summaryrefslogtreecommitdiff
path: root/poky
diff options
context:
space:
mode:
authorAndrew Geissler <geissonator@yahoo.com>2023-07-21 17:09:43 +0300
committerPatrick Williams <patrick@stwcx.xyz>2023-08-10 22:22:44 +0300
commit8f840685fb701a268141f0fcebc1d34fcd9b01de (patch)
tree49f7cc04f8447a72e1bb9f96fa4a1174cea7b435 /poky
parent5eea8d85a2b0bfced71508b4b97030e2dc9a5717 (diff)
downloadopenbmc-8f840685fb701a268141f0fcebc1d34fcd9b01de.tar.xz
subtree updates july 21 2023 poky,openembedded
poky: 13b646c0e1..b398c7653e: Adrian Freihofer (2): runqemu-ifdown: catch up with ifup runqemu: drop uid parameter for ifdown Alejandro Hernandez Samaniego (3): baremetal-helloworld: Fix race condition runqemu: Stop using warn() since its been deprecated runqemu: Fix automated call to runqemu-ifup Alex Kiernan (3): rootfs: Add debugfs package db file copy and cleanup rpm: Pick debugfs package db files/dirs explicitly eudev: Add group sgx to eudev package Alexander Kanavin (27): insane.bbclass: enable 32 bit time API check (as a warning) on affected architectures libxcrypt: upgrade 4.4.34 -> 4.4.35 libxml2: update 2.10.4 -> 2.11.4 ovmf: update 202302 -> 202305 lua: update 5.4.4 -> 5.4.6 cargo.bbclass: set up cargo environment in common do_compile rust-common.bbclass: move musl-specific linking fix from rust-source.inc python3-cryptography: update 39.0.2 -> 41.0.1 python3-cryptography-vectors: update 39.0.2 -> 41.0.1 python3: update 3.11.3 -> 3.11.4 diffutils: update 3.9 -> 3.10 shadow: remove dependency on pam-plugin-lastlog libpam: update 1.5.2 -> 1.5.3 librsvg: update 2.56.0 -> 2.56.1 vulkan-validation-layers: update 1.3.243 -> 1.3.250 xcb-util-cursor: add a recipe from meta-oe weston: update 11.0.1 -> 12.0.1 libdmx: update 1.1.4 -> 1.1.5 xtrans: update 1.4.0 -> 1.5.0 libproxy: fetch from git libproxy: update 0.4.18 -> 0.5.2 libssh2: update 1.10.0 -> 1.11.0 gstreamer1.0-plugins-base: enable glx/opengl support webkitgtk: update 2.38.5 -> 2.40.2 python3-cryptography: update a patch to upstream's better followup fix time64.inc: annotate and clean up recipe-specific Y2038 exceptions Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock" Andrej Valek (3): cve-check: add option to add additional patched CVEs oeqa/selftest/cve_check: rework test to new cve status handling cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS Anuj Mittal (7): rpm: backport fix to prevent crashes with latest sqlite sqlite3: upgrade 3.41.2 -> 3.42.0 vte: upgrade 0.72.1 -> 0.72.2 libpng: upgrade 1.6.39 -> 1.6.40 glib-networking: upgrade 2.76.0 -> 2.76.1 bluez5: upgrade 5.66 -> 5.68 selftest/cases/glibc.py: fix the override syntax BELOUARGA Mohamed (9): bitbake: fetch2/npmsw: Add support for the new format of the shrinkwrap file bitbake: fetch2/npmsw: Don't fetch dev dependencies when they are not demanded bitbake: fetch2/npm: Remove special caracters that causes recipe tool to fail recipetool: create: npm: Remove duplicate function to not have future conflicts classes: npm: Handle peer dependencies for npm packages recipetool: create: npm: Add support for the new format of the shrinkwrap file recipetool: create: npm: Add support to handle peer dependencies classes: npm: Add support for the new format of the shrinkwrap file classe-recipes: npm: Add support for dependencies and devDependencies Benjamin Bouvier (1): util-linux: add alternative links for ipcs,ipcrm Bruce Ashfield (19): perf: fix buildpaths QA warning in 6.4+ linux-libc-headers: bump to 6.4 kernel: fix localversion in v6.3+ linux-yocto: introduce 6.4 reference kernel recipes linux-yocto/6.4: update to latest linux-yocto/6.4: aufs6 integration linux-yocto/6.4: refresh configuration linux-yocto-rt/6.4: integrate -rt6 linux-yocto/6.4: update to v6.4.2 linux-yocto-tiny/6.4: fix configuration warnings (HID) linux-yocto-tiny/arm: fix configuration warnings (HID) linux-yocto/ppc: add elfutils-native to DEPENDS linux-yocto/6.1: update to v6.1.36 linux-yocto/6.1: update to v6.1.37 linux-yocto/6.1: update to v6.1.38 linux-yocto/6.x: cfg: update ima.cfg to match current meta-integrity linux-yocto/6.4: update to v6.4.3 kernel: set HOSTPKG_CONFIG to use pkg-config-native linux-yocto/6.4: fix menuconfig Changqing Li (2): dnf: only write the log lock to root for native dnf rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock Denys Dmytriyenko (1): bitbake: runqueue: convert deferral messages from bb.note to bb.debug Enrico Scholz (1): shadow-sysroot: add license information Etienne Cordonnier (2): libxcrypt: fix hard-coded ".so" extension qemu: fix typo Fabio Estevam (3): u-boot: Update Upstream-Status u-boot: Upgrade to 2023.07 u-boot: Upgrade to 2023.07.02 Frederic Martinsons (1): ptest-cargo.bbclass: fix condition to detect test executable Joe Slater (1): ghostscript: advance to version 10.01.2 Jose Quaresma (12): kernel: config modules directories are handled by kernel-module-split kernel-module-split: install config modules directories only when they are needed kernel-module-split: use context manager to open files kernel-module-split: make autoload and probeconf distribution specific kernel-module-split add systemd modulesloaddir and modprobedir config pybootchartgui: calcule elapsed_time when starting the loop pybootchartgui: concatenate the elapsed time with the process pybootchartgui: fix overlapping argument in render_processes_chart pybootchartgui: fix width max usage in draw_label_in_box openssl: add PERLEXTERNAL path to test its existence openssl: use a glob on the PERLEXTERNAL to track updates on the path go: update 1.20.5 -> 1.20.6 Julien Stephan (1): automake: fix buildtest patch Khem Raj (9): ffmpeg: Fix build on riscv libpam: Fix examples build on musl webkitgtk: Enable JIT on RISCV64 musl: Guard fallocate64 with _LARGEFILE64_SOURCE alsa-lib: Disable old API symbols mesa: Fix build with upcoming LLVM 17 meson.bbclass: Point to llvm-config from native sysroot webkitgtk: Unbreak build on platforms using pvr graphics drivers python3-lxml: upgrade 4.9.2 -> 4.9.3 Martin Jansa (4): selftest: multiconfig-image-packager: try to respect IMAGE_LINK_NAME kernel-devicetree: install dtb files without -${KERNEL_DTB_NAME} suffix image-artifact-names: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME} cpio: respect MLPREFIX for PACKAGE_WRITE_DEPS Michael Halstead (1): resulttool/resultutils: allow index generation despite corrupt json Mingli Yu (1): qemu: Add qemu-user-* and qemu-system-* to PACKAGES_DYNAMIC Natasha Bailey (1): tiff: backport a fix for CVE-2023-26965 Ovidiu Panait (5): mdadm: fix util-linux ptest dependency mdadm: fix 07revert-inplace ptest mdadm: fix segfaults when running ptests mdadm: skip running known broken ptests mdadm: re-add mdadm-ptest to PTESTS_SLOW Peter Hoyes (5): bitbake: bitbake: tests/fetch: Mark TestTimeout as not a test suite bitbake: bitbake: tests/fetch: Rename assertRaisesRegexp to assertRaisesRegex bitbake: bitbake: tests/fetch: Set git config if not already set bitbake: bitbake: tests: Use assertLogs to test logging output bitbake: bitbake: Bootstrap pytest for self-tests Peter Marko (4): cve-update-nvd2-native: fix cvssV3 metrics gcsections: apply section removal also in C++, not only in C cve-update-nvd2-native: retry all errors and sleep between retries cve-update-nvd2-native: increase retry count Piotr Łobacz (1): bitbake.conf: Add acl distro native features support Quentin Schulz (1): uboot-extlinux-config.bbclass: fix old override syntax in comment Richard Purdie (14): defaultsetup: Enable largefile and 64bit time_t support systemwide for 32 bit platforms time64: Disable CFLAGS for strace bitbake: runqueue: Fix deferred task/multiconfig race issue strace: Update patches/tests with upstream fixes bitbake: fetch2/npmsw: Support old and new shrinkwrap formats ptest-runner: Pull in "runner: Remove threads and mutexes" fix bitbake: server/process: Show command in timeout message bitbake: cooker: Log when parsing starts in server log gcc-testsuite: Fix ppc cpu specification ptest-runner: Pull in parallel test fixes and output handling oeqa/selftest/rust: Various fixes to work correctly bitbake: runqueue: Add pressure change logging build-appliance-image: Update to master head revision glibc-testsuite: Fix network restrictions causing test failures Ross Burton (26): cve-update-db-native: remove cve-update-nvd2-native: handle all configuration nodes, not just first cve-update-nvd2-native: use exact times, don't truncate ghostscript: remove CVE_CHECK_IGNORE for CVE-2013-6629 pkgconf: update SRC_URI libjpeg-turbo: upgrade to 3.0.0 cups: upgrade to 2.4.6 tiff: upgrade to 4.5.1 linux-yocto/cve-exclusion: move entries from cve-extra-exclusions linux-yocto/cve-exclusion: ignore more backported CVEs python3: fix missing comma in get_module_deps3.py python3-jsonpointer: upgrade to 2.4 oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case cml1: add showconfig task to easily find the generated .config file rootfs_rpm: don't depend on opkg-native for update-alternatives poky: add Debian 12 to supported distribution list cve-update-nvd2-native: log a little more cve-update-nvd2-native: actually use API keys gcc: don't pass --enable-standard-branch-protection machine/arch-arm64: add -mbranch-protection=standard qemuarm: pin kernel to 6.1 libdmx: remove obsolete library linux-yocto_6.1: ignore backported CVEs python3: ignore CVE-2023-36632 ltp: add RDEPENDS on findutils oeqa/ltp: rewrote LTP testcase and parser Siddharth Doshi (2): bind: Upgrade 9.18.15 -> 9.18.16 flac: Upgrade 1.4.2 -> 1.4.3 Soumya (1): perl: Fix CVE-2023-31486 Staffan Rydén (1): kernel: Fix path comparison in kernel staging dir symlinking Stéphane Veyret (1): scripts/oe-setup-builddir: copy conf-notes.txt to build dir Sudip Mukherjee (1): libssh2: disable rpath to fix curl-native build Thomas Roos (1): testimage/oeqa: Drop testimage_dump_host functionality Tim Orling (10): python3-pytest-subtests: upgrade 0.10.0 -> 0.11.0 python3-urllib3: upgrade 2.0.2 -> 2.0.3 python3-typing-extensions: upgrade 4.6.3 -> 4.7.0 python3-hypothesis: upgrade 6.79.2 -> 6.80.0 python3-pygments: upgrade 2.14.0 -> 2.15.1 python3-importlib-metadata: upgrade 6.7.0 -> 6.8.0 python3-typing-extensions: upgrade 4.7.0 -> 4.7.1 python3-cryptography{-vectors}: upgrade 41.0.1 -> 41.0.2 python3-zipp: upgrade 3.15.0 -> 3.16.2 python3-hypothesis: upgrade 6.80.0 -> 6.81.2 Trevor Gamblin (15): python3: add cgitb, zipapp ptest dependencies qemu: upgrade 8.0.0 -> 8.0.3 python3: parallelize ptests, add test_cppext dependencies python3-setuptools: upgrade 67.6.1 -> 68.0.0 diffoscope: upgrade 242 -> 243 p11-kit: upgrade 0.24.1 -> 0.25.0 diffoscope: add missing RDEPENDS and alphabetize linux-firmware: upgrade 20230515 -> 20230625 python3-trove-classifiers: upgrade 2023.5.24 -> 2023.7.6 python3-cython: upgrade 0.29.35 -> 0.29.36 icu: upgrade 72-1 -> 73-2 python3-editables: add python3-io to RDEPENDS python3: ensure ptest regression capture diffoscope: upgrade 243 -> 244 xeyes: upgrade 1.2.0 -> 1.3.0 Wang Mingyu (51): freetype: upgrade 2.13.0 -> 2.13.1 gstreamer1.0: upgrade 1.22.3 -> 1.22.4 kbd: upgrade 2.5.1 -> 2.6.0 libassuan: upgrade 2.5.5 -> 2.5.6 libksba: upgrade 1.6.3 -> 1.6.4 libmd: upgrade 1.0.4 -> 1.1.0 libsdl2: upgrade 2.26.5 -> 2.28.0 libtraceevent: upgrade 1.7.2 -> 1.7.3 libx11: upgrade 1.8.5 -> 1.8.6 lttng-ust: upgrade 2.13.5 -> 2.13.6 nettle: upgrade 3.9 -> 3.9.1 nghttp2: upgrade 1.53.0 -> 1.54.0 ccache: upgrade 4.8.1 -> 4.8.2 mesa: upgrade 23.1.1 -> 23.1.3 python3-numpy: upgrade 1.24.3 -> 1.25.0 python3-typing-extensions: upgrade 4.6.2 -> 4.6.3 xorgproto: upgrade 2022.2 -> 2023.2 python3-hatchling: upgrade 1.17.0 -> 1.18.0 python3-hypothesis: upgrade 6.75.7 -> 6.79.2 python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0 python3-iso8601: upgrade 1.1.0 -> 2.0.0 python3-markupsafe: upgrade 2.1.2 -> 2.1.3 python3-pluggy: upgrade 1.0.0 -> 1.2.0 python3-pycairo: upgrade 1.23.0 -> 1.24.0 python3-pyparsing: upgrade 3.0.9 -> 3.1.0 python3-pytest: upgrade 7.3.1 -> 7.4.0 python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32 python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2 xkeyboard-config: upgrade 2.38 -> 2.39 xwayland: upgrade 23.1.1 -> 23.1.2 wayland-protocols: upgrade 1.31 -> 1.32 taglib: upgrade 1.13 -> 1.13.1 libxcrypt: upgrade 4.4.35 -> 4.4.36 msmtp: upgrade 1.8.23 -> 1.8.24 libwebp: upgrade 1.3.0 -> 1.3.1 libuv: upgrade 1.45.0 -> 1.46.0 acpica: upgrade 20230331 -> 20230628 libnss-nis: upgrade 3.1 -> 3.2 harfbuzz: upgrade 7.3.0 -> 8.0.1 libproxy: upgrade 0.5.2 -> 0.5.3 nghttp2: upgrade 1.54.0 -> 1.55.1 debianutils: upgrade 5.7 -> 5.8 glib-2.0: upgrade 2.76.3 -> 2.76.4 python3-pip: upgrade 23.1.2 -> 23.2 opkg: upgrade 0.6.1 -> 0.6.2 opkg-utils: upgrade 0.5.0 -> 0.6.2 python3-editables: upgrade 0.3 -> 0.4 python3-git: upgrade 3.1.31 -> 3.1.32 python3-numpy: upgrade 1.25.0 -> 1.25.1 repo: upgrade 2.34.1 -> 2.35 libva: upgrade to 2.19.0 Yash Shinde (1): oeqa/selftest: Add rust selftests Yi Zhao (1): ifupdown: install missing directories Yoann Congal (2): recipetool: Fix inherit in created -native* recipes oeqa/selftest/devtool: add unit test for "devtool add -b" Yuta Hayama (1): systemd-systemctl: fix errors in instance name expansion meta-openembedded: 2638d458a5..0e3f5e5201: Alex Kiernan (1): ostree: Upgrade 2023.4 -> 2023.5 Archana Polampalli (1): tcpreplay: upgrade 4.4.3 -> 4.4.4 Beniamin Sandu (1): mbedtls: fix builds with crypto extensions Bruce Ashfield (1): vboxguestdrivers: fix compilation against 6.4 kernel / headers Carlos Rafael Giani (3): pipewire: Disable libmysofa since it is not available in OE pipewire: Improve packageconfigs pipewire: Add dedicated aes67 package and fix rlimits.d package assignment Chee Yang Lee (1): rabbitmq-c: Fix CVE-2023-35789 Jasper Orschulko (8): python3-pytest-cov: Add initial recipe 4.1.0 python3-covdefaults: Add initial recipe 2.3.0 python3-platformdirs: Fix recipe version 3.6.0 python3-distlib: Add initial recipe 0.3.6 python3-filelock: Add initial recipe 3.12.0 python3-virtualenv: Add initial recipe 20.23.0 python3-pyproject-api: Add initial recipe 1.5.1 python3-tox: Add initial recipe 4.6.0 Joe Slater (1): libgpiod: modify RDEPENDS for ptest Justin Bronder (2): python3-asyncinotify: upgrade 3.0.1 -> 4.0.2 python3-pytest-asyncio: upgrade 0.16.0 -> 0.21.1 Kai Kang (2): libtimezonemap: rename downloaded file name fltk-native: fix libdl link issue Khem Raj (33): gupnp-av: Fix build with libxml2-2.11 and newer xcb-util-cursor: Delete recipe pidgin-sipe: Add packageconfig to turn Werror on/off fbida: Fix build on musl pcp: Update to 6.0.5 geos: Upgrade to 3.12.0 ctags: Extend to build native package libcoap: Build linker symbol file explicitly geos: Use cmake directly pcp: Fix build race sblim-sfcc: Fix build with clang17 minifi-cpp: Fix build with clang 17 python3-grpcio-tools: Upgrade to 1.56.0 python3-grpcio: Upgrade to 1.56.0 python3-grpcio: Fix build on musl python3-grpcio-tools: Fix build with musl thin-provisioning-tools: Upgrade to 1.0.4 thin-provisioning-tools: Fix build on musl. pcp: Disable parallel build crash: Fix build with glibc 2.38+ breakpad: Update to latest trunk python3-requests-toolbelt: Fix ptest failures seen with urllib3 2.0 ptest-packagelists-meta-oe: Limit mcelog to x86/x86_64 graphviz: Upgrade to 8.1.0 release emlog: Update to latest to fix build with 6.4 kernel dlm: Upgrade to 4.2.0 mdio-tools: Update to latest on trunk dlm: Fix build with linux kernel 6.4+ dlm: Do not pass -fcf-protection=full via Makefile dlm: Do not use -fcf-protection=full on arm platforms zfs: Update to 2.2.0 rc1 zfs: Disable builds on aarch64 for now dhcp-relay: Pass cross configure flags to bind build Luke Schaefer (1): nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com> Marek Vasut (4): lvgl: Factor out and unify lv-drivers configuration lvgl: Add default input device configuration option linux-serial-test: Update to latest git revision libiio: enable c++ bindings Markus Volk (10): pipewire: upgrade 0.3.71 -> 0.3.72 pipewire: upgrade 0.3.72 -> 0.3.73 gnome-software: upgrade 44.2 -> 44.3 eog: upgrade 44.2 -> 44.3 spdlog: upgrade 1.11.0 -> 1.12.0 flatpak: update dependencies gnome-control-center: upgrade 44.2 -> 44.3 gnome-shell: upgrade 44.2 -> 44.3 mutter: upgrade 44.2 -> 44.3 gnome-settings-daemon: upgrade 44.0 -> 44.1 Martin Jansa (4): nodejs: use PIE for host binaries gupnp: backport a fix not to use deprecated xmlReadMemory pidgin-sipe: allow to build with libxml2-2.11 raptor2: backport a fix to build with libxml2-2.11 Michael Haener (1): nginx: upgrade to 1.24.0 release Michael Weiß (1): pv: Show progress bar even if no terminal is set as in 1.6.6 Mingli Yu (1): snort: Add systemd unit file Peter Kjellerstedt (1): cppzmq: Move the version to the recipe file name Petr Gotthard (2): python3-pyroute2: upgrade 0.5.19 -> 0.7.9 networkmanager: upgrade 1.42.6 -> 1.42.8 Ricardo Salveti (1): lshw: bump to b4e0673 Ross Burton (5): poppler: fix missing include libpaper: remove redundant autoreconf --install liblbxutil: remove obsolete library xsetmode: remove obsolete utility libxkbui: remove obsolete recipe Tim Orling (1): python3-argh: upgrade 0.26.2 -> 0.28.1 Trevor Gamblin (9): python3-alembic: upgrade 1.10.4 -> 1.11.1 python3-sqlalchemy: upgrade 2.0.15 -> 2.0.19 python3-argcomplete: upgrade 3.1.0 -> 3.1.1 python3-arpeggio: upgrade 2.0.0 -> 2.0.2 python3-astroid: upgrade 2.15.5 -> 2.15.6 python3-autobahn: upgrade 23.6.1 -> 23.6.2 python3-bandit: upgrade 1.7.4 -> 1.7.5 python3-bandit: add python3-rich to RDEPENDS python3-bitarray: upgrade 2.7.3 -> 2.7.6 Wang Mingyu (44): cppzmq: upgrade 4.9.0 -> 4.10.0 iwd: upgrade 2.5 -> 2.6 libburn: upgrade 1.5.4 -> 1.5.6 libzip: upgrade 1.9.2 -> 1.10.0 openfortivpn: upgrade 1.20.3 -> 1.20.5 psqlodbc: upgrade 13.02.0000 -> 15.00.0000 python3-aenum: upgrade 3.1.12 -> 3.1.14 python3-can: upgrade 4.2.1 -> 4.2.2 python3-google-api-python-client: upgrade 2.89.0 -> 2.90.0 python3-h5py: upgrade 3.8.0 -> 3.9.0 python3-natsort: upgrade 8.3.1 -> 8.4.0 python3-pymodbus: upgrade 3.3.1 -> 3.3.2 python3-pymongo: upgrade 4.3.3 -> 4.4.0 python3-pyscaffold: upgrade 4.4.1 -> 4.5 python3-pyzstd: upgrade 0.15.7 -> 0.15.9 python3-requests-futures: upgrade 1.0.0 -> 1.0.1 python3-sentry-sdk: upgrade 1.25.1 -> 1.26.0 python3-zeroconf: upgrade 0.68.0 -> 0.69.0 weechat: upgrade 3.8 -> 4.0.0 python3-platformdirs: upgrade 3.6.0 -> 3.8.0 renderdoc: upgrade 1.13 -> 1.27 gegl: upgrade 0.4.44 -> 0.4.46 gvfs: upgrade 1.50.4 -> 1.51.1 weechat: upgrade 4.0.0 -> 4.0.1 avro-c: upgrade 1.11.1 -> 1.11.2 glfw: upgrade 3.3 -> 3.3.8 hwloc: upgrade 2.9.1 -> 2.9.2 minicoredumper: upgrade 2.0.3 -> 2.0.6 thingsboard-gateway: upgrade 3.2 -> 3.3 xterm: upgrade 382 -> 383 passwdqc: upgrade 2.0.2 -> 2.0.3 python3-aenum: upgrade 3.1.14 -> 3.1.15 python3-configargparse : upgrade 1.5.3 -> 1.5.5 python3-elementpath: upgrade 4.1.3 -> 4.1.4 python3-google-api-python-client: upgrade 2.90.0 -> 2.92.0 python3-google-auth: upgrade 2.20.0 -> 2.21.0 python3-joblib: upgrade 1.2.0 -> 1.3.1 python3-pillow: upgrade 9.5.0 -> 10.0.0 python3-redis: upgrade 4.5.5 -> 4.6.0 python3-tox: upgrade 4.6.0 -> 4.6.3 python3-virtualenv: upgrade 20.23.0 -> 20.23.1 python3-zeroconf: upgrade 0.69.0 -> 0.70.0 libyang: Fix install conflict when enable multilib. php: Fix install conflict when enable multilib. Wolfgang Meyer (4): fbida: Switch to git fetcher fbida: build with meson fbida: SRC_REV bump ac9005b..eb769e3 fbida: make fbpdf build optional Yi Zhao (6): conntrack-tools: add systemd unit file conntrack-tools: add required kernel modules to RRECOMMENDS frr: upgrade 8.4.2 -> 8.4.4 mbedtls: upgrade 2.28.2 -> 2.28.3 open-vm-tools: Security fix CVE-2023-20867 samba: upgrade 4.18.3 -> 4.18.4 Zoltán Böszörményi (1): opencv: 4.8.0 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I48c2ba4573ee81b637b1ba890c312f491004f666
Diffstat (limited to 'poky')
-rw-r--r--poky/bitbake/README8
-rw-r--r--poky/bitbake/lib/bb/cooker.py1
-rw-r--r--poky/bitbake/lib/bb/fetch2/npm.py9
-rw-r--r--poky/bitbake/lib/bb/fetch2/npmsw.py26
-rw-r--r--poky/bitbake/lib/bb/runqueue.py22
-rw-r--r--poky/bitbake/lib/bb/server/process.py2
-rw-r--r--poky/bitbake/lib/bb/tests/fetch.py23
-rw-r--r--poky/bitbake/lib/bb/tests/parse.py16
-rw-r--r--poky/meta-poky/conf/distro/include/gcsections.inc2
-rw-r--r--poky/meta-poky/conf/distro/poky.conf1
-rw-r--r--poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb18
-rw-r--r--poky/meta/classes-global/insane.bbclass6
-rw-r--r--poky/meta/classes-recipe/cargo.bbclass1
-rw-r--r--poky/meta/classes-recipe/cargo_common.bbclass16
-rw-r--r--poky/meta/classes-recipe/cml1.bbclass6
-rw-r--r--poky/meta/classes-recipe/image-artifact-names.bbclass3
-rw-r--r--poky/meta/classes-recipe/image-live.bbclass1
-rw-r--r--poky/meta/classes-recipe/image.bbclass7
-rw-r--r--poky/meta/classes-recipe/image_types.bbclass108
-rw-r--r--poky/meta/classes-recipe/image_types_wic.bbclass2
-rw-r--r--poky/meta/classes-recipe/kernel-arch.bbclass7
-rw-r--r--poky/meta/classes-recipe/kernel-devicetree.bbclass28
-rw-r--r--poky/meta/classes-recipe/kernel-module-split.bbclass65
-rw-r--r--poky/meta/classes-recipe/kernel.bbclass18
-rw-r--r--poky/meta/classes-recipe/meson.bbclass1
-rw-r--r--poky/meta/classes-recipe/npm.bbclass60
-rw-r--r--poky/meta/classes-recipe/ptest-cargo.bbclass6
-rw-r--r--poky/meta/classes-recipe/rootfs-postcommands.bbclass2
-rw-r--r--poky/meta/classes-recipe/rootfs_rpm.bbclass4
-rw-r--r--poky/meta/classes-recipe/rust-common.bbclass4
-rw-r--r--poky/meta/classes-recipe/testexport.bbclass6
-rw-r--r--poky/meta/classes-recipe/testimage.bbclass20
-rw-r--r--poky/meta/classes-recipe/uboot-extlinux-config.bbclass8
-rw-r--r--poky/meta/classes/cve-check.bbclass85
-rw-r--r--poky/meta/conf/bitbake.conf3
-rw-r--r--poky/meta/conf/cve-check-map.conf28
-rw-r--r--poky/meta/conf/distro/defaultsetup.conf2
-rw-r--r--poky/meta/conf/distro/include/cve-extra-exclusions.inc698
-rw-r--r--poky/meta/conf/distro/include/maintainers.inc5
-rw-r--r--poky/meta/conf/distro/include/ptest-packagelists.inc3
-rw-r--r--poky/meta/conf/distro/include/tcmode-default.inc2
-rw-r--r--poky/meta/conf/distro/include/time64.inc21
-rw-r--r--poky/meta/conf/machine/include/arm/arch-arm64.inc5
-rw-r--r--poky/meta/conf/machine/qemuarm.conf4
-rw-r--r--poky/meta/lib/oe/cve_check.py25
-rw-r--r--poky/meta/lib/oe/package_manager/rpm/rootfs.py2
-rw-r--r--poky/meta/lib/oe/rootfs.py20
-rw-r--r--poky/meta/lib/oeqa/core/target/qemu.py5
-rw-r--r--poky/meta/lib/oeqa/runtime/cases/ltp.py17
-rw-r--r--poky/meta/lib/oeqa/runtime/cases/rpm.py4
-rw-r--r--poky/meta/lib/oeqa/runtime/context.py11
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/bblayers.py3
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/cve_check.py26
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/devtool.py32
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/distrodata.py2
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/fitimage.py2
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/glibc.py2
-rw-r--r--poky/meta/lib/oeqa/selftest/cases/rust.py90
-rw-r--r--poky/meta/lib/oeqa/targetcontrol.py2
-rw-r--r--poky/meta/lib/oeqa/utils/dump.py20
-rw-r--r--poky/meta/lib/oeqa/utils/logparser.py62
-rw-r--r--poky/meta/lib/oeqa/utils/qemurunner.py18
-rw-r--r--poky/meta/recipes-bsp/grub/grub2.inc6
-rw-r--r--poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch40
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot-common.inc4
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb6
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb2
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb (renamed from poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb)0
-rw-r--r--poky/meta/recipes-connectivity/avahi/avahi_0.8.bb3
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9 (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service)0
-rw-r--r--poky/meta/recipes-connectivity/bind/bind_9.18.16.bb (renamed from poky/meta/recipes-connectivity/bind/bind_9.18.15.bb)6
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5.inc1
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch39
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb (renamed from poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb)6
-rw-r--r--poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb (renamed from poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb)4
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb9
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb7
-rw-r--r--poky/meta/recipes-core/coreutils/coreutils_9.3.bb4
-rw-r--r--poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb (renamed from poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb)2
-rw-r--r--poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb (renamed from poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb)2
-rw-r--r--poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb1
-rw-r--r--poky/meta/recipes-core/glibc/glibc_2.37.bb17
-rw-r--r--poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb5
-rw-r--r--poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb8
-rw-r--r--poky/meta/recipes-core/images/core-image-ptest.bb2
-rw-r--r--poky/meta/recipes-core/kbd/kbd_2.6.0.bb (renamed from poky/meta/recipes-core/kbd/kbd_2.5.1.bb)2
-rw-r--r--poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb (renamed from poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb)0
-rw-r--r--poky/meta/recipes-core/libxcrypt/libxcrypt.inc8
-rw-r--r--poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb (renamed from poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb)0
-rw-r--r--poky/meta/recipes-core/libxml/libxml2/fix-tests.patch222
-rw-r--r--poky/meta/recipes-core/libxml/libxml2/install-tests.patch17
-rw-r--r--poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch28
-rw-r--r--poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch212
-rw-r--r--poky/meta/recipes-core/libxml/libxml2_2.11.4.bb (renamed from poky/meta/recipes-core/libxml/libxml2_2.10.4.bb)9
-rw-r--r--poky/meta/recipes-core/meta/cve-update-db-native.bb288
-rw-r--r--poky/meta/recipes-core/meta/cve-update-nvd2-native.bb66
-rw-r--r--poky/meta/recipes-core/musl/musl_git.bb2
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch8
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch48
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch (renamed from poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch)22
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch (renamed from poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch)42
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf_git.bb8
-rwxr-xr-xpoky/meta/recipes-core/systemd/systemd-systemctl/systemctl2
-rw-r--r--poky/meta/recipes-core/systemd/systemd_253.3.bb3
-rw-r--r--poky/meta/recipes-core/udev/eudev_3.2.12.bb5
-rw-r--r--poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb2
-rw-r--r--poky/meta/recipes-devtools/automake/automake/buildtest.patch2
-rw-r--r--poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb (renamed from poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb)4
-rw-r--r--poky/meta/recipes-devtools/cmake/cmake.inc4
-rw-r--r--poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb3
-rw-r--r--poky/meta/recipes-devtools/flex/flex_2.6.4.bb6
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-13.1.inc3
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-configure-common.inc1
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-testsuite.inc5
-rw-r--r--poky/meta/recipes-devtools/git/git_2.39.3.bb7
-rw-r--r--poky/meta/recipes-devtools/go/go-1.20.6.inc (renamed from poky/meta/recipes-devtools/go/go-1.20.5.inc)2
-rw-r--r--poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb)6
-rw-r--r--poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/go/go-cross_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-cross_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/go/go-native_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-native_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/go/go_1.20.6.bb (renamed from poky/meta/recipes-devtools/go/go_1.20.5.bb)0
-rw-r--r--poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb5
-rw-r--r--poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch26
-rw-r--r--poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch61
-rw-r--r--poky/meta/recipes-devtools/lua/lua_5.4.6.bb (renamed from poky/meta/recipes-devtools/lua/lua_5.4.4.bb)6
-rw-r--r--poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb3
-rw-r--r--poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb (renamed from poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch51
-rw-r--r--poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch34
-rw-r--r--poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb (renamed from poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb)6
-rw-r--r--poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch217
-rw-r--r--poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch36
-rw-r--r--poky/meta/recipes-devtools/perl/perl_5.36.1.bb2
-rw-r--r--poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb2
-rw-r--r--poky/meta/recipes-devtools/python/python-cython.inc2
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography-crates.inc182
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb (renamed from poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch52
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch25
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch28
-rw-r--r--poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb (renamed from poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb)20
-rw-r--r--poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb (renamed from poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb)0
-rw-r--r--poky/meta/recipes-devtools/python/python3-editables_0.4.bb (renamed from poky/meta/recipes-devtools/python/python3-editables_0.3.bb)6
-rw-r--r--poky/meta/recipes-devtools/python/python3-git_3.1.32.bb (renamed from poky/meta/recipes-devtools/python/python3-git_3.1.31.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb (renamed from poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb (renamed from poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb (renamed from poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb (renamed from poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch62
-rw-r--r--poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb (renamed from poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb (renamed from poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb (renamed from poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb (renamed from poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-pip_23.2.bb (renamed from poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb)6
-rw-r--r--poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb (renamed from poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb (renamed from poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb (renamed from poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb (renamed from poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb (renamed from poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb (renamed from poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb (renamed from poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch12
-rw-r--r--poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb (renamed from poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb (renamed from poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb (renamed from poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb)2
-rw-r--r--poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb (renamed from poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb (renamed from poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb (renamed from poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb)4
-rw-r--r--poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch2
-rw-r--r--poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch12
-rw-r--r--poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch2
-rw-r--r--poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch2
-rw-r--r--poky/meta/recipes-devtools/python/python3/get_module_deps3.py2
-rw-r--r--poky/meta/recipes-devtools/python/python3/makerace.patch8
-rw-r--r--poky/meta/recipes-devtools/python/python3/run-ptest2
-rw-r--r--poky/meta/recipes-devtools/python/python3_3.11.4.bb (renamed from poky/meta/recipes-devtools/python/python3_3.11.3.bb)26
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb (renamed from poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb)0
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb (renamed from poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb)0
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu.inc20
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/ppc.patch148
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb (renamed from poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb)0
-rw-r--r--poky/meta/recipes-devtools/repo/repo_2.35.bb (renamed from poky/meta/recipes-devtools/repo/repo_2.34.1.bb)2
-rw-r--r--poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch51
-rw-r--r--poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb1
-rw-r--r--poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb3
-rw-r--r--poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch2324
-rw-r--r--poky/meta/recipes-devtools/rust/rust-source.inc6
-rw-r--r--poky/meta/recipes-devtools/rust/rust_1.70.0.bb6
-rw-r--r--poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch303
-rw-r--r--poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch50
-rw-r--r--poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch50
-rw-r--r--poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch37
-rw-r--r--poky/meta/recipes-devtools/strace/strace_6.3.bb4
-rw-r--r--poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb4
-rw-r--r--poky/meta/recipes-extended/acpica/acpica_20230628.bb (renamed from poky/meta/recipes-extended/acpica/acpica_20230331.bb)2
-rw-r--r--poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb2
-rw-r--r--poky/meta/recipes-extended/cpio/cpio_2.14.bb5
-rw-r--r--poky/meta/recipes-extended/cups/cups.inc18
-rw-r--r--poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch36
-rw-r--r--poky/meta/recipes-extended/cups/cups_2.4.6.bb (renamed from poky/meta/recipes-extended/cups/cups_2.4.2.bb)2
-rw-r--r--poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch19
-rw-r--r--poky/meta/recipes-extended/diffutils/diffutils_3.10.bb (renamed from poky/meta/recipes-extended/diffutils/diffutils_3.9.bb)2
-rw-r--r--poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb (renamed from poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb)5
-rw-r--r--poky/meta/recipes-extended/iputils/iputils_20221126.bb5
-rw-r--r--poky/meta/recipes-extended/libnss-nis/libnss-nis.bb4
-rw-r--r--poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb3
-rw-r--r--poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb5
-rw-r--r--poky/meta/recipes-extended/ltp/ltp_20230516.bb1
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch148
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch56
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch91
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch42
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch128
-rw-r--r--poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch454
-rw-r--r--poky/meta/recipes-extended/mdadm/files/run-ptest2
-rw-r--r--poky/meta/recipes-extended/mdadm/mdadm_4.2.bb9
-rw-r--r--poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb (renamed from poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb)2
-rw-r--r--poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch39
-rw-r--r--poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch108
-rw-r--r--poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch65
-rw-r--r--poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch205
-rw-r--r--poky/meta/recipes-extended/pam/libpam_1.5.3.bb (renamed from poky/meta/recipes-extended/pam/libpam_1.5.2.bb)6
-rw-r--r--poky/meta/recipes-extended/procps/procps_4.0.3.bb4
-rw-r--r--poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot1
-rw-r--r--poky/meta/recipes-extended/shadow/files/pam.d/login4
-rw-r--r--poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb2
-rw-r--r--poky/meta/recipes-extended/shadow/shadow.inc3
-rw-r--r--poky/meta/recipes-extended/shadow/shadow_4.13.bb7
-rw-r--r--poky/meta/recipes-extended/unzip/unzip_6.0.bb3
-rw-r--r--poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb2
-rw-r--r--poky/meta/recipes-extended/zip/zip_3.0.bb7
-rw-r--r--poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb3
-rw-r--r--poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb2
-rw-r--r--poky/meta/recipes-gnome/librsvg/librsvg-crates.inc374
-rw-r--r--poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch42
-rw-r--r--poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb (renamed from poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb)6
-rw-r--r--poky/meta/recipes-graphics/builder/builder_0.1.bb3
-rw-r--r--poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb (renamed from poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb)2
-rw-r--r--poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb (renamed from poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb)2
-rw-r--r--poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch32
-rw-r--r--poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb (renamed from poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb)14
-rw-r--r--poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb (renamed from poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb)2
-rw-r--r--poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb (renamed from poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb)0
-rw-r--r--poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb (renamed from poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb)4
-rw-r--r--poky/meta/recipes-graphics/libva/libva.inc2
-rw-r--r--poky/meta/recipes-graphics/libva/libva_2.19.0.bb (renamed from poky/meta/recipes-graphics/libva/libva_2.18.0.bb)0
-rw-r--r--poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch34
-rw-r--r--poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb (renamed from poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb)0
-rw-r--r--poky/meta/recipes-graphics/mesa/mesa.inc3
-rw-r--r--poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb (renamed from poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb)0
-rw-r--r--poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch28
-rw-r--r--poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb (renamed from poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb)6
-rw-r--r--poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb (renamed from poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb)2
-rw-r--r--poky/meta/recipes-graphics/wayland/weston_12.0.1.bb (renamed from poky/meta/recipes-graphics/wayland/weston_11.0.1.bb)17
-rw-r--r--poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb2
-rw-r--r--poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb (renamed from poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb)3
-rw-r--r--poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb21
-rw-r--r--poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb (renamed from poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb)2
-rw-r--r--poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb10
-rw-r--r--poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb (renamed from poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb)2
-rw-r--r--poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb (renamed from poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb)9
-rw-r--r--poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb (renamed from poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb)4
-rw-r--r--poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc19
-rw-r--r--poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb (renamed from poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb)2
-rw-r--r--poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb (renamed from poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb)2
-rw-r--r--poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb (renamed from poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb)4
-rw-r--r--poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch42
-rw-r--r--poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb (renamed from poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb)3
-rw-r--r--poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc581
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb48
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb33
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto.inc2
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb28
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb71
-rw-r--r--poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb (renamed from poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb)2
-rw-r--r--poky/meta/recipes-kernel/perf/perf.bb2
-rw-r--r--poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb2
-rw-r--r--poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch35
-rw-r--r--poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb3
-rw-r--r--poky/meta/recipes-multimedia/flac/flac_1.4.3.bb (renamed from poky/meta/recipes-multimedia/flac/flac_1.4.2.bb)11
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb)8
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb)2
-rw-r--r--poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb (renamed from poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb)7
-rw-r--r--poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch29
-rw-r--r--poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch39
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb (renamed from poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb)16
-rw-r--r--poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch55
-rw-r--r--poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb (renamed from poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb)6
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch28
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch42
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch41
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch37
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch33
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch30
-rw-r--r--poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb (renamed from poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb)19
-rw-r--r--poky/meta/recipes-support/debianutils/debianutils_5.8.bb (renamed from poky/meta/recipes-support/debianutils/debianutils_5.7.bb)4
-rw-r--r--poky/meta/recipes-support/diffoscope/diffoscope_244.bb (renamed from poky/meta/recipes-support/diffoscope/diffoscope_242.bb)17
-rw-r--r--poky/meta/recipes-support/icu/icu_73-2.bb (renamed from poky/meta/recipes-support/icu/icu_72-1.bb)6
-rw-r--r--poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb (renamed from poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb)2
-rw-r--r--poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb4
-rw-r--r--poky/meta/recipes-support/libksba/libksba_1.6.4.bb (renamed from poky/meta/recipes-support/libksba/libksba_1.6.3.bb)2
-rw-r--r--poky/meta/recipes-support/libmd/libmd_1.1.0.bb (renamed from poky/meta/recipes-support/libmd/libmd_1.0.4.bb)2
-rw-r--r--poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb38
-rw-r--r--poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb28
-rw-r--r--poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch23
-rw-r--r--poky/meta/recipes-support/libssh2/libssh2/run-ptest2
-rw-r--r--poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb (renamed from poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb)15
-rw-r--r--poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb4
-rw-r--r--poky/meta/recipes-support/lz4/lz4_1.9.4.bb3
-rw-r--r--poky/meta/recipes-support/nettle/nettle_3.9.1.bb (renamed from poky/meta/recipes-support/nettle/nettle_3.9.bb)2
-rw-r--r--poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb (renamed from poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb)2
-rw-r--r--poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb (renamed from poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb)2
-rw-r--r--poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb2
-rw-r--r--poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb14
-rw-r--r--poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb8
-rw-r--r--poky/meta/recipes-support/taglib/taglib_1.13.1.bb (renamed from poky/meta/recipes-support/taglib/taglib_1.13.bb)2
-rw-r--r--poky/meta/recipes-support/vte/vte_0.72.2.bb (renamed from poky/meta/recipes-support/vte/vte_0.72.1.bb)2
-rw-r--r--poky/scripts/lib/recipetool/create.py4
-rw-r--r--poky/scripts/lib/recipetool/create_npm.py43
-rw-r--r--poky/scripts/lib/resulttool/resultutils.py6
-rwxr-xr-xpoky/scripts/oe-setup-builddir14
-rw-r--r--poky/scripts/pybootchartgui/pybootchartgui/draw.py15
-rwxr-xr-xpoky/scripts/runqemu8
-rwxr-xr-xpoky/scripts/runqemu-ifdown21
-rwxr-xr-xpoky/scripts/runqemu-ifup2
346 files changed, 6713 insertions, 3916 deletions
diff --git a/poky/bitbake/README b/poky/bitbake/README
index a5f5c1b64f..78610e65f1 100644
--- a/poky/bitbake/README
+++ b/poky/bitbake/README
@@ -45,8 +45,7 @@ it has so many corner cases. The datastore has many tests too. Testing with the
recommended before submitting patches, particularly to the fetcher and datastore. We also
appreciate new test cases and may require them for more obscure issues.
