + +CVE: CVE-2023-36617 + +Upstream-Status: Backport [https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/uri/rfc2396_parser.rb | 4 ++-- + test/uri/test_parser.rb | 12 ++++++++++++ + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb +index 76a8f99..00c66cf 100644 +--- a/lib/uri/rfc2396_parser.rb ++++ b/lib/uri/rfc2396_parser.rb +@@ -497,8 +497,8 @@ module URI + ret = {} + + # for URI::split +- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) +- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) + + # for URI::extract + ret[:URI_REF] = Regexp.new(pattern[:URI_REF]) +diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb +index 72fb590..721e05e 100644 +--- a/test/uri/test_parser.rb ++++ b/test/uri/test_parser.rb +@@ -79,4 +79,16 @@ class URI::TestParser < Test::Unit::TestCase + assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com")) + assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]")) + end ++ ++ def test_rfc2822_parse_relative_uri ++ pre = ->(length) { ++ " " * length + "\0" ++ } ++ parser = URI::RFC2396_Parser.new ++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri| ++ assert_raise(URI::InvalidURIError) do ++ parser.split(uri) ++ end ++ end ++ end + end +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch new file mode 100644 index 0000000000..7c51deaa42 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch @@ -0,0 +1,52 @@ +From eea5868120509c245216c4b5c2d4b5db1c593d0e Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <nobu@ruby-lang.org> +Date: Thu, 27 Jul 2023 16:16:30 +0800 +Subject: [PATCH] Fix quadratic backtracking on invalid port number + +https://hackerone.com/reports/1958260 + +CVE: CVE-2023-36617 + +Upstream-Status: Backport [https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/uri/rfc3986_parser.rb | 2 +- + test/uri/test_parser.rb | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb +index dd24a40..9b1663d 100644 +--- a/lib/uri/rfc3986_parser.rb ++++ b/lib/uri/rfc3986_parser.rb +@@ -100,7 +100,7 @@ module URI + QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + OPAQUE: /\A(?:[^\/].*)?\z/, +- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/, ++ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/, + } + end + +diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb +index 721e05e..cee0acb 100644 +--- a/test/uri/test_parser.rb ++++ b/test/uri/test_parser.rb +@@ -91,4 +91,14 @@ class URI::TestParser < Test::Unit::TestCase + end + end + end ++ ++ def test_rfc3986_port_check ++ pre = ->(length) {"\t" * length + "a"} ++ uri = URI.parse("http://my.example.com") ++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port| ++ assert_raise(URI::InvalidComponentError) do ++ uri.port = port ++ end ++ end ++ end + end +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch b/poky/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch new file mode 100644 index 0000000000..b78e3db892 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch @@ -0,0 +1,35 @@ +From e74b57febec9bd806e29025e6eeb8091e7021d75 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 26 Jan 2020 11:27:40 -0800 +Subject: [PATCH] Filter out __has_include* compiler defines + +They are internal to compiler and this header is later on includes in C +files, but newer gcc >= 10 complains about it. + +error in initial header file: +| In file included from /tmp/20200124-86625-14hiju4.c:1: +| /tmp/20200124-86625-11y6l6i.h:13849:9: error: "__has_include" cannot be used as a macro name +| 13849 | #define __has_include __has_include +| | ^~~~~~~~~~~~~ +| compilation terminated due to -Wfatal-errors. + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + common.mk | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/common.mk b/common.mk +index 664f750..3b8fbe6 100644 +--- a/common.mk ++++ b/common.mk +@@ -238,6 +238,8 @@ $(TIMESTAMPDIR)/$(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).time: probes.h vm.$(OBJE + $(ECHO) building $(@F:.time=.h) + $(Q)$(MINIRUBY) $(tooldir)/mjit_tabs.rb "$(MJIT_TABS)" \ + $(CPP) -DMJIT_HEADER $(MJIT_HEADER_FLAGS) $(CFLAGS) $(XCFLAGS) $(CPPFLAGS) $(srcdir)/vm.c $(CPPOUTFLAG)$(@F:.time=.h).new ++ $(Q)sed -i -e "/#define __has_include __has_include/d" $(@F:.time=.h).new ++ $(Q)sed -i -e "/#define __has_include_next __has_include_next/d" $(@F:.time=.h).new + $(Q) $(IFCHANGE) "--timestamp=$@" $(@F:.time=.h) $(@F:.time=.h).new + + $(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).h: $(TIMESTAMPDIR)/$(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).time diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.3.0.bb b/poky/meta/recipes-devtools/ruby/ruby_3.2.2.bb index 17eb6d73c2..d1359e388c 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.3.0.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.2.2.bb @@ -10,7 +10,7 @@ LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \ file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \ file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LEGAL;md5=81e6a4d81533b9263da4c3485a0ad883 \ + file://LEGAL;md5=bcd74b47bbaf2051c5e49811a5faa97a \ " DEPENDS = "zlib openssl libyaml gdbm readline libffi" @@ -21,12 +21,18 @@ SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://0001-extmk-fix-cross-compilation-of-external-gems.patch \ file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ + file://remove_has_include_macros.patch \ file://run-ptest \ + file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ + file://0002-template-Makefile.in-filter-out-f-prefix-map.patch \ file://0003-rdoc-build-reproducible-documentation.patch \ file://0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch \ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ + file://0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch \ + file://CVE-2023-36617_1.patch \ + file://CVE-2023-36617_2.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" @@ -47,7 +53,7 @@ do_configure:prepend() { DEPENDS:append:libc-musl = " libucontext" -SRC_URI[sha256sum] = "96518814d9832bece92a85415a819d4893b307db5921ae1f0f751a9a89a56b7d" +SRC_URI[sha256sum] = "96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service index b6b81d5c1a..1ce19abcaf 100644 --- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service +++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service @@ -7,7 +7,7 @@ Before=sysinit.target [Service] Type=oneshot ExecStart=#SBINDIR#/run-postinsts -ExecStartPost=#BASE_BINDIR#/systemctl --no-reload disable run-postinsts.service +ExecStartPost=#BASE_BINDIR#/systemctl disable run-postinsts.service RemainAfterExit=yes TimeoutSec=0 diff --git a/poky/meta/recipes-devtools/tcltk/tcl/alter-includedir.patch b/poky/meta/recipes-devtools/tcltk/tcl/alter-includedir.patch index bfc718cfd3..96d0ab2ad4 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/alter-includedir.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/alter-includedir.patch @@ -1,4 +1,4 @@ -From 3130dca60636dc12d0d12df75b002fd123349e21 Mon Sep 17 00:00:00 2001 +From 27e5595c065ce3af687818555a882ab5e1dfbc2b Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Tue, 22 Nov 2022 18:48:27 +0800 Subject: [PATCH] tcl: update the header location @@ -19,6 +19,7 @@ to detect tcl doesn't find the header. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + --- unix/Makefile.in | 2 +- unix/configure.in | 4 ++-- @@ -26,7 +27,7 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/unix/Makefile.in b/unix/Makefile.in -index a3b7d69..969ddb8 100644 +index 0b8179f..4824b28 100644 --- a/unix/Makefile.in +++ b/unix/Makefile.in @@ -57,7 +57,7 @@ SCRIPT_INSTALL_DIR = $(INSTALL_ROOT)$(TCL_LIBRARY) @@ -39,10 +40,10 @@ index a3b7d69..969ddb8 100644 # Path to the private tcl header dir: PRIVATE_INCLUDE_DIR = @PRIVATE_INCLUDE_DIR@ diff --git a/unix/configure.in b/unix/configure.in -index 4974fb6..a72934f 100644 +index 0354a0b..2d0c00f 100644 --- a/unix/configure.in +++ b/unix/configure.in -@@ -776,7 +776,7 @@ eval "TCL_LIB_FILE=libtcl${LIB_SUFFIX}" +@@ -774,7 +774,7 @@ eval "TCL_LIB_FILE=libtcl${LIB_SUFFIX}" eval "TCL_LIB_FILE=${TCL_LIB_FILE}" test -z "$TCL_LIBRARY" && TCL_LIBRARY='$(libdir)/tcl$(VERSION)' @@ -51,7 +52,7 @@ index 4974fb6..a72934f 100644 HTML_DIR='$(DISTDIR)/html' # Note: in the following variable, it's important to use the absolute -@@ -897,7 +897,7 @@ TCL_BUILD_STUB_LIB_PATH="`pwd`/${TCL_STUB_LIB_FILE}" +@@ -895,7 +895,7 @@ TCL_BUILD_STUB_LIB_PATH="`pwd`/${TCL_STUB_LIB_FILE}" TCL_STUB_LIB_PATH="${TCL_STUB_LIB_DIR}/${TCL_STUB_LIB_FILE}" # Install time header dir can be set via --includedir diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_issue_with_old_distro_glibc.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_issue_with_old_distro_glibc.patch new file mode 100644 index 0000000000..2c31cec8e3 --- /dev/null +++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_issue_with_old_distro_glibc.patch @@ -0,0 +1,39 @@ +Upstream-Status: Inappropriate [embedded specific] + +Fixes tcl target recipe build on old distros which have glibc older than 2.14 + +| + echo 'NOTE: make DESTDIR=/srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image install' +| NOTE: make DESTDIR=/srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image install +| + make DESTDIR=/srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image install +| Making directory /srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image/usr/lib +| Installing message catalogs +| Making directory /srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image/usr/share/man +| tclsh: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/tcl8.5.11/unix/libtcl8.5.so) +| Making directory /srv/home/nitin/builds/build-gcc47/tmp/work/x86_64-poky-linux/tcl-8.5.11-r5/image/usr/bin +| make: *** [install-msgs] Error 1 + +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> +2012/04/26 + +Index: unix/Makefile.in +=================================================================== +--- a/unix.orig/Makefile.in 2013-11-10 23:38:01.787425628 -0800 ++++ b/unix/Makefile.in 2013-11-10 23:37:59.807425578 -0800 +@@ -686,7 +686,7 @@ + # tcltest executable gets the build directory burned into its ld search path. + # This keeps tcltest from picking up an already installed version of the Tcl + # library. +-SHELL_ENV = @LD_LIBRARY_PATH_VAR@=`pwd`:${@LD_LIBRARY_PATH_VAR@} \ ++SHELL_ENV = @LD_LIBRARY_PATH_VAR@=${@LD_LIBRARY_PATH_VAR@} \ + TCLLIBPATH="@abs_builddir@/pkgs" \ + TCL_LIBRARY="${TCL_BUILDTIME_LIBRARY}" + +@@ -712,7 +712,7 @@ + $(SHELL_ENV) ${TCLTEST_EXE} $(TOP_DIR)/tests/all.tcl $(TESTFLAGS) + + gdb-test: ${TCLTEST_EXE} +- @echo "set env @LD_LIBRARY_PATH_VAR@=`pwd`:$${@LD_LIBRARY_PATH_VAR@}" > gdb.run ++ @echo "set env @LD_LIBRARY_PATH_VAR@=$${@LD_LIBRARY_PATH_VAR@}" > gdb.run + @echo "set env TCL_LIBRARY=${TCL_BUILDTIME_LIBRARY}" >> gdb.run + @echo "set args $(TOP_DIR)/tests/all.tcl $(TESTFLAGS) -singleproc 1" >> gdb.run + $(GDB) ${TCLTEST_EXE} --command=gdb.run diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch index 09c49daa2c..6dbef7077f 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch @@ -1,18 +1,19 @@ -From 371aa300369e9ea3234cba22d5c0babc7d40dfdf Mon Sep 17 00:00:00 2001 +From 8a6c77cdd265fe7ce35929f58f1ade0c6bc4025b Mon Sep 17 00:00:00 2001 From: Nitin A Kamble <nitin.a.kamble@intel.com> Date: Fri, 13 Aug 2010 12:24:00 -0700 Subject: [PATCH] tcl: fix a build issue Upstream-Status: Inappropriate [upstream does not support installed tests] + --- unix/Makefile.in | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/unix/Makefile.in b/unix/Makefile.in -index 9dd053d..a3b7d69 100644 +index b110fe9..d7b35a8 100644 --- a/unix/Makefile.in +++ b/unix/Makefile.in -@@ -815,7 +815,7 @@ tcltest-real: +@@ -814,23 +814,23 @@ tcltest-real: test: test-tcl test-packages test-tcl: ${TCLTEST_EXE} @@ -20,11 +21,9 @@ index 9dd053d..a3b7d69 100644 + $(SHELL_ENV) ${TCLTEST_EXE} $(TOP_DIR)/tests/all.tcl $(TESTFLAGS) gdb-test: ${TCLTEST_EXE} - @printf '%s ' set env @LD_LIBRARY_PATH_VAR@=\"`pwd`$${@LD_LIBRARY_PATH_VAR@:+:$${@LD_LIBRARY_PATH_VAR}}\" > gdb.run -@@ -824,17 +824,17 @@ gdb-test: ${TCLTEST_EXE} - @printf '\n' >>gdb.run - @printf '%s ' set args $(call shquotequote,$(TOP_DIR))/tests/all.tcl\ - $(call shquotequote,$(TESTFLAGS)) -singleproc 1 >> gdb.run + @echo "set env @LD_LIBRARY_PATH_VAR@=`pwd`:$${@LD_LIBRARY_PATH_VAR@}" > gdb.run + @echo "set env TCL_LIBRARY=${TCL_BUILDTIME_LIBRARY}" >> gdb.run + @echo "set args $(TOP_DIR)/tests/all.tcl $(TESTFLAGS) -singleproc 1" >> gdb.run - $(GDB) ./${TCLTEST_EXE} --command=gdb.run + $(GDB) ${TCLTEST_EXE} --command=gdb.run rm gdb.run @@ -42,7 +41,7 @@ index 9dd053d..a3b7d69 100644 # The following target generates the shared libraries in dltest/ that are used # for testing; they are included as part of the "tcltest" target (via the -@@ -852,28 +852,28 @@ dltest.marker: ${STUB_LIB_FILE} +@@ -848,28 +848,28 @@ dltest.marker: ${STUB_LIB_FILE} # This target can be used to run tclsh from the build directory # via `make shell SCRIPT=/tmp/foo.tcl` shell: ${TCL_EXE} diff --git a/poky/meta/recipes-devtools/tcltk/tcl/interp.patch b/poky/meta/recipes-devtools/tcltk/tcl/interp.patch index 2e0dc94cff..95d6318f64 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/interp.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/interp.patch @@ -1,19 +1,11 @@ -From 426aa2ff62dda77fd011e8f630b9d4ea17984817 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Mon, 12 Jul 2021 14:50:13 +0100 -Subject: [PATCH] tcl: fix race in interp.test - The interp-36.7 patch has race conditions and is missing cleanup. This patch by a Tcl maintainer should improve matters. Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - tests/interp.test | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/interp.test b/tests/interp.test -index d742484..fc90990 100644 +index d7424847f..fc90990f3 100644 --- a/tests/interp.test +++ b/tests/interp.test @@ -3595,17 +3595,18 @@ test interp-36.7 {ChildBgerror sets error handler of child [1999035]} -setup { diff --git a/poky/meta/recipes-devtools/tcltk/tcl/tcl-add-soname.patch b/poky/meta/recipes-devtools/tcltk/tcl/tcl-add-soname.patch index a0195e263c..3123d289a1 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/tcl-add-soname.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/tcl-add-soname.patch @@ -1,19 +1,20 @@ -From b89fd73daf9b3eb2f889f65baba5f90d8a930c82 Mon Sep 17 00:00:00 2001 +From d6155ec08b355d64f1a7db407254d159037bb72a Mon Sep 17 00:00:00 2001 From: Richard Purdie <rpurdie@linux.intel.com> Date: Wed, 9 Dec 2009 23:59:44 +0000 Subject: [PATCH] tcl: Add tcltk from OE.dev but with legacy staging function Upstream-Status: Pending + --- unix/Makefile.in | 5 ++++- unix/tcl.m4 | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/unix/Makefile.in b/unix/Makefile.in -index 7619afc..9dd053d 100644 +index 398afd0..804532e 100644 --- a/unix/Makefile.in +++ b/unix/Makefile.in -@@ -904,7 +904,10 @@ install-binaries: binaries +@@ -893,7 +893,10 @@ install-binaries: binaries done @echo "Installing $(LIB_FILE) to $(DLL_INSTALL_DIR)/" @@INSTALL_LIB@ @@ -26,10 +27,10 @@ index 7619afc..9dd053d 100644 @$(INSTALL_PROGRAM) ${TCL_EXE} "$(BIN_INSTALL_DIR)/tclsh$(VERSION)${EXE_SUFFIX}" @echo "Installing tclConfig.sh to $(CONFIG_INSTALL_DIR)/" diff --git a/unix/tcl.m4 b/unix/tcl.m4 -index 0307a06..37c4d67 100644 +index f3d08ec..797c93f 100644 --- a/unix/tcl.m4 +++ b/unix/tcl.m4 -@@ -1378,6 +1378,9 @@ AC_DEFUN([SC_CONFIG_CFLAGS], [ +@@ -1382,6 +1382,9 @@ AC_DEFUN([SC_CONFIG_CFLAGS], [ # get rid of the warnings. #CFLAGS_OPTIMIZE="${CFLAGS_OPTIMIZE} -D__NO_STRING_INLINES -D__NO_MATH_INLINES" diff --git a/poky/meta/recipes-devtools/tcltk/tcl/tcl-remove-hardcoded-install-path.patch b/poky/meta/recipes-devtools/tcltk/tcl/tcl-remove-hardcoded-install-path.patch index 93e7877256..99c5faf02c 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/tcl-remove-hardcoded-install-path.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/tcl-remove-hardcoded-install-path.patch @@ -1,4 +1,4 @@ -From 050fc597fbfa4da2c31bd0df58c871892a490470 Mon Sep 17 00:00:00 2001 +From 6efc98774681795712073c2b91e5e9d1763239b8 Mon Sep 17 00:00:00 2001 From: "Song.Li" <Song.Li@windriver.com> Date: Wed, 1 Aug 2012 19:05:51 +0800 Subject: [PATCH] tcl:install tcl to lib64 instead of lib on 64bit target @@ -13,14 +13,15 @@ Signed-off-by: Song.Li <Song.Li@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- - unix/configure.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + configure | 2 +- + configure.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/unix/configure.in b/unix/configure.in -index 4f62510..4974fb6 100644 ---- a/unix/configure.in -+++ b/unix/configure.in -@@ -775,7 +775,7 @@ eval "TCL_LIB_FILE=libtcl${LIB_SUFFIX}" +Index: unix/configure.in +=================================================================== +--- a/unix.orig/configure.in 2013-11-10 23:20:50.000000000 -0800 ++++ b/unix/configure.in 2013-11-10 23:39:41.199428131 -0800 +@@ -790,7 +790,7 @@ eval "TCL_LIB_FILE=${TCL_LIB_FILE}" diff --git a/poky/meta/recipes-devtools/tcltk/tcl_8.6.14.bb b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb index de4f5b878f..06bf900787 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl_8.6.14.bb +++ b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb @@ -19,12 +19,13 @@ BASE_SRC_URI = "${SOURCEFORGE_MIRROR}/tcl/tcl-core${PV}-src.tar.gz \ file://tcl-add-soname.patch" SRC_URI = "${BASE_SRC_URI} \ file://fix_non_native_build_issue.patch \ + file://fix_issue_with_old_distro_glibc.patch \ file://tcl-remove-hardcoded-install-path.patch \ file://alter-includedir.patch \ file://interp.patch \ file://run-ptest \ - " -SRC_URI[sha256sum] = "ff604f43862a778827d7ecd1ad7686950ac2ef48d9cf69d3424cea9de08d9a72" +" +SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f4a6642" SRC_URI:class-native = "${BASE_SRC_URI}" diff --git a/poky/meta/recipes-devtools/vala/vala/0001-gtk4-Preserve-compatibility-with-4.14.patch b/poky/meta/recipes-devtools/vala/vala/0001-gtk4-Preserve-compatibility-with-4.14.patch new file mode 100644 index 0000000000..161474086e --- /dev/null +++ b/poky/meta/recipes-devtools/vala/vala/0001-gtk4-Preserve-compatibility-with-4.14.patch @@ -0,0 +1,39 @@ +From 17349020fb95454d06f827fd555b05248f10a370 Mon Sep 17 00:00:00 2001 +From: Rico Tzschichholz <ricotz@ubuntu.com> +Date: Thu, 7 Mar 2024 17:56:05 +0100 +Subject: [PATCH] gtk4: Preserve compatibility with < 4.14 + +Don't prefer new accessor methods for Calendar.day/month/year + +Fixes https://gitlab.gnome.org/GNOME/vala/issues/1531 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vala/-/commit/e0c4ea8c4a0bbf859b5341a7465b395892789d9e] + +Signed-off-by: Markus Volk <f_l_k@t-online.de> +--- + vapi/gtk4.vapi | 3 +++ + vapi/metadata/Gtk-4.0.metadata | 5 +++++ + 2 files changed, 8 insertions(+) + +diff --git a/vapi/gtk4.vapi b/vapi/gtk4.vapi +index 49f8b2078..51ecea27d 100644 +--- a/vapi/gtk4.vapi ++++ b/vapi/gtk4.vapi +@@ -7350,11 +7350,14 @@ namespace Gtk { + [Version (since = "4.14")] + public void set_year (int year); + public void unmark_day (uint day); ++ [NoAccessorMethod] + public int day { get; set; } ++ [NoAccessorMethod] + public int month { get; set; } + public bool show_day_names { get; set; } + public bool show_heading { get; set; } + public bool show_week_numbers { get; set; } ++ [NoAccessorMethod] + public int year { get; set; } + public signal void day_selected (); + public signal void next_month (); +-- +2.44.0 + diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.16.bb b/poky/meta/recipes-devtools/vala/vala_0.56.15.bb index 1c8e4fc673..915ddd8e4d 100644 --- a/poky/meta/recipes-devtools/vala/vala_0.56.16.bb +++ b/poky/meta/recipes-devtools/vala/vala_0.56.15.bb @@ -18,8 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" -SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/${BPN}/${SHRT_VER}/${BP}.tar.xz" -SRC_URI[sha256sum] = "05487b5600f5d2f09e66a753cccd8f39c1bff9f148aea1b7774d505b9c8bca9b" +SRC_URI = " \ + http://ftp.gnome.org/pub/GNOME/sources/${BPN}/${SHRT_VER}/${BP}.tar.xz \ + file://0001-gtk4-Preserve-compatibility-with-4.14.patch \ +" +SRC_URI[sha256sum] = "535b6452ed310fd5fb5c7dd6794b6213dac3b48e645e5bff3173741ec2cb3f2b" inherit autotools pkgconfig upstream-version-is-even diff --git a/poky/meta/recipes-extended/bash/bash/0001-fix-c99.patch b/poky/meta/recipes-extended/bash/bash/0001-fix-c99.patch new file mode 100644 index 0000000000..aa810f7d4e --- /dev/null +++ b/poky/meta/recipes-extended/bash/bash/0001-fix-c99.patch @@ -0,0 +1,41 @@ +From e9ed388e760ec33dcf9e72c639946c0d0abeec26 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Wed, 19 Jun 2024 12:57:39 +0000 +Subject: [PATCH] Fix C99 problems + +Backport some fixes from upstream to fix configure checks that fail with GCC 14.1. + +Upstream-Status: Backport [devel branch] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + aclocal.m4 | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/aclocal.m4 b/aclocal.m4 +index cc97bd4..7423b99 100644 +--- a/aclocal.m4 ++++ b/aclocal.m4 +@@ -238,6 +238,9 @@ AC_CACHE_VAL(bash_cv_dup2_broken, + #include <sys/types.h> + #include <fcntl.h> + #include <stdlib.h> ++#ifdef HAVE_UNISTD_H ++# include <unistd.h> ++#endif /* HAVE_UNISTD_H */ + int + main() + { +diff --git a/configure.ac b/configure.ac +index a3b5bd7..2a38c6b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -842,7 +842,7 @@ AC_CHECK_DECLS([strtold], [ + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include <stdlib.h>]], +- [[long double r; char *foo, bar; r = strtold(foo, &bar);]] ++ [[long double r; char *foo, *bar; r = strtold(foo, &bar);]] + )], + [bash_cv_strtold_broken=no],[bash_cv_strtold_broken=yes]) + ] diff --git a/poky/meta/recipes-extended/bash/bash/build-tests.patch b/poky/meta/recipes-extended/bash/bash/build-tests.patch index ea38bace9b..c1b9b8261f 100644 --- a/poky/meta/recipes-extended/bash/bash/build-tests.patch +++ b/poky/meta/recipes-extended/bash/bash/build-tests.patch @@ -4,7 +4,7 @@ Date: Wed, 19 Dec 2012 17:18:31 +0100 Subject: [PATCH] Add 'ptest' target to Makefile, to run tests without checking dependencies. -Upstream-Status: Pending +Upstream-Status: Inappropriate [ptest specific] Signed-off-by: Anders Roxell <anders.roxell@enea.com> Rebase to 5.0 diff --git a/poky/meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch b/poky/meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch new file mode 100644 index 0000000000..60f1852316 --- /dev/null +++ b/poky/meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch @@ -0,0 +1,34 @@ +From 59ddfda14e3c9aa6286bb4c4c0748f7c1324a65a Mon Sep 17 00:00:00 2001 +From: Chet Ramey <chet.ramey@case.edu> +Date: Fri, 7 Apr 2023 00:28:46 -0700 +Subject: [PATCH] $(<nosuchfile) is no longer a fatal error with errexit + enabled + +This is a trimmed-down version of a commit in the bash 'devel' branch +[1] that contains this fix as well as other unrelated ones. + +[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=ec9447ce9392a0f93d96789c3741285fede8a150 + +Upstream-Status: Backport + +Signed-off-by: Zev Weiss <zev@bewilderbeest.net> +--- + builtins/evalstring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/builtins/evalstring.c b/builtins/evalstring.c +index df3dd68e2a7e..6612081cd646 100644 +--- a/builtins/evalstring.c ++++ b/builtins/evalstring.c +@@ -753,7 +753,7 @@ open_redir_file (r, fnp) + fd = open(fn, O_RDONLY); + if (fd < 0) + { +- file_error (fn); ++ internal_error ("%s: %s", fn, strerror (errno)); + free (fn); + if (fnp) + *fnp = 0; +-- +2.40.0 + diff --git a/poky/meta/recipes-extended/bash/bash_5.2.21.bb b/poky/meta/recipes-extended/bash/bash_5.2.21.bb index 46d921bbe6..ccfe5c47a7 100644 --- a/poky/meta/recipes-extended/bash/bash_5.2.21.bb +++ b/poky/meta/recipes-extended/bash/bash_5.2.21.bb @@ -13,6 +13,8 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ file://fix-run-builtins.patch \ file://use_aclocal.patch \ file://0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch \ + file://fix-filesubst-errexit.patch \ + file://0001-fix-c99.patch \ " SRC_URI[tarball.sha256sum] = "c8e31bdc59b69aaffc5b36509905ba3e5cbb12747091d27b4b977f078560d5b8" diff --git a/poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch index 20572b55c4..35229ae890 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch +++ b/poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch @@ -303,7 +303,7 @@ index 9396e1d..d0bb181 100644 + PWDICT tmp_pwp; + + memcpy(&tmp_pwp, pwp, sizeof(PWDICT)); -+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); ++ HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); + fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp); } } diff --git a/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb b/poky/meta/recipes-extended/cronie/cronie_1.7.2.bb index 854b68163c..abdaff644d 100644 --- a/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb +++ b/poky/meta/recipes-extended/cronie/cronie_1.7.2.bb @@ -25,7 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/cronie-${PV}/cronie-${PV}.tar.gz \ PAM_SRC_URI = "file://crond_pam_config.patch" PAM_DEPS = "libpam libpam-runtime pam-plugin-access pam-plugin-loginuid" -SRC_URI[sha256sum] = "78033100c24413f0c40f93e6138774d6a4f55bc31050567b90db45a2f9f1b954" +SRC_URI[sha256sum] = "f1da374a15ba7605cf378347f96bc8b678d3d7c0765269c8242cfe5b0789c571" inherit autotools update-rc.d useradd systemd github-releases UPSTREAM_CHECK_REGEX = "releases/tag/cronie-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-extended/cups/cups_2.4.7.bb b/poky/meta/recipes-extended/cups/cups_2.4.9.bb index f4b0282e4c..e0a3522004 100644 --- a/poky/meta/recipes-extended/cups/cups_2.4.7.bb +++ b/poky/meta/recipes-extended/cups/cups_2.4.9.bb @@ -2,4 +2,4 @@ require cups.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c" +SRC_URI[sha256sum] = "38fbf4535a10554113e013d54fedda03ee88007ea6a9761d626a04e1e4489e8c" diff --git a/poky/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch b/poky/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch new file mode 100644 index 0000000000..5be2fd97ee --- /dev/null +++ b/poky/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch @@ -0,0 +1,38 @@ +From 4f4e84f139e2a8682f1374a592f2636c43ad857b Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 21 May 2024 15:10:11 +0000 +Subject: [PATCH] m4/readline: add missing includes + +The cross-specific code fragment only includes stdio.h, where the native +fragment also includes fcntl.h and unistd.h. This is important because +GCC 14.1 has made the implicit definitions an error: + +conftest.c: In function 'main': +conftest.c:144:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration] +conftest.c:146:14: error: implicit declaration of function 'open'; did you mean 'popen'? [-Wimplicit-function-declaration] + +Add the missing includes so that the check doesn't always fail due to +these errors. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-gawk/2024-05/msg00000.html] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + m4/readline.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/m4/readline.m4 b/m4/readline.m4 +index 38f96326..efd52d4e 100644 +--- a/m4/readline.m4 ++++ b/m4/readline.m4 +@@ -66,6 +66,8 @@ dnl action if false: + dnl action if cross compiling: + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[#include <stdio.h> ++#include <fcntl.h> ++#include <unistd.h> + #include <readline/readline.h> + #include <readline/history.h>]], dnl includes + dnl function body +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb b/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb index d7a0fc616d..e94cf19db4 100644 --- a/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb +++ b/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb @@ -16,6 +16,7 @@ PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ + file://0001-m4-readline-add-missing-includes.patch \ file://run-ptest \ " diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch new file mode 100644 index 0000000000..692d35157f --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch @@ -0,0 +1,84 @@ +From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001 +From: Ken Sharp <Ken.Sharp@artifex.com> +Date: Thu, 21 Mar 2024 09:01:15 +0000 +Subject: [PATCH 5/5] Uniprint device - prevent string configuration changes + when SAFER + +Bug #707662 + +We cannot sanitise the string arguments used by the Uniprint device +because they can potentially include anything. + +This commit ensures that these strings are locked and cannot be +changed by PostScript once SAFER is activated. Full configuration from +the command line is still possible (see the *.upp files in lib). + +This addresses CVE-2024-29510 + +CVE: CVE-2024-29510 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + devices/gdevupd.c | 31 +++++++++++++++++++++++++++++++ + 1 file changed, 31 insertions(+) + +diff --git a/devices/gdevupd.c b/devices/gdevupd.c +index 740dae0..a50571a 100644 +--- a/devices/gdevupd.c ++++ b/devices/gdevupd.c +@@ -1887,6 +1887,16 @@ out on this copies. + if(!upd_strings[i]) continue; + UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory); + if(0 == code) { ++ if (gs_is_path_control_active(udev->memory)) { ++ if (strings[i].size != value.size) ++ error = gs_error_invalidaccess; ++ else { ++ if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0) ++ error = gs_error_invalidaccess; ++ } ++ if (error < 0) ++ goto exit; ++ } + if(0 <= error) error |= UPD_PUT_STRINGS; + UPD_MM_DEL_PARAM(udev->memory, strings[i]); + if(!value.size) { +@@ -1904,6 +1914,26 @@ out on this copies. + if(!upd_string_a[i]) continue; + UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory); + if(0 == code) { ++ if (gs_is_path_control_active(udev->memory)) { ++ if (string_a[i].size != value.size) ++ error = gs_error_invalidaccess; ++ else { ++ int loop; ++ for (loop = 0;loop < string_a[i].size;loop++) { ++ gs_param_string *tmp1 = (gs_param_string *)&(string_a[i].data[loop]); ++ gs_param_string *tmp2 = (gs_param_string *)&value.data[loop]; ++ ++ if (tmp1->size != tmp2->size) ++ error = gs_error_invalidaccess; ++ else { ++ if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0) ++ error = gs_error_invalidaccess; ++ } ++ } ++ } ++ if (error < 0) ++ goto exit; ++ } + if(0 <= error) error |= UPD_PUT_STRING_A; + UPD_MM_DEL_APARAM(udev->memory, string_a[i]); + if(!value.size) { +@@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may + if(0 > code) error = code; + } + ++exit: + if(0 < error) { /* Actually something loaded without error */ + + if(!(upd = udev->upd)) { +-- +2.40.0 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch new file mode 100644 index 0000000000..2f20c66ea3 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch @@ -0,0 +1,39 @@ +From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <Ken.Sharp@artifex.com> +Date: Tue, 26 Mar 2024 12:02:57 +0000 +Subject: [PATCH 2/5] Bug #707691 + +Part 1; when stripping a potential Current Working Dirctory specifier +from a path, make certain it really is a CWD, and not simply large +ebough to be a CWD. + +Reasons are in the bug thread, this is not (IMO) serious. + +This is part of the fix for CVE-2024-33869 + +CVE: CVE-2024-33869 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gpmisc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index c4a69b0..1d4d5d8 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1164,8 +1164,8 @@ gp_validate_path_len(const gs_memory_t *mem, + + continue; + } +- else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { +- buffer = bufferfull + cdirstrl + dirsepstrl; ++ else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull ++ && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) { + continue; + } + break; +-- +2.40.0 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch new file mode 100644 index 0000000000..5dcbcca998 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch @@ -0,0 +1,52 @@ +From f5336e5b4154f515ac83bc5b9eba94302e6618d4 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <Ken.Sharp@artifex.com> +Date: Tue, 26 Mar 2024 12:07:18 +0000 +Subject: [PATCH 3/5] Bug 707691 part 2 + +See bug thread for details + +This is the second part of the fix for CVE-2024-33869 + +CVE: CVE-2024-33869 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gpmisc.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index 1d4d5d8..b0d5c71 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1090,6 +1090,27 @@ gp_validate_path_len(const gs_memory_t *mem, + rlen = len; + } + else { ++ char *test = (char *)path, *test1; ++ uint tlen = len, slen; ++ ++ /* Look for any pipe (%pipe% or '|' specifications between path separators ++ * Reject any path spec which has a %pipe% or '|' anywhere except at the start. ++ */ ++ while (tlen > 0) { ++ if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) { ++ code = gs_note_error(gs_error_invalidfileaccess); ++ goto exit; ++ } ++ test1 = test; ++ slen = search_separator((const char **)&test, path + len, test1, 1); ++ if(slen == 0) ++ break; ++ test += slen; ++ tlen -= test - test1; ++ if (test >= path + len) ++ break; ++ } ++ + rlen = len+1; + bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); + if (bufferfull == NULL) +-- +2.40.0 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch new file mode 100644 index 0000000000..9c2b9dcfa2 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch @@ -0,0 +1,99 @@ +From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <Ken.Sharp@artifex.com> +Date: Tue, 26 Mar 2024 12:00:14 +0000 +Subject: [PATCH 1/5] Bug #707686 + +See bug thread for details + +In addition to the noted bug; an error path (return from +gp_file_name_reduce not successful) could elad to a memory leak as we +did not free 'bufferfull'. Fix that too. + +This addresses CVE-2024-33870 + +CVE: CVE-2024-33870 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gpmisc.c | 36 ++++++++++++++++++++++++++++++++---- + 1 file changed, 32 insertions(+), 4 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index 2b0064b..c4a69b0 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2001-2023 Artifex Software, Inc. ++/* Copyright (C) 2001-2024 Artifex Software, Inc. + All Rights Reserved. + + This software is provided AS-IS with no warranty, either express or +@@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem, + const uint len, + const char *mode) + { +- char *buffer, *bufferfull; ++ char *buffer, *bufferfull = NULL; + uint rlen; + int code = 0; + const char *cdirstr = gp_file_name_current(); +@@ -1096,8 +1096,10 @@ gp_validate_path_len(const gs_memory_t *mem, + return gs_error_VMerror; + + buffer = bufferfull + prefix_len; +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) { ++ code = gs_note_error(gs_error_invalidfileaccess); ++ goto exit; ++ } + buffer[rlen] = 0; + } + while (1) { +@@ -1132,9 +1134,34 @@ gp_validate_path_len(const gs_memory_t *mem, + code = gs_note_error(gs_error_invalidfileaccess); + } + if (code < 0 && prefix_len > 0 && buffer > bufferfull) { ++ uint newlen = rlen + cdirstrl + dirsepstrl; ++ char *newbuffer; ++ int code; ++ + buffer = bufferfull; + memcpy(buffer, cdirstr, cdirstrl); + memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl); ++ ++ /* We've prepended a './' or similar for the current working directory. We need ++ * to execute file_name_reduce on that, to eliminate any '../' or similar from ++ * the (new) full path. ++ */ ++ newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path"); ++ if (newbuffer == NULL) { ++ code = gs_note_error(gs_error_VMerror); ++ goto exit; ++ } ++ ++ memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl); ++ newbuffer[newlen] = 0x00; ++ ++ code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen); ++ gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path"); ++ if (code != gp_combine_success) { ++ code = gs_note_error(gs_error_invalidfileaccess); ++ goto exit; ++ } ++ + continue; + } + else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { +@@ -1153,6 +1180,7 @@ gp_validate_path_len(const gs_memory_t *mem, + gs_path_control_flag_is_scratch_file); + } + ++exit: + gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path"); + #ifdef EACCES + if (code == gs_error_invalidfileaccess) +-- +2.40.0 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch new file mode 100644 index 0000000000..abe6384997 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch @@ -0,0 +1,43 @@ +From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra <zhutyra@centrum.cz> +Date: Mon, 22 Apr 2024 13:33:47 +0100 +Subject: [PATCH 4/5] OPVP device - prevent unsafe parameter change with SAFER + +Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library" + +The "Driver" parameter for the "opvp"/"oprp" device specifies the name +of a dynamic library and allows any library to be loaded. + +The patch does not allow changing this parameter after activating path +control. + +This addresses CVE-2024-33871 + +CVE: CVE-2024-33871 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + contrib/opvp/gdevopvp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c +index 74200cf..80eb23b 100644 +--- a/contrib/opvp/gdevopvp.c ++++ b/contrib/opvp/gdevopvp.c +@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist) + code = param_read_string(plist, pname, &vdps); + switch (code) { + case 0: ++ if (gs_is_path_control_active(dev->memory) ++ && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size ++ || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) { ++ param_signal_error(plist, pname, gs_error_invalidaccess); ++ return_error(gs_error_invalidaccess); ++ } + buff = realloc(buff, vdps.size + 1); + memcpy(buff, vdps.data, vdps.size); + buff[vdps.size] = 0; +-- +2.40.0 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch index 67f14bd368..15c7eb5a77 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch @@ -1,7 +1,7 @@ -From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001 +From 0ccbaa134093bf6afc79f2d20d061bca5a8754ed Mon Sep 17 00:00:00 2001 From: Kai Kang <kai.kang@windriver.com> Date: Thu, 29 Mar 2018 16:02:05 +0800 -Subject: [PATCH] avoid host contamination +Subject: [PATCH 04/10] avoid host contamination Remove hardcode path refer to host to avoid host contamination. @@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/devs.mak b/devices/devs.mak -index 186f704..88ab8c9 100644 +index 846aa50..9570182 100644 --- a/devices/devs.mak +++ b/devices/devs.mak -@@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ +@@ -393,7 +393,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS) @@ -27,3 +27,6 @@ index 186f704..88ab8c9 100644 ###### --------------- Memory-buffered printer devices --------------- ###### +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch new file mode 100644 index 0000000000..7873396045 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch @@ -0,0 +1,99 @@ +From fd37229a17822c5ad21a369f670b8a6f6cc6b95b Mon Sep 17 00:00:00 2001 +From: Benjamin Bara <benjamin.bara@skidata.com> +Date: Mon, 4 Sep 2023 12:16:39 +0200 +Subject: [PATCH] configure.ac: add option to explicitly disable neon + +Uncomment an already existing possibility to explicitly disable neon and +use it on both implemented neon checks. + +Upstream-Status: Submitted [https://bugs.ghostscript.com/show_bug.cgi?id=707097] + +Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com> +--- + configure.ac | 52 +++++++++++++++++++++++++++++----------------------- + 1 file changed, 29 insertions(+), 23 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 09d881dd1..62718e15e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -749,6 +749,33 @@ SUBCONFIG_OPTS="--build=$build --host=$host" + # SUBCONFIG_OPTS="$SUBCONFIG_OPTS --host=$host_alias" + #fi + ++dnl -------------------------------------------------- ++dnl Check for NEON support ++dnl -------------------------------------------------- ++save_cflags=$CFLAGS ++AC_MSG_CHECKING([neon support]) ++CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53" ++HAVE_NEON="" ++AC_LINK_IFELSE( ++ [AC_LANG_PROGRAM([#include "arm_neon.h"], [ ++ int32x4_t round = vdupq_n_s32(10); ++ return(0); ++ ])], ++ [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""]) ++ ++AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon], ++ [Do not use neon instrinsics]), [ ++ if test "x$enable_neon" = xno; then ++ HAVE_NEON="" ++ fi]) ++ ++if test "x$HAVE_NEON" != x; then ++ AC_MSG_RESULT(yes) ++else ++ AC_MSG_RESULT(no) ++fi ++CFLAGS=$save_cflags ++ + dnl -------------------------------------------------- + dnl Check for libraries + dnl -------------------------------------------------- +@@ -971,11 +998,12 @@ if test x$with_tesseract != xno; then + [TESS_NEON="-mfpu=neon -mcpu=cortex-a53 -D__ARM_NEON__"], + [TESS_NEON=""]) + +- if test "x$TESS_NEON" != x; then ++ if test "x$TESS_NEON" != x && test "x$enable_neon" != xno; then + AC_MSG_RESULT(yes) + TESS_CXXFLAGS="$TESS_CXXFLAGS -DHAVE_NEON" + else + AC_MSG_RESULT(no) ++ TESS_NEON="" + fi + + CXXFLAGS="$save_cxxflags" +@@ -2387,28 +2415,6 @@ if test x$WITH_CAL != x0; then + AC_MSG_RESULT(no) + fi + +- AC_MSG_CHECKING([neon support]) +- CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53" +- HAVE_NEON="" +- AC_LINK_IFELSE( +- [AC_LANG_PROGRAM([#include "arm_neon.h"], [ +- int32x4_t round = vdupq_n_s32(10); +- return(0); +- ])], +- [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""]) +- +- #AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon], +- # [Do not use neon instrinsics]), [ +- # if test "x$enable_neon" = xno; then +- # HAVE_NEON="" +- # fi]) +- +- if test "x$HAVE_NEON" != x; then +- AC_MSG_RESULT(yes) +- else +- AC_MSG_RESULT(no) +- fi +- + #AC_SUBST(HAVE_SSE4_2) + #AC_SUBST(HAVE_NEON) + CFLAGS=$save_cflags +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.03.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb index ff7d38676e..db9481816a 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.03.