-To run the tests "zstd" and "git" must be installed. Git must be correctly configured, in
-particular the user.email and user.name values must be set.
+To run the tests "zstd" and "git" must be installed.
The assumption is made that this testsuite is run from an initialized OpenEmbedded build
environment (i.e. `source oe-init-build-env` is used). If this is not the case, run the
@@ -54,3 +53,8 @@ testsuite as follows:
export PATH=$(pwd)/bin:$PATH
bin/bitbake-selftest
+
+The testsuite can alternatively be executed using pytest, e.g. obtained from PyPI (in this
+case, the PATH is configured automatically):
+
+ pytest
diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py
index 0a21f1c2f8..11c9fa2c40 100644
--- a/poky/bitbake/lib/bb/cooker.py
+++ b/poky/bitbake/lib/bb/cooker.py
@@ -1666,6 +1666,7 @@ class BBCooker:
self.updateCacheSync()
if self.state != state.parsing and not self.parsecache_valid:
+ bb.server.process.serverlog("Parsing started")
self.setupParserWatcher()
bb.parse.siggen.reset(self.data)
diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py
index e6d0598f5d..f83485ad85 100644
--- a/poky/bitbake/lib/bb/fetch2/npm.py
+++ b/poky/bitbake/lib/bb/fetch2/npm.py
@@ -44,9 +44,12 @@ def npm_package(package):
"""Convert the npm package name to remove unsupported character"""
# Scoped package names (with the @) use the same naming convention
# as the 'npm pack' command.
- if package.startswith("@"):
- return re.sub("/", "-", package[1:])
- return package
+ name = re.sub("/", "-", package)
+ name = name.lower()
+ name = re.sub(r"[^\-a-z0-9]", "", name)
+ name = name.strip("-")
+ return name
+
def npm_filename(package, version):
"""Get the filename of a npm package"""
diff --git a/poky/bitbake/lib/bb/fetch2/npmsw.py b/poky/bitbake/lib/bb/fetch2/npmsw.py
index cc81100b3a..971ccc9050 100644
--- a/poky/bitbake/lib/bb/fetch2/npmsw.py
+++ b/poky/bitbake/lib/bb/fetch2/npmsw.py
@@ -41,8 +41,9 @@ def foreach_dependencies(shrinkwrap, callback=None, dev=False):
with:
name = the package name (string)
params = the package parameters (dictionary)
- deptree = the package dependency tree (array of strings)
+ destdir = the destination of the package (string)
"""
+ # For handling old style dependencies entries in shinkwrap files
def _walk_deps(deps, deptree):
for name in deps:
subtree = [*deptree, name]
@@ -52,9 +53,22 @@ def foreach_dependencies(shrinkwrap, callback=None, dev=False):
continue
elif deps[name].get("bundled", False):
continue
- callback(name, deps[name], subtree)
-
- _walk_deps(shrinkwrap.get("dependencies", {}), [])
+ destsubdirs = [os.path.join("node_modules", dep) for dep in subtree]
+ destsuffix = os.path.join(*destsubdirs)
+ callback(name, deps[name], destsuffix)
+
+ # packages entry means new style shrinkwrap file, else use dependencies
+ packages = shrinkwrap.get("packages", None)
+ if packages is not None:
+ for package in packages:
+ if package != "":
+ name = package.split('node_modules/')[-1]
+ package_infos = packages.get(package, {})
+ if dev == False and package_infos.get("dev", False):
+ continue
+ callback(name, package_infos, package)
+ else:
+ _walk_deps(shrinkwrap.get("dependencies", {}), [])
class NpmShrinkWrap(FetchMethod):
"""Class to fetch all package from a shrinkwrap file"""
@@ -75,12 +89,10 @@ class NpmShrinkWrap(FetchMethod):
# Resolve the dependencies
ud.deps = []
- def _resolve_dependency(name, params, deptree):
+ def _resolve_dependency(name, params, destsuffix):
url = None
localpath = None
extrapaths = []
- destsubdirs = [os.path.join("node_modules", dep) for dep in deptree]
- destsuffix = os.path.join(*destsubdirs)
unpack = True
integrity = params.get("integrity", None)
diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py
index 0bb3bc20ab..48788f4aa6 100644
--- a/poky/bitbake/lib/bb/runqueue.py
+++ b/poky/bitbake/lib/bb/runqueue.py
@@ -212,6 +212,10 @@ class RunQueueScheduler(object):
exceeds_cpu_pressure = self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
exceeds_io_pressure = self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
+ pressure_state = (exceeds_cpu_pressure, exceeds_io_pressure, exceeds_memory_pressure)
+ if hasattr(self, "pressure_state") and pressure_state != self.pressure_state:
+ bb.note("Pressure status changed to CPU: %s, IO: %s, Mem: %s" % pressure_state)
+ self.pressure_state = pressure_state
return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure)
return False
@@ -1991,11 +1995,19 @@ class RunQueueExecute:
self.setbuildable(revdep)
logger.debug("Marking task %s as buildable", revdep)
- for t in self.sq_deferred.copy():
+ found = None
+ for t in sorted(self.sq_deferred.copy()):
if self.sq_deferred[t] == task:
- logger.debug2("Deferred task %s now buildable" % t)
- del self.sq_deferred[t]
- update_scenequeue_data([t], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
+ # Allow the next deferred task to run. Any other deferred tasks should be deferred after that task.
+ # We shouldn't allow all to run at once as it is prone to races.
+ if not found:
+ bb.debug(1, "Deferred task %s now buildable" % t)
+ del self.sq_deferred[t]
+ update_scenequeue_data([t], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
+ found = t
+ else:
+ bb.debug(1, "Deferring %s after %s" % (t, found))
+ self.sq_deferred[t] = found
def task_complete(self, task):
self.stats.taskCompleted()
@@ -2932,7 +2944,7 @@ def build_scenequeue_data(sqdata, rqdata, rq, cooker, stampcache, sqrq):
sqdata.hashes[h] = tid
else:
sqrq.sq_deferred[tid] = sqdata.hashes[h]
- bb.note("Deferring %s after %s" % (tid, sqdata.hashes[h]))
+ bb.debug(1, "Deferring %s after %s" % (tid, sqdata.hashes[h]))
update_scenequeue_data(sqdata.sq_revdeps, sqdata, rqdata, rq, cooker, stampcache, sqrq, summary=True)
diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py
index 7616ef53c8..4d4fa6d1be 100644
--- a/poky/bitbake/lib/bb/server/process.py
+++ b/poky/bitbake/lib/bb/server/process.py
@@ -502,7 +502,7 @@ class ServerCommunicator():
def runCommand(self, command):
self.connection.send(command)
if not self.recv.poll(30):
- logger.info("No reply from server in 30s")
+ logger.info("No reply from server in 30s (for command %s)" % command[0])
if not self.recv.poll(30):
raise ProcessTimeout("Timeout while waiting for a reply from the bitbake server (60s)")
ret, exc = self.recv.get()
diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py
index d230120271..20593764fd 100644
--- a/poky/bitbake/lib/bb/tests/fetch.py
+++ b/poky/bitbake/lib/bb/tests/fetch.py
@@ -24,7 +24,8 @@ def skipIfNoNetwork():
return lambda f: f
class TestTimeout(Exception):
- pass
+ # Indicate to pytest that this is not a test suite
+ __test__ = False
class Timeout():
@@ -428,9 +429,15 @@ class FetcherTest(unittest.TestCase):
# a common setup is to use other default
# branch than master.
self.git(['checkout', '-b', 'master'], cwd=cwd)
- if not self.git(['config', 'user.email'], cwd=cwd):
+
+ try:
+ self.git(['config', 'user.email'], cwd=cwd)
+ except bb.process.ExecutionError:
self.git(['config', 'user.email', 'you@example.com'], cwd=cwd)
- if not self.git(['config', 'user.name'], cwd=cwd):
+
+ try:
+ self.git(['config', 'user.name'], cwd=cwd)
+ except bb.process.ExecutionError:
self.git(['config', 'user.name', 'Your Name'], cwd=cwd)
class MirrorUriTest(FetcherTest):
@@ -2485,7 +2492,7 @@ class CrateTest(FetcherTest):
uris = self.d.getVar('SRC_URI').split()
fetcher = bb.fetch2.Fetch(uris, self.d)
- with self.assertRaisesRegexp(bb.fetch2.FetchError, "Fetcher failure for URL"):
+ with self.assertRaisesRegex(bb.fetch2.FetchError, "Fetcher failure for URL"):
fetcher.download()
class NPMTest(FetcherTest):
@@ -3037,7 +3044,7 @@ class FetchPremirroronlyLocalTest(FetcherTest):
self.mirrorname = "git2_git.fake.repo.bitbake.tar.gz"
recipeurl = "git:/git.fake.repo/bitbake"
os.makedirs(self.gitdir)
- self.git("init", self.gitdir)
+ self.git_init(cwd=self.gitdir)
for i in range(0):
self.git_new_commit()
bb.process.run('tar -czvf {} .'.format(os.path.join(self.mirrordir, self.mirrorname)), cwd = self.gitdir)
@@ -3176,7 +3183,7 @@ class FetchPremirroronlyBrokenTarball(FetcherTest):
import sys
self.d.setVar("SRCREV", "0"*40)
fetcher = bb.fetch.Fetch([self.recipe_url], self.d)
- with self.assertRaises(bb.fetch2.FetchError):
+ with self.assertRaises(bb.fetch2.FetchError), self.assertLogs() as logs:
fetcher.download()
- stdout = sys.stdout.getvalue()
- self.assertFalse(" not a git repository (or any parent up to mount point /)" in stdout)
+ output = "".join(logs.output)
+ self.assertFalse(" not a git repository (or any parent up to mount point /)" in output)
diff --git a/poky/bitbake/lib/bb/tests/parse.py b/poky/bitbake/lib/bb/tests/parse.py
index a3165d95bd..304bbbe222 100644
--- a/poky/bitbake/lib/bb/tests/parse.py
+++ b/poky/bitbake/lib/bb/tests/parse.py
@@ -186,14 +186,16 @@ deltask ${EMPTYVAR}
"""
def test_parse_addtask_deltask(self):
import sys
- f = self.parsehelper(self.addtask_deltask)
- d = bb.parse.handle(f.name, self.d)['']
- stdout = sys.stdout.getvalue()
- self.assertTrue("addtask contained multiple 'before' keywords" in stdout)
- self.assertTrue("addtask contained multiple 'after' keywords" in stdout)
- self.assertTrue('addtask ignored: " do_patch"' in stdout)
- #self.assertTrue('dependent task do_foo for do_patch does not exist' in stdout)
+ with self.assertLogs() as logs:
+ f = self.parsehelper(self.addtask_deltask)
+ d = bb.parse.handle(f.name, self.d)['']
+
+ output = "".join(logs.output)
+ self.assertTrue("addtask contained multiple 'before' keywords" in output)
+ self.assertTrue("addtask contained multiple 'after' keywords" in output)
+ self.assertTrue('addtask ignored: " do_patch"' in output)
+ #self.assertTrue('dependent task do_foo for do_patch does not exist' in output)
broken_multiline_comment = """
# First line of comment \\
diff --git a/poky/meta-poky/conf/distro/include/gcsections.inc b/poky/meta-poky/conf/distro/include/gcsections.inc
index a1f8651ae9..0e7bd2efff 100644
--- a/poky/meta-poky/conf/distro/include/gcsections.inc
+++ b/poky/meta-poky/conf/distro/include/gcsections.inc
@@ -27,8 +27,10 @@ LDFLAGS_SECTION_REMOVAL:pn-nativesdk-mingw-w64-winpthreads = ""
# set default for target
CFLAGS:append:class-target = " ${CFLAGS_SECTION_REMOVAL}"
+CXXFLAGS:append:class-target = " ${CFLAGS_SECTION_REMOVAL}"
LDFLAGS:append:class-target = " ${LDFLAGS_SECTION_REMOVAL}"
# set default for nativesdk
CFLAGS:append:class-nativesdk = " ${CFLAGS_SECTION_REMOVAL}"
+CXXFLAGS:append:class-nativesdk = " ${CFLAGS_SECTION_REMOVAL}"
LDFLAGS:append:class-nativesdk = " ${LDFLAGS_SECTION_REMOVAL}"
diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf
index d137527624..c72df162d0 100644
--- a/poky/meta-poky/conf/distro/poky.conf
+++ b/poky/meta-poky/conf/distro/poky.conf
@@ -41,6 +41,7 @@ SANITY_TESTED_DISTROS ?= " \
fedora-36 \n \
fedora-37 \n \
debian-11 \n \
+ debian-12 \n \
opensuseleap-15.3 \n \
opensuseleap-15.4 \n \
almalinux-8.7 \n \
diff --git a/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb b/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
index daf2834958..d7785cee2e 100644
--- a/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
+++ b/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
@@ -7,15 +7,19 @@ MCIMGTYPE:virtclass-mcextend-musl = "ext4"
MCIMGTYPE:virtclass-mcextend-tiny = "cpio.gz"
MC_DEPLOY_DIR_IMAGE = "${TOPDIR}/tmp-mc-${MCNAME}/deploy/images/${MCMACHINE}"
+MC_DEPLOY_IMAGE_BASENAME = "core-image-minimal"
do_install[mcdepends] += "mc::${MCNAME}:core-image-minimal:do_image_complete mc::${MCNAME}:virtual/kernel:do_deploy"
do_install () {
install -d ${D}/var/lib/machines/${MCNAME}
- install ${MC_DEPLOY_DIR_IMAGE}/core-image-minimal-${MCMACHINE}.${MCIMGTYPE} ${D}/var/lib/machines/${MCNAME}/core-image-minimal.${MCIMGTYPE}
+ install ${MC_DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME_CORE_IMAGE_MINIMAL}.${MCIMGTYPE} ${D}/var/lib/machines/${MCNAME}/${MC_DEPLOY_IMAGE_BASENAME}.${MCIMGTYPE}
install ${MC_DEPLOY_DIR_IMAGE}/bzImage ${D}/var/lib/machines/${MCNAME}
}
+# for IMAGE_LINK_NAME, IMAGE_BASENAME
+inherit image-artifact-names
+
python () {
mcname = d.getVar('MCNAME')
if not mcname:
@@ -23,6 +27,18 @@ python () {
multiconfigs = d.getVar('BBMULTICONFIG') or ""
if mcname not in multiconfigs:
raise bb.parse.SkipRecipe("multiconfig target %s not enabled" % mcname)
+
+ # these will most likely start with my BPN multiconfig-image-packager, but I want them from core-image-minimal
+ # as there is no good way to query core-image-minimal's context lets assume that there are no overrides
+ # and that we can just replace IMAGE_BASENAME
+ image_link_name = d.getVar('IMAGE_LINK_NAME')
+ image_basename = d.getVar('IMAGE_BASENAME')
+ machine = d.getVar('MACHINE')
+ mcmachine = d.getVar('MCMACHINE')
+ image_to_deploy = d.getVar('MC_DEPLOY_IMAGE_BASENAME')
+ image_link_name_to_deploy = image_link_name.replace(image_basename, image_to_deploy).replace(machine, mcmachine)
+ bb.warn('%s: assuming that "%s" built for "%s" has IMAGE_LINK_NAME "%s"' % (d.getVar('PN'), mcmachine, image_to_deploy, image_link_name_to_deploy))
+ d.setVar('IMAGE_LINK_NAME_CORE_IMAGE_MINIMAL', image_link_name_to_deploy)
}
BBCLASSEXTEND = "mcextend:tiny mcextend:musl"
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass
index a4dbc9a123..114781c780 100644
--- a/poky/meta/classes-global/insane.bbclass
+++ b/poky/meta/classes-global/insane.bbclass
@@ -34,6 +34,7 @@ WARN_QA ?= " libdir xorg-driver-abi buildpaths \
missing-update-alternatives native-last missing-ptest \
license-exists license-no-generic license-syntax license-format \
license-incompatible license-file-missing obsolete-license \
+ 32bit-time \
"
ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
@@ -513,6 +514,11 @@ def check_32bit_symbols(path, packagename, d, elf, messages):
"""
Check that ELF files do not use any 32 bit time APIs from glibc.
"""
+ thirtytwo_bit_time_archs = set(('arm','armeb','mipsarcho32','powerpc','x86'))
+ overrides = set(d.getVar('OVERRIDES').split(':'))
+ if not(thirtytwo_bit_time_archs & overrides):
+ return
+
import re
# This list is manually constructed by searching the image folder of the
# glibc recipe for __USE_TIME_BITS64. There is no good way to do this
diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass
index 7a8cc1e751..3ef0bbbb44 100644
--- a/poky/meta/classes-recipe/cargo.bbclass
+++ b/poky/meta/classes-recipe/cargo.bbclass
@@ -55,7 +55,6 @@ oe_cargo_build () {
do_compile[progress] = "outof:\s+(\d+)/(\d+)"
cargo_do_compile () {
- oe_cargo_fix_env
oe_cargo_build
}
diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass
index 82ab25b59c..db54826ddb 100644
--- a/poky/meta/classes-recipe/cargo_common.bbclass
+++ b/poky/meta/classes-recipe/cargo_common.bbclass
@@ -149,6 +149,10 @@ python cargo_common_do_patch_paths() {
}
do_configure[postfuncs] += "cargo_common_do_patch_paths"
+do_compile:prepend () {
+ oe_cargo_fix_env
+}
+
oe_cargo_fix_env () {
export CC="${RUST_TARGET_CC}"
export CXX="${RUST_TARGET_CXX}"
@@ -170,3 +174,15 @@ oe_cargo_fix_env () {
EXTRA_OECARGO_PATHS ??= ""
EXPORT_FUNCTIONS do_configure
+
+# The culprit for this setting is the libc crate,
+# which as of Jun 2023 calls directly into 32 bit time functions in glibc,
+# bypassing all of glibc provisions to choose the right Y2038-safe functions. As
+# rust components statically link with that crate, pretty much everything
+# is affected, and so there's no point trying to have recipe-specific
+# INSANE_SKIP entries.
+#
+# Upstream ticket and PR:
+# https://github.com/rust-lang/libc/issues/3223
+# https://github.com/rust-lang/libc/pull/3175
+INSANE_SKIP:append = " 32bit-time"
diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass
index d87d8204e4..d83c636e48 100644
--- a/poky/meta/classes-recipe/cml1.bbclass
+++ b/poky/meta/classes-recipe/cml1.bbclass
@@ -109,3 +109,9 @@ python do_diffconfig() {
do_diffconfig[nostamp] = "1"
do_diffconfig[dirs] = "${KCONFIG_CONFIG_ROOTDIR}"
addtask diffconfig
+
+do_showconfig() {
+ bbplain "Config file written to ${KCONFIG_CONFIG_ROOTDIR}/.config"
+}
+do_showconfig[nostamp] = "1"
+addtask showconfig after do_configure
diff --git a/poky/meta/classes-recipe/image-artifact-names.bbclass b/poky/meta/classes-recipe/image-artifact-names.bbclass
index ac2376d59a..bc76ff0e16 100644
--- a/poky/meta/classes-recipe/image-artifact-names.bbclass
+++ b/poky/meta/classes-recipe/image-artifact-names.bbclass
@@ -12,9 +12,10 @@ IMAGE_BASENAME ?= "${PN}"
IMAGE_VERSION_SUFFIX ?= "-${DATETIME}"
IMAGE_VERSION_SUFFIX[vardepsexclude] += "DATETIME SOURCE_DATE_EPOCH"
IMAGE_NAME ?= "${IMAGE_LINK_NAME}${IMAGE_VERSION_SUFFIX}"
-IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}"
+IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_NAME_SUFFIX}"
# This needs to stay in sync with IMAGE_LINK_NAME, but with INITRAMFS_IMAGE instead of IMAGE_BASENAME
+# and without ${IMAGE_NAME_SUFFIX} which all initramfs images should set to empty
INITRAMFS_IMAGE_NAME ?= "${@['${INITRAMFS_IMAGE}${IMAGE_MACHINE_SUFFIX}', ''][d.getVar('INITRAMFS_IMAGE') == '']}"
# The default DEPLOY_DIR_IMAGE is ${MACHINE} directory:
diff --git a/poky/meta/classes-recipe/image-live.bbclass b/poky/meta/classes-recipe/image-live.bbclass
index 168774a464..95dd44a8c0 100644
--- a/poky/meta/classes-recipe/image-live.bbclass
+++ b/poky/meta/classes-recipe/image-live.bbclass
@@ -260,6 +260,5 @@ python do_bootimg() {
bb.build.exec_func('create_symlinks', d)
}
do_bootimg[subimages] = "hddimg iso"
-do_bootimg[imgsuffix] = "."
addtask bootimg before do_image_complete after do_rootfs
diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass
index e0dfba4a42..21b220a28d 100644
--- a/poky/meta/classes-recipe/image.bbclass
+++ b/poky/meta/classes-recipe/image.bbclass
@@ -480,14 +480,14 @@ python () {
if subimage not in subimages:
subimages.append(subimage)
if type not in alltypes:
- rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"))
+ rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}"))
for bt in basetypes[t]:
gen_conversion_cmds(bt)
localdata.setVar('type', realt)
if t not in alltypes:
- rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"))
+ rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}"))
else:
subimages.append(realt)
@@ -594,13 +594,12 @@ python create_symlinks() {
manifest_name = d.getVar('IMAGE_MANIFEST')
taskname = d.getVar("BB_CURRENTTASK")
subimages = (d.getVarFlag("do_" + taskname, 'subimages', False) or "").split()
- imgsuffix = d.getVarFlag("do_" + taskname, 'imgsuffix') or d.expand("${IMAGE_NAME_SUFFIX}.")
if not link_name:
return
for type in subimages:
dst = os.path.join(deploy_dir, link_name + "." + type)
- src = img_name + imgsuffix + type
+ src = img_name + "." + type
if os.path.exists(os.path.join(deploy_dir, src)):
bb.note("Creating symlink: %s -> %s" % (dst, src))
if os.path.islink(dst):
diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass
index 023eb87537..fdee835e7c 100644
--- a/poky/meta/classes-recipe/image_types.bbclass
+++ b/poky/meta/classes-recipe/image_types.bbclass
@@ -66,9 +66,9 @@ ZIP_COMPRESSION_LEVEL ?= "-9"
ZSTD_COMPRESSION_LEVEL ?= "-3"
JFFS2_SUM_EXTRA_ARGS ?= ""
-IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.jffs2 ${EXTRA_IMAGECMD}"
+IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}.jffs2 ${EXTRA_IMAGECMD}"
-IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cramfs ${EXTRA_IMAGECMD}"
+IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.cramfs ${EXTRA_IMAGECMD}"
oe_mkext234fs () {
fstype=$1
@@ -88,14 +88,14 @@ oe_mkext234fs () {
eval COUNT=\"$MIN_COUNT\"
fi
# Create a sparse image block
- bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024"
- dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024
+ bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024"
+ dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024
bbdebug 1 "Actual Rootfs size: `du -s ${IMAGE_ROOTFS}`"
- bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype`"
- bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS}"
- mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS}
+ bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype`"
+ bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS}"
+ mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS}
# Error codes 0-3 indicate successfull operation of fsck (no errors or errors corrected)
- fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype || [ $? -le 3 ]
+ fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype || [ $? -le 3 ]
}
IMAGE_CMD:ext2 = "oe_mkext234fs ext2 ${EXTRA_IMAGECMD}"
@@ -109,8 +109,8 @@ IMAGE_CMD:btrfs () {
size=${MIN_BTRFS_SIZE}
bbwarn "Rootfs size is too small for BTRFS. Filesystem will be extended to ${size}K"
fi
- dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs seek=${size} count=0 bs=1024
- mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs
+ dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs seek=${size} count=0 bs=1024
+ mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs
}
oe_mksquashfs () {
@@ -119,7 +119,7 @@ oe_mksquashfs () {
# Use the bitbake reproducible timestamp instead of the hardcoded squashfs one
export SOURCE_DATE_EPOCH=$(stat -c '%Y' ${IMAGE_ROOTFS})
- mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp
+ mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp
}
IMAGE_CMD:squashfs = "oe_mksquashfs"
IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz"
@@ -127,18 +127,18 @@ IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo"
IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4"
IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd zst"
-IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs ${IMAGE_ROOTFS}"
-IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4 ${IMAGE_ROOTFS}"
-IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4hc ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4 ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4hc ${IMAGE_ROOTFS}"
IMAGE_CMD_TAR ?= "tar"
# ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs
-IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
+IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
IMAGE_CMD:cpio () {
- (cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+ (cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio)
# We only need the /init symlink if we're building the real
# image. The -dbg image doesn't need it! By being clever
# about this we also avoid 'touch' below failing, as it
@@ -152,7 +152,7 @@ IMAGE_CMD:cpio () {
else
touch -r ${IMAGE_ROOTFS} ${WORKDIR}/cpio_append/init
fi
- (cd ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+ (cd ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio)
fi
fi
}
@@ -167,7 +167,7 @@ write_ubi_config() {
cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg
[ubifs]
mode=ubi
-image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.${UBI_IMGTYPE}
+image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.${UBI_IMGTYPE}
vol_id=0
vol_type=${UBI_VOLTYPE}
vol_name=${UBI_VOLNAME}
@@ -192,9 +192,9 @@ multiubi_mkfs() {
write_ubi_config "${vname}"
if [ -n "$vname" ]; then
- mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+ mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubifs ${mkubifs_args}
fi
- ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
+ ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
# Cleanup cfg file
mv ubinize${vname}-${IMAGE_NAME}.cfg ${IMGDEPLOYDIR}/
@@ -202,12 +202,12 @@ multiubi_mkfs() {
# Create own symlinks for 'named' volumes
if [ -n "$vname" ]; then
cd ${IMGDEPLOYDIR}
- if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ]; then
- ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs \
+ if [ -e ${IMAGE_NAME}${vname}.ubifs ]; then
+ ln -sf ${IMAGE_NAME}${vname}.ubifs \
${IMAGE_LINK_NAME}${vname}.ubifs
fi
- if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ]; then
- ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi \
+ if [ -e ${IMAGE_NAME}${vname}.ubi ]; then
+ ln -sf ${IMAGE_NAME}${vname}.ubi \
${IMAGE_LINK_NAME}${vname}.ubi
fi
cd -
@@ -232,7 +232,7 @@ IMAGE_CMD:ubi () {
}
IMAGE_TYPEDEP:ubi = "${UBI_IMGTYPE}"
-IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ubifs ${MKUBIFS_ARGS}"
+IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}.ubifs ${MKUBIFS_ARGS}"
MIN_F2FS_SIZE ?= "524288"
IMAGE_CMD:f2fs () {
@@ -246,9 +246,9 @@ IMAGE_CMD:f2fs () {
size=${MIN_F2FS_SIZE}
bbwarn "Rootfs size is too small for F2FS. Filesystem will be extended to ${size}K"
fi
- dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs seek=${size} count=0 bs=1024
- mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs
- sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs
+ dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs seek=${size} count=0 bs=1024
+ mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs
+ sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs
}
EXTRA_IMAGECMD = ""
@@ -314,32 +314,32 @@ IMAGE_TYPES:append:x86-64 = " hddimg iso"
COMPRESSIONTYPES ?= ""
CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip 7zip zst sum md5sum sha1sum sha224sum sha256sum sha384sum sha512sum bmap u-boot vmdk vhd vhdx vdi qcow2 base64 gzsync zsync ${COMPRESSIONTYPES}"
-CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.gz"
-CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.xz"
-CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.lz4"
-CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zip ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zst"
-CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}"
-CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.md5sum"
-CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha1sum"
-CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha224sum"
-CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha256sum"
-CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha384sum"
-CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha512sum"
-CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.bmap"
-CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.u-boot"
-CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vmdk"
-CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhdx"
-CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhd"
-CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vdi"
-CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.qcow2"
-CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.base64"
-CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
+CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz"
+CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz"
+CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4"
+CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst"
+CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}"
+CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.md5sum"
+CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha1sum"
+CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha224sum"
+CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha256sum"
+CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha384sum"
+CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha512sum"
+CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.bmap"
+CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.u-boot"
+CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vmdk"
+CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhdx"
+CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhd"
+CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vdi"
+CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.qcow2"
+CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.base64"
+CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}.${type}"
CONVERSION_DEPENDS_lzma = "xz-native"
CONVERSION_DEPENDS_gz = "pigz-native"
CONVERSION_DEPENDS_bz2 = "pbzip2-native"
diff --git a/poky/meta/classes-recipe/image_types_wic.bbclass b/poky/meta/classes-recipe/image_types_wic.bbclass
index be31fbf94f..669606da75 100644
--- a/poky/meta/classes-recipe/image_types_wic.bbclass
+++ b/poky/meta/classes-recipe/image_types_wic.bbclass
@@ -71,7 +71,7 @@ IMAGE_CMD:wic () {
bbfatal "No kickstart files from WKS_FILES were found: ${WKS_FILES}. Please set WKS_FILE or WKS_FILES appropriately."
fi
BUILDDIR="${TOPDIR}" PSEUDO_UNLOAD=1 wic create "$wks" --vars "${STAGING_DIR}/${MACHINE}/imgdata/" -e "${IMAGE_BASENAME}" -o "$build_wic/" -w "$tmp_wic" ${WIC_CREATE_EXTRA_ARGS}
- mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out${IMAGE_NAME_SUFFIX}.wic"
+ mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out.wic"
}
IMAGE_CMD:wic[vardepsexclude] = "WKS_FULL_PATH WKS_FILES TOPDIR"
do_image_wic[cleandirs] = "${WORKDIR}/build-wic"
diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass
index 6e19dbbba8..df4884b6c4 100644
--- a/poky/meta/classes-recipe/kernel-arch.bbclass
+++ b/poky/meta/classes-recipe/kernel-arch.bbclass
@@ -80,3 +80,10 @@ KERNEL_OBJCOPY = "${CCACHE}${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}"
KERNEL_STRIP = "${CCACHE}${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}"
TOOLCHAIN ?= "gcc"
+# 6.3+ requires the variable LOCALVERSION to be set to not get a "+" in
+# the local version. Having it empty means nothing will be added, and any
+# value will be appended to the local kernel version. This replaces the
+# use of .scmversion file for setting a localversion without using
+# the CONFIG_LOCALVERSION option.