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb @@ -25,9 +25,15 @@ def gs_verdir(v): SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \ file://ghostscript-9.16-Werror-return-type.patch \ file://avoid-host-contamination.patch \ + file://configure.ac-add-option-to-explicitly-disable-neon.patch \ + file://CVE-2024-33870.patch \ + file://CVE-2024-33869-0001.patch \ + file://CVE-2024-33869-0002.patch \ + file://CVE-2024-33871.patch \ + file://CVE-2024-29510.patch \ " -SRC_URI[sha256sum] = "6f2bc61023469fcf7c7c2d7f1bdd75b75f2b41836aa1d5e641396246d4abbb59" +SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" diff --git a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index 74f3520eae..98cd4d8103 100644 --- a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" SRC_URI = "git://go.googlesource.com/example;branch=master;protocol=https" -SRCREV = "32022caedd6a177a7717aa8680cbe179e1045935" +SRCREV = "d9923f6970e9ba7e0d23aa9448ead71ea57235ae" UPSTREAM_CHECK_COMMITS = "1" GO_IMPORT = "golang.org/x/example" diff --git a/poky/meta/recipes-extended/iputils/iputils_20240117.bb b/poky/meta/recipes-extended/iputils/iputils_20240117.bb index 5a5e15528e..3880689742 100644 --- a/poky/meta/recipes-extended/iputils/iputils_20240117.bb +++ b/poky/meta/recipes-extended/iputils/iputils_20240117.bb @@ -35,7 +35,11 @@ ALTERNATIVE_PRIORITY = "100" ALTERNATIVE:${PN}-ping = "ping" ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" -SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff" +ALTERNATIVE:${PN}-ping6 = "ping6" +ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" + +SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ping6', '', d)}" PACKAGES += "${SPLITPKGS}" ALLOW_EMPTY:${PN} = "1" @@ -43,6 +47,13 @@ RDEPENDS:${PN} += "${SPLITPKGS}" FILES:${PN} = "" FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" FILES:${PN}-arping = "${base_bindir}/arping" FILES:${PN}-tracepath = "${base_bindir}/tracepath" FILES:${PN}-clockdiff = "${base_bindir}/clockdiff" + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'true', 'false', d)}; then + ln -sf ping ${D}/${base_bindir}/ping6 + fi +} diff --git a/poky/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/poky/meta/recipes-extended/libarchive/libarchive/configurehack.patch index f3989d99eb..44720fdd53 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive/configurehack.patch +++ b/poky/meta/recipes-extended/libarchive/libarchive/configurehack.patch @@ -2,12 +2,15 @@ To work with autoconf 2.73, tweak the macro ordering in configure.in. Upstream-Status: Pending Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + configure.ac | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) -Index: libarchive-3.6.2/configure.ac -=================================================================== ---- libarchive-3.6.2.orig/configure.ac -+++ libarchive-3.6.2/configure.ac -@@ -357,6 +357,19 @@ if test "x$with_bz2lib" != "xno"; then +diff --git a/configure.ac b/configure.ac +index 5668d41..7e65e49 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then esac fi @@ -27,9 +30,9 @@ Index: libarchive-3.6.2/configure.ac AC_ARG_WITH([libb2], AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2])) -@@ -558,19 +571,6 @@ LDFLAGS=$save_LDFLAGS +@@ -678,19 +691,6 @@ fi - AC_SUBST(GC_SECTIONS) + AC_SUBST(DEAD_CODE_REMOVAL) -# Checks for typedefs, structures, and compiler characteristics. -AC_C_CONST @@ -47,3 +50,5 @@ Index: libarchive-3.6.2/configure.ac # Check for tm_gmtoff in struct tm AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,, [ +-- +2.40.0 diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.7.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.7.4.bb index 91f521fa4d..da85764116 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.7.2.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.7.4.bb @@ -33,7 +33,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" SRC_URI += "file://configurehack.patch" UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI[sha256sum] = "df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104" +SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8" CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe" diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.75.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.74.bb index fc3b7e005d..7460d3d716 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.75.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.74.bb @@ -16,7 +16,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd \ " -SRC_URI[sha256sum] = "8b721ca939d312afaa6ef31dcbd6afb5161ed385ac828e6fccd4c5b76be189d6" +SRC_URI[sha256sum] = "5c08736e83088f7e019797159f306e88ec729abe976dc98fb3bed71b9d3e53b5" DEPENDS = "virtual/crypt" diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-sched_stress-Use-time_t-instead-of-long-for-type.patch b/poky/meta/recipes-extended/ltp/ltp/0001-sched_stress-Use-time_t-instead-of-long-for-type.patch new file mode 100644 index 0000000000..ae8dc8706e --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-sched_stress-Use-time_t-instead-of-long-for-type.patch @@ -0,0 +1,54 @@ +From 74074f9a71c876d6e95c2d72702888dd2fabc761 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 6 May 2024 11:43:20 -0700 +Subject: [PATCH] sched_stress: Use time_t instead of long for type + +This ensures it works across different architectures +Fixes + +| sched_driver.c:744:43: error: passing argument 1 of 'ctime' from incompatible pointer type [-Wincompatible-pointer-types] +| 744 | printf("\nend time = %s\n", ctime(&end_time)); +| | ^~~~~~~~~ + +With gcc-14 + +Upstream-Status: Backport [https://github.com/linux-test-project/ltp/commit/0a682f1af42d8d261202821be580fe26d17ee9b7] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + testcases/kernel/sched/sched_stress/sched_driver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/testcases/kernel/sched/sched_stress/sched_driver.c b/testcases/kernel/sched/sched_stress/sched_driver.c +index 61573d788..5b8c187fe 100644 +--- a/testcases/kernel/sched/sched_stress/sched_driver.c ++++ b/testcases/kernel/sched/sched_stress/sched_driver.c +@@ -136,7 +136,7 @@ int debug = 0; + /* + * Function prototypes + */ +-void startup(long); ++void startup(time_t); + int start_testcase(char *, char *, char *, char *, char *, char *); + int process_slots_in_use(); + int available_user_process_slots(); +@@ -251,7 +251,7 @@ int main(int argc, char **argv) + * information to the screen and . It also initializes the * + * process id list and other global variables. * + *-----------------------------------------------------------------------*/ +-void startup(long start_time) ++void startup(time_t start_time) + { + char tempbuffer[50]; /* temporary buffer to hold names */ + +@@ -734,7 +734,7 @@ void kill_short_term_testcases() + void finishup(start_time) + long start_time; /* starting time to calculate elapsed time */ + { +- long end_time; /* time when program finished */ ++ time_t end_time; /* time when program finished */ + + /* + * Get the end time and calculate elapsed time; write all this out +-- +2.45.0 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20240129.bb b/poky/meta/recipes-extended/ltp/ltp_20240129.bb index 3e896957d1..f8e6d3987e 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20240129.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20240129.bb @@ -29,6 +29,7 @@ SRCREV = "68737d20556d37364c95776044b1119c0912a36a" SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \ file://0001-Remove-OOM-tests-from-runtest-mm.patch \ file://0001-scenario_groups-default-remove-connectors.patch \ + file://0001-sched_stress-Use-time_t-instead-of-long-for-type.patch \ " S = "${WORKDIR}/git" @@ -98,6 +99,7 @@ RDEPENDS:${PN} = "\ gdb \ gzip \ iproute2 \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'iputils-ping6', '', d)} \ ldd \ libaio \ logrotate \ diff --git a/poky/meta/recipes-extended/lzip/lzip_1.24.1.bb b/poky/meta/recipes-extended/lzip/lzip_1.24.bb index 6eda012734..73040a6f00 100644 --- a/poky/meta/recipes-extended/lzip/lzip_1.24.1.bb +++ b/poky/meta/recipes-extended/lzip/lzip_1.24.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=76d6e300ffd8fb9d18bd9b136a9bba13 \ " SRC_URI = "${SAVANNAH_GNU_MIRROR}/lzip/lzip-${PV}.tar.gz" -SRC_URI[sha256sum] = "30c9cb6a0605f479c496c376eb629a48b0a1696d167e3c1e090c5defa481b162" +SRC_URI[sha256sum] = "d42659229b10e066eeb6e81eb673cdd893b672e512d26719c2d95975556ca56c" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" diff --git a/poky/meta/recipes-extended/man-db/files/0001-man-Move-local-variable-declaration-to-function-scop.patch b/poky/meta/recipes-extended/man-db/files/0001-man-Move-local-variable-declaration-to-function-scop.patch index 57ecd48b1f..dc6966629c 100644 --- a/poky/meta/recipes-extended/man-db/files/0001-man-Move-local-variable-declaration-to-function-scop.patch +++ b/poky/meta/recipes-extended/man-db/files/0001-man-Move-local-variable-declaration-to-function-scop.patch @@ -1,4 +1,4 @@ -From e4125223631f0d555fc327da6d8705bcc8ee5ba5 Mon Sep 17 00:00:00 2001 +From 126dfefb5fddf411ad0a1316209e9c1b47abfcd2 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 9 Feb 2022 17:30:16 -0800 Subject: [PATCH] man: Move local variable declaration to function scope @@ -10,15 +10,16 @@ code without changing the logic, until its fixed in clang Upstream-Status: Inappropriate [Inappropriate: Clang bug] Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- src/man.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/man.c b/src/man.c -index 195d35d..6870989 100644 +index f16fae8..333df03 100644 --- a/src/man.c +++ b/src/man.c -@@ -379,7 +379,7 @@ static void init_html_pager (void) +@@ -352,7 +352,7 @@ static void init_html_pager (void) static error_t parse_opt (int key, char *arg, struct argp_state *state) { static bool apropos, whatis; /* retain values between calls */ @@ -27,7 +28,7 @@ index 195d35d..6870989 100644 /* Please keep these keys in the same order as in options above. */ switch (key) { case 'C': -@@ -411,7 +411,7 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) +@@ -384,7 +384,7 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) case OPT_WARNINGS: #ifdef NROFF_WARNINGS { diff --git a/poky/meta/recipes-extended/man-db/man-db_2.12.1.bb b/poky/meta/recipes-extended/man-db/man-db_2.12.0.bb index 27b47a7f47..19dbb41d16 100644 --- a/poky/meta/recipes-extended/man-db/man-db_2.12.1.bb +++ b/poky/meta/recipes-extended/man-db/man-db_2.12.0.bb @@ -11,7 +11,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \ file://99_mandb \ file://0001-man-Move-local-variable-declaration-to-function-scop.patch \ " -SRC_URI[sha256sum] = "ddee249daeb78cf92bab794ccd069cc8b575992265ea20e239e887156e880265" +SRC_URI[sha256sum] = "415a6284a22764ad22ff0f66710d853be7790dd451cd71436e3d25c74d996a95" DEPENDS = "libpipeline gdbm groff-native base-passwd" RDEPENDS:${PN} += "base-passwd" diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch new file mode 100644 index 0000000000..cea435f83b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch @@ -0,0 +1,148 @@ +From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:07 -0600 +Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container() + +Move the function up so that the function declaration is not necessary +and remove the unused arguments to the function. + +No functional changes are intended but will help with a bug fix in the +next patch. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 88 ++++++++++++++++++++++++----------------------------- + 1 file changed, 39 insertions(+), 49 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 3f304cd..65cf727 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -503,13 +503,6 @@ struct ddf_super { + static int load_super_ddf_all(struct supertype *st, int fd, + void **sbp, char *devname); + static int get_svd_state(const struct ddf_super *, const struct vcl *); +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose); + + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, +@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks, + return 1; + } + ++static int ++validate_geometry_ddf_container(struct supertype *st, ++ int level, int raiddisks, ++ unsigned long long data_offset, ++ char *dev, unsigned long long *freesize, ++ int verbose) ++{ ++ int fd; ++ unsigned long long ldsize; ++ ++ if (level != LEVEL_CONTAINER) ++ return 0; ++ if (!dev) ++ return 1; ++ ++ fd = dev_open(dev, O_RDONLY|O_EXCL); ++ if (fd < 0) { ++ if (verbose) ++ pr_err("ddf: Cannot open %s: %s\n", ++ dev, strerror(errno)); ++ return 0; ++ } ++ if (!get_dev_size(fd, dev, &ldsize)) { ++ close(fd); ++ return 0; ++ } ++ close(fd); ++ if (freesize) { ++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); ++ if (*freesize == 0) ++ return 0; ++ } ++ ++ return 1; ++} ++ + static int validate_geometry_ddf(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st, + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { + /* Must be a fresh device to add to a container */ +- return validate_geometry_ddf_container(st, level, layout, +- raiddisks, *chunk, +- size, data_offset, dev, +- freesize, +- verbose); ++ return validate_geometry_ddf_container(st, level, raiddisks, ++ data_offset, dev, ++ freesize, verbose); + } + + if (!dev) { +@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st, + return 1; + } + +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose) +-{ +- int fd; +- unsigned long long ldsize; +- +- if (level != LEVEL_CONTAINER) +- return 0; +- if (!dev) +- return 1; +- +- fd = dev_open(dev, O_RDONLY|O_EXCL); +- if (fd < 0) { +- if (verbose) +- pr_err("ddf: Cannot open %s: %s\n", +- dev, strerror(errno)); +- return 0; +- } +- if (!get_dev_size(fd, dev, &ldsize)) { +- close(fd); +- return 0; +- } +- close(fd); +- if (freesize) { +- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); +- if (*freesize == 0) +- return 0; +- } +- +- return 1; +-} +- + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch b/poky/meta/recipes-extended/mdadm/files/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch new file mode 100644 index 0000000000..9e3a30be23 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch @@ -0,0 +1,52 @@ +From 82c893bb9e01f914a6bdef1bef943af746cfc3e1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 15 Jan 2023 12:42:18 -0800 +Subject: [PATCH] Define alignof using _Alignof when using C11 or newer + +WG14 N2350 made very clear that it is an UB having type definitions +within "offsetof" [1]. This patch enhances the implementation of macro +alignof_slot to use builtin "_Alignof" to avoid undefined behavior on +when using std=c11 or newer + +clang 16+ has started to flag this [2] + +Fixes build when using -std >= gnu11 and using clang16+ + +Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it +may support C11, exclude those compilers too + +[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm +[2] https://reviews.llvm.org/D133574 + +Upstream-Status: Submitted [https://lore.kernel.org/linux-raid/20230118083236.24418-1-raj.khem@gmail.com/T/#u] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sha1.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/sha1.c b/sha1.c +index 89b32f4..1e4ad5d 100644 +--- a/sha1.c ++++ b/sha1.c +@@ -229,7 +229,17 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx) + if (len >= 64) + { + #if !_STRING_ARCH_unaligned +-# define alignof(type) offsetof (struct { char c; type x; }, x) ++/* GCC releases before GCC 4.9 had a bug in _Alignof. See GCC bug 52023 ++ <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>. ++ clang versions < 8.0.0 have the same bug. */ ++# if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \ ++ || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \ ++ && !defined __clang__) \ ++ || (defined __clang__ && __clang_major__ < 8)) ++# define alignof(type) offsetof (struct { char c; type x; }, x) ++# else ++# define alignof(type) _Alignof(type) ++# endif + # define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0) + if (UNALIGNED_P (buffer)) + while (len > 64) +-- +2.39.0 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Fix-parsing-of-r-in-monitor-manager-mode.patch b/poky/meta/recipes-extended/mdadm/files/0001-Fix-parsing-of-r-in-monitor-manager-mode.patch new file mode 100644 index 0000000000..3fb46cc60a --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-Fix-parsing-of-r-in-monitor-manager-mode.patch @@ -0,0 +1,74 @@ +From 969fbb35e40100f599d4a9781911251f21792698 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Jan 2022 17:53:01 +0800 +Subject: [PATCH] Fix parsing of "-r" in monitor/manager mode + +This revert commit 546047688e1 [mdadm: fix coredump of mdadm --monitor +-r], and fix the coredump issue of 'mdadm --monitor -r'. + +commit 546047688e1 make -r not work in manager mode, and testcase +00multipath failed. + +Upstream-Status: Submitted [send to maintainer jsorensen@fb.com] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + ReadMe.c | 8 +++++--- + mdadm.c | 2 ++ + mdadm.h | 1 + + 3 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/ReadMe.c b/ReadMe.c +index 8139976..070eea5 100644 +--- a/ReadMe.c ++++ b/ReadMe.c +@@ -81,11 +81,13 @@ char Version[] = "mdadm - v" VERSION " - " VERS_DATE EXTRAVERSION "\n"; + * found, it is started. + */ + +-char short_options[]="-ABCDEFGIQhVXYWZ:vqbc:i:l:p:m:r:n:x:u:c:d:z:U:N:safRSow1tye:k"; ++char short_options[]="-ABCDEFGIQhVXYWZ:vqbc:i:l:p:m:n:x:u:c:d:z:U:N:sarfRSow1tye:k:"; + char short_bitmap_options[]= +- "-ABCDEFGIQhVXYWZ:vqb:c:i:l:p:m:r:n:x:u:c:d:z:U:N:sarfRSow1tye:k:"; ++ "-ABCDEFGIQhVXYWZ:vqb:c:i:l:p:m:n:x:u:c:d:z:U:N:sarfRSow1tye:k:"; + char short_bitmap_auto_options[]= +- "-ABCDEFGIQhVXYWZ:vqb:c:i:l:p:m:r:n:x:u:c:d:z:U:N:sa:rfRSow1tye:k:"; ++ "-ABCDEFGIQhVXYWZ:vqb:c:i:l:p:m:n:x:u:c:d:z:U:N:sa:rfRSow1tye:k:"; ++char short_increment_options[]= ++ "-ABCDEFGIQhVXYWZ:vqbc:i:l:r:p:m:n:x:u:c:d:z:U:N:safRSow1tye:k:"; + + struct option long_options[] = { + {"manage", 0, 0, ManageOpt}, +diff --git a/mdadm.c b/mdadm.c +index 26299b2..2a3b2ee 100644 +--- a/mdadm.c ++++ b/mdadm.c +@@ -227,6 +227,7 @@ int main(int argc, char *argv[]) + shortopt = short_bitmap_auto_options; + break; + case 'F': newmode = MONITOR; ++ shortopt = short_increment_options; + break; + case 'G': newmode = GROW; + shortopt = short_bitmap_options; +@@ -268,6 +269,7 @@ int main(int argc, char *argv[]) + + case NoSharing: + newmode = MONITOR; ++ shortopt = short_increment_options; + break; + } + if (mode && newmode == mode) { +diff --git a/mdadm.h b/mdadm.h +index ecfc137..42148dd 100644 +--- a/mdadm.h ++++ b/mdadm.h +@@ -421,6 +421,7 @@ enum mode { + extern char short_options[]; + extern char short_bitmap_options[]; + extern char short_bitmap_auto_options[]; ++extern char short_increment_options[]; + extern struct option long_options[]; + extern char Version[], Usage[], Help[], OptionHelp[], + *mode_help[], diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Fix-the-path-of-corosync-and-dlm-header-files-check.patch b/poky/meta/recipes-extended/mdadm/files/0001-Fix-the-path-of-corosync-and-dlm-header-files-check.patch index fa1f0aa520..298f276cd6 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-Fix-the-path-of-corosync-and-dlm-header-files-check.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-Fix-the-path-of-corosync-and-dlm-header-files-check.patch @@ -1,4 +1,4 @@ -From 76856a34a4e339e4a53b09d028f89fcc520e3127 Mon Sep 17 00:00:00 2001 +From a9166bf422da1001bac9cc819386bf39b7cd1b73 Mon Sep 17 00:00:00 2001 From: "Maxin B. John" <maxin.john@intel.com> Date: Tue, 9 Feb 2016 11:44:01 +0200 Subject: [PATCH] Fix the path of corosync and dlm header files check @@ -9,15 +9,16 @@ Fix it. Upstream-Status: Inappropriate [Yocto specific] Signed-off-by: Maxin B. John <maxin.john@intel.com> + --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile -index cbdba49..7bfd336 100644 +index 2767ac6..46bf57b 100644 --- a/Makefile +++ b/Makefile -@@ -109,8 +109,8 @@ FAILED_SLOTS_DIR = $(RUN_DIR)/failed-slots +@@ -91,8 +91,8 @@ FAILED_SLOTS_DIR = $(RUN_DIR)/failed-slots SYSTEMD_DIR=/lib/systemd/system LIB_DIR=/usr/libexec/mdadm diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch b/poky/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch index a4be1aa8a1..3f76ef54d8 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch @@ -1,4 +1,4 @@ -From 0be066d57a7dd1aead5488d0a095863608f2e559 Mon Sep 17 00:00:00 2001 +From 97e776724ab9763c5bca9816370bb1635b7a8232 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Tue, 25 Jan 2022 16:25:01 +0800 Subject: [PATCH] Makefile: install mdcheck @@ -14,10 +14,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile -index 1141971..f4059e2 100644 +index 2a51d813..db40c7fd 100644 --- a/Makefile +++ b/Makefile -@@ -325,6 +325,7 @@ install-systemd: systemd/mdmon@.service +@@ -303,6 +303,7 @@ install-systemd: systemd/mdmon@.service install-bin: mdadm mdmon $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm $(INSTALL) -D $(STRIP) -m 755 mdmon $(DESTDIR)$(BINDIR)/mdmon @@ -25,3 +25,6 @@ index 1141971..f4059e2 100644 uninstall: rm -f $(DESTDIR)$(MAN8DIR)/mdadm.8 $(DESTDIR)$(MAN8DIR)/mdmon.8 $(DESTDIR)$(MAN4DIR)/md.4 $(DESTDIR)$(MAN5DIR)/mdadm.conf.5 $(DESTDIR)$(BINDIR)/mdadm +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Revert-tests-wait-for-complete-rebuild-in-integrity-.patch b/poky/meta/recipes-extended/mdadm/files/0001-Revert-tests-wait-for-complete-rebuild-in-integrity-.patch new file mode 100644 index 0000000000..fb4bc165fb --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-Revert-tests-wait-for-complete-rebuild-in-integrity-.patch @@ -0,0 +1,53 @@ +From 02a41c3fd560fb5250186dd6b3cff6b21daa2e2b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <Mingli.Yu@windriver.com> +Date: Mon, 15 Jul 2019 14:12:24 +0800 +Subject: [PATCH] Revert "tests: wait for complete rebuild in integrity checks" + +This reverts commit e2a8e9dcf67a28bc722fa5ab2c49b0bc452d4d74 +as the logic "check state 'U*'" will make the test enters +infinite loop especially in qemu env, so revert it to +use the previous logic "check wait" which also used +commonly by other tests such as tests/02r5grow, tests/07revert-grow +and etc. + +Upstream-Status: Submitted [https://marc.info/?l=linux-raid&m=156317157314030&w=2] + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> +--- + tests/01r5integ | 2 +- + tests/01raid6integ | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/01r5integ b/tests/01r5integ +index 48676a2..ffb30ce 100644 +--- a/tests/01r5integ ++++ b/tests/01r5integ +@@ -27,7 +27,7 @@ do + exit 1 + fi + mdadm $md0 -a $i +- while ! (check state 'U*'); do check wait; sleep 0.2; done ++ check wait + done + mdadm -S $md0 + done +diff --git a/tests/01raid6integ b/tests/01raid6integ +index 12f4d81..c6fcdae 100644 +--- a/tests/01raid6integ ++++ b/tests/01raid6integ +@@ -47,10 +47,10 @@ do + exit 1 + fi + mdadm $md0 -a $first +- while ! (check state 'U*_U*'); do check wait; sleep 0.2; done ++ check wait + done + mdadm $md0 -a $second +- while ! (check state 'U*'); do check wait; sleep 0.2; done ++ check wait + totest="$totest $second" + done + mdadm -S $md0 +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch b/poky/meta/recipes-extended/mdadm/files/0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch index 16fdefbbd1..12bf6a5920 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch @@ -1,4 +1,4 @@ -From c29d086714b49a6d76ccca83b4a6fa2f139bad6e Mon Sep 17 00:00:00 2001 +From 37c35f94d9d95dbd2b5f8a919f5478be51453590 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 13 Oct 2017 10:27:34 -0700 Subject: [PATCH] Use CC to check for implicit-fallthrough warning support @@ -10,35 +10,19 @@ cross compile used for compiling mdadm is < version 7 Signed-off-by: Khem Raj <raj.khem@gmail.com> Upstream-Status: Pending --- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 7bfd336..9ab6a65 100644 +index 46bf57b..a075912 100644 --- a/Makefile +++ b/Makefile -@@ -56,21 +56,21 @@ CWFLAGS += -Wp -O3 +@@ -53,7 +53,7 @@ ifdef WARN_UNUSED + CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3 endif - ifeq ($(origin FALLTHROUGH), undefined) -- FALLTHROUGH := $(shell gcc -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l) -+ FALLTHROUGH := $(shell ${CC} -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l) - ifneq "$(FALLTHROUGH)" "0" - CWFLAGS += -Wimplicit-fallthrough=0 - endif +-FALLTHROUGH := $(shell gcc -v --help 2>&1 | grep "implicit-fallthrough" | wc -l) ++FALLTHROUGH := $(shell ${CC} -v --help 2>&1 | grep "implicit-fallthrough" | wc -l) + ifneq "$(FALLTHROUGH)" "0" + CWFLAGS += -Wimplicit-fallthrough=0 endif - - ifeq ($(origin FORMATOVERFLOW), undefined) -- FORMATOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l) -+ FORMATOVERFLOW := $(shell ${CC} -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l) - ifneq "$(FORMATOVERFLOW)" "0" - CWFLAGS += -Wformat-overflow - endif - endif - - ifeq ($(origin STRINGOPOVERFLOW), undefined) -- STRINGOPOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l) -+ STRINGOPOVERFLOW := $(shell ${CC} -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l) - ifneq "$(STRINGOPOVERFLOW)" "0" - CWFLAGS += -Wstringop-overflow - endif diff --git a/poky/meta/recipes-extended/mdadm/files/0001-fix-gcc-8-format-truncation-warning.patch b/poky/meta/recipes-extended/mdadm/files/0001-fix-gcc-8-format-truncation-warning.patch index 3cf295106f..fa9c8cc835 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-fix-gcc-8-format-truncation-warning.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-fix-gcc-8-format-truncation-warning.patch @@ -1,4 +1,4 @@ -From 78e5bb08971a5644a56af60d51ef35e13522e811 Mon Sep 17 00:00:00 2001 +From 3158d3788c2e0fb75ace2c89840bd8a977fb4cb0 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Fri, 14 Dec 2018 15:12:31 +0800 Subject: [PATCH] fix gcc-8 format-truncation warning @@ -22,7 +22,7 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/super0.c b/super0.c -index a7c5f81..a79b6bd 100644 +index 756cab5..12c28da 100644 --- a/super0.c +++ b/super0.c @@ -229,7 +229,7 @@ static void examine_super0(struct supertype *st, char *homehost) @@ -34,3 +34,6 @@ index a7c5f81..a79b6bd 100644 int wonly, failfast; if (d>=0) dp = &sb->disks[d]; else dp = &sb->this_disk; +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-include-libgen.h-for-basename-API.patch b/poky/meta/recipes-extended/mdadm/files/0001-include-libgen.h-for-basename-API.patch deleted file mode 100644 index 70be43c15e..0000000000 --- a/poky/meta/recipes-extended/mdadm/files/0001-include-libgen.h-for-basename-API.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 7759ceda978aba38861d4846d0c1657465b72f04 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sun, 24 Mar 2024 23:13:32 -0700 -Subject: [PATCH] include libgen.h for basename API - -Musl does no more provide it via string.h therefore builds with newer -compilers e.g. clang-18 fails due to missing prototype for basename -therefore add libgen.h to included headers list - -Upstream-Status: Submitted [https://lore.kernel.org/linux-raid/20240325061537.275811-1-raj.khem@gmail.com/T/#u] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - Monitor.c | 1 + - platform-intel.c | 1 + - super-intel.c | 1 + - 3 files changed, 3 insertions(+) - -diff --git a/Monitor.c b/Monitor.c -index 824a69f..e3942e1 100644 ---- a/Monitor.c -+++ b/Monitor.c -@@ -26,6 +26,7 @@ - #include "udev.h" - #include "md_p.h" - #include "md_u.h" -+#include <libgen.h> - #include <sys/wait.h> - #include <limits.h> - #include <syslog.h> -diff --git a/platform-intel.c b/platform-intel.c -index ac282bc..5d6687d 100644 ---- a/platform-intel.c -+++ b/platform-intel.c -@@ -19,6 +19,7 @@ - #include "mdadm.h" - #include "platform-intel.h" - #include "probe_roms.h" -+#include <libgen.h> - #include <stdio.h> - #include <stdlib.h> - #include <string.h> -diff --git a/super-intel.c b/super-intel.c -index dbea235..881dbda 100644 ---- a/super-intel.c -+++ b/super-intel.c -@@ -23,6 +23,7 @@ - #include "dlink.h" - #include "sha1.h" - #include "platform-intel.h" -+#include <libgen.h> - #include <values.h> - #include <scsi/sg.h> - #include <ctype.h> --- -2.44.0 - diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch new file mode 100644 index 0000000000..186d1e76f2 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch @@ -0,0 +1,45 @@ +From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:12 -0600 +Subject: [PATCH] mdadm: Fix optional --write-behind parameter + +The commit noted below changed the behaviour of --write-behind to +require an argument. This broke the 06wrmostly test with the error: + + mdadm: Invalid value for maximum outstanding write-behind writes: (null). + Must be between 0 and 16383. + +To fix this, check if optarg is NULL before parising it, as the origial +code did. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9] + +Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.") +Cc: Mateusz Grzonka <mateusz.grzonka@intel.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + mdadm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mdadm.c b/mdadm.c +index d0c5e6de..56722ed9 100644 +--- a/mdadm.c ++++ b/mdadm.c +@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[]) + case O(BUILD, WriteBehind): + case O(CREATE, WriteBehind): + s.write_behind = DEFAULT_MAX_WRITE_BEHIND; +- if (parse_num(&s.write_behind, optarg) != 0 || +- s.write_behind < 0 || s.write_behind > 16383) { ++ if (optarg && ++ (parse_num(&s.write_behind, optarg) != 0 || ++ s.write_behind < 0 || s.write_behind > 16383)) { + pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n", + optarg); + exit(2); +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch index f224d0008d..e00287cab1 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch @@ -1,4 +1,4 @@ -From c27e128fdc062ec3fcdf7b48a8c5078615c538df Mon Sep 17 00:00:00 2001 +From 5fdc0173cb4fcf8656f0889ad364d2549795607f Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Mon, 1 Jul 2019 11:34:49 +0800 Subject: [PATCH] mdadm: add option -y for use syslog to recive event report @@ -14,12 +14,15 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/mdmonitor.service b/systemd/mdmonitor.service -index 9c36478..d289846 100644 +index 46f7b88..3fc4687 100644 --- a/systemd/mdmonitor.service +++ b/systemd/mdmonitor.service -@@ -14,4 +14,4 @@ Documentation=man:mdadm(8) +@@ -13,4 +13,4 @@ DefaultDependencies=no Environment= MDADM_MONITOR_ARGS=--scan EnvironmentFile=-/run/sysconfig/mdadm ExecStartPre=-/usr/lib/mdadm/mdadm_env.sh -ExecStart=BINDIR/mdadm --monitor $MDADM_MONITOR_ARGS +ExecStart=BINDIR/mdadm --monitor -y $MDADM_MONITOR_ARGS +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-skip-test-11spare-migration.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-skip-test-11spare-migration.patch new file mode 100644 index 0000000000..84517caade --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-skip-test-11spare-migration.patch @@ -0,0 +1,43 @@ +From 1b83afa7c3121f819e72ea74883f8b6d61d6548e Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Fri, 6 Sep 2019 10:59:02 +0800 +Subject: [PATCH] mdadm: skip test 11spare-migration + +11spare-migration is a test series to check mdadm Monitor migrates spares +according to rules in /etc/mdadm.conf defined by POLICY lines. + +[snip] +for scan in no yes; do + for platform in 1.2 imsm; do + try + done +done +[snip] + +"try" includes near 20 sub testcase, so there are nearly 80 subcases need to run, +so it will take long time than ptest-runner timeout limit, skip it as workaround. + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + test | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test b/test +index 711a3c7..880dd1d 100755 +--- a/test ++++ b/test +@@ -272,6 +272,9 @@ main() { + else + for script in $testdir/$prefix $testdir/$prefix*[^~] + do ++ if [ $script == "$testdir/11spare-migration" ];then ++ continue ++ fi + do_test $script + done + fi +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm.h-Undefine-dprintf-before-redefining.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm.h-Undefine-dprintf-before-redefining.patch index 52daea2a49..a1e7e59323 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-mdadm.h-Undefine-dprintf-before-redefining.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm.h-Undefine-dprintf-before-redefining.patch @@ -1,4 +1,4 @@ -From 4dd5c2659722b44409cee28b4cea68cdeaa1f987 Mon Sep 17 00:00:00 2001 +From b431cb4e1ed060122fa300dc0008f74080d38f73 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 9 May 2016 22:03:57 +0000 Subject: [PATCH] mdadm.h: Undefine dprintf before redefining @@ -20,10 +20,10 @@ Upstream-Status: Pending 1 file changed, 2 insertions(+) diff --git a/mdadm.h b/mdadm.h -index 1f28b3e..04996e2 100644 +index 387e681..bb943bf 100644 --- a/mdadm.h +++ b/mdadm.h -@@ -1869,11 +1869,13 @@ static inline sighandler_t signal_s(int sig, sighandler_t handler) +@@ -1649,11 +1649,13 @@ static inline char *to_subarray(struct mdstat_ent *ent, char *container) } #ifdef DEBUG diff --git a/poky/meta/recipes-extended/mdadm/files/0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch b/poky/meta/recipes-extended/mdadm/files/0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch index 13435ee418..142ed355ef 100644 --- a/poky/meta/recipes-extended/mdadm/files/0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch +++ b/poky/meta/recipes-extended/mdadm/files/0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch @@ -1,4 +1,4 @@ -From aa86de05cd6a75222b38e0789ac96fe00f705430 Mon Sep 17 00:00:00 2001 +From 6b861a267a6ef6f60f6cc21e4c8e6d7cdd2451dc Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 10 Nov 2022 12:31:22 -0800 Subject: [PATCH] restripe.c: Use _FILE_OFFSET_BITS to enable largefile support @@ -10,57 +10,9 @@ the width of types Upstream-Status: Submitted [https://lore.kernel.org/linux-raid/20221110225546.337164-1-raj.khem@gmail.com/] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - raid6check.c | 11 +++++++---- - restripe.c | 13 ++++++++----- - swap_super.c | 13 +++++++------ - 3 files changed, 22 insertions(+), 15 deletions(-) + restripe.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) -diff --git a/raid6check.c b/raid6check.c -index 9947776..8e7f142 100644 ---- a/raid6check.c -+++ b/raid6check.c -@@ -22,6 +22,9 @@ - * Based on "restripe.c" from "mdadm" codebase - */ - -+/* Enable largefile support */ -+#define _FILE_OFFSET_BITS 64 -+ - #include "mdadm.h" - #include <stdint.h> - #include <sys/mman.h> -@@ -284,9 +287,9 @@ int manual_repair(int chunk_size, int syndrome_disks, - } - - int write_res1, write_res2; -- off64_t seek_res; -+ off_t seek_res; - -- seek_res = lseek64(source[fd1], -+ seek_res = lseek(source[fd1], - offsets[fd1] + start * chunk_size, SEEK_SET); - if (seek_res < 0) { - fprintf(stderr, "lseek failed for failed_disk1\n"); -@@ -294,7 +297,7 @@ int manual_repair(int chunk_size, int syndrome_disks, - } - write_res1 = write(source[fd1], blocks[failed_slot1], chunk_size); - -- seek_res = lseek64(source[fd2], -+ seek_res = lseek(source[fd2], - offsets[fd2] + start * chunk_size, SEEK_SET); - if (seek_res < 0) { - fprintf(stderr, "lseek failed for failed_disk2\n"); -@@ -379,7 +382,7 @@ int check_stripes(struct mdinfo *info, int *source, unsigned long long *offsets, - goto exitCheck; - } - for (i = 0 ; i < raid_disks ; i++) { -- off64_t seek_res = lseek64(source[i], offsets[i] + start * chunk_size, -+ off_t seek_res = lseek(source[i], offsets[i] + start * chunk_size, - SEEK_SET); - if (seek_res < 0) { - fprintf(stderr, "lseek to source %d failed\n", i); -diff --git a/restripe.c b/restripe.c -index a7a7229..1c03577 100644 --- a/restripe.c +++ b/restripe.c @@ -22,6 +22,9 @@ @@ -73,7 +25,7 @@ index a7a7229..1c03577 100644 #include "mdadm.h" #include <stdint.h> -@@ -581,7 +584,7 @@ int save_stripes(int *source, unsigned long long *offsets, +@@ -581,7 +584,7 @@ int save_stripes(int *source, unsigned l raid_disks, level, layout); if (dnum < 0) abort(); if (source[dnum] < 0 || @@ -82,7 +34,7 @@ index a7a7229..1c03577 100644 offsets[dnum] + offset, 0) < 0 || read(source[dnum], buf+disk * chunk_size, chunk_size) != chunk_size) { -@@ -754,8 +757,8 @@ int restore_stripes(int *dest, unsigned long long *offsets, +@@ -754,8 +757,8 @@ int restore_stripes(int *dest, unsigned raid_disks, level, layout); if (src_buf == NULL) { /* read from file */ @@ -93,7 +45,7 @@ index a7a7229..1c03577 100644 rv = -1; goto abort; } -@@ -816,7 +819,7 @@ int restore_stripes(int *dest, unsigned long long *offsets, +@@ -816,7 +819,7 @@ int restore_stripes(int *dest, unsigned } for (i=0; i < raid_disks ; i++) if (dest[i] >= 0) { @@ -102,7 +54,7 @@ index a7a7229..1c03577 100644 offsets[i]+offset, 0) < 0) { rv = -1; goto abort; -@@ -866,7 +869,7 @@ int test_stripes(int *source, unsigned long long *offsets, +@@ -866,7 +869,7 @@ int test_stripes(int *source, unsigned l int disk; for (i = 0 ; i < raid_disks ; i++) { @@ -111,8 +63,48 @@ index a7a7229..1c03577 100644 (read(source[i], stripes[i], chunk_size) != chunk_size)) { free(q); -diff --git a/swap_super.c b/swap_super.c -index b6db574..18c89e2 100644 +--- a/raid6check.c ++++ b/raid6check.c +@@ -22,6 +22,9 @@ + * Based on "restripe.c" from "mdadm" codebase + */ + ++/* Enable largefile support */ ++#define _FILE_OFFSET_BITS 64 ++ + #include "mdadm.h" + #include <stdint.h> + #include <signal.h> +@@ -279,9 +282,9 @@ int manual_repair(int chunk_size, int sy + } + + int write_res1, write_res2; +- off64_t seek_res; ++ off_t seek_res; + +- seek_res = lseek64(source[fd1], ++ seek_res = lseek(source[fd1], + offsets[fd1] + start * chunk_size, SEEK_SET); + if (seek_res < 0) { + fprintf(stderr, "lseek failed for failed_disk1\n"); +@@ -289,7 +292,7 @@ int manual_repair(int chunk_size, int sy + } + write_res1 = write(source[fd1], blocks[failed_slot1], chunk_size); + +- seek_res = lseek64(source[fd2], ++ seek_res = lseek(source[fd2], + offsets[fd2] + start * chunk_size, SEEK_SET); + if (seek_res < 0) { + fprintf(stderr, "lseek failed for failed_disk2\n"); +@@ -374,7 +377,7 @@ int check_stripes(struct mdinfo *info, i + goto exitCheck; + } + for (i = 0 ; i < raid_disks ; i++) { +- off64_t seek_res = lseek64(source[i], offsets[i] + start * chunk_size, ++ off_t seek_res = lseek(source[i], offsets[i] + start * chunk_size, + SEEK_SET); + if (seek_res < 0) { + fprintf(stderr, "lseek to source %d failed\n", i); --- a/swap_super.c +++ b/swap_super.c @@ -1,3 +1,6 @@ diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch new file mode 100644 index 0000000000..1c95834a7e --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch @@ -0,0 +1,41 @@ +From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:13 -0600 +Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout + fails for 0.9 + +329dfc28debb disallows the creation of raid0 with layouts for 0.9 +metadata. This test confirms the new behavior. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index 8bc18985..e6b21cc4 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -6,11 +6,9 @@ check raid0 + testdev $md0 3 $mdsize2_l 512 + mdadm -S $md0 + +-# now with version-0.90 superblock ++# verify raid0 with layouts fail for 0.90 + mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3 +-check raid0 +-testdev $md0 4 $mdsize0 512 +-mdadm -S $md0 ++check opposite_result + + # now with no superblock + mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4 +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch new file mode 100644 index 0000000000..c621c082e8 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch @@ -0,0 +1,39 @@ +From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 27 Jul 2022 15:52:45 -0600 +Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro + +In some recent kernel versions, 00readonly fails with: + + mdadm: failed to set readonly for /dev/md0: Device or resource busy + ERROR: array is not read-only! + +This was traced down to a race condition with udev holding a reference +to the block device at the same time as trying to set it read only. + +To fix this, call udevadm settle before setting the array read only. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26] + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jsorensen@fb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00readonly | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/00readonly b/tests/00readonly +index 39202487..afe243b3 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -12,6 +12,7 @@ do + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync + check $level ++ udevadm settle + mdadm -ro $md0 + check readonly + state=$(cat /sys/block/md0/md/array_state) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch new file mode 100644 index 0000000000..1a7104b76d --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch @@ -0,0 +1,33 @@ +From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:16 -0600 +Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration + +This fixes 02lineargrow test as prior metadata causes --add operation +to misbehave. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/02lineargrow | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/02lineargrow b/tests/02lineargrow +index e05c219d..595bf9f2 100644 +--- a/tests/02lineargrow ++++ b/tests/02lineargrow +@@ -20,4 +20,6 @@ do + testdev $md0 3 $sz 1 + + mdadm -S $md0 ++ mdadm --zero /dev/loop2 ++ mdadm --zero /dev/loop3 + done +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch new file mode 100644 index 0000000000..9098fb2540 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch @@ -0,0 +1,41 @@ +From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:15 -0600 +Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1 + +'04update-metadata' test fails with error, "specifying chunk size is +forbidden for this level" added by commit, 5b30a34aa4b5e. Hence, +correcting the test to ignore passing chunk size to raid1. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +[logang@deltatee.com: fix if/then style and dropped unrelated hunk] +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/04update-metadata | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 08c14af7..2b72a303 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3" + for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} +- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ if [[ $l == 'raid1' ]]; then ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist ++ else ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ fi + testdev $md0 $s 19904 64 + mdadm -S $md0 + mdadm -A $md0 --update=metadata $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch new file mode 100644 index 0000000000..5a6bf9e4bd --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch @@ -0,0 +1,39 @@ +From ee594b1a12833c06102de888248a361bc49cea09 Mon Sep 17 00:00:00 2001 +From: Ovidiu Panait <ovidiu.panait@windriver.com> +Date: Fri, 18 Aug 2023 12:20:40 +0300 +Subject: [PATCH] tests: add .broken files for 04update-uuid and + 07revert-inplace + +04update-uuid and 07revert-inplace tests are unreliable and fail intermittently +on the autobuilder. Unfortunately, the failures cannot be reproduced locally +and the logs cannot be retrieved from the AB. + +Mark the testcases as BROKEN to skip them when running ptest. + +Upstream-Status: Inappropriate + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + tests/04update-uuid.broken | 1 + + tests/07revert-inplace.broken | 1 + + 2 files changed, 2 insertions(+) + create mode 100644 tests/04update-uuid.broken + create mode 100644 tests/07revert-inplace.broken + +diff --git a/tests/04update-uuid.broken b/tests/04update-uuid.broken +new file mode 100644 +index 0000000..197b35b +--- /dev/null ++++ b/tests/04update-uuid.broken +@@ -0,0 +1 @@ ++fails infrequently +diff --git a/tests/07revert-inplace.broken b/tests/07revert-inplace.broken +new file mode 100644 +index 0000000..197b35b +--- /dev/null ++++ b/tests/07revert-inplace.broken +@@ -0,0 +1 @@ ++fails infrequently +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch new file mode 100644 index 0000000000..d2e7d8ee50 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch @@ -0,0 +1,102 @@ +From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:14 -0600 +Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata + +Some of the test cases fail because raid0 creation fails with the error, +"0.90 metadata does not support layouts for RAID0" added by commit, +329dfc28debb. Fix some of the test cases by switching from raid0 to +linear level for 0.9 metadata where possible. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 4 ++-- + tests/00readonly | 4 ++++ + tests/03r0assem | 6 +++--- + tests/04r0update | 4 ++-- + tests/04update-metadata | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index e6b21cc4..9b8896cb 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -20,8 +20,8 @@ mdadm -S $md0 + # now same again with different chunk size + for chunk in 4 32 256 + do +- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2 +- check raid0 ++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2 ++ check linear + testdev $md0 3 $mdsize0 $chunk + mdadm -S $md0 + +diff --git a/tests/00readonly b/tests/00readonly +index 28b0fa13..39202487 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2 + do + for level in linear raid0 raid1 raid4 raid5 raid6 raid10 + do ++ if [[ $metadata == "0.9" && $level == "raid0" ]]; ++ then ++ continue ++ fi + mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \ + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync +diff --git a/tests/03r0assem b/tests/03r0assem +index 6744e322..44df0645 100644 +--- a/tests/03r0assem ++++ b/tests/03r0assem +@@ -68,9 +68,9 @@ mdadm -S $md2 + ### Now for version 0... + + mdadm --zero-superblock $dev0 $dev1 $dev2 +-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2 +-check raid0 +-tst="testdev $md2 3 $mdsize0 512" ++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2 ++check linear ++tst="testdev $md2 3 $mdsize0 1" + $tst + + uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'` +diff --git a/tests/04r0update b/tests/04r0update +index 73ee3b9f..b95efb06 100644 +--- a/tests/04r0update ++++ b/tests/04r0update +@@ -1,7 +1,7 @@ + + # create a raid0, re-assemble with a different super-minor +-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2 +-testdev $md0 3 $mdsize0 512 ++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2 ++testdev $md0 3 $mdsize0 1 + minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'` + mdadm -S /dev/md0 + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 232fc1ff..08c14af7 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -8,7 +8,7 @@ set -xe + + dlist="$dev0 $dev1 $dev2 $dev3" + +-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2 ++for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} + mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch b/poky/meta/recipes-extended/mdadm/files/0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch deleted file mode 100644 index 0916efafdf..0000000000 --- a/poky/meta/recipes-extended/mdadm/files/0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 8fa7d3cb96e8833743b635fb198675ad6c020b6e Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Tue, 12 Mar 2024 10:51:51 +0100 -Subject: [PATCH] util.c: add limits.h include for NAME_MAX definition - -Upstream-Status: Submitted [mariusz.tkaczyk@linux.intel.com,linux-raid@vger.kernel.org] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util.c b/util.c -index b145447..a9cb6c4 100644 ---- a/util.c -+++ b/util.c -@@ -36,7 +36,7 @@ - #include <ctype.h> - #include <dirent.h> - #include <dlfcn.h> -- -+#include <limits.h> - - /* - * following taken from linux/blkpg.h because they aren't diff --git a/poky/meta/recipes-extended/mdadm/files/0002-Create.c-include-linux-falloc.h-for-FALLOC_FL_ZERO_R.patch b/poky/meta/recipes-extended/mdadm/files/0002-Create.c-include-linux-falloc.h-for-FALLOC_FL_ZERO_R.patch deleted file mode 100644 index 145c65477a..0000000000 --- a/poky/meta/recipes-extended/mdadm/files/0002-Create.c-include-linux-falloc.h-for-FALLOC_FL_ZERO_R.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a22b2345b9773d362acd85dd4c4a6a3cda9100d4 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Tue, 12 Mar 2024 10:54:08 +0100 -Subject: [PATCH] Create.c: include linux/falloc.h for FALLOC_FL_ZERO_RANGE - definition - -glibc provides this through fcntl.h but musl does not - should -be reported and fixed there. - -Upstream-Status: Inappropriate [musl-specific issue] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - Create.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Create.c b/Create.c -index 8082f54..7071f0a 100644 ---- a/Create.c -+++ b/Create.c -@@ -31,6 +31,7 @@ - #include <signal.h> - #include <sys/signalfd.h> - #include <sys/wait.h> -+#include <linux/falloc.h> - - static int round_size_and_verify(unsigned long long *size, int chunk) - { diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch new file mode 100644 index 0000000000..fafe88b49c --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch @@ -0,0 +1,56 @@ +From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:08 -0600 +Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in + validate_geometry_ddf() + +A relatively recent patch added a call to validate_geometry() in +Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL. + +This causes some ddf tests to segfault which aborts the test suite. + +To fix this, avoid dereferencing chunk when the level is +LEVEL_CONTAINER or LEVEL_NONE. + +Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container") +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 65cf727..3ef1293 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st, + * If given BVDs, we make an SVD, changing all the GUIDs in the process. + */ + +- if (*chunk == UnSet) +- *chunk = DEFAULT_CHUNK; +- + if (level == LEVEL_NONE) + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { +@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st, + freesize, verbose); + } + ++ if (*chunk == UnSet) ++ *chunk = DEFAULT_CHUNK; ++ + if (!dev) { + mdu_array_info_t array = { + .level = level, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch new file mode 100644 index 0000000000..a954ab027a --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch @@ -0,0 +1,91 @@ +From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:09 -0600 +Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork + +The test 07reshape-grow fails most of the time. But it succeeds around +1 in 5 times. When it does succeed, it causes the tests to die because +mdadm has segfaulted. + +The segfault was caused by mdadm attempting to repoen a file +descriptor that was already closed. The backtrace of the segfault +was: + + #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 + #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956 + #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0) + at util.c:1072 + #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079 + #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244 + #5 0x000056146e329f36 in start_array (mdfd=4, + mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860, + st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0, + bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5, + sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90, + clean=1, avail=0x56146fc78720 "\001\001\001\001\001", + start_partial_ok=0, err_ok=0, was_forced=0) + at Assemble.c:1206 + #6 0x000056146e32c36e in Assemble (st=0x56146fc78660, + mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70, + devlist=0x56146fc6e2d0, c=0x7ffc55342e90) + at Assemble.c:1914 + #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238) + at mdadm.c:1510 + +The file descriptor was closed early in Grow_continue(). The noted commit +moved the close() call to close the fd above the fork which caused the +parent process to return with a closed fd. + +This meant reshape_array() and Grow_continue() would return in the parent +with the fd forked. The fd would eventually be passed to reopen_mddev() +which returned an unhandled NULL from fd2devnm() which would then be +dereferenced in devnm2devid. + +Fix this by moving the close() call below the fork. This appears to +fix the 07revert-grow test. While we're at it, switch to using +close_fd() to invalidate the file descriptor. + +Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time") +Cc: Alex Wu <alexwu@synology.com> +Cc: BingJing Chang <bingjingc@synology.com> +Cc: Danny Shih <dannyshih@synology.com> +Cc: ChangSyun Peng <allenpeng@synology.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + Grow.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Grow.c b/Grow.c +index 9c6fc95..a8e4e83 100644 +--- a/Grow.c ++++ b/Grow.c +@@ -3501,7 +3501,6 @@ started: + return 0; + } + +- close(fd); + /* Now we just need to kick off the reshape and watch, while + * handling backups of the data... + * This is all done by a forked background process. +@@ -3522,6 +3521,9 @@ started: + break; + } + ++ /* Close unused file descriptor in the forked process */ ++ close_fd(&fd); ++ + /* If another array on the same devices is busy, the + * reshape will wait for them. This would mean that + * the first section that we suspend will stay suspended +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch new file mode 100644 index 0000000000..72cb40f782 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch @@ -0,0 +1,42 @@ +From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:10 -0600 +Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks + +Not all struct superswitch implement a get_bad_blocks() function, +yet mdmon seems to call it without checking for NULL and thus +occasionally segfaults in the test 10ddf-geometry. + +Fix this by checking for NULL before calling it. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + monitor.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/monitor.c b/monitor.c +index afc3e50..8e43c0d 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi) + struct md_bb *bb; + int i; + ++ if (!ss->get_bad_blocks) ++ return -1; ++ + /* + * Get a list of bad blocks for an array, then read list of + * acknowledged bad blocks from kernel and compare it against metadata +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch new file mode 100644 index 0000000000..c55bfb125b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch @@ -0,0 +1,128 @@ +From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:18 -0600 +Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures + +Add functionality to continue if a test marked as broken fails. + +To mark a test as broken, a file with the same name but with the suffix +'.broken' should exist. The first line in the file will be printed with +a KNOWN BROKEN message; the rest of the file can describe the how the +test is broken. + +Also adds --skip-broken and --skip-always-broken to skip all the tests +that have a .broken file or to skip all tests whose .broken file's first +line contains the keyword always. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3 + +[OP: adjusted context for mdadm-4.2] +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + test | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +diff --git a/test b/test +index 8f189d9..ee8fba1 100755 +--- a/test ++++ b/test +@@ -10,6 +10,8 @@ devlist= + + savelogs=0 + exitonerror=1 ++ctrl_c_error=0 ++skipbroken=0 + prefix='[0-9][0-9]' + + # use loop devices by default if doesn't specify --dev +@@ -35,6 +37,7 @@ die() { + + ctrl_c() { + exitonerror=1 ++ ctrl_c_error=1 + } + + # mdadm always adds --quiet, and we want to see any unexpected messages +@@ -79,8 +82,21 @@ mdadm() { + do_test() { + _script=$1 + _basename=`basename $_script` ++ _broken=0 ++ + if [ -f "$_script" ] + then ++ if [ -f "${_script}.broken" ]; then ++ _broken=1 ++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n') ++ if [ "$skipbroken" == "all" ]; then ++ return ++ elif [ "$skipbroken" == "always" ] && ++ [[ "$_broken_msg" == *always* ]]; then ++ return ++ fi ++ fi ++ + rm -f $targetdir/stderr + # this might have been reset: restore the default. + echo 2000 > /proc/sys/dev/raid/speed_limit_max +@@ -97,10 +113,15 @@ do_test() { + else + save_log fail + _fail=1 ++ if [ "$_broken" == "1" ]; then ++ echo " (KNOWN BROKEN TEST: $_broken_msg)" ++ fi + fi + [ "$savelogs" == "1" ] && + mv -f $targetdir/log $logdir/$_basename.log +- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1 ++ [ "$ctrl_c_error" == "1" ] && exit 1 ++ [ "$_fail" == "1" -a "$exitonerror" == "1" \ ++ -a "$_broken" == "0" ] && exit 1 + fi + } + +@@ -117,6 +138,8 @@ do_help() { + --logdir=directory Directory to save all logfiles in + --save-logs Usually use with --logdir together + --keep-going | --no-error Don't stop on error, ie. run all tests ++ --skip-broken Skip tests that are known to be broken ++ --skip-always-broken Skip tests that are known to always fail + --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk + --disks= Provide a bunch of physical devices for test + --volgroup=name LVM volume group for LVM test +@@ -211,6 +234,12 @@ parse_args() { + --keep-going | --no-error ) + exitonerror=0 + ;; ++ --skip-broken ) ++ skipbroken=all ++ ;; ++ --skip-always-broken ) ++ skipbroken=always ++ ;; + --disable-multipath ) + unset MULTIPATH + ;; +@@ -275,7 +304,11 @@ main() { + if [ $script == "$testdir/11spare-migration" ];then + continue + fi +- do_test $script ++ case $script in ++ *.broken) ;; ++ *) ++ do_test $script ++ esac + done + fi + +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch new file mode 100644 index 0000000000..115b23bac5 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch @@ -0,0 +1,454 @@ +From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:19 -0600 +Subject: [PATCH 6/6] tests: Add broken files for all broken tests + +Each broken file contains the rough frequency of brokeness as well +as a brief explanation of what happens when it breaks. Estimates +of failure rates are not statistically significant and can vary +run to run. + +This is really just a view from my window. Tests were done on a +small VM with the default loop devices, not real hardware. We've +seen different kernel configurations can cause bugs to appear as well +(ie. different block schedulers). It may also be that different race +conditions will be seen on machines with different performance +characteristics. + +These annotations were done with the kernel currently in md/md-next: + + facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()") + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + tests/01r5integ.broken | 7 ++++ + tests/01raid6integ.broken | 7 ++++ + tests/04r5swap.broken | 7 ++++ + tests/07autoassemble.broken | 8 ++++ + tests/07autodetect.broken | 5 +++ + tests/07changelevelintr.broken | 9 +++++ + tests/07changelevels.broken | 9 +++++ + tests/07reshape5intr.broken | 45 ++++++++++++++++++++++ + tests/07revert-grow.broken | 31 +++++++++++++++ + tests/07revert-shrink.broken | 9 +++++ + tests/07testreshape5.broken | 12 ++++++ + tests/09imsm-assemble.broken | 6 +++ + tests/09imsm-create-fail-rebuild.broken | 5 +++ + tests/09imsm-overlap.broken | 7 ++++ + tests/10ddf-assemble-missing.broken | 6 +++ + tests/10ddf-fail-create-race.broken | 7 ++++ + tests/10ddf-fail-two-spares.broken | 5 +++ + tests/10ddf-incremental-wrong-order.broken | 9 +++++ + tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++ + tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++ + tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++ + tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++ + tests/19raid6auto-repair.broken | 5 +++ + tests/19raid6repair.broken | 5 +++ + 24 files changed, 226 insertions(+) + create mode 100644 tests/01r5integ.broken + create mode 100644 tests/01raid6integ.broken + create mode 100644 tests/04r5swap.broken + create mode 100644 tests/07autoassemble.broken + create mode 100644 tests/07autodetect.broken + create mode 100644 tests/07changelevelintr.broken + create mode 100644 tests/07changelevels.broken + create mode 100644 tests/07reshape5intr.broken + create mode 100644 tests/07revert-grow.broken + create mode 100644 tests/07revert-shrink.broken + create mode 100644 tests/07testreshape5.broken + create mode 100644 tests/09imsm-assemble.broken + create mode 100644 tests/09imsm-create-fail-rebuild.broken + create mode 100644 tests/09imsm-overlap.broken + create mode 100644 tests/10ddf-assemble-missing.broken + create mode 100644 tests/10ddf-fail-create-race.broken + create mode 100644 tests/10ddf-fail-two-spares.broken + create mode 100644 tests/10ddf-incremental-wrong-order.broken + create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken + create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken + create mode 100644 tests/19raid6auto-repair.broken + create mode 100644 tests/19raid6repair.broken + +diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken +new file mode 100644 +index 0000000..2073763 +--- /dev/null ++++ b/tests/01r5integ.broken +@@ -0,0 +1,7 @@ ++fails rarely ++ ++Fails about 1 in every 30 runs with a sha mismatch error: ++ ++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match ++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3 ++ missing +diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken +new file mode 100644 +index 0000000..1df735f +--- /dev/null ++++ b/tests/01raid6integ.broken +@@ -0,0 +1,7 @@ ++fails infrequently ++ ++Fails about 1 in 5 with a sha mismatch: ++ ++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match ++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and ++ /dev/loop3 missing +diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken +new file mode 100644 +index 0000000..e38987d +--- /dev/null ++++ b/tests/04r5swap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 has no superblock - assembly aborted ++ ++ ERROR: no recovery happening +diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken +new file mode 100644 +index 0000000..8be0940 +--- /dev/null ++++ b/tests/07autoassemble.broken +@@ -0,0 +1,8 @@ ++always fails ++ ++Prints lots of messages, but the array doesn't assemble. Error ++possibly related to: ++ ++ mdadm: /dev/md/1 is busy - skipping ++ mdadm: no recogniseable superblock on /dev/md/testing:0 ++ mdadm: /dev/md/2 is busy - skipping +diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken +new file mode 100644 +index 0000000..294954a +--- /dev/null ++++ b/tests/07autodetect.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ ERROR: no resync happening +diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken +new file mode 100644 +index 0000000..284b490 +--- /dev/null ++++ b/tests/07changelevelintr.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 56832 ++ ++ ERROR: no reshape happening +diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken +new file mode 100644 +index 0000000..9b930d9 +--- /dev/null ++++ b/tests/07changelevels.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata ++ ++ ERROR: /dev/md0 isn't a block device. +diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken +new file mode 100644 +index 0000000..efe52a6 +--- /dev/null ++++ b/tests/07reshape5intr.broken +@@ -0,0 +1,45 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex ++held") ++ ++The new error is simply: ++ ++ ERROR: no reshape happening ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails infrequently ++ ++Fails roughly 1 in 4 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: cannot re-read metadata from /dev/loop6 - aborting ++ ++ ERROR: no reshape happening ++ ++Also have seen a random deadlock: ++ ++ INFO: task mdadm:109702 blocked for more than 30 seconds. ++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040 ++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000 ++ Call Trace: ++ <TASK> ++ __schedule+0x67e/0x13b0 ++ schedule+0x82/0x110 ++ mddev_suspend+0x2e1/0x330 ++ suspend_lo_store+0xbd/0x140 ++ md_attr_store+0xcb/0x130 ++ sysfs_kf_write+0x89/0xb0 ++ kernfs_fop_write_iter+0x202/0x2c0 ++ new_sync_write+0x222/0x330 ++ vfs_write+0x3bc/0x4d0 ++ ksys_write+0xd9/0x180 ++ __x64_sys_write+0x43/0x50 ++ do_syscall_64+0x3b/0x90 ++ entry_SYSCALL_64_after_hwframe+0x44/0xae +diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken +new file mode 100644 +index 0000000..9b6db86 +--- /dev/null ++++ b/tests/07revert-grow.broken +@@ -0,0 +1,31 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held") ++ ++The errors are: ++ ++ mdadm: No active reshape to revert on /dev/loop0 ++ ERROR: active raid5 not found ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails rarely ++ ++Fails about 1 in every 30 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory ++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument ++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it ++ (use --run to insist). ++ ++ grep: /sys/block/md*/md/sync_action: No such file or directory ++ ++ ERROR: active raid5 not found +diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken +new file mode 100644 +index 0000000..c33c39e +--- /dev/null ++++ b/tests/07revert-shrink.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 53760 ++ ++ ERROR: active raid5 not found +diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken +new file mode 100644 +index 0000000..a8ce03e +--- /dev/null ++++ b/tests/07testreshape5.broken +@@ -0,0 +1,12 @@ ++always fails ++ ++Test seems to run 'test_stripe' at $dir directory, but $dir is never ++set. If $dir is adjusted to $PWD, the test still fails with: ++ ++ mdadm: /dev/loop2 is not suitable for this array. ++ mdadm: create aborted ++ ++ return 1 ++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile ++ ++ echo cmp failed ++ cmp failed ++ ++ exit 2 +diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken +new file mode 100644 +index 0000000..a6d4d5c +--- /dev/null ++++ b/tests/09imsm-assemble.broken +@@ -0,0 +1,6 @@ ++fails infrequently ++ ++Fails roughly 1 in 10 runs with errors: ++ ++ mdadm: /dev/loop2 is still in use, cannot remove. ++ /dev/loop2 removal from /dev/md/container should have succeeded +diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken +new file mode 100644 +index 0000000..40c4b29 +--- /dev/null ++++ b/tests/09imsm-create-fail-rebuild.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ **Error**: Array size mismatch - expected 3072, actual 16384 +diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken +new file mode 100644 +index 0000000..e7ccab7 +--- /dev/null ++++ b/tests/09imsm-overlap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ /dev/md/vol3 failed check +diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken +new file mode 100644 +index 0000000..bfd8d10 +--- /dev/null ++++ b/tests/10ddf-assemble-missing.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with errors: ++ ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 +diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken +new file mode 100644 +index 0000000..6c0df02 +--- /dev/null ++++ b/tests/10ddf-fail-create-race.broken +@@ -0,0 +1,7 @@ ++usually fails ++ ++Fails about 9 out of 10 times with many errors: ++ ++ mdadm: cannot open MISSING: No such file or directory ++ ERROR: non-degraded array found ++ ERROR: disk 0 not marked as failed in meta data +diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken +new file mode 100644 +index 0000000..eeea56d +--- /dev/null ++++ b/tests/10ddf-fail-two-spares.broken +@@ -0,0 +1,5 @@ ++fails infrequently ++ ++Fails roughly 1 in 3 with error: ++ ++ ERROR: /dev/md/vol1 should be optimal in meta data +diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken +new file mode 100644 +index 0000000..a5af3ba +--- /dev/null ++++ b/tests/10ddf-incremental-wrong-order.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ERROR: sha1sum of /dev/md/vol0 has changed ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8 ++ ERROR: unexpected number of online disks on /dev/loop8 ++ ERROR: sha1sum of /dev/md/vol0 has changed +diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken +new file mode 100644 +index 0000000..4ef1d40 +--- /dev/null ++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk") +diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..89cd4e5 +--- /dev/null ++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..a27399f +--- /dev/null ++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken +@@ -0,0 +1,5 @@ ++fails rarely ++ ++Fails about 1 run in 100 with message: ++ ++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0 +diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken +new file mode 100644 +index 0000000..aa1982e +--- /dev/null ++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6auto-repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch index b758fcd0ab..fa90647489 100644 --- a/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch +++ b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch @@ -1,4 +1,4 @@ -From 319b3191f088cea7b0fb6038ab7625d5e049dcf7 Mon Sep 17 00:00:00 2001 +From adb75f0bdec97dbe4aa15cc988d349775f7995ff Mon Sep 17 00:00:00 2001 From: "martin f. krafft" <madduck@debian.org> Date: Mon, 3 Jan 2022 19:14:12 +0000 Subject: [PATCH] Remove -Werror from compiler flags @@ -10,20 +10,21 @@ use it to beautify the code, but remove it for out builds. Signed-off-by: martin f. krafft <madduck@debian.org> Upstream-Status: Pending + --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 9ab6a65..1141971 100644 +index 716c97c..40354ea 100644 --- a/Makefile +++ b/Makefile @@ -50,7 +50,7 @@ ifeq ($(origin CC),default) CC := $(CROSS_COMPILE)gcc endif CXFLAGS ?= -ggdb --CWFLAGS ?= -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds -+CWFLAGS ?= -Wall -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds +-CWFLAGS = -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter ++CWFLAGS = -Wall -Wstrict-prototypes -Wextra -Wno-unused-parameter ifdef WARN_UNUSED - CWFLAGS += -Wp -O3 + CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3 endif diff --git a/poky/meta/recipes-extended/mdadm/files/include_sysmacros.patch b/poky/meta/recipes-extended/mdadm/files/include_sysmacros.patch new file mode 100644 index 0000000000..8a1d8342d8 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/include_sysmacros.patch @@ -0,0 +1,14 @@ +include sys/sysmacros.h for major/minor macro definitions + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- a/mdadm.h ++++ b/mdadm.h +@@ -35,6 +35,7 @@ extern __off64_t lseek64 __P ((int __fd, + + #include <sys/types.h> + #include <sys/stat.h> ++#include <sys/sysmacros.h> + #include <stdint.h> + #include <stdlib.h> + #include <time.h> diff --git a/poky/meta/recipes-extended/mdadm/files/mdadm-3.3.2_x32_abi_time_t.patch b/poky/meta/recipes-extended/mdadm/files/mdadm-3.3.2_x32_abi_time_t.patch index ecd1f037d0..7a2c888701 100644 --- a/poky/meta/recipes-extended/mdadm/files/mdadm-3.3.2_x32_abi_time_t.patch +++ b/poky/meta/recipes-extended/mdadm/files/mdadm-3.3.2_x32_abi_time_t.patch @@ -1,4 +1,4 @@ -From ca91d9fc07943f209988411f2596e4b69828f208 Mon Sep 17 00:00:00 2001 +From e37f7f6a0f1ef1b594574d11a8b90b8c861d047b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> Date: Sun, 15 Mar 2015 09:02:14 +0000 Subject: [PATCH] mdadm: Fix build in x32 ABI @@ -12,15 +12,16 @@ data type in x32 ABI is long long int. Upstream-Status: Pending Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> + --- monitor.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monitor.c b/monitor.c -index 4acec67..8dcdfd6 100644 +index 81537ed..7c33382 100644 --- a/monitor.c +++ b/monitor.c -@@ -447,9 +447,12 @@ static int read_and_act(struct active_array *a, fd_set *fds) +@@ -445,9 +445,12 @@ static int read_and_act(struct active_array *a, fd_set *fds) if (FD_ISSET(mdi->bb_fd, fds)) check_for_cleared_bb(a, mdi); } diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.3.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb index 228fc6f84e..6f87249398 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.3.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -17,16 +17,31 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch \ file://0001-fix-gcc-8-format-truncation-warning.patch \ file://debian-no-Werror.patch \ + file://0001-Revert-tests-wait-for-complete-rebuild-in-integrity-.patch \ file://mdadm.init \ file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \ + file://include_sysmacros.patch \ + file://0001-mdadm-skip-test-11spare-migration.patch \ + file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \ file://0001-Makefile-install-mdcheck.patch \ file://0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch \ - file://0002-Create.c-include-linux-falloc.h-for-FALLOC_FL_ZERO_R.patch \ - file://0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch \ - file://0001-include-libgen.h-for-basename-API.patch \ + file://0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ + file://0001-mdadm-Fix-optional-write-behind-parameter.patch \ + file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \ + file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \ + file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ + file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ + file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ + file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \ + file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \ + file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \ + file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \ + file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \ + file://0006-tests-Add-broken-files-for-all-broken-tests.patch \ + file://0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch \ " -SRC_URI[sha256sum] = "416727ae1f1080ea6e3090cea36dd076826fc369151e36ab736557ba92196f9f" +SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" inherit autotools-brokensep ptest systemd @@ -44,7 +59,7 @@ CFLAGS:append:mipsarchn64 = ' -D__SANE_USERSPACE_TYPES__' CFLAGS:append:mipsarchn32 = ' -D__SANE_USERSPACE_TYPES__' EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}" SYSTEMD_DIR=${systemd_system_unitdir} \ - BINDIR="${base_sbindir}" UDEVDIR="${nonarch_base_libdir}/udev" LDFLAGS="${LDFLAGS}"' + BINDIR="${base_sbindir}" UDEVDIR="${nonarch_base_libdir}/udev"' DEBUG_OPTIMIZATION:append = " -Wno-error" @@ -76,6 +91,7 @@ do_install_ptest() { cp -R --no-dereference --preserve=mode,links -v ${S}/tests ${D}${PTEST_PATH}/tests cp ${S}/test ${D}${PTEST_PATH} sed -e 's!sleep 0.*!sleep 1!g; s!/var/tmp!/mdadm-testing-dir!g' -i ${D}${PTEST_PATH}/test + sed -e 's!/var/tmp!/mdadm-testing-dir!g' -i ${D}${PTEST_PATH}/tests/* sed -i -e '/echo -ne "$_script... "/d' \ -e 's/echo "succeeded"/echo -e "PASS: $_script"/g' \ -e '/save_log fail/N; /_fail=1/i\\t\t\techo -ne "FAIL: $_script"' \ diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch new file mode 100644 index 0000000000..95c437df4f --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch @@ -0,0 +1,39 @@ +From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 1 Jul 2023 07:48:17 -0700 +Subject: [PATCH] examples: Replace use of termio.h with termios.h + +Fixes build with musl and makes it portable + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + examples/tty_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +index 23f0684..db22500 100644 +--- a/examples/tty_conv.c ++++ b/examples/tty_conv.c +@@ -6,7 +6,8 @@ + #include <string.h> + #include <errno.h> + #include <unistd.h> +-#include <termio.h> ++#include <termios.h> ++#include <sys/ioctl.h> + #include <security/pam_appl.h> + + /*************************************** +@@ -16,7 +17,7 @@ + ***************************************/ + static void echoOff(int fd, int off) + { +- struct termio tty; ++ struct termios tty; + if (ioctl(fd, TCGETA, &tty) < 0) + { + fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); +-- +2.41.0 + diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch new file mode 100644 index 0000000000..23d5646235 --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch @@ -0,0 +1,69 @@ +From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001 +From: Md Zain Hasib <hasibm@vmware.com> +Date: Sat, 29 Jul 2023 11:01:35 +0530 +Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to + pwhistory helper + +This change fixes a bug when pwhistory_helper is invoked from +pam_pwhistory with an NULL filename, pwhistory_helper receives a short +circuited argc count of 3, ignoring the rest of the arguments passed +due to filename being NULL. To resolve the issue, an empty string is +passed in case the filename is empty, which is later changed back to +NULL in pwhistory_helper so that it can be passed to opasswd to read +the default opasswd file. + +* modules/pam_pwhistory/pam_pwhistory.c (run_save_helper, +run_check_helper): Replace NULL filename argument with an empty string. +* modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string +filename argument with NULL. + +Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)") +Signed-off-by: Dmitry V. Levin <ldv@strace.io> + +Upstream-Status: Backport +[https://github.com/linux-pam/linux-pam/commit/80dc2d410595b5193d32f965185710df27f3984e] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- + modules/pam_pwhistory/pwhistory_helper.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c +index 5a7fb811..98ddffce 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.c ++++ b/modules/pam_pwhistory/pam_pwhistory.c +@@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, + args[0] = (char *)PWHISTORY_HELPER; + args[1] = (char *)"save"; + args[2] = (char *)user; +- args[3] = (char *)filename; ++ args[3] = (char *)((filename != NULL) ? filename : ""); + DIAG_POP_IGNORE_CAST_QUAL; + if (asprintf(&args[4], "%d", howmany) < 0 || + asprintf(&args[5], "%d", debug) < 0) +@@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, + args[0] = (char *)PWHISTORY_HELPER; + args[1] = (char *)"check"; + args[2] = (char *)user; +- args[3] = (char *)filename; ++ args[3] = (char *)((filename != NULL) ? filename : ""); + DIAG_POP_IGNORE_CAST_QUAL; + if (asprintf(&args[4], "%d", debug) < 0) + { +diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c +index 469d95fa..fb9a1e31 100644 +--- a/modules/pam_pwhistory/pwhistory_helper.c ++++ b/modules/pam_pwhistory/pwhistory_helper.c +@@ -108,7 +108,7 @@ main(int argc, char *argv[]) + + option = argv[1]; + user = argv[2]; +- filename = argv[3]; ++ filename = (argv[3][0] != '\0') ? argv[3] : NULL; + + if (strcmp(option, "check") == 0 && argc == 5) + return check_history(user, filename, argv[4]); +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/pam/libpam/libpam-xtests.patch b/poky/meta/recipes-extended/pam/libpam/libpam-xtests.patch index f2dafa72a5..ea145899b4 100644 --- a/poky/meta/recipes-extended/pam/libpam/libpam-xtests.patch +++ b/poky/meta/recipes-extended/pam/libpam/libpam-xtests.patch @@ -1,21 +1,13 @@ -From 060726f7e60c8ecb5bf50fd776910b290d9a0a69 Mon Sep 17 00:00:00 2001 -From: Kang Kai <kai.kang@windriver.com> -Date: Tue, 19 Jul 2011 17:08:31 +0800 -Subject: [PATCH] This patch is used to create a new sub package libpam-xtests - to do more checks. +This patch is used to create a new sub package libpam-xtests to do more checks. Upstream-Status: Pending Signed-off-by: Kang Kai <kai.kang@windriver.com> ---- - xtests/Makefile.am | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/xtests/Makefile.am b/xtests/Makefile.am -index acf9746..9826c9f 100644 ---- a/xtests/Makefile.am -+++ b/xtests/Makefile.am -@@ -8,7 +8,7 @@ AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \ +Index: Linux-PAM-1.3.0/xtests/Makefile.am +=================================================================== +--- Linux-PAM-1.3.0.orig/xtests/Makefile.am ++++ Linux-PAM-1.3.0/xtests/Makefile.am +@@ -7,7 +7,7 @@ AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_src LDADD = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la @@ -24,7 +16,7 @@ index acf9746..9826c9f 100644 EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ -@@ -55,3 +55,18 @@ EXTRA_PROGRAMS = $(XTESTS) +@@ -51,3 +51,18 @@ EXTRA_PROGRAMS = $(XTESTS) xtests: $(XTESTS) run-xtests.sh "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS} diff --git a/poky/meta/recipes-extended/pam/libpam_1.6.0.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb index e1ed940d1e..ef32d19f3d 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.6.0.