+KERNEL_LOCALVERSION ??= ""
+export LOCALVERSION ?= "${KERNEL_LOCALVERSION}"
diff --git a/poky/meta/classes-recipe/kernel-devicetree.bbclass b/poky/meta/classes-recipe/kernel-devicetree.bbclass
index 1b60c14740..eff052b402 100644
--- a/poky/meta/classes-recipe/kernel-devicetree.bbclass
+++ b/poky/meta/classes-recipe/kernel-devicetree.bbclass
@@ -100,28 +100,36 @@ do_deploy:append() {
if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
dtb=$dtb_base_name.$dtb_ext
fi
- install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
- if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
- ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext
+ install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name.$dtb_ext
+ if [ -n "${KERNEL_DTB_NAME}" ] ; then
+ ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
fi
if [ -n "${KERNEL_DTB_LINK_NAME}" ] ; then
- ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
+ ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
fi
for type in ${KERNEL_IMAGETYPE_FOR_MAKE}; do
if [ "$type" = "zImage" ] && [ "${KERNEL_DEVICETREE_BUNDLE}" = "1" ]; then
cat ${D}/${KERNEL_IMAGEDEST}/$type \
- $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
- > $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ $deployDir/$dtb_base_name.$dtb_ext \
+ > $deployDir/$type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ if [ -n "${KERNEL_DTB_NAME}" ]; then
+ ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+ $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ fi
if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then
- ln -sf $type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+ ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
$deployDir/$type-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
fi
if [ -e "${KERNEL_OUTPUT_DIR}/${type}.initramfs" ]; then
cat ${KERNEL_OUTPUT_DIR}/${type}.initramfs \
- $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
- > $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ $deployDir/$dtb_base_name.$dtb_ext \
+ > $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ if [ -n "${KERNEL_DTB_NAME}" ]; then
+ ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+ $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+ fi
if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then
- ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+ ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
$deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
fi
fi
diff --git a/poky/meta/classes-recipe/kernel-module-split.bbclass b/poky/meta/classes-recipe/kernel-module-split.bbclass
index 50882c31a7..c1208d55e0 100644
--- a/poky/meta/classes-recipe/kernel-module-split.bbclass
+++ b/poky/meta/classes-recipe/kernel-module-split.bbclass
@@ -30,9 +30,8 @@ fi
PACKAGE_WRITE_DEPS += "kmod-native depmodwrapper-cross"
-do_install:append() {
- install -d ${D}${sysconfdir}/modules-load.d/ ${D}${sysconfdir}/modprobe.d/
-}
+modulesloaddir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_libdir}', '${sysconfdir}', d)}/modules-load.d"
+modprobedir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_base_libdir}', '${sysconfdir}', d)}/modprobe.d"
KERNEL_SPLIT_MODULES ?= "1"
PACKAGESPLITFUNCS =+ "split_kernel_module_packages"
@@ -73,9 +72,8 @@ python split_kernel_module_packages () {
cmd = "%sobjcopy -j .modinfo -O binary %s %s" % (d.getVar("HOST_PREFIX") or "", file, tmpfile)
subprocess.check_call(cmd, shell=True)
# errors='replace': Some old kernel versions contain invalid utf-8 characters in mod descriptions (like 0xf6, 'ö')
- f = open(tmpfile, errors='replace')
- l = f.read().split("\000")
- f.close()
+ with open(tmpfile, errors='replace') as f:
+ l = f.read().split("\000")
os.close(tf[0])
os.unlink(tmpfile)
if compressed:
@@ -93,7 +91,7 @@ python split_kernel_module_packages () {
dvar = d.getVar('PKGD')
- # If autoloading is requested, output /etc/modules-load.d/<name>.conf and append
+ # If autoloading is requested, output ${modulesloaddir}/<name>.conf and append
# appropriate modprobe commands to the postinst
autoloadlist = (d.getVar("KERNEL_MODULE_AUTOLOAD") or "").split()
autoload = d.getVar('module_autoload_%s' % basename)
@@ -102,14 +100,18 @@ python split_kernel_module_packages () {
if autoload and basename not in autoloadlist:
bb.warn("module_autoload_%s is defined but '%s' isn't included in KERNEL_MODULE_AUTOLOAD, please add it there" % (basename, basename))
if basename in autoloadlist:
- name = '%s/etc/modules-load.d/%s.conf' % (dvar, basename)
- f = open(name, 'w')
- if autoload:
- for m in autoload.split():
- f.write('%s\n' % m)
- else:
- f.write('%s\n' % basename)
- f.close()
+ conf = '%s/%s.conf' % (d.getVar('modulesloaddir'), basename)
+ name = '%s%s' % (dvar, conf)
+ os.makedirs(os.path.dirname(name), exist_ok=True)
+ with open(name, 'w') as f:
+ if autoload:
+ for m in autoload.split():
+ f.write('%s\n' % m)
+ else:
+ f.write('%s\n' % basename)
+ conf2append = ' %s' % conf
+ d.appendVar('FILES:%s' % pkg, conf2append)
+ d.appendVar('CONFFILES:%s' % pkg, conf2append)
postinst = d.getVar('pkg_postinst:%s' % pkg)
if not postinst:
bb.fatal("pkg_postinst:%s not defined" % pkg)
@@ -120,21 +122,18 @@ python split_kernel_module_packages () {
modconflist = (d.getVar("KERNEL_MODULE_PROBECONF") or "").split()
modconf = d.getVar('module_conf_%s' % basename)
if modconf and basename in modconflist:
- name = '%s/etc/modprobe.d/%s.conf' % (dvar, basename)
- f = open(name, 'w')
- f.write("%s\n" % modconf)
- f.close()
+ conf = '%s/%s.conf' % (d.getVar('modprobedir'), basename)
+ name = '%s%s' % (dvar, conf)
+ os.makedirs(os.path.dirname(name), exist_ok=True)
+ with open(name, 'w') as f:
+ f.write("%s\n" % modconf)
+ conf2append = ' %s' % conf
+ d.appendVar('FILES:%s' % pkg, conf2append)
+ d.appendVar('CONFFILES:%s' % pkg, conf2append)
+
elif modconf:
bb.error("Please ensure module %s is listed in KERNEL_MODULE_PROBECONF since module_conf_%s is set" % (basename, basename))
- files = d.getVar('FILES:%s' % pkg)
- files = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (files, basename, basename)
- d.setVar('FILES:%s' % pkg, files)
-
- conffiles = d.getVar('CONFFILES:%s' % pkg)
- conffiles = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (conffiles, basename, basename)
- d.setVar('CONFFILES:%s' % pkg, conffiles)
-
if "description" in vals:
old_desc = d.getVar('DESCRIPTION:' + pkg) or ""
d.setVar('DESCRIPTION:' + pkg, old_desc + "; " + vals["description"])
@@ -169,8 +168,8 @@ python split_kernel_module_packages () {
postrm = d.getVar('pkg_postrm:modules')
if splitmods != '1':
- etcdir = d.getVar('sysconfdir')
- d.appendVar('FILES:' + metapkg, '%s/modules-load.d/ %s/modprobe.d/ %s/modules/' % (etcdir, etcdir, d.getVar("nonarch_base_libdir")))
+ d.appendVar('FILES:' + metapkg, '%s %s %s/modules' %
+ (d.getVar('modulesloaddir'), d.getVar('modprobedir'), d.getVar("nonarch_base_libdir")))
d.appendVar('pkg_postinst:%s' % metapkg, postinst)
d.prependVar('pkg_postrm:%s' % metapkg, postrm);
return
@@ -184,14 +183,6 @@ python split_kernel_module_packages () {
modules = do_split_packages(d, root='${nonarch_base_libdir}/modules', file_regex=module_regex, output_pattern=module_pattern, description='%s kernel module', postinst=postinst, postrm=postrm, recursive=True, hook=frob_metadata, extra_depends='%s-%s' % (kernel_package_name, kernel_version))
if modules:
d.appendVar('RDEPENDS:' + metapkg, ' '+' '.join(modules))
-
- # If modules-load.d and modprobe.d are empty at this point, remove them to
- # avoid warnings. removedirs only raises an OSError if an empty
- # directory cannot be removed.
- dvar = d.getVar('PKGD')
- for dir in ["%s/etc/modprobe.d" % (dvar), "%s/etc/modules-load.d" % (dvar), "%s/etc" % (dvar)]:
- if len(os.listdir(dir)) == 0:
- os.rmdir(dir)
}
do_package[vardeps] += '${@" ".join(map(lambda s: "module_conf_" + s, (d.getVar("KERNEL_MODULE_PROBECONF") or "").split()))}'
diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass
index e82b696d1a..2e9563186e 100644
--- a/poky/meta/classes-recipe/kernel.bbclass
+++ b/poky/meta/classes-recipe/kernel.bbclass
@@ -181,13 +181,14 @@ do_unpack[cleandirs] += " ${S} ${STAGING_KERNEL_DIR} ${B} ${STAGING_KERNEL_BUILD
do_clean[cleandirs] += " ${S} ${STAGING_KERNEL_DIR} ${B} ${STAGING_KERNEL_BUILDDIR}"
python do_symlink_kernsrc () {
s = d.getVar("S")
- if s[-1] == '/':
- # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as directory name and fail
- s=s[:-1]
kernsrc = d.getVar("STAGING_KERNEL_DIR")
if s != kernsrc:
bb.utils.mkdirhier(kernsrc)
bb.utils.remove(kernsrc, recurse=True)
+ if s[-1] == '/':
+ # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as
+ # directory name and fail
+ s = s[:-1]
if d.getVar("EXTERNALSRC"):
# With EXTERNALSRC S will not be wiped so we can symlink to it
os.symlink(s, kernsrc)
@@ -355,6 +356,9 @@ kernel_do_compile() {
export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR"
export PKG_CONFIG_SYSROOT_DIR=""
+ # for newer kernels (5.19+) there's a dedicated variable
+ export HOSTPKG_CONFIG="pkg-config-native"
+
if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then
# kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not
# be set....
@@ -426,7 +430,7 @@ do_compile_kernelmodules() {
if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS}
- # Module.symvers gets updated during the
+ # Module.symvers gets updated during the
# building of the kernel modules. We need to
# update this in the shared workdir since some
# external kernel modules has a dependency on
@@ -483,8 +487,6 @@ kernel_do_install() {
install -m 0644 .config ${D}/${KERNEL_IMAGEDEST}/config-${KERNEL_VERSION}
install -m 0644 vmlinux ${D}/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION}
[ -e Module.symvers ] && install -m 0644 Module.symvers ${D}/${KERNEL_IMAGEDEST}/Module.symvers-${KERNEL_VERSION}
- install -d ${D}${sysconfdir}/modules-load.d
- install -d ${D}${sysconfdir}/modprobe.d
}
# Must be ran no earlier than after do_kernel_checkout or else Makefile won't be in ${S}/Makefile
@@ -622,7 +624,6 @@ do_shared_workdir () {
# We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware
SYSROOT_DIRS = ""
-KERNEL_LOCALVERSION ??= ""
KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig"
python check_oldest_kernel() {
@@ -644,6 +645,9 @@ kernel_do_configure() {
# $ scripts/setlocalversion . => +
# $ make kernelversion => 2.6.37
# $ make kernelrelease => 2.6.37+
+ # See kernel-arch.bbclass for post v6.3 removal of the extra
+ # + in localversion. .scmversion is no longer used, and the
+ # variable LOCALVERSION must be used
if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]; then
echo ${KERNEL_LOCALVERSION} > ${B}/.scmversion
echo ${KERNEL_LOCALVERSION} > ${S}/.scmversion
diff --git a/poky/meta/classes-recipe/meson.bbclass b/poky/meta/classes-recipe/meson.bbclass
index 48688bed75..7f5e9b1943 100644
--- a/poky/meta/classes-recipe/meson.bbclass
+++ b/poky/meta/classes-recipe/meson.bbclass
@@ -111,6 +111,7 @@ nm = ${@meson_array('BUILD_NM', d)}
strip = ${@meson_array('BUILD_STRIP', d)}
readelf = ${@meson_array('BUILD_READELF', d)}
objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
+llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config'
pkgconfig = 'pkg-config-native'
${@rust_tool(d, "BUILD_SYS")}
diff --git a/poky/meta/classes-recipe/npm.bbclass b/poky/meta/classes-recipe/npm.bbclass
index 639f461a3a..91da3295f2 100644
--- a/poky/meta/classes-recipe/npm.bbclass
+++ b/poky/meta/classes-recipe/npm.bbclass
@@ -109,6 +109,7 @@ python npm_do_configure() {
import tempfile
from bb.fetch2.npm import NpmEnvironment
from bb.fetch2.npm import npm_unpack
+ from bb.fetch2.npm import npm_package
from bb.fetch2.npmsw import foreach_dependencies
from bb.progress import OutOfProgressHandler
from oe.npm_registry import NpmRegistry
@@ -129,22 +130,6 @@ python npm_do_configure() {
sha512 = bb.utils.sha512_file(tarball)
return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode()
- def _npmsw_dependency_dict(orig, deptree):
- """
- Return the sub dictionary in the 'orig' dictionary corresponding to the
- 'deptree' dependency tree. This function follows the shrinkwrap file
- format.
- """
- ptr = orig
- for dep in deptree:
- if "dependencies" not in ptr:
- ptr["dependencies"] = {}
- ptr = ptr["dependencies"]
- if dep not in ptr:
- ptr[dep] = {}
- ptr = ptr[dep]
- return ptr
-
# Manage the manifest file and shrinkwrap files
orig_manifest_file = d.expand("${S}/package.json")
orig_shrinkwrap_file = d.expand("${S}/npm-shrinkwrap.json")
@@ -168,31 +153,44 @@ python npm_do_configure() {
if has_shrinkwrap_file:
cached_shrinkwrap = copy.deepcopy(orig_shrinkwrap)
- cached_shrinkwrap.pop("dependencies", None)
+ for package in orig_shrinkwrap["packages"]:
+ if package != "":
+ cached_shrinkwrap["packages"].pop(package, None)
+ cached_shrinkwrap["packages"][""].pop("dependencies", None)
+ cached_shrinkwrap["packages"][""].pop("devDependencies", None)
+ cached_shrinkwrap["packages"][""].pop("peerDependencies", None)
# Manage the dependencies
progress = OutOfProgressHandler(d, r"^(\d+)/(\d+)$")
progress_total = 1 # also count the main package
progress_done = 0
- def _count_dependency(name, params, deptree):
+ def _count_dependency(name, params, destsuffix):
nonlocal progress_total
progress_total += 1
- def _cache_dependency(name, params, deptree):
- destsubdirs = [os.path.join("node_modules", dep) for dep in deptree]
- destsuffix = os.path.join(*destsubdirs)
+ def _cache_dependency(name, params, destsuffix):
with tempfile.TemporaryDirectory() as tmpdir:
# Add the dependency to the npm cache
destdir = os.path.join(d.getVar("S"), destsuffix)
(tarball, pkg) = npm_pack(env, destdir, tmpdir)
_npm_cache_add(tarball, pkg)
# Add its signature to the cached shrinkwrap
- dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
+ dep = params
dep["version"] = pkg['version']
dep["integrity"] = _npm_integrity(tarball)
if params.get("dev", False):
dep["dev"] = True
+ if "devDependencies" not in cached_shrinkwrap["packages"][""]:
+ cached_shrinkwrap["packages"][""]["devDependencies"] = {}
+ cached_shrinkwrap["packages"][""]["devDependencies"][name] = pkg['version']
+
+ else:
+ if "dependencies" not in cached_shrinkwrap["packages"][""]:
+ cached_shrinkwrap["packages"][""]["dependencies"] = {}
+ cached_shrinkwrap["packages"][""]["dependencies"][name] = pkg['version']
+
+ cached_shrinkwrap["packages"][destsuffix] = dep
# Display progress
nonlocal progress_done
progress_done += 1
@@ -203,6 +201,19 @@ python npm_do_configure() {
if has_shrinkwrap_file:
foreach_dependencies(orig_shrinkwrap, _count_dependency, dev)
foreach_dependencies(orig_shrinkwrap, _cache_dependency, dev)
+
+ # Manage Peer Dependencies
+ if has_shrinkwrap_file:
+ packages = orig_shrinkwrap.get("packages", {})
+ peer_deps = packages.get("", {}).get("peerDependencies", {})
+ package_runtime_dependencies = d.getVar("RDEPENDS:%s" % d.getVar("PN"))
+
+ for peer_dep in peer_deps:
+ peer_dep_yocto_name = npm_package(peer_dep)
+ if peer_dep_yocto_name not in package_runtime_dependencies:
+ bb.warn(peer_dep + " is a peer dependencie that is not in RDEPENDS variable. " +
+ "Please add this peer dependencie to the RDEPENDS variable as %s and generate its recipe with devtool"
+ % peer_dep_yocto_name)
# Configure the main package
with tempfile.TemporaryDirectory() as tmpdir:
@@ -212,7 +223,7 @@ python npm_do_configure() {
# Configure the cached manifest file and cached shrinkwrap file
def _update_manifest(depkey):
for name in orig_manifest.get(depkey, {}):
- version = cached_shrinkwrap["dependencies"][name]["version"]
+ version = cached_shrinkwrap["packages"][""][depkey][name]
if depkey not in cached_manifest:
cached_manifest[depkey] = {}
cached_manifest[depkey][name] = version
@@ -279,6 +290,9 @@ python npm_do_compile() {
args.append(("target_arch", d.getVar("NPM_ARCH")))
args.append(("build-from-source", "true"))
+ # Don't install peer dependencies as they should be in RDEPENDS variable
+ args.append(("legacy-peer-deps", "true"))
+
# Pack and install the main package
(tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM"))
diff --git a/poky/meta/classes-recipe/ptest-cargo.bbclass b/poky/meta/classes-recipe/ptest-cargo.bbclass
index 4ed528445a..5d53abe969 100644
--- a/poky/meta/classes-recipe/ptest-cargo.bbclass
+++ b/poky/meta/classes-recipe/ptest-cargo.bbclass
@@ -23,13 +23,13 @@ python do_compile_ptest_cargo() {
bb.note(f"Building tests with cargo ({cmd})")
try:
- proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
except subprocess.CalledProcessError as e:
bb.fatal(f"Cannot build test with cargo: {e}")
lines = []
for line in proc.stdout:
- data = line.decode('utf-8').strip('\n')
+ data = line.strip('\n')
lines.append(data)
bb.note(data)
proc.communicate()
@@ -50,7 +50,7 @@ python do_compile_ptest_cargo() {
current_manifest_path = os.path.normpath(data['manifest_path'])
project_manifest_path = os.path.normpath(manifest_path)
if current_manifest_path == project_manifest_path:
- if data['target']['test'] or data['target']['doctest'] and data['executable']:
+ if (data['target']['test'] or data['target']['doctest']) and data['executable']:
test_bins.append(data['executable'])
except KeyError as e:
# skip lines that do not meet the requirements
diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
index 652601b95f..4492c9c0aa 100644
--- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -37,7 +37,7 @@ APPEND:append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro
ROOTFS_POSTPROCESS_COMMAND += "write_image_test_data; "
# Write manifest
-IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.manifest"
+IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}.manifest"
ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; "
# Set default postinst log file
POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log"
diff --git a/poky/meta/classes-recipe/rootfs_rpm.bbclass b/poky/meta/classes-recipe/rootfs_rpm.bbclass
index 6eccd5a959..55f1cc92ca 100644
--- a/poky/meta/classes-recipe/rootfs_rpm.bbclass
+++ b/poky/meta/classes-recipe/rootfs_rpm.bbclass
@@ -20,11 +20,9 @@ IMAGE_ROOTFS_EXTRA_SPACE:append = "${@bb.utils.contains("PACKAGE_INSTALL", "dnf"
# Dnf is python based, so be sure python3-native is available to us.
EXTRANATIVEPATH += "python3-native"
-# opkg is needed for update-alternatives
RPMROOTFSDEPENDS = "rpm-native:do_populate_sysroot \
dnf-native:do_populate_sysroot \
- createrepo-c-native:do_populate_sysroot \
- opkg-native:do_populate_sysroot"
+ createrepo-c-native:do_populate_sysroot"
do_rootfs[depends] += "${RPMROOTFSDEPENDS}"
do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}"
diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass
index e0cedd7aa2..878272721c 100644
--- a/poky/meta/classes-recipe/rust-common.bbclass
+++ b/poky/meta/classes-recipe/rust-common.bbclass
@@ -158,6 +158,10 @@ WRAPPER_TARGET_CXX = "${CXX}"
WRAPPER_TARGET_CCLD = "${CCLD}"
WRAPPER_TARGET_LDFLAGS = "${LDFLAGS}"
WRAPPER_TARGET_EXTRALD = ""
+# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
+# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'"
+# when building MACHINE=qemux86 for musl
+WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared"
WRAPPER_TARGET_AR = "${AR}"
# compiler is used by gcc-rs
diff --git a/poky/meta/classes-recipe/testexport.bbclass b/poky/meta/classes-recipe/testexport.bbclass
index 0f0c56107f..572f5d9e76 100644
--- a/poky/meta/classes-recipe/testexport.bbclass
+++ b/poky/meta/classes-recipe/testexport.bbclass
@@ -61,16 +61,12 @@ def testexport_main(d):
d.getVar("TEST_TARGET"), None, d.getVar("TEST_TARGET_IP"),
d.getVar("TEST_SERVER_IP"))
- host_dumper = OERuntimeTestContextExecutor.getHostDumper(
- d.getVar("testimage_dump_host"), d.getVar("TESTIMAGE_DUMP_DIR"))
-
image_manifest = "%s.manifest" % image_name
image_packages = OERuntimeTestContextExecutor.readPackagesManifest(image_manifest)
extract_dir = d.getVar("TEST_EXTRACTED_DIR")
- tc = OERuntimeTestContext(td, logger, target, host_dumper,
- image_packages, extract_dir)
+ tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir)
copy_needed_files(d, tc)
diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass
index 0f02eadf57..e3068348ff 100644
--- a/poky/meta/classes-recipe/testimage.bbclass
+++ b/poky/meta/classes-recipe/testimage.bbclass
@@ -124,18 +124,6 @@ testimage_dump_target () {
find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \;
}
-testimage_dump_host () {
- top -bn1
- iostat -x -z -N -d -p ALL 20 2
- ps -ef
- free
- df
- memstat
- dmesg
- ip -s link
- netstat -an
-}
-
testimage_dump_monitor () {
query-status
query-block
@@ -381,19 +369,13 @@ def testimage_main(d):
# runtime use network for download projects for build
export_proxies(d)
- # we need the host dumper in test context
- host_dumper = OERuntimeTestContextExecutor.getHostDumper(
- d.getVar("testimage_dump_host"),
- d.getVar("TESTIMAGE_DUMP_DIR"))
-
# the robot dance
target = OERuntimeTestContextExecutor.getTarget(
d.getVar("TEST_TARGET"), logger, d.getVar("TEST_TARGET_IP"),
d.getVar("TEST_SERVER_IP"), **target_kwargs)
# test context
- tc = OERuntimeTestContext(td, logger, target, host_dumper,
- image_packages, extract_dir)
+ tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir)
# Load tests before starting the target
test_paths = get_runtime_paths(d)
diff --git a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
index 86a7d30ca0..653e583663 100644
--- a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
+++ b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
@@ -33,11 +33,11 @@
# UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default"
# UBOOT_EXTLINUX_TIMEOUT ??= "30"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback"
#
# Results:
#
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index bd9e7e7445..c1f1ea0fd6 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -48,8 +48,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
+CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
@@ -70,12 +70,28 @@ CVE_CHECK_COVERAGE ??= "1"
# Skip CVE Check for packages (PN)
CVE_CHECK_SKIP_RECIPE ?= ""
-# Ingore the check for a given list of CVEs. If a CVE is found,
-# then it is considered patched. The value is a string containing
-# space separated CVE values:
+# Replace NVD DB check status for a given CVE. Each of CVE has to be mentioned
+# separately with optional detail and description for this status.
#
-# CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234'
+# CVE_STATUS[CVE-1234-0001] = "not-applicable-platform: Issue only applies on Windows"
+# CVE_STATUS[CVE-1234-0002] = "fixed-version: Fixed externally"
#
+# Settings the same status and reason for multiple CVEs is possible
+# via CVE_STATUS_GROUPS variable.
+#
+# CVE_STATUS_GROUPS = "CVE_STATUS_WIN CVE_STATUS_PATCHED"
+#
+# CVE_STATUS_WIN = "CVE-1234-0001 CVE-1234-0003"
+# CVE_STATUS_WIN[status] = "not-applicable-platform: Issue only applies on Windows"
+# CVE_STATUS_PATCHED = "CVE-1234-0002 CVE-1234-0004"
+# CVE_STATUS_PATCHED[status] = "fixed-version: Fixed externally"
+#
+# All possible CVE statuses could be found in cve-check-map.conf
+# CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
+# CVE_CHECK_STATUSMAP[fixed-version] = "Patched"
+#
+# CVE_CHECK_IGNORE is deprecated and CVE_STATUS has to be used instead.
+# Keep CVE_CHECK_IGNORE until other layers migrate to new variables
CVE_CHECK_IGNORE ?= ""
# Layers to be excluded
@@ -88,6 +104,24 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as increment release
CVE_VERSION_SUFFIX ??= ""
+python () {
+ # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
+ cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
+ if cve_check_ignore:
+ bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
+ for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
+ d.setVarFlag("CVE_STATUS", cve, "ignored")
+
+ # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
+ for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
+ cve_group = d.getVar(cve_status_group)
+ if cve_group is not None:
+ for cve in cve_group.split():
+ d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
+ else:
+ bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
+}
+
def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
@@ -260,7 +294,7 @@ def check_cves(d, patched_cves):
"""
Connect to the NVD database and find unpatched cves.
"""
- from oe.cve_check import Version, convert_cve_version
+ from oe.cve_check import Version, convert_cve_version, decode_cve_status
pn = d.getVar("PN")
real_pv = d.getVar("PV")
@@ -282,7 +316,12 @@ def check_cves(d, patched_cves):
bb.note("Recipe has been skipped by cve-check")
return ([], [], [], [])
- cve_ignore = d.getVar("CVE_CHECK_IGNORE").split()
+ # Convert CVE_STATUS into ignored CVEs and check validity
+ cve_ignore = []
+ for cve in (d.getVarFlags("CVE_STATUS") or {}):
+ decoded_status, _, _ = decode_cve_status(d, cve)
+ if decoded_status == "Ignored":
+ cve_ignore.append(cve)
import sqlite3
db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
@@ -413,6 +452,8 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
CVE manifest if enabled.
"""
+ from oe.cve_check import decode_cve_status
+
cve_file = d.getVar("CVE_CHECK_LOG")
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
@@ -441,20 +482,27 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
is_patched = cve in patched
is_ignored = cve in ignored
+ status = "Unpatched"
if (is_patched or is_ignored) and not report_all:
continue
+ if is_ignored:
+ status = "Ignored"
+ elif is_patched:
+ status = "Patched"
+ else:
+ # default value of status is Unpatched
+ unpatched_cves.append(cve)
write_string += "LAYER: %s\n" % layer
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
write_string += "CVE: %s\n" % cve
- if is_ignored:
- write_string += "CVE STATUS: Ignored\n"
- elif is_patched:
- write_string += "CVE STATUS: Patched\n"
- else:
- unpatched_cves.append(cve)
- write_string += "CVE STATUS: Unpatched\n"
+ write_string += "CVE STATUS: %s\n" % status
+ _, detail, description = decode_cve_status(d, cve)
+ if detail:
+ write_string += "CVE DETAIL: %s\n" % detail
+ if description:
+ write_string += "CVE DESCRIPTION: %s\n" % description
write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
@@ -516,6 +564,8 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
Prepare CVE data for the JSON format, then write it.
"""
+ from oe.cve_check import decode_cve_status
+
output = {"version":"1", "package": []}
nvd_link = "https://nvd.nist.gov/vuln/detail/"
@@ -576,6 +626,11 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"status" : status,
"link": issue_link
}
+ _, detail, description = decode_cve_status(d, cve)
+ if detail:
+ cve_item["detail"] = detail
+ if description:
+ cve_item["description"] = description
cve_list.append(cve_item)
package_data["issue"] = cve_list
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 9625a6fef4..475d6523bb 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -831,6 +831,7 @@ include conf/distro/defaultsetup.conf
include conf/documentation.conf
include conf/licenses.conf
require conf/sanity.conf
+require conf/cve-check-map.conf
##################################################################
# Weak variables (usually to retain backwards compatibility)
@@ -904,7 +905,7 @@ IMAGE_FEATURES += "${EXTRA_IMAGE_FEATURES}"
# Native distro features (will always be used for -native, even if they
# are not enabled for target)
-DISTRO_FEATURES_NATIVE ?= "x11 ipv6 xattr"
+DISTRO_FEATURES_NATIVE ?= "acl x11 ipv6 xattr"
DISTRO_FEATURES_NATIVESDK ?= "x11"
# Normally target distro features will not be applied to native builds:
diff --git a/poky/meta/conf/cve-check-map.conf b/poky/meta/conf/cve-check-map.conf
new file mode 100644
index 0000000000..17b0f15571
--- /dev/null
+++ b/poky/meta/conf/cve-check-map.conf
@@ -0,0 +1,28 @@
+# Possible options for CVE statuses
+
+# used by this class internally when fix is detected (NVD DB version check or CVE patch file)
+CVE_CHECK_STATUSMAP[patched] = "Patched"
+# use when this class does not detect backported patch (e.g. vendor kernel repo with cherry-picked CVE patch)
+CVE_CHECK_STATUSMAP[backported-patch] = "Patched"
+# use when NVD DB does not mention patched versions of stable/LTS branches which have upstream CVE backports
+CVE_CHECK_STATUSMAP[cpe-stable-backport] = "Patched"
+# use when NVD DB does not mention correct version or does not mention any verion at all
+CVE_CHECK_STATUSMAP[fixed-version] = "Patched"
+
+# used internally by this class if CVE vulnerability is detected which is not marked as fixed or ignored
+CVE_CHECK_STATUSMAP[unpatched] = "Unpatched"
+# use when CVE is confirmed by upstream but fix is still not available
+CVE_CHECK_STATUSMAP[vulnerable-investigating] = "Unpatched"
+
+# used for migration from old concept, do not use for new vulnerabilities
+CVE_CHECK_STATUSMAP[ignored] = "Ignored"
+# use when NVD DB wrongly indicates vulnerability which is actually for a different component
+CVE_CHECK_STATUSMAP[cpe-incorrect] = "Ignored"
+# use when upstream does not accept the report as a vulnerability (e.g. works as designed)
+CVE_CHECK_STATUSMAP[disputed] = "Ignored"
+# use when vulnerability depends on build or runtime configuration which is not used
+CVE_CHECK_STATUSMAP[not-applicable-config] = "Ignored"
+# use when vulnerability affects other platform (e.g. Windows or Debian)
+CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
+# use when upstream acknowledged the vulnerability but does not plan to fix it
+CVE_CHECK_STATUSMAP[upstream-wontfix] = "Ignored"
diff --git a/poky/meta/conf/distro/defaultsetup.conf b/poky/meta/conf/distro/defaultsetup.conf
index f6894f3ab5..1abb509629 100644
--- a/poky/meta/conf/distro/defaultsetup.conf
+++ b/poky/meta/conf/distro/defaultsetup.conf
@@ -2,7 +2,7 @@ include conf/distro/include/default-providers.inc
include conf/distro/include/default-versions.inc
include conf/distro/include/default-distrovars.inc
include conf/distro/include/maintainers.inc
-
+include conf/distro/include/time64.inc
require conf/distro/include/tcmode-${TCMODE}.inc
require conf/distro/include/tclibc-${TCLIBC}.inc
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
index 1c3cc36c61..61fb08dbeb 100644
--- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -15,44 +15,43 @@
# the aim of sharing that work and ensuring we don't duplicate it.
#
-
-# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
-# CVE is more than 20 years old with no resolution evident
-# broken links in CVE database references make resolution impractical
-CVE_CHECK_IGNORE += "CVE-2000-0006"
-
-# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
-# The issue here is spoofing of domain names using characters from other character sets.
-# There has been much discussion amongst the epiphany and webkit developers and
-# whilst there are improvements about how domains are handled and displayed to the user
-# there is unlikely ever to be a single fix to webkit or epiphany which addresses this
-# problem. Ignore this CVE as there isn't any mitigation or fix or way to progress this further
-# we can seem to take.
-CVE_CHECK_IGNORE += "CVE-2005-0238"
-
-# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
-# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
-# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
-# Upstream don't see it as a security issue, ftp servers shouldn't be passing
-# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
-CVE_CHECK_IGNORE += "CVE-2010-4756"
-
-# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
-# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
-# The encoding/xml package in go can potentially be used for security exploits if not used correctly
-# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
-# exposing this interface in an exploitable way
-CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
+# strace https://nvd.nist.gov/vuln/detail/CVE-2000-0006
+CVE_STATUS[CVE-2000-0006] = "upstream-wontfix: CVE is more than 20 years old \
+with no resolution evident. Broken links in CVE database references make resolution impractical."
+
+# epiphany https://nvd.nist.gov/vuln/detail/CVE-2005-0238
+CVE_STATUS[CVE-2005-0238] = "upstream-wontfix: \
+The issue here is spoofing of domain names using characters from other character sets. \
+There has been much discussion amongst the epiphany and webkit developers and \
+whilst there are improvements about how domains are handled and displayed to the user \
+there is unlikely ever to be a single fix to webkit or epiphany which addresses this \
+problem. There isn't any mitigation or fix or way to progress this further."
+
+# glibc https://nvd.nist.gov/vuln/detail/CVE-2010-4756
+CVE_STATUS[CVE-2010-4756] = "upstream-wontfix: \
+Issue is memory exhaustion via glob() calls, e.g. from within an ftp server \
+Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 \
+Upstream don't see it as a security issue, ftp servers shouldn't be passing \
+this to libc glob. Upstream have no plans to add BSD's GLOB_LIMIT or similar."
+
+# go https://nvd.nist.gov/vuln/detail/CVE-2020-29509
+# go https://nvd.nist.gov/vuln/detail/CVE-2020-29511
+CVE_STATUS_GROUPS += "CVE_STATUS_GO"
+CVE_STATUS_GO = "CVE-2020-29509 CVE-2020-29511"
+CVE_STATUS_GO[status] = "not-applicable-config: \
+The encoding/xml package in go can potentially be used for security exploits if not used correctly \
+CVE applies to a netapp product as well as flagging a general issue. We don't ship anything \
+exposing this interface in an exploitable way"
# db
-# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
-# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
-CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE_STATUS_GROUPS += "CVE_STATUS_DB"
+CVE_STATUS_DB = "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
-
+CVE_STATUS_DB[status] = "upstream-wontfix: Since Oracle relicensed bdb, the open source community is slowly but surely \
+replacing bdb with supported and open source friendly alternatives. As a result this CVE is unlikely to ever be fixed."
#
# Kernel CVEs, e.g. linux-yocto*
@@ -65,605 +64,64 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
# issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd
# welcome than and then entries can likely be removed from here.
#
-# 1999-2010
-CVE_CHECK_IGNORE += "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \
- CVE-2008-4609 CVE-2010-0298 CVE-2010-4563"
-# 2011-2017
-CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \
- CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264"
-# 2018
-CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
- CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873"
-# This is specific to Ubuntu
-CVE_CHECK_IGNORE += "CVE-2018-6559"
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_2010 CVE_STATUS_KERNEL_2017 CVE_STATUS_KERNEL_2018 CVE_STATUS_KERNEL_2020 \
+ CVE_STATUS_KERNEL_2021 CVE_STATUS_KERNEL_2022"
-# https://www.linuxkernelcves.com/cves/CVE-2019-3016
-# Fixed with 5.6
-CVE_CHECK_IGNORE += "CVE-2019-3016"
+# 1999-2010
+CVE_STATUS_KERNEL_2010 = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \
+ CVE-2008-4609 CVE-2010-0298 CVE-2010-4563"
+CVE_STATUS_KERNEL_2010[status] = "ignored"
-# https://www.linuxkernelcves.com/cves/CVE-2019-3819
-# Fixed with 5.1
-CVE_CHECK_IGNORE += "CVE-2019-3819"
+# 2011-2017
+CVE_STATUS_KERNEL_2017 = "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \
+ CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264"
+CVE_STATUS_KERNEL_2017[status] = "ignored"
-# https://www.linuxkernelcves.com/cves/CVE-2019-3887
-# Fixed with 5.2
-CVE_CHECK_IGNORE += "CVE-2019-3887"
+# 2018
+CVE_STATUS_KERNEL_2018 = "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
+ CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873"
+CVE_STATUS_KERNEL_2018[status] = "ignored"
# 2020
-CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
-# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
-# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
-# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
-CVE_CHECK_IGNORE += "CVE-2020-27784"
+CVE_STATUS_KERNEL_2020 = "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
+CVE_STATUS_KERNEL_2020[status] = "ignored"
# 2021
-CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
- CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
-CVE_CHECK_IGNORE += "CVE-2021-3669"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
-# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
-# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
-# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
-# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
-CVE_CHECK_IGNORE += "CVE-2021-3759"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
-CVE_CHECK_IGNORE += "CVE-2021-4218"
+CVE_STATUS_KERNEL_2021 = "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
+ CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
+CVE_STATUS_KERNEL_2021[status] = "ignored"
# 2022
-CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
- CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
- CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \
- CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \
- CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \
- CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
- CVE-2022-29582 CVE-2022-29968"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
-CVE_CHECK_IGNORE += "CVE-2022-0480"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
-# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
-# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
-# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
-CVE_CHECK_IGNORE += "CVE-2022-1184"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
-# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
-# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
-# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
-CVE_CHECK_IGNORE += "CVE-2022-1462"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
-# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54
-# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026
-# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
-# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
-# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
-# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
-# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
-CVE_CHECK_IGNORE += "CVE-2022-2196"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
-# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
-# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
-# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
-# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
-CVE_CHECK_IGNORE += "CVE-2022-2308"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
-CVE_CHECK_IGNORE += "CVE-2022-2327"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
-# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
-# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
-# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
-# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
-# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
-# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
-CVE_CHECK_IGNORE += "CVE-2022-2663"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
-# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
-# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
-# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
-CVE_CHECK_IGNORE += "CVE-2022-2785"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
-# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
-# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
-# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
-CVE_CHECK_IGNORE += "CVE-2022-3176"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
-# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
-# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
-# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
-# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
-# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
-# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
-CVE_CHECK_IGNORE += "CVE-2022-3424"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
-# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
-# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
-# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
-# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
-# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
-# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
-# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
-# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
-CVE_CHECK_IGNORE += "CVE-2022-3435"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
-# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
-# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
-# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
-CVE_CHECK_IGNORE += "CVE-2022-3526"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
-# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
-# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
-# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
-# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
-# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
-CVE_CHECK_IGNORE += "CVE-2022-3534"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
-# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
-# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
-# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
-# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
-CVE_CHECK_IGNORE += "CVE-2022-3564"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
-# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
-# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
-# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
-CVE_CHECK_IGNORE += "CVE-2022-3619"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
-# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
-# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
-# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
-# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
-# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
-# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
-CVE_CHECK_IGNORE += "CVE-2022-3621"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
-# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
-# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
-# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
-# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
-# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
-# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
-CVE_CHECK_IGNORE += "CVE-2022-3623"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
-# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
-# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
-CVE_CHECK_IGNORE += "CVE-2022-3624"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
-# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
-# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
-# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
-# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
-# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
-# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
-CVE_CHECK_IGNORE += "CVE-2022-3625"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
-# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
-# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
-# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
-# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
-# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
-# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
-CVE_CHECK_IGNORE += "CVE-2022-3629"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
-# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
-# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
-# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
-CVE_CHECK_IGNORE += "CVE-2022-3630"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
-# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
-# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
-# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
-# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
-# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
-# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
-CVE_CHECK_IGNORE += "CVE-2022-3633"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
-# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
-# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
-# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
-# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
-CVE_CHECK_IGNORE += "CVE-2022-3635"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
-# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
-# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
-CVE_CHECK_IGNORE += "CVE-2022-3636"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
-# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
-# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
-# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
-# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
-# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
-# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
-# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
-# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
-CVE_CHECK_IGNORE += "CVE-2022-3640"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
-# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
-# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
-# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
-# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
-# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
-# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
-CVE_CHECK_IGNORE += "CVE-2022-3646"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
-# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
-# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
-# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
-# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
-CVE_CHECK_IGNORE += "CVE-2022-3649"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
-# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
-# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
-# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
-# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
-# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
-# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
-CVE_CHECK_IGNORE += "CVE-2022-4382"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
-# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
-# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
-# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
-CVE_CHECK_IGNORE += "CVE-2022-26365"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
-# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
-# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
-# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
-CVE_CHECK_IGNORE += "CVE-2022-33740"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
-# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
-# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
-# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
-CVE_CHECK_IGNORE += "CVE-2022-33741"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
-# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
-# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
-# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
-CVE_CHECK_IGNORE += "CVE-2022-33742"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
-# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
-# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
-# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
-CVE_CHECK_IGNORE += "CVE-2022-42895"
+CVE_STATUS_KERNEL_2022 = "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
+ CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
+ CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \
+ CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \
+ CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \
+ CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
+ CVE-2022-29582 CVE-2022-29968"
+CVE_STATUS_KERNEL_2022[status] = "ignored"
-# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
-# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
-# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
-# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
-CVE_CHECK_IGNORE += "CVE-2022-42896"
-
-# 2023
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
-# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
-# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
-# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
-# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
-CVE_CHECK_IGNORE += "CVE-2023-0179"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
-# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
-# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
-CVE_CHECK_IGNORE += "CVE-2023-0266"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
-# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
-# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
-# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
-# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
-# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
-# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
-CVE_CHECK_IGNORE += "CVE-2023-0394"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
-# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578
-# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
-# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
-# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
-# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
-# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
-CVE_CHECK_IGNORE += "CVE-2023-0461"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
-# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
-# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
-# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
-# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
-CVE_CHECK_IGNORE += "CVE-2023-0386"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
-# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
-# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
-# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
-# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
-# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
-CVE_CHECK_IGNORE += "CVE-2023-1073"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
-# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
-# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
-# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
-CVE_CHECK_IGNORE += "CVE-2023-1074"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
-# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
-# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11
-# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178
-# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
-# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
-# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
-CVE_CHECK_IGNORE += "CVE-2023-1076"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
-# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
-# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
-# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
-CVE_CHECK_IGNORE += "CVE-2023-1077"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
-# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
-# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
-# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
-CVE_CHECK_IGNORE += "CVE-2023-1078"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
-# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
-# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
-# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
-# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
-# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
-# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
-CVE_CHECK_IGNORE += "CVE-2023-1079"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
-# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
-# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
-# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
-# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
-# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
-# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
-# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
-CVE_CHECK_IGNORE += "CVE-2023-1118"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
-# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6
-# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
-# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
-# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
-# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
-CVE_CHECK_IGNORE += "CVE-2023-1281"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
-# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
-# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
-# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
-# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
-# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
-CVE_CHECK_IGNORE += "CVE-2023-1513"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
-# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
-# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
-# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
-# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
-# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
-CVE_CHECK_IGNORE += "CVE-2023-1652"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
-# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
-# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
-# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
-# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
-# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
-# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
-# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
-# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
-CVE_CHECK_IGNORE += "CVE-2023-1829"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
-# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
-# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
-# But, the CVE is disputed:
-# > NOTE: this is disputed by third parties because there are no realistic cases
-# > in which a user can cause the alloc_memory_type error case to be reached.
-# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2
-# We can safely ignore it.
-CVE_CHECK_IGNORE += "CVE-2023-23005"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
-# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
-# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
-# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
-# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
-# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
-CVE_CHECK_IGNORE += "CVE-2023-28466"
-
-# Wrong CPE in NVD database
# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
-# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
-CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
-
-# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
-# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
-# qemu maintainers say the patch is incorrect and should not be applied
-# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable
-CVE_CHECK_IGNORE += "CVE-2021-20255"
-
-# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
-# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can
-# still be reproduced or where exactly any bug is.
-# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one.
-CVE_CHECK_IGNORE += "CVE-2019-12067"
-
-# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
-# It is a fuzzing related buffer overflow. It is of low impact since most devices
-# wouldn't expose an assembler. The upstream is inactive and there is little to be
-# done about the bug, ignore from an OE perspective.
-CVE_CHECK_IGNORE += "CVE-2020-18974"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-0459
-# Fixed in 6.1.14 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0459"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-0615
-# Fixed in 6.1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0615"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1380
-# Fixed in 6.1.27
-CVE_CHECK_IGNORE += "CVE-2023-1380"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1611
-# Fixed in 6.1.23
-CVE_CHECK_IGNORE += "CVE-2023-1611"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1855
-# Fixed in 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-1855"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1859
-# Fixed in 6.1.25
-CVE_CHECK_IGNORE += "CVE-2023-1859"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1989
-# Fixed in 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-1989"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1990
-# Fixed in 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-1990"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1999
-# Fixed in 6.1.16
-CVE_CHECK_IGNORE += "CVE-2023-1998"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2002
-# Fixed in 6.1.27
-CVE_CHECK_IGNORE += "CVE-2023-2002"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2156
-# Fixed in 6.1.26
-CVE_CHECK_IGNORE += "CVE-2023-2156"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2162
-# Fixed in 6.1.11
-CVE_CHECK_IGNORE += "CVE-2023-2162"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2194
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-2194"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2235
-# Fixed with 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-2235"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-28328
-# Fixed with 6.1.2
-CVE_CHECK_IGNORE += "CVE-2023-28328"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2985
-# Fixed in 6.1.16
-CVE_CHECK_IGNORE += "CVE-2023-2985"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-28866
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-28866"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-30456
-# Fixed with 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-30456"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-30772
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-30772"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-31436
-# Fixed with 6.1.26
-CVE_CHECK_IGNORE += "CVE-2023-31436"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-32233
-# Fixed with 6.1.28
-CVE_CHECK_IGNORE += "CVE-2023-32233"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-33203
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-33203"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-33288
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-33288"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-34256
-# Fixed in 6.1.29
-CVE_CHECK_IGNORE += "CVE-2023-34256"
-
-# Backported to 6.1.30 as 9a342d4
-CVE_CHECK_IGNORE += "CVE-2023-3141"
+CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
+CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
+
+# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255
+CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \
+There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html \
+qemu maintainers say the patch is incorrect and should not be applied \
+The issue is of low impact, at worst sitting in an infinite loop rather than exploitable."
+
+# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2019-12067
+CVE_STATUS[CVE-2019-12067] = "upstream-wontfix: \
+There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can \
+still be reproduced or where exactly any bug is. \
+We'll pick up any fix when upstream accepts one."
+
+# nasm:nasm-native https://nvd.nist.gov/vuln/detail/CVE-2020-18974
+CVE_STATUS[CVE-2020-18974] = "upstream-wontfix: \
+It is a fuzzing related buffer overflow. It is of low impact since most devices
+wouldn't expose an assembler. The upstream is inactive and there is little to be
+done about the bug, ignore from an OE perspective."
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 9bb5c5205c..6e82e943fa 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -127,7 +127,6 @@ RECIPE_MAINTAINER:pn-cryptodev-module = "Robert Yang <liezhi.yang@windriver.com>
RECIPE_MAINTAINER:pn-cryptodev-tests = "Robert Yang <liezhi.yang@windriver.com>"
RECIPE_MAINTAINER:pn-cups = "Chen Qi <Qi.Chen@windriver.com>"
RECIPE_MAINTAINER:pn-curl = "Robert Joslyn <robert.joslyn@redrectangle.org>"
-RECIPE_MAINTAINER:pn-cve-update-db-native = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-cve-update-nvd2-native = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-cwautomacros = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-db = "Unassigned <unassigned@yoctoproject.org>"
@@ -322,7 +321,6 @@ RECIPE_MAINTAINER:pn-libconvert-asn1-perl = "Tim Orling <tim.orling@konsulko.com
RECIPE_MAINTAINER:pn-libcroco = "Anuj Mittal <anuj.mittal@intel.com>"
RECIPE_MAINTAINER:pn-libdaemon = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER:pn-libdazzle = "Alexander Kanavin <alex.kanavin@gmail.com>"
-RECIPE_MAINTAINER:pn-libdmx = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-libdnf = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER:pn-libdrm = "Otavio Salvador <otavio.salvador@ossystems.com.br>"
RECIPE_MAINTAINER:pn-libedit = "Khem Raj <raj.khem@gmail.com>"
@@ -664,7 +662,7 @@ RECIPE_MAINTAINER:pn-python3-pyasn1 = "Tim Orling <tim.orling@konsulko.com>"
RECIPE_MAINTAINER:pn-python3-pycairo = "Zang Ruochen <zangruochen@loongson.cn>"
RECIPE_MAINTAINER:pn-python3-pycparser = "Tim Orling <tim.orling@konsulko.com>"
RECIPE_MAINTAINER:pn-python3-pyelftools = "Joshua Watt <JPEWhacker@gmail.com>"
-RECIPE_MAINTAINER:pn-python3-pygments = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-python3-pygments = "Tim Orling <tim.orling@konsulko.com>"
RECIPE_MAINTAINER:pn-python3-pygobject = "Zang Ruochen <zangruochen@loongson.cn>"
RECIPE_MAINTAINER:pn-python3-pyopenssl = "Tim Orling <tim.orling@konsulko.com>"
RECIPE_MAINTAINER:pn-python3-pyparsing = "Unassigned <unassigned@yoctoproject.org>"
@@ -847,6 +845,7 @@ RECIPE_MAINTAINER:pn-x264 = "Anuj Mittal <anuj.mittal@intel.com>"
RECIPE_MAINTAINER:pn-xauth = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xcb-proto = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xcb-util = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-xcb-util-cursor = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xcb-util-image = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xcb-util-keysyms = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xcb-util-renderutil = "Unassigned <unassigned@yoctoproject.org>"
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index da9153b998..6250cf081e 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -99,6 +99,7 @@ PTESTS_SLOW = "\
libgcrypt \
libmodule-build-perl \
lttng-tools \
+ mdadm \
openssh \
openssl \
parted \
@@ -122,7 +123,6 @@ PTESTS_PROBLEMS:append:x86 = " valgrind"
# rt-tests \ # Needs to be checked whether it runs at all
# bash \ # Test outcomes are non-deterministic by design
# ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-# mdadm \ # Tests rely on non-deterministic sleep() amounts
# libinput \ # Tests need an unloaded system to be reliable
# libpam \ # Needs pam DISTRO_FEATURE
# numactl \ # qemu not (yet) configured for numa; all tests are skipped
@@ -134,7 +134,6 @@ PTESTS_PROBLEMS = "\
rt-tests \
bash \
ifupdown \
- mdadm \
libinput \
libpam \
libseccomp \
diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc
index 0b33e61924..18daf446e5 100644
--- a/poky/meta/conf/distro/include/tcmode-default.inc
+++ b/poky/meta/conf/distro/include/tcmode-default.inc
@@ -21,7 +21,7 @@ SDKGCCVERSION ?= "${GCCVERSION}"
BINUVERSION ?= "2.40%"
GDBVERSION ?= "13.%"
GLIBCVERSION ?= "2.37"
-LINUXLIBCVERSION ?= "6.1%"
+LINUXLIBCVERSION ?= "6.4%"
QEMUVERSION ?= "8.0%"
GOVERSION ?= "1.20%"
LLVMVERSION ?= "16.%"
diff --git a/poky/meta/conf/distro/include/time64.inc b/poky/meta/conf/distro/include/time64.inc
index 78569de433..bc0c72226b 100644
--- a/poky/meta/conf/distro/include/time64.inc
+++ b/poky/meta/conf/distro/include/time64.inc
@@ -27,20 +27,25 @@ GLIBC_64BIT_TIME_FLAGS:pn-glibc-testsuite = ""
GLIBC_64BIT_TIME_FLAGS:pn-pipewire = ""
# Pulseaudio override certain LFS64 functions e.g. open64 and intentionally
# undefines _FILE_OFFSET_BITS, which wont work when _TIME_BITS=64 is set
+# See https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/3770
GLIBC_64BIT_TIME_FLAGS:pn-pulseaudio = ""
+# Undefines _FILE_OFFSET_BITS on purpose in
+# libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp
GLIBC_64BIT_TIME_FLAGS:pn-gcc-sanitizers = ""
+# https://github.com/strace/strace/issues/250
+GLIBC_64BIT_TIME_FLAGS:pn-strace = ""
-INSANE_SKIP:append:pn-cargo = " 32bit-time"
+# Caused by the flags exceptions above
INSANE_SKIP:append:pn-gcc-sanitizers = " 32bit-time"
INSANE_SKIP:append:pn-glibc = " 32bit-time"
INSANE_SKIP:append:pn-glibc-tests = " 32bit-time"
-INSANE_SKIP:append:pn-librsvg = " 32bit-time"
-INSANE_SKIP:append:pn-libstd-rs = " 32bit-time"
-INSANE_SKIP:append:pn-pseudo = " 32bit-time"
INSANE_SKIP:append:pn-pulseaudio = " 32bit-time"
-INSANE_SKIP:append:pn-python3-bcrypt = " 32bit-time"
-INSANE_SKIP:append:pn-python3-cryptography = " 32bit-time"
-INSANE_SKIP:append:pn-rust = " 32bit-time"
-INSANE_SKIP:append:pn-rust-hello-world = " 32bit-time"
+
+# Strace has tests that call 32 bit API directly, which is fair enough, e.g.
+# /usr/lib/strace/ptest/tests/ioctl_termios uses 32-bit api 'ioctl'
INSANE_SKIP:append:pn-strace = " 32bit-time"
+# Additionally cargo_common class (i.e. everything written in rust)
+# has the same INSANE_SKIP setting.
+# Please check the comment in meta/classes-recipe/cargo_common.bbclass
+# for information about why, and the overall Y2038 situation in rust.
diff --git a/poky/meta/conf/machine/include/arm/arch-arm64.inc b/poky/meta/conf/machine/include/arm/arch-arm64.inc
index 0e2efb5a40..832d0000ac 100644
--- a/poky/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/poky/meta/conf/machine/include/arm/arch-arm64.inc
@@ -37,3 +37,8 @@ TUNE_ARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_ARCH_64}',
TUNE_PKGARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_PKGARCH_64}', '${TUNE_PKGARCH_32}', d)}"
ABIEXTENSION = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${ABIEXTENSION_64}', '${ABIEXTENSION_32}', d)}"
TARGET_FPU = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TARGET_FPU_64}', '${TARGET_FPU_32}', d)}"
+
+# Emit branch protection (PAC/BTI) instructions. On hardware that doesn't
+# support these they're meaningless NOP instructions, so there's very little
+# reason not to.
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ' -mbranch-protection=standard', '', d)}"
diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf
index aa9ce88203..75cfbaf74b 100644
--- a/poky/meta/conf/machine/qemuarm.conf
+++ b/poky/meta/conf/machine/qemuarm.conf
@@ -29,4 +29,8 @@ QB_ROOTFS_OPT = "-drive id=disk0,file=@ROOTFS@,if=none,format=raw -device virtio
QB_SERIAL_OPT = "-device virtio-serial-device -chardev null,id=virtcon -device virtconsole,chardev=virtcon"
QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon"
+# 6.4 causes Xorg to fail to read the virtio framebuffer so stick with 6.1 until
+# that is resolved.
+PREFERRED_VERSION_linux-yocto ??= "6.1%"
+
KMACHINE:qemuarm = "qemuarma15"
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index dbaa0b373a..5bf3caac47 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -130,6 +130,13 @@ def get_patched_cves(d):
if not fname_match and not text_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
+ # Search for additional patched CVEs
+ for cve in (d.getVarFlags("CVE_STATUS") or {}):
+ decoded_status, _, _ = decode_cve_status(d, cve)
+ if decoded_status == "Patched":
+ bb.debug(2, "CVE %s is additionally patched" % cve)
+ patched_cves.add(cve)
+
return patched_cves
@@ -218,3 +225,21 @@ def convert_cve_version(version):
return version + update
+def decode_cve_status(d, cve):
+ """
+ Convert CVE_STATUS into status, detail and description.
+ """
+ status = d.getVarFlag("CVE_STATUS", cve)
+ if status is None:
+ return ("", "", "")
+
+ status_split = status.split(':', 1)
+ detail = status_split[0]
+ description = status_split[1].strip() if (len(status_split) > 1) else ""
+
+ status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail)
+ if status_mapping is None:
+ bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
+ status_mapping = "Unpatched"
+
+ return (status_mapping, detail, description)
diff --git a/poky/meta/lib/oe/package_manager/rpm/rootfs.py b/poky/meta/lib/oe/package_manager/rpm/rootfs.py
index d4c415f68c..3ba5396320 100644
--- a/poky/meta/lib/oe/package_manager/rpm/rootfs.py
+++ b/poky/meta/lib/oe/package_manager/rpm/rootfs.py
@@ -110,7 +110,7 @@ class PkgRootfs(Rootfs):
if self.progress_reporter:
self.progress_reporter.next_stage()
- self._setup_dbg_rootfs(['/etc', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf'])
+ self._setup_dbg_rootfs(['/etc/rpm', '/etc/rpmrc', '/etc/dnf', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf'])
execute_pre_post_process(self.d, rpm_post_process_cmds)
diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py
index 890ba5f039..1a48ed10b3 100644
--- a/poky/meta/lib/oe/rootfs.py
+++ b/poky/meta/lib/oe/rootfs.py
@@ -106,7 +106,7 @@ class Rootfs(object, metaclass=ABCMeta):
def _cleanup(self):
pass
- def _setup_dbg_rootfs(self, dirs):
+ def _setup_dbg_rootfs(self, package_paths):
gen_debugfs = self.d.getVar('IMAGE_GEN_DEBUGFS') or '0'
if gen_debugfs != '1':
return
@@ -122,11 +122,12 @@ class Rootfs(object, metaclass=ABCMeta):
bb.utils.mkdirhier(self.image_rootfs)
bb.note(" Copying back package database...")
- for dir in dirs:
- if not os.path.isdir(self.image_rootfs + '-orig' + dir):
- continue
- bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(dir))
- shutil.copytree(self.image_rootfs + '-orig' + dir, self.image_rootfs + dir, symlinks=True)
+ for path in package_paths:
+ bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(path))
+ if os.path.isdir(self.image_rootfs + '-orig' + path):
+ shutil.copytree(self.image_rootfs + '-orig' + path, self.image_rootfs + path, symlinks=True)
+ elif os.path.isfile(self.image_rootfs + '-orig' + path):
+ shutil.copyfile(self.image_rootfs + '-orig' + path, self.image_rootfs + path)
# Copy files located in /usr/lib/debug or /usr/src/debug
for dir in ["/usr/lib/debug", "/usr/src/debug"]:
@@ -162,6 +163,13 @@ class Rootfs(object, metaclass=ABCMeta):
bb.note(" Install extra debug packages...")
self.pm.install(extra_debug_pkgs.split(), True)
+ bb.note(" Removing package database...")
+ for path in package_paths:
+ if os.path.isdir(self.image_rootfs + path):
+ shutil.rmtree(self.image_rootfs + path)
+ elif os.path.isfile(self.image_rootfs + path):
+ os.remove(self.image_rootfs + path)
+
bb.note(" Rename debug rootfs...")
try:
shutil.rmtree(self.image_rootfs + '-dbg')
diff --git a/poky/meta/lib/oeqa/core/target/qemu.py b/poky/meta/lib/oeqa/core/target/qemu.py
index 79fd724f7d..6893d10226 100644
--- a/poky/meta/lib/oeqa/core/target/qemu.py
+++ b/poky/meta/lib/oeqa/core/target/qemu.py
@@ -22,7 +22,7 @@ supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic']
class OEQemuTarget(OESSHTarget):
def __init__(self, logger, server_ip, timeout=300, user='root',
port=None, machine='', rootfs='', kernel='', kvm=False, slirp=False,
- dump_dir='', dump_host_cmds='', display='', bootlog='',
+ dump_dir='', display='', bootlog='',
tmpdir='', dir_image='', boottime=60, serial_ports=2,
boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, **kwargs):
@@ -44,8 +44,7 @@ class OEQemuTarget(OESSHTarget):
self.runner = QemuRunner(machine=machine, rootfs=rootfs, tmpdir=tmpdir,
deploy_dir_image=dir_image, display=display,
logfile=bootlog, boottime=boottime,
- use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir,
- dump_host_cmds=dump_host_cmds, logger=logger,
+ use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, logger=logger,
serial_ports=serial_ports, boot_patterns = boot_patterns,
use_ovmf=ovmf, tmpfsdir=tmpfsdir)
dump_monitor_cmds = kwargs.get("testimage_dump_monitor")
diff --git a/poky/meta/lib/oeqa/runtime/cases/ltp.py b/poky/meta/lib/oeqa/runtime/cases/ltp.py
index a66d5d13d7..29c26d7d32 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ltp.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ltp.py
@@ -65,29 +65,34 @@ class LtpTest(LtpTestBase):
ltp_groups += ltp_fs
def runltp(self, ltp_group):
- cmd = '/opt/ltp/runltp -f %s -p -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group)
+ # LTP appends to log files, so ensure we start with a clean log
+ self.target.deleteFiles("/opt/ltp/results/", ltp_group)
+
+ cmd = '/opt/ltp/runltp -f %s -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group)
+
starttime = time.time()
(status, output) = self.target.run(cmd)
endtime = time.time()
+ # Write the console log to disk for convenience
with open(os.path.join(self.ltptest_log_dir, "%s-raw.log" % ltp_group), 'w') as f:
f.write(output)
+ # Also put the console log into the test result JSON
self.extras['ltpresult.rawlogs']['log'] = self.extras['ltpresult.rawlogs']['log'] + output
- # copy nice log from DUT
- dst = os.path.join(self.ltptest_log_dir, "%s" % ltp_group )
+ # Copy the machine-readable test results locally so we can parse it
+ dst = os.path.join(self.ltptest_log_dir, ltp_group)
remote_src = "/opt/ltp/results/%s" % ltp_group
(status, output) = self.target.copyFrom(remote_src, dst, True)
- msg = 'File could not be copied. Output: %s' % output
if status:
+ msg = 'File could not be copied. Output: %s' % output
self.target.logger.warning(msg)
parser = LtpParser()
results, sections = parser.parse(dst)
- runtime = int(endtime-starttime)
- sections['duration'] = runtime
+ sections['duration'] = int(endtime-starttime)
self.sections[ltp_group] = sections
failed_tests = {}
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index fa86eb0537..a4ba4e6769 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -59,8 +59,8 @@ class RpmBasicTest(OERuntimeTestCase):
return
time.sleep(1)
user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
- msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
- assertTrue(True, msg=msg)
+ msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss))
+ self.fail(msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py
index 0c5d1869ab..cb7227a8df 100644
--- a/poky/meta/lib/oeqa/runtime/context.py
+++ b/poky/meta/lib/oeqa/runtime/context.py
@@ -10,7 +10,6 @@ import sys
from oeqa.core.context import OETestContext, OETestContextExecutor
from oeqa.core.target.ssh import OESSHTarget
from oeqa.core.target.qemu import OEQemuTarget
-from oeqa.utils.dump import HostDumper
from oeqa.runtime.loader import OERuntimeTestLoader
@@ -20,12 +19,11 @@ class OERuntimeTestContext(OETestContext):
os.path.dirname(os.path.abspath(__file__)), "files")
def __init__(self, td, logger, target,
- host_dumper, image_packages, extract_dir):
+ image_packages, extract_dir):
super(OERuntimeTestContext, self).__init__(td, logger)
self.target = target
self.image_packages = image_packages
- self.host_dumper = host_dumper
self.extract_dir = extract_dir
self._set_target_cmds()
@@ -199,10 +197,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
return image_packages
- @staticmethod
- def getHostDumper(cmds, directory):
- return HostDumper(cmds, directory)
-
def _process_args(self, logger, args):
if not args.packages_manifest:
raise TypeError('Manifest file not provided')
@@ -215,9 +209,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
self.tc_kwargs['init']['target'] = \
OERuntimeTestContextExecutor.getTarget(args.target_type,
None, args.target_ip, args.server_ip, **target_kwargs)
- self.tc_kwargs['init']['host_dumper'] = \
- OERuntimeTestContextExecutor.getHostDumper(None,
- args.host_dumper_dir)
self.tc_kwargs['init']['image_packages'] = \
OERuntimeTestContextExecutor.readPackagesManifest(
args.packages_manifest)
diff --git a/poky/meta/lib/oeqa/selftest/cases/bblayers.py b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
index b048948386..8faa060234 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bblayers.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
@@ -85,8 +85,9 @@ class BitbakeLayers(OESelftestTestCase):
result = runCmd('bitbake-layers show-recipes -i image')
self.assertIn('core-image-minimal', result.output)
self.assertNotIn('mtd-utils:', result.output)
- result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig')
+ result = runCmd('bitbake-layers show-recipes -i meson,pkgconfig')
self.assertIn('libproxy:', result.output)
+ result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig')
self.assertNotIn('mtd-utils:', result.output) # doesn't inherit either
self.assertNotIn('wget:', result.output) # doesn't inherit cmake
self.assertNotIn('waffle:', result.output) # doesn't inherit pkgconfig
diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
index 9534c9775c..60cecd1328 100644
--- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -207,18 +207,34 @@ CVE_CHECK_REPORT_PATCHED = "1"
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "logrotate")
- found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+ found_cves = {}
+ for issue in package["issue"]:
+ found_cves[issue["id"]] = {
+ "status" : issue["status"],
+ "detail" : issue["detail"] if "detail" in issue else "",
+ "description" : issue["description"] if "description" in issue else ""
+ }
# m4 CVE should not be in logrotate
self.assertNotIn("CVE-2008-1687", found_cves)
# logrotate has both Patched and Ignored CVEs
self.assertIn("CVE-2011-1098", found_cves)
- self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
+ self.assertEqual(found_cves["CVE-2011-1098"]["status"], "Patched")
+ self.assertEqual(len(found_cves["CVE-2011-1098"]["detail"]), 0)
+ self.assertEqual(len(found_cves["CVE-2011-1098"]["description"]), 0)
+ detail = "not-applicable-platform"
+ description = "CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used"
self.assertIn("CVE-2011-1548", found_cves)
- self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1548"]["status"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1548"]["detail"], detail)
+ self.assertEqual(found_cves["CVE-2011-1548"]["description"], description)
self.assertIn("CVE-2011-1549", found_cves)
- self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1549"]["status"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1549"]["detail"], detail)
+ self.assertEqual(found_cves["CVE-2011-1549"]["description"], description)
self.assertIn("CVE-2011-1550", found_cves)
- self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1550"]["status"], "Ignored")
+ self.assertEqual(found_cves["CVE-2011-1550"]["detail"], detail)
+ self.assertEqual(found_cves["CVE-2011-1550"]["description"], description)
self.assertExists(summary_json)
check_m4_json(summary_json)
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index 4c8e375d00..14a80d5ff4 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -366,6 +366,38 @@ class DevtoolAddTests(DevtoolBase):
bindir = bindir[1:]
self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 'pv')), 'pv binary not found in D')
+ def test_devtool_add_binary(self):
+ # Create a binary package containing a known test file
+ tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+ self.track_for_cleanup(tempdir)
+ pn = 'tst-bin'
+ pv = '1.0'
+ test_file_dir = "var/lib/%s/" % pn
+ test_file_name = "test_file"
+ test_file_content = "TEST CONTENT"
+ test_file_package_root = os.path.join(tempdir, pn)
+ test_file_dir_full = os.path.join(test_file_package_root, test_file_dir)
+ bb.utils.mkdirhier(test_file_dir_full)
+ with open(os.path.join(test_file_dir_full, test_file_name), "w") as f:
+ f.write(test_file_content)
+ bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn)
+ runCmd("tar czf %s -C %s ." % (bin_package_path, test_file_package_root))
+
+ # Test devtool add -b on the binary package
+ self.track_for_cleanup(self.workspacedir)
+ self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn)
+ self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+ result = runCmd('devtool add -b %s %s' % (pn, bin_package_path))
+ self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created')
+
+ # Build the resulting recipe
+ result = runCmd('devtool build %s' % pn)
+ installdir = get_bb_var('D', pn)
+ self.assertTrue(installdir, 'Could not query installdir variable')
+
+ # Check that a known file from the binary package has indeed been installed
+ self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, test_file_name)), '%s not found in D' % test_file_name)
+
def test_devtool_add_git_local(self):
# We need dbus built so that DEPENDS recognition works
bitbake('dbus')
diff --git a/poky/meta/lib/oeqa/selftest/cases/distrodata.py b/poky/meta/lib/oeqa/selftest/cases/distrodata.py
index c83a3a7bd6..111bd3c9be 100644
--- a/poky/meta/lib/oeqa/selftest/cases/distrodata.py
+++ b/poky/meta/lib/oeqa/selftest/cases/distrodata.py
@@ -92,7 +92,7 @@ The following recipes do not have a DESCRIPTION. Please add an entry for DESCRIP
def is_maintainer_exception(entry):
exceptions = ["musl", "newlib", "linux-yocto", "linux-dummy", "mesa-gl", "libgfortran", "libx11-compose-data",
- "cve-update-db-native","cve-update-nvd2-native",]
+ "cve-update-nvd2-native",]
for i in exceptions:
if i in entry:
return True
diff --git a/poky/meta/lib/oeqa/selftest/cases/fitimage.py b/poky/meta/lib/oeqa/selftest/cases/fitimage.py
index 7bc171e02d..9383d0c4db 100644
--- a/poky/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/poky/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -33,6 +33,8 @@ KERNEL_CLASSES = " kernel-fitimage "
# RAM disk variables including load address and entrypoint for kernel and RAM disk
IMAGE_FSTYPES += "cpio.gz"
INITRAMFS_IMAGE = "core-image-minimal"
+# core-image-minimal is used as initramfs here, drop the rootfs suffix
+IMAGE_NAME_SUFFIX:pn-core-image-minimal = ""
UBOOT_RD_LOADADDRESS = "0x88000000"
UBOOT_RD_ENTRYPOINT = "0x88000000"
UBOOT_LOADADDRESS = "0x80080000"
diff --git a/poky/meta/lib/oeqa/selftest/cases/glibc.py b/poky/meta/lib/oeqa/selftest/cases/glibc.py
index a446543a17..4ec4b85d67 100644
--- a/poky/meta/lib/oeqa/selftest/cases/glibc.py
+++ b/poky/meta/lib/oeqa/selftest/cases/glibc.py
@@ -28,7 +28,7 @@ class GlibcSelfTestBase(OESelftestTestCase, OEPTestResultTestCase):
features.append('TOOLCHAIN_TEST_HOST_USER = "root"')
features.append('TOOLCHAIN_TEST_HOST_PORT = "22"')
# force single threaded test execution
- features.append('EGLIBCPARALLELISM_task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""')
+ features.append('EGLIBCPARALLELISM:task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""')
self.write_config("\n".join(features))
bitbake("glibc-testsuite -c check")
diff --git a/poky/meta/lib/oeqa/selftest/cases/rust.py b/poky/meta/lib/oeqa/selftest/cases/rust.py
new file mode 100644
index 0000000000..7a0fd7033d
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/rust.py
@@ -0,0 +1,90 @@
+# SPDX-License-Identifier: MIT
+import os
+import subprocess
+from oeqa.core.decorator import OETestTag
+from oeqa.core.case import OEPTestResultTestCase
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, runqemu, Command
+from oeqa.utils.sshcontrol import SSHControl
+
+def parse_results(filename):
+ tests = {}
+ with open(filename, "r") as f:
+ lines = f.readlines()
+ for line in lines:
+ if "..." in line and "test [" in line:
+ test = line.split("test ")[1].split(" ... ")[0]
+ if "] " in test:
+ test = test.split("] ", 1)[1]
+ result = line.split(" ... ")[1].strip()
+ if result == "ok":
+ result = "PASS"
+ elif result == "failed":
+ result = "FAIL"
+ elif "ignored" in result:
+ result = "SKIPPED"
+ if test in tests:
+ if tests[test] != result:
+ print("Duplicate and mismatching result %s for %s" % (result, test))
+ else:
+ print("Duplicate result %s for %s" % (result, test))
+ else:
+ tests[test] = result
+ return tests
+
+# Total time taken for testing is of about 2hr 20min, with PARALLEL_MAKE set to 40 number of jobs.
+@OETestTag("toolchain-system")
+@OETestTag("toolchain-user")
+@OETestTag("runqemu")
+class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
+ def test_rust(self, *args, **kwargs):
+ # build remote-test-server before image build
+ recipe = "rust"
+ bitbake("{} -c test_compile".format(recipe))
+ builddir = get_bb_var("RUSTSRC", "rust")
+ # build core-image-minimal with required packages
+ default_installed_packages = ["libgcc", "libstdc++", "libatomic", "libgomp"]
+ features = []
+ features.append('IMAGE_FEATURES += "ssh-server-dropbear"')
+ features.append('CORE_IMAGE_EXTRA_INSTALL += "{0}"'.format(" ".join(default_installed_packages)))
+ self.write_config("\n".join(features))
+ bitbake("core-image-minimal")
+ # wrap the execution with a qemu instance.
+ # Tests are run with 512 tasks in parallel to execute all tests very quickly
+ with runqemu("core-image-minimal", runqemuparams = "nographic", qemuparams = "-m 512") as qemu:
+ # Copy remote-test-server to image through scp
+ host_sys = get_bb_var("RUST_BUILD_SYS", "rust")
+ ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user="root")
+ ssh.copy_to(builddir + "/build/" + host_sys + "/stage1-tools-bin/remote-test-server","~/")
+ # Execute remote-test-server on image through background ssh
+ command = '~/remote-test-server --bind 0.0.0.0:12345 -v'
+ sshrun=subprocess.Popen(("ssh", '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-f', "root@%s" % qemu.ip, command), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ # Get the values of variables.
+ tcpath = get_bb_var("TARGET_SYS", "rust")
+ targetsys = get_bb_var("RUST_TARGET_SYS", "rust")
+ rustlibpath = get_bb_var("WORKDIR", "rust")
+ tmpdir = get_bb_var("TMPDIR", "rust")
+
+ # Exclude the test folders that error out while building
+ # TODO: Fix the errors and include them for testing
+ # no-fail-fast: Run all tests regardless of failure.
+ # bless: First runs rustfmt to format the codebase,
+ # then runs tidy checks.
+ testargs = "--exclude tests/rustdoc --exclude src/tools/rust-analyzer --exclude tests/rustdoc-json --exclude tests/run-make-fulldeps --exclude src/tools/tidy --exclude src/tools/rustdoc-themes --exclude src/rustdoc-json-types --exclude src/librustdoc --exclude src/doc/unstable-book --exclude src/doc/rustdoc --exclude src/doc/rustc --exclude compiler/rustc --exclude library/panic_abort --exclude library/panic_unwind --exclude src/tools/lint-docs --exclude tests/rustdoc-js-std --doc --no-fail-fast --bless"
+
+ # Set path for target-poky-linux-gcc, RUST_TARGET_PATH and hosttools.
+ cmd = " export PATH=%s/recipe-sysroot-native/usr/bin:$PATH;" % rustlibpath
+ cmd = cmd + " export TARGET_VENDOR=\"-poky\";"
+ cmd = cmd + " export PATH=%s/recipe-sysroot-native/usr/bin/%s:%s/hosttools:$PATH;" % (rustlibpath, tcpath, tmpdir)
+ cmd = cmd + " export RUST_TARGET_PATH=%s/rust-targets;" % rustlibpath
+ # Trigger testing.
+ cmd = cmd + " export TEST_DEVICE_ADDR=\"%s:12345\";" % qemu.ip
+ cmd = cmd + " cd %s; python3 src/bootstrap/bootstrap.py test %s --target %s > summary.txt 2>&1;" % (builddir, testargs, targetsys)
+ runCmd(cmd)
+
+ ptestsuite = "rust"
+ self.ptest_section(ptestsuite, logfile = builddir + "/summary.txt")
+ filename = builddir + "/summary.txt"
+ test_results = parse_results(filename)
+ for test in test_results:
+ self.ptest_result(ptestsuite, test, test_results[test])
diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py
index d686fe07ec..e21655c979 100644
--- a/poky/meta/lib/oeqa/targetcontrol.py
+++ b/poky/meta/lib/oeqa/targetcontrol.py
@@ -104,7 +104,6 @@ class QemuTarget(BaseTarget):
self.kernel = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("KERNEL_IMAGETYPE", False) + '-' + d.getVar('MACHINE', False) + '.bin')
self.qemulog = os.path.join(self.testdir, "qemu_boot_log.%s" % self.datetime)
dump_target_cmds = d.getVar("testimage_dump_target")
- dump_host_cmds = d.getVar("testimage_dump_host")
dump_monitor_cmds = d.getVar("testimage_dump_monitor")
dump_dir = d.getVar("TESTIMAGE_DUMP_DIR")
if not dump_dir:
@@ -141,7 +140,6 @@ class QemuTarget(BaseTarget):
boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")),
use_kvm = use_kvm,
dump_dir = dump_dir,
- dump_host_cmds = dump_host_cmds,
logger = logger,
tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"),
serial_ports = len(d.getVar("SERIAL_CONSOLES").split()))
diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py
index d420b497f9..d4d271369f 100644
--- a/poky/meta/lib/oeqa/utils/dump.py
+++ b/poky/meta/lib/oeqa/utils/dump.py
@@ -51,9 +51,7 @@ class BaseDumper(object):
self.dump_dir = dump_dir
def _construct_filename(self, command):
- if isinstance(self, HostDumper):
- prefix = "host"
- elif isinstance(self, TargetDumper):
+ if isinstance(self, TargetDumper):
prefix = "target"
elif isinstance(self, MonitorDumper):
prefix = "qmp"
@@ -76,22 +74,6 @@ class BaseDumper(object):
with open(fullname, 'w') as dump_file:
dump_file.write(output)
-class HostDumper(BaseDumper):
- """ Class to get dumps from the host running the tests """
-
- def __init__(self, cmds, parent_dir):
- super(HostDumper, self).__init__(cmds, parent_dir)
-
- def dump_host(self, dump_dir=""):
- if dump_dir:
- self.dump_dir = dump_dir
- env = os.environ.copy()
- env['PATH'] = '/usr/sbin:/sbin:/usr/bin:/bin'
- env['COLUMNS'] = '9999'
- for cmd in self.cmds:
- result = runCmd(cmd, ignore_status=True, env=env)
- self._write_dump(cmd.split()[0], result.output)
-
class TargetDumper(BaseDumper):
""" Class to get dumps from target, it only works with QemuRunner.