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -21,12 +21,14 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://pam.d/common-session-noninteractive \ file://pam.d/other \ file://libpam-xtests.patch \ + file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \ file://run-ptest \ file://pam-volatiles.conf \ file://0001-pam_namespace-include-stdint-h.patch \ + file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \ " -SRC_URI[sha256sum] = "fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad" +SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt" diff --git a/poky/meta/recipes-extended/procps/procps/pidfd.patch b/poky/meta/recipes-extended/procps/procps/pidfd.patch new file mode 100644 index 0000000000..23d1a3cd3e --- /dev/null +++ b/poky/meta/recipes-extended/procps/procps/pidfd.patch @@ -0,0 +1,42 @@ +From c8f625e085b8249cc009e8b19c3a19100217eb35 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Thu, 25 Apr 2024 13:33:15 +0000 +Subject: [PATCH] Fix pidfd_open detection + +This check for pidfd_open uses AC_CHECK_FUNC which just runs the specified code, but +src/pgrep.c checks HAVE_PIDFD_OPEN which will only be defined by AC_CHECK_FUNCS. + +Also pidfd_open is defined in sys/pidfd.h so that needs including. + +Upstream-Status: Submitted [https://gitlab.com/procps-ng/procps/-/merge_requests/229] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + +diff --git a/configure.ac b/configure.ac +index fec27e3f..024731c7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -170,7 +170,7 @@ AC_TRY_COMPILE([#include <errno.h>], + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no)) + +-AC_CHECK_FUNC([pidfd_open], [enable_pidwait=yes], [ ++AC_CHECK_FUNCS([pidfd_open], [enable_pidwait=yes], [ + AC_MSG_CHECKING([for __NR_pidfd_open]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([ + #include <sys/syscall.h> +diff --git a/src/pgrep.c b/src/pgrep.c +index d8e57dff..c5211aec 100644 +--- a/src/pgrep.c ++++ b/src/pgrep.c +@@ -44,7 +44,9 @@ + + #ifdef ENABLE_PIDWAIT + #include <sys/epoll.h> +-#ifndef HAVE_PIDFD_OPEN ++#ifdef HAVE_PIDFD_OPEN ++#include <sys/pidfd.h> ++#else + #include <sys/syscall.h> + #endif /* !HAVE_PIDFD_OPEN */ + #endif diff --git a/poky/meta/recipes-extended/procps/procps_4.0.4.bb b/poky/meta/recipes-extended/procps/procps_4.0.4.bb index 800384f22f..ec8c4b0261 100644 --- a/poky/meta/recipes-extended/procps/procps_4.0.4.bb +++ b/poky/meta/recipes-extended/procps/procps_4.0.4.bb @@ -14,6 +14,7 @@ inherit autotools gettext pkgconfig update-alternatives SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ + file://pidfd.patch \ " SRCREV = "4ddcef2fd843170c8e2d59a83042978f41037a2b" diff --git a/poky/meta/recipes-extended/psmisc/psmisc/0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch b/poky/meta/recipes-extended/psmisc/psmisc/0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch index 01335bdf40..ca13bdbd15 100644 --- a/poky/meta/recipes-extended/psmisc/psmisc/0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch +++ b/poky/meta/recipes-extended/psmisc/psmisc/0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch @@ -1,4 +1,4 @@ -From 338d2d46d1c20ebadf317938af98d0532a62f8d4 Mon Sep 17 00:00:00 2001 +From 115fcf1daff18aa2f2e130d63704f04031878db0 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 24 Mar 2016 15:46:14 +0000 Subject: [PATCH] Use UINTPTR_MAX instead of __WORDSIZE @@ -13,7 +13,7 @@ Upstream-Status: Pending 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/peekfd.c b/src/peekfd.c -index 36dff04..2b4b1dc 100644 +index 5aa990a..7e8e3fc 100644 --- a/src/peekfd.c +++ b/src/peekfd.c @@ -30,8 +30,11 @@ @@ -28,7 +28,7 @@ index 36dff04..2b4b1dc 100644 #include <getopt.h> #include <ctype.h> #include <dirent.h> -@@ -341,11 +344,11 @@ int main(int argc, char **argv) +@@ -266,11 +269,11 @@ int main(int argc, char **argv) if (WIFSTOPPED(status)) { #ifdef PPC struct pt_regs regs; diff --git a/poky/meta/recipes-extended/psmisc/psmisc_23.7.bb b/poky/meta/recipes-extended/psmisc/psmisc_23.6.bb index ea272cd92d..2e55ad00bd 100644 --- a/poky/meta/recipes-extended/psmisc/psmisc_23.7.bb +++ b/poky/meta/recipes-extended/psmisc/psmisc_23.6.bb @@ -5,5 +5,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \ file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \ " -SRCREV = "9091d6dbcce3d8fb87adf9249a2eb346d25a562c" +SRCREV = "3098e641dc1ddb210186f53464255670b480377b" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/poky/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch index 2e5503bfd4..d278a4cda3 100644 --- a/poky/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch +++ b/poky/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch @@ -16,9 +16,11 @@ Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> lib/copydir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/lib/copydir.c -+++ b/lib/copydir.c -@@ -400,6 +400,7 @@ static int copy_entry (const struct path +Index: shadow-4.14.2/lib/copydir.c +=================================================================== +--- shadow-4.14.2.orig/lib/copydir.c ++++ shadow-4.14.2/lib/copydir.c +@@ -415,6 +415,7 @@ static int copy_entry (const struct path { int err = 0; struct stat sb; @@ -26,12 +28,12 @@ Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> struct link_name *lp; struct timespec mt[2]; -@@ -423,7 +424,7 @@ static int copy_entry (const struct path - * If the destination already exists do nothing. - * This is after the copy_dir above to still iterate into subdirectories. - */ -- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { -+ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { - return err; - } +@@ -436,7 +437,7 @@ static int copy_entry (const struct path + * If the destination already exists do nothing. + * This is after the copy_dir above to still iterate into subdirectories. + */ +- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { ++ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { + return 0; + } diff --git a/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index cd99aad135..4a932d2dbb 100644 --- a/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,4 +1,4 @@ -From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Thu, 17 Jul 2014 15:53:34 +0800 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env @@ -20,10 +20,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 01a26c9..82b2868 100644 +index 73fdb3a..d1231e9 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; @@ -46,3 +46,6 @@ index 01a26c9..82b2868 100644 db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB +-- +2.30.2 + diff --git a/poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch index 1eacb8a53f..3b61b75e5b 100644 --- a/poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ b/poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch @@ -1,8 +1,3 @@ -From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 -From: Kang Kai <kai.kang@windriver.com> -Date: Wed, 20 Jul 2011 19:18:14 +0800 -Subject: [PATCH] shadow: update pam related configure files - The system-auth in the configure files is from Fedora which put all the 4 pam type rules in one file. In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, @@ -14,102 +9,82 @@ See meta/recipes-extended/pam/libpam/pam.d/common-password Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Kang Kai <kai.kang@windriver.com> ---- - etc/pam.d/chage | 2 +- - etc/pam.d/chgpasswd | 2 +- - etc/pam.d/groupadd | 2 +- - etc/pam.d/groupdel | 2 +- - etc/pam.d/groupmems | 2 +- - etc/pam.d/groupmod | 2 +- - etc/pam.d/useradd | 2 +- - etc/pam.d/userdel | 2 +- - etc/pam.d/usermod | 2 +- - 9 files changed, 9 insertions(+), 9 deletions(-) -diff --git a/etc/pam.d/chage b/etc/pam.d/chage -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/chage -+++ b/etc/pam.d/chage +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage +--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/chgpasswd -+++ b/etc/pam.d/chgpasswd +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd +--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/groupadd -+++ b/etc/pam.d/groupadd +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd +--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/groupdel -+++ b/etc/pam.d/groupdel +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel +--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/groupmems -+++ b/etc/pam.d/groupmems +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems +--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/groupmod -+++ b/etc/pam.d/groupmod +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod +--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/useradd -+++ b/etc/pam.d/useradd +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd +--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/userdel -+++ b/etc/pam.d/userdel +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel +--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod -index 8f49f5c..b1f365d 100644 ---- a/etc/pam.d/usermod -+++ b/etc/pam.d/usermod +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod +--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 ++++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 7b9763d6db..40e6ab0b30 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -25,7 +25,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ " -SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26" +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -40,7 +40,7 @@ inherit autotools gettext github-releases pkgconfig export CONFIG_SHELL="/bin/sh" -EXTRA_OECONF += " \ +EXTRA_OECONF += "--without-libcrack \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ --without-sssd \ diff --git a/poky/meta/recipes-extended/shadow/shadow_4.15.0.bb b/poky/meta/recipes-extended/shadow/shadow_4.14.2.bb index e57676c1da..e57676c1da 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.15.0.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.14.2.bb diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.17.06.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.17.05.bb index a52b70d22f..d4a427f89d 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.17.06.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.17.05.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ " -SRCREV = "e6bda983cb48a201b6af173204372c7b37d6411f" +SRCREV = "4e68895f4fe68863b360ab4a6a57e2dfcff85d60" S = "${WORKDIR}/git" DEPENDS = "coreutils-native libbsd" diff --git a/poky/meta/recipes-extended/texinfo/texinfo/0001-texinfo-several-changes-to-build-without-zlib-and-nc.patch b/poky/meta/recipes-extended/texinfo/texinfo/disable-native-tools.patch index b43a115b23..3801d73883 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo/0001-texinfo-several-changes-to-build-without-zlib-and-nc.patch +++ b/poky/meta/recipes-extended/texinfo/texinfo/disable-native-tools.patch @@ -1,8 +1,7 @@ -From ee9d23373b488c4a499c561d71e6b6ba7ca1bd31 Mon Sep 17 00:00:00 2001 +From e5d8f6d4a7652ea95c8d069ce9333494f2db868c Mon Sep 17 00:00:00 2001 From: Joshua Lock <josh@linux.intel.com> Date: Fri, 16 Sep 2011 15:35:48 -0700 -Subject: [PATCH 1/3] texinfo: several changes to build without zlib and - ncurses +Subject: [PATCH] texinfo: several changes to build without zlib and ncurses We already DEPEND on the native texinfo being present before building so there isn't any need to try and build the required native texinfo binaries @@ -11,15 +10,16 @@ before cross-compiling. This simplifies the recipe somewhat! Upstream-Status: Inappropriate oe specific Signed-off-by: Joshua Lock <josh@linux.intel.com> + --- configure.ac | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/configure.ac b/configure.ac -index 8094498..5b72fc1 100644 +index 6fcd3a0..c108df7 100644 --- a/configure.ac +++ b/configure.ac -@@ -247,29 +247,7 @@ AC_CANONICAL_BUILD +@@ -180,29 +180,7 @@ AC_CANONICAL_BUILD # $native_tools is also added to SUBDIRS in the main Makefile.am, # so that make compiles the native tools first. # @@ -50,6 +50,3 @@ index 8094498..5b72fc1 100644 AC_SUBST(native_tools) AM_CONDITIONAL(TOOLS_ONLY, [[test "x$tools_only" = x1]]) --- -2.39.2 - diff --git a/poky/meta/recipes-extended/texinfo/texinfo/0002-dont-depend-on-help2man.patch b/poky/meta/recipes-extended/texinfo/texinfo/dont-depend-on-help2man.patch index f3b6827d58..825887cc2e 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo/0002-dont-depend-on-help2man.patch +++ b/poky/meta/recipes-extended/texinfo/texinfo/dont-depend-on-help2man.patch @@ -1,32 +1,33 @@ -From e02be81fa68ddc7f939abd99de4e42759a0d5d8c Mon Sep 17 00:00:00 2001 +From 451a9b9c3874872d575693fc7733fae02690a7d3 Mon Sep 17 00:00:00 2001 From: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Date: Tue, 29 Nov 2016 13:43:24 -0600 -Subject: [PATCH 2/3] dont-depend-on-help2man +Subject: [PATCH] dont-depend-on-help2man Upstream-Status: Inappropriate Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> + --- doc/Makefile.am | 2 +- man/Makefile.am | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am -index e9e6298..f1b9895 100644 +index 407a38c..6b5ff3e 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am -@@ -63,7 +63,7 @@ refcard/txirefcard.pdf refcard/txirefcard-a4.pdf: refcard/txirefcard.tex +@@ -55,7 +55,7 @@ refcard_files = refcard/Makefile refcard/txicmdcheck \ # Include our texinfo.tex, not Automake's. EXTRA_DIST = epsf.tex texinfo.tex \ fdl.texi \ - $(man_MANS) $(TXI_XLATE) \ + $(TXI_XLATE) \ $(refcard_files) \ + gendocs.chapter/gendocs_template \ texinfo-tex-test.texi texinfo-tex-test.WIDOWs \ - texinfo-ja.tex short-sample-ja.texi \ diff --git a/man/Makefile.am b/man/Makefile.am -index f2c703f..61caeeb 100644 +index d0cd72c..a19e52a 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -11,27 +11,27 @@ @@ -63,6 +64,3 @@ index f2c703f..61caeeb 100644 # Maintainers should be able to regenerate. MAINTAINERCLEANFILES = $(man_MANS) --- -2.39.2 - diff --git a/poky/meta/recipes-extended/texinfo/texinfo/link-zip.patch b/poky/meta/recipes-extended/texinfo/texinfo/link-zip.patch new file mode 100644 index 0000000000..72d7067aa9 --- /dev/null +++ b/poky/meta/recipes-extended/texinfo/texinfo/link-zip.patch @@ -0,0 +1,23 @@ +From c5050ac84c8a3cc3ff8c7e558f8c2fdb57f410d9 Mon Sep 17 00:00:00 2001 +From: Joshua Lock <josh@linux.intel.com> +Date: Mon, 29 Jul 2013 15:02:34 -0700 +Subject: [PATCH] install-info uses symbols from zlib so must link against it. + +Upstream-Status: Pending + +Signed-off-by: Joshua Lock <josh@linux.intel.com> + +--- + install-info/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/install-info/Makefile.am b/install-info/Makefile.am +index 9bcff71..68247f9 100644 +--- a/install-info/Makefile.am ++++ b/install-info/Makefile.am +@@ -33,4 +33,4 @@ AM_CPPFLAGS = \ + -I$(top_srcdir)/gnulib/lib \ + -I$(top_builddir)/gnulib/lib \ + -DLOCALEDIR=\"$(localedir)\" +-LDADD = $(top_builddir)/gnulib/lib/libgnu.a $(LIBINTL) $(LIBTHREAD) ++LDADD = $(top_builddir)/gnulib/lib/libgnu.a $(LIBINTL) $(LIBTHREAD) -lz diff --git a/poky/meta/recipes-extended/texinfo/texinfo/0003-texinfo-Update-to-5.1.patch b/poky/meta/recipes-extended/texinfo/texinfo/use_host_makedoc.patch index f99f8b87d5..c6c9952c9e 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo/0003-texinfo-Update-to-5.1.patch +++ b/poky/meta/recipes-extended/texinfo/texinfo/use_host_makedoc.patch @@ -1,20 +1,21 @@ -From 33b85a3928895b812b37dc759c6de711802db45f Mon Sep 17 00:00:00 2001 +From 81ccd162b869c20e450073fa834b5cabbea8e3d4 Mon Sep 17 00:00:00 2001 From: Saul Wold <sgw@linux.intel.com> Date: Mon, 29 Jul 2013 15:02:34 -0700 -Subject: [PATCH 3/3] texinfo: Update to 5.1 +Subject: [PATCH] texinfo: Update to 5.1 Upstream-Status: Inappropriate [cross build specific] Signed-off-by: Saul Wold <sgw@linux.intel.com> + --- info/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/info/Makefile.am b/info/Makefile.am -index f57b341..a019aa7 100644 +index 35596b1..cae1421 100644 --- a/info/Makefile.am +++ b/info/Makefile.am -@@ -77,7 +77,7 @@ cmd_sources = $(srcdir)/session.c $(srcdir)/echo-area.c $(srcdir)/infodoc.c \ +@@ -69,7 +69,7 @@ cmd_sources = $(srcdir)/session.c $(srcdir)/echo-area.c $(srcdir)/infodoc.c \ # more than once. funs.h: makedoc$(EXEEXT) $(cmd_sources) rm -f $(generated_sources) @@ -23,6 +24,3 @@ index f57b341..a019aa7 100644 # The following hack is necessary to hint make before the automatic # dependencies are built. --- -2.39.2 - diff --git a/poky/meta/recipes-extended/texinfo/texinfo_7.1.bb b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb index 65d8252fb9..b149177b72 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo_7.1.bb +++ b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb @@ -25,16 +25,17 @@ RDEPENDS:info += "${@compress_pkg(d)}" DEPENDS = "zlib ncurses texinfo-replacement-native" DEPENDS:class-native = "zlib-native ncurses-native" -TARGET_PATCH = "file://0003-texinfo-Update-to-5.1.patch" +TARGET_PATCH = "file://use_host_makedoc.patch" TARGET_PATCH:class-native = "" SRC_URI = "${GNU_MIRROR}/texinfo/${BP}.tar.gz \ - file://0001-texinfo-several-changes-to-build-without-zlib-and-nc.patch \ - file://0002-dont-depend-on-help2man.patch \ + file://disable-native-tools.patch \ + file://link-zip.patch \ + file://dont-depend-on-help2man.patch \ ${TARGET_PATCH} \ " -SRC_URI[sha256sum] = "dd5710b3a53ac002644677a06145748e260592a35be182dc830ebebb79c5d5a0" +SRC_URI[sha256sum] = "3cc5706fb086b895e1dc2b407aade9f95a3a233ff856273e2b659b089f117683" tex_texinfo = "texmf/tex/texinfo" @@ -43,7 +44,6 @@ inherit gettext autotools multilib_script MULTILIB_SCRIPTS = "${PN}:${bindir}/texi2any" EXTRA_AUTORECONF += "-I ${S}/gnulib/m4" -CACHED_CONFIGUREVARS += "texinfo_cv_sys_iconv_converts_euc_cn=yes" do_configure:prepend () { # autotools_do_configure updates po/Makefile.in.in, we also need diff --git a/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch b/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch index 5438bafdcb..050fc2c7e1 100644 --- a/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch +++ b/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch @@ -1,4 +1,4 @@ -From b86e57b68363d108fe77c6fd588a275d2696cabe Mon Sep 17 00:00:00 2001 +From 7f1357529d23b356b45fbb0dd7388588162e4cb8 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Wed, 10 Jan 2018 14:43:20 +0800 Subject: [PATCH] src/Makefile.am: improve reproducibility @@ -44,10 +44,10 @@ Signed-off-by: Joe Slater <jslater@windriver.com> 1 file changed, 4 insertions(+) diff --git a/src/Makefile.am b/src/Makefile.am -index 18ec622..38d252d 100644 +index 28c0be2..44084a3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am -@@ -108,9 +108,13 @@ version.c: $(wget_SOURCES) ../lib/libgnu.a +@@ -87,9 +87,13 @@ version.c: $(wget_SOURCES) ../lib/libgnu.a echo '#include "version.h"' >> $@ echo 'const char *version_string = "@VERSION@";' >> $@ echo 'const char *compilation_string = "'$(COMPILE)'";' \ @@ -61,3 +61,6 @@ index 18ec622..38d252d 100644 | $(ESCAPEQUOTE) >> $@ css.c: $(srcdir)/css.l +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/wget/wget/CVE-2024-38428.patch b/poky/meta/recipes-extended/wget/wget/CVE-2024-38428.patch new file mode 100644 index 0000000000..ed99a05464 --- /dev/null +++ b/poky/meta/recipes-extended/wget/wget/CVE-2024-38428.patch @@ -0,0 +1,79 @@ +From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Sun, 2 Jun 2024 12:40:16 +0200 +Subject: Properly re-implement userinfo parsing (rfc2396) + +* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396) + +The reason why the implementation is based on RFC 2396, an outdated standard, +is that the whole file is based on that RFC, and mixing standard here might be +dangerous. + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace] +CVE: CVE-2024-38428 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/url.c | 40 ++++++++++++++++++++++++++++++++++------ + 1 file changed, 34 insertions(+), 6 deletions(-) + +diff --git a/src/url.c b/src/url.c +index 69e948b..07c3bc8 100644 +--- a/src/url.c ++++ b/src/url.c +@@ -41,6 +41,7 @@ as that of the covered work. */ + #include "url.h" + #include "host.h" /* for is_valid_ipv6_address */ + #include "c-strcase.h" ++#include "c-ctype.h" + + #ifdef HAVE_ICONV + # include <iconv.h> +@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme) + static const char * + url_skip_credentials (const char *url) + { +- /* Look for '@' that comes before terminators, such as '/', '?', +- '#', or ';'. */ +- const char *p = (const char *)strpbrk (url, "@/?#;"); +- if (!p || *p != '@') +- return url; +- return p + 1; ++ /* ++ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 . ++ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit. ++ * ++ * The RFC says ++ * server = [ [ userinfo "@" ] hostport ] ++ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," ) ++ * unreserved = alphanum | mark ++ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" ++ */ ++ static const char *allowed = "-_.!~*'();:&=+$,"; ++ ++ for (const char *p = url; *p; p++) ++ { ++ if (c_isalnum(*p)) ++ continue; ++ ++ if (strchr(allowed, *p)) ++ continue; ++ ++ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2])) ++ { ++ p += 2; ++ continue; ++ } ++ ++ if (*p == '@') ++ return p + 1; ++ ++ break; ++ } ++ ++ return url; + } + + /* Parse credentials contained in [BEG, END). The region is expected +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/wget/wget_1.24.5.bb b/poky/meta/recipes-extended/wget/wget_1.21.4.bb index 64e6ee80af..bc65a8f7c8 100644 --- a/poky/meta/recipes-extended/wget/wget_1.24.5.bb +++ b/poky/meta/recipes-extended/wget/wget_1.21.4.bb @@ -1,7 +1,8 @@ SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ file://0002-improve-reproducibility.patch \ + file://CVE-2024-38428.patch \ " -SRC_URI[sha256sum] = "fa2dc35bab5184ecbc46a9ef83def2aaaa3f4c9f3c97d4bd19dcb07d4da637de" +SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c" require wget.inc diff --git a/poky/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch b/poky/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch new file mode 100644 index 0000000000..0d3af37ded --- /dev/null +++ b/poky/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch @@ -0,0 +1,45 @@ +From 9db2f8cdbbc0dfb359d3b4e5dfe48c18652ce531 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 8 May 2024 19:02:46 -0700 +Subject: [PATCH] configure: Include dirent.h for closedir/opendir APIs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC-14 is strict about function prototypes and since the +testcase tries to compile/link opendir/closedir functions +without including signatures, it fails to build the test +due to missing signatures which come from dirent.h + +Therefore include the needed system header and make it more +robust. + +Fixes +a.c:2:21: error: implicit declaration of function ‘closedir’ [-Wimplicit-function-declaration] + 2 | int main() { return closedir(opendir(".")); } + | ^~~~~~~~ +a.c:2:30: error: implicit declaration of function ‘opendir’ [-Wimplicit-function-declaration] + 2 | int main() { return closedir(opendir(".")); } + | ^~~~~~~ + +Upstream-Status: Inactive-Upstream +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + unix/configure | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/configure b/unix/configure +index f917086..1dd98c6 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -591,6 +591,7 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null + + echo Check for directory libraries + cat > conftest.c << _EOF_ ++#include <dirent.h> + int main() { return closedir(opendir(".")); } + _EOF_ + +-- +2.45.0 + diff --git a/poky/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch b/poky/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch deleted file mode 100644 index a86e03e620..0000000000 --- a/poky/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 76f5bf3546d826dcbc03acbefcf0b10b972bf136 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 10 Aug 2022 17:19:38 -0700 -Subject: [PATCH 2/2] unix.c: Do not redefine DIR as FILE - -DIR is already provided on Linux via -/usr/include/dirent.h system header - -Upstream-Status: Inactive-Upstream -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - unix/unix.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/unix/unix.c b/unix/unix.c -index ba87614..6e6f4d2 100644 ---- a/unix/unix.c -+++ b/unix/unix.c -@@ -61,13 +61,11 @@ local time_t label_utim = 0; - /* Local functions */ - local char *readd OF((DIR *)); - -- - #ifdef NO_DIR /* for AT&T 3B1 */ - #include <sys/dir.h> - #ifndef dirent - # define dirent direct - #endif --typedef FILE DIR; - /* - ** Apparently originally by Rich Salz. - ** Cleaned up and modified by James W. Birdsall. --- -2.37.1 - diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb index 70df5ab872..ec54206335 100644 --- a/poky/meta/recipes-extended/zip/zip_3.0.bb +++ b/poky/meta/recipes-extended/zip/zip_3.0.bb @@ -17,8 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://0002-configure-support-PIC-code-build.patch \ file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \ file://0001-configure-Specify-correct-function-signatures-and-de.patch \ - file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \ file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \ + file://0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch index 7250fa3f62..24edda8102 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch @@ -1,4 +1,4 @@ -From 9d3b374e75692da3d1d05344a1693c85a3098f47 Mon Sep 17 00:00:00 2001 +From 325a4cde99a00b84116ab7111d27e6973f3c5026 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Thu, 26 Jan 2023 20:29:46 +0100 Subject: [PATCH] meson.build: allow (a subset of) tests in cross compile @@ -19,10 +19,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/meson.build b/meson.build -index 8a16c8f..7c8b20f 100644 +index 3eb3fcc..dc7e790 100644 --- a/meson.build +++ b/meson.build -@@ -369,10 +369,10 @@ subdir('gdk-pixbuf') +@@ -390,10 +390,10 @@ subdir('gdk-pixbuf') # i18n subdir('po') @@ -37,7 +37,7 @@ index 8a16c8f..7c8b20f 100644 endif diff --git a/tests/meson.build b/tests/meson.build -index 28c2525..c45e765 100644 +index 3781066..911b5fb 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -4,7 +4,7 @@ @@ -49,7 +49,7 @@ index 28c2525..c45e765 100644 # Resources; we cannot use gnome.compile_resources() here, because we need to # override the environment in order to use the utilities we just built instead # of the system ones -@@ -166,9 +166,11 @@ endif +@@ -164,9 +164,11 @@ endif test_deps = gdk_pixbuf_deps + [ gdkpixbuf_dep, ] test_args = [ '-k' ] test_env = environment() diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch index 23c68a0923..3b4bf62861 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch @@ -1,4 +1,4 @@ -From b511bd1efb43ffc49c753e309717a242ec686ef1 Mon Sep 17 00:00:00 2001 +From f78ab4edaee5f62663a9a4bcfa56e5c524da4474 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Tue, 1 Apr 2014 17:23:36 +0100 Subject: [PATCH] gdk-pixbuf: add an option so that loader errors are fatal @@ -8,13 +8,12 @@ non-zero if the loader had errors (missing libraries, generally). Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/144] Signed-off-by: Ross Burton <ross.burton@intel.com> - --- gdk-pixbuf/queryloaders.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/gdk-pixbuf/queryloaders.c b/gdk-pixbuf/queryloaders.c -index 1d39b44..2b00815 100644 +index baa9a5c..9b6fa89 100644 --- a/gdk-pixbuf/queryloaders.c +++ b/gdk-pixbuf/queryloaders.c @@ -216,7 +216,7 @@ write_loader_info (GString *contents, const char *path, GdkPixbufFormat *info) @@ -77,7 +76,7 @@ index 1d39b44..2b00815 100644 } g_free (cwd); } -@@ -490,5 +498,8 @@ int main (int argc, char **argv) +@@ -492,5 +500,8 @@ int main (int argc, char **argv) g_free (pixbuf_libdir); diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb index cca89a9059..9f825a68ef 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb @@ -22,7 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \ " -SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b" +SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7" inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_46.0.bb b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_45.0.bb index 2f3e4e7b85..0bd98288f6 100644 --- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_46.0.bb +++ b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_45.0.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c84cac88e46fc07647ea07e6c24eeb7c \ inherit gnomebase allarch gtk-icon-cache -SRC_URI[archive.sha256sum] = "4bcb539bd75d64da385d6fa08cbaa9ddeaceb6ac8e82b85ba6c41117bf5ba64e" +SRC_URI[archive.sha256sum] = "2442bfb06f4e6cc95bf6e2682fdff98fa5eddc688751b9d6215c623cb4e42ff1" DEPENDS += "librsvg-native" diff --git a/poky/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb b/poky/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb index ce733769a5..497be6805a 100644 --- a/poky/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb +++ b/poky/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb @@ -76,6 +76,10 @@ PACKAGECONFIG[gstreamer] = "-Dmedia-gstreamer=enabled,-Dmedia-gstreamer=disabled PACKAGECONFIG[tracker] = "-Dtracker=enabled,-Dtracker=disabled,tracker,tracker-miners" PACKAGECONFIG[vulkan] = "-Dvulkan=enabled,-Dvulkan=disabled, vulkan-loader vulkan-headers shaderc-native" +# Disable int-conversion warning as error until [1] is fixed +# [1] https://gitlab.gnome.org/GNOME/gtk/-/issues/6033 +CFLAGS:append = " -Wno-error=int-conversion" + LIBV = "4.0.0" FILES:${PN}:append = " \ diff --git a/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch b/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch index 27081d8749..da8ce68df9 100644 --- a/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch +++ b/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch @@ -1,4 +1,4 @@ -From 8a1aa4c318b8dbe4c0c2b1c4968f867ea6641b32 Mon Sep 17 00:00:00 2001 +From dc208bafc57c1ccaa0ca260f99c8b4c976271ebc Mon Sep 17 00:00:00 2001 From: Markus Volk <f_l_k@t-online.de> Date: Sat, 16 Sep 2023 14:02:57 +0200 Subject: [PATCH] xb-self-test.c: hardcode G_TEST_SRCDIR @@ -18,10 +18,10 @@ Signed-off-by: Markus Volk <f_l_k@t-online.de> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xb-self-test.c b/src/xb-self-test.c -index 1daca18..2e5b251 100644 +index 47d9728..8b3dd0e 100644 --- a/src/xb-self-test.c +++ b/src/xb-self-test.c -@@ -2876,7 +2876,7 @@ xb_speed_func(void) +@@ -2870,7 +2870,7 @@ xb_speed_func(void) int main(int argc, char **argv) { @@ -30,3 +30,6 @@ index 1daca18..2e5b251 100644 g_test_init(&argc, &argv, NULL); +-- +2.41.0 + diff --git a/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.17.bb b/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.15.bb index f403857fea..528e3e0bab 100644 --- a/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.17.bb +++ b/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.15.bb @@ -8,7 +8,7 @@ SRC_URI = " \ file://0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch \ file://run-ptest \ " -SRCREV = "db54f1b3254334e59b29b01b6cb666f444746594" +SRCREV = "25a6384ad60f7e8550292e6cb4f262cc5da74be4" S = "${WORKDIR}/git" DEPENDS = "glib-2.0 xz zstd" diff --git a/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch b/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch index e6bb6ec8e3..316a57fa4a 100644 --- a/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch +++ b/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch @@ -1,4 +1,4 @@ -From fc33f1cf032a15c07044ef932bc991c346d62d62 Mon Sep 17 00:00:00 2001 +From 4cede5edcff96134baf35953d58595c4aa5f1fc5 Mon Sep 17 00:00:00 2001 From: Jose Quaresma <quaresma.jose@gmail.com> Date: Sun, 7 Feb 2021 01:30:39 +0000 Subject: [PATCH] generate glslang pkg-config @@ -15,12 +15,12 @@ Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> create mode 100644 glslang/glslang.pc.cmake.in diff --git a/glslang/CMakeLists.txt b/glslang/CMakeLists.txt -index e4690f09..8e660bc5 100644 +index 37eecaad..6974935c 100644 --- a/glslang/CMakeLists.txt +++ b/glslang/CMakeLists.txt -@@ -233,6 +233,8 @@ if(GLSLANG_ENABLE_INSTALL) - install(TARGETS MachineIndependent EXPORT glslang-targets) - install(TARGETS GenericCodeGen EXPORT glslang-targets) +@@ -251,6 +251,8 @@ if(PROJECT_IS_TOP_LEVEL) + ") + install(FILES "${CMAKE_CURRENT_BINARY_DIR}/glslangTargets.cmake" DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake) endif() + configure_file(${CMAKE_CURRENT_SOURCE_DIR}/glslang.pc.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig/glslang.pc @ONLY) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig/glslang.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.280.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb index 637082c719..2fd1e72a26 100644 --- a/poky/meta/recipes-graphics/glslang/glslang_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb @@ -8,7 +8,7 @@ HOMEPAGE = "https://www.khronos.org/opengles/sdk/tools/Reference-Compiler" LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exception" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3" -SRCREV = "ee2f5d09eaf8f4e8d0d598bd2172fce290d4ca60" +SRCREV = "a91631b260cba3f22858d6c6827511e636c2458a" SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \ file://0001-generate-glslang-pkg-config.patch \ " diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.3.1.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.3.0.bb index fd4dcc2338..d733342682 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.3.1.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.3.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \ " SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "f73e1eacd7e2ffae687bc3f056bb0c705b7a05aee86337686e09da8fc1c2030c" +SRC_URI[sha256sum] = "109501eaeb8bde3eadb25fab4164e993fbace29c3d775bcaa1c1e58e2f15f847" DEPENDS += "glib-2.0-native" diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_24.0.3.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_24.0.5.bb index ca160f1bfc..ca160f1bfc 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-gl_24.0.3.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-gl_24.0.5.bb diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index 1c9fa66c72..77e9c80fcb 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -22,7 +22,7 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-Revert-meson-do-not-pull-in-clc-for-clover.patch \ " -SRC_URI[sha256sum] = "77aec9a2a37b7d3596ea1640b3cc53d0b5d9b3b52abed89de07e3717e91bfdbe" +SRC_URI[sha256sum] = "38cc245ca8faa3c69da6d2687f8906377001f63365348a62cc6f7fafb1e8c018" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/mesa/mesa_24.0.3.bb b/poky/meta/recipes-graphics/mesa/mesa_24.0.5.bb index 96e8aa38d6..96e8aa38d6 100644 --- a/poky/meta/recipes-graphics/mesa/mesa_24.0.3.bb +++ b/poky/meta/recipes-graphics/mesa/mesa_24.0.5.bb diff --git a/poky/meta/recipes-graphics/shaderc/files/0001-cmake-disable-building-external-dependencies.patch b/poky/meta/recipes-graphics/shaderc/files/0001-cmake-disable-building-external-dependencies.patch index 5c49aa7fd5..4212512034 100644 --- a/poky/meta/recipes-graphics/shaderc/files/0001-cmake-disable-building-external-dependencies.patch +++ b/poky/meta/recipes-graphics/shaderc/files/0001-cmake-disable-building-external-dependencies.patch @@ -1,4 +1,4 @@ -From 941f5f5831e7a52c26168f81f25d0470860ca6f1 Mon Sep 17 00:00:00 2001 +From 792a46ef27ef879a21c9f01a198eae213ea535e6 Mon Sep 17 00:00:00 2001 From: Jose Quaresma <quaresma.jose@gmail.com> Date: Sat, 13 Feb 2021 00:45:56 +0000 Subject: [PATCH] cmake: disable building external dependencies @@ -15,7 +15,7 @@ Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index ffcb54b..cce715e 100644 +index 7bc8f5d..13fc535 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,6 +62,7 @@ else() @@ -26,7 +26,7 @@ index ffcb54b..cce715e 100644 set (CMAKE_CXX_STANDARD 17) -@@ -119,8 +120,14 @@ endif(MSVC) +@@ -123,8 +124,14 @@ endif(MSVC) # Configure subdirectories. @@ -43,9 +43,9 @@ index ffcb54b..cce715e 100644 add_subdirectory(libshaderc_util) add_subdirectory(libshaderc) -@@ -132,7 +139,7 @@ endif() +@@ -136,7 +143,7 @@ endif() add_custom_target(build-version - ${Python_EXECUTABLE} + ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/utils/update_build_version.py - ${shaderc_SOURCE_DIR} ${spirv-tools_SOURCE_DIR} ${glslang_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}/build-version.inc + ${CMAKE_CURRENT_BINARY_DIR}/build-version.inc ${shaderc_SOURCE_DIR} ${spirv-tools_SOURCE_DIR} ${glslang_SOURCE_DIR} @@ -53,7 +53,7 @@ index ffcb54b..cce715e 100644 function(define_pkg_config_file NAME LIBS) diff --git a/utils/update_build_version.py b/utils/update_build_version.py -index b7ce5b8..95b34c5 100755 +index 11ee53e..d39e59d 100755 --- a/utils/update_build_version.py +++ b/utils/update_build_version.py @@ -30,6 +30,7 @@ import re diff --git a/poky/meta/recipes-graphics/shaderc/shaderc_2024.0.bb b/poky/meta/recipes-graphics/shaderc/shaderc_2023.8.bb index 9975c608ac..bc7afbdf5e 100644 --- a/poky/meta/recipes-graphics/shaderc/shaderc_2024.0.bb +++ b/poky/meta/recipes-graphics/shaderc/shaderc_2023.8.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/google/shaderc" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRCREV = "9f56ca620c07d6c4d119c65c1c1f3f1c584c9985" +SRCREV = "f8a25c591bf5edbb462ca4aea99dcc666f096d13" SRC_URI = "git://github.com/google/shaderc.git;protocol=https;branch=main \ file://0001-cmake-disable-building-external-dependencies.patch \ file://0002-libshaderc_util-fix-glslang-header-file-location.patch \ diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.280.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.275.0.bb index 26bfd9c4fa..598a8fc209 100644 --- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.275.0.bb @@ -2,9 +2,9 @@ SUMMARY = "Machine-readable files for the SPIR-V Registry" SECTION = "graphics" HOMEPAGE = "https://www.khronos.org/registry/spir-v" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d14ee3b13f42e9c9674acc5925c3d741" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d" -SRCREV = "8b246ff75c6615ba4532fe4fde20f1be090c3764" +SRCREV = "1c6bb2743599e6eb6f37b2969acc0aef812e32e3" SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main" PE = "1" # These recipes need to be updated in lockstep with each other: diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.280.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.275.0.bb index d2b6acf946..05c6de1b50 100644 --- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.275.0.bb @@ -7,7 +7,7 @@ SECTION = "graphics" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRCREV = "04896c462d9f3f504c99a4698605b6524af813c1" +SRCREV = "f0cc85efdbbe3a46eae90e0f915dc1509836d0fc" SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https" PE = "1" # These recipes need to be updated in lockstep with each other: diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.275.0.bb index 371cc7304d..aacec8cab1 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.275.0.bb @@ -11,7 +11,7 @@ LICENSE = "Apache-2.0 & MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=1bc355d8c4196f774c8b87ed1a8dd625" SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=main;protocol=https" -SRCREV = "577baa05033cf1d9236b3d078ca4b3269ed87a2b" +SRCREV = "217e93c664ec6704ec2d8c36fa116c1a4a1e2d40" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.275.0.bb index b738771801..7caed67207 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.275.0.bb @@ -9,8 +9,8 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=vulkan-sdk-1.3.280;protocol=https" -SRCREV = "61a9c50248e09f3a0e0be7ce6f8bb1663855f979" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=vulkan-sdk-1.3.275;protocol=https" +SRCREV = "00893b9a03e526aec2c5bf487521d16dfa435229" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.275.0.bb index a7e4a67aaa..f86912c903 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.275.0.bb @@ -6,8 +6,8 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=vulkan-sdk-1.3.280;protocol=https" -SRCREV = "136976082d0b14dad8b9687982b2a80cc6e6a633" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=main;protocol=https" +SRCREV = "c86d42cf9eb620eeac377e3bff46ae342c5cd664" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-utility-libraries_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-utility-libraries_1.3.275.0.bb index 3ab31af96a..759a03926b 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-utility-libraries_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-utility-libraries_1.3.275.0.bb @@ -10,7 +10,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=4ca2d6799091aaa98a8520f1b793939b" SRC_URI = "git://github.com/KhronosGroup/Vulkan-Utility-Libraries.git;branch=main;protocol=https" -SRCREV = "a4140c5fd47dcf3a030726a60b293db61cfb54a3" +SRCREV = "4cfc176e3242b4dbdfd3f6c5680c5d8f2cb7db45" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.275.0.bb index c488309c91..239589108d 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.275.0.bb @@ -8,8 +8,8 @@ SECTION = "libs" LICENSE = "Apache-2.0 & MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=cd3c0bc366cd9b6a906e22f0bcb5910f" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=vulkan-sdk-1.3.280;protocol=https" -SRCREV = "8506077b9a25a00684e8be24b779733ae1405a54" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=vulkan-sdk-1.3.275;protocol=https" +SRCREV = "780c65337e111c7385109c7b720d757a778e4fe2" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-volk_1.3.280.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-volk_1.3.275.0.bb index 2ef12fedf8..f4e6e89aac 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-volk_1.3.280.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-volk_1.3.275.0.bb @@ -7,10 +7,10 @@ BUGTRACKER = "https://github.com/zeux/volk" SECTION = "libs" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=12e6af3a0e2a5e5dbf7796aa82b64626" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=b2dd098d35668a801190a9d9d47461b0" SRC_URI = "git://github.com/zeux/volk.git;branch=master;protocol=https" -SRCREV = "01986ac85fa2e5c70df09aeae9c907e27c5d50b2" +SRCREV = "f2a16e3e19c2349b873343b2dc38a1d4c25af23a" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch new file mode 100644 index 0000000000..4b3a0e7c4a --- /dev/null +++ b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch @@ -0,0 +1,28 @@ +From 0961787d2bf0d359a3ead89e9cec642818b32dea Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 5 Jul 2022 11:51:39 +0200 +Subject: [PATCH] meson.build: request native wayland-scanner + +This matters in cross compilation, as otherwise meson will +try to use a cross-binary, and fail. + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/waffle/-/merge_requests/110] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> + +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index ca6a212..3177bde 100644 +--- a/meson.build ++++ b/meson.build +@@ -110,7 +110,7 @@ else + 'wayland-egl', version : '>= 9.1', required : get_option('wayland'), + ) + dep_wayland_scanner = dependency( +- 'wayland-scanner', version : '>= 1.15', required : get_option('wayland'), ++ 'wayland-scanner', version : '>= 1.15', required : get_option('wayland'), native: true, + ) + if dep_wayland_scanner.found() + prog_wayland_scanner = find_program(dep_wayland_scanner.get_variable(pkgconfig: 'wayland_scanner')) diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch index 31ac3e0dd1..60e6318f7a 100644 --- a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch +++ b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch @@ -1,4 +1,4 @@ -From 79b9e4338f803d79449e53a40b1ecc0a5a5889e4 Mon Sep 17 00:00:00 2001 +From 71f9399d6cea1e2e885a98b98d82eb628832a86e Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Tue, 26 Oct 2021 08:52:17 +0200 Subject: [PATCH] waffle: do not make core protocol into the library @@ -9,15 +9,16 @@ wayland.xml from the host. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex@linutronix.de> + --- src/waffle/meson.build | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/waffle/meson.build b/src/waffle/meson.build -index 1cc99f6..022745a 100644 +index e2636c7..3ff5762 100644 --- a/src/waffle/meson.build +++ b/src/waffle/meson.build -@@ -89,12 +89,6 @@ if build_surfaceless +@@ -88,12 +88,6 @@ if build_surfaceless endif if build_wayland @@ -30,7 +31,7 @@ index 1cc99f6..022745a 100644 wl_xdg_shell_proto_c = custom_target( 'wl-xdg-shell-proto.c', input: wayland_xdg_shell_xml, -@@ -115,7 +109,6 @@ if build_wayland +@@ -114,7 +108,6 @@ if build_wayland 'wayland/wayland_wrapper.c', ) files_libwaffle += [ diff --git a/poky/meta/recipes-graphics/waffle/waffle_1.8.0.bb b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb index 12b31dcff1..cb917d8894 100644 --- a/poky/meta/recipes-graphics/waffle/waffle_1.8.0.bb +++ b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb @@ -9,10 +9,11 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \ file://include/waffle-1/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf" -SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=master \ +SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.7 \ file://0001-waffle-do-not-make-core-protocol-into-the-library.patch \ + file://0001-meson.build-request-native-wayland-scanner.patch \ " -SRCREV = "580b912a30085528886603942c100c7b309b3bdb" +SRCREV = "f3b42a7216105498842bc6ba77d8481b90d6f5f9" S = "${WORKDIR}/git" inherit meson features_check lib_package bash-completion pkgconfig diff --git a/poky/meta/recipes-graphics/wayland/libinput_1.25.0.bb b/poky/meta/recipes-graphics/wayland/libinput_1.25.0.bb index 517b247fed..894858e361 100644 --- a/poky/meta/recipes-graphics/wayland/libinput_1.25.0.bb +++ b/poky/meta/recipes-graphics/wayland/libinput_1.25.0.bb @@ -32,7 +32,7 @@ do_configure:append() { PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" PACKAGECONFIG[libwacom] = "-Dlibwacom=true,-Dlibwacom=false,libwacom" -PACKAGECONFIG[gui] = "-Ddebug-gui=true,-Ddebug-gui=false,cairo gtk+3" +PACKAGECONFIG[gui] = "-Ddebug-gui=true,-Ddebug-gui=false,cairo gtk+3 wayland-native" PACKAGECONFIG[tests] = "-Dtests=true -Dinstall-tests=true,-Dtests=false -Dinstall-tests=false,libcheck" UDEVDIR = "`pkg-config --variable=udevdir udev`" diff --git a/poky/meta/recipes-graphics/wayland/mtdev_1.1.7.bb b/poky/meta/recipes-graphics/wayland/mtdev_1.1.6.bb index 24803c4238..7c1cb5e4ec 100644 --- a/poky/meta/recipes-graphics/wayland/mtdev_1.1.7.bb +++ b/poky/meta/recipes-graphics/wayland/mtdev_1.1.6.bb @@ -12,6 +12,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=ea6bd0268bb0fcd6b27698616ceee5d6" SRC_URI = "http://bitmath.org/code/${BPN}/${BP}.tar.bz2" -SRC_URI[sha256sum] = "a107adad2101fecac54ac7f9f0e0a0dd155d954193da55c2340c97f2ff1d814e" +SRC_URI[md5sum] = "bf8ef2482e84a00b5db8fbd3ce00e249" +SRC_URI[sha256sum] = "15d7b28da8ac71d8bc8c9287c2045fd174267bc740bec10cfda332dc1204e0e0" inherit autotools pkgconfig diff --git a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.34.bb b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.33.bb index 8c12985714..074ea3663a 100644 --- a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.34.bb +++ b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.33.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c7b12b6702da38ca028ace54aae3d484 \ file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53" SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/releases/${PV}/downloads/wayland-protocols-${PV}.tar.xz" -SRC_URI[sha256sum] = "c59b27cacd85f60baf4ee5f80df5c0d15760ead6a2432b00ab7e2e0574dcafeb" +SRC_URI[sha256sum] = "94f0c50b090d6e61a03f62048467b19abbe851be4e11ae7b36f65f8b98c3963a" UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/tags" diff --git a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator/Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator/Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch index 86982924a8..de0862599d 100644 --- a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator/Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch +++ b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator/Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch @@ -1,4 +1,4 @@ -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [last commits over a decade ago] From 14734a93bd3fc323325459e24b04795422e395e6 Mon Sep 17 00:00:00 2001 From: Laurentiu Palcu <laurentiu.palcu@intel.com> diff --git a/poky/meta/recipes-graphics/xorg-app/mkfontscale_1.2.3.bb b/poky/meta/recipes-graphics/xorg-app/mkfontscale_1.2.2.bb index aa79902a34..cd658ab219 100644 --- a/poky/meta/recipes-graphics/xorg-app/mkfontscale_1.2.3.bb +++ b/poky/meta/recipes-graphics/xorg-app/mkfontscale_1.2.2.bb @@ -15,7 +15,7 @@ RPROVIDES:${PN} += "mkfontdir" BBCLASSEXTEND = "native" -LIC_FILES_CHKSUM = "file://COPYING;md5=5a60c596d1b5f3dee9f005b703b3180d" +LIC_FILES_CHKSUM = "file://COPYING;md5=99b1e1269aba5179139b9e4380fc0934" SRC_URI_EXT = "xz" -SRC_URI[sha256sum] = "2921cdc344f1acee04bcd6ea1e29565c1308263006e134a9ee38cf9c9d6fe75e" +SRC_URI[sha256sum] = "8ae3fb5b1fe7436e1f565060acaa3e2918fe745b0e4979b5593968914fe2d5c4" diff --git a/poky/meta/recipes-graphics/xorg-app/xauth_1.1.3.bb b/poky/meta/recipes-graphics/xorg-app/xauth_1.1.2.bb index b0ca33bf4b..1ad18ef63b 100644 --- a/poky/meta/recipes-graphics/xorg-app/xauth_1.1.3.bb +++ b/poky/meta/recipes-graphics/xorg-app/xauth_1.1.2.bb @@ -9,7 +9,7 @@ DEPENDS += "libxau libxext libxmu" PE = "1" SRC_URI_EXT = "xz" -SRC_URI[sha256sum] = "e7075498bae332f917f01d660f9b940c0752b2556a8da61ccb62a44d0ffe9d33" +SRC_URI[sha256sum] = "78ba6afd19536ced1dddb3276cba6e9555a211b468a06f95f6a97c62ff8ee200" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," diff --git a/poky/meta/recipes-graphics/xorg-app/xev_1.2.6.bb b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb index 182aeff1b7..1d2e66b7b4 100644 --- a/poky/meta/recipes-graphics/xorg-app/xev_1.2.6.bb +++ b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb @@ -12,6 +12,6 @@ PE = "1" DEPENDS += "libxrandr xorgproto" -SRC_URI[sha256sum] = "61e1c5e008ac9973aca7cdddf36e9df7410e77083b030eb04f4dc737c51807d7" +SRC_URI[sha256sum] = "c9461a4389714e0f33974f9e75934bdc38d836a0f059b8dc089c7cbf2ce36ec1" SRC_URI_EXT = "xz" diff --git a/poky/meta/recipes-graphics/xorg-font/encodings_1.1.0.bb b/poky/meta/recipes-graphics/xorg-font/encodings_1.0.7.bb index 7432c08ec0..5906da416a 100644 --- a/poky/meta/recipes-graphics/xorg-font/encodings_1.1.0.bb +++ b/poky/meta/recipes-graphics/xorg-font/encodings_1.0.7.bb @@ -11,7 +11,7 @@ PE = "1" DEPENDS = "mkfontscale-native mkfontdir-native font-util-native" RDEPENDS:${PN} = "" -SRC_URI[sha256sum] = "9ff13c621756cfa12e95f32ba48a5b23839e8f577d0048beda66c67dab4de975" +SRC_URI[sha256sum] = "3a39a9f43b16521cdbd9f810090952af4f109b44fa7a865cd555f8febcea70a4" SRC_URI_EXT = "xz" diff --git a/poky/meta/recipes-graphics/xorg-lib/libfontenc_1.1.8.bb b/poky/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb index 0fc117fc58..056a29af25 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libfontenc_1.1.8.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb @@ -11,6 +11,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=96254c20ab81c63e65b26f0dbcd4a1c1" DEPENDS += "zlib xorgproto font-util" PE = "1" -SRC_URI[sha256sum] = "7b02c3d405236e0d86806b1de9d6868fe60c313628b38350b032914aa4fd14c6" +SRC_URI[sha256sum] = "c0d36991faee06551ddbaf5d99266e97becdc05edfae87a833c3ff7bf73cfec2" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-graphics/xorg-lib/libpciaccess_0.18.1.bb b/poky/meta/recipes-graphics/xorg-lib/libpciaccess_0.18.bb index d311fd95e0..74b308c912 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libpciaccess_0.18.1.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libpciaccess_0.18.bb @@ -16,7 +16,7 @@ inherit features_check pkgconfig meson REQUIRED_DISTRO_FEATURES ?= "x11" -SRC_URI[sha256sum] = "4af43444b38adb5545d0ed1c2ce46d9608cc47b31c2387fc5181656765a6fa76" +SRC_URI[sha256sum] = "5461b0257d495254346f52a9c329b44b346262663675d3fecdb204a7e7c262a9" LICENSE = "MIT & MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=54c978968e565218eea36cf03ef24352" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.1.bb b/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.bb index de3290aa9f..04b1eaa910 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.1.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d763b081cb10c223435b01e00dc0aba7" SRC_URI = "http://xcb.freedesktop.org/dist/libxcb-${PV}.tar.xz \ file://0001-use-_Alignof-to-avoid-UB-in-ALIGNOF.patch" -SRC_URI[sha256sum] = "f24d187154c8e027b358fc7cb6588e35e33e6a92f11c668fe77396a7ae66e311" +SRC_URI[sha256sum] = "4348566aa0fbf196db5e0a576321c65966189210cb51328ea2bb2be39c711d71" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxdmcp_1.1.5.bb b/poky/meta/recipes-graphics/xorg-lib/libxdmcp_1.1.4.bb index d1a1a2e7f9..bf5d2d6721 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxdmcp_1.1.5.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxdmcp_1.1.4.bb @@ -22,7 +22,7 @@ XORG_PN = "libXdmcp" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "d8a5222828c3adab70adf69a5583f1d32eb5ece04304f7f8392b6a353aa2228c" +SRC_URI[sha256sum] = "2dce5cc317f8f0b484ec347d87d81d552cdbebb178bd13c5d8193b6b7cd6ad00" PACKAGECONFIG ??= "" PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxkbcommon_1.7.0.bb b/poky/meta/recipes-graphics/xorg-lib/libxkbcommon_1.6.0.bb index 40cf616f0b..02045cc212 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxkbcommon_1.7.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxkbcommon_1.6.0.bb @@ -9,7 +9,7 @@ DEPENDS = "flex-native bison-native" SRC_URI = "http://xkbcommon.org/download/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "65782f0a10a4b455af9c6baab7040e2f537520caa2ec2092805cdfd36863b247" +SRC_URI[sha256sum] = "0edc14eccdd391514458bc5f5a4b99863ed2d651e4dd761a90abf4f46ef99c2b" UPSTREAM_CHECK_URI = "http://xkbcommon.org/" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxmu_1.2.0.bb b/poky/meta/recipes-graphics/xorg-lib/libxmu_1.1.4.bb index d97bc7a3dd..3aae4030b7 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxmu_1.2.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxmu_1.1.4.bb @@ -27,4 +27,4 @@ FILES:libxmuu = "${libdir}/libXmuu.so.*" BBCLASSEXTEND = "native" -SRC_URI[sha256sum] = "072026fe305889538e5b0c5f9cbcd623d2c27d2b85dcd37ca369ab21590b6963" +SRC_URI[sha256sum] = "210de3ab9c3e9382572c25d17c2518a854ce6e2c62c5f8315deac7579e758244" diff --git a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2024.1.bb b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb index 3f56e21a55..94d37c56bc 100644 --- a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2024.1.bb +++ b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=0b9fe3db4015bcbe920e7c67a39ee3f1" SRC_URI = "${XORG_MIRROR}/individual/proto/${BP}.tar.xz" -SRC_URI[sha256sum] = "372225fd40815b8423547f5d890c5debc72e88b91088fbfb13158c20495ccb59" +SRC_URI[sha256sum] = "b61fbc7db82b14ce2dc705ab590efc32b9ad800037113d1973811781d5118c2c" inherit meson diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb index 6506d775ca..570e08d5ae 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef" +SRC_URI[sha256sum] = "1e016e2be1b5ccdd65eac3ea08e54bd13ce8f4f6c3fb32ad6fdac4e71729a90f" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-kernel/kexec/kexec-tools/0001-x86-linux-setup.c-Use-POSIX-basename-API.patch b/poky/meta/recipes-kernel/kexec/kexec-tools/0001-x86-linux-setup.c-Use-POSIX-basename-API.patch new file mode 100644 index 0000000000..e223f45998 --- /dev/null +++ b/poky/meta/recipes-kernel/kexec/kexec-tools/0001-x86-linux-setup.c-Use-POSIX-basename-API.patch @@ -0,0 +1,54 @@ +From 32c8ffa7ace6f1b7e63f9ddffab00b00c36a7b57 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 15 May 2024 21:18:08 -0700 +Subject: [PATCH] x86-linux-setup.c: Use POSIX basename API + +Musl C library only supports POSIX basename function. while glibc has +both GNU extention as well as POSIX basename implemented. Switch to +using posix version, so it can work across musl and glibc + +basename prototype has been removed from string.h from latest musl [1] +compilers e.g. clang-18/GCC-14 flags the absense of prototype as error. +therefore include libgen.h for providing it. + +[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 + +Upstream-Status: Submitted [https://lists.infradead.org/pipermail/kexec/2024-May/030034.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + kexec/arch/i386/x86-linux-setup.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/kexec/arch/i386/x86-linux-setup.c b/kexec/arch/i386/x86-linux-setup.c +index 9a281dc..73251b9 100644 +--- a/kexec/arch/i386/x86-linux-setup.c ++++ b/kexec/arch/i386/x86-linux-setup.c +@@ -14,6 +14,7 @@ + * + */ + #define _GNU_SOURCE ++#include <libgen.h> + #include <stdint.h> + #include <stdio.h> + #include <string.h> +@@ -329,12 +330,14 @@ static int add_edd_entry(struct x86_linux_param_header *real_mode, + memset(edd_info, 0, sizeof(struct edd_info)); + + /* extract the device number */ +- if (sscanf(basename(sysfs_name), "int13_dev%hhx", &devnum) != 1) { ++ char* sysfs_name_copy = strdup(sysfs_name); ++ if (sscanf(basename(sysfs_name_copy), "int13_dev%hhx", &devnum) != 1) { + fprintf(stderr, "Invalid format of int13_dev dir " +- "entry: %s\n", basename(sysfs_name)); ++ "entry: %s\n", basename(sysfs_name_copy)); ++ free(sysfs_name_copy); + return -1; + } +- ++ free(sysfs_name_copy); + /* if there's a MBR signature, then add it */ + if (file_scanf(sysfs_name, "mbr_signature", "0x%x", &mbr_sig) == 1) { + real_mode->edd_mbr_sig_buffer[*current_mbr] = mbr_sig; +-- +2.45.1 + diff --git a/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb b/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb index dec821ea88..f0a484f884 100644 --- a/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb +++ b/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb @@ -18,6 +18,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz file://0005-Disable-PIE-during-link.patch \ file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ file://Fix-building-on-x86_64-with-binutils-2.41.patch \ + file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ " SRC_URI[sha256sum] = "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" diff --git a/poky/meta/recipes-kernel/libtraceevent/libtraceevent/meson.patch b/poky/meta/recipes-kernel/libtraceevent/libtraceevent/meson.patch index 0c21b2347a..6e96ba2167 100644 --- a/poky/meta/recipes-kernel/libtraceevent/libtraceevent/meson.patch +++ b/poky/meta/recipes-kernel/libtraceevent/libtraceevent/meson.patch @@ -1,20 +1,14 @@ -From 7f88c9ba5f27276e844252500a9f0ba2b350b919 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Sun, 27 Aug 2023 20:57:44 +0100 -Subject: [PATCH] Fixes for the Meson build of libtraceevent: +Fixes for the Meson build of libtraceevent: - Make the plugin directory the same as the Makefiles - Install the plugins as modules not static and versioned shared libraries +- Add an option to disable building the documentation (needs asciidoc and xmlto) -Upstream-Status: Pending +Upstream-Status: Submitted [https://lore.kernel.org/linux-trace-devel/20240311111140.1789879-1-alex@linutronix.de/T/#u] Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - meson.build | 2 +- - plugins/meson.build | 3 +-- - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index 40ce38c..1eb7912 100644 +index b61c873..4bba4d8 100644 --- a/meson.build +++ b/meson.build @@ -25,7 +25,7 @@ htmldir = join_paths(prefixdir, get_option('htmldir')) @@ -26,6 +20,41 @@ index 40ce38c..1eb7912 100644 endif add_project_arguments( +@@ -45,10 +45,13 @@ if cunit_dep.found() + subdir('utest') + endif + subdir('samples') +-subdir('Documentation') + +-custom_target( +- 'docs', +- output: 'docs', +- depends: [html, man], +- command: ['echo']) ++if get_option('docs') ++ subdir('Documentation') ++ ++ custom_target( ++ 'docs', ++ output: 'docs', ++ depends: [html, man], ++ command: ['echo']) ++endif +diff --git a/meson_options.txt b/meson_options.txt +index b2294f6..0611216 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -4,6 +4,10 @@ + + option('plugindir', type : 'string', + description : 'set the plugin dir') ++ ++option('docs', type : 'boolean', value: true, ++ description : 'build documentation') ++ + option('htmldir', type : 'string', value : 'share/doc/libtraceevent-doc', + description : 'directory for HTML documentation') + option('asciidoctor', type : 'boolean', value: false, diff --git a/plugins/meson.build b/plugins/meson.build index 74ad664..4919be4 100644 --- a/plugins/meson.build diff --git a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.8.2.bb b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb index d4ace54884..bee7891832 100644 --- a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.8.2.bb +++ b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSES/GPL-2.0;md5=e6a75371ba4d16749254a51215d13f97 file://LICENSES/LGPL-2.1;md5=b370887980db5dd40659b50909238dbd" SECTION = "libs" -SRCREV = "6f6d5802f31992e7527a4c32b43a32fda6bf6bdf" +SRCREV = "dd148189b74da3e2f45c7e536319fec97cb71213" SRC_URI = "git://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git;branch=${BPN};protocol=https \ file://meson.patch" @@ -16,7 +16,7 @@ S = "${WORKDIR}/git" inherit meson pkgconfig -EXTRA_OEMESON = "-Ddoc=false" +EXTRA_OEMESON = "-Ddocs=false" PACKAGES += "${PN}-plugins" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index bb9ba49c48..9f1f03ac53 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-03-28 16:40:04.102652+00:00 for version 6.6.23 +# Generated at 2024-05-02 12:41:43.351358+00:00 for version 6.6.29 python check_kernel_cve_status_version() { - this_version = "6.6.23" + this_version = "6.6.29" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -2980,6 +2980,10 @@ CVE_STATUS[CVE-2019-25044] = "fixed-version: Fixed from version 5.2rc4" CVE_STATUS[CVE-2019-25045] = "fixed-version: Fixed from version 5.1" +CVE_STATUS[CVE-2019-25160] = "fixed-version: Fixed from version 5.0" + +CVE_STATUS[CVE-2019-25162] = "fixed-version: Fixed from version 6.0rc1" + CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed from version 5.6rc1" CVE_STATUS[CVE-2019-3459] = "fixed-version: Fixed from version 5.1rc1" @@ -3452,6 +3456,32 @@ CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10" CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1" +CVE_STATUS[CVE-2020-36775] = "fixed-version: Fixed from version 5.7rc1" + +CVE_STATUS[CVE-2020-36776] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36777] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36778] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36779] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36780] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36781] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36782] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36783] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36784] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36785] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36786] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2020-36787] = "fixed-version: Fixed from version 5.13rc1" + CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1" CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5" @@ -3940,6 +3970,540 @@ CVE_STATUS[CVE-2021-45868] = "fixed-version: Fixed from version 5.16rc1" CVE_STATUS[CVE-2021-46283] = "fixed-version: Fixed from version 5.13rc7" +CVE_STATUS[CVE-2021-46904] = "fixed-version: Fixed from version 5.12rc7" + +CVE_STATUS[CVE-2021-46905] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46906] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-46908] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46909] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46910] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46911] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46912] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46913] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46914] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46915] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46916] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46917] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46918] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46919] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46920] = "fixed-version: Fixed from version 5.12rc8" + +CVE_STATUS[CVE-2021-46921] = "fixed-version: Fixed from version 5.12" + +CVE_STATUS[CVE-2021-46922] = "fixed-version: Fixed from version 5.12" + +CVE_STATUS[CVE-2021-46923] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46924] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46925] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46926] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-46927] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46928] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-46929] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46930] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46931] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46932] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46933] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46934] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46935] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46936] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46937] = "fixed-version: Fixed from version 5.16rc8" + +CVE_STATUS[CVE-2021-46938] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46939] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46940] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46941] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46942] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46943] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46944] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46945] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46947] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46948] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46949] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46950] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46951] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46952] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46953] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46954] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46955] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46956] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46957] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46958] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46959] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46960] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46961] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46962] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46963] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46964] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46965] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46966] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46967] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46968] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46969] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46970] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46971] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46972] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46973] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46974] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46976] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46977] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46978] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46979] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46980] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46981] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46982] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46983] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46984] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46985] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46986] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46987] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46988] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46989] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46990] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-46991] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46992] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46993] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46994] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46995] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46996] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46997] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46998] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-46999] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47000] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47001] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47002] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47003] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47004] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47005] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47006] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47007] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47008] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47009] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-47010] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47011] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47012] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47013] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47014] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47015] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47016] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47017] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47018] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47019] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47020] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47021] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47022] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47023] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47024] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47025] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47026] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47027] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47028] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47029] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47030] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47031] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47032] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47033] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47034] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47035] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47036] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47037] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47038] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47039] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47040] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47041] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47042] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47043] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47044] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47045] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47046] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47047] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47048] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47049] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47050] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47051] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47052] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47053] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47054] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47055] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47056] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47057] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47058] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47059] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47060] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47061] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47062] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47063] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47064] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47065] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47066] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47067] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47068] = "fixed-version: Fixed from version 5.13rc1" + +CVE_STATUS[CVE-2021-47069] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47070] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47071] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47072] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47073] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47074] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47075] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47076] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47077] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47078] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47079] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47080] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47081] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47082] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47083] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47086] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47087] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47088] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47089] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47090] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47091] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47092] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47093] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47094] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47095] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47096] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47097] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47098] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47099] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47100] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47101] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47102] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47103] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47104] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47105] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47106] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47107] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47108] = "fixed-version: Fixed from version 5.16rc7" + +CVE_STATUS[CVE-2021-47109] = "fixed-version: Fixed from version 5.13rc7" + +CVE_STATUS[CVE-2021-47110] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-47111] = "fixed-version: Fixed from version 5.13rc6" + +CVE_STATUS[CVE-2021-47112] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-47113] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47114] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47116] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47117] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47118] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47119] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47120] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47121] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47122] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47123] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-47124] = "fixed-version: Fixed from version 5.13rc2" + +CVE_STATUS[CVE-2021-47125] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47126] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47127] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47128] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47129] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47130] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47131] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47132] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47133] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47134] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47135] = "fixed-version: Fixed from version 5.13rc5" + +CVE_STATUS[CVE-2021-47136] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47137] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47138] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47139] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47140] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47141] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47142] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47143] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47144] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47145] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47146] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47147] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47148] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47149] = "fixed-version: Fixed from version 5.13rc3" + +CVE_STATUS[CVE-2021-47150] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47151] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47152] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47153] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47158] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47159] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47160] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47161] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47162] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47163] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47164] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47165] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47166] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47167] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47168] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47169] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47170] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47171] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47172] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47173] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47174] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47175] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47176] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47177] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47178] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47179] = "fixed-version: Fixed from version 5.13rc4" + +CVE_STATUS[CVE-2021-47180] = "fixed-version: Fixed from version 5.13rc4" + CVE_STATUS[CVE-2022-0001] = "fixed-version: Fixed from version 5.17rc8" CVE_STATUS[CVE-2022-0002] = "fixed-version: Fixed from version 5.17rc8" @@ -4590,6 +5154,16 @@ CVE_STATUS[CVE-2022-48502] = "fixed-version: Fixed from version 6.2rc1" CVE_STATUS[CVE-2022-48619] = "fixed-version: Fixed from version 5.18rc1" +CVE_STATUS[CVE-2022-48626] = "fixed-version: Fixed from version 5.17rc4" + +CVE_STATUS[CVE-2022-48627] = "fixed-version: Fixed from version 5.19rc7" + +CVE_STATUS[CVE-2022-48628] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2022-48629] = "fixed-version: Fixed from version 5.17" + +CVE_STATUS[CVE-2022-48630] = "fixed-version: Fixed from version 5.18" + CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1" CVE_STATUS[CVE-2023-0045] = "fixed-version: Fixed from version 6.2rc3" @@ -4834,6 +5408,8 @@ CVE_STATUS[CVE-2023-28466] = "fixed-version: Fixed from version 6.3rc2" CVE_STATUS[CVE-2023-2860] = "fixed-version: Fixed from version 6.0rc5" +CVE_STATUS[CVE-2023-28746] = "cpe-stable-backport: Backported in 6.6.22" + CVE_STATUS[CVE-2023-28772] = "fixed-version: Fixed from version 5.14rc1" CVE_STATUS[CVE-2023-28866] = "fixed-version: Fixed from version 6.3rc4" @@ -5112,7 +5688,7 @@ CVE_STATUS[CVE-2023-46838] = "cpe-stable-backport: Backported in 6.6.14" CVE_STATUS[CVE-2023-46862] = "fixed-version: Fixed from version 6.6" -# CVE-2023-47233 has no known resolution +CVE_STATUS[CVE-2023-47233] = "cpe-stable-backport: Backported in 6.6.24" CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1" @@ -5208,6 +5784,294 @@ CVE_STATUS[CVE-2023-52463] = "cpe-stable-backport: Backported in 6.6.14" CVE_STATUS[CVE-2023-52464] = "cpe-stable-backport: Backported in 6.6.14" +CVE_STATUS[CVE-2023-52465] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52467] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52468] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52469] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52470] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52471] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2023-52472] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52473] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52474] = "fixed-version: Fixed from version 6.4rc1" + +CVE_STATUS[CVE-2023-52475] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52476] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52477] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52478] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52479] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52480] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52481] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52482] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52483] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52484] = "fixed-version: Fixed from version 6.6rc5" + +# CVE-2023-52485 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2023-52486] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52487] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52488] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52489] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52490] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52491] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52492] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52493] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52494] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52495] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52497] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52498] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52499] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52500] = "fixed-version: Fixed from version 6.6rc2" + +CVE_STATUS[CVE-2023-52501] = "fixed-version: Fixed from version 6.6rc2" + +CVE_STATUS[CVE-2023-52502] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52503] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52504] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52505] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52506] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52507] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52508] = "fixed-version: Fixed from version 6.6rc2" + +CVE_STATUS[CVE-2023-52509] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52510] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52511] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52512] = "fixed-version: Fixed from version 6.6rc6" + +CVE_STATUS[CVE-2023-52513] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52515] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52516] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52517] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52518] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52519] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52520] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52522] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52523] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52524] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52525] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52526] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52527] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52528] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52529] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52530] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52531] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52532] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52559] = "fixed-version: Fixed from version 6.6rc5" + +CVE_STATUS[CVE-2023-52560] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52561] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52562] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52563] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52564] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52565] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52566] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52567] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52568] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52569] = "fixed-version: Fixed from version 6.6rc2" + +CVE_STATUS[CVE-2023-52570] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52571] = "fixed-version: Fixed from version 6.6rc4" + +CVE_STATUS[CVE-2023-52572] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52573] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52574] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52575] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52576] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52577] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52578] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52580] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52581] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52582] = "fixed-version: Fixed from version 6.6rc3" + +CVE_STATUS[CVE-2023-52583] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52584] = "cpe-stable-backport: Backported in 6.6.16" + +# CVE-2023-52585 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52586 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2023-52587] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52588] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52589] = "cpe-stable-backport: Backported in 6.6.16" + +# CVE-2023-52590 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2023-52591] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52593] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52594] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52595] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52596] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52597] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52598] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52599] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52600] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52601] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52602] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52603] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52604] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52606] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52607] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52608] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52609] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52610] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52611] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52612] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52613] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2023-52614] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52615] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52616] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52617] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52618] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52619] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52620] = "fixed-version: Fixed from version 