Will give up permanently after 5 errors from running commands over
diff --git a/poky/meta/lib/oeqa/utils/logparser.py b/poky/meta/lib/oeqa/utils/logparser.py
index 8054acc853..496d9e0c90 100644
--- a/poky/meta/lib/oeqa/utils/logparser.py
+++ b/poky/meta/lib/oeqa/utils/logparser.py
@@ -4,7 +4,7 @@
# SPDX-License-Identifier: MIT
#
-import sys
+import enum
import os
import re
@@ -106,30 +106,48 @@ class PtestParser(object):
f.write(status + ": " + test_name + "\n")
-# ltp log parsing
-class LtpParser(object):
- def __init__(self):
- self.results = {}
- self.section = {'duration': "", 'log': ""}
-
+class LtpParser:
+ """
+ Parse the machine-readable LTP log output into a ptest-friendly data structure.
+ """
def parse(self, logfile):
- test_regex = {}
- test_regex['PASSED'] = re.compile(r"PASS")
- test_regex['FAILED'] = re.compile(r"FAIL")
- test_regex['SKIPPED'] = re.compile(r"SKIP")
-
- with open(logfile, errors='replace') as f:
+ results = {}
+ # Aaccumulate the duration here but as the log rounds quick tests down
+ # to 0 seconds this is very much a lower bound. The caller can replace
+ # the value.
+ section = {"duration": 0, "log": ""}
+
+ class LtpExitCode(enum.IntEnum):
+ # Exit codes as defined in ltp/include/tst_res_flags.h
+ TPASS = 0 # Test passed flag
+ TFAIL = 1 # Test failed flag
+ TBROK = 2 # Test broken flag
+ TWARN = 4 # Test warning flag
+ TINFO = 16 # Test information flag
+ TCONF = 32 # Test not appropriate for configuration flag
+
+ with open(logfile, errors="replace") as f:
+ # Lines look like this:
+ # tag=cfs_bandwidth01 stime=1689762564 dur=0 exit=exited stat=32 core=no cu=0 cs=0
for line in f:
- for t in test_regex:
- result = test_regex[t].search(line)
- if result:
- self.results[line.split()[0].strip()] = t
-
- for test in self.results:
- result = self.results[test]
- self.section['log'] = self.section['log'] + ("%s: %s\n" % (result.strip()[:-2], test.strip()))
+ if not line.startswith("tag="):
+ continue
- return self.results, self.section
+ values = dict(s.split("=") for s in line.strip().split())
+
+ section["duration"] += int(values["dur"])
+ exitcode = int(values["stat"])
+ if values["exit"] == "exited" and exitcode == LtpExitCode.TCONF:
+ # Exited normally with the "invalid configuration" code
+ results[values["tag"]] = "SKIPPED"
+ elif exitcode == LtpExitCode.TPASS:
+ # Successful exit
+ results[values["tag"]] = "PASSED"
+ else:
+ # Other exit
+ results[values["tag"]] = "FAILED"
+
+ return results, section
# ltp Compliance log parsing
diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py
index 0ef8cf0a79..22cf258ddd 100644
--- a/poky/meta/lib/oeqa/utils/qemurunner.py
+++ b/poky/meta/lib/oeqa/utils/qemurunner.py
@@ -21,7 +21,6 @@ import threading
import codecs
import logging
import tempfile
-from oeqa.utils.dump import HostDumper
from collections import defaultdict
import importlib
@@ -33,8 +32,8 @@ re_control_char = re.compile('[%s]' % re.escape("".join(control_chars)))
class QemuRunner:
- def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds,
- use_kvm, logger, use_slirp=False, serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None):
+ def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, use_kvm, logger, use_slirp=False,
+ serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None):
# Popen object for runqemu
self.runqemu = None
@@ -69,7 +68,6 @@ class QemuRunner:
if not workdir:
workdir = os.getcwd()
self.qemu_pidfile = workdir + '/pidfile_' + str(os.getpid())
- self.host_dumper = HostDumper(dump_host_cmds, dump_dir)
self.monitorpipe = None
self.logger = logger
@@ -138,7 +136,6 @@ class QemuRunner:
self.logger.error('runqemu exited with code %d' % self.runqemu.returncode)
self.logger.error('Output from runqemu:\n%s' % self.getOutput(self.runqemu.stdout))
self.stop()
- self._dump_host()
def start(self, qemuparams = None, get_ip = True, extra_bootparams = None, runqemuparams='', launch_cmd=None, discard_writes=True):
env = os.environ.copy()
@@ -286,7 +283,6 @@ class QemuRunner:
if self.runqemu.returncode:
# No point waiting any longer
self.logger.warning('runqemu exited with code %d' % self.runqemu.returncode)
- self._dump_host()
self.logger.warning("Output from runqemu:\n%s" % self.getOutput(output))
self.stop()
return False
@@ -314,7 +310,6 @@ class QemuRunner:
ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,pri,ni,command '], stdout=subprocess.PIPE).communicate()[0]
processes = ps.decode("utf-8")
self.logger.debug("Running processes:\n%s" % processes)
- self._dump_host()
op = self.getOutput(output)
self.stop()
if op:
@@ -430,7 +425,6 @@ class QemuRunner:
self.logger.error("Couldn't get ip from qemu command line and runqemu output! "
"Here is the qemu command line used:\n%s\n"
"and output from runqemu:\n%s" % (cmdline, out))
- self._dump_host()
self.stop()
return False
@@ -517,7 +511,6 @@ class QemuRunner:
lines = tail(bootlog if bootlog else self.msg)
self.logger.warning("Last 25 lines of text (%d):\n%s" % (len(bootlog), lines))
self.logger.warning("Check full boot log: %s" % self.logfile)
- self._dump_host()
self.stop()
return False
@@ -698,13 +691,6 @@ class QemuRunner:
status = 1
return (status, str(data))
-
- def _dump_host(self):
- self.host_dumper.create_dir("qemu")
- self.logger.warning("Qemu ended unexpectedly, dump data from host"
- " is in %s" % self.host_dumper.dump_dir)
- self.host_dumper.dump_host()
-
# This class is for reading data from a socket and passing it to logfunc
# to be processed. It's completely event driven and has a straightforward
# event loop. The mechanism for stopping the thread is a simple pipe which
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 58b215d79c..41839698dc 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -46,10 +46,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
-# Applies only to RHEL
-CVE_CHECK_IGNORE += "CVE-2019-14865"
-# Applies only to SUSE
-CVE_CHECK_IGNORE += "CVE-2021-46705"
+CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
+CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
DEPENDS = "flex-native bison-native gettext-native"
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch b/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch
deleted file mode 100644
index 9f38736bcd..0000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From dcd3d272975863128e25a4e25453cb6521cddc53 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 14 Jun 2023 16:09:59 +0800
-Subject: [PATCH] mkimage: Use PATH_MAX for path length
-
-Fixed when build xilinx_zynqmp in long directory ( >256):
- | /buildarea1/testtest/wr_build/wr1023test_secureboot/test1-what/test2-what/test3-what/test4-what/test5-what/test6-what/test7-what/test8-what/test9-what/test10-what/test11-what/test12-what/build/tmp-glibc/work/xilinx_zynqmp-wrs-linux/u-boot-xlnx/1_v2023.01-xilinx-v2023.1+gitAUTOINC+40a08d69e7-r0/build/fitImage-linux: Image file name (uboot-mkimage) too long, can't create tmpfile.
- | Error: Bad parameters for FIT image type
-
-Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20230619062250.3244894-1-mingli.yu@eng.windriver.com/]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- tools/mkimage.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tools/mkimage.h b/tools/mkimage.h
-index f5ca65e2ed..d92a3ff811 100644
---- a/tools/mkimage.h
-+++ b/tools/mkimage.h
-@@ -17,6 +17,7 @@
- #include <sys/stat.h>
- #include <time.h>
- #include <unistd.h>
-+#include <limits.h>
- #include <u-boot/sha1.h>
- #include "fdt_host.h"
- #include "imagetool.h"
-@@ -44,7 +45,7 @@ static inline ulong map_to_sysmem(void *ptr)
- #define ALLOC_CACHE_ALIGN_BUFFER(type, name, size) type name[size]
-
- #define MKIMAGE_TMPFILE_SUFFIX ".tmp"
--#define MKIMAGE_MAX_TMPFILE_LEN 256
-+#define MKIMAGE_MAX_TMPFILE_LEN PATH_MAX
- #define MKIMAGE_DEFAULT_DTC_OPTIONS "-I dts -O dtb -p 500"
- #define MKIMAGE_MAX_DTC_CMDLINE_LEN 2 * MKIMAGE_MAX_TMPFILE_LEN + 35
-
---
-2.25.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
index 8a2e9aef94..111914827d 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -12,9 +12,9 @@ PE = "1"
# We use the revision in order to avoid having to fetch it from the
# repo during parse
-SRCREV = "fd4ed6b7e83ec3aea9a2ce21baea8ca9676f40dd"
+SRCREV = "83cdab8b2c6ea0fc0860f8444d083353b47f1d5c"
-SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master"
+SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=u-boot-2023.07.y"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb
deleted file mode 100644
index b77a49af87..0000000000
--- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require u-boot-common.inc
-require u-boot-tools.inc
-
-SRC_URI += " \
- file://0001-mkimage-Use-PATH_MAX-for-path-length.patch \
-"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb
new file mode 100644
index 0000000000..7eaf721ca8
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb
@@ -0,0 +1,2 @@
+require u-boot-common.inc
+require u-boot-tools.inc
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb
index 4f5b3e5dfd..4f5b3e5dfd 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
+++ b/poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 1764997c41..d1c6f7f54a 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -32,8 +32,7 @@ GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
-# Issue only affects Debian/SUSE, not us
-CVE_CHECK_IGNORE += "CVE-2021-26720"
+CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native"
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
index ec1bc7b567..ec1bc7b567 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
index 4c10f33f04..4c10f33f04 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
index f1abd179e8..f1abd179e8 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9
index 968679ff7f..968679ff7f 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
index aa3642acec..aa3642acec 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
index 633e29c0e6..633e29c0e6 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
index 11db95ede1..11db95ede1 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
index 146f3e35db..146f3e35db 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service
index cda56ef015..cda56ef015 100644
--- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service
+++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb
index 80164aad87..d9b62bb8b0 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "28ae8db14862801bc2bd4fd820db00667d3f1ff9ae9cc2d06a0ef7810fed7a4e"
+SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
@@ -28,7 +28,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
# so the issue doesn't affect us.
-CVE_CHECK_IGNORE += "CVE-2019-6470"
+CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore."
inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
@@ -39,7 +39,7 @@ PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
-EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \
+EXTRA_OECONF = " --disable-auto-validation \
--with-gssapi=no --with-lmdb=no --with-zlib \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_DIR_HOST}${prefix} \
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index e10158a6e5..d2ee2b4f12 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,6 +55,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0004-src-shared-util.c-include-linux-limits.h.patch \
+ file://fix-check-ell-path.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
new file mode 100644
index 0000000000..7afa63962d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
@@ -0,0 +1,39 @@
+Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=168818474411163&w=2]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From linux-bluetooth Sat Jul 01 04:12:52 2023
+From: Rudi Heitbaum <rudi () heitbaum ! com>
+Date: Sat, 01 Jul 2023 04:12:52 +0000
+To: linux-bluetooth
+Subject: [PATCH] configure: Fix check ell path for cross compiling
+Message-Id: <20230701041252.139338-1-rudi () heitbaum ! com>
+X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=168818474411163
+
+Use of AC_CHECK_FILE prevents cross compilation.
+Instead use test to support cross compiling.
+
+Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
+---
+ configure.ac | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index eff297960..bc7edfcd3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -298,9 +298,10 @@ if (test "${enable_external_ell}" = "yes"); then
+ AC_SUBST(ELL_LIBS)
+ fi
+ if (test "${enable_external_ell}" != "yes"); then
+- AC_CHECK_FILE(${srcdir}/ell/ell.h, dummy=yes,
+- AC_CHECK_FILE(${srcdir}/../ell/ell/ell.h, dummy=yes,
+- AC_MSG_ERROR(ELL source is required or use --enable-external-ell)))
++ if (test ! -f ${srcdir}/ell/ell.h) &&
++ (test ! -f ${srcdir}/../ell/ell/ell.h); then
++ AC_MSG_ERROR(ELL source is required or use --enable-external-ell)
++ fi
+ fi
+ AM_CONDITIONAL(EXTERNAL_ELL, test "${enable_external_ell}" = "yes" ||
+ (test "${enable_btpclient}" != "yes" &&
+--
+2.34.1
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
index 2208b730b0..f8405ed091 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
@@ -1,9 +1,9 @@
require bluez5.inc
-SRC_URI[sha256sum] = "39fea64b590c9492984a0c27a89fc203e1cdc74866086efb8f4698677ab2b574"
+SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
-# These issues have kernel fixes rather than bluez fixes so exclude here
-CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490"
+CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
# noinst programs in Makefile.tools that are conditional on READLINE
# support
diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb
index 456cb2f962..c9aa25c518 100644
--- a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb
+++ b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb
@@ -6,8 +6,8 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \
file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324"
-SRCREV = "96e05543f53b19d9642b4b0dd73b86ad3cea313e"
-SRC_URI = "git://github.com/libuv/libuv.git;branch=master;protocol=https"
+SRCREV = "f0bb7e40f0508bedf6fad33769b3f87bb8aedfa6"
+SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
index 42ce814523..3edc123b9a 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
@@ -28,15 +28,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
"
SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
-# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
-CVE_CHECK_IGNORE += "CVE-2007-2768"
+CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
-CVE_CHECK_IGNORE += "CVE-2014-9278"
+CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
+Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
-# CVE only applies to some distributed RHEL binaries
-CVE_CHECK_IGNORE += "CVE-2008-3844"
+CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
PAM_SRC_URI = "file://sshd"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
index f5f3f32a97..c2a7173c84 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
@@ -137,7 +137,9 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
perl ${B}/configdata.pm --dump
}
@@ -253,6 +255,5 @@ CVE_PRODUCT = "openssl:openssl"
CVE_VERSION_SUFFIX = "alphabetical"
-# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
-CVE_CHECK_IGNORE += "CVE-2019-0190"
+CVE_STATUS[CVE-2019-0190] = "not-applicable-config: Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37"
diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
index 25da988f50..ba38169f05 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
@@ -23,8 +23,8 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa"
# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
-# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
-CVE_CHECK_IGNORE += "CVE-2016-2781"
+#
+CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue."
EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname"
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
index 4327a13345..64a3c6d80c 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
@@ -19,7 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
-SRC_URI[sha256sum] = "c0be444e403d7c3184d1f394f89f0b644710b5e9331b54fa4e8b5037813ad32a"
+SRC_URI[sha256sum] = "5a5a191c96836e166a7771f7ea6ca2b0069c603c7da3cba1cd38d1694a395dda"
# Find any meson cross files in FILESPATH that are relevant for the current
# build (using siteinfo) and add them to EXTRA_OEMESON.
diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
index 75c031e8cd..8e7290cdbb 100644
--- a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb
+++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SECTION = "libs"
DEPENDS = "glib-2.0-native glib-2.0"
-SRC_URI[archive.sha256sum] = "149a05a179e629a538be25662aa324b499d7c4549c5151db5373e780a1bf1b9a"
+SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
index e8ad2a938b..2e076f4b0f 100644
--- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
+++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
@@ -16,6 +16,7 @@ TOOLCHAIN_TEST_HOST_USER ??= "root"
TOOLCHAIN_TEST_HOST_PORT ??= "2222"
do_check[nostamp] = "1"
+do_check[network] = "1"
do_check:append () {
chmod 0755 ${WORKDIR}/check-test-wrapper
diff --git a/poky/meta/recipes-core/glibc/glibc_2.37.bb b/poky/meta/recipes-core/glibc/glibc_2.37.bb
index 3387441cad..851aa612b1 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.37.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.37.bb
@@ -4,18 +4,19 @@ require glibc-version.inc
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
-# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
-# "this is being treated as a non-security bug and no real threat."
-CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
+CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+CVE_STATUS_RECIPE[status] = "disputed: \
+Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \
+this is being treated as a non-security bug and no real threat."
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
-# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
-# easier access for another. "ASLR bypass itself is not a vulnerability."
# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
-CVE_CHECK_IGNORE += "CVE-2019-1010025"
+CVE_STATUS[CVE-2019-1010025] = "disputed: \
+Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \
+easier access for another. 'ASLR bypass itself is not a vulnerability.'"
-# This is integrated into the 2.37 branch as of 07b9521fc6
-CVE_CHECK_IGNORE += "CVE-2023-25139"
+CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6"
DEPENDS += "gperf-native bison-native"
diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
index 5dbd6193b8..16425ea9e4 100644
--- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
+++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
@@ -42,6 +42,11 @@ do_install () {
install -m 0644 ifup.8 ${D}${mandir}/man8
install -m 0644 interfaces.5 ${D}${mandir}/man5
cd ${D}${mandir}/man8 && ln -s ifup.8 ifdown.8
+
+ install -d ${D}${sysconfdir}/network/if-pre-up.d
+ install -d ${D}${sysconfdir}/network/if-up.d
+ install -d ${D}${sysconfdir}/network/if-down.d
+ install -d ${D}${sysconfdir}/network/if-post-down.d
}
do_install_ptest () {
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 05148aca61..4ece229379 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check
REQUIRED_DISTRO_FEATURES += "xattr"
-SRCREV ?= "581edf20120cd383e8dea0693239629e7547bb7e"
+SRCREV ?= "679b7b6700ec1355a5b15a51c90a7ee339bee97c"
SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
@@ -133,9 +133,9 @@ create_bundle_files () {
cd ${WORKDIR}
mkdir -p Yocto_Build_Appliance
cp *.vmx* Yocto_Build_Appliance
- ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk
- ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx
- ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd
+ ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk
+ ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx
+ ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd
zip -r ${IMGDEPLOYDIR}/Yocto_Build_Appliance-${DATETIME}.zip Yocto_Build_Appliance
ln -sf Yocto_Build_Appliance-${DATETIME}.zip ${IMGDEPLOYDIR}/Yocto_Build_Appliance.zip
}
diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb
index 90c26641ba..74cf933b72 100644
--- a/poky/meta/recipes-core/images/core-image-ptest.bb
+++ b/poky/meta/recipes-core/images/core-image-ptest.bb
@@ -19,12 +19,14 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()]
# strace-ptest in particular needs more than 500MB
IMAGE_OVERHEAD_FACTOR = "1.0"
IMAGE_ROOTFS_EXTRA_SPACE = "324288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
# ptests need more memory than standard to avoid the OOM killer
QB_MEM = "-m 1024"
QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096"
+QB_MEM:virtclass-mcextend-python3 = "-m 2048"
QB_MEM:virtclass-mcextend-python3-cryptography = "-m 4096"
TEST_SUITES = "ping ssh parselogs ptest"
diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb
index 7662b8f685..9a3e0a7476 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb
@@ -16,7 +16,7 @@ RCONFLICTS:${PN} = "console-tools"
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
"
-SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683"
+SRC_URI[sha256sum] = "9c159433db5df8ef31d86b42f5b09d32311bdda2ed35107fb1926243da60b28a"
EXTRA_OECONF = "--disable-tests"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
index ec9f9f4fa3..ec9f9f4fa3 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
index 4d145cf3cc..ba93d91aef 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,19 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \
inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
-SRCREV = "e80cfde51bb4fe4bcf27585810e0b4ea3d1e4d7d"
+SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf"
SRCBRANCH ?= "master"
SRC_URI += "file://fix_cflags_handling.patch"
PROVIDES = "virtual/crypt"
-FILES:${PN} = "${libdir}/libcrypt*.so.* \
- ${libdir}/libcrypt-*.so \
- ${libdir}/libowcrypt*.so.* \
- ${libdir}/libowcrypt-*.so \
-"
-
S = "${WORKDIR}/git"
BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb
index 79dba2f6dc..79dba2f6dc 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb
diff --git a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch b/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch
deleted file mode 100644
index 80678efcfe..0000000000
--- a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-Backport the following patches to fix the reader2 and runsuite test cases:
-
-b92768cd tests: Enable "runsuite" test
-0ac8c15e python/tests/reader2: use absolute paths everywhere
-b9ba5e1d python/tests/reader2: always exit(1) if a test fails
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-diff --git a/python/tests/reader2.py b/python/tests/reader2.py
-index 65cecd47..6e6353b4 100755
---- a/python/tests/reader2.py
-+++ b/python/tests/reader2.py
-@@ -6,7 +6,6 @@
- import sys
- import glob
- import os
--import string
- import libxml2
- try:
- import StringIO
-@@ -20,103 +19,104 @@ libxml2.debugMemory(1)
-
- err = ""
- basedir = os.path.dirname(os.path.realpath(__file__))
--dir_prefix = os.path.join(basedir, "../../test/valid/")
-+dir_prefix = os.path.realpath(os.path.join(basedir, "..", "..", "test", "valid"))
-+
- # This dictionary reflects the contents of the files
- # ../../test/valid/*.xml.err that are not empty, except that
- # the file paths in the messages start with ../../test/
-
- expect = {
- '766956':
--"""../../test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+"""{0}/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
- %ä%ent;
- ^
--../../test/valid/dtds/766956.dtd:2: parser error : Content error in the external subset
-+{0}/dtds/766956.dtd:2: parser error : Content error in the external subset
- %ä%ent;
- ^
- Entity: line 1:
- value
- ^
--""",
-+""".format(dir_prefix),
- '781333':
--"""../../test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+"""{0}/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
- <a/>
- ^
--../../test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+{0}/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-
- ^
--""",
-+""".format(dir_prefix),
- 'cond_sect2':
--"""../../test/valid/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity
-+"""{0}/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity
- %ent;
- ^
- Entity: line 1:
- ]]>
- ^
--../../test/valid/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset
-+{0}/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset
-
- ^
--""",
-+""".format(dir_prefix),
- 'rss':
--"""../../test/valid/rss.xml:177: element rss: validity error : Element rss does not carry attribute version
-+"""{0}/rss.xml:177: element rss: validity error : Element rss does not carry attribute version
- </rss>
- ^
--""",
-+""".format(dir_prefix),
- 't8':
--"""../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+"""{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot; %defmiddle; %deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT root (middle) >
- ^
--../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot; %defmiddle; %deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT middle (test) >
- ^
--../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot; %defmiddle; %deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT test (#PCDATA) >
- ^
--""",
-+""".format(dir_prefix),
- 't8a':
--"""../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+"""{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot;%defmiddle;%deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT root (middle) >
- ^
--../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot;%defmiddle;%deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT middle (test) >
- ^
--../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-
- %defroot;%defmiddle;%deftest;
- ^
- Entity: line 1:
- &lt;!ELEMENT test (#PCDATA) >
- ^
--""",
-+""".format(dir_prefix),
- 'xlink':
--"""../../test/valid/xlink.xml:450: element termdef: validity error : ID dt-arc already defined
-+"""{0}/xlink.xml:450: element termdef: validity error : ID dt-arc already defined
- <p><termdef id="dt-arc" term="Arc">An <ter
- ^
- validity error : attribute def line 199 references an unknown ID "dt-xlg"
--""",
-+""".format(dir_prefix),
- }
-
- # Add prefix_dir and extension to the keys
--expect = {"{}{}.xml".format(dir_prefix, key): val for key, val in expect.items()}
-+expect = {os.path.join(dir_prefix, key + ".xml"): val for key, val in expect.items()}
-
- def callback(ctx, str):
- global err
-@@ -124,11 +124,12 @@ def callback(ctx, str):
- libxml2.registerErrorHandler(callback, "")
-
- parsing_error_files = ["766956", "cond_sect2", "t8", "t8a"]
--expect_parsing_error = ["{}{}.xml".format(dir_prefix, f) for f in parsing_error_files]
-+expect_parsing_error = [os.path.join(dir_prefix, f + ".xml") for f in parsing_error_files]
-
--valid_files = glob.glob(dir_prefix + "*.x*")
-+valid_files = glob.glob(os.path.join(dir_prefix, "*.x*"))
- assert valid_files, "found no valid files in '{}'".format(dir_prefix)
- valid_files.sort()
-+failures = 0
- for file in valid_files:
- err = ""
- reader = libxml2.newTextReaderFilename(file)
-@@ -142,9 +143,15 @@ for file in valid_files:
- #sys.exit(1)
- if (err):
- if not(file in expect and err == expect[file]):
-+ failures += 1
- print("Error: ", err)
- if file in expect:
- print("Expected: ", expect[file])
-+
-+if failures:
-+ print("Failed %d tests" % failures)
-+ sys.exit(1)
-+
- #
- # another separate test based on Stephane Bidoul one
- #
-@@ -337,9 +344,11 @@ while reader.Read() == 1:
- if res != expect:
- print("test5 failed: unexpected output")
- print(res)
-+ sys.exit(1)
- if err != "":
- print("test5 failed: validation error found")
- print(err)
-+ sys.exit(1)
-
- #
- # cleanup
-diff --git a/runsuite.c b/runsuite.c
-index 483490a2..a522d24b 100644
---- a/runsuite.c
-+++ b/runsuite.c
-@@ -1054,13 +1054,18 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
- old_tests = nb_tests;
- old_leaks = nb_leaks;
- xsdTest();
-- if ((nb_errors == old_errors) && (nb_leaks == old_leaks))
-- printf("Ran %d tests, no errors\n", nb_tests - old_tests);
-- else
-- printf("Ran %d tests, %d errors, %d leaks\n",
-- nb_tests - old_tests,
-- nb_errors - old_errors,
-- nb_leaks - old_leaks);
-+ printf("Ran %d tests, %d errors, %d leaks\n",
-+ nb_tests - old_tests,
-+ nb_errors - old_errors,
-+ nb_leaks - old_leaks);
-+ if (nb_errors - old_errors == 10) {
-+ printf("10 errors were expected\n");
-+ nb_errors = old_errors;
-+ } else {
-+ printf("10 errors were expected, got %d errors\n",
-+ nb_errors - old_errors);
-+ nb_errors = old_errors + 1;
-+ }
- old_errors = nb_errors;
- old_tests = nb_tests;
- old_leaks = nb_leaks;
diff --git a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
index b770afbeb4..14ccce5873 100644
--- a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
+++ b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
@@ -1,19 +1,19 @@
+From 3fc716357ce1372d9418dc86f24315b34d9808de Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Mon, 5 Dec 2022 17:02:32 +0000
+Subject: [PATCH] add yocto-specific install-ptest target
+
Add a target to install the test suite.
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@arm.com>
-From c7809dc6947324ea506a0c2bf132ecd37156f211 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Mon, 5 Dec 2022 17:02:32 +0000
-Subject: [PATCH] add yocto-specific install-ptest target
-
---
Makefile.am | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/Makefile.am b/Makefile.am
-index 316109b1..15e100be 100644
+index 5bc4018..57d27af 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -26,6 +26,16 @@ check_PROGRAMS = \
@@ -32,7 +32,4 @@ index 316109b1..15e100be 100644
+
bin_PROGRAMS = xmllint xmlcatalog
- nodist_bin_SCRIPTS = xml2-config
---
-2.34.1
-
+ bin_SCRIPTS = xml2-config
diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch
deleted file mode 100644
index fd8e469dd3..0000000000
--- a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 May 2019 20:26:51 +0800
-Subject: [PATCH] libxml 64bit
-
-Upstream-Status: Backport [from debian: bugs.debian.org/439843]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- libxml.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libxml.h b/libxml.h
-index 64e30f7..4e80d90 100644
---- a/libxml.h
-+++ b/libxml.h
-@@ -15,6 +15,9 @@
- #ifndef _LARGEFILE_SOURCE
- #define _LARGEFILE_SOURCE
- #endif
-+#ifndef _LARGEFILE64_SOURCE
-+#define _LARGEFILE64_SOURCE
-+#endif
- #ifndef _FILE_OFFSET_BITS
- #define _FILE_OFFSET_BITS 64
- #endif
---
-2.7.4
-
diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
deleted file mode 100644
index 639c80bd6c..0000000000
--- a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-Change the AM_PATH_XML2 macros to use pkg-config instead of xml2-config.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d598d8af0913b6e3d4e61ffa62397a275b669dca]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
- libxml.m4 | 189 ++----------------------------------------------------
- 1 file changed, 5 insertions(+), 184 deletions(-)
-
-diff --git a/libxml.m4 b/libxml.m4
-index fc7790c..1c53585 100644
---- a/libxml.m4
-+++ b/libxml.m4
-@@ -1,191 +1,12 @@
--# Configure paths for LIBXML2
--# Simon Josefsson 2020-02-12
--# Fix autoconf 2.70+ warnings
--# Mike Hommey 2004-06-19
--# use CPPFLAGS instead of CFLAGS
--# Toshio Kuratomi 2001-04-21
--# Adapted from:
--# Configure paths for GLIB
--# Owen Taylor 97-11-3
--
- dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
- dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS
- dnl
--AC_DEFUN([AM_PATH_XML2],[
--AC_ARG_WITH(xml-prefix,
-- [ --with-xml-prefix=PFX Prefix where libxml is installed (optional)],
-- xml_config_prefix="$withval", xml_config_prefix="")
--AC_ARG_WITH(xml-exec-prefix,
-- [ --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)],
-- xml_config_exec_prefix="$withval", xml_config_exec_prefix="")
--AC_ARG_ENABLE(xmltest,
-- [ --disable-xmltest Do not try to compile and run a test LIBXML program],,
-- enable_xmltest=yes)
--
-- if test x$xml_config_exec_prefix != x ; then
-- xml_config_args="$xml_config_args"
-- if test x${XML2_CONFIG+set} != xset ; then
-- XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config
-- fi
-- fi
-- if test x$xml_config_prefix != x ; then
-- xml_config_args="$xml_config_args --prefix=$xml_config_prefix"
-- if test x${XML2_CONFIG+set} != xset ; then
-- XML2_CONFIG=$xml_config_prefix/bin/xml2-config
-- fi
-- fi
--
-- AC_PATH_PROG(XML2_CONFIG, xml2-config, no)
-- min_xml_version=ifelse([$1], ,2.0.0,[$1])
-- AC_MSG_CHECKING(for libxml - version >= $min_xml_version)
-- no_xml=""
-- if test "$XML2_CONFIG" = "no" ; then
-- no_xml=yes
-- else
-- XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags`
-- XML_LIBS=`$XML2_CONFIG $xml_config_args --libs`
-- xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \
-- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'`
-- xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \
-- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'`
-- xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \
-- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'`
-- if test "x$enable_xmltest" = "xyes" ; then
-- ac_save_CPPFLAGS="$CPPFLAGS"
-- ac_save_LIBS="$LIBS"
-- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS"
-- LIBS="$XML_LIBS $LIBS"
--dnl
--dnl Now check if the installed libxml is sufficiently new.
--dnl (Also sanity checks the results of xml2-config to some extent)
--dnl
-- rm -f conf.xmltest
-- AC_RUN_IFELSE(
-- [AC_LANG_SOURCE([[
--#include <stdlib.h>
--#include <stdio.h>
--#include <string.h>
--#include <libxml/xmlversion.h>
--
--int
--main()
--{
-- int xml_major_version, xml_minor_version, xml_micro_version;
-- int major, minor, micro;
-- char *tmp_version;
--
-- system("touch conf.xmltest");
--
-- /* Capture xml2-config output via autoconf/configure variables */
-- /* HP/UX 9 (%@#!) writes to sscanf strings */
-- tmp_version = (char *)strdup("$min_xml_version");
-- if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, &micro) != 3) {
-- printf("%s, bad version string from xml2-config\n", "$min_xml_version");
-- exit(1);
-- }
-- free(tmp_version);
--
-- /* Capture the version information from the header files */
-- tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION);
-- if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) {
-- printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION");
-- exit(1);
-- }
-- free(tmp_version);
--
-- /* Compare xml2-config output to the libxml headers */
-- if ((xml_major_version != $xml_config_major_version) ||
-- (xml_minor_version != $xml_config_minor_version) ||
-- (xml_micro_version != $xml_config_micro_version))
-- {
-- printf("*** libxml header files (version %d.%d.%d) do not match\n",
-- xml_major_version, xml_minor_version, xml_micro_version);
-- printf("*** xml2-config (version %d.%d.%d)\n",
-- $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version);
-- return 1;
-- }
--/* Compare the headers to the library to make sure we match */
-- /* Less than ideal -- doesn't provide us with return value feedback,
-- * only exits if there's a serious mismatch between header and library.
-- */
-- LIBXML_TEST_VERSION;
--
-- /* Test that the library is greater than our minimum version */
-- if ((xml_major_version > major) ||
-- ((xml_major_version == major) && (xml_minor_version > minor)) ||
-- ((xml_major_version == major) && (xml_minor_version == minor) &&
-- (xml_micro_version >= micro)))
-- {
-- return 0;
-- }
-- else
-- {
-- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n",
-- xml_major_version, xml_minor_version, xml_micro_version);
-- printf("*** You need a version of libxml newer than %d.%d.%d.\n",
-- major, minor, micro);
-- printf("***\n");
-- printf("*** If you have already installed a sufficiently new version, this error\n");
-- printf("*** probably means that the wrong copy of the xml2-config shell script is\n");
-- printf("*** being found. The easiest way to fix this is to remove the old version\n");
-- printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n");
-- printf("*** correct copy of xml2-config. (In this case, you will have to\n");
-- printf("*** modify your LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf\n");
-- printf("*** so that the correct libraries are found at run-time))\n");
-- }
-- return 1;
--}
--]])],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
-- CPPFLAGS="$ac_save_CPPFLAGS"
-- LIBS="$ac_save_LIBS"
-- fi
-- fi
-+AC_DEFUN([AM_PATH_XML2],[
-+ AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-
-- if test "x$no_xml" = x ; then
-- AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version))
-- ifelse([$2], , :, [$2])
-- else
-- AC_MSG_RESULT(no)
-- if test "$XML2_CONFIG" = "no" ; then
-- echo "*** The xml2-config script installed by LIBXML could not be found"
-- echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in"
-- echo "*** your path, or set the XML2_CONFIG environment variable to the"
-- echo "*** full path to xml2-config."
-- else
-- if test -f conf.xmltest ; then
-- :
-- else
-- echo "*** Could not run libxml test program, checking why..."
-- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS"
-- LIBS="$LIBS $XML_LIBS"
-- AC_LINK_IFELSE(
-- [AC_LANG_PROGRAM([[
--#include <libxml/xmlversion.h>
--#include <stdio.h>
--]], [[ LIBXML_TEST_VERSION; return 0;]])],
-- [ echo "*** The test program compiled, but did not run. This usually means"
-- echo "*** that the run-time linker is not finding LIBXML or finding the wrong"
-- echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your"
-- echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
-- echo "*** to the installed location Also, make sure you have run ldconfig if that"
-- echo "*** is required on your system"
-- echo "***"
-- echo "*** If you have an old version installed, it is best to remove it, although"
-- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
-- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
-- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
-- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
-- CPPFLAGS="$ac_save_CPPFLAGS"
-- LIBS="$ac_save_LIBS"
-- fi
-- fi
-+ verdep=ifelse([$1], [], [], [">= $1"])
-+ PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3])
-
-- XML_CPPFLAGS=""
-- XML_LIBS=""
-- ifelse([$3], , :, [$3])
-- fi
-+ XML_CPPFLAGS=$XML_CFLAGS
- AC_SUBST(XML_CPPFLAGS)
-- AC_SUBST(XML_LIBS)
-- rm -f conf.xmltest
- ])
---
-2.34.1
-
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb
index 4f3b17093e..cbf20504f8 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb
@@ -15,21 +15,14 @@ inherit gnomebase
SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
file://run-ptest \
- file://libxml-64bit.patch \
- file://fix-tests.patch \
file://install-tests.patch \
- file://libxml-m4-use-pkgconfig.patch \
"
-SRC_URI[archive.sha256sum] = "ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45"
+SRC_URI[archive.sha256sum] = "737e1d7f8ab3f139729ca13a2494fd17bf30ddb4b7a427cf336252cab57f57f7"
SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
BINCONFIG = "${bindir}/xml2-config"
-# Fixed since 2.9.11 via
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
-CVE_CHECK_IGNORE += "CVE-2016-3709"
-
PACKAGECONFIG ??= "python \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
deleted file mode 100644
index 079f062f79..0000000000
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ /dev/null
@@ -1,288 +0,0 @@
-SUMMARY = "Updates the NVD CVE database"
-LICENSE = "MIT"
-
-INHIBIT_DEFAULT_DEPS = "1"
-
-inherit native
-
-deltask do_unpack
-deltask do_patch
-deltask do_configure
-deltask do_compile
-deltask do_install
-deltask do_populate_sysroot
-
-NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
-# CVE database update interval, in seconds. By default: once a day (24*60*60).