6.4" + +CVE_STATUS[CVE-2023-52621] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52622] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52623] = "cpe-stable-backport: Backported in 6.6.16" + +# CVE-2023-52624 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52625 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2023-52626] = "fixed-version: only affects 6.7rc2 onwards" + +CVE_STATUS[CVE-2023-52627] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2023-52628] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52629] = "fixed-version: Fixed from version 6.6rc1" + +CVE_STATUS[CVE-2023-52630] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2023-52631] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2023-52632] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52633] = "cpe-stable-backport: Backported in 6.6.16" + +# CVE-2023-52634 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2023-52635] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2023-52636] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2023-52637] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2023-52638] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2023-52639] = "cpe-stable-backport: Backported in 6.6.22" + +CVE_STATUS[CVE-2023-52640] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2023-52641] = "cpe-stable-backport: Backported in 6.6.19" + CVE_STATUS[CVE-2023-5345] = "fixed-version: Fixed from version 6.6rc4" CVE_STATUS[CVE-2023-5633] = "fixed-version: Fixed from version 6.6rc6" @@ -5232,15 +6096,15 @@ CVE_STATUS[CVE-2023-6200] = "cpe-stable-backport: Backported in 6.6.9" # CVE-2023-6240 has no known resolution -# CVE-2023-6270 has no known resolution +CVE_STATUS[CVE-2023-6270] = "cpe-stable-backport: Backported in 6.6.23" -# CVE-2023-6356 has no known resolution +CVE_STATUS[CVE-2023-6356] = "cpe-stable-backport: Backported in 6.6.14" CVE_STATUS[CVE-2023-6531] = "cpe-stable-backport: Backported in 6.6.7" # CVE-2023-6535 has no known resolution -# CVE-2023-6536 has no known resolution +CVE_STATUS[CVE-2023-6536] = "cpe-stable-backport: Backported in 6.6.14" CVE_STATUS[CVE-2023-6546] = "fixed-version: Fixed from version 6.5rc7" @@ -5262,7 +6126,7 @@ CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.6.7" CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.6.5" -# CVE-2023-7042 has no known resolution +CVE_STATUS[CVE-2023-7042] = "cpe-stable-backport: Backported in 6.6.23" CVE_STATUS[CVE-2023-7192] = "fixed-version: Fixed from version 6.3rc1" @@ -5292,7 +6156,7 @@ CVE_STATUS[CVE-2024-0646] = "cpe-stable-backport: Backported in 6.6.7" CVE_STATUS[CVE-2024-0775] = "fixed-version: Fixed from version 6.4rc2" -# CVE-2024-0841 has no known resolution +CVE_STATUS[CVE-2024-0841] = "cpe-stable-backport: Backported in 6.6.18" CVE_STATUS[CVE-2024-1085] = "cpe-stable-backport: Backported in 6.6.14" @@ -5304,15 +6168,17 @@ CVE_STATUS[CVE-2024-1312] = "fixed-version: Fixed from version 6.5rc4" # CVE-2024-21803 has no known resolution -# CVE-2024-22099 has no known resolution +# CVE-2024-2193 has no known resolution + +CVE_STATUS[CVE-2024-22099] = "cpe-stable-backport: Backported in 6.6.23" # CVE-2024-22386 has no known resolution CVE_STATUS[CVE-2024-22705] = "cpe-stable-backport: Backported in 6.6.10" -# CVE-2024-23196 has no known resolution +CVE_STATUS[CVE-2024-23196] = "fixed-version: Fixed from version 6.5rc1" -# CVE-2024-23307 has no known resolution +CVE_STATUS[CVE-2024-23307] = "cpe-stable-backport: Backported in 6.6.24" # CVE-2024-23848 has no known resolution @@ -5332,7 +6198,7 @@ CVE_STATUS[CVE-2024-24855] = "fixed-version: Fixed from version 6.5rc2" CVE_STATUS[CVE-2024-24860] = "cpe-stable-backport: Backported in 6.6.14" -# CVE-2024-24861 has no known resolution +CVE_STATUS[CVE-2024-24861] = "cpe-stable-backport: Backported in 6.6.24" # CVE-2024-24864 has no known resolution @@ -5382,3 +6248,413 @@ CVE_STATUS[CVE-2024-26598] = "cpe-stable-backport: Backported in 6.6.14" CVE_STATUS[CVE-2024-26599] = "cpe-stable-backport: Backported in 6.6.14" +CVE_STATUS[CVE-2024-26600] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26601] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26602] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26603] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26604] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26605] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2024-26606] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26607] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26608] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26610] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26611] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26612] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26614] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26615] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26616] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26617] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26618] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26619] = "fixed-version: only affects 6.7rc5 onwards" + +CVE_STATUS[CVE-2024-26620] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26621] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2024-26622] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26623] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26625] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26626] = "fixed-version: only affects 6.8rc1 onwards" + +CVE_STATUS[CVE-2024-26627] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26629] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26630] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26631] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2024-26632] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2024-26633] = "cpe-stable-backport: Backported in 6.6.14" + +CVE_STATUS[CVE-2024-26634] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26635] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26636] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26637] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2024-26638] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26639] = "fixed-version: only affects 6.8rc1 onwards" + +CVE_STATUS[CVE-2024-26640] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26641] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26642] = "cpe-stable-backport: Backported in 6.6.24" + +CVE_STATUS[CVE-2024-26643] = "cpe-stable-backport: Backported in 6.6.24" + +CVE_STATUS[CVE-2024-26644] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26645] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26646] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26647] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26648] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26649] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26650] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26651] = "cpe-stable-backport: Backported in 6.6.23" + +CVE_STATUS[CVE-2024-26652] = "cpe-stable-backport: Backported in 6.6.22" + +CVE_STATUS[CVE-2024-26653] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26654] = "cpe-stable-backport: Backported in 6.6.24" + +# CVE-2024-26655 needs backporting (fixed from 6.9rc2) + +CVE_STATUS[CVE-2024-26656] = "cpe-stable-backport: Backported in 6.6.24" + +CVE_STATUS[CVE-2024-26657] = "fixed-version: only affects 6.7rc1 onwards" + +# CVE-2024-26658 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2024-26659] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26660] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26661] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26662] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26663] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26664] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26665] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26666] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26667] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26668] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26669] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26670] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26671] = "cpe-stable-backport: Backported in 6.6.16" + +# CVE-2024-26672 needs backporting (fixed from 6.8rc1) + +CVE_STATUS[CVE-2024-26673] = "cpe-stable-backport: Backported in 6.6.16" + +CVE_STATUS[CVE-2024-26674] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26675] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26676] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26677] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26678] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26679] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26680] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26681] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26682] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26683] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26684] = "cpe-stable-backport: Backported in 6.6.17" + +CVE_STATUS[CVE-2024-26685] = "cpe-stable-backport: Backported in 6.6.18" + +# CVE-2024-26686 needs backporting (fixed from 6.8rc4) + +CVE_STATUS[CVE-2024-26687] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26688] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26689] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26690] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26691] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26692] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26693] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26694] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26695] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26696] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26697] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26698] = "cpe-stable-backport: Backported in 6.6.18" + +# CVE-2024-26699 needs backporting (fixed from 6.8rc5) + +CVE_STATUS[CVE-2024-26700] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26702] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26703] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26704] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26705] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26706] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26707] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26708] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26709] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26710] = "fixed-version: only affects 6.8rc1 onwards" + +CVE_STATUS[CVE-2024-26711] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26712] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26713] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26714] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26715] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26716] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26717] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26718] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26719] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26720] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26721] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26722] = "fixed-version: only affects 6.7rc5 onwards" + +CVE_STATUS[CVE-2024-26723] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26724] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26725] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26726] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26727] = "cpe-stable-backport: Backported in 6.6.18" + +CVE_STATUS[CVE-2024-26728] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26729] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26730] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26731] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26732] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26733] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26734] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26735] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26736] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26737] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26738] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26739] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26740] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26741] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26742] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26743] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26744] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26745] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26746] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26747] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26748] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26749] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26750] = "fixed-version: only affects 6.8rc5 onwards" + +CVE_STATUS[CVE-2024-26751] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26752] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26753] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26754] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26755] = "fixed-version: only affects 6.7rc1 onwards" + +# CVE-2024-26756 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26757 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26758 needs backporting (fixed from 6.8rc6) + +CVE_STATUS[CVE-2024-26759] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26760] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26761] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26762] = "fixed-version: only affects 6.7rc1 onwards" + +CVE_STATUS[CVE-2024-26763] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26764] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26765] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26766] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26767] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26768] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26769] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26770] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26771] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26772] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26773] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26774] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26775] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26776] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26777] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26778] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26779] = "cpe-stable-backport: Backported in 6.6.19" + +CVE_STATUS[CVE-2024-26780] = "fixed-version: only affects 6.8rc4 onwards" + +CVE_STATUS[CVE-2024-26781] = "fixed-version: only affects 6.8rc6 onwards" + +CVE_STATUS[CVE-2024-26782] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26783] = "cpe-stable-backport: Backported in 6.6.22" + +# CVE-2024-26784 needs backporting (fixed from 6.8rc7) + +# CVE-2024-26785 needs backporting (fixed from 6.8rc7) + +CVE_STATUS[CVE-2024-26786] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26787] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26788] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26789] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26790] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26791] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26792] = "fixed-version: only affects 6.8rc4 onwards" + +CVE_STATUS[CVE-2024-26793] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26794] = "fixed-version: only affects 6.8rc6 onwards" + +CVE_STATUS[CVE-2024-26795] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26796] = "cpe-stable-backport: Backported in 6.6.21" + +# CVE-2024-26797 needs backporting (fixed from 6.8rc7) + +CVE_STATUS[CVE-2024-26798] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26799] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26800] = "fixed-version: only affects 6.8rc5 onwards" + +CVE_STATUS[CVE-2024-26801] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26802] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26803] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26804] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26805] = "cpe-stable-backport: Backported in 6.6.21" + +# CVE-2024-26806 needs backporting (fixed from 6.8rc7) + +CVE_STATUS[CVE-2024-26807] = "cpe-stable-backport: Backported in 6.6.21" + +CVE_STATUS[CVE-2024-26808] = "cpe-stable-backport: Backported in 6.6.15" + +CVE_STATUS[CVE-2024-26809] = "cpe-stable-backport: Backported in 6.6.23" + diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index a44a08451a..dc1413ca94 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "19813826de57a6425518c7b3daf8dd6a04d2321f" -SRCREV_meta ?= "f7f00b22efcfcae6489e9ec7db7002685fbc078b" +SRCREV_machine ?= "4209a548f26ad97f610f6c7acfee7fabe009dd3d" +SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.23" +LINUX_VERSION ?= "6.6.35" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index db9e252572..f02a9c186a 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.23" +LINUX_VERSION ?= "6.6.35" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_meta ?= "f7f00b22efcfcae6489e9ec7db7002685fbc078b" +SRCREV_machine ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 43696db59b..ca7c4e978a 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "ceb94a85299b59d8840ed7ed392b1d3e4c727678" -SRCREV_machine:qemuarm64 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemuloongarch64 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemumips ?= "c79ffc89f8909f60de52005ef258db9752634eda" -SRCREV_machine:qemuppc ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemuriscv64 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemuriscv32 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemux86 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemux86-64 ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_machine:qemumips64 ?= "b0a73fa83073c8d7d7bc917bcbeac88d296ebe38" -SRCREV_machine ?= "2d01bc1d4eeade12518371139dd24a21438f523c" -SRCREV_meta ?= "f7f00b22efcfcae6489e9ec7db7002685fbc078b" +SRCREV_machine:qemuarm ?= "7558103b801174f277373aa9d7d7eedf3a30d5f8" +SRCREV_machine:qemuarm64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemuloongarch64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemumips ?= "cd21dc96adcb1d60ad6cc57446464abf4dd338fc" +SRCREV_machine:qemuppc ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemuriscv64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemuriscv32 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemux86 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemux86-64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_machine:qemumips64 ?= "6700dad2e55f71fea268db201a394b371ffdd78c" +SRCREV_machine ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3" +SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "5c7587f69194bc9fc714953ab4c7203e6e68885b" +SRCREV_machine:class-devupstream ?= "5f2d0708acd0e1d2475d73c61819053de284bcc4" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.23" +LINUX_VERSION ?= "6.6.35" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.7.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb index 9509185bad..dddd3a5004 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.7.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb @@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \ file://0001-Makefile.am-update-rpath-link.patch \ " -SRC_URI[sha256sum] = "5fb4f17c307c8c1b79c68561e89be9562d07e7425bf40e728c4d66755342a5eb" +SRC_URI[sha256sum] = "d4ef98dab9a37ad4f524ccafdfd50af4f266039b528dd5afabce78e49024d937" CVE_PRODUCT = "ust" diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/av1_ordering_info.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/av1_ordering_info.patch new file mode 100644 index 0000000000..bfc894563c --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/av1_ordering_info.patch @@ -0,0 +1,91 @@ +From cafb4c554845332eeb33284cf6498049997dc67e Mon Sep 17 00:00:00 2001 +From: Mark Thompson <sw@jkqxz.net> +Date: Wed, 20 Mar 2024 20:35:28 +0000 +Subject: [PATCH] lavc/cbs_av1: Save more frame ordering information + +This is wanted by the Vulkan decoder. + +Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> +Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/ecdc94b97f809d5f2b88640842fd0541951ad295] +--- + libavcodec/cbs_av1.h | 5 +++++ + libavcodec/cbs_av1_syntax_template.c | 25 +++++++++++++++++++++---- + 2 files changed, 26 insertions(+), 4 deletions(-) + +diff --git a/libavcodec/cbs_av1.h b/libavcodec/cbs_av1.h +index a5402f069d..a027013bc7 100644 +--- a/libavcodec/cbs_av1.h ++++ b/libavcodec/cbs_av1.h +@@ -427,6 +427,8 @@ typedef struct AV1ReferenceFrameState { + int bit_depth; // RefBitDepth + int order_hint; // RefOrderHint + ++ int saved_order_hints[AV1_TOTAL_REFS_PER_FRAME]; // SavedOrderHints[ref] ++ + int8_t loop_filter_ref_deltas[AV1_TOTAL_REFS_PER_FRAME]; + int8_t loop_filter_mode_deltas[2]; + uint8_t feature_enabled[AV1_MAX_SEGMENTS][AV1_SEG_LVL_MAX]; +@@ -464,6 +466,9 @@ typedef struct CodedBitstreamAV1Context { + int tile_rows; + int tile_num; + ++ int order_hints[AV1_TOTAL_REFS_PER_FRAME]; // OrderHints ++ int ref_frame_sign_bias[AV1_TOTAL_REFS_PER_FRAME]; // RefFrameSignBias ++ + AV1ReferenceFrameState ref[AV1_NUM_REF_FRAMES]; + + // AVOptions +diff --git a/libavcodec/cbs_av1_syntax_template.c b/libavcodec/cbs_av1_syntax_template.c +index 3be1f2d30f..2979c5d98f 100644 +--- a/libavcodec/cbs_av1_syntax_template.c ++++ b/libavcodec/cbs_av1_syntax_template.c +@@ -1414,6 +1414,8 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw, + priv->ref[i].valid = 0; + priv->ref[i].order_hint = 0; + } ++ for (i = 0; i < AV1_REFS_PER_FRAME; i++) ++ priv->order_hints[i + AV1_REF_FRAME_LAST] = 0; + } + + flag(disable_cdf_update); +@@ -1568,11 +1570,20 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw, + else + flag(use_ref_frame_mvs); + +- infer(allow_intrabc, 0); +- } ++ for (i = 0; i < AV1_REFS_PER_FRAME; i++) { ++ int ref_frame = AV1_REF_FRAME_LAST + i; ++ int hint = priv->ref[current->ref_frame_idx[i]].order_hint; ++ priv->order_hints[ref_frame] = hint; ++ if (!seq->enable_order_hint) { ++ priv->ref_frame_sign_bias[ref_frame] = 0; ++ } else { ++ priv->ref_frame_sign_bias[ref_frame] = ++ cbs_av1_get_relative_dist(seq, hint, ++ current->order_hint) > 0; ++ } ++ } + +- if (!frame_is_intra) { +- // Derive reference frame sign biases. ++ infer(allow_intrabc, 0); + } + + if (seq->reduced_still_picture_header || current->disable_cdf_update) +@@ -1674,6 +1685,12 @@ update_refs: + .bit_depth = priv->bit_depth, + .order_hint = priv->order_hint, + }; ++ ++ for (int j = 0; j < AV1_REFS_PER_FRAME; j++) { ++ priv->ref[i].saved_order_hints[j + AV1_REF_FRAME_LAST] = ++ priv->order_hints[j + AV1_REF_FRAME_LAST]; ++ } ++ + memcpy(priv->ref[i].loop_filter_ref_deltas, current->loop_filter_ref_deltas, + sizeof(current->loop_filter_ref_deltas)); + memcpy(priv->ref[i].loop_filter_mode_deltas, current->loop_filter_mode_deltas, +-- +2.25.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch new file mode 100644 index 0000000000..74db148b3b --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch @@ -0,0 +1,1382 @@ +From ecdc94b97f809d5f2b88640842fd0541951ad295 Mon Sep 17 00:00:00 2001 +From: Lynne <dev@lynne.ee> +Date: Fri, 19 Jan 2024 10:49:02 +1000 +Subject: [PATCH] vulkan_av1: port to the new stable API + +Co-Authored-by: Dave Airlie <airlied@redhat.com> +Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> +Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/ecdc94b97f809d5f2b88640842fd0541951ad295] +--- + configure | 4 +- + libavcodec/Makefile | 5 +- + libavcodec/vulkan_av1.c | 514 ++++++++++-------- + libavcodec/vulkan_decode.c | 31 +- + libavcodec/vulkan_decode.h | 2 +- + libavcodec/vulkan_video.h | 2 - + .../vulkan_video_codec_av1std_decode_mesa.h | 36 -- + libavcodec/vulkan_video_codec_av1std_mesa.h | 403 -------------- + libavutil/hwcontext_vulkan.c | 2 +- + libavutil/vulkan_functions.h | 2 +- + libavutil/vulkan_loader.h | 2 +- + 11 files changed, 306 insertions(+), 697 deletions(-) + delete mode 100644 libavcodec/vulkan_video_codec_av1std_decode_mesa.h + delete mode 100644 libavcodec/vulkan_video_codec_av1std_mesa.h + +diff --git a/configure b/configure +index e853deb51d..9fa639fca6 100755 +--- a/configure ++++ b/configure +@@ -7300,8 +7300,8 @@ enabled vdpau && + "in maintaining it." + + if enabled vulkan; then +- check_pkg_config_header_only vulkan "vulkan >= 1.3.255" "vulkan/vulkan.h" "defined VK_VERSION_1_3" || +- check_cpp_condition vulkan "vulkan/vulkan.h" "defined(VK_VERSION_1_4) || (defined(VK_VERSION_1_3) && VK_HEADER_VERSION >= 255)" ++ check_pkg_config_header_only vulkan "vulkan >= 1.3.277" "vulkan/vulkan.h" "defined VK_VERSION_1_3" || ++ check_cpp_condition vulkan "vulkan/vulkan.h" "defined(VK_VERSION_1_4) || (defined(VK_VERSION_1_3) && VK_HEADER_VERSION >= 277)" + fi + + if disabled vulkan; then +diff --git a/libavcodec/Makefile b/libavcodec/Makefile +index 7ef2e03ca6..9ce6d445c1 100644 +--- a/libavcodec/Makefile ++++ b/libavcodec/Makefile +@@ -1258,8 +1258,7 @@ SKIPHEADERS += %_tablegen.h \ + aacenc_quantization.h \ + aacenc_quantization_misc.h \ + bitstream_template.h \ +- vulkan_video_codec_av1std.h \ +- $(ARCH)/vpx_arith.h \ ++ $(ARCH)/vpx_arith.h \ + + SKIPHEADERS-$(CONFIG_AMF) += amfenc.h + SKIPHEADERS-$(CONFIG_D3D11VA) += d3d11va.h dxva2_internal.h +@@ -1280,7 +1279,7 @@ SKIPHEADERS-$(CONFIG_QSVENC) += qsvenc.h + SKIPHEADERS-$(CONFIG_VAAPI) += vaapi_decode.h vaapi_hevc.h vaapi_encode.h + SKIPHEADERS-$(CONFIG_VDPAU) += vdpau.h vdpau_internal.h + SKIPHEADERS-$(CONFIG_VIDEOTOOLBOX) += videotoolbox.h vt_internal.h +-SKIPHEADERS-$(CONFIG_VULKAN) += vulkan.h vulkan_video.h vulkan_decode.h vulkan_video_codec_av1std_decode.h ++SKIPHEADERS-$(CONFIG_VULKAN) += vulkan.h vulkan_video.h vulkan_decode.h + SKIPHEADERS-$(CONFIG_V4L2_M2M) += v4l2_buffers.h v4l2_context.h v4l2_m2m.h + SKIPHEADERS-$(CONFIG_ZLIB) += zlib_wrapper.h + +diff --git a/libavcodec/vulkan_av1.c b/libavcodec/vulkan_av1.c +index 5afd5353cc..c9e398eaec 100644 +--- a/libavcodec/vulkan_av1.c ++++ b/libavcodec/vulkan_av1.c +@@ -36,33 +36,47 @@ const FFVulkanDecodeDescriptor ff_vk_dec_av1_desc = { + typedef struct AV1VulkanDecodePicture { + FFVulkanDecodePicture vp; + +- /* Workaround for a spec issue. +- *Can be removed once no longer needed, and threading can be enabled. */ ++ /* TODO: investigate if this can be removed to make decoding completely ++ * independent. */ + FFVulkanDecodeContext *dec; + +- StdVideoAV1MESATile tiles[MAX_TILES]; +- StdVideoAV1MESATileList tile_list; +- const uint32_t *tile_offsets; ++ uint32_t tile_sizes[MAX_TILES]; + + /* Current picture */ +- VkVideoDecodeAV1DpbSlotInfoMESA vkav1_ref; +- StdVideoAV1MESAFrameHeader av1_frame_header; +- VkVideoDecodeAV1PictureInfoMESA av1_pic_info; ++ StdVideoDecodeAV1ReferenceInfo std_ref; ++ VkVideoDecodeAV1DpbSlotInfoKHR vkav1_ref; ++ uint16_t width_in_sbs_minus1[64]; ++ uint16_t height_in_sbs_minus1[64]; ++ uint16_t mi_col_starts[64]; ++ uint16_t mi_row_starts[64]; ++ StdVideoAV1TileInfo tile_info; ++ StdVideoAV1Quantization quantization; ++ StdVideoAV1Segmentation segmentation; ++ StdVideoAV1LoopFilter loop_filter; ++ StdVideoAV1CDEF cdef; ++ StdVideoAV1LoopRestoration loop_restoration; ++ StdVideoAV1GlobalMotion global_motion; ++ StdVideoAV1FilmGrain film_grain; ++ StdVideoDecodeAV1PictureInfo std_pic_info; ++ VkVideoDecodeAV1PictureInfoKHR av1_pic_info; + + /* Picture refs */ + const AV1Frame *ref_src [AV1_NUM_REF_FRAMES]; +- VkVideoDecodeAV1DpbSlotInfoMESA vkav1_refs[AV1_NUM_REF_FRAMES]; ++ StdVideoDecodeAV1ReferenceInfo std_refs [AV1_NUM_REF_FRAMES]; ++ VkVideoDecodeAV1DpbSlotInfoKHR vkav1_refs[AV1_NUM_REF_FRAMES]; + + uint8_t frame_id_set; + uint8_t frame_id; ++ uint8_t ref_frame_sign_bias_mask; + } AV1VulkanDecodePicture; + + static int vk_av1_fill_pict(AVCodecContext *avctx, const AV1Frame **ref_src, + VkVideoReferenceSlotInfoKHR *ref_slot, /* Main structure */ + VkVideoPictureResourceInfoKHR *ref, /* Goes in ^ */ +- VkVideoDecodeAV1DpbSlotInfoMESA *vkav1_ref, /* Goes in ^ */ ++ StdVideoDecodeAV1ReferenceInfo *vkav1_std_ref, ++ VkVideoDecodeAV1DpbSlotInfoKHR *vkav1_ref, /* Goes in ^ */ + const AV1Frame *pic, int is_current, int has_grain, +- int dpb_slot_index) ++ int *saved_order_hints) + { + FFVulkanDecodeContext *dec = avctx->internal->hwaccel_priv_data; + AV1VulkanDecodePicture *hp = pic->hwaccel_picture_private; +@@ -73,31 +87,42 @@ static int vk_av1_fill_pict(AVCodecContext *avctx, const AV1Frame **ref_src, + if (err < 0) + return err; + +- *vkav1_ref = (VkVideoDecodeAV1DpbSlotInfoMESA) { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_DPB_SLOT_INFO_MESA, +- .frameIdx = hp->frame_id, ++ *vkav1_std_ref = (StdVideoDecodeAV1ReferenceInfo) { ++ .flags = (StdVideoDecodeAV1ReferenceInfoFlags) { ++ .disable_frame_end_update_cdf = pic->raw_frame_header->disable_frame_end_update_cdf, ++ .segmentation_enabled = pic->raw_frame_header->segmentation_enabled, ++ }, ++ .frame_type = pic->raw_frame_header->frame_type, ++ .OrderHint = pic->raw_frame_header->order_hint, ++ .RefFrameSignBias = hp->ref_frame_sign_bias_mask, + }; + +- for (unsigned i = 0; i < 7; i++) { +- const int idx = pic->raw_frame_header->ref_frame_idx[i]; +- vkav1_ref->ref_order_hint[i] = pic->raw_frame_header->ref_order_hint[idx]; +- } ++ if (saved_order_hints) ++ for (int i = 0; i < AV1_TOTAL_REFS_PER_FRAME; i++) ++ vkav1_std_ref->SavedOrderHints[i] = saved_order_hints[i]; ++ ++ *vkav1_ref = (VkVideoDecodeAV1DpbSlotInfoKHR) { ++ .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_DPB_SLOT_INFO_KHR, ++ .pStdReferenceInfo = vkav1_std_ref, ++ }; + +- vkav1_ref->disable_frame_end_update_cdf = pic->raw_frame_header->disable_frame_end_update_cdf; ++ vkav1_std_ref->flags.disable_frame_end_update_cdf = pic->raw_frame_header->disable_frame_end_update_cdf; ++ vkav1_std_ref->flags.segmentation_enabled = pic->raw_frame_header->segmentation_enabled; ++ vkav1_std_ref->frame_type = pic->raw_frame_header->frame_type; + + *ref = (VkVideoPictureResourceInfoKHR) { + .sType = VK_STRUCTURE_TYPE_VIDEO_PICTURE_RESOURCE_INFO_KHR, + .codedOffset = (VkOffset2D){ 0, 0 }, + .codedExtent = (VkExtent2D){ pic->f->width, pic->f->height }, + .baseArrayLayer = ((has_grain || dec->dedicated_dpb) && dec->layered_dpb) ? +- dpb_slot_index : 0, ++ hp->frame_id : 0, + .imageViewBinding = vkpic->img_view_ref, + }; + + *ref_slot = (VkVideoReferenceSlotInfoKHR) { + .sType = VK_STRUCTURE_TYPE_VIDEO_REFERENCE_SLOT_INFO_KHR, + .pNext = vkav1_ref, +- .slotIndex = dpb_slot_index, ++ .slotIndex = hp->frame_id, + .pPictureResource = ref, + }; + +@@ -115,15 +140,40 @@ static int vk_av1_create_params(AVCodecContext *avctx, AVBufferRef **buf) + + const AV1RawSequenceHeader *seq = s->raw_seq; + +- StdVideoAV1MESASequenceHeader av1_sequence_header; +- VkVideoDecodeAV1SessionParametersAddInfoMESA av1_params_info; +- VkVideoDecodeAV1SessionParametersCreateInfoMESA av1_params; ++ StdVideoAV1SequenceHeader av1_sequence_header; ++ StdVideoAV1TimingInfo av1_timing_info; ++ StdVideoAV1ColorConfig av1_color_config; ++ VkVideoDecodeAV1SessionParametersCreateInfoKHR av1_params; + VkVideoSessionParametersCreateInfoKHR session_params_create; + + int err; + +- av1_sequence_header = (StdVideoAV1MESASequenceHeader) { +- .flags = (StdVideoAV1MESASequenceHeaderFlags) { ++ av1_timing_info = (StdVideoAV1TimingInfo) { ++ .flags = (StdVideoAV1TimingInfoFlags) { ++ .equal_picture_interval = seq->timing_info.equal_picture_interval, ++ }, ++ .num_units_in_display_tick = seq->timing_info.num_units_in_display_tick, ++ .time_scale = seq->timing_info.time_scale, ++ .num_ticks_per_picture_minus_1 = seq->timing_info.num_ticks_per_picture_minus_1, ++ }; ++ ++ av1_color_config = (StdVideoAV1ColorConfig) { ++ .flags = (StdVideoAV1ColorConfigFlags) { ++ .mono_chrome = seq->color_config.mono_chrome, ++ .color_range = seq->color_config.color_range, ++ .separate_uv_delta_q = seq->color_config.separate_uv_delta_q, ++ }, ++ .BitDepth = seq->color_config.twelve_bit ? 12 : ++ seq->color_config.high_bitdepth ? 10 : 8, ++ .subsampling_x = seq->color_config.subsampling_x, ++ .subsampling_y = seq->color_config.subsampling_y, ++ .color_primaries = seq->color_config.color_primaries, ++ .transfer_characteristics = seq->color_config.transfer_characteristics, ++ .matrix_coefficients = seq->color_config.matrix_coefficients, ++ }; ++ ++ av1_sequence_header = (StdVideoAV1SequenceHeader) { ++ .flags = (StdVideoAV1SequenceHeaderFlags) { + .still_picture = seq->still_picture, + .reduced_still_picture_header = seq->reduced_still_picture_header, + .use_128x128_superblock = seq->use_128x128_superblock, +@@ -152,34 +202,15 @@ static int vk_av1_create_params(AVCodecContext *avctx, AVBufferRef **buf) + .delta_frame_id_length_minus_2 = seq->delta_frame_id_length_minus_2, + .additional_frame_id_length_minus_1 = seq->additional_frame_id_length_minus_1, + .order_hint_bits_minus_1 = seq->order_hint_bits_minus_1, +- .timing_info = (StdVideoAV1MESATimingInfo) { +- .flags = (StdVideoAV1MESATimingInfoFlags) { +- .equal_picture_interval = seq->timing_info.equal_picture_interval, +- }, +- .num_units_in_display_tick = seq->timing_info.num_units_in_display_tick, +- .time_scale = seq->timing_info.time_scale, +- .num_ticks_per_picture_minus_1 = seq->timing_info.num_ticks_per_picture_minus_1, +- }, +- .color_config = (StdVideoAV1MESAColorConfig) { +- .flags = (StdVideoAV1MESAColorConfigFlags) { +- .mono_chrome = seq->color_config.mono_chrome, +- .color_range = seq->color_config.color_range, +- .separate_uv_delta_q = seq->color_config.separate_uv_delta_q, +- }, +- .bit_depth = seq->color_config.twelve_bit ? 12 : +- seq->color_config.high_bitdepth ? 10 : 8, +- .subsampling_x = seq->color_config.subsampling_x, +- .subsampling_y = seq->color_config.subsampling_y, +- }, ++ .seq_force_integer_mv = seq->seq_force_integer_mv, ++ .seq_force_screen_content_tools = seq->seq_force_screen_content_tools, ++ .pTimingInfo = &av1_timing_info, ++ .pColorConfig = &av1_color_config, + }; + +- av1_params_info = (VkVideoDecodeAV1SessionParametersAddInfoMESA) { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_ADD_INFO_MESA, +- .sequence_header = &av1_sequence_header, +- }; +- av1_params = (VkVideoDecodeAV1SessionParametersCreateInfoMESA) { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_CREATE_INFO_MESA, +- .pParametersAddInfo = &av1_params_info, ++ av1_params = (VkVideoDecodeAV1SessionParametersCreateInfoKHR) { ++ .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_CREATE_INFO_KHR, ++ .pStdSequenceHeader = &av1_sequence_header, + }; + session_params_create = (VkVideoSessionParametersCreateInfoKHR) { + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, +@@ -211,8 +242,14 @@ static int vk_av1_start_frame(AVCodecContext *avctx, + + const AV1RawFrameHeader *frame_header = s->raw_frame_header; + const AV1RawFilmGrainParams *film_grain = &s->cur_frame.film_grain; ++ CodedBitstreamAV1Context *cbs_ctx = (CodedBitstreamAV1Context *)(s->cbc->priv_data); ++ + const int apply_grain = !(avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && + film_grain->apply_grain; ++ StdVideoAV1FrameRestorationType remap_lr_type[4] = { STD_VIDEO_AV1_FRAME_RESTORATION_TYPE_NONE, ++ STD_VIDEO_AV1_FRAME_RESTORATION_TYPE_SWITCHABLE, ++ STD_VIDEO_AV1_FRAME_RESTORATION_TYPE_WIENER, ++ STD_VIDEO_AV1_FRAME_RESTORATION_TYPE_SGRPROJ }; + + if (!dec->session_params) { + err = vk_av1_create_params(avctx, &dec->session_params); +@@ -233,15 +270,31 @@ static int vk_av1_start_frame(AVCodecContext *avctx, + dec->frame_id_alloc_mask |= (1 << slot_idx); + } + +- /* Fill in references */ +- for (int i = 0; i < AV1_NUM_REF_FRAMES; i++) { +- const AV1Frame *ref_frame = &s->ref[i]; +- if (s->ref[i].f->pict_type == AV_PICTURE_TYPE_NONE) ++ ap->ref_frame_sign_bias_mask = 0x0; ++ for (int i = 0; i < STD_VIDEO_AV1_TOTAL_REFS_PER_FRAME; i++) ++ ap->ref_frame_sign_bias_mask |= cbs_ctx->ref_frame_sign_bias[i] << i; ++ ++ for (int i = 0; i < STD_VIDEO_AV1_REFS_PER_FRAME; i++) { ++ const int idx = pic->raw_frame_header->ref_frame_idx[i]; ++ const AV1Frame *ref_frame = &s->ref[idx]; ++ AV1VulkanDecodePicture *hp = ref_frame->hwaccel_picture_private; ++ int found = 0; ++ ++ if (ref_frame->f->pict_type == AV_PICTURE_TYPE_NONE) ++ continue; ++ ++ for (int j = 0; j < ref_count; j++) { ++ if (vp->ref_slots[j].slotIndex == hp->frame_id) { ++ found = 1; ++ break; ++ } ++ } ++ if (found) + continue; + +- err = vk_av1_fill_pict(avctx, &ap->ref_src[i], &vp->ref_slots[i], +- &vp->refs[i], &ap->vkav1_refs[i], +- ref_frame, 0, 0, i); ++ err = vk_av1_fill_pict(avctx, &ap->ref_src[ref_count], &vp->ref_slots[ref_count], ++ &vp->refs[ref_count], &ap->std_refs[ref_count], &ap->vkav1_refs[ref_count], ++ ref_frame, 0, 0, cbs_ctx->ref[idx].saved_order_hints); + if (err < 0) + return err; + +@@ -249,20 +302,32 @@ static int vk_av1_start_frame(AVCodecContext *avctx, + } + + err = vk_av1_fill_pict(avctx, NULL, &vp->ref_slot, &vp->ref, ++ &ap->std_ref, + &ap->vkav1_ref, +- pic, 1, apply_grain, 8); ++ pic, 1, apply_grain, NULL); + if (err < 0) + return err; + +- ap->tile_list.nb_tiles = 0; +- ap->tile_list.tile_list = ap->tiles; +- +- ap->av1_pic_info = (VkVideoDecodeAV1PictureInfoMESA) { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PICTURE_INFO_MESA, +- .frame_header = &ap->av1_frame_header, +- .tile_list = &ap->tile_list, ++ ap->av1_pic_info = (VkVideoDecodeAV1PictureInfoKHR) { ++ .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PICTURE_INFO_KHR, ++ .pStdPictureInfo = &ap->std_pic_info, ++ .frameHeaderOffset = 0, ++ .tileCount = 0, ++ .pTileOffsets = NULL, ++ .pTileSizes = ap->tile_sizes, + }; + ++ for (int i = 0; i < STD_VIDEO_AV1_REFS_PER_FRAME; i++) { ++ const int idx = pic->raw_frame_header->ref_frame_idx[i]; ++ const AV1Frame *ref_frame = &s->ref[idx]; ++ AV1VulkanDecodePicture *hp = ref_frame->hwaccel_picture_private; ++ ++ if (ref_frame->f->pict_type == AV_PICTURE_TYPE_NONE) ++ ap->av1_pic_info.referenceNameSlotIndices[i] = -1; ++ else ++ ap->av1_pic_info.referenceNameSlotIndices[i] = hp->frame_id; ++ } ++ + vp->decode_info = (VkVideoDecodeInfoKHR) { + .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_INFO_KHR, + .pNext = &ap->av1_pic_info, +@@ -279,9 +344,87 @@ static int vk_av1_start_frame(AVCodecContext *avctx, + }, + }; + ++ ap->tile_info = (StdVideoAV1TileInfo) { ++ .flags = (StdVideoAV1TileInfoFlags) { ++ .uniform_tile_spacing_flag = frame_header->uniform_tile_spacing_flag, ++ }, ++ .TileCols = frame_header->tile_cols, ++ .TileRows = frame_header->tile_rows, ++ .context_update_tile_id = frame_header->context_update_tile_id, ++ .tile_size_bytes_minus_1 = frame_header->tile_size_bytes_minus1, ++ .pWidthInSbsMinus1 = ap->width_in_sbs_minus1, ++ .pHeightInSbsMinus1 = ap->height_in_sbs_minus1, ++ .pMiColStarts = ap->mi_col_starts, ++ .pMiRowStarts = ap->mi_row_starts, ++ }; ++ ++ ap->quantization = (StdVideoAV1Quantization) { ++ .flags.using_qmatrix = frame_header->using_qmatrix, ++ .flags.diff_uv_delta = frame_header->diff_uv_delta, ++ .base_q_idx = frame_header->base_q_idx, ++ .DeltaQYDc = frame_header->delta_q_y_dc, ++ .DeltaQUDc = frame_header->delta_q_u_dc, ++ .DeltaQUAc = frame_header->delta_q_u_ac, ++ .DeltaQVDc = frame_header->delta_q_v_dc, ++ .DeltaQVAc = frame_header->delta_q_v_ac, ++ .qm_y = frame_header->qm_y, ++ .qm_u = frame_header->qm_u, ++ .qm_v = frame_header->qm_v, ++ }; ++ ++ ap->loop_filter = (StdVideoAV1LoopFilter) { ++ .flags = (StdVideoAV1LoopFilterFlags) { ++ .loop_filter_delta_enabled = frame_header->loop_filter_delta_enabled, ++ .loop_filter_delta_update = frame_header->loop_filter_delta_update, ++ }, ++ .loop_filter_sharpness = frame_header->loop_filter_sharpness, ++ }; ++ ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_LOOP_FILTER_STRENGTHS; i++) ++ ap->loop_filter.loop_filter_level[i] = frame_header->loop_filter_level[i]; ++ for (int i = 0; i < STD_VIDEO_AV1_LOOP_FILTER_ADJUSTMENTS; i++) ++ ap->loop_filter.loop_filter_mode_deltas[i] = frame_header->loop_filter_mode_deltas[i]; ++ ++ ap->cdef = (StdVideoAV1CDEF) { ++ .cdef_damping_minus_3 = frame_header->cdef_damping_minus_3, ++ .cdef_bits = frame_header->cdef_bits, ++ }; ++ ++ ap->loop_restoration = (StdVideoAV1LoopRestoration) { ++ .FrameRestorationType[0] = remap_lr_type[frame_header->lr_type[0]], ++ .FrameRestorationType[1] = remap_lr_type[frame_header->lr_type[1]], ++ .FrameRestorationType[2] = remap_lr_type[frame_header->lr_type[2]], ++ .LoopRestorationSize[0] = 1 + frame_header->lr_unit_shift, ++ .LoopRestorationSize[1] = 1 + frame_header->lr_unit_shift - frame_header->lr_uv_shift, ++ .LoopRestorationSize[2] = 1 + frame_header->lr_unit_shift - frame_header->lr_uv_shift, ++ }; ++ ++ ap->film_grain = (StdVideoAV1FilmGrain) { ++ .flags = (StdVideoAV1FilmGrainFlags) { ++ .chroma_scaling_from_luma = film_grain->chroma_scaling_from_luma, ++ .overlap_flag = film_grain->overlap_flag, ++ .clip_to_restricted_range = film_grain->clip_to_restricted_range, ++ }, ++ .grain_scaling_minus_8 = film_grain->grain_scaling_minus_8, ++ .ar_coeff_lag = film_grain->ar_coeff_lag, ++ .ar_coeff_shift_minus_6 = film_grain->ar_coeff_shift_minus_6, ++ .grain_scale_shift = film_grain->grain_scale_shift, ++ .grain_seed = film_grain->grain_seed, ++ .film_grain_params_ref_idx = film_grain->film_grain_params_ref_idx, ++ .num_y_points = film_grain->num_y_points, ++ .num_cb_points = film_grain->num_cb_points, ++ .num_cr_points = film_grain->num_cr_points, ++ .cb_mult = film_grain->cb_mult, ++ .cb_luma_mult = film_grain->cb_luma_mult, ++ .cb_offset = film_grain->cb_offset, ++ .cr_mult = film_grain->cr_mult, ++ .cr_luma_mult = film_grain->cr_luma_mult, ++ .cr_offset = film_grain->cr_offset, ++ }; ++ + /* Setup frame header */ +- ap->av1_frame_header = (StdVideoAV1MESAFrameHeader) { +- .flags = (StdVideoAV1MESAFrameHeaderFlags) { ++ ap->std_pic_info = (StdVideoDecodeAV1PictureInfo) { ++ .flags = (StdVideoDecodeAV1PictureInfoFlags) { + .error_resilient_mode = frame_header->error_resilient_mode, + .disable_cdf_update = frame_header->disable_cdf_update, + .use_superres = frame_header->use_superres, +@@ -302,174 +445,92 @@ static int vk_av1_start_frame(AVCodecContext *avctx, + .reference_select = frame_header->reference_select, + .skip_mode_present = frame_header->skip_mode_present, + .delta_q_present = frame_header->delta_q_present, ++ .delta_lf_present = frame_header->delta_lf_present, ++ .delta_lf_multi = frame_header->delta_lf_multi, ++ .segmentation_enabled = frame_header->segmentation_enabled, ++ .segmentation_update_map = frame_header->segmentation_update_map, ++ .segmentation_temporal_update = frame_header->segmentation_temporal_update, ++ .segmentation_update_data = frame_header->segmentation_update_data, ++ .UsesLr = frame_header->lr_type[0] || frame_header->lr_type[1] || frame_header->lr_type[2], ++ .apply_grain = apply_grain, + }, +- .frame_to_show_map_idx = frame_header->frame_to_show_map_idx, +- .frame_presentation_time = frame_header->frame_presentation_time, +- .display_frame_id = frame_header->display_frame_id, + .frame_type = frame_header->frame_type, + .current_frame_id = frame_header->current_frame_id, +- .order_hint = frame_header->order_hint, ++ .OrderHint = frame_header->order_hint, + .primary_ref_frame = frame_header->primary_ref_frame, +- .frame_width_minus_1 = frame_header->frame_width_minus_1, +- .frame_height_minus_1 = frame_header->frame_height_minus_1, +- .coded_denom = frame_header->coded_denom, +- .render_width_minus_1 = frame_header->render_width_minus_1, +- .render_height_minus_1 = frame_header->render_height_minus_1, + .refresh_frame_flags = frame_header->refresh_frame_flags, + .interpolation_filter = frame_header->interpolation_filter, +- .tx_mode = frame_header->tx_mode, +- .tiling = (StdVideoAV1MESATileInfo) { +- .flags = (StdVideoAV1MESATileInfoFlags) { +- .uniform_tile_spacing_flag = frame_header->uniform_tile_spacing_flag, +- }, +- .tile_cols = frame_header->tile_cols, +- .tile_rows = frame_header->tile_rows, +- .context_update_tile_id = frame_header->context_update_tile_id, +- .tile_size_bytes_minus1 = frame_header->tile_size_bytes_minus1, +- }, +- .quantization = (StdVideoAV1MESAQuantization) { +- .flags.using_qmatrix = frame_header->using_qmatrix, +- .base_q_idx = frame_header->base_q_idx, +- .delta_q_y_dc = frame_header->delta_q_y_dc, +- .diff_uv_delta = frame_header->diff_uv_delta, +- .delta_q_u_dc = frame_header->delta_q_u_dc, +- .delta_q_u_ac = frame_header->delta_q_u_ac, +- .delta_q_v_dc = frame_header->delta_q_v_dc, +- .delta_q_v_ac = frame_header->delta_q_v_ac, +- .qm_y = frame_header->qm_y, +- .qm_u = frame_header->qm_u, +- .qm_v = frame_header->qm_v, +- }, +- .delta_q = (StdVideoAV1MESADeltaQ) { +- .flags = (StdVideoAV1MESADeltaQFlags) { +- .delta_lf_present = frame_header->delta_lf_present, +- .delta_lf_multi = frame_header->delta_lf_multi, +- }, +- .delta_q_res = frame_header->delta_q_res, +- .delta_lf_res = frame_header->delta_lf_res, +- }, +- .loop_filter = (StdVideoAV1MESALoopFilter) { +- .flags = (StdVideoAV1MESALoopFilterFlags) { +- .delta_enabled = frame_header->loop_filter_delta_enabled, +- .delta_update = frame_header->loop_filter_delta_update, +- }, +- .level = { +- frame_header->loop_filter_level[0], frame_header->loop_filter_level[1], +- frame_header->loop_filter_level[2], frame_header->loop_filter_level[3], +- }, +- .sharpness = frame_header->loop_filter_sharpness, +- .mode_deltas = { +- frame_header->loop_filter_mode_deltas[0], frame_header->loop_filter_mode_deltas[1], +- }, +- }, +- .cdef = (StdVideoAV1MESACDEF) { +- .damping_minus_3 = frame_header->cdef_damping_minus_3, +- .bits = frame_header->cdef_bits, +- }, +- .lr = (StdVideoAV1MESALoopRestoration) { +- .lr_unit_shift = frame_header->lr_unit_shift, +- .lr_uv_shift = frame_header->lr_uv_shift, +- .lr_type = { frame_header->lr_type[0], frame_header->lr_type[1], frame_header->lr_type[2] }, +- }, +- .segmentation = (StdVideoAV1MESASegmentation) { +- .flags = (StdVideoAV1MESASegmentationFlags) { +- .enabled = frame_header->segmentation_enabled, +- .update_map = frame_header->segmentation_update_map, +- .temporal_update = frame_header->segmentation_temporal_update, +- .update_data = frame_header->segmentation_update_data, +- }, +- }, +- .film_grain = (StdVideoAV1MESAFilmGrainParameters) { +- .flags = (StdVideoAV1MESAFilmGrainFlags) { +- .apply_grain = apply_grain, +- .chroma_scaling_from_luma = film_grain->chroma_scaling_from_luma, +- .overlap_flag = film_grain->overlap_flag, +- .clip_to_restricted_range = film_grain->clip_to_restricted_range, +- }, +- .grain_scaling_minus_8 = film_grain->grain_scaling_minus_8, +- .ar_coeff_lag = film_grain->ar_coeff_lag, +- .ar_coeff_shift_minus_6 = film_grain->ar_coeff_shift_minus_6, +- .grain_scale_shift = film_grain->grain_scale_shift, +- .grain_seed = film_grain->grain_seed, +- .num_y_points = film_grain->num_y_points, +- .num_cb_points = film_grain->num_cb_points, +- .num_cr_points = film_grain->num_cr_points, +- .cb_mult = film_grain->cb_mult, +- .cb_luma_mult = film_grain->cb_luma_mult, +- .cb_offset = film_grain->cb_offset, +- .cr_mult = film_grain->cr_mult, +- .cr_luma_mult = film_grain->cr_luma_mult, +- .cr_offset = film_grain->cr_offset, +- }, ++ .TxMode = frame_header->tx_mode, ++ .delta_q_res = frame_header->delta_q_res, ++ .delta_lf_res = frame_header->delta_lf_res, ++ .SkipModeFrame[0] = s->cur_frame.skip_mode_frame_idx[0], ++ .SkipModeFrame[1] = s->cur_frame.skip_mode_frame_idx[1], ++ .coded_denom = frame_header->coded_denom, ++ .pTileInfo = &ap->tile_info, ++ .pQuantization = &ap->quantization, ++ .pSegmentation = &ap->segmentation, ++ .pLoopFilter = &ap->loop_filter, ++ .pCDEF = &ap->cdef, ++ .pLoopRestoration = &ap->loop_restoration, ++ .pGlobalMotion = &ap->global_motion, ++ .pFilmGrain = apply_grain ? &ap->film_grain : NULL, + }; + + for (int i = 0; i < 64; i++) { +- ap->av1_frame_header.tiling.width_in_sbs_minus_1[i] = frame_header->width_in_sbs_minus_1[i]; +- ap->av1_frame_header.tiling.height_in_sbs_minus_1[i] = frame_header->height_in_sbs_minus_1[i]; +- ap->av1_frame_header.tiling.tile_start_col_sb[i] = frame_header->tile_start_col_sb[i]; +- ap->av1_frame_header.tiling.tile_start_row_sb[i] = frame_header->tile_start_row_sb[i]; ++ ap->width_in_sbs_minus1[i] = frame_header->width_in_sbs_minus_1[i]; ++ ap->height_in_sbs_minus1[i] = frame_header->height_in_sbs_minus_1[i]; ++ ap->mi_col_starts[i] = frame_header->tile_start_col_sb[i]; ++ ap->mi_row_starts[i] = frame_header->tile_start_row_sb[i]; + } + +- for (int i = 0; i < 8; i++) { +- ap->av1_frame_header.segmentation.feature_enabled_bits[i] = 0; +- for (int j = 0; j < 8; j++) { +- ap->av1_frame_header.segmentation.feature_enabled_bits[i] |= (frame_header->feature_enabled[i][j] << j); +- ap->av1_frame_header.segmentation.feature_data[i][j] = frame_header->feature_value[i][j]; ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_SEGMENTS; i++) { ++ ap->segmentation.FeatureEnabled[i] = 0x0; ++ for (int j = 0; j < STD_VIDEO_AV1_SEG_LVL_MAX; j++) { ++ ap->segmentation.FeatureEnabled[i] |= (frame_header->feature_enabled[i][j] << j); ++ ap->segmentation.FeatureData[i][j] = frame_header->feature_value[i][j]; + } +- +- ap->av1_frame_header.loop_filter.ref_deltas[i] = frame_header->loop_filter_ref_deltas[i]; +- +- ap->av1_frame_header.cdef.y_pri_strength[i] = frame_header->cdef_y_pri_strength[i]; +- ap->av1_frame_header.cdef.y_sec_strength[i] = frame_header->cdef_y_sec_strength[i]; +- ap->av1_frame_header.cdef.uv_pri_strength[i] = frame_header->cdef_uv_pri_strength[i]; +- ap->av1_frame_header.cdef.uv_sec_strength[i] = frame_header->cdef_uv_sec_strength[i]; +- +- ap->av1_frame_header.ref_order_hint[i] = frame_header->ref_order_hint[i]; +- ap->av1_frame_header.global_motion[i] = (StdVideoAV1MESAGlobalMotion) { +- .flags = (StdVideoAV1MESAGlobalMotionFlags) { +- .gm_invalid = s->cur_frame.gm_invalid[i], +- }, +- .gm_type = s->cur_frame.gm_type[i], +- .gm_params = { +- s->cur_frame.gm_params[i][0], s->cur_frame.gm_params[i][1], +- s->cur_frame.gm_params[i][2], s->cur_frame.gm_params[i][3], +- s->cur_frame.gm_params[i][4], s->cur_frame.gm_params[i][5], +- }, +- }; + } + +- for (int i = 0; i < 7; i++) { +- ap->av1_frame_header.ref_frame_idx[i] = frame_header->ref_frame_idx[i]; +- ap->av1_frame_header.delta_frame_id_minus1[i] = frame_header->delta_frame_id_minus1[i]; ++ for (int i = 0; i < STD_VIDEO_AV1_TOTAL_REFS_PER_FRAME; i++) ++ ap->loop_filter.loop_filter_ref_deltas[i] = frame_header->loop_filter_ref_deltas[i]; ++ ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_CDEF_FILTER_STRENGTHS; i++) { ++ ap->cdef.cdef_y_pri_strength[i] = frame_header->cdef_y_pri_strength[i]; ++ ap->cdef.cdef_y_sec_strength[i] = frame_header->cdef_y_sec_strength[i]; ++ ap->cdef.cdef_uv_pri_strength[i] = frame_header->cdef_uv_pri_strength[i]; ++ ap->cdef.cdef_uv_sec_strength[i] = frame_header->cdef_uv_sec_strength[i]; + } + +- ap->av1_pic_info.skip_mode_frame_idx[0] = s->cur_frame.skip_mode_frame_idx[0]; +- ap->av1_pic_info.skip_mode_frame_idx[1] = s->cur_frame.skip_mode_frame_idx[1]; ++ for (int i = 0; i < STD_VIDEO_AV1_NUM_REF_FRAMES; i++) { ++ ap->std_pic_info.OrderHints[i] = frame_header->ref_order_hint[i]; ++ ap->global_motion.GmType[i] = s->cur_frame.gm_type[i]; ++ for (int j = 0; j < STD_VIDEO_AV1_GLOBAL_MOTION_PARAMS; j++) { ++ ap->global_motion.gm_params[i][j] = s->cur_frame.gm_params[i][j]; ++ } ++ } + + if (apply_grain) { +- for (int i = 0; i < 14; i++) { +- ap->av1_frame_header.film_grain.point_y_value[i] = film_grain->point_y_value[i]; +- ap->av1_frame_header.film_grain.point_y_scaling[i] = film_grain->point_y_scaling[i]; ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_NUM_Y_POINTS; i++) { ++ ap->film_grain.point_y_value[i] = film_grain->point_y_value[i]; ++ ap->film_grain.point_y_scaling[i] = film_grain->point_y_scaling[i]; + } + +- for (int i = 0; i < 10; i++) { +- ap->av1_frame_header.film_grain.point_cb_value[i] = film_grain->point_cb_value[i]; +- ap->av1_frame_header.film_grain.point_cb_scaling[i] = film_grain->point_cb_scaling[i]; +- ap->av1_frame_header.film_grain.point_cr_value[i] = film_grain->point_cr_value[i]; +- ap->av1_frame_header.film_grain.point_cr_scaling[i] = film_grain->point_cr_scaling[i]; ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_NUM_CB_POINTS; i++) { ++ ap->film_grain.point_cb_value[i] = film_grain->point_cb_value[i]; ++ ap->film_grain.point_cb_scaling[i] = film_grain->point_cb_scaling[i]; ++ ap->film_grain.point_cr_value[i] = film_grain->point_cr_value[i]; ++ ap->film_grain.point_cr_scaling[i] = film_grain->point_cr_scaling[i]; + } + +- for (int i = 0; i < 24; i++) { +- ap->av1_frame_header.film_grain.ar_coeffs_y_plus_128[i] = film_grain->ar_coeffs_y_plus_128[i]; +- ap->av1_frame_header.film_grain.ar_coeffs_cb_plus_128[i] = film_grain->ar_coeffs_cb_plus_128[i]; +- ap->av1_frame_header.film_grain.ar_coeffs_cr_plus_128[i] = film_grain->ar_coeffs_cr_plus_128[i]; +- } ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_NUM_POS_LUMA; i++) ++ ap->film_grain.ar_coeffs_y_plus_128[i] = film_grain->ar_coeffs_y_plus_128[i]; + +- ap->av1_frame_header.film_grain.ar_coeffs_cb_plus_128[24] = film_grain->ar_coeffs_cb_plus_128[24]; +- ap->av1_frame_header.film_grain.ar_coeffs_cr_plus_128[24] = film_grain->ar_coeffs_cr_plus_128[24]; ++ for (int i = 0; i < STD_VIDEO_AV1_MAX_NUM_POS_CHROMA; i++) { ++ ap->film_grain.ar_coeffs_cb_plus_128[i] = film_grain->ar_coeffs_cb_plus_128[i]; ++ ap->film_grain.ar_coeffs_cr_plus_128[i] = film_grain->ar_coeffs_cr_plus_128[i]; ++ } + } + +- /* Workaround for a spec issue. */ + ap->dec = dec; + + return 0; +@@ -484,25 +545,20 @@ static int vk_av1_decode_slice(AVCodecContext *avctx, + AV1VulkanDecodePicture *ap = s->cur_frame.hwaccel_picture_private; + FFVulkanDecodePicture *vp = &ap->vp; + ++ /* Too many tiles, exceeding all defined levels in the AV1 spec */ ++ if (ap->av1_pic_info.tileCount > MAX_TILES) ++ return AVERROR(ENOSYS); ++ + for (int i = s->tg_start; i <= s->tg_end; i++) { +- ap->tiles[ap->tile_list.nb_tiles] = (StdVideoAV1MESATile) { +- .size = s->tile_group_info[i].tile_size, +- .offset = s->tile_group_info[i].tile_offset, +- .row = s->tile_group_info[i].tile_row, +- .column = s->tile_group_info[i].tile_column, +- .tg_start = s->tg_start, +- .tg_end = s->tg_end, +- }; ++ ap->tile_sizes[ap->av1_pic_info.tileCount] = s->tile_group_info[i].tile_size; + + err = ff_vk_decode_add_slice(avctx, vp, + data + s->tile_group_info[i].tile_offset, + s->tile_group_info[i].tile_size, 0, +- &ap->tile_list.nb_tiles, +- &ap->tile_offsets); ++ &ap->av1_pic_info.tileCount, ++ &ap->av1_pic_info.pTileOffsets); + if (err < 0) + return err; +- +- ap->tiles[ap->tile_list.nb_tiles - 1].offset = ap->tile_offsets[ap->tile_list.nb_tiles - 1]; + } + + return 0; +@@ -518,7 +574,7 @@ static int vk_av1_end_frame(AVCodecContext *avctx) + FFVulkanDecodePicture *rvp[AV1_NUM_REF_FRAMES] = { 0 }; + AVFrame *rav[AV1_NUM_REF_FRAMES] = { 0 }; + +- if (!ap->tile_list.nb_tiles) ++ if (!ap->av1_pic_info.tileCount) + return 0; + + if (!dec->session_params) { +@@ -536,7 +592,7 @@ static int vk_av1_end_frame(AVCodecContext *avctx) + } + + av_log(avctx, AV_LOG_VERBOSE, "Decoding frame, %"SIZE_SPECIFIER" bytes, %i tiles\n", +- vp->slices_size, ap->tile_list.nb_tiles); ++ vp->slices_size, ap->av1_pic_info.tileCount); + + return ff_vk_decode_frame(avctx, pic->f, vp, rav, rvp); + } +@@ -580,8 +636,6 @@ const FFHWAccel ff_av1_vulkan_hwaccel = { + * flexibility, this index cannot be present anywhere. + * The current implementation tracks the index for the driver and submits it + * as necessary information. Due to needing to modify the decoding context, +- * which is not thread-safe, on frame free, threading is disabled. +- * In the future, once this is fixed in the spec, the workarounds may be removed +- * and threading enabled. */ ++ * which is not thread-safe, on frame free, threading is disabled. */ + .caps_internal = HWACCEL_CAP_ASYNC_SAFE, + }; +diff --git a/libavcodec/vulkan_decode.c b/libavcodec/vulkan_decode.c +index 91929d165f..4561f26b62 100644 +--- a/libavcodec/vulkan_decode.c ++++ b/libavcodec/vulkan_decode.c +@@ -61,7 +61,7 @@ static const VkVideoProfileInfoKHR *get_video_profile(FFVulkanDecodeShared *ctx, + VkStructureType profile_struct_type = + codec_id == AV_CODEC_ID_H264 ? VK_STRUCTURE_TYPE_VIDEO_DECODE_H264_PROFILE_INFO_KHR : + codec_id == AV_CODEC_ID_HEVC ? VK_STRUCTURE_TYPE_VIDEO_DECODE_H265_PROFILE_INFO_KHR : +- codec_id == AV_CODEC_ID_AV1 ? VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PROFILE_INFO_MESA : ++ codec_id == AV_CODEC_ID_AV1 ? VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PROFILE_INFO_KHR : + 0; + + profile_list = ff_vk_find_struct(ctx->s.hwfc->create_pnext, +@@ -674,7 +674,7 @@ static VkResult vulkan_setup_profile(AVCodecContext *avctx, + const struct FFVkCodecMap *vk_codec, + VkVideoDecodeH264CapabilitiesKHR *h264_caps, + VkVideoDecodeH265CapabilitiesKHR *h265_caps, +- VkVideoDecodeAV1CapabilitiesMESA *av1_caps, ++ VkVideoDecodeAV1CapabilitiesKHR *av1_caps, + VkVideoCapabilitiesKHR *caps, + VkVideoDecodeCapabilitiesKHR *dec_caps, + int cur_profile) +@@ -685,7 +685,7 @@ static VkResult vulkan_setup_profile(AVCodecContext *avctx, + + VkVideoDecodeH264ProfileInfoKHR *h264_profile = &prof->h264_profile; + VkVideoDecodeH265ProfileInfoKHR *h265_profile = &prof->h265_profile; +- VkVideoDecodeAV1ProfileInfoMESA *av1_profile = &prof->av1_profile; ++ VkVideoDecodeAV1ProfileInfoKHR *av1_profile = &prof->av1_profile; + + const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(avctx->sw_pix_fmt); + if (!desc) +@@ -713,8 +713,9 @@ static VkResult vulkan_setup_profile(AVCodecContext *avctx, + } else if (avctx->codec_id == AV_CODEC_ID_AV1) { + dec_caps->pNext = av1_caps; + usage->pNext = av1_profile; +- av1_profile->sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PROFILE_INFO_MESA; +- av1_profile->stdProfileIdc = cur_profile; ++ av1_profile->sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PROFILE_INFO_KHR; ++ av1_profile->stdProfile = cur_profile; ++ av1_profile->filmGrainSupport = !(avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN); + } + + usage->sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_USAGE_INFO_KHR; +@@ -769,8 +770,8 @@ static int vulkan_decode_get_profile(AVCodecContext *avctx, AVBufferRef *frames_ + VkVideoDecodeH265CapabilitiesKHR h265_caps = { + .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_H265_CAPABILITIES_KHR, + }; +- VkVideoDecodeAV1CapabilitiesMESA av1_caps = { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_CAPABILITIES_MESA, ++ VkVideoDecodeAV1CapabilitiesKHR av1_caps = { ++ .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_CAPABILITIES_KHR, + }; + + VkPhysicalDeviceVideoFormatInfoKHR fmt_info = { +@@ -789,7 +790,7 @@ static int vulkan_decode_get_profile(AVCodecContext *avctx, AVBufferRef *frames_ + cur_profile = avctx->profile; + base_profile = avctx->codec_id == AV_CODEC_ID_H264 ? AV_PROFILE_H264_CONSTRAINED_BASELINE : + avctx->codec_id == AV_CODEC_ID_H265 ? AV_PROFILE_HEVC_MAIN : +- avctx->codec_id == AV_CODEC_ID_AV1 ? STD_VIDEO_AV1_MESA_PROFILE_MAIN : ++ avctx->codec_id == AV_CODEC_ID_AV1 ? STD_VIDEO_AV1_PROFILE_MAIN : + 0; + + ret = vulkan_setup_profile(avctx, prof, hwctx, vk, vk_codec, +@@ -837,7 +838,7 @@ static int vulkan_decode_get_profile(AVCodecContext *avctx, AVBufferRef *frames_ + + max_level = avctx->codec_id == AV_CODEC_ID_H264 ? ff_vk_h264_level_to_av(h264_caps.maxLevelIdc) : + avctx->codec_id == AV_CODEC_ID_H265 ? ff_vk_h265_level_to_av(h265_caps.maxLevelIdc) : +- avctx->codec_id == AV_CODEC_ID_AV1 ? av1_caps.maxLevelIdc : ++ avctx->codec_id == AV_CODEC_ID_AV1 ? av1_caps.maxLevel : + 0; + + av_log(avctx, AV_LOG_VERBOSE, "Decoder capabilities for %s profile \"%s\":\n", +@@ -908,17 +909,11 @@ static int vulkan_decode_get_profile(AVCodecContext *avctx, AVBufferRef *frames_ + "VK_VIDEO_DECODE_CAPABILITY_DPB_AND_OUTPUT_COINCIDE_BIT_KHR set " + "but VK_VIDEO_CAPABILITY_SEPARATE_REFERENCE_IMAGES_BIT_KHR is unset!\n"); + return AVERROR_EXTERNAL; +- } else if (!(dec_caps->flags & VK_VIDEO_DECODE_CAPABILITY_DPB_AND_OUTPUT_DISTINCT_BIT_KHR) && +- avctx->codec_id == AV_CODEC_ID_AV1) { +- av_log(avctx, AV_LOG_ERROR, "Cannot initialize Vulkan decoding session, buggy driver: " +- "codec is AV1, but VK_VIDEO_DECODE_CAPABILITY_DPB_AND_OUTPUT_DISTINCT_BIT_KHR isn't set!\n"); +- return AVERROR_EXTERNAL; + } + + /* TODO: make dedicated_dpb tunable */ + dec->dedicated_dpb = !(dec_caps->flags & VK_VIDEO_DECODE_CAPABILITY_DPB_AND_OUTPUT_COINCIDE_BIT_KHR); + dec->layered_dpb = !(caps->flags & VK_VIDEO_CAPABILITY_SEPARATE_REFERENCE_IMAGES_BIT_KHR); +- dec->external_fg = av1_caps.flags & VK_VIDEO_DECODE_AV1_CAPABILITY_EXTERNAL_FILM_GRAIN_MESA; + + if (dec->dedicated_dpb) { + fmt_info.imageUsage = VK_IMAGE_USAGE_VIDEO_DECODE_DPB_BIT_KHR; +@@ -1126,8 +1121,10 @@ int ff_vk_decode_init(AVCodecContext *avctx) + VkVideoDecodeH265SessionParametersCreateInfoKHR h265_params = { + .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_H265_SESSION_PARAMETERS_CREATE_INFO_KHR, + }; +- VkVideoDecodeAV1SessionParametersCreateInfoMESA av1_params = { +- .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_CREATE_INFO_MESA, ++ StdVideoAV1SequenceHeader av1_empty_seq = { 0 }; ++ VkVideoDecodeAV1SessionParametersCreateInfoKHR av1_params = { ++ .sType = VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_CREATE_INFO_KHR, ++ .pStdSequenceHeader = &av1_empty_seq, + }; + VkVideoSessionParametersCreateInfoKHR session_params_create = { + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, +diff --git a/libavcodec/vulkan_decode.h b/libavcodec/vulkan_decode.h +index a43e328d73..7ba8b239cb 100644 +--- a/libavcodec/vulkan_decode.h ++++ b/libavcodec/vulkan_decode.h +@@ -37,7 +37,7 @@ typedef struct FFVulkanDecodeDescriptor { + typedef struct FFVulkanDecodeProfileData { + VkVideoDecodeH264ProfileInfoKHR h264_profile; + VkVideoDecodeH265ProfileInfoKHR h265_profile; +- VkVideoDecodeAV1ProfileInfoMESA av1_profile; ++ VkVideoDecodeAV1ProfileInfoKHR av1_profile; + VkVideoDecodeUsageInfoKHR usage; + VkVideoProfileInfoKHR profile; + VkVideoProfileListInfoKHR profile_list; +diff --git a/libavcodec/vulkan_video.h b/libavcodec/vulkan_video.h +index bb69e920bb..01a1de7d9d 100644 +--- a/libavcodec/vulkan_video.h ++++ b/libavcodec/vulkan_video.h +@@ -22,8 +22,6 @@ + #include "vulkan.h" + + #include <vk_video/vulkan_video_codecs_common.h> +-#include "vulkan_video_codec_av1std.h" +-#include "vulkan_video_codec_av1std_decode.h" + + #define CODEC_VER_MAJ(ver) (ver >> 22) + #define CODEC_VER_MIN(ver) ((ver >> 12) & ((1 << 10) - 1)) +diff --git a/libavcodec/vulkan_video_codec_av1std_decode.h b/libavcodec/vulkan_video_codec_av1std_decode.h +deleted file mode 100644 +index e2f37b4e6e..0000000000 +--- a/libavcodec/vulkan_video_codec_av1std_decode.h ++++ /dev/null +@@ -1,36 +0,0 @@ +-/* Copyright 2023 Lynne +- * Copyright 2023 Dave Airlie +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-#ifndef VULKAN_VIDEO_CODEC_AV1STD_DECODE_H_ +-#define VULKAN_VIDEO_CODEC_AV1STD_DECODE_H_ 1 +- +-/* +-** This header is NOT YET generated from the Khronos Vulkan XML API Registry. +-** +-*/ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +-#define vulkan_video_codec_av1std_decode 1 +- +- +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/libavcodec/vulkan_video_codec_av1std.h b/libavcodec/vulkan_video_codec_av1std.h +deleted file mode 100644 +index c91589eee2..0000000000 +--- a/libavcodec/vulkan_video_codec_av1std.h ++++ /dev/null +@@ -1,403 +0,0 @@ +-/* Copyright 2023 Lynne +- * Copyright 2023 Dave Airlie +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-#ifndef VULKAN_VIDEO_CODEC_AV1STD_H_ +-#define VULKAN_VIDEO_CODEC_AV1STD_H_ 1 +- +-/* +-** This header is NOT YET generated from the Khronos Vulkan XML API Registry. +-** +-*/ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +-#define vulkan_video_codec_av1std 1 +- +-#define VK_MAKE_VIDEO_STD_VERSION(major, minor, patch) \ +- ((((uint32_t)(major)) << 22) | (((uint32_t)(minor)) << 12) | ((uint32_t)(patch))) +-#define VK_STD_VULKAN_VIDEO_CODEC_AV1_DECODE_API_VERSION_0_1_0 VK_MAKE_VIDEO_STD_VERSION(0, 1, 0) +-#define VK_STD_VULKAN_VIDEO_CODEC_AV1_DECODE_SPEC_VERSION VK_STD_VULKAN_VIDEO_CODEC_AV1_DECODE_API_VERSION_0_1_0 +-#define VK_STD_VULKAN_VIDEO_CODEC_AV1_DECODE_EXTENSION_NAME "VK_STD_vulkan_video_codec_av1_decode" +- +-typedef enum StdVideoAV1MESAProfile { +- STD_VIDEO_AV1_MESA_PROFILE_MAIN = 0, +- STD_VIDEO_AV1_MESA_PROFILE_HIGH = 1, +- STD_VIDEO_AV1_MESA_PROFILE_PROFESSIONAL = 2, +-} StdVideoAV1MESAProfile; +- +-typedef enum StdVideoAV1MESALevel { +- STD_VIDEO_AV1_MESA_LEVEL_2_0 = 0, +- STD_VIDEO_AV1_MESA_LEVEL_2_1 = 1, +- STD_VIDEO_AV1_MESA_LEVEL_2_2 = 2, +- STD_VIDEO_AV1_MESA_LEVEL_2_3 = 3, +- STD_VIDEO_AV1_MESA_LEVEL_3_0 = 4, +- STD_VIDEO_AV1_MESA_LEVEL_3_1 = 5, +- STD_VIDEO_AV1_MESA_LEVEL_3_2 = 6, +- STD_VIDEO_AV1_MESA_LEVEL_3_3 = 7, +- STD_VIDEO_AV1_MESA_LEVEL_4_0 = 8, +- STD_VIDEO_AV1_MESA_LEVEL_4_1 = 9, +- STD_VIDEO_AV1_MESA_LEVEL_4_2 = 10, +- STD_VIDEO_AV1_MESA_LEVEL_4_3 = 11, +- STD_VIDEO_AV1_MESA_LEVEL_5_0 = 12, +- STD_VIDEO_AV1_MESA_LEVEL_5_1 = 13, +- STD_VIDEO_AV1_MESA_LEVEL_5_2 = 14, +- STD_VIDEO_AV1_MESA_LEVEL_5_3 = 15, +- STD_VIDEO_AV1_MESA_LEVEL_6_0 = 16, +- STD_VIDEO_AV1_MESA_LEVEL_6_1 = 17, +- STD_VIDEO_AV1_MESA_LEVEL_6_2 = 18, +- STD_VIDEO_AV1_MESA_LEVEL_6_3 = 19, +- STD_VIDEO_AV1_MESA_LEVEL_7_0 = 20, +- STD_VIDEO_AV1_MESA_LEVEL_7_1 = 21, +- STD_VIDEO_AV1_MESA_LEVEL_7_2 = 22, +- STD_VIDEO_AV1_MESA_LEVEL_7_3 = 23, +- STD_VIDEO_AV1_MESA_LEVEL_MAX = 31, +-} StdVideoAV1MESALevel; +- +-typedef struct StdVideoAV1MESAFilmGrainFlags { +- uint8_t apply_grain; +- uint8_t chroma_scaling_from_luma; +- uint8_t overlap_flag; +- uint8_t clip_to_restricted_range; +-} StdVideoAV1MESAFilmGrainFlags; +- +-typedef struct StdVideoAV1MESAFilmGrainParameters { +- StdVideoAV1MESAFilmGrainFlags flags; +- uint32_t grain_scaling_minus_8; +- uint32_t ar_coeff_lag; +- uint32_t ar_coeff_shift_minus_6; +- uint32_t grain_scale_shift; +- +- uint16_t grain_seed; +- uint8_t num_y_points; +- uint8_t point_y_value[14]; +- uint8_t point_y_scaling[14]; +- +- uint8_t num_cb_points; +- uint8_t point_cb_value[10]; +- uint8_t point_cb_scaling[10]; +- +- uint8_t num_cr_points; +- uint8_t point_cr_value[10]; +- uint8_t point_cr_scaling[10]; +- +- int8_t ar_coeffs_y_plus_128[24]; +- int8_t ar_coeffs_cb_plus_128[25]; +- int8_t ar_coeffs_cr_plus_128[25]; +- uint8_t cb_mult; +- uint8_t cb_luma_mult; +- uint16_t cb_offset; +- uint8_t cr_mult; +- uint8_t cr_luma_mult; +- uint16_t cr_offset; +-} StdVideoAV1MESAFilmGrainParameters; +- +-typedef struct StdVideoAV1MESAGlobalMotionFlags { +- uint8_t gm_invalid; +-} StdVideoAV1MESAGlobalMotionFlags; +- +-typedef struct StdVideoAV1MESAGlobalMotion { +- StdVideoAV1MESAGlobalMotionFlags flags; +- uint8_t gm_type; +- uint32_t gm_params[6]; +-} StdVideoAV1MESAGlobalMotion; +- +-typedef struct StdVideoAV1MESALoopRestoration { +- uint8_t lr_type[3]; +- uint8_t lr_unit_shift; +- uint8_t lr_uv_shift; +-} StdVideoAV1MESALoopRestoration; +- +-typedef struct StdVideoAV1MESATileInfoFlags { +- uint8_t uniform_tile_spacing_flag; +-} StdVideoAV1MESATileInfoFlags; +- +-typedef struct StdVideoAV1MESATileInfo { +- StdVideoAV1MESATileInfoFlags flags; +- uint8_t tile_cols; +- uint8_t tile_rows; +- uint8_t tile_start_col_sb[64]; +- uint8_t tile_start_row_sb[64]; +- uint8_t width_in_sbs_minus_1[64]; +- uint8_t height_in_sbs_minus_1[64]; +- uint16_t context_update_tile_id; +- uint8_t tile_size_bytes_minus1; +-} StdVideoAV1MESATileInfo; +- +-typedef struct StdVideoAV1MESAQuantizationFlags { +- uint8_t using_qmatrix; +-} StdVideoAV1MESAQuantizationFlags; +- +-typedef struct StdVideoAV1MESAQuantization { +- StdVideoAV1MESAQuantizationFlags flags; +- uint8_t base_q_idx; +- int8_t delta_q_y_dc; +- uint8_t diff_uv_delta; +- int8_t delta_q_u_dc; +- int8_t delta_q_u_ac; +- int8_t delta_q_v_dc; +- int8_t delta_q_v_ac; +- uint8_t qm_y; +- uint8_t qm_u; +- uint8_t qm_v; +-} StdVideoAV1MESAQuantization; +- +-typedef struct StdVideoAV1MESACDEF { +- uint8_t damping_minus_3; +- uint8_t bits; +- uint8_t y_pri_strength[8]; +- uint8_t y_sec_strength[8]; +- uint8_t uv_pri_strength[8]; +- uint8_t uv_sec_strength[8]; +-} StdVideoAV1MESACDEF; +- +-typedef struct StdVideoAV1MESADeltaQFlags { +- uint8_t delta_lf_present; +- uint8_t delta_lf_multi; +-} StdVideoAV1MESADeltaQFlags; +- +-typedef struct StdVideoAV1MESADeltaQ { +- StdVideoAV1MESADeltaQFlags flags; +- uint8_t delta_q_res; +- uint8_t delta_lf_res; +-} StdVideoAV1MESADeltaQ; +- +-typedef struct StdVideoAV1MESASegmentationFlags { +- uint8_t enabled; +- uint8_t update_map; +- uint8_t temporal_update; +- uint8_t update_data; +-} StdVideoAV1MESASegmentationFlags; +- +-typedef struct StdVideoAV1MESASegmentation { +- StdVideoAV1MESASegmentationFlags flags; +- uint8_t feature_enabled_bits[8]; +- int16_t feature_data[8][8]; +-} StdVideoAV1MESASegmentation; +- +-typedef struct StdVideoAV1MESALoopFilterFlags { +- uint8_t delta_enabled; +- uint8_t delta_update; +-} StdVideoAV1MESALoopFilterFlags; +- +-typedef struct StdVideoAV1MESALoopFilter { +- StdVideoAV1MESALoopFilterFlags flags; +- uint8_t level[4]; +- uint8_t sharpness; +- int8_t ref_deltas[8]; +- int8_t mode_deltas[2]; +-} StdVideoAV1MESALoopFilter; +- +-typedef struct StdVideoAV1MESAFrameHeaderFlags { +- uint8_t error_resilient_mode; +- uint8_t disable_cdf_update; +- uint8_t use_superres; +- uint8_t render_and_frame_size_different; +- uint8_t allow_screen_content_tools; +- uint8_t is_filter_switchable; +- uint8_t force_integer_mv; +- uint8_t frame_size_override_flag; +- uint8_t buffer_removal_time_present_flag; +- uint8_t allow_intrabc; +- uint8_t frame_refs_short_signaling; +- uint8_t allow_high_precision_mv; +- uint8_t is_motion_mode_switchable; +- uint8_t use_ref_frame_mvs; +- uint8_t disable_frame_end_update_cdf; +- uint8_t allow_warped_motion; +- uint8_t reduced_tx_set; +- uint8_t reference_select; +- uint8_t skip_mode_present; +- uint8_t delta_q_present; +- uint8_t UsesLr; +-} StdVideoAV1MESAFrameHeaderFlags; +- +-typedef struct StdVideoAV1MESAFrameHeader { +- StdVideoAV1MESAFrameHeaderFlags flags; +- +- uint32_t frame_presentation_time; +- uint32_t display_frame_id; +- uint32_t current_frame_id; +- uint8_t frame_to_show_map_idx; +- uint8_t frame_type; +- uint8_t order_hint; +- uint8_t primary_ref_frame; +- uint16_t frame_width_minus_1; +- uint16_t frame_height_minus_1; +- uint16_t render_width_minus_1; +- uint16_t render_height_minus_1; +- uint8_t coded_denom; +- +- uint8_t refresh_frame_flags; +- uint8_t ref_order_hint[8]; +- int8_t ref_frame_idx[7]; +- uint32_t delta_frame_id_minus1[7]; +- +- uint8_t interpolation_filter; +- uint8_t tx_mode; +- +- StdVideoAV1MESATileInfo tiling; +- StdVideoAV1MESAQuantization quantization; +- StdVideoAV1MESASegmentation segmentation; +- StdVideoAV1MESADeltaQ delta_q; +- StdVideoAV1MESALoopFilter loop_filter; +- StdVideoAV1MESACDEF cdef; +- StdVideoAV1MESALoopRestoration lr; +- StdVideoAV1MESAGlobalMotion global_motion[8]; // One per ref frame +- StdVideoAV1MESAFilmGrainParameters film_grain; +-} StdVideoAV1MESAFrameHeader; +- +-typedef struct StdVideoAV1MESAScreenCoding { +- uint8_t seq_force_screen_content_tools; +-} StdVideoAV1MESAScreenCoding; +- +-typedef struct StdVideoAV1MESATimingInfoFlags { +- uint8_t equal_picture_interval; +-} StdVideoAV1MESATimingInfoFlags; +- +-typedef struct StdVideoAV1MESATimingInfo { +- StdVideoAV1MESATimingInfoFlags flags; +- uint32_t num_units_in_display_tick; +- uint32_t time_scale; +- uint32_t num_ticks_per_picture_minus_1; +-} StdVideoAV1MESATimingInfo; +- +-typedef struct StdVideoAV1MESAColorConfigFlags { +- uint8_t mono_chrome; +- uint8_t color_range; +- uint8_t separate_uv_delta_q; +-} StdVideoAV1MESAColorConfigFlags; +- +-typedef struct StdVideoAV1MESAColorConfig { +- StdVideoAV1MESAColorConfigFlags flags; +- uint8_t bit_depth; +- uint8_t subsampling_x; +- uint8_t subsampling_y; +-} StdVideoAV1MESAColorConfig; +- +-typedef struct StdVideoAV1MESASequenceHeaderFlags { +- uint8_t still_picture; +- uint8_t reduced_still_picture_header; +- uint8_t use_128x128_superblock; +- uint8_t enable_filter_intra; +- uint8_t enable_intra_edge_filter; +- uint8_t enable_interintra_compound; +- uint8_t enable_masked_compound; +- uint8_t enable_warped_motion; +- uint8_t enable_dual_filter; +- uint8_t enable_order_hint; +- uint8_t enable_jnt_comp; +- uint8_t enable_ref_frame_mvs; +- uint8_t frame_id_numbers_present_flag; +- uint8_t enable_superres; +- uint8_t enable_cdef; +- uint8_t enable_restoration; +- uint8_t film_grain_params_present; +- uint8_t timing_info_present_flag; +- uint8_t initial_display_delay_present_flag; +-} StdVideoAV1MESASequenceHeaderFlags; +- +-typedef struct StdVideoAV1MESASequenceHeader { +- StdVideoAV1MESASequenceHeaderFlags flags; +- +- StdVideoAV1MESAProfile seq_profile; +- uint8_t frame_width_bits_minus_1; +- uint8_t frame_height_bits_minus_1; +- uint16_t max_frame_width_minus_1; +- uint16_t max_frame_height_minus_1; +- uint8_t delta_frame_id_length_minus_2; +- uint8_t additional_frame_id_length_minus_1; +- uint8_t order_hint_bits_minus_1; +- uint8_t seq_choose_integer_mv; +- uint8_t seq_force_integer_mv; +- +- StdVideoAV1MESATimingInfo timing_info; +- StdVideoAV1MESAColorConfig color_config; +-} StdVideoAV1MESASequenceHeader; +- +-typedef struct StdVideoAV1MESATile { +- uint16_t tg_start; +- uint16_t tg_end; +- uint16_t row; +- uint16_t column; +- uint32_t size; +- uint32_t offset; +-} StdVideoAV1MESATile; +- +-typedef struct StdVideoAV1MESATileList { +- StdVideoAV1MESATile *tile_list; +- uint32_t nb_tiles; +-} StdVideoAV1MESATileList; +- +-typedef struct VkVideoDecodeAV1PictureInfoMESA { +- VkStructureType sType; +- const void *pNext; +- StdVideoAV1MESAFrameHeader *frame_header; +- StdVideoAV1MESATileList *tile_list; +- uint8_t skip_mode_frame_idx[2]; +-} VkVideoDecodeAV1PictureInfoMESA; +- +-typedef struct VkVideoDecodeAV1DpbSlotInfoMESA { +- VkStructureType sType; +- const void *pNext; +- uint8_t frameIdx; +- uint8_t ref_order_hint[7]; +- uint8_t disable_frame_end_update_cdf; +-} VkVideoDecodeAV1DpbSlotInfoMESA; +- +-typedef struct VkVideoDecodeAV1SessionParametersAddInfoMESA { +- VkStructureType sType; +- const void *pNext; +- StdVideoAV1MESASequenceHeader *sequence_header; +-} VkVideoDecodeAV1SessionParametersAddInfoMESA; +- +-typedef struct VkVideoDecodeAV1SessionParametersCreateInfoMESA { +- VkStructureType sType; +- const void *pNext; +- const VkVideoDecodeAV1SessionParametersAddInfoMESA *pParametersAddInfo; +-} VkVideoDecodeAV1SessionParametersCreateInfoMESA; +- +-typedef struct VkVideoDecodeAV1ProfileInfoMESA { +- VkStructureType sType; +- const void *pNext; +- StdVideoAV1MESAProfile stdProfileIdc; +-} VkVideoDecodeAV1ProfileInfoMESA; +- +-typedef enum VkVideoDecodeAV1CapabilityFlagBitsMESA { +- VK_VIDEO_DECODE_AV1_CAPABILITY_EXTERNAL_FILM_GRAIN_MESA = 0x00000001, +- VK_VIDEO_DECODE_AV1_CAPABILITY_FLAG_BITS_MAX_ENUM_MESA = 0x7FFFFFFF +-} VkVideoDecodeAV1CapabilityFlagBitsMESA; +-typedef VkFlags VkVideoDecodeAV1CapabilityFlagsMESA; +- +-typedef struct VkVideoDecodeAV1CapabilitiesMESA { +- VkStructureType sType; +- const void *pNext; +- VkVideoDecodeAV1CapabilityFlagsMESA flags; +- StdVideoAV1MESALevel maxLevelIdc; +-} VkVideoDecodeAV1CapabilitiesMESA; +- +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PICTURE_INFO_MESA 1000509000 +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_CREATE_INFO_MESA 1000509001 +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_SESSION_PARAMETERS_ADD_INFO_MESA 1000509002 +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_DPB_SLOT_INFO_MESA 1000509003 +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_CAPABILITIES_MESA 1000509004 +-#define VK_STRUCTURE_TYPE_VIDEO_DECODE_AV1_PROFILE_INFO_MESA 1000509005 +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c +index 91b9f96ccf..6e3b96b73a 100644 +--- a/libavutil/hwcontext_vulkan.c ++++ b/libavutil/hwcontext_vulkan.c +@@ -446,7 +446,7 @@ static const VulkanOptExtension optional_device_exts[] = { + { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_QUEUE }, + { VK_KHR_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_H264 }, + { VK_KHR_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_H265 }, +- { "VK_MESA_video_decode_av1", FF_VK_EXT_VIDEO_DECODE_AV1 }, ++ { VK_KHR_VIDEO_DECODE_AV1_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_AV1 }, + }; + + static VkBool32 VKAPI_CALL vk_dbg_callback(VkDebugUtilsMessageSeverityFlagBitsEXT severity, +diff --git a/libavutil/vulkan_functions.h b/libavutil/vulkan_functions.h +index 65021b04b1..6b379acf93 100644 +--- a/libavutil/vulkan_functions.h ++++ b/libavutil/vulkan_functions.h +@@ -43,7 +43,7 @@ typedef enum FFVulkanExtensions { + FF_VK_EXT_VIDEO_DECODE_QUEUE = 1ULL << 11, /* VK_KHR_video_decode_queue */ + FF_VK_EXT_VIDEO_DECODE_H264 = 1ULL << 12, /* VK_EXT_video_decode_h264 */ + FF_VK_EXT_VIDEO_DECODE_H265 = 1ULL << 13, /* VK_EXT_video_decode_h265 */ +- FF_VK_EXT_VIDEO_DECODE_AV1 = 1ULL << 14, /* VK_MESA_video_decode_av1 */ ++ FF_VK_EXT_VIDEO_DECODE_AV1 = 1ULL << 14, /* VK_KHR_video_decode_av1 */ + FF_VK_EXT_ATOMIC_FLOAT = 1ULL << 15, /* VK_EXT_shader_atomic_float */ + FF_VK_EXT_COOP_MATRIX = 1ULL << 16, /* VK_KHR_cooperative_matrix */ + +diff --git a/libavutil/vulkan_loader.h b/libavutil/vulkan_loader.h +index f9e739e1e3..73cf03935d 100644 +--- a/libavutil/vulkan_loader.h ++++ b/libavutil/vulkan_loader.h +@@ -58,7 +58,7 @@ static inline uint64_t ff_vk_extensions_to_mask(const char * const *extensions, + { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_QUEUE }, + { VK_KHR_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_H264 }, + { VK_KHR_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_H265 }, +- { "VK_MESA_video_decode_av1", FF_VK_EXT_VIDEO_DECODE_AV1 }, ++ { VK_KHR_VIDEO_DECODE_AV1_EXTENSION_NAME, FF_VK_EXT_VIDEO_DECODE_AV1 }, + }; + + FFVulkanExtensions mask = 0x0; +diff --git a/libavcodec/vulkan_video.c b/libavcodec/vulkan_video.c +--- ffmpeg-6.1.1.orig/libavcodec/vulkan_video.c ++++ ffmpeg-6.1.1/libavcodec/vulkan_video.c +@@ -37,7 +37,7 @@ const FFVkCodecMap ff_vk_codec_map[AV_CO + 0, + 0, + FF_VK_EXT_VIDEO_DECODE_AV1, +- 0x01000000 /* TODO fix this */ ++ VK_VIDEO_CODEC_OPERATION_DECODE_AV1_BIT_KHR + }, + }; + +-- +2.25.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_fix_gcc14.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_fix_gcc14.patch new file mode 100644 index 0000000000..960d34943e --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_fix_gcc14.patch @@ -0,0 +1,102 @@ +From 2f24f10d9cf34ddce274496c4daa73f732d370c1 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 20 Dec 2023 12:32:43 +0000 +Subject: [PATCH] libavcodec: fix -Wint-conversion in vulkan +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FIx warnings (soon to be errors in GCC 14, already so in Clang 15): +``` +src/libavcodec/vulkan_av1.c: In function ‘vk_av1_create_params’: +src/libavcodec/vulkan_av1.c:183:43: error: initialization of ‘long long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Wint-conversion] + 183 | .videoSessionParametersTemplate = NULL, + | ^~~~ +src/libavcodec/vulkan_av1.c:183:43: note: (near initialization for ‘(anonymous).videoSessionParametersTemplate’) +``` + +Use Vulkan's VK_NULL_HANDLE instead of bare NULL. + +Fix Trac ticket #10724. + +Was reported downstream in Gentoo at https://bugs.gentoo.org/919067. + +Signed-off-by: Sam James <sam@gentoo.org> +Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/2f24f10d9cf34ddce274496c4daa73f732d370c1] +--- + libavcodec/vulkan_av1.c | 2 +- + libavcodec/vulkan_decode.c | 6 +++--- + libavcodec/vulkan_h264.c | 2 +- + libavcodec/vulkan_hevc.c | 2 +- + libavcodec/vulkan_video.c | 2 +- + 5 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/vulkan_av1.c b/libavcodec/vulkan_av1.c +index 4998bf7ebc55f..9730e4b08dd40 100644 +--- a/libavcodec/vulkan_av1.c ++++ b/libavcodec/vulkan_av1.c +@@ -180,7 +180,7 @@ static int vk_av1_create_params(AVCodecContext *avctx, AVBufferRef **buf) + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &av1_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + err = ff_vk_decode_create_params(buf, avctx, ctx, &session_params_create); +diff --git a/libavcodec/vulkan_decode.c b/libavcodec/vulkan_decode.c +index a89d84fcaa972..fdbcbb450a1e0 100644 +--- a/libavcodec/vulkan_decode.c ++++ b/libavcodec/vulkan_decode.c +@@ -188,9 +188,9 @@ int ff_vk_decode_prepare_frame(FFVulkanDecodeContext *dec, AVFrame *pic, + return 0; + + vkpic->dpb_frame = NULL; +- vkpic->img_view_ref = NULL; +- vkpic->img_view_out = NULL; +- vkpic->img_view_dest = NULL; ++ vkpic->img_view_ref = VK_NULL_HANDLE; ++ vkpic->img_view_out = VK_NULL_HANDLE; ++ vkpic->img_view_dest = VK_NULL_HANDLE; + + vkpic->destroy_image_view = vk->DestroyImageView; + vkpic->wait_semaphores = vk->WaitSemaphores; +diff --git a/libavcodec/vulkan_h264.c b/libavcodec/vulkan_h264.c +index e727aafb162d3..39c123ddca57e 100644 +--- a/libavcodec/vulkan_h264.c ++++ b/libavcodec/vulkan_h264.c +@@ -315,7 +315,7 @@ static int vk_h264_create_params(AVCodecContext *avctx, AVBufferRef **buf) + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h264_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + /* SPS list */ +diff --git a/libavcodec/vulkan_hevc.c b/libavcodec/vulkan_hevc.c +index 99fdcf3b45839..033172cbd6958 100644 +--- a/libavcodec/vulkan_hevc.c ++++ b/libavcodec/vulkan_hevc.c +@@ -653,7 +653,7 @@ static int vk_hevc_create_params(AVCodecContext *avctx, AVBufferRef **buf) + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h265_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + HEVCHeaderSet *hdr; +diff --git a/libavcodec/vulkan_video.c b/libavcodec/vulkan_video.c +index 5fa8292b28eaf..fb20315db4bbf 100644 +--- a/libavcodec/vulkan_video.c ++++ b/libavcodec/vulkan_video.c +@@ -287,7 +287,7 @@ av_cold void ff_vk_video_common_uninit(FFVulkanContext *s, + if (common->session) { + vk->DestroyVideoSessionKHR(s->hwctx->act_dev, common->session, + s->hwctx->alloc); +- common->session = NULL; ++ common->session = VK_NULL_HANDLE; + } + + if (common->nb_mem && common->mem) diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index aa59755034..dea1f54580 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -22,7 +22,12 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz" +SRC_URI = " \ + https://www.ffmpeg.org/releases/${BP}.tar.xz \ + file://av1_ordering_info.patch \ + file://vulkan_av1_stable_API.patch \ + file://vulkan_fix_gcc14.patch \ +" SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb index 2be406192f..c30341d1f0 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "07766425ecb5bf857ab5ad3962321c55cd89f9386b720843f9df71c0a455eb9b" +SRC_URI[sha256sum] = "015ff62789dab423edafe979b019c7de4c849a2b7e74912b20b74a70e5b68f72" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb index f3287efa96..bd9ae2464e 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "6b13dcc9332ef27a7c1e7005c0196883874f91622f8aa6e52f218b05b15d2bf5" +SRC_URI[sha256sum] = "3b60d4cac2fbcd085a93e9389ca23e0443bee1ca75574d31d4f12bb1bbecab48" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb index 97348fb398..4db16ed10b 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "18dfdf5f6b773d67e62a315c6cf6247da320b83603a5819493f53c69ed2eeef6" +SRC_URI[sha256sum] = "6b0685b92ac735032d7987d1028afaeab0a98ab726e0c51e5b9bfc8f2da7c8b1" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb index 523ee7a5ae..01c95ac85f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "808d3b33fc4c71aeb2561c364a87c2e8a3e2343319a83244c8391be4b09499c8" +SRC_URI[sha256sum] = "388b4c4412f42e36a38b17cc34119bc11879bd4d9fbd4ff6d03b2c7fc6b4d494" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 7aa10eb646..5905c2d5b1 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "65eaf72296cc5edc985695a4d80affc931e64a79f4879d05615854f7a2cf5bd1" +SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index edd8609b7c..8099d70791 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" -SRC_URI[sha256sum] = "6ddd032381827d31820540735f0004b429436b0bdac19aaeab44fa22faad52e2" +SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" S = "${WORKDIR}/gst-plugins-good-${PV}" @@ -52,7 +52,7 @@ PACKAGECONFIG[libpng] = "-Dpng=enabled,-Dpng=disabled,libpng" PACKAGECONFIG[libv4l2] = "-Dv4l2-libv4l2=enabled,-Dv4l2-libv4l2=disabled,v4l-utils" PACKAGECONFIG[mpg123] = "-Dmpg123=enabled,-Dmpg123=disabled,mpg123" PACKAGECONFIG[pulseaudio] = "-Dpulse=enabled,-Dpulse=disabled,pulseaudio" -PACKAGECONFIG[qt5] = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native ${QT5WAYLANDDEPENDS}" +PACKAGECONFIG[qt5] = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native qttools-native ${QT5WAYLANDDEPENDS}" PACKAGECONFIG[soup2] = "-Dsoup=enabled,,libsoup-2.4,,,soup3" PACKAGECONFIG[soup3] = "-Dsoup=enabled,,libsoup,,,soup2" PACKAGECONFIG[speex] = "-Dspeex=enabled,-Dspeex=disabled,speex" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb index 61f46fbf7e..714ee178d8 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb @@ -15,7 +15,7 @@ SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "7758b7decfd20c00cae5700822bcbbf03f98c723e33e17634db2e07ca1da60bf" +SRC_URI[sha256sum] = "d59a1aaf8dd2cc416dc5b5c0b7aecd02b1811bf1229aa724e6c2a503d3799083" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb index 0fbb03f757..2eee5aee5e 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "f7a5450d93fd81bf46060dca7f4a048d095b6717961fec211731a11a994c99a7" +SRC_URI[sha256sum] = "d98d3226efea20d5c440a28988a20319a953f7c594895df2bba4538633108e9f" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb index 554ed9ec8f..c89c22f334 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "ec49d474750a6ff6729c85b448abc607fb6840b21717ad7abc967e2adbf07a24" +SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb index 87eb8484a1..ef75ed64b3 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "6eae1360658302b9b512fa46b4d06f5b818dfce5f2f43d7d710ca8142719d8ad" +SRC_URI[sha256sum] = "013ad729b2fe4fccda559bddc626bcb14230cfb90a2271049f8466bfec5d80df" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb index 8965497d01..f4acb0977b 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb @@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-tests-use-a-dictionaries-for-environment.patch \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \ " -SRC_URI[sha256sum] = "3d16259e9dab8b002c57ce208a09b350d8282f5b0197306c0cdba9a0d0799744" +SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.43.