-# Use 0 to force the update
-# Use a negative value to skip the update
-CVE_DB_UPDATE_INTERVAL ?= "86400"
-
-# Timeout for blocking socket operations, such as the connection attempt.
-CVE_SOCKET_TIMEOUT ?= "60"
-
-CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
-
-python () {
- if not bb.data.inherits_class("cve-check", d):
- raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
-}
-
-python do_fetch() {
- """
- Update NVD database with json data feed
- """
- import bb.utils
- import bb.progress
- import shutil
-
- bb.utils.export_proxies(d)
-
- db_file = d.getVar("CVE_CHECK_DB_FILE")
- db_dir = os.path.dirname(db_file)
- db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
-
- cleanup_db_download(db_file, db_tmp_file)
-
- # The NVD database changes once a day, so no need to update more frequently
- # Allow the user to force-update
- try:
- import time
- update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
- if update_interval < 0:
- bb.note("CVE database update skipped")
- return
- if time.time() - os.path.getmtime(db_file) < update_interval:
- bb.debug(2, "Recently updated, skipping")
- return
-
- except OSError:
- pass
-
- bb.utils.mkdirhier(db_dir)
- if os.path.exists(db_file):
- shutil.copy2(db_file, db_tmp_file)
-
- if update_db_file(db_tmp_file, d) == True:
- # Update downloaded correctly, can swap files
- shutil.move(db_tmp_file, db_file)
- else:
- # Update failed, do not modify the database
- bb.note("CVE database update failed")
- os.remove(db_tmp_file)
-}
-
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
-do_fetch[file-checksums] = ""
-do_fetch[vardeps] = ""
-
-def cleanup_db_download(db_file, db_tmp_file):
- """
- Cleanup the download space from possible failed downloads
- """
-
- # Clean up the updates done on the main file
- # Remove it only if a journal file exists - it means a complete re-download
- if os.path.exists("{0}-journal".format(db_file)):
- # If a journal is present the last update might have been interrupted. In that case,
- # just wipe any leftovers and force the DB to be recreated.
- os.remove("{0}-journal".format(db_file))
-
- if os.path.exists(db_file):
- os.remove(db_file)
-
- # Clean-up the temporary file downloads, we can remove both journal
- # and the temporary database
- if os.path.exists("{0}-journal".format(db_tmp_file)):
- # If a journal is present the last update might have been interrupted. In that case,
- # just wipe any leftovers and force the DB to be recreated.
- os.remove("{0}-journal".format(db_tmp_file))
-
- if os.path.exists(db_tmp_file):
- os.remove(db_tmp_file)
-
-def update_db_file(db_tmp_file, d):
- """
- Update the given database file
- """
- import bb.utils, bb.progress
- from datetime import date
- import urllib, gzip, sqlite3
-
- YEAR_START = 2002
- cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
-
- # Connect to database
- conn = sqlite3.connect(db_tmp_file)
- initialize_db(conn)
-
- with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
- total_years = date.today().year + 1 - YEAR_START
- for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
- bb.debug(2, "Updating %d" % year)
- ph.update((float(i + 1) / total_years) * 100)
- year_url = (d.getVar('NVDCVE_URL')) + str(year)
- meta_url = year_url + ".meta"
- json_url = year_url + ".json.gz"
-
- # Retrieve meta last modified date
- try:
- response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
- except urllib.error.URLError as e:
- cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
- bb.warn("Failed to fetch CVE data (%s)" % e.reason)
- return False
-
- if response:
- for l in response.read().decode("utf-8").splitlines():
- key, value = l.split(":", 1)
- if key == "lastModifiedDate":
- last_modified = value
- break
- else:
- bb.warn("Cannot parse CVE metadata, update failed")
- return False
-
- # Compare with current db last modified date
- cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
- meta = cursor.fetchone()
- cursor.close()
-
- if not meta or meta[0] != last_modified:
- bb.debug(2, "Updating entries")
- # Clear products table entries corresponding to current year
- conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close()
-
- # Update db with current year json file
- try:
- response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout)
- if response:
- update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
- conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
- except urllib.error.URLError as e:
- cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
- bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
- return False
- else:
- bb.debug(2, "Already up to date (last modified %s)" % last_modified)
- # Update success, set the date to cve_check file.
- if year == date.today().year:
- cve_f.write('CVE database update : %s\n\n' % date.today())
-
- conn.commit()
- conn.close()
- return True
-
-def initialize_db(conn):
- with conn:
- c = conn.cursor()
-
- c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
-
- c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
- SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
-
- c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
- VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
- VERSION_END TEXT, OPERATOR_END TEXT)")
- c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
-
- c.close()
-
-def parse_node_and_insert(conn, node, cveId):
- # Parse children node if needed
- for child in node.get('children', ()):
- parse_node_and_insert(conn, child, cveId)
-
- def cpe_generator():
- for cpe in node.get('cpe_match', ()):
- if not cpe['vulnerable']:
- return
- cpe23 = cpe.get('cpe23Uri')
- if not cpe23:
- return
- cpe23 = cpe23.split(':')
- if len(cpe23) < 6:
- return
- vendor = cpe23[3]
- product = cpe23[4]
- version = cpe23[5]
-
- if cpe23[6] == '*' or cpe23[6] == '-':
- version_suffix = ""
- else:
- version_suffix = "_" + cpe23[6]
-
- if version != '*' and version != '-':
- # Version is defined, this is a '=' match
- yield [cveId, vendor, product, version + version_suffix, '=', '', '']
- elif version == '-':
- # no version information is available
- yield [cveId, vendor, product, version, '', '', '']
- else:
- # Parse start version, end version and operators
- op_start = ''
- op_end = ''
- v_start = ''
- v_end = ''
-
- if 'versionStartIncluding' in cpe:
- op_start = '>='
- v_start = cpe['versionStartIncluding']
-
- if 'versionStartExcluding' in cpe:
- op_start = '>'
- v_start = cpe['versionStartExcluding']
-
- if 'versionEndIncluding' in cpe:
- op_end = '<='
- v_end = cpe['versionEndIncluding']
-
- if 'versionEndExcluding' in cpe:
- op_end = '<'
- v_end = cpe['versionEndExcluding']
-
- if op_start or op_end or v_start or v_end:
- yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
- else:
- # This is no version information, expressed differently.
- # Save processing by representing as -.
- yield [cveId, vendor, product, '-', '', '', '']
-
- conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close()
-
-def update_db(conn, jsondata):
- import json
- root = json.loads(jsondata)
-
- for elt in root['CVE_Items']:
- if not elt['impact']:
- continue
-
- accessVector = None
- cveId = elt['cve']['CVE_data_meta']['ID']
- cveDesc = elt['cve']['description']['description_data'][0]['value']
- date = elt['lastModifiedDate']
- try:
- accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
- cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
- except KeyError:
- cvssv2 = 0.0
- try:
- accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
- cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
- except KeyError:
- accessVector = accessVector or "UNKNOWN"
- cvssv3 = 0.0
-
- conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
- [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
-
- configurations = elt['configurations']['nodes']
- for config in configurations:
- parse_node_and_insert(conn, config, cveId)
-
-
-do_fetch[nostamp] = "1"
-
-EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 2b585983ac..2f7dad7e82 100644
--- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -17,6 +17,10 @@ deltask do_populate_sysroot
NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0"
+# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key)
+# then setting this to get higher rate limits.
+NVDCVE_API_KEY ?= ""
+
# CVE database update interval, in seconds. By default: once a day (24*60*60).
# Use 0 to force the update
# Use a negative value to skip the update
@@ -119,18 +123,16 @@ def nvd_request_next(url, api_key, args):
import urllib.parse
import gzip
import http
+ import time
- headers = {}
+ request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args))
if api_key:
- headers['apiKey'] = api_key
-
- data = urllib.parse.urlencode(args)
-
- full_request = url + '?' + data
+ request.add_header("apiKey", api_key)
+ bb.note("Requesting %s" % request.full_url)
- for attempt in range(3):
+ for attempt in range(5):
try:
- r = urllib.request.urlopen(full_request)
+ r = urllib.request.urlopen(request)
if (r.headers['content-encoding'] == 'gzip'):
buf = r.read()
@@ -140,13 +142,9 @@ def nvd_request_next(url, api_key, args):
r.close()
- except UnicodeDecodeError:
- # Received garbage, retry
- bb.debug(2, "CVE database: received malformed data, retrying (request: %s)" %(full_request))
- pass
- except http.client.IncompleteRead:
- # Read incomplete, let's try again
- bb.debug(2, "CVE database: received incomplete data, retrying (request: %s)" %(full_request))
+ except Exception as e:
+ bb.note("CVE database: received error (%s), retrying" % (e))
+ time.sleep(6)
pass
else:
return raw_data
@@ -172,11 +170,11 @@ def update_db_file(db_tmp_file, d, database_time):
# The maximum range for time is 120 days
# Force a complete update if our range is longer
if (database_time != 0):
- database_date = datetime.datetime.combine(datetime.date.fromtimestamp(database_time), datetime.time())
- today_date = datetime.datetime.combine(datetime.date.today(), datetime.time())
+ database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc)
+ today_date = datetime.datetime.now(tz=datetime.timezone.utc)
delta = today_date - database_date
if delta.days < 120:
- bb.debug(2, "CVE database: performing partial update")
+ bb.note("CVE database: performing partial update")
req_args['lastModStartDate'] = database_date.isoformat()
req_args['lastModEndDate'] = today_date.isoformat()
else:
@@ -184,12 +182,14 @@ def update_db_file(db_tmp_file, d, database_time):
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
- bb.debug(2, "Updating entries")
+ bb.note("Updating entries")
index = 0
url = d.getVar("NVDCVE_URL")
+ api_key = d.getVar("NVDCVE_API_KEY") or None
+
while True:
req_args['startIndex'] = index
- raw_data = nvd_request_next(url, None, req_args)
+ raw_data = nvd_request_next(url, api_key, req_args)
if raw_data is None:
# We haven't managed to download data
return False
@@ -199,7 +199,7 @@ def update_db_file(db_tmp_file, d, database_time):
index = data["startIndex"]
total = data["totalResults"]
per_page = data["resultsPerPage"]
-
+ bb.note("Got %d entries" % per_page)
for cve in data["vulnerabilities"]:
update_db(conn, cve)
@@ -312,22 +312,30 @@ def update_db(conn, elt):
cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
except KeyError:
cvssv2 = 0.0
+ cvssv3 = None
try:
- accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
- cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+ accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+ cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
except KeyError:
- accessVector = accessVector or "UNKNOWN"
- cvssv3 = 0.0
+ pass
+ try:
+ accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+ cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
+ except KeyError:
+ pass
+ accessVector = accessVector or "UNKNOWN"
+ cvssv3 = cvssv3 or 0.0
conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
try:
- configurations = elt['cve']['configurations'][0]['nodes']
- for config in configurations:
- parse_node_and_insert(conn, config, cveId)
+ for config in elt['cve']['configurations']:
+ # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
+ for node in config["nodes"]:
+ parse_node_and_insert(conn, node, cveId)
except KeyError:
- bb.debug(2, "Entry without a configuration")
+ bb.note("CVE %s has no configurations" % cveId)
do_fetch[nostamp] = "1"
diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb
index 7c8434f23f..b4c2b1f898 100644
--- a/poky/meta/recipes-core/musl/musl_git.bb
+++ b/poky/meta/recipes-core/musl/musl_git.bb
@@ -4,7 +4,7 @@
require musl.inc
inherit linuxloader
-SRCREV = "f5f55d6589940fd2c2188d76686efe3a530e64e0"
+SRCREV = "718f363bc2067b6487900eddc9180c84e7739f80"
BASEVER = "1.2.4"
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 0c3df4fc44..490d9e8046 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -1,7 +1,7 @@
-From 1125f5a02c2f327aeffe2d6b66a9d816ad2eeec0 Mon Sep 17 00:00:00 2001
+From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
-Subject: [PATCH 1/6] ovmf: update path to native BaseTools
+Subject: [PATCH 1/4] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
@@ -16,7 +16,7 @@ Upstream-Status: Inappropriate [oe-core cross compile specific]
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
-index 91b1442ade..1858dae31a 100755
+index b0334fb76e..094f86f096 100755
--- a/OvmfPkg/build.sh
+++ b/OvmfPkg/build.sh
@@ -24,7 +24,7 @@ then
@@ -29,5 +29,5 @@ index 91b1442ade..1858dae31a 100755
source edksetup.sh BaseTools
else
--
-2.32.0
+2.30.2
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index 2293d7e938..efabc8febc 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -1,7 +1,7 @@
-From 19d4c7f9812062a683b3ba60b35aac0461190456 Mon Sep 17 00:00:00 2001
+From 7675a67b8bb207de38ff5a9dc416e8b1028eb8ce Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Fri, 26 Jul 2019 17:34:26 -0400
-Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake
+Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake
Prepend the build flags with those of bitbake. This is to build
using the bitbake native sysroot include and library directories.
@@ -14,58 +14,56 @@ to fight against how upstream wants to configure the build.
Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
---
- BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
+ BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
-index 0df728f327..1299d47c87 100644
+index 1bf003523b..28757aed63 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
-@@ -75,35 +75,36 @@ $(error Bad HOST_ARCH)
+@@ -82,35 +82,34 @@ $(error Bad HOST_ARCH)
endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE)
-+BUILD_CPPFLAGS += $(INCLUDE)
+-CPPFLAGS = $(INCLUDE)
++CPPFLAGS += $(INCLUDE)
# keep EXTRA_OPTFLAGS last
BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
- ifeq ($(CXX), llvm)
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ ifneq ($(CLANG),)
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif
endif
- ifeq ($(CXX), llvm)
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-deprecated-register -Wno-unused-result
+ ifneq ($(CLANG),)
+-LDFLAGS =
+-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14
++CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14
else
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-unused-result
+-LDFLAGS =
+-CXXFLAGS = -Wno-unused-result
++CXXFLAGS += -Wno-unused-result
endif
+
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
--
-2.32.0
+2.30.2
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
index 7adc45465c..c0c763c1cf 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
@@ -1,7 +1,7 @@
-From cf6361f27cd6318622fd58ab6c0a9407cc633b1e Mon Sep 17 00:00:00 2001
+From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:56:28 +0200
-Subject: [PATCH] debug prefix map
+Subject: [PATCH 3/4] debug prefix map
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
@@ -22,10 +22,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 471eb67c0c..a16fb5c9f1 100755
+index 503a6687c1..10ac38ef9e 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
-@@ -1849,7 +1849,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N
+@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
@@ -34,7 +34,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-@@ -1869,8 +1869,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
+@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
-@@ -2022,7 +2022,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
+@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
*_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2050,7 +2050,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2159,7 +2159,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
+@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2187,7 +2187,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2302,7 +2302,7 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 471eb67c0c..a16fb5c9f1 100755
DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
-@@ -2334,7 +2334,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
*_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
index 846f408012..c3fdc3d863 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
@@ -1,7 +1,7 @@
-From 27ed9962f5cb3afcc44d6c96c53277132a999712 Mon Sep 17 00:00:00 2001
+From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:57:30 +0200
-Subject: [PATCH 6/6] reproducible
+Subject: [PATCH 4/4] reproducible
This patch fixes various things which make the build more reproducible. Some changes
here only change intermediate artefacts but that means when you have two build trees
@@ -35,10 +35,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
4 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
-index d097db8632..a87ae6f3d0 100644
+index 9c17c90b16..fcc7864141 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
-@@ -14,6 +14,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __GNUC__
#include <windows.h>
#include <io.h>
@@ -47,35 +47,35 @@ index d097db8632..a87ae6f3d0 100644
#endif
#include <assert.h>
#include <stdio.h>
-@@ -769,7 +771,7 @@ ScanSections64 (
+@@ -990,7 +992,7 @@ ScanSections64 (
}
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
- strlen(mInImageName) + 1;
+ strlen(basename(mInImageName)) + 1;
- mCoffOffset = CoffAlign(mCoffOffset);
- if (SectionCount == 0) {
-@@ -1608,7 +1610,7 @@ WriteDebug64 (
- EFI_IMAGE_DEBUG_DIRECTORY_ENTRY *Dir;
- EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ //
+ // Add more space in the .debug data region for the DllCharacteristicsEx
+@@ -2261,7 +2263,7 @@ WriteDebug64 (
+ EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
- Len = strlen(mInImageName) + 1;
+ Len = strlen(basename(mInImageName)) + 1;
- Dir = (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY*)(mCoffFile + mDebugOffset);
- Dir->Type = EFI_IMAGE_DEBUG_TYPE_CODEVIEW;
-@@ -1618,7 +1620,7 @@ WriteDebug64 (
+ NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
+@@ -2294,7 +2296,7 @@ WriteDebug64 (
Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
- strcpy ((char *)(Nb10 + 1), mInImageName);
+ strcpy ((char *)(Nb10 + 1), basename(mInImageName));
+ }
-
- NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
-index 722fead75a..8f1c236970 100644
+index 752a1a1f6a..02054cccf8 100644
--- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
+++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
@@ -70,6 +70,9 @@ class TargetDescBlock(object):
@@ -89,7 +89,7 @@ index 722fead75a..8f1c236970 100644
if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
-index 961b2ab1c3..23c1592025 100755
+index daec9c6d54..0e8cc20efe 100755
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
@@ -575,7 +575,7 @@ cleanlib:
@@ -153,10 +153,10 @@ index 961b2ab1c3..23c1592025 100755
if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
-index d70b0d7ae8..25dca9a6df 100755
+index d05410b329..99b3f64aba 100755
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
-@@ -1484,6 +1484,9 @@ class ModuleAutoGen(AutoGen):
+@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
for File in Files:
if File.lower().endswith('.pdb'):
AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)
@@ -166,7 +166,7 @@ index d70b0d7ae8..25dca9a6df 100755
HeaderComments = self.Module.HeaderComments
StartPos = 0
for Index in range(len(HeaderComments)):
-@@ -1759,7 +1762,7 @@ class ModuleAutoGen(AutoGen):
+@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen):
if os.path.exists (self.TimeStampPath):
os.remove (self.TimeStampPath)
@@ -176,5 +176,5 @@ index d70b0d7ae8..25dca9a6df 100755
# Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
--
-2.32.0
+2.30.2
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index bd92c5d43d..761c265453 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -22,12 +22,12 @@ BUILD_CFLAGS += "-Wno-error=stringop-overflow"
SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0001-ovmf-update-path-to-native-BaseTools.patch \
file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
- file://0005-debug-prefix-map.patch \
- file://0006-reproducible.patch \
+ file://0003-debug-prefix-map.patch \
+ file://0004-reproducible.patch \
"
-PV = "edk2-stable202302"
-SRCREV = "f80f052277c88a67c55e107b550f504eeea947d3"
+PV = "edk2-stable202305"
+SRCREV = "ba91d0292e593df8528b66f99c1b0b14fadc8e16"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
inherit deploy
diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 514f747fe6..7fe751b397 100755
--- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -202,7 +202,7 @@ class SystemdUnit():
try:
for dependent in config.get('Install', prop):
# expand any %i to instance (ignoring escape sequence %%)
- dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent)
+ dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent)
wants = systemdir / "{}.{}".format(dependent, dirstem) / service
add_link(wants, target)
diff --git a/poky/meta/recipes-core/systemd/systemd_253.3.bb b/poky/meta/recipes-core/systemd/systemd_253.3.bb
index 87fbf6f785..cf0e17ff00 100644
--- a/poky/meta/recipes-core/systemd/systemd_253.3.bb
+++ b/poky/meta/recipes-core/systemd/systemd_253.3.bb
@@ -834,6 +834,3 @@ pkg_postinst:udev-hwdb () {
pkg_prerm:udev-hwdb () {
rm -f $D${sysconfdir}/udev/hwdb.bin
}
-
-# This was also fixed in 252.4 with 9b75a3d0
-CVE_CHECK_IGNORE += "CVE-2022-4415"
diff --git a/poky/meta/recipes-core/udev/eudev_3.2.12.bb b/poky/meta/recipes-core/udev/eudev_3.2.12.bb
index 572ccecafd..4268bcc2c5 100644
--- a/poky/meta/recipes-core/udev/eudev_3.2.12.bb
+++ b/poky/meta/recipes-core/udev/eudev_3.2.12.bb
@@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "ccdd64ec3c381d3c3ed0e99d2e70d1f62988c7763de89ca7bdffafa5ea
GITHUB_BASE_URI = "https://github.com/eudev-project/eudev/releases"
-inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases
+inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases useradd
CONFLICT_DISTRO_FEATURES = "systemd"
@@ -85,3 +85,6 @@ pkg_postinst:${PN}-hwdb () {
pkg_prerm:${PN}-hwdb () {
rm -f $D${sysconfdir}/udev/hwdb.bin
}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "-r sgx"
diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
index 9ea7a04e8a..c81405533c 100644
--- a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
+++ b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
@@ -234,6 +234,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty"
ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump"
ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock"
ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice"
+ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm"
+ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs"
ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill"
ALTERNATIVE:${PN}-last = "last lastb"
ALTERNATIVE_LINK_NAME[last] = "${bindir}/last"
diff --git a/poky/meta/recipes-devtools/automake/automake/buildtest.patch b/poky/meta/recipes-devtools/automake/automake/buildtest.patch
index b88b9e8693..c43a4ac8f3 100644
--- a/poky/meta/recipes-devtools/automake/automake/buildtest.patch
+++ b/poky/meta/recipes-devtools/automake/automake/buildtest.patch
@@ -36,7 +36,7 @@ index e0db651..de137fa 100644
-check-TESTS: $(TESTS)
+AM_RECURSIVE_TARGETS += buildtest runtest
+
-+buildtest-TESTS: $(TESTS)
++buildtest-TESTS: $(TESTS) $(check_PROGRAMS)
+
+check-TESTS: buildtest-TESTS
+ $(MAKE) $(AM_MAKEFLAGS) runtest-TESTS
diff --git a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
index b0ae7fb25c..22a6b385b0 100644
--- a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb
+++ b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
@@ -7,14 +7,14 @@ HOMEPAGE = "http://ccache.samba.org"
SECTION = "devel"
LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=1601d62d6828fbe19b6f6c2d01fdff4c"
+LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=cd54b7abfc462470b0f505273c38f0ff"
DEPENDS = "zstd"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
file://0001-xxhash.h-Fix-build-with-gcc-12.patch \
"
-SRC_URI[sha256sum] = "869903c1891beb8bee87f1ec94d8a0dad18c2add4072c456acbc85cdfc23ca63"
+SRC_URI[sha256sum] = "75eef15b8b9da48db9c91e1d0ff58b3645fc70c0e4ca2ef1b6825a12f21f217d"
inherit cmake github-releases
diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc
index 7788a5c45a..f57a77c7bb 100644
--- a/poky/meta/recipes-devtools/cmake/cmake.inc
+++ b/poky/meta/recipes-devtools/cmake/cmake.inc
@@ -23,6 +23,4 @@ SRC_URI[sha256sum] = "313b6880c291bd4fe31c0aa51d6e62659282a521e695f30d5cc0d25abb
UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
-# This is specific to the npm package that installs cmake, so isn't
-# relevant to OpenEmbedded
-CVE_CHECK_IGNORE += "CVE-2016-10642"
+CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded"
diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
index ff79701dc7..9134411fa9 100644
--- a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
+++ b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
@@ -15,9 +15,10 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc
file://0029-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
file://0030-Run-python-scripts-using-env.patch \
file://0001-set-python-path-for-completion_helper.patch \
- file://0001-dnf-write-the-log-lock-to-root.patch \
"
+SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch"
+
SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
index 15cf6f5cca..1ac88d65ef 100644
--- a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,10 +26,10 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
GITHUB_BASE_URI = "https://github.com/westes/flex/releases"
-# Disputed - yes there is stack exhaustion but no bug and it is building the
-# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
# https://github.com/westes/flex/issues/414
-CVE_CHECK_IGNORE += "CVE-2019-6293"
+CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \
+there is stack exhaustion but no bug and it is building the \
+parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this."
inherit autotools gettext texinfo ptest github-releases
diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
index 4da703db52..e94753eed0 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
@@ -111,5 +111,4 @@ EXTRA_OECONF_PATHS = "\
--with-build-sysroot=${STAGING_DIR_TARGET} \
"
-# Is a binutils 2.26 issue, not gcc
-CVE_CHECK_IGNORE += "CVE-2021-37322"
+CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
index e4cdb73f0a..dba25eb754 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,7 +40,6 @@ EXTRA_OECONF = "\
${@get_gcc_mips_plt_setting(bb, d)} \
${@get_gcc_ppc_plt_settings(bb, d)} \
${@get_gcc_multiarch_setting(bb, d)} \
- --enable-standard-branch-protection \
"
# glibc version is a minimum controlling whether features are enabled.
diff --git a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f68fec58ed..64f60c730f 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -51,9 +51,10 @@ python check_prepare() {
# enable all valid instructions, since the test suite itself does not
# limit itself to the target cpu options.
# - valid for x86*, powerpc, arm, arm64
- if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "ppc", "arm", "aarch64"]:
+ if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]:
args += ["-cpu", "max"]
-
+ elif qemu_binary.lstrip("qemu-") in ["ppc"]:
+ args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split()
sysroot = d.getVar("RECIPE_SYSROOT")
args += ["-L", sysroot]
# lib paths are static here instead of using $libdir since this is used by a -cross recipe
diff --git a/poky/meta/recipes-devtools/git/git_2.39.3.bb b/poky/meta/recipes-devtools/git/git_2.39.3.bb
index 54a863acd2..3393550c85 100644
--- a/poky/meta/recipes-devtools/git/git_2.39.3.bb
+++ b/poky/meta/recipes-devtools/git/git_2.39.3.bb
@@ -27,13 +27,6 @@ LIC_FILES_CHKSUM = "\
CVE_PRODUCT = "git-scm:git"
-# This is about a manpage not mentioning --mirror may "leak" information
-# in mirrored git repos. Most OE users wouldn't build the docs and
-# we don't see this as a major issue for our general users/usecases.
-CVE_CHECK_IGNORE += "CVE-2022-24975"
-# This is specific to Git-for-Windows
-CVE_CHECK_IGNORE += "CVE-2022-41953"
-
PACKAGECONFIG ??= "expat curl"
PACKAGECONFIG[cvsserver] = ""
PACKAGECONFIG[svn] = ""
diff --git a/poky/meta/recipes-devtools/go/go-1.20.5.inc b/poky/meta/recipes-devtools/go/go-1.20.6.inc
index 4e4e57d5cb..551171b255 100644
--- a/poky/meta/recipes-devtools/go/go-1.20.5.inc
+++ b/poky/meta/recipes-devtools/go/go-1.20.6.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
"
-SRC_URI[main.sha256sum] = "9a15c133ba2cfafe79652f4815b62e7cfc267f68df1b9454c6ab2a3ca8b96a88"
+SRC_URI[main.sha256sum] = "62ee5bc6fb55b8bae8f705e0cb8df86d6453626b4ecf93279e2867092e0b7f70"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
index a98be4af1b..5b2f8f4352 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "d7ec48cde0d3d2be2c69203bc3e0a44de8660b9c09a6e85c4732a3f7dc442612"
-SRC_URI[go_linux_arm64.sha256sum] = "aa2fab0a7da20213ff975fa7876a66d47b48351558d98851b87d1cfef4360d09"
-SRC_URI[go_linux_ppc64le.sha256sum] = "049b8ab07d34077b90c0642138e10207f6db14bdd1743ea994a21e228f8ca53d"
+SRC_URI[go_linux_amd64.sha256sum] = "b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb"
+SRC_URI[go_linux_arm64.sha256sum] = "4e15ab37556e979181a1a1cc60f6d796932223a0f5351d7c83768b356f84429b"
+SRC_URI[go_linux_ppc64le.sha256sum] = "a1b91a42a40bba54bfd5c96c23d72250e0c424038d0d2b5c7950b828b4905822"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
index 7ac9449e47..7ac9449e47 100644
--- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross_1.20.6.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/poky/meta/recipes-devtools/go/go-cross_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-cross_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
index 1857c8a577..1857c8a577 100644
--- a/poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-native_1.20.6.bb
index ddf25b2c9b..ddf25b2c9b 100644
--- a/poky/meta/recipes-devtools/go/go-native_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-native_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb b/poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb
index 63464a1501..63464a1501 100644
--- a/poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go_1.20.5.bb b/poky/meta/recipes-devtools/go/go_1.20.6.bb
index 46f5fbc6be..46f5fbc6be 100644
--- a/poky/meta/recipes-devtools/go/go_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
index 93f87f730d..db4745ad7a 100644
--- a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
+++ b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
@@ -20,9 +20,8 @@ SRC_URI[map.sha256sum] = "156b740931ade6c1a98d99713eeb186f93847ffc56057e973becab
UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
# https://github.com/jquery/jquery/issues/3927
-# There are ways jquery can expose security issues but any issues are in the apps exposing them
-# and there is little we can directly do
-CVE_CHECK_IGNORE += "CVE-2007-2379"
+CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \
+are in the apps exposing them and there is little we can directly do."
inherit allarch
diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
deleted file mode 100644
index 3680c715a7..0000000000
--- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Tue, 15 Feb 2022 12:28:46 -0300
-Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
-
-CVE: CVE-2022-28805
-
-Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
-
-Signed-off-by: Steve Sakoman <steve@sakoman.com>
----
- src/lparser.c | 1 +
- 1 files changed, 1 insertions(+)
-
-diff --git a/src/lparser.c b/src/lparser.c
-index 3abe3d751..a5cd55257 100644
---- a/src/lparser.c
-+++ b/src/lparser.c
-@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
- expdesc key;
- singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
- lua_assert(var->k != VVOID); /* this one must exist */
-+ luaK_exp2anyregup(fs, var); /* but could be a constant */
- codestring(&key, varname); /* key is variable name */
- luaK_indexed(fs, var, &key); /* env[varname] */
- }
diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
deleted file mode 100644
index fe7b6065c2..0000000000
--- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Fri, 20 May 2022 13:14:33 -0300
-Subject: [PATCH] Save stack space while handling errors
-
-Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
-and some errors can recur (e.g., string overflow while creating an
-error message in 'luaG_runerror', or a C-stack overflow before calling
-the message handler), the code should use stack slots with parsimony.
-
-This commit fixes the bug "Lua-stack overflow when C stack overflows
-while handling an error".
-
-CVE: CVE-2022-33099
-
-Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- ldebug.c | 5 ++++-
- lvm.c | 6 ++++--
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
---- a/src/ldebug.c
-+++ b/src/ldebug.c
-@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
- va_start(argp, fmt);
- msg = luaO_pushvfstring(L, fmt, argp); /* format message */
- va_end(argp);
-- if (isLua(ci)) /* if Lua function, add source:line information */
-+ if (isLua(ci)) { /* if Lua function, add source:line information */
- luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
-+ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */
-+ L->top--;
-+ }
- luaG_errormsg(L);
- }
-
---- a/src/lvm.c
-+++ b/src/lvm.c
-@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
- /* collect total length and number of strings */
- for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
- size_t l = vslen(s2v(top - n - 1));
-- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
-+ L->top = top - total; /* pop strings to avoid wasting stack */
- luaG_runerror(L, "string length overflow");
-+ }
- tl += l;
- }
- if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */
-@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
- setsvalue2s(L, top - n, ts); /* create result */
- }
- total -= n-1; /* got 'n' strings to create 1 new */
-- L->top -= n-1; /* popped 'n' strings and pushed one */
-+ L->top = top - (n - 1); /* popped 'n' strings and pushed one */
- } while (total > 1); /* repeat until only 1 result left */
- }
-
diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb
index 26ec35f997..eabfc89575 100644
--- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb
@@ -1,20 +1,18 @@
SUMMARY = "Lua is a powerful light-weight programming language designed \
for extending applications."
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=307;endline=330;md5=79c3f6b19ad05efe24c1681f025026bb"
+LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=303;endline=324;md5=e05449eb28c092473f854670c6e8375a"
HOMEPAGE = "http://www.lua.org/"
SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
file://lua.pc.in \
- file://CVE-2022-28805.patch \
- file://CVE-2022-33099.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \
"
# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
PV_testsuites = "5.4.4"
-SRC_URI[tarballsrc.sha256sum] = "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61"
+SRC_URI[tarballsrc.sha256sum] = "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88"
SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad"
inherit pkgconfig binconfig ptest
diff --git a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 83d2f01263..8e297ec4d4 100644
--- a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -30,5 +30,4 @@ do_install() {
BBCLASSEXTEND = "native nativesdk"
-# This is a different Ninja
-CVE_CHECK_IGNORE += "CVE-2021-4336"
+CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja"
diff --git a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb
index b27e3ded33..eb88b9b734 100644
--- a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
+++ b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb
@@ -10,7 +10,7 @@ PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtu
SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \
file://0001-update-alternatives-correctly-match-priority.patch \
"
-SRCREV = "9239541f14a2529b9d01c0a253ab11afa2822dab"
+SRCREV = "67994e62dc598282830385da75ba9b1abbbda941"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch
deleted file mode 100644
index 3406878a1d..0000000000
--- a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 4089affd371e6d62dd8c1e57b344f8cc329005ea Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 14 Jan 2023 23:11:08 -0800
-Subject: [PATCH] Define alignof using _Alignof when using C11 or newer
-
-WG14 N2350 made very clear that it is an UB having type definitions
-within "offsetof" [1]. This patch enhances the implementation of macro
-alignof_slot to use builtin "_Alignof" to avoid undefined behavior on
-when using std=c11 or newer
-
-clang 16+ has started to flag this [2]
-
-Fixes build when using -std >= gnu11 and using clang16+
-
-Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it
-may support C11, exclude those compilers too
-
-[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm
-[2] https://reviews.llvm.org/D133574
-
-Upstream-Status: Submitted [https://groups.google.com/g/opkg-devel/c/gjcQPZgT_jI]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libopkg/md5.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libopkg/md5.c b/libopkg/md5.c
-index 981b9b8..ccb645e 100644
---- a/libopkg/md5.c
-+++ b/libopkg/md5.c
-@@ -237,7 +237,17 @@ void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx)
- /* Process available complete blocks. */
- if (len >= 64) {
- #if !_STRING_ARCH_unaligned
-+/* GCC releases before GCC 4.9 had a bug in _Alignof. See GCC bug 52023
-+ <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>.
-+ clang versions < 8.0.0 have the same bug. */
-+#if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \
-+ || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \
-+ && !defined __clang__) \
-+ || (defined __clang__ && __clang_major__ < 8))
- #define alignof(type) offsetof (struct { char c; type x; }, x)
-+#else
-+#define alignof(type) _Alignof(type)
-+#endif
- #define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
- if (UNALIGNED_P(buffer))
- while (len > 64) {
---
-2.39.0
-
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
deleted file mode 100644
index f216950002..0000000000
--- a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001
-From: Charlie Johnston <charlie.johnston@ni.com>
-Date: Fri, 30 Dec 2022 15:21:14 -0600
-Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls.
-
-The opkg-key script was always passing the --no-options
-flag to gpg, which uses /dev/null as the options file.
-As a result, the opkg gpg.conf file was not getting
-used. This change removes that flag so that gpg.conf
-in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/)
-will be used if present.
-
-Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b]
-Signed-off-by: Charlie Johnston <charlie.johnston@ni.com>
----
- utils/opkg-key | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/opkg-key b/utils/opkg-key
-index e395a59..8645ebc 100755
---- a/utils/opkg-key
-+++ b/utils/opkg-key
-@@ -53,7 +53,7 @@ else
- exit 1
- fi
-
--GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR"
-+GPG="$GPGCMD --homedir $GPGHOMEDIR"
-
- # Gpg home dir isn't created automatically when --homedir option is used
- if [ ! -e "$GPGHOMEDIR" ]; then
---
-2.30.2
-
diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb
index 4c25fe963a..46be137354 100644
--- a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb
@@ -15,12 +15,10 @@ PE = "1"
SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
file://opkg.conf \
file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
- file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \
- file://0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
file://run-ptest \
-"
+ "
-SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a"
+SRC_URI[sha256sum] = "ac73a90a2549cd04948e563d915912c78e1b8ba0f43af75c5a53fcca474adbd5"
# This needs to be before ptest inherit, otherwise all ptest files end packaged
# in libopkg package if OPKGLIBDIR == libdir, because default
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
new file mode 100644
index 0000000000..0531e1f099
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
@@ -0,0 +1,217 @@
+From 77f557ef84698efeb6eed04e4a9704eaf85b741d
+From: Stig Palmquist <git@stig.io>
+Date: Mon Jun 5 16:46:22 2023 +0200
+Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
+ insecure default
+
+- Changes the `verify_SSL` default parameter from `0` to `1`
+
+ Based on patch by Dominic Hargreaves:
+ https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
+
+ CVE: CVE-2023-31486
+
+- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
+ enables the previous insecure default behaviour if set to `1`.
+
+ This provides a workaround for users who encounter problems with the
+ new `verify_SSL` default.
+
+ Example to disable certificate checks:
+ ```
+ $ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
+ ```
+
+- Updates to documentation:
+ - Describe changing the verify_SSL value
+ - Describe the escape-hatch environment variable
+ - Remove rationale for not enabling verify_SSL
+ - Add missing certificate search paths
+ - Replace "SSL" with "TLS/SSL" where appropriate
+ - Use "machine-in-the-middle" instead of "man-in-the-middle"
+
+Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++++++++++++++++++++++-----------
+ 1 file changed, 57 insertions(+), 29 deletions(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index 83ca06d..ebc34a1 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -40,10 +40,14 @@ sub _croak { require Carp; Carp::croak(@_) }
+ #pod * C<timeout> — Request timeout in seconds (default is 60) If a socket open,
+ #pod read or write takes longer than the timeout, the request response status code
+ #pod will be 599.
+-#pod * C<verify_SSL> — A boolean that indicates whether to validate the SSL
+-#pod certificate of an C<https> — connection (default is false)
++#pod * C<verify_SSL> — A boolean that indicates whether to validate the TLS/SSL
++#pod certificate of an C<https> — connection (default is true). Changed from false
++#pod to true in version 0.083.
+ #pod * C<SSL_options> — A hashref of C<SSL_*> — options to pass through to
+ #pod L<IO::Socket::SSL>
++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
++#pod certificate verification behavior to not check server identity if set to 1.
++#pod Only effective if C<verify_SSL> is not set. Added in version 0.083.
+ #pod
+ #pod An accessor/mutator method exists for each attribute.
+ #pod
+@@ -111,11 +115,17 @@ sub timeout {
+ sub new {
+ my($class, %args) = @_;
+
++ # Support lower case verify_ssl argument, but only if verify_SSL is not
++ # true.
++ if ( exists $args{verify_ssl} ) {
++ $args{verify_SSL} ||= $args{verify_ssl};
++ }
++
+ my $self = {
+ max_redirect => 5,
+ timeout => defined $args{timeout} ? $args{timeout} : 60,
+ keep_alive => 1,
+- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default
++ verify_SSL => defined $args{verify_SSL} ? $args{verify_SSL} : _verify_SSL_default(),
+ no_proxy => $ENV{no_proxy},
+ };
+
+@@ -134,6 +144,13 @@ sub new {
+ return $self;
+ }
+
++sub _verify_SSL_default {
++ my ($self) = @_;
++ # Check if insecure default certificate verification behaviour has been
++ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
++ return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++}
++
+ sub _set_proxies {
+ my ($self) = @_;
+
+@@ -1055,7 +1072,7 @@ sub new {
+ timeout => 60,
+ max_line_size => 16384,
+ max_header_lines => 64,
+- verify_SSL => 0,
++ verify_SSL => HTTP::Tiny::_verify_SSL_default(),
+ SSL_options => {},
+ %args
+ }, $class;
+@@ -2043,11 +2060,11 @@ proxy
+ timeout
+ verify_SSL
+
+-=head1 SSL SUPPORT
++=head1 TLS/SSL SUPPORT
+
+ Direct C<https> connections are supported only if L<IO::Socket::SSL> 1.56 or
+ greater and L<Net::SSLeay> 1.49 or greater are installed. An error will occur
+-if new enough versions of these modules are not installed or if the SSL
++if new enough versions of these modules are not installed or if the TLS
+ encryption fails. You can also use C<HTTP::Tiny::can_ssl()> utility function
+ that returns boolean to see if the required modules are installed.
+
+@@ -2055,7 +2072,7 @@ An C<https> connection may be made via an C<http> proxy that supports the CONNEC
+ command (i.e. RFC 2817). You may not proxy C<https> via a proxy that itself
+ requires C<https> to communicate.
+
+-SSL provides two distinct capabilities:
++TLS/SSL provides two distinct capabilities:
+
+ =over 4
+
+@@ -2069,24 +2086,17 @@ Verification of server identity
+
+ =back
+
+-B<By default, HTTP::Tiny does not verify server identity>.
+-
+-Server identity verification is controversial and potentially tricky because it
+-depends on a (usually paid) third-party Certificate Authority (CA) trust model
+-to validate a certificate as legitimate. This discriminates against servers
+-with self-signed certificates or certificates signed by free, community-driven
+-CA's such as L<CAcert.org|http://cacert.org>.
++B<By default, HTTP::Tiny verifies server identity>.
+
+-By default, HTTP::Tiny does not make any assumptions about your trust model,
+-threat level or risk tolerance. It just aims to give you an encrypted channel
+-when you need one.
++This was changed in version 0.083 due to security concerns. The previous default
++behavior can be enabled by setting C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}>
++to 1.
+
+-Setting the C<verify_SSL> attribute to a true value will make HTTP::Tiny verify
+-that an SSL connection has a valid SSL certificate corresponding to the host
+-name of the connection and that the SSL certificate has been verified by a CA.
+-Assuming you trust the CA, this will protect against a L<man-in-the-middle
+-attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. If you are
+-concerned about security, you should enable this option.
++Verification is done by checking that that the TLS/SSL connection has a valid
++certificate corresponding to the host name of the connection and that the
++certificate has been verified by a CA. Assuming you trust the CA, this will
++protect against L<machine-in-the-middle
++attacks|http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>.
+
+ Certificate verification requires a file containing trusted CA certificates.
+
+@@ -2094,9 +2104,7 @@ If the environment variable C<SSL_CERT_FILE> is present, HTTP::Tiny
+ will try to find a CA certificate file in that location.
+
+ If the L<Mozilla::CA> module is installed, HTTP::Tiny will use the CA file
+-included with it as a source of trusted CA's. (This means you trust Mozilla,
+-the author of Mozilla::CA, the CPAN mirror where you got Mozilla::CA, the
+-toolchain used to install it, and your operating system security, right?)
++included with it as a source of trusted CA's.
+
+ If that module is not available, then HTTP::Tiny will search several
+ system-specific default locations for a CA certificate file:
+@@ -2115,13 +2123,33 @@ system-specific default locations for a CA certificate file:
+
+ /etc/ssl/ca-bundle.pem
+
++=item *
++
++/etc/openssl/certs/ca-certificates.crt
++
++=item *
++
++/etc/ssl/cert.pem
++
++=item *
++
++/usr/local/share/certs/ca-root-nss.crt
++
++=item *
++
++/etc/pki/tls/cacert.pem
++
++=item *
++
++/etc/certs/ca-certificates.crt
++
+ =back
+
+ An error will be occur if C<verify_SSL> is true and no CA certificate file
+ is available.
+
+-If you desire complete control over SSL connections, the C<SSL_options> attribute
+-lets you provide a hash reference that will be passed through to
++If you desire complete control over TLS/SSL connections, the C<SSL_options>
++attribute lets you provide a hash reference that will be passed through to
+ C<IO::Socket::SSL::start_SSL()>, overriding any options set by HTTP::Tiny. For
+ example, to provide your own trusted CA file:
+
+@@ -2131,7 +2159,7 @@ example, to provide your own trusted CA file:
+
+ The C<SSL_options> attribute could also be used for such things as providing a
+ client certificate for authentication to a server or controlling the choice of
+-cipher used for the SSL connection. See L<IO::Socket::SSL> documentation for
++cipher used for the TLS/SSL connection. See L<IO::Socket::SSL> documentation for
+ details.
+
+ =head1 PROXY SUPPORT
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
new file mode 100644
index 0000000000..45452be389
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
@@ -0,0 +1,36 @@
+From a22785783b17cbaa28afaee4a024d81a1903701d
+From: Stig Palmquist <git@stig.io>
+Date: Sun Jun 18 11:36:05 2023 +0200
+Subject: [PATCH] Fix incorrect env var name for verify_SSL default
+
+The variable to override the verify_SSL default differed slightly in the
+documentation from what was checked for in the code.
+
+This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`
+as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was
+missing `SSL_`
+
+CVE: CVE-2023-31486
+
+Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index ebc34a1..65ac8ff 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -148,7 +148,7 @@ sub _verify_SSL_default {
+ my ($self) = @_;
+ # Check if insecure default certificate verification behaviour has been
+ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
+- return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
+ }
+
+ sub _set_proxies {
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
index 3db1d9c6ae..87768cc7f7 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://determinism.patch \
file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
file://CVE-2023-31484.patch \
+ file://CVE-2023-31486-0001.patch \
+ file://CVE-2023-31486-0002.patch \
"
SRC_URI:append:class-native = " \
file://perl-configpm-switch.patch \
diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
index 4bdf03c574..ab1d1c84e8 100644
--- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
+++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
@@ -15,7 +15,7 @@ LICENSE = "pkgconf"
LIC_FILES_CHKSUM = "file://COPYING;md5=2214222ec1a820bd6cc75167a56925e0"
SRC_URI = "\
- https://distfiles.dereferenced.org/pkgconf/pkgconf-${PV}.tar.xz \
+ https://distfiles.ariadne.space/pkgconf/pkgconf-${PV}.tar.xz \
file://pkg-config-wrapper \
file://pkg-config-native.in \
file://pkg-config-esdk.in \
diff --git a/poky/meta/recipes-devtools/python/python-cython.inc b/poky/meta/recipes-devtools/python/python-cython.inc
index 71596caedd..6aec6b012f 100644
--- a/poky/meta/recipes-devtools/python/python-cython.inc
+++ b/poky/meta/recipes-devtools/python/python-cython.inc
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa"
PYPI_PACKAGE = "Cython"
BBCLASSEXTEND = "native nativesdk"
-SRC_URI[sha256sum] = "6e381fa0bf08b3c26ec2f616b19ae852c06f5750f4290118bf986b6f85c8c527"
+SRC_URI[sha256sum] = "41c0cfd2d754e383c9eeb95effc9aa4ab847d0c9747077ddd7c0dcb68c3bc01f"
UPSTREAM_CHECK_REGEX = "Cython-(?P<pver>.*)\.tar"
inherit pypi
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
index 410c9f4042..da0a3f2ee8 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
+++ b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
@@ -4,135 +4,109 @@
SRC_URI += " \
crate://crates.io/Inflector/0.11.4 \
crate://crates.io/aliasable/0.1.3 \
- crate://crates.io/android_system_properties/0.1.5 \
- crate://crates.io/asn1/0.13.0 \
- crate://crates.io/asn1_derive/0.13.0 \
+ crate://crates.io/asn1/0.15.2 \
+ crate://crates.io/asn1_derive/0.15.2 \
crate://crates.io/autocfg/1.1.0 \
crate://crates.io/base64/0.13.1 \
crate://crates.io/bitflags/1.3.2 \
- crate://crates.io/bumpalo/3.10.0 \
- crate://crates.io/cc/1.0.78 \
+ crate://crates.io/cc/1.0.79 \
crate://crates.io/cfg-if/1.0.0 \
- crate://crates.io/chrono/0.4.23 \
- crate://crates.io/codespan-reporting/0.11.1 \
- crate://crates.io/core-foundation-sys/0.8.3 \
- crate://crates.io/cxx/1.0.85 \
- crate://crates.io/cxx-build/1.0.85 \
- crate://crates.io/cxxbridge-flags/1.0.85 \
- crate://crates.io/cxxbridge-macro/1.0.85 \
- crate://crates.io/iana-time-zone/0.1.53 \
- crate://crates.io/iana-time-zone-haiku/0.1.1 \
- crate://crates.io/indoc/0.3.6 \
- crate://crates.io/indoc-impl/0.3.6 \
- crate://crates.io/instant/0.1.12 \
- crate://crates.io/js-sys/0.3.60 \
- crate://crates.io/libc/0.2.139 \
- crate://crates.io/link-cplusplus/1.0.8 \
+ crate://crates.io/foreign-types/0.3.2 \
+ crate://crates.io/foreign-types-shared/0.1.1 \
+ crate://crates.io/indoc/1.0.9 \
+ crate://crates.io/libc/0.2.144 \
crate://crates.io/lock_api/0.4.9 \
- crate://crates.io/log/0.4.17 \
- crate://crates.io/num-integer/0.1.45 \
- crate://crates.io/num-traits/0.2.15 \
- crate://crates.io/once_cell/1.14.0 \
- crate://crates.io/ouroboros/0.15.5 \
- crate://crates.io/ouroboros_macro/0.15.5 \
- crate://crates.io/parking_lot/0.11.2 \
- crate://crates.io/parking_lot_core/0.8.6 \
- crate://crates.io/paste/0.1.18 \
- crate://crates.io/paste-impl/0.1.18 \
- crate://crates.io/pem/1.1.0 \
+ crate://crates.io/memoffset/0.8.0 \
+ crate://crates.io/once_cell/1.17.2 \
+ crate://crates.io/openssl/0.10.54 \
+ crate://crates.io/openssl-macros/0.1.1 \
+ crate://crates.io/openssl-sys/0.9.88 \
+ crate://crates.io/ouroboros/0.15.6 \
+ crate://crates.io/ouroboros_macro/0.15.6 \
+ crate://crates.io/parking_lot/0.12.1 \
+ crate://crates.io/parking_lot_core/0.9.7 \
+ crate://crates.io/pem/1.1.1 \
+ crate://crates.io/pkg-config/0.3.27 \
crate://crates.io/proc-macro-error/1.0.4 \
crate://crates.io/proc-macro-error-attr/1.0.4 \
- crate://crates.io/proc-macro-hack/0.5.20+deprecated \
- crate://crates.io/proc-macro2/1.0.49 \
- crate://crates.io/pyo3/0.15.2 \
- crate://crates.io/pyo3-build-config/0.15.2 \
- crate://crates.io/pyo3-macros/0.15.2 \
- crate://crates.io/pyo3-macros-backend/0.15.2 \
- crate://crates.io/quote/1.0.23 \
+ crate://crates.io/proc-macro2/1.0.64 \
+ crate://crates.io/pyo3/0.18.3 \
+ crate://crates.io/pyo3-build-config/0.18.3 \
+ crate://crates.io/pyo3-ffi/0.18.3 \
+ crate://crates.io/pyo3-macros/0.18.3 \
+ crate://crates.io/pyo3-macros-backend/0.18.3 \
+ crate://crates.io/quote/1.0.28 \
crate://crates.io/redox_syscall/0.2.16 \
crate://crates.io/scopeguard/1.1.0 \
- crate://crates.io/scratch/1.0.3 \
crate://crates.io/smallvec/1.10.0 \
- crate://crates.io/syn/1.0.107 \
- crate://crates.io/termcolor/1.1.3 \
- crate://crates.io/unicode-ident/1.0.6 \
- crate://crates.io/unicode-width/0.1.10 \
+ crate://crates.io/syn/1.0.109 \
+ crate://crates.io/syn/2.0.18 \
+ crate://crates.io/target-lexicon/0.12.7 \
+ crate://crates.io/unicode-ident/1.0.9 \
crate://crates.io/unindent/0.1.11 \
+ crate://crates.io/vcpkg/0.2.15 \
crate://crates.io/version_check/0.9.4 \
- crate://crates.io/wasm-bindgen/0.2.83 \
- crate://crates.io/wasm-bindgen-backend/0.2.83 \
- crate://crates.io/wasm-bindgen-macro/0.2.83 \
- crate://crates.io/wasm-bindgen-macro-support/0.2.83 \
- crate://crates.io/wasm-bindgen-shared/0.2.83 \
- crate://crates.io/winapi/0.3.9 \
- crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi-util/0.1.5 \
- crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+ crate://crates.io/windows-sys/0.45.0 \
+ crate://crates.io/windows-targets/0.42.2 \
+ crate://crates.io/windows_aarch64_gnullvm/0.42.2 \
+ crate://crates.io/windows_aarch64_msvc/0.42.2 \
+ crate://crates.io/windows_i686_gnu/0.42.2 \
+ crate://crates.io/windows_i686_msvc/0.42.2 \
+ crate://crates.io/windows_x86_64_gnu/0.42.2 \
+ crate://crates.io/windows_x86_64_gnullvm/0.42.2 \
+ crate://crates.io/windows_x86_64_msvc/0.42.2 \
"
SRC_URI[Inflector-0.11.4.sha256sum] = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
SRC_URI[aliasable-0.1.3.sha256sum] = "250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd"
-SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
-SRC_URI[asn1-0.13.0.sha256sum] = "2affba5e62ee09eeba078f01a00c4aed45ac4287e091298eccbb0d4802efbdc5"
-SRC_URI[asn1_derive-0.13.0.sha256sum] = "bfab79c195875e5aef2bd20b4c8ed8d43ef9610bcffefbbcf66f88f555cc78af"
+SRC_URI[asn1-0.15.2.sha256sum] = "28c19b9324de5b815b6487e0f8098312791b09de0dbf3d5c2db1fe2d95bab973"
+SRC_URI[asn1_derive-0.15.2.sha256sum] = "a045c3ccad89f244a86bd1e6cf1a7bf645296e7692698b056399b6efd4639407"
SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
SRC_URI[base64-0.13.1.sha256sum] = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-SRC_URI[bumpalo-3.10.0.sha256sum] = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3"
-SRC_URI[cc-1.0.78.sha256sum] = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d"
+SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[chrono-0.4.23.sha256sum] = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f"
-SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
-SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
-SRC_URI[cxx-1.0.85.sha256sum] = "5add3fc1717409d029b20c5b6903fc0c0b02fa6741d820054f4a2efa5e5816fd"
-SRC_URI[cxx-build-1.0.85.sha256sum] = "b4c87959ba14bc6fbc61df77c3fcfe180fc32b93538c4f1031dd802ccb5f2ff0"
-SRC_URI[cxxbridge-flags-1.0.85.sha256sum] = "69a3e162fde4e594ed2b07d0f83c6c67b745e7f28ce58c6df5e6b6bef99dfb59"
-SRC_URI[cxxbridge-macro-1.0.85.sha256sum] = "3e7e2adeb6a0d4a282e581096b06e1791532b7d576dcde5ccd9382acf55db8e6"
-SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
-SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
-SRC_URI[indoc-0.3.6.sha256sum] = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8"
-SRC_URI[indoc-impl-0.3.6.sha256sum] = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0"
-SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-SRC_URI[js-sys-0.3.60.sha256sum] = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
-SRC_URI[libc-0.2.139.sha256sum] = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
-SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+SRC_URI[foreign-types-0.3.2.sha256sum] = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+SRC_URI[foreign-types-shared-0.1.1.sha256sum] = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+SRC_URI[indoc-1.0.9.sha256sum] = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306"
+SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
-SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
-SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
-SRC_URI[once_cell-1.14.0.sha256sum] = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
-SRC_URI[ouroboros-0.15.5.sha256sum] = "dfbb50b356159620db6ac971c6d5c9ab788c9cc38a6f49619fca2a27acb062ca"
-SRC_URI[ouroboros_macro-0.15.5.sha256sum] = "4a0d9d1a6191c4f391f87219d1ea42b23f09ee84d64763cd05ee6ea88d9f384d"
-SRC_URI[parking_lot-0.11.2.sha256sum] = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99"
-SRC_URI[parking_lot_core-0.8.6.sha256sum] = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc"
-SRC_URI[paste-0.1.18.sha256sum] = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880"
-SRC_URI[paste-impl-0.1.18.sha256sum] = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6"
-SRC_URI[pem-1.1.0.sha256sum] = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4"
+SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
+SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b"
+SRC_URI[openssl-0.10.54.sha256sum] = "69b3f656a17a6cbc115b5c7a40c616947d213ba182135b014d6051b73ab6f019"
+SRC_URI[openssl-macros-0.1.1.sha256sum] = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+SRC_URI[openssl-sys-0.9.88.sha256sum] = "c2ce0f250f34a308dcfdbb351f511359857d4ed2134ba715a4eadd46e1ffd617"
+SRC_URI[ouroboros-0.15.6.sha256sum] = "e1358bd1558bd2a083fed428ffeda486fbfb323e698cdda7794259d592ca72db"
+SRC_URI[ouroboros_macro-0.15.6.sha256sum] = "5f7d21ccd03305a674437ee1248f3ab5d4b1db095cf1caf49f1713ddf61956b7"
+SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+SRC_URI[parking_lot_core-0.9.7.sha256sum] = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
+SRC_URI[pem-1.1.1.sha256sum] = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
-SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
-SRC_URI[proc-macro2-1.0.49.sha256sum] = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5"
-SRC_URI[pyo3-0.15.2.sha256sum] = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752"
-SRC_URI[pyo3-build-config-0.15.2.sha256sum] = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410"
-SRC_URI[pyo3-macros-0.15.2.sha256sum] = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a"
-SRC_URI[pyo3-macros-backend-0.15.2.sha256sum] = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095"
-SRC_URI[quote-1.0.23.sha256sum] = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+SRC_URI[proc-macro2-1.0.64.sha256sum] = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da"
+SRC_URI[pyo3-0.18.3.sha256sum] = "e3b1ac5b3731ba34fdaa9785f8d74d17448cd18f30cf19e0c7e7b1fdb5272109"
+SRC_URI[pyo3-build-config-0.18.3.sha256sum] = "9cb946f5ac61bb61a5014924910d936ebd2b23b705f7a4a3c40b05c720b079a3"
+SRC_URI[pyo3-ffi-0.18.3.sha256sum] = "fd4d7c5337821916ea2a1d21d1092e8443cf34879e53a0ac653fbb98f44ff65c"
+SRC_URI[pyo3-macros-0.18.3.sha256sum] = "a9d39c55dab3fc5a4b25bbd1ac10a2da452c4aca13bb450f22818a002e29648d"
+SRC_URI[pyo3-macros-backend-0.18.3.sha256sum] = "97daff08a4c48320587b5224cc98d609e3c27b6d437315bd40b605c98eeb5918"
+SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
-SRC_URI[scratch-1.0.3.sha256sum] = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2"
SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
-SRC_URI[syn-1.0.107.sha256sum] = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
-SRC_URI[termcolor-1.1.3.sha256sum] = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
-SRC_URI[unicode-ident-1.0.6.sha256sum] = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
-SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
+SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5"
+SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0"
SRC_URI[unindent-0.1.11.sha256sum] = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c"
+SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
-SRC_URI[wasm-bindgen-0.2.83.sha256sum] = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
-SRC_URI[wasm-bindgen-backend-0.2.83.sha256sum] = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
-SRC_URI[wasm-bindgen-macro-0.2.83.sha256sum] = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
-SRC_URI[wasm-bindgen-macro-support-0.2.83.sha256sum] = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
-SRC_URI[wasm-bindgen-shared-0.2.83.sha256sum] = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
-SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
-SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
+SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb
index 795e27f75b..52f2c35315 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb
@@ -9,11 +9,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
# NOTE: Make sure to keep this recipe at the same version as python3-cryptography
# Upgrade both recipes at the same time
-SRC_URI[sha256sum] = "a68f106f7a4322cf1e7ed51e3fc6d5c1e0b11d337ed918ec879e8afe0c2a5220"
+SRC_URI[sha256sum] = "028dff94a8522ca818b11295ff12df55f348f33a193c0597ddfe8239e53d1582"
PYPI_PACKAGE = "cryptography_vectors"
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
DEPENDS += " \
${PYTHON_PN}-cryptography \
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch
new file mode 100644
index 0000000000..d720359ded
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch
@@ -0,0 +1,52 @@
+From 2f9cd402d3293f6efe0f3ac06f17c6c14edbed86 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Sun, 25 Jun 2023 17:39:19 -0600
+Subject: [PATCH] Fix include directory when cross compiling (#9129)
+
+Upstream-Status: Backport [https://github.com/pyca/cryptography/pull/9129]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ src/rust/cryptography-cffi/build.rs | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/rust/cryptography-cffi/build.rs b/src/rust/cryptography-cffi/build.rs
+index 07590ad2e..384af1ddb 100644
+--- a/src/rust/cryptography-cffi/build.rs
++++ b/src/rust/cryptography-cffi/build.rs
+@@ -47,9 +47,14 @@ fn main() {
+ )
+ .unwrap();
+ println!("cargo:rustc-cfg=python_implementation=\"{}\"", python_impl);
+- let python_include = run_python_script(
++ let python_includes = run_python_script(
+ &python,
+- "import sysconfig; print(sysconfig.get_path('include'), end='')",
++ "import os; \
++ import setuptools.dist; \
++ import setuptools.command.build_ext; \
++ b = setuptools.command.build_ext.build_ext(setuptools.dist.Distribution()); \
++ b.finalize_options(); \
++ print(os.pathsep.join(b.include_dirs), end='')",
+ )
+ .unwrap();
+ let openssl_include =
+@@ -59,12 +64,15 @@ fn main() {
+ let mut build = cc::Build::new();
+ build
+ .file(openssl_c)
+- .include(python_include)
+ .include(openssl_include)
+ .flag_if_supported("-Wconversion")
+ .flag_if_supported("-Wno-error=sign-conversion")
+ .flag_if_supported("-Wno-unused-parameter");
+
++ for python_include in env::split_paths(&python_includes) {
++ build.include(python_include);
++ }
++
+ // Enable abi3 mode if we're not using PyPy.
+ if python_impl != "PyPy" {
+ // cp37 (Python 3.7 to help our grep when we some day drop 3.7 support)
+--
+2.30.2
+
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
index 481f595246..69cf451d57 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
+++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
@@ -1,4 +1,4 @@
-From ce972ea92d724f232323a9a6265a8b44d913d4d8 Mon Sep 17 00:00:00 2001
+From b7dd3ce1d75d1e6255e1aca82aa7f401d4246a75 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Tue, 17 May 2022 17:22:48 +0800
Subject: [PATCH] pyproject.toml: remove --benchmark-disable option
@@ -18,23 +18,28 @@ Fixes:
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
---
- pyproject.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ pyproject.toml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pyproject.toml b/pyproject.toml
-index 4d58129..b011fca 100644
+index b2e511f..4a285af 100644
--- a/pyproject.toml
+++ b/pyproject.toml
-@@ -15,7 +15,7 @@ line-length = 79
- target-version = ["py36"]
+@@ -85,7 +85,7 @@ line-length = 79
+ target-version = ["py37"]
[tool.pytest.ini_options]
-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
+addopts = "-r s --capture=no --strict-markers"
+ console_output_style = "progress-even-when-capture-no"
markers = [
"skip_fips: this test is not executed in FIPS mode",
- "supported: parametrized test requiring only_if and skip_message",
---
-2.25.1
-
+@@ -151,4 +151,4 @@ git-only = [
+ "ci-constraints-requirements.txt",
+ ".gitattributes",
+ ".gitignore",
+-]
+\ No newline at end of file
++]
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch
deleted file mode 100644
index 366e3a4d39..0000000000
--- a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4b73298b214a5b69ea6edf3c2e21dd82b2b29708 Mon Sep 17 00:00:00 2001
-From: Tim Orling <tim.orling@konsulko.com>
-Date: Fri, 14 Jan 2022 22:34:59 -0800
-Subject: [PATCH 2/2] Cargo.toml: edition 2018 -> 2021
-
-Upstream-Status: Pending
-
-Signed-off-by: Tim Orling <tim.orling@konsulko.com>
----
- src/rust/Cargo.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
-index 174eaa80..7ad053d9 100644
---- a/src/rust/Cargo.toml
-+++ b/src/rust/Cargo.toml
-@@ -2,7 +2,7 @@
- name = "cryptography-rust"
- version = "0.1.0"
- authors = ["The cryptography developers <cryptography-dev@python.org>"]
--edition = "2018"
-+edition = "2021"
- publish = false
-
- [dependencies]
---
-2.30.2
-
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb
index 449e3ba1bc..20d6c97f36 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb
@@ -1,26 +1,24 @@
SUMMARY = "Provides cryptographic recipes and primitives to python developers"
HOMEPAGE = "https://cryptography.io/"
SECTION = "devel/python"
-LICENSE = "( Apache-2.0 | BSD-3-Clause ) & PSF-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \
+LICENSE = "Apache-2.0 | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \
file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \
- file://LICENSE.PSF;md5=43c37d21e1dbad10cddcd150ba2c0595 \
"
LDSHARED += "-pthread"
-SRC_URI[sha256sum] = "bc5b871e977c8ee5a1bbc42fa8d19bcc08baf0c51cbf1586b0e87a2694dde42f"
+SRC_URI[sha256sum] = "7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c"
-SRC_URI += "\
- file://0002-Cargo.toml-edition-2018-2021.patch \
- file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
- file://check-memfree.py \
- file://run-ptest \
-"
+SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
+ file://0001-Fix-include-directory-when-cross-compiling-9129.patch \
+ file://check-memfree.py \
+ file://run-ptest \
+ "
require ${BPN}-crates.inc
-inherit pypi python_setuptools3_rust cargo-update-recipe-crates
+inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig
DEPENDS += " \
${PYTHON_PN}-cffi-native \
diff --git a/poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb b/poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb
index 78be2b94ed..78be2b94ed 100644
--- a/poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb
+++ b/poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb
diff --git a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb
index b42ff06872..c53186997a 100644
--- a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb
@@ -4,8 +4,12 @@ SECTION = "devel/python"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=41bc1be47b7bb8240db3ef928c7cb0bf"
-SRC_URI[sha256sum] = "167524e377358ed1f1374e61c268f0d7a4bf7dbd046c656f7b410cde16161b1a"
+SRC_URI[sha256sum] = "dc322c42e7ccaf19600874035a4573898d88aadd07e177c239298135b75da772"
inherit pypi python_setuptools_build_meta
+RDEPENDS:${PN} += "\
+ python3-io \
+"
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb
index 08b9f66bcb..f217577eb8 100644
--- a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb
+++ b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb
@@ -12,7 +12,7 @@ PYPI_PACKAGE = "GitPython"
inherit pypi python_setuptools_build_meta
-SRC_URI[sha256sum] = "8ce3bcf69adfdf7c7d503e78fd3b1c492af782d58893b650adb2ac8912ddd573"
+SRC_URI[sha256sum] = "8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6"
DEPENDS += " ${PYTHON_PN}-gitdb"
diff --git a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb
index 05a86f0efb..c94e49dab3 100644
--- a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb
@@ -8,7 +8,7 @@ inherit pypi python_hatchling
DEPENDS += "python3-pluggy-native python3-pathspec-native python3-packaging-native python3-editables-native python3-trove-classifiers-native"
DEPENDS:remove:class-native = "python3-hatchling-native"
-SRC_URI[sha256sum] = "b1244db3f45b4ef5a00106a46612da107cdfaf85f1580b8e1c059fefc98b0930"
+SRC_URI[sha256sum] = "50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca"
do_compile:prepend() {
export PYTHONPATH=src
diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb
index dc21bc67c6..93bf638759 100644
--- a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb
+++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb
@@ -13,7 +13,7 @@ SRC_URI += " \
file://test_rle.py \
"
-SRC_URI[sha256sum] = "a8ef2e0c7d5ebd90043a4ed8f6987de6a2b497b2caf6863364ff41db25971856"
+SRC_URI[sha256sum] = "e35165a73064370d30d476d7218f600d2bf861ff218192c9e994cb36aa190ae7"
RDEPENDS:${PN} += " \
python3-attrs \
diff --git a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb
index 34bc55b0e1..b8dd4bb701 100644
--- a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb
@@ -8,7 +8,7 @@ inherit pypi python_setuptools_build_meta
PYPI_PACKAGE = "importlib_metadata"
UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P<pver>(\d+[\.\-_]*)+)/"
-SRC_URI[sha256sum] = "92501cdf9cc66ebd3e612f1b4f0c0765dfa42f0fa38ffb319b6bd84dd675d705"
+SRC_URI[sha256sum] = "dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743"
S = "${WORKDIR}/importlib_metadata-${PV}"
diff --git a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb
index 797607f81e..a8dccb90c7 100644
--- a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://pyiso8601.readthedocs.org/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=aab31f2ef7ba214a5a341eaa47a7f367"
-SRC_URI[sha256sum] = "32811e7b81deee2063ea6d2e94f8819a86d1f3811e49d23623a41fa832bef03f"
+SRC_URI[sha256sum] = "739960d37c74c77bd9bd546a76562ccb581fe3d4820ff5c3141eb49c839fda8f"
inherit pypi python_poetry_core
diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch b/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch
deleted file mode 100644
index 4121834dbf..0000000000
--- a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 04a864f33848da6af1dea906ba4922770022ef66 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Thu, 16 Mar 2023 14:21:32 +0000
-Subject: [PATCH] Clean up test runner
-
-Test code doesn't need to manually construct a TestSuite and a
-TextTestRunner, the unittest module has a discovery function that does
-all this for you.
-
-Delete all of the manual logic from tests.py, replace it with the two
-lines to bring in the doctest unit tests, and update the makefile to
-run the unittest discovery.
-
-Upstream-Status: Submitted [https://github.com/stefankoegl/python-json-pointer/pull/54]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- makefile | 2 +-
- tests.py | 24 ++++--------------------
- 2 files changed, 5 insertions(+), 21 deletions(-)
-
-diff --git a/tests.py b/tests.py
-index 9252369..6b4b8cc 100755
---- a/tests.py
-+++ b/tests.py
-@@ -7,6 +7,7 @@ import doctest
- import unittest
- import sys
- import copy
-+import jsonpointer
- from jsonpointer import resolve_pointer, EndOfList, JsonPointerException, \
- JsonPointer, set_pointer
-
-@@ -410,23 +411,6 @@ class AltTypesTests(unittest.TestCase):
- self.assertRaises(JsonPointerException, resolve_pointer, doc, '/root/1/2/3/4')
-
-
--
--suite = unittest.TestSuite()
--suite.addTest(unittest.makeSuite(SpecificationTests))
--suite.addTest(unittest.makeSuite(ComparisonTests))
--suite.addTest(unittest.makeSuite(WrongInputTests))
--suite.addTest(unittest.makeSuite(ToLastTests))
--suite.addTest(unittest.makeSuite(SetTests))
--suite.addTest(unittest.makeSuite(AltTypesTests))
--
--modules = ['jsonpointer']
--
--for module in modules:
-- m = __import__(module, fromlist=[module])
-- suite.addTest(doctest.DocTestSuite(m))
--
--runner = unittest.TextTestRunner(verbosity=1)
--result = runner.run(suite)
--
--if not result.wasSuccessful():
-- sys.exit(1)
-+def load_tests(loader, tests, ignore):
-+ tests.addTests(doctest.DocTestSuite(jsonpointer))
-+ return tests
---
-2.34.1
-
diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb
index 0ec4de055c..d7a1fea70a 100644
--- a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb
@@ -5,9 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=32b15c843b7a329130f4e266a281ebb3"
inherit pypi ptest setuptools3
-SRC_URI += "file://0001-Clean-up-test-runner.patch"
-
-SRC_URI[sha256sum] = "97cba51526c829282218feb99dab1b1e6bdf8efd1c43dc9d57be093c0d69c99a"
+SRC_URI[sha256sum] = "585cee82b70211fa9e6043b7bb89db6e1aa49524340dde8ad6b63206ea689d88"
RDEPENDS:${PN} += " \
${PYTHON_PN}-json \
diff --git a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
index c7f1e1fc3c..b911f7b2ad 100644
--- a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
@@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \
DEPENDS += "libxml2 libxslt"
-SRC_URI[sha256sum] = "2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67"
+SRC_URI[sha256sum] = "48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c"
SRC_URI += "${PYPI_SRC_URI}"
inherit pkgconfig pypi setuptools3
diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb
index d150403f8c..b346cc85d9 100644
--- a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/mitsuhiko/markupsafe"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75"
-SRC_URI[sha256sum] = "abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d"
+SRC_URI[sha256sum] = "af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"
PYPI_PACKAGE = "MarkupSafe"
inherit pypi setuptools3 ptest
diff --git a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb
index 710af5fe8f..3632ab71ee 100644
--- a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://numpy.org/"
DESCRIPTION = "NumPy is the fundamental package needed for scientific computing with Python."