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.42.bb index f1febd0a02..cadbe957db 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.43.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.42.bb @@ -10,8 +10,8 @@ DEPENDS = "zlib" LIBV = "16" -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "6a5ca0652392a2d7c9db2ae5b40210843c0bbc081cbd410825ab00cc59f14a6c" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450" MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/" diff --git a/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb b/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb index 0c5ed5e55e..fc913c86b3 100644 --- a/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb +++ b/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb @@ -27,6 +27,8 @@ inherit autotools pkgconfig features_check mime-xdg REQUIRED_DISTRO_FEATURES = "x11" EXTRA_OECONF = "--with-gtk=3" +# GCC 14 finds extra incompatible pointer type warnings which are treated as errors +CFLAGS += "-Wno-error=incompatible-pointer-types" do_install:append () { install -d ${D}/${datadir} diff --git a/poky/meta/recipes-sato/webkit/libwpe_1.16.0.bb b/poky/meta/recipes-sato/webkit/libwpe_1.14.2.bb index 57f91ce87e..03ee88193d 100644 --- a/poky/meta/recipes-sato/webkit/libwpe_1.16.0.bb +++ b/poky/meta/recipes-sato/webkit/libwpe_1.14.2.bb @@ -11,7 +11,7 @@ inherit cmake features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "c7f3a3c6b3d006790d486dc7cceda2b6d2e329de07f33bc47dfc53f00f334b2a" +SRC_URI[sha256sum] = "8ae38022c50cb340c96fdbee1217f1e46ab57fbc1c8ba98142565abbedbe22ef" # This is a tweak of upstream-version-is-even needed because # ipstream directory contains tarballs for other components as well. diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch b/poky/meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch deleted file mode 100644 index 3067500447..0000000000 --- a/poky/meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2922af379dc70b4b1a63b01d67179eb431f03ac4 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@redhat.com> -Date: Mon, 18 Mar 2024 11:14:54 -0700 -Subject: [PATCH] REGRESSION(274077@main): failure to build on i586 (and likely - other 32bit arches): static assertion failed: Timer should stay small - https://bugs.webkit.org/show_bug.cgi?id=271108 - -Unreviewed build fix. This changes SameSizeOfTimer to ensure it matches -the size of Timer on 32-bit platforms. - -* Source/WebCore/platform/Timer.cpp: - -Canonical link: https://commits.webkit.org/276282@main - -Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/2922af379dc70b4b1a63b01d67179eb431f03ac4] - -Signed-off-by: Markus Volk <f_l_k@t-online.de> ---- - Source/WebCore/platform/Timer.cpp | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/Source/WebCore/platform/Timer.cpp b/Source/WebCore/platform/Timer.cpp -index 4f7c0f5c39ca9..0f3734cca2474 100644 ---- a/Source/WebCore/platform/Timer.cpp -+++ b/Source/WebCore/platform/Timer.cpp -@@ -263,7 +263,11 @@ struct SameSizeAsTimer { - - WeakPtr<TimerAlignment> timerAlignment; - double times[2]; -- void* pointers[3]; -+ void* pointers[2]; -+#if CPU(ADDRESS32) -+ uint8_t bitfields; -+#endif -+ void* pointer; - }; - - static_assert(sizeof(Timer) == sizeof(SameSizeAsTimer), "Timer should stay small"); diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.44.0.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb index 0819f6de0d..29e12bb8c5 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.44.0.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb @@ -16,9 +16,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://no-musttail-arm.patch \ file://t6-not-declared.patch \ file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \ - file://2922af379dc70b4b1a63b01d67179eb431f03ac4.patch \ " -SRC_URI[sha256sum] = "c66530e41ba59b1edba4ee89ef20b2188e273bed0497e95084729e3cfbe30c87" +SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen diff --git a/poky/meta/recipes-support/appstream/appstream_1.0.2.bb b/poky/meta/recipes-support/appstream/appstream_1.0.3.bb index 7eb12a04c5..625e85a0ae 100644 --- a/poky/meta/recipes-support/appstream/appstream_1.0.2.bb +++ b/poky/meta/recipes-support/appstream/appstream_1.0.3.bb @@ -28,7 +28,7 @@ SRC_URI = " \ https://www.freedesktop.org/software/appstream/releases/AppStream-${PV}.tar.xz \ file://0001-remove-hardcoded-path.patch \ " -SRC_URI[sha256sum] = "1a5148ca97dcbf5eb6e9c380278bb0d20938569292ea8652df1b3cac8bd2736b" +SRC_URI[sha256sum] = "5ab6f6cf644e7875a9508593962e56bb430f4e59ae0bf03be6be7029deb6baa4" S = "${WORKDIR}/AppStream-${PV}" diff --git a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch index a274f3a16e..b46dc76a86 100644 --- a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch +++ b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch @@ -7,7 +7,7 @@ The disabled tests rely on timing to pass correctly. On a virtualized system under heavy load, these tests randomly fail because they miss a timer or other timing related issues. -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/apache/apr/pull/54] Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> --- diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.52.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.50.1.bb index cf221e0389..6996ebebcd 100644 --- a/poky/meta/recipes-support/atk/at-spi2-core_2.52.0.bb +++ b/poky/meta/recipes-support/atk/at-spi2-core_2.50.1.bb @@ -11,7 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0ac3fc8320c8d01fa147c272ba7fa03806389c6b03d3c406d0823e30e35ff5ab" +SRC_URI[sha256sum] = "5727b5c0687ac57ba8040e79bd6731b714a36b8fcf32190f236b8fb3698789e7" DEPENDS = " \ dbus \ diff --git a/poky/meta/recipes-support/attr/attr_2.5.1.bb b/poky/meta/recipes-support/attr/attr_2.5.1.bb new file mode 100644 index 0000000000..5c5f7bcffb --- /dev/null +++ b/poky/meta/recipes-support/attr/attr_2.5.1.bb @@ -0,0 +1,5 @@ +require attr.inc + +SRC_URI[sha256sum] = "bae1c6949b258a0d68001367ce0c741cebdacdd3b62965d17e5eb23cd78adaf8" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/attr/attr_2.5.2.bb b/poky/meta/recipes-support/attr/attr_2.5.2.bb deleted file mode 100644 index 2110c6d885..0000000000 --- a/poky/meta/recipes-support/attr/attr_2.5.2.bb +++ /dev/null @@ -1,5 +0,0 @@ -require attr.inc - -SRC_URI[sha256sum] = "39bf67452fa41d0948c2197601053f48b3d78a029389734332a6309a680c6c87" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.13.0.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.12.0.bb index f75d61e219..66f65f565c 100644 --- a/poky/meta/recipes-support/bash-completion/bash-completion_2.13.0.bb +++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.12.0.bb @@ -14,7 +14,7 @@ SECTION = "console/utils" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "c5f99a39e40f0d154c03ff15438e87ece1f5ac666336a4459899e2ff4bedf3d1" +SRC_URI[sha256sum] = "3eb05b1783c339ef59ed576afb0f678fa4ef49a6de8a696397df3148f8345af9" GITHUB_BASE_URI = "https://github.com/scop/bash-completion/releases" PARALLEL_MAKE = "" diff --git a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb index 346bd60e4d..0f2153d493 100644 --- a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb +++ b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb @@ -31,6 +31,9 @@ PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/s PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit" PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/,--with-systemdsystemunitdir=" +# Fails to build with GCC14 with incompatible pointer error warning being treated as error +CFLAGS += "-Wno-error=incompatible-pointer-types" + FILES:${PN} += "${exec_prefix}/lib/ConsoleKit \ ${libdir}/ConsoleKit ${systemd_unitdir} ${base_libdir} \ ${datadir}/dbus-1 ${datadir}/PolicyKit ${datadir}/polkit*" diff --git a/poky/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch b/poky/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch new file mode 100644 index 0000000000..98f7db93e8 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch @@ -0,0 +1,64 @@ +From 721941aadf4adf4f6aeb3f4c0ab489bb89610c36 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <stefan@eissing.org> +Date: Mon, 1 Apr 2024 15:41:18 +0200 +Subject: [PATCH] http: with chunked POST forced, disable length check on read + callback + +- when an application forces HTTP/1.1 chunked transfer encoding + by setting the corresponding header and instructs curl to use + the CURLOPT_READFUNCTION, disregard any POST length information. +- this establishes backward compatibility with previous curl versions + +Applications are encouraged to not force "chunked", but rather +set length information for a POST. By setting -1, curl will +auto-select chunked on HTTP/1.1 and work properly on other HTTP +versions. + +Reported-by: Jeff King +Fixes #13229 +Closes #13257 +Upstream-Status: Backport +--- + lib/http.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 92c04e69cd8373..a764d3c4403c39 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) + else + result = Curl_creader_set_null(data); + } +- else { /* we read the bytes from the callback */ +- result = Curl_creader_set_fread(data, postsize); ++ else { ++ /* we read the bytes from the callback. In case "chunked" encoding ++ * is forced by the application, we disregard `postsize`. This is ++ * a backward compatibility decision to earlier versions where ++ * chunking disregarded this. See issue #13229. */ ++ bool chunked = FALSE; ++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); ++ if(ptr) { ++ /* Some kind of TE is requested, check if 'chunked' is chosen */ ++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), ++ STRCONST("chunked")); ++ } ++ result = Curl_creader_set_fread(data, chunked? -1 : postsize); + } + return result; + +@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data, + data->req.upload_chunky = + Curl_compareheader(ptr, + STRCONST("Transfer-Encoding:"), STRCONST("chunked")); ++ if(data->req.upload_chunky && ++ Curl_use_http_1_1plus(data, data->conn) && ++ (data->conn->httpversion >= 20)) { ++ infof(data, "suppressing chunked transfer encoding on connection " ++ "using HTTP version 2 or higher"); ++ data->req.upload_chunky = FALSE; ++ } + } + else { + curl_off_t req_clen = Curl_creader_total_length(data); diff --git a/poky/meta/recipes-support/curl/curl_8.7.1.bb b/poky/meta/recipes-support/curl/curl_8.7.1.bb index c6654bbad6..3fdad6a4cf 100644 --- a/poky/meta/recipes-support/curl/curl_8.7.1.bb +++ b/poky/meta/recipes-support/curl/curl_8.7.1.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ + file://721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch \ file://run-ptest \ file://disable-tests \ file://no-test-timeout.patch \ @@ -119,6 +120,7 @@ do_install_ptest() { RDEPENDS:${PN}-ptest += " \ bash \ + locale-base-en-us \ perl-module-b \ perl-module-base \ perl-module-cwd \ @@ -134,7 +136,6 @@ RDEPENDS:${PN}-ptest += " \ perl-module-storable \ perl-module-time-hires \ " -RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us" PACKAGES =+ "lib${BPN}" diff --git a/poky/meta/recipes-support/db/db_5.3.28.bb b/poky/meta/recipes-support/db/db_5.3.28.bb index a99d5cea62..a7d061e0da 100644 --- a/poky/meta/recipes-support/db/db_5.3.28.bb +++ b/poky/meta/recipes-support/db/db_5.3.28.bb @@ -116,3 +116,7 @@ INSANE_SKIP:${PN} = "dev-so" INSANE_SKIP:${PN}-cxx = "dev-so" BBCLASSEXTEND = "native nativesdk" + +# many configure tests are failing with gcc-14 +CFLAGS += "-Wno-error=implicit-int -Wno-error=implicit-function-declaration" +BUILD_CFLAGS += "-Wno-error=implicit-int -Wno-error=implicit-function-declaration" diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.17.bb b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb index c5f25bae40..ec629d8b73 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_5.17.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=4b667f30411d21bc8fd7db85d502a8e9 SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \ " -SRCREV = "baf12e98a02883d1b76081e32f2185ee3497570b" +SRCREV = "9e0facf19b17b6d090a5dcc8cacb0c16e5ad9f72" inherit autotools update-alternatives diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_260.bb b/poky/meta/recipes-support/diffoscope/diffoscope_259.bb index 297a53fb53..eca2c208fc 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_260.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_259.bb @@ -12,7 +12,7 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[sha256sum] = "405a55502c8b2c988e46c0800d6a93e8e4e7632c1542b0a540dda50aeea41dac" +SRC_URI[sha256sum] = "c1f14452467f84c4be804a3725cbfdd5eadf977ece7ad463be8b647d1a87fb42" RDEPENDS:${PN} += "\ binutils \ diff --git a/poky/meta/recipes-support/enchant/enchant2_2.6.9.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.7.bb index aaf3525ad8..b31bdc422b 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.6.9.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.6.7.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 groff-native" inherit autotools pkgconfig github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz" -SRC_URI[sha256sum] = "d9a5a10dc9b38a43b3a0fa22c76ed6ebb7e09eb535aff62954afcdbd40efff6b" +SRC_URI[sha256sum] = "a1c2e5b59acca000bbfb24810af4a1165733d407f2154786588e076c8cd57bfc" GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases" diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.4.5.bb b/poky/meta/recipes-support/gnupg/gnupg_2.4.4.bb index 99996968b1..fff7d8c6da 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.4.5.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.4.4.bb @@ -23,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "f68f7d75d06cb1635c336d34d844af97436c3f64ea14bcb7c869782f96f44277" +SRC_URI[sha256sum] = "67ebe016ca90fa7688ce67a387ebd82c6261e95897db7b23df24ff335be85bc6" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/poky/meta/recipes-support/icu/icu/fix-install-manx.patch b/poky/meta/recipes-support/icu/icu/fix-install-manx.patch index 7526bde370..16cabc8264 100644 --- a/poky/meta/recipes-support/icu/icu/fix-install-manx.patch +++ b/poky/meta/recipes-support/icu/icu/fix-install-manx.patch @@ -11,7 +11,9 @@ and one process tries to chown a file that the other process has just deleted. Also install-manx should be a phony target, and for clarity use $^ instead of $? in the install command. -Upstream-Status: Pending +Upstream ticket: https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-21172 + +Upstream-Status: Submitted [https://github.com/unicode-org/icu/pull/2966] Signed-off-by: Ross Burton <ross.burton@intel.com> --- Makefile.in | 8 ++++---- diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.7.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb index d1e622635f..7e899e7399 100644 --- a/poky/meta/recipes-support/libassuan/libassuan_2.5.7.bb +++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb @@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \ file://libassuan-add-pkgconfig-support.patch \ " -SRC_URI[sha256sum] = "0103081ffc27838a2e50479153ca105e873d3d65d8a9593282e9c94c7e6afb76" +SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426" BINCONFIG = "${bindir}/libassuan-config" diff --git a/poky/meta/recipes-support/libbsd/libbsd_0.12.2.bb b/poky/meta/recipes-support/libbsd/libbsd_0.12.1.bb index 7d5e88f293..161dc6df43 100644 --- a/poky/meta/recipes-support/libbsd/libbsd_0.12.2.bb +++ b/poky/meta/recipes-support/libbsd/libbsd_0.12.1.bb @@ -38,7 +38,7 @@ SECTION = "libs" SRC_URI = "https://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "b88cc9163d0c652aaf39a99991d974ddba1c3a9711db8f1b5838af2a14731014" +SRC_URI[sha256sum] = "d7747f8ec1baa6ff5c096a9dd587c061233dec90da0f1aedd66d830f6db6996a" inherit autotools pkgconfig diff --git a/poky/meta/recipes-support/libfm/libfm_1.3.2.bb b/poky/meta/recipes-support/libfm/libfm_1.3.2.bb index 057c737029..1d7609165b 100644 --- a/poky/meta/recipes-support/libfm/libfm_1.3.2.bb +++ b/poky/meta/recipes-support/libfm/libfm_1.3.2.bb @@ -53,3 +53,7 @@ do_install:append () { rm -f ${D}${libdir}/libfm-extra.a rm -f ${D}${libdir}/libfm-extra.la } + +# http://errors.yoctoproject.org/Errors/Details/766924/ +# libfm-1.3.2/src/actions/action.c:2050:25: error: assignment to 'gchar **' {aka 'char **'} from incompatible pointer type 'const gchar * const*' {aka 'const char * const*'} [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-support/libical/libical_3.0.18.bb b/poky/meta/recipes-support/libical/libical_3.0.17.bb index 040d23b69d..b91912b048 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.18.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.17.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://github.com/libical/libical" BUGTRACKER = "https://github.com/libical/libical/issues" LICENSE = "LGPL-2.1-only | MPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=1910a2a76ddf6a9ba369182494170d87 \ - file://LICENSE.LGPL21.txt;md5=8f690bb538f4b301d931374a6eb864d0 \ + file://LICENSE.LGPL21.txt;md5=933adb561f159e7c3da079536f0ed871 \ file://LICENSE.MPL2.txt;md5=f75d2927d3c1ed2414ef72048f5ad640 \ " SECTION = "libs" @@ -15,7 +15,7 @@ SECTION = "libs" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \ " -SRC_URI[sha256sum] = "72b7dc1a5937533aee5a2baefc990983b66b141dd80d43b51f80aced4aae219c" +SRC_URI[sha256sum] = "bcda9a6db6870240328752854d1ea475af9bbc6356e6771018200e475e5f781b" inherit cmake pkgconfig gobject-introspection vala github-releases diff --git a/poky/meta/recipes-support/libunwind/libunwind_1.6.2.bb b/poky/meta/recipes-support/libunwind/libunwind_1.6.2.bb index 3208785124..c7b1604b61 100644 --- a/poky/meta/recipes-support/libunwind/libunwind_1.6.2.bb +++ b/poky/meta/recipes-support/libunwind/libunwind_1.6.2.bb @@ -40,3 +40,11 @@ do_install:append () { } BBCLASSEXTEND = "native" + +# http://errors.yoctoproject.org/Errors/Build/183144/ +# libunwind-1.6.2/include/tdep-aarch64/libunwind_i.h:123:47: error: passing argument 1 of '_ULaarch64_uc_addr' from incompatible pointer type [-Wincompatible-pointer-types] +# libunwind-1.6.2/src/aarch64/Ginit.c:348:28: error: initialization of 'unw_tdep_context_t *' from incompatible pointer type 'ucontext_t *' [-Wincompatible-pointer-types] +# libunwind-1.6.2/src/aarch64/Ginit.c:377:28: error: initialization of 'unw_tdep_context_t *' from incompatible pointer type 'ucontext_t *' [-Wincompatible-pointer-types] +# libunwind-1.6.2/src/aarch64/Ginit_local.c:51:9: error: assignment to 'ucontext_t *' from incompatible pointer type 'unw_context_t *' {aka 'unw_tdep_context_t *'} [-Wincompatible-pointer-types] +# libunwind-1.6.2/src/aarch64/Gresume.c:37:28: error: initialization of 'unw_tdep_context_t *' from incompatible pointer type 'ucontext_t *' [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.27.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.27.bb index f2431d75c8..5bf854f95d 100644 --- a/poky/meta/recipes-support/libusb/libusb1_1.0.27.bb +++ b/poky/meta/recipes-support/libusb/libusb1_1.0.27.bb @@ -8,6 +8,8 @@ SECTION = "libs" LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +CVE_PRODUCT = "libusb" + BBCLASSEXTEND = "native nativesdk" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \ diff --git a/poky/meta/recipes-support/npth/npth/0001-Revert-Fix-problem-with-regression-tests-on-recent-g.patch b/poky/meta/recipes-support/npth/npth/0001-Revert-Fix-problem-with-regression-tests-on-recent-g.patch new file mode 100644 index 0000000000..47c426b4a5 --- /dev/null +++ b/poky/meta/recipes-support/npth/npth/0001-Revert-Fix-problem-with-regression-tests-on-recent-g.patch @@ -0,0 +1,43 @@ +From e43524868bb4901703d63876f9d49f73ca75b3ab Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 12 May 2021 20:27:52 -0700 +Subject: [PATCH] Revert "Fix problem with regression tests on recent glibc." + +This reverts commit 3a9d32eb59194b989656548755066ccd9feb36ac. + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8a9373c..8cda28d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -284,11 +284,9 @@ AC_TYPE_SSIZE_T + # + # Checks for libraries and functions. + # +-# We test for pthread_detach because glibc 2.22 includes +-# pthread_create but not pthread_detach. + if test "$have_w32_system" = no; then +- AC_SEARCH_LIBS([pthread_detach],[pthread]) +- case "x$ac_cv_search_pthread_detach" in ++ AC_SEARCH_LIBS([pthread_create],[pthread]) ++ case "x$ac_cv_search_pthread_create" in + xno) + have_pthread=no + ;; +@@ -297,7 +295,7 @@ if test "$have_w32_system" = no; then + ;; + *) + have_pthread=yes +- config_libs="$config_libs $ac_cv_search_pthread_detach" ++ config_libs="$config_libs $ac_cv_search_pthread_create" + ;; + esac + if test "$have_pthread" != no; then +-- +2.31.1 + diff --git a/poky/meta/recipes-support/npth/npth/musl-fix.patch b/poky/meta/recipes-support/npth/npth/musl-fix.patch deleted file mode 100644 index fabe78b14c..0000000000 --- a/poky/meta/recipes-support/npth/npth/musl-fix.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 417abd56fd7bf45cd4948414050615cb1ad59134 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Fri, 1 Mar 2024 13:53:52 +0900 -Subject: [PATCH] Fix INSERT_EXPOSE_RWLOCK_API for musl C library. - -* configure.ac: Add a case for musl system. - -Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=npth.git;a=commit;h=417abd56fd7bf45cd4948414050615cb1ad59134] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> --- - -GnuPG-bug-id: 5664 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> ---- - configure.ac | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index c1091b1..576a26e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -381,7 +381,10 @@ fi - AC_SUBST(INSERT_NO_RWLOCK) - - case "${host}" in -- *-*-linux*|*-*-gnu*) -+ *-*-linux-musl*) -+ INSERT_EXPOSE_RWLOCK_API="1" -+ ;; -+ *-*-linux-gnu*|*-*-gnu*) - INSERT_EXPOSE_RWLOCK_API="defined(__USE_UNIX98) || defined(__USE_XOPEN2K)" - ;; - *) --- -2.30.2 - - diff --git a/poky/meta/recipes-support/npth/npth/pkgconfig.patch b/poky/meta/recipes-support/npth/npth/pkgconfig.patch index e736921b43..b6a12e7309 100644 --- a/poky/meta/recipes-support/npth/npth/pkgconfig.patch +++ b/poky/meta/recipes-support/npth/npth/pkgconfig.patch @@ -1,51 +1,13 @@ -From ff19a9648f1c7d93087e2c33ca64bb881d53ea5a Mon Sep 17 00:00:00 2001 -From: Saul Wold <sgw@linux.intel.com> -Date: Mon, 10 Nov 2014 13:59:03 -0800 -Subject: [PATCH] Added npth pkgconfig file +Added npth pkgconfig file Upstream-Status: Pending Signed-off-by: Saul Wold <sgw@linux.intel.com> ---- - configure.ac | 1 + - src/Makefile.am | 4 +++- - src/npth.pc.in | 10 ++++++++++ - 3 files changed, 14 insertions(+), 1 deletion(-) - create mode 100644 src/npth.pc.in -diff --git a/configure.ac b/configure.ac -index 10f3629..65b76a1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -476,6 +476,7 @@ src/Makefile - w32/Makefile - tests/Makefile]) - AC_CONFIG_FILES(npth-config, chmod +x npth-config) -+AC_CONFIG_FILES([src/npth.pc]) - AC_OUTPUT - - echo " -diff --git a/src/Makefile.am b/src/Makefile.am -index 7070118..6f01c64 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -17,8 +17,10 @@ - # License along with this program; if not, see <http://www.gnu.org/licenses/>. - - ## Process this file with automake to produce Makefile.in -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = npth.pc - --EXTRA_DIST = libnpth.vers -+EXTRA_DIST = libnpth.vers npth.pc - # versioninfo.rc.in - nodist_include_HEADERS = npth.h - -diff --git a/src/npth.pc.in b/src/npth.pc.in -new file mode 100644 -index 0000000..db091e8 +Index: npth-1.1/src/npth.pc.in +=================================================================== --- /dev/null -+++ b/src/npth.pc.in ++++ npth-1.1/src/npth.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ @@ -57,3 +19,31 @@ index 0000000..db091e8 +Version: @VERSION@ +Libs: -L${libdir} -lnpth -lpthread +Cflags: -I${includedir} +Index: npth-1.1/src/Makefile.am +=================================================================== +--- npth-1.1.orig/src/Makefile.am ++++ npth-1.1/src/Makefile.am +@@ -27,8 +27,10 @@ + # License along with this program; if not, see <http://www.gnu.org/licenses/>. + + ## Process this file with automake to produce Makefile.in ++pkgconfigdir = $(libdir)/pkgconfig ++pkgconfig_DATA = npth.pc + +-EXTRA_DIST = libnpth.vers ++EXTRA_DIST = libnpth.vers npth.pc + # versioninfo.rc.in + nodist_include_HEADERS = npth.h + +Index: npth-1.1/configure.ac +=================================================================== +--- npth-1.1.orig/configure.ac ++++ npth-1.1/configure.ac +@@ -337,6 +337,7 @@ src/Makefile + w32/Makefile + tests/Makefile]) + AC_CONFIG_FILES(npth-config, chmod +x npth-config) ++AC_CONFIG_FILES([src/npth.pc]) + AC_OUTPUT + + echo " diff --git a/poky/meta/recipes-support/npth/npth_1.7.bb b/poky/meta/recipes-support/npth/npth_1.6.bb index f02a731f85..ef863d39b0 100644 --- a/poky/meta/recipes-support/npth/npth_1.7.bb +++ b/poky/meta/recipes-support/npth/npth_1.6.bb @@ -9,14 +9,18 @@ LIC_FILES_CHKSUM = "\ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/npth/npth-${PV}.tar.bz2 \ file://pkgconfig.patch \ - file://musl-fix.patch \ - " + file://0001-Revert-Fix-problem-with-regression-tests-on-recent-g.patch \ + " -SRC_URI[sha256sum] = "8589f56937b75ce33b28d312fccbf302b3b71ec3f3945fde6aaa74027914ad05" +SRC_URI[md5sum] = "375d1a15ad969f32d25f1a7630929854" +SRC_URI[sha256sum] = "1393abd9adcf0762d34798dc34fdcf4d0d22a8410721e76f1e3afcd1daa4e2d1" + +BINCONFIG = "${bindir}/npth-config" inherit autotools binconfig-disabled multilib_header FILES:${PN} = "${libdir}/libnpth.so.*" +FILES:${PN}-dev += "${bindir}/npth-config" do_install:append() { oe_multilib_header npth.h diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb index b7ebd44abc..2ede38deba 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb @@ -32,3 +32,13 @@ FILES:${PN} += " \ INSANE_SKIP:${PN} = "dev-so" BBCLASSEXTEND = "native nativesdk" + +# # This one is reproducible only on 32bit MACHINEs +# http://errors.yoctoproject.org/Errors/Details/766969/ +# git/p11-kit/import-object.c:223:62: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +# git/p11-kit/import-object.c:229:70: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +# git/p11-kit/import-object.c:264:78: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +# git/p11-kit/import-object.c:223:62: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +# git/p11-kit/import-object.c:229:70: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +# git/p11-kit/import-object.c:264:78: error: passing argument 3 of 'p11_asn1_read' from incompatible pointer type [-Wincompatible-pointer-types] +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.3.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb index e6668da01f..2263e07280 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.3.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" -SRCREV = "92c1b97bfdb4a94acc1cabcaf97eef52dc29144c" +SRCREV = "95f528cff0bc52903b98c292d4a322fcffa74471" PV .= "+git" SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \ diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.16.bb index f0aa3ff93f..5b66e3badf 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.16.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.16.bb @@ -67,3 +67,7 @@ do_install:append() { ${D}${systemd_system_unitdir}/rng-tools.service fi } + +# libargp detection fails +# http://errors.yoctoproject.org/Errors/Details/766951/ +CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch b/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch index 91640d6044..c8e6eddfec 100644 --- a/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch +++ b/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch @@ -31,7 +31,7 @@ ERROR: scons install execution failed. and the installed paths (including the paths inside libserf*.pc) look correct -Upstream-Status: Pending +Upstream-Status: Inappropriate [removes block of code rather than fixing the problem in that block] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> diff --git a/poky/meta/recipes-support/taglib/taglib_2.0.bb b/poky/meta/recipes-support/taglib/taglib_2.0.1.bb index 4bf9be15ae..14f99aabbc 100644 --- a/poky/meta/recipes-support/taglib/taglib_2.0.bb +++ b/poky/meta/recipes-support/taglib/taglib_2.0.1.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib utfcpp" SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz" -SRC_URI[sha256sum] = "e36ea877a6370810b97d84cf8f72b1e4ed205149ab3ac8232d44c850f38a2859" +SRC_URI[sha256sum] = "08c0a27b96aa5c4e23060fe0b6f93102ee9091a9385257b9d0ddcf467de0d925" UPSTREAM_CHECK_URI = "https://taglib.org/" UPSTREAM_CHECK_REGEX = "taglib-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/scripts/lib/devtool/ide_sdk.py b/poky/scripts/lib/devtool/ide_sdk.py index 7807b322b3..65873b088d 100755 --- a/poky/scripts/lib/devtool/ide_sdk.py +++ b/poky/scripts/lib/devtool/ide_sdk.py @@ -1052,7 +1052,7 @@ def register_commands(subparsers, context): parser_ide_sdk.add_argument( '-I', '--key', help='Specify ssh private key for connection to the target') parser_ide_sdk.add_argument( - '--skip-bitbake', help='Generate IDE configuration but skip calling bibtake to update the SDK.', action='store_true') + '--skip-bitbake', help='Generate IDE configuration but skip calling bitbake to update the SDK', action='store_true') parser_ide_sdk.add_argument( '-k', '--bitbake-k', help='Pass -k parameter to bitbake', action='store_true') parser_ide_sdk.add_argument( diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py index 6674e67267..05161942b7 100644 --- a/poky/scripts/lib/devtool/standard.py +++ b/poky/scripts/lib/devtool/standard.py @@ -661,7 +661,18 @@ def _extract_source(srctree, keep_temp, devbranch, sync, config, basepath, works srctree_localdir = os.path.join(srctree, 'oe-local-files') if sync: - bb.process.run('git fetch file://' + srcsubdir + ' ' + devbranch + ':' + devbranch, cwd=srctree) + try: + logger.info('Backing up current %s branch as branch: %s.bak' % (devbranch, devbranch)) + bb.process.run('git branch -f ' + devbranch + '.bak', cwd=srctree) + + # Use git fetch to update the source with the current recipe + # To be able to update the currently checked out branch with + # possibly new history (no fast-forward) git needs to be told + # that's ok + logger.info('Syncing source files including patches to git branch: %s' % devbranch) + bb.process.run('git fetch --update-head-ok --force file://' + srcsubdir + ' ' + devbranch + ':' + devbranch, cwd=srctree) + except bb.process.ExecutionError as e: + raise DevtoolError("Error when syncing source files to local checkout: %s" % str(e)) # Move the oe-local-files directory to srctree. # As oe-local-files is not part of the constructed git tree, @@ -893,7 +904,10 @@ def modify(args, config, basepath, workspace): (stdout, _) = bb.process.run('git rev-list --reverse %s..HEAD' % initial_revs["."], cwd=srctree) commits["."] = stdout.split() check_commits = True - (stdout, _) = bb.process.run('git submodule --quiet foreach --recursive \'echo `git rev-parse devtool-base` $PWD\'', cwd=srctree) + try: + (stdout, _) = bb.process.run('git submodule --quiet foreach --recursive \'echo `git rev-parse devtool-base` $PWD\'', cwd=srctree) + except bb.process.ExecutionError: + stdout = "" for line in stdout.splitlines(): (rev, submodule_path) = line.split() submodule = os.path.relpath(submodule_path, srctree) @@ -1452,8 +1466,10 @@ def _export_local_files(srctree, rd, destdir, srctreebase): 1. updated - files that already exist in SRCURI 2. added - new files files that don't exist in SRCURI 3 removed - files that exist in SRCURI but not in exported files - In each dict the key is the 'basepath' of the URI and value is the - absolute path to the existing file in recipe space (if any). + In each dict the key is the 'basepath' of the URI and value is: + - for updated and added dicts, a dict with 1 optionnal key: + - 'path': the absolute path to the existing file in recipe space (if any) + - for removed dict, the absolute path to the existing file in recipe space """ import oe.recipeutils @@ -1535,9 +1551,9 @@ def _export_local_files(srctree, rd, destdir, srctreebase): origpath = existing_files.pop(fname) workpath = os.path.join(local_files_dir, fname) if not filecmp.cmp(origpath, workpath): - updated[fname] = origpath + updated[fname] = {'path' : origpath} elif fname != '.gitignore': - added[fname] = None + added[fname] = {} workdir = rd.getVar('WORKDIR') s = rd.getVar('S') @@ -1554,7 +1570,7 @@ def _export_local_files(srctree, rd, destdir, srctreebase): if os.path.exists(fpath): origpath = existing_files.pop(fname) if not filecmp.cmp(origpath, fpath): - updated[fpath] = origpath + updated[fpath] = {'path' : origpath} removed = existing_files return (updated, added, removed) @@ -1640,7 +1656,8 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi redirect_output=dry_run_outdir) else: files_dir = _determine_files_dir(rd) - for basepath, path in upd_f.items(): + for basepath, param in upd_f.items(): + path = param['path'] logger.info('Updating file %s%s' % (basepath, dry_run_suffix)) if os.path.isabs(basepath): # Original file (probably with subdir pointing inside source tree) @@ -1650,7 +1667,8 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi _move_file(os.path.join(local_files_dir, basepath), path, dry_run_outdir=dry_run_outdir, base_outdir=recipedir) update_srcuri= True - for basepath, path in new_f.items(): + for basepath, param in new_f.items(): + path = param['path'] logger.info('Adding new file %s%s' % (basepath, dry_run_suffix)) _move_file(os.path.join(local_files_dir, basepath), os.path.join(files_dir, basepath), @@ -1772,7 +1790,8 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil else: # Update existing files files_dir = _determine_files_dir(rd) - for basepath, path in upd_f.items(): + for basepath, param in upd_f.items(): + path = param['path'] logger.info('Updating file %s' % basepath) if os.path.isabs(basepath): # Original file (probably with subdir pointing inside source tree) @@ -1806,7 +1825,7 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil dry_run_outdir=dry_run_outdir, base_outdir=recipedir) updatefiles = True # Add any new files - for basepath, path in new_f.items(): + for basepath, param in new_f.items(): logger.info('Adding new file %s%s' % (basepath, dry_run_suffix)) _move_file(os.path.join(local_files_dir, basepath), os.path.join(files_dir, basepath), diff --git a/poky/scripts/lib/recipetool/create_go.py b/poky/scripts/lib/recipetool/create_go.py index c560831442..a85a2f2786 100644 --- a/poky/scripts/lib/recipetool/create_go.py +++ b/poky/scripts/lib/recipetool/create_go.py @@ -16,7 +16,7 @@ from html.parser import HTMLParser from recipetool.create import RecipeHandler, handle_license_vars from recipetool.create import guess_license, tidy_licenses, fixup_license from recipetool.create import determine_from_url -from urllib.error import URLError +from urllib.error import URLError, HTTPError import bb.utils import json @@ -225,7 +225,7 @@ class GoRecipeHandler(RecipeHandler): def __init__(self): super().__init__() - self.__srv = [] + self.__srv = {} def handle_starttag(self, tag, attrs): if tag == 'meta' and list( @@ -233,36 +233,34 @@ class GoRecipeHandler(RecipeHandler): content = list( filter(lambda a: (a[0] == 'content'), attrs)) if content: - self.__srv = content[0][1].split() + srv = content[0][1].split() + self.__srv[srv[0]] = srv - @property - def import_prefix(self): - return self.__srv[0] if len(self.__srv) else None - - @property - def vcs(self): - return self.__srv[1] if len(self.__srv) else None - - @property - def repourl(self): - return self.__srv[2] if len(self.__srv) else None + def go_import(self, modulepath): + if modulepath in self.__srv: + srv = self.__srv[modulepath] + return GoImport(srv[0], srv[1], srv[2], None) + return None url = url.geturl() + "?go-get=1" req = urllib.request.Request(url) try: - resp = urllib.request.urlopen(req) - + body = urllib.request.urlopen(req).read() + except HTTPError as http_err: + logger.warning( + "Unclean status when fetching page from [%s]: %s", url, str(http_err)) + body = http_err.fp.read() except URLError as url_err: logger.warning( "Failed to fetch page from [%s]: %s", url, str(url_err)) return None parser = GoImportHTMLParser() - parser.feed(resp.read().decode('utf-8')) + parser.feed(body.decode('utf-8')) parser.close() - return GoImport(parser.import_prefix, parser.vcs, parser.repourl, None) + return parser.go_import(modulepath) def __resolve_from_golang_proxy(self, modulepath, version): """ diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py index 795707ec5d..bf2c34d594 100644 --- a/poky/scripts/lib/wic/partition.py +++ b/poky/scripts/lib/wic/partition.py @@ -284,19 +284,8 @@ class Partition(): extraopts = self.mkfs_extraopts or "-F -i 8192" - if os.getenv('SOURCE_DATE_EPOCH'): - sde_time = int(os.getenv('SOURCE_DATE_EPOCH')) - if pseudo: - pseudo = "export E2FSPROGS_FAKE_TIME=%s;%s " % (sde_time, pseudo) - else: - pseudo = "export E2FSPROGS_FAKE_TIME=%s; " % sde_time - - # Set hash_seed to generate deterministic directory indexes - namespace = uuid.UUID("e7429877-e7b3-4a68-a5c9-2f2fdf33d460") - if self.fsuuid: - namespace = uuid.UUID(self.fsuuid) - hash_seed = str(uuid.uuid5(namespace, str(sde_time))) - extraopts += " -E hash_seed=%s" % hash_seed + # use hash_seed to generate reproducible ext4 images + (extraopts, pseudo) = self.get_hash_seed_ext4(extraopts, pseudo) label_str = "" if self.label: @@ -344,6 +333,23 @@ class Partition(): self.check_for_Y2038_problem(rootfs, native_sysroot) + def get_hash_seed_ext4(self, extraopts, pseudo): + if os.getenv('SOURCE_DATE_EPOCH'): + sde_time = int(os.getenv('SOURCE_DATE_EPOCH')) + if pseudo: + pseudo = "export E2FSPROGS_FAKE_TIME=%s;%s " % (sde_time, pseudo) + else: + pseudo = "export E2FSPROGS_FAKE_TIME=%s; " % sde_time + + # Set hash_seed to generate deterministic directory indexes + namespace = uuid.UUID("e7429877-e7b3-4a68-a5c9-2f2fdf33d460") + if self.fsuuid: + namespace = uuid.UUID(self.fsuuid) + hash_seed = str(uuid.uuid5(namespace, str(sde_time))) + extraopts += " -E hash_seed=%s" % hash_seed + + return (extraopts, pseudo) + def prepare_rootfs_btrfs(self, rootfs, cr_workdir, oe_builddir, rootfs_dir, native_sysroot, pseudo): """ @@ -437,13 +443,16 @@ class Partition(): extraopts = self.mkfs_extraopts or "-i 8192" + # use hash_seed to generate reproducible ext4 images + (extraopts, pseudo) = self.get_hash_seed_ext4(extraopts, None) + label_str = "" if self.label: label_str = "-L %s" % self.label mkfs_cmd = "mkfs.%s -F %s %s -U %s %s" % \ (self.fstype, extraopts, label_str, self.fsuuid, rootfs) - exec_native_cmd(mkfs_cmd, native_sysroot) + exec_native_cmd(mkfs_cmd, native_sysroot, pseudo=pseudo) self.check_for_Y2038_problem(rootfs, native_sysroot) diff --git a/poky/scripts/oe-setup-build b/poky/scripts/oe-setup-build index 5364f2b481..c0476992a2 100755 --- a/poky/scripts/oe-setup-build +++ b/poky/scripts/oe-setup-build @@ -91,7 +91,16 @@ def setup_build_env(args): builddir = args.b if args.b else template["buildpath"] no_shell = args.no_shell coredir = os.path.abspath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..')) - cmd = "TEMPLATECONF={} . {} {}".format(template["templatepath"], os.path.join(coredir, 'oe-init-build-env'), builddir) + cmd_base = ". {} {}".format(os.path.join(coredir, 'oe-init-build-env'), os.path.abspath(builddir)) + + initbuild = os.path.join(builddir, 'init-build-env') + if not os.path.exists(initbuild): + os.makedirs(builddir, exist_ok=True) + with open(initbuild, 'w') as f: + f.write(cmd_base) + print("\nRun '. {}' to initialize the build in a current shell session.\n".format(initbuild)) + + cmd = "TEMPLATECONF={} {}".format(template["templatepath"], cmd_base) if not no_shell: cmd = cmd + " && {}".format(os.environ['SHELL']) print("Running:", cmd) |