SECTION = "devel/python"
LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8026691468924fb6ec155dadfe2a1a7f"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d"
SRCNAME = "numpy"
@@ -12,7 +12,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
file://0001-numpy-core-Define-RISCV-32-support.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "ab344f1bf21f140adab8e47fdbc7c35a477dc01408791f8ba00d018dd0bc5155"
+SRC_URI[sha256sum] = "9a3a9f3a61480cc086117b426a8bd86869c213fc4072e606f01c4e4b66eb92bf"
GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases"
UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P<pver>\d+(\.\d+)+)$"
diff --git a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb
index a0ebd765bf..1ddec7d654 100644
--- a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \
file://src/pip/_vendor/msgpack/COPYING;md5=cd9523181d9d4fbf7ffca52eaa2a5751 \
file://src/pip/_vendor/packaging/LICENSE;md5=faadaedca9251a90b205c9167578ce91 \
file://src/pip/_vendor/packaging/LICENSE.APACHE;md5=2ee41112a44fe7014dce33e26468ba93 \
- file://src/pip/_vendor/pkg_resources/LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6 \
+ file://src/pip/_vendor/pkg_resources/LICENSE;md5=141643e11c48898150daa83802dbc65f \
file://src/pip/_vendor/platformdirs/LICENSE;md5=ea4f5a41454746a9ed111e3d8723d17a \
file://src/pip/_vendor/pygments/LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592 \
file://src/pip/_vendor/pyparsing/LICENSE;md5=657a566233888513e1f07ba13e2f47f1 \
@@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \
file://src/pip/_vendor/six.LICENSE;md5=43cfc9e4ac0e377acfb9b76f56b8415d \
file://src/pip/_vendor/tenacity/LICENSE;md5=175792518e4ac015ab6696d16c4f607e \
file://src/pip/_vendor/tomli/LICENSE;md5=aaaaf0879d17df0110d1aa8c8c9f46f5 \
- file://src/pip/_vendor/typing_extensions.LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2 \
+ file://src/pip/_vendor/typing_extensions.LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2 \
file://src/pip/_vendor/urllib3/LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c \
file://src/pip/_vendor/webencodings/LICENSE;md5=81fb24cd7823cce23b69f721993dce4d \
"
@@ -33,7 +33,7 @@ inherit pypi python_setuptools_build_meta
SRC_URI += "file://no_shebang_mangling.patch"
-SRC_URI[sha256sum] = "0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba"
+SRC_URI[sha256sum] = "a160a170f3331d9ca1a0247eb1cd79c758879f1f81158f9cd05bbb5df80bea5c"
do_install:append() {
rm -f ${D}/${bindir}/pip
diff --git a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb
index 99ae6336b7..3322bb523b 100644
--- a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pytest-dev/pluggy"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1c8206d16fd5cc02fa9b0bb98955e5c2"
-SRC_URI[sha256sum] = "4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"
+SRC_URI[sha256sum] = "d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3"
DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
RDEPENDS:${PN} += "${PYTHON_PN}-importlib-metadata \
diff --git a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb
index 5214a05d53..8059750de0 100644
--- a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "cairo python3"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/pycairo-${PV}.tar.gz"
GITHUB_BASE_URI = "https://github.com/pygobject/pycairo/releases/"
-SRC_URI[sha256sum] = "9b61ac818723adc04367301317eb2e814a83522f07bbd1f409af0dada463c44c"
+SRC_URI[sha256sum] = "1444d52f1bb4cc79a4a0c0fe2ccec4bd78ff885ab01ebe1c0f637d8392bcafb6"
S = "${WORKDIR}/pycairo-${PV}"
diff --git a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb
index 16769e9263..e0e477100e 100644
--- a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb
@@ -4,8 +4,8 @@ HOMEPAGE = "http://pygments.org/"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592"
-inherit setuptools3
-SRC_URI[sha256sum] = "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297"
+inherit python_setuptools_build_meta
+SRC_URI[sha256sum] = "8ace4d3c1dd481894b2005f560ead0f9f19ee64fe983366be1a21e171d12775c"
DEPENDS += "\
${PYTHON_PN} \
diff --git a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb
index b858073c3b..e5c6d5f832 100644
--- a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb
+++ b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb
@@ -10,7 +10,7 @@ BUGTRACKER = "https://github.com/pyparsing/pyparsing/issues"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=657a566233888513e1f07ba13e2f47f1"
-SRC_URI[sha256sum] = "2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"
+SRC_URI[sha256sum] = "edb662d6fe322d6e990b1594b5feaeadf806803359e3d4d42f11e295e588f0ea"
UPSTREAM_CHECK_REGEX = "pyparsing-(?P<pver>.*)\.tar"
diff --git a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb
index e1f2a49d31..ddba031880 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb
@@ -7,9 +7,9 @@ BUGTRACKER = "https://github.com/pytest-dev/pytest-subtests/issues"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
-SRC_URI[sha256sum] = "d9961a67c1791e8c1e32dce7a70ed1e54f3b1e641087f2094f2d37087ab7fb17"
+SRC_URI[sha256sum] = "51865c88457545f51fb72011942f0a3c6901ee9e24cbfb6d1b9dc1348bafbe37"
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb
index 914ea55346..323dfebe38 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "The pytest framework makes it easy to write small tests, yet scal
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c"
-SRC_URI[sha256sum] = "434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3"
+SRC_URI[sha256sum] = "b4bf8c45bd59934ed84001ad51e11b4ee40d40a1229d2c79f9c592b0a3f6bd8a"
DEPENDS += "python3-setuptools-scm-native"
diff --git a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb
index 5604ff01e4..b745f349e7 100644
--- a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb
+++ b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb
@@ -9,7 +9,7 @@ PYPI_PACKAGE = "ruamel.yaml"
inherit pypi setuptools3
-SRC_URI[sha256sum] = "098ed1eb6d338a684891a72380277c1e6fc4d4ae0e120de9a447275056dda335"
+SRC_URI[sha256sum] = "ec939063761914e14542972a5cba6d33c23b0859ab6342f61cf070cfc600efc2"
RDEPENDS:${PN} += "\
${PYTHON_PN}-shell \
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
index 4d56dc89ba..1e5ab498a4 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
+++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
@@ -1,4 +1,4 @@
-From 2b06ca797d3ccc5b195aaa04a085c44bf61d4de3 Mon Sep 17 00:00:00 2001
+From 5e603da9c01ccb828a03ea3e82d15599971f794f Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 17 Jul 2018 10:13:38 +0800
Subject: [PATCH] conditionally do not fetch code by easy_install
@@ -9,17 +9,16 @@ internet by easy_install.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
---
setuptools/command/easy_install.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py
-index 444d3b3..61e445a 100644
+index 0b8d1159..93308060 100644
--- a/setuptools/command/easy_install.py
+++ b/setuptools/command/easy_install.py
-@@ -648,6 +648,11 @@ class easy_install(Command):
- os.path.exists(tmpdir) and rmtree(tmpdir)
+@@ -644,6 +644,11 @@ class easy_install(Command):
+ os.path.exists(tmpdir) and _rmtree(tmpdir)
def easy_install(self, spec, deps=False):
+ if os.environ.get('NO_FETCH_BUILD', None):
@@ -30,3 +29,6 @@ index 444d3b3..61e445a 100644
with self._tmpdir() as tmpdir:
if not isinstance(spec, Requirement):
if URL_SCHEME(spec):
+--
+2.41.0
+
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb
index ad0d7cc527..4ac789d18c 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb
@@ -2,7 +2,7 @@ SUMMARY = "Download, build, install, upgrade, and uninstall Python packages"
HOMEPAGE = "https://pypi.org/project/setuptools"
SECTION = "devel/python"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=19;md5=7a7126e068206290f3fe9f8d6c713ea6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
inherit pypi python_setuptools_build_meta
@@ -11,7 +11,7 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e
SRC_URI += " \
file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
-SRC_URI[sha256sum] = "257de92a9d50a60b8e22abfcbb771571fde0dbf3ec234463212027a4eeecbe9a"
+SRC_URI[sha256sum] = "baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235"
DEPENDS += "${PYTHON_PN}"
diff --git a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb
index 25de0159b6..0fac83a1c9 100644
--- a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} += " \
PYPI_PACKAGE = "sphinx_rtd_theme"
-SRC_URI[sha256sum] = "cf9a7dc0352cf179c538891cb28d6fad6391117d4e21c891776ab41dd6c8ff70"
+SRC_URI[sha256sum] = "01c5c5a72e2d025bd23d1f06c59a4831b06e6ce6c01fdd5ebfe9986c0a880fc7"
UPSTREAM_CHECK_REGEX ?= "/sphinx-rtd-theme/(?P<pver>(\d+[\.\-_]*)+)/"
inherit setuptools3 pypi
diff --git a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb
index 2d484d4b2c..7879dc2031 100644
--- a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb
+++ b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/trove-classifiers"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
-SRC_URI[sha256sum] = "fd5a1546283be941f47540a135bdeae8fb261380a6a204d9c18012f2a1b0ceae"
+SRC_URI[sha256sum] = "8a8e168b51d20fed607043831d37632bb50919d1c80a64e0f1393744691a8b22"
inherit pypi python_setuptools_build_meta ptest
diff --git a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
index be43fe4a64..8ff77ba4fd 100644
--- a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
@@ -10,12 +10,12 @@ HOMEPAGE = "https://github.com/python/typing_extensions"
BUGTRACKER = "https://github.com/python/typing_extensions/issues"
SECTIONS = "libs"
LICENSE = "PSF-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
# The name on PyPi is slightly different.
PYPI_PACKAGE = "typing_extensions"
-SRC_URI[sha256sum] = "06006244c70ac8ee83fa8282cb188f697b8db25bc8b4df07be1873c43897060c"
+SRC_URI[sha256sum] = "b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2"
inherit pypi python_flit_core
diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb
index bc1cdb009f..64b21db86d 100644
--- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb
@@ -1,9 +1,9 @@
SUMMARY = "Python HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more"
HOMEPAGE = "https://github.com/shazow/urllib3"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
-SRC_URI[sha256sum] = "61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc"
+SRC_URI[sha256sum] = "bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825"
inherit pypi python_hatchling
diff --git a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
index 45654ff6f1..9dff59ffaf 100644
--- a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
@@ -1,9 +1,9 @@
SUMMARY = "Backport of pathlib-compatible object wrapper for zip files"
HOMEPAGE = "https://github.com/jaraco/zipp"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
-SRC_URI[sha256sum] = "112929ad649da941c23de50f356a2b5570c954b65150642bccdd66bf194d224b"
+SRC_URI[sha256sum] = "ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147"
DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
index c9253832cf..222a567dd5 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
@@ -1,4 +1,4 @@
-From 6cb667f37beacd832cb409e5244b3c90dfad32f7 Mon Sep 17 00:00:00 2001
+From aa8f1709c54557d2b51a9a37d15ccc3de62e90cb Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman <jpuhlman@mvista.com>
Date: Wed, 4 Mar 2020 00:06:42 +0000
Subject: [PATCH] Don't search system for headers/libraries
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index df5179e877..07c6aef9b9 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From 86061629f4a179e740a17e53dd2c98ab47af2fe2 Mon Sep 17 00:00:00 2001
+From 7b0a14e7320078ac891d415cab9b7568e3f52ad8 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Thu, 16 Sep 2021 16:35:37 +0200
Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
@@ -30,18 +30,18 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Lib/pty.py b/Lib/pty.py
-index 8d8ce40..35439c6 100644
+index fefb63a..4cef056 100644
--- a/Lib/pty.py
+++ b/Lib/pty.py
-@@ -154,7 +154,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
- os.write(STDOUT_FILENO, data)
+@@ -184,7 +184,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
+ i_buf = i_buf[n:]
- if STDIN_FILENO in rfds:
+ if stdin_avail and STDIN_FILENO in rfds:
- data = stdin_read(STDIN_FILENO)
+ try:
+ data = stdin_read(STDIN_FILENO)
+ except OSError:
+ data = b""
if not data:
- fds.remove(STDIN_FILENO)
+ stdin_avail = False
else:
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index d5b7ce2b95..a0f3d72992 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From 4ed481f4928c361970e78f27c4d9be8700af176b Mon Sep 17 00:00:00 2001
+From 512c617bd00b74b30a80dd56a12391de46e2b6cf Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 10 Sep 2021 12:28:31 +0200
Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
diff --git a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index 5ee4e4f126..bbdd8b586e 100644
--- a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++ b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
-From 4c39252c71d8bca81fdc43753c83a59f8668c619 Mon Sep 17 00:00:00 2001
+From 843574d5a5b0818e83e20f8c0389d567bd4733fb Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 14 May 2013 15:00:26 -0700
Subject: [PATCH] python3: Add target and native recipes
diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
index 0ca687d2eb..8e432b49af 100644
--- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -32,7 +32,7 @@ def fix_path(dep_path):
dep_path = dep_path[dep_path.find(pivot)+len(pivot):]
if '/usr/bin' in dep_path:
- dep_path = dep_path.replace('/usr/bin''${bindir}')
+ dep_path = dep_path.replace('/usr/bin','${bindir}')
# Handle multilib, is there a better way?
if '/usr/lib32' in dep_path:
diff --git a/poky/meta/recipes-devtools/python/python3/makerace.patch b/poky/meta/recipes-devtools/python/python3/makerace.patch
index 979fc9dc36..c71c1e15de 100644
--- a/poky/meta/recipes-devtools/python/python3/makerace.patch
+++ b/poky/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 4f52aaf2a548b3356c6f1369c62b11335dc27464 Mon Sep 17 00:00:00 2001
+From dde5cb74f55b6dd39d25cff639d16940d9dad505 Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue, 13 Jul 2021 23:19:29 +0100
Subject: [PATCH] python3: Fix make race
@@ -18,11 +18,11 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 7558f0c..8cec819 100644
+index c6d7e85..205af6c 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2005,7 +2005,7 @@ TESTSUBDIRS= ctypes/test \
- unittest/test unittest/test/testmock
+@@ -2045,7 +2045,7 @@ TESTSUBDIRS= ctypes/test \
+ unittest/test/testmock
TEST_MODULES=@TEST_MODULES@
-libinstall: all $(srcdir)/Modules/xxmodule.c
diff --git a/poky/meta/recipes-devtools/python/python3/run-ptest b/poky/meta/recipes-devtools/python/python3/run-ptest
index 05396e91ab..efa84555a5 100644
--- a/poky/meta/recipes-devtools/python/python3/run-ptest
+++ b/poky/meta/recipes-devtools/python/python3/run-ptest
@@ -1,3 +1,3 @@
#!/bin/sh
-SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g'
+{ SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v -j 4 || echo "FAIL: python3" ; } | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g'
diff --git a/poky/meta/recipes-devtools/python/python3_3.11.3.bb b/poky/meta/recipes-devtools/python/python3_3.11.4.bb
index c7974849b6..b3534ad678 100644
--- a/poky/meta/recipes-devtools/python/python3_3.11.3.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.11.4.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e"
+SRC_URI[sha256sum] = "2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -47,15 +47,13 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
CVE_PRODUCT = "python"
-# Upstream consider this expected behaviour
-CVE_CHECK_IGNORE += "CVE-2007-4559"
-# This is not exploitable when glibc has CVE-2016-10739 fixed.
-CVE_CHECK_IGNORE += "CVE-2019-18348"
-# These are specific to Microsoft Windows
-CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
-# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
+CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
+CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
+CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows"
# The module will be removed in the future and flaws documented.
-CVE_CHECK_IGNORE += "CVE-2015-20107"
+CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way"
+# CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour"
PYTHON_MAJMIN = "3.11"
@@ -406,13 +404,13 @@ INSANE_SKIP:${PN}-ptest = "dev-deps"
# catch all the rest (unsorted)
PACKAGES += "${PN}-misc"
RDEPENDS:${PN}-misc += "\
+ ${PN}-audio \
+ ${PN}-codecs \
${PN}-core \
${PN}-email \
- ${PN}-codecs \
- ${PN}-pydoc \
- ${PN}-pickle \
- ${PN}-audio \
${PN}-numbers \
+ ${PN}-pickle \
+ ${PN}-pydoc \
"
RDEPENDS:${PN}-modules:append:class-target = " ${MLPREFIX}python3-misc"
RDEPENDS:${PN}-modules:append:class-nativesdk = " ${MLPREFIX}python3-misc"
@@ -426,7 +424,7 @@ FILES:${PN}-man = "${datadir}/man"
# See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395
RDEPENDS:libpython3:append:libc-glibc = " libgcc"
RDEPENDS:${PN}-ctypes:append:libc-glibc = " ${MLPREFIX}ldconfig"
-RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata coreutils sed"
+RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev ${PN}-cgitb ${PN}-zipapp unzip bzip2 libgcc tzdata coreutils sed gcc g++ binutils"
RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-fr-fr locale-base-en-us locale-base-tr-tr locale-base-de-de"
RDEPENDS:${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${MLPREFIX}tk ${MLPREFIX}tk-lib', '', d)}"
RDEPENDS:${PN}-idle += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${PN}-tkinter ${MLPREFIX}tcl', '', d)}"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb
index 73a0f63f2b..73a0f63f2b 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb
index 04c7c2a6ac..04c7c2a6ac 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 6acda61425..64bade86aa 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -30,30 +30,24 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0001-tracetool-use-relative-paths-for-line-preprocessor-d.patch \
file://qemu-guest-agent.init \
file://qemu-guest-agent.udev \
- file://ppc.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
-SRC_URI[sha256sum] = "bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0"
+SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a232b09"
SRC_URI:append:class-target = " file://cross.patch"
SRC_URI:append:class-nativesdk = " file://cross.patch"
-# Applies against virglrender < 0.6.0 and not qemu itself
-CVE_CHECK_IGNORE += "CVE-2017-5957"
+CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself"
-# The VNC server can expose host files uder some circumstances. We don't
-# enable it by default.
-CVE_CHECK_IGNORE += "CVE-2007-0998"
+CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
-# 'The issues identified by this CVE were determined to not constitute a vulnerability.'
# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
-CVE_CHECK_IGNORE += "CVE-2018-18438"
+CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
-# this bug related to windows specific.
-CVE_CHECK_IGNORE += "CVE-2023-0664"
+CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
COMPATIBLE_HOST:mipsarchn32 = "null"
COMPATIBLE_HOST:mipsarchn64 = "null"
@@ -215,7 +209,7 @@ PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
# libnfs is currently provided by meta-kodi
PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs"
PACKAGECONFIG[pmem] = "--enable-libpmem,--disable-libpmem,pmdk"
-PACKAGECONFIG[pulsedio] = "--enable-pa,--disable-pa,pulseaudio"
+PACKAGECONFIG[pulseaudio] = "--enable-pa,--disable-pa,pulseaudio"
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
PACKAGECONFIG[bpf] = "--enable-bpf,--disable-bpf,libbpf"
PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone"
@@ -236,6 +230,8 @@ PACKAGES =+ "${PN}-system-all ${PN}-user-all"
ALLOW_EMPTY:${PN}-system-all = "1"
ALLOW_EMPTY:${PN}-user-all = "1"
+PACKAGES_DYNAMIC += "^${PN}-user-.* ^${PN}-system-.*"
+
PACKAGESPLITFUNCS =+ "split_qemu_packages"
python split_qemu_packages () {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch b/poky/meta/recipes-devtools/qemu/qemu/ppc.patch
deleted file mode 100644
index e14c48cf85..0000000000
--- a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 31f02021ac17442c514593f7b9ed750ea87c21b1 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Sat, 6 May 2023 07:42:35 +0100
-Cc: Víctor Colombo <victor.colombo@eldorado.org.br>
-Cc: Matheus Ferst <matheus.ferst@eldorado.org.br>
-Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
-Cc: Richard Henderson <richard.henderson@linaro.org>
-Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
-Subject: [PATCH v3] target/ppc: Fix fallback to MFSS for MFFS* instructions on
- pre 3.0 ISAs
-
-The following commits changed the code such that the fallback to MFSS for MFFSCRN,
-MFFSCRNI, MFFSCE and MFFSL on pre 3.0 ISAs was removed and became an illegal instruction:
-
- bf8adfd88b547680aa857c46098f3a1e94373160 - target/ppc: Move mffscrn[i] to decodetree
- 394c2e2fda70da722f20fb60412d6c0ca4bfaa03 - target/ppc: Move mffsce to decodetree
- 3e5bce70efe6bd1f684efbb21fd2a316cbf0657e - target/ppc: Move mffsl to decodetree
-
-The hardware will handle them as a MFFS instruction as the code did previously.
-This means applications that were segfaulting under qemu when encountering these
-instructions which is used in glibc libm functions for example.
-
-The fallback for MFFSCDRN and MFFSCDRNI added in a later patch was also missing.
-
-This patch restores the fallback to MFSS for these instructions on pre 3.0s ISAs
-as the hardware decoder would, fixing the segfaulting libm code. It doesn't have
-the fallback for 3.0 onwards to match hardware behaviour.
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
----
- target/ppc/insn32.decode | 20 +++++++++++++-------
- target/ppc/translate/fp-impl.c.inc | 22 ++++++++++++++++------
- 2 files changed, 29 insertions(+), 13 deletions(-)
-
-v3 - drop fallback to MFFS for 3.0 ISA to match hardware
-v2 - switch to use decodetree pattern groups per feedback
-
-Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20230506065240.3177798-1-richard.purdie@linuxfoundation.org/]
-
-diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
-index f8f589e9fd..4fcf3af8d0 100644
---- a/target/ppc/insn32.decode
-+++ b/target/ppc/insn32.decode
-@@ -390,13 +390,19 @@ SETNBCR 011111 ..... ..... ----- 0111100000 - @X_bi
-
- ### Move To/From FPSCR
-
--MFFS 111111 ..... 00000 ----- 1001000111 . @X_t_rc
--MFFSCE 111111 ..... 00001 ----- 1001000111 - @X_t
--MFFSCRN 111111 ..... 10110 ..... 1001000111 - @X_tb
--MFFSCDRN 111111 ..... 10100 ..... 1001000111 - @X_tb
--MFFSCRNI 111111 ..... 10111 ---.. 1001000111 - @X_imm2
--MFFSCDRNI 111111 ..... 10101 --... 1001000111 - @X_imm3
--MFFSL 111111 ..... 11000 ----- 1001000111 - @X_t
-+{
-+ # Before Power ISA v3.0, MFFS bits 11~15 were reserved and should be ignored
-+ MFFS_ISA207 111111 ..... ----- ----- 1001000111 . @X_t_rc
-+ [
-+ MFFS 111111 ..... 00000 ----- 1001000111 . @X_t_rc
-+ MFFSCE 111111 ..... 00001 ----- 1001000111 - @X_t
-+ MFFSCRN 111111 ..... 10110 ..... 1001000111 - @X_tb
-+ MFFSCDRN 111111 ..... 10100 ..... 1001000111 - @X_tb
-+ MFFSCRNI 111111 ..... 10111 ---.. 1001000111 - @X_imm2
-+ MFFSCDRNI 111111 ..... 10101 --... 1001000111 - @X_imm3
-+ MFFSL 111111 ..... 11000 ----- 1001000111 - @X_t
-+ ]
-+}
-
- ### Decimal Floating-Point Arithmetic Instructions
-
-diff --git a/target/ppc/translate/fp-impl.c.inc b/target/ppc/translate/fp-impl.c.inc
-index 57d8437851..874774eade 100644
---- a/target/ppc/translate/fp-impl.c.inc
-+++ b/target/ppc/translate/fp-impl.c.inc
-@@ -568,6 +568,22 @@ static void store_fpscr_masked(TCGv_i64 fpscr, uint64_t clear_mask,
- gen_helper_store_fpscr(cpu_env, fpscr_masked, st_mask);
- }
-
-+static bool trans_MFFS_ISA207(DisasContext *ctx, arg_X_t_rc *a)
-+{
-+ if (!(ctx->insns_flags2 & PPC2_ISA300)) {
-+ /*
-+ * Before Power ISA v3.0, MFFS bits 11~15 were reserved, any instruction
-+ * with OPCD=63 and XO=583 should be decoded as MFFS.
-+ */
-+ return trans_MFFS(ctx, a);
-+ }
-+ /*
-+ * For Power ISA v3.0+, return false and let the pattern group
-+ * select the correct instruction.
-+ */
-+ return false;
-+}
-+
- static bool trans_MFFS(DisasContext *ctx, arg_X_t_rc *a)
- {
- REQUIRE_FPU(ctx);
-@@ -584,7 +600,6 @@ static bool trans_MFFSCE(DisasContext *ctx, arg_X_t *a)
- {
- TCGv_i64 fpscr;
-
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- gen_reset_fpstatus();
-@@ -597,7 +612,6 @@ static bool trans_MFFSCRN(DisasContext *ctx, arg_X_tb *a)
- {
- TCGv_i64 t1, fpscr;
-
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- t1 = tcg_temp_new_i64();
-@@ -614,7 +628,6 @@ static bool trans_MFFSCDRN(DisasContext *ctx, arg_X_tb *a)
- {
- TCGv_i64 t1, fpscr;
-
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- t1 = tcg_temp_new_i64();
-@@ -631,7 +644,6 @@ static bool trans_MFFSCRNI(DisasContext *ctx, arg_X_imm2 *a)
- {
- TCGv_i64 t1, fpscr;
-
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- t1 = tcg_temp_new_i64();
-@@ -647,7 +659,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a)
- {
- TCGv_i64 t1, fpscr;
-
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- t1 = tcg_temp_new_i64();
-@@ -661,7 +672,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a)
-
- static bool trans_MFFSL(DisasContext *ctx, arg_X_t *a)
- {
-- REQUIRE_INSNS_FLAGS2(ctx, ISA300);
- REQUIRE_FPU(ctx);
-
- gen_reset_fpstatus();
---
-2.39.2
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb
index 42e133967e..42e133967e 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb b/poky/meta/recipes-devtools/repo/repo_2.35.bb
index 1c5d1a08b3..d34c3db746 100644
--- a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb
+++ b/poky/meta/recipes-devtools/repo/repo_2.35.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRC_URI = "git://gerrit.googlesource.com/git-repo.git;protocol=https;branch=main \
file://0001-python3-shebang.patch \
"
-SRCREV = "945c006f406550add8a3cad32ada0791f5a15c53"
+SRCREV = "c657844efe40b97700c3654989bdbe3a33e409d7"
MIRRORS += "git://gerrit.googlesource.com/git-repo.git git://github.com/GerritCodeReview/git-repo.git"
diff --git a/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
new file mode 100644
index 0000000000..470dda1dcf
--- /dev/null
+++ b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
@@ -0,0 +1,51 @@
+From ea3187cfcf9cac87e5bc5e7db79b0338da9e355e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 26 Jun 2023 12:45:09 +0300
+Subject: [PATCH] Don't muck with per-process global sqlite configuration from
+ the db backend
+
+sqlite3_config() affects all in-process uses of sqlite. librpm being a
+low-level library, it has no business whatsoever making such decisions
+for the applications running on top of it. Besides that, the callback can
+easily end up pointing to an already closed database, causing an
+innocent API user to crash in librpm on an entirely unrelated error on
+some other database. "Oops."
+
+The sqlite API doesn't seem to provide any per-db or non-global context
+for logging errors, thus we can only remove the call and let sqlite output
+errors the way it pleases (print through stderr, presumably).
+
+Thanks to Jan Palus for spotting and reporting!
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ lib/backend/sqlite.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
+index 5a029d575a..b612732267 100644
+--- a/lib/backend/sqlite.c
++++ b/lib/backend/sqlite.c
+@@ -44,13 +44,6 @@ static void rpm_match3(sqlite3_context *sctx, int argc, sqlite3_value **argv)
+ sqlite3_result_int(sctx, match);
+ }
+
+-static void errCb(void *data, int err, const char *msg)
+-{
+- rpmdb rdb = data;
+- rpmlog(RPMLOG_WARNING, "%s: %s: %s\n",
+- rdb->db_descr, sqlite3_errstr(err), msg);
+-}
+-
+ static int dbiCursorReset(dbiCursor dbc)
+ {
+ if (dbc->stmt) {
+@@ -170,7 +163,6 @@ static int sqlite_init(rpmdb rdb, const char * dbhome)
+ * the "database is locked" errors at every cost
+ */
+ sqlite3_busy_timeout(sdb, 10000);
+- sqlite3_config(SQLITE_CONFIG_LOG, errCb, rdb);
+
+ sqlexec(sdb, "PRAGMA secure_delete = OFF");
+ sqlexec(sdb, "PRAGMA case_sensitive_like = ON");
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
index 83537d4761..95a9e92f96 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
@@ -39,6 +39,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc
file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
file://fix-declaration.patch \
+ file://ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch \
"
PE = "1"
diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 19574bcb1c..130581a785 100644
--- a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,9 +18,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
-# -16548 required for v3.1.3pre1. Already in v3.1.3.
-CVE_CHECK_IGNORE += " CVE-2017-16548 "
-
inherit autotools-brokensep
PACKAGECONFIG ??= "acl attr \
diff --git a/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch
new file mode 100644
index 0000000000..8e9da47761
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch
@@ -0,0 +1,2324 @@
+Rust testsuite outputs error even on a single testcase failure.
+Hence, some test runs are ignored as they fail with error messages.
+
+Upstream-Status: Inappropriate [Ignore the testcase that errors out]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+
+diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs
+index eb8e65a6d..6e65e8787 100644
+--- a/compiler/rustc_interface/src/tests.rs
++++ b/compiler/rustc_interface/src/tests.rs
+@@ -103,6 +103,7 @@ fn assert_non_crate_hash_different(x: &Options, y: &Options) {
+
+ // When the user supplies --test we should implicitly supply --cfg test
+ #[test]
++#[ignore]
+ fn test_switch_implies_cfg_test() {
+ rustc_span::create_default_session_globals_then(|| {
+ let matches = optgroups().parse(&["--test".to_string()]).unwrap();
+@@ -114,6 +115,7 @@ fn test_switch_implies_cfg_test() {
+
+ // When the user supplies --test and --cfg test, don't implicitly add another --cfg test
+ #[test]
++#[ignore]
+ fn test_switch_implies_cfg_test_unless_cfg_test() {
+ rustc_span::create_default_session_globals_then(|| {
+ let matches = optgroups().parse(&["--test".to_string(), "--cfg=test".to_string()]).unwrap();
+@@ -126,6 +128,7 @@ fn test_switch_implies_cfg_test_unless_cfg_test() {
+ }
+
+ #[test]
++#[ignore]
+ fn test_can_print_warnings() {
+ rustc_span::create_default_session_globals_then(|| {
+ let matches = optgroups().parse(&["-Awarnings".to_string()]).unwrap();
+diff --git a/library/test/src/stats/tests.rs b/library/test/src/stats/tests.rs
+index 3a6e8401b..8442a6b39 100644
+--- a/library/test/src/stats/tests.rs
++++ b/library/test/src/stats/tests.rs
+@@ -40,6 +40,7 @@ fn check(samples: &[f64], summ: &Summary) {
+ }
+
+ #[test]
++#[ignore]
+ fn test_min_max_nan() {
+ let xs = &[1.0, 2.0, f64::NAN, 3.0, 4.0];
+ let summary = Summary::new(xs);
+diff --git a/tests/assembly/asm/aarch64-outline-atomics.rs b/tests/assembly/asm/aarch64-outline-atomics.rs
+index c2ec4e911..150d23004 100644
+--- a/tests/assembly/asm/aarch64-outline-atomics.rs
++++ b/tests/assembly/asm/aarch64-outline-atomics.rs
+@@ -4,6 +4,7 @@
+ // needs-llvm-components: aarch64
+ // only-aarch64
+ // only-linux
++// ignore-stage1
+
+ #![crate_type = "rlib"]
+
+diff --git a/tests/codegen/abi-main-signature-32bit-c-int.rs b/tests/codegen/abi-main-signature-32bit-c-int.rs
+index 7f22ddcfc..ec84b72aa 100644
+--- a/tests/codegen/abi-main-signature-32bit-c-int.rs
++++ b/tests/codegen/abi-main-signature-32bit-c-int.rs
+@@ -3,6 +3,7 @@
+
+ // This test is for targets with 32bit c_int only.
+ // ignore-msp430
++// ignore-stage1
+
+ fn main() {
+ }
+diff --git a/tests/codegen/sse42-implies-crc32.rs b/tests/codegen/sse42-implies-crc32.rs
+index 47b1a8993..71e2d5ef7 100644
+--- a/tests/codegen/sse42-implies-crc32.rs
++++ b/tests/codegen/sse42-implies-crc32.rs
+@@ -1,5 +1,6 @@
+ // only-x86_64
+ // compile-flags: -Copt-level=3
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/thread-local.rs b/tests/codegen/thread-local.rs
+index 0f1b29ca7..b2b4fd2ff 100644
+--- a/tests/codegen/thread-local.rs
++++ b/tests/codegen/thread-local.rs
+@@ -5,6 +5,7 @@
+ // ignore-emscripten globals are used instead of thread locals
+ // ignore-android does not use #[thread_local]
+ // ignore-nto does not use #[thread_local]
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/uninit-consts.rs b/tests/codegen/uninit-consts.rs
+index 4c07740b3..dac5da866 100644
+--- a/tests/codegen/uninit-consts.rs
++++ b/tests/codegen/uninit-consts.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes
++// ignore-stage1
+
+ // Check that we use undef (and not zero) for uninitialized bytes in constants.
+
+diff --git a/tests/pretty/raw-str-nonexpr.rs b/tests/pretty/raw-str-nonexpr.rs
+index 12440b5ae..5b62d45ff 100644
+--- a/tests/pretty/raw-str-nonexpr.rs
++++ b/tests/pretty/raw-str-nonexpr.rs
+@@ -1,5 +1,6 @@
+ // needs-asm-support
+ // pp-exact
++// ignore-stage1
+
+ #[cfg(foo = r#"just parse this"#)]
+ extern crate blah as blah;
+diff --git a/tests/run-make/issue-36710/Makefile b/tests/run-make/issue-36710/Makefile
+index 7b91107a234..e404fcc3996 100644
+--- a/tests/run-make/issue-36710/Makefile
++++ b/tests/run-make/issue-36710/Makefile
+@@ -6,6 +6,7 @@
+ # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain
+ # (see dist-i586-gnu-i586-i686-musl Dockerfile)
+ # ignore-sgx
++# ignore-stage1
+
+ include ../tools.mk
+
+diff --git a/tests/rustdoc-ui/cfg-test.rs b/tests/rustdoc-ui/cfg-test.rs
+index d4ca92585..fceb2968d 100644
+--- a/tests/rustdoc-ui/cfg-test.rs
++++ b/tests/rustdoc-ui/cfg-test.rs
+@@ -5,6 +5,7 @@
+
+ // Crates like core have doctests gated on `cfg(not(test))` so we need to make
+ // sure `cfg(test)` is not active when running `rustdoc --test`.
++// ignore-stage1
+
+ /// this doctest will be ignored:
+ ///
+diff --git a/tests/rustdoc-ui/check-cfg-test.rs b/tests/rustdoc-ui/check-cfg-test.rs
+index 626cc8387..b0f9a1948 100644
+--- a/tests/rustdoc-ui/check-cfg-test.rs
++++ b/tests/rustdoc-ui/check-cfg-test.rs
+@@ -3,6 +3,7 @@
+ // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// The doctest will produce a warning because feature invalid is unexpected
+ /// ```
+diff --git a/tests/rustdoc-ui/display-output.rs b/tests/rustdoc-ui/display-output.rs
+index ec27a9f6b..61655fa6e 100644
+--- a/tests/rustdoc-ui/display-output.rs
++++ b/tests/rustdoc-ui/display-output.rs
+@@ -5,6 +5,7 @@
+ // compile-flags:--test --test-args=--show-output
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// #![warn(unused)]
+diff --git a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
+index 97259f782..50a155fba 100644
+--- a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
++++ b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
+@@ -3,6 +3,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ //! ```rust
+ //! #![deny(
+diff --git a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
+index b2a8133c9..ea064ba85 100644
+--- a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
++++ b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ /// ```
+ /// # #![cfg_attr(not(dox), deny(missing_abi,
+diff --git a/tests/rustdoc-ui/doc-test-doctest-feature.rs b/tests/rustdoc-ui/doc-test-doctest-feature.rs
+index 0b79aaece..8cef6d974 100644
+--- a/tests/rustdoc-ui/doc-test-doctest-feature.rs
++++ b/tests/rustdoc-ui/doc-test-doctest-feature.rs
+@@ -5,6 +5,7 @@
+
+ // Make sure `cfg(doctest)` is set when finding doctests but not inside
+ // the doctests.
++// ignore-stage1
+
+ /// ```
+ /// assert!(!cfg!(doctest));
+diff --git a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
+index bf334c67e..c372097bd 100644
+--- a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
++++ b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ #![feature(doc_cfg)]
+
+diff --git a/tests/rustdoc-ui/doctest-output.rs b/tests/rustdoc-ui/doctest-output.rs
+index 2670fa572..b4b612916 100644
+--- a/tests/rustdoc-ui/doctest-output.rs
++++ b/tests/rustdoc-ui/doctest-output.rs
+@@ -4,6 +4,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ //! ```
+ //! assert_eq!(1 + 1, 2);
+diff --git a/tests/rustdoc-ui/failed-doctest-compile-fail.rs b/tests/rustdoc-ui/failed-doctest-compile-fail.rs
+index 6f2ff5d70..2561ffdc3 100644
+--- a/tests/rustdoc-ui/failed-doctest-compile-fail.rs
++++ b/tests/rustdoc-ui/failed-doctest-compile-fail.rs
+@@ -5,6 +5,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // failure-status: 101
++// ignore-stage1
+
+ /// ```compile_fail
+ /// println!("Hello");
+diff --git a/tests/rustdoc-ui/issue-91134.rs b/tests/rustdoc-ui/issue-91134.rs
+index d2ff3a252..90e0816d2 100644
+--- a/tests/rustdoc-ui/issue-91134.rs
++++ b/tests/rustdoc-ui/issue-91134.rs
+@@ -4,6 +4,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // edition:2021
++// ignore-stage1
+
+ /// <https://github.com/rust-lang/rust/issues/91134>
+ ///
+diff --git a/tests/rustdoc-ui/nocapture.rs b/tests/rustdoc-ui/nocapture.rs
+index 321f5ca08..463751e48 100644
+--- a/tests/rustdoc-ui/nocapture.rs
++++ b/tests/rustdoc-ui/nocapture.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test -Zunstable-options --nocapture
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// println!("hello!");
+diff --git a/tests/rustdoc-ui/run-directory.rs b/tests/rustdoc-ui/run-directory.rs
+index 0d432c1e6..357e3ccc3 100644
+--- a/tests/rustdoc-ui/run-directory.rs
++++ b/tests/rustdoc-ui/run-directory.rs
+@@ -6,6 +6,7 @@
+ // [incorrect]compile-flags:--test --test-run-directory={{src-base}}/coverage
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// assert_eq!(
+diff --git a/tests/rustdoc-ui/test-no_std.rs b/tests/rustdoc-ui/test-no_std.rs
+index ee919985e..3e479bf6f 100644
+--- a/tests/rustdoc-ui/test-no_std.rs
++++ b/tests/rustdoc-ui/test-no_std.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ #![no_std]
+
+diff --git a/tests/rustdoc-ui/test-type.rs b/tests/rustdoc-ui/test-type.rs
+index 882da5c25..bc8e8e30f 100644
+--- a/tests/rustdoc-ui/test-type.rs
++++ b/tests/rustdoc-ui/test-type.rs
+@@ -2,6 +2,7 @@
+ // check-pass
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// let a = true;
+diff --git a/tests/ui-fulldeps/internal-lints/default_hash_types.rs b/tests/ui-fulldeps/internal-lints/default_hash_types.rs
+index 795c7d2dc..dc6b4f53f 100644
+--- a/tests/ui-fulldeps/internal-lints/default_hash_types.rs
++++ b/tests/ui-fulldeps/internal-lints/default_hash_types.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::default_hash_types)]
+diff --git a/tests/ui-fulldeps/internal-lints/diagnostics.rs b/tests/ui-fulldeps/internal-lints/diagnostics.rs
+index 643e81d99..2433228ef 100644
+--- a/tests/ui-fulldeps/internal-lints/diagnostics.rs
++++ b/tests/ui-fulldeps/internal-lints/diagnostics.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![feature(rustc_attrs)]
+diff --git a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
+index f6f0c0385..4523e2a6d 100644
+--- a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
++++ b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::lint_pass_impl_without_macro)]
+diff --git a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
+index 32b987338..6187e2370 100644
+--- a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
++++ b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::usage_of_qualified_ty)]
+diff --git a/tests/ui-fulldeps/internal-lints/query_stability.rs b/tests/ui-fulldeps/internal-lints/query_stability.rs
+index 560675b44..e7d5ba583 100644
+--- a/tests/ui-fulldeps/internal-lints/query_stability.rs
++++ b/tests/ui-fulldeps/internal-lints/query_stability.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::potential_query_instability)]
+diff --git a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
+index 10bab2d88..8e72c8b38 100644
+--- a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
++++ b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_attrs)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
+index 2cb1ed6fc..31b5a2131 100644
+--- a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
++++ b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
+index 7498745f2..28c00f2f8 100644
+--- a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
++++ b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
+@@ -1,6 +1,7 @@
+ // aux-build:lint-group-plugin-test.rs
+ // check-pass
+ // compile-flags: -D unused -A unused-variables
++// ignore-stage1
+
+ fn main() {
+ let x = 1;
+diff --git a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
+index fc19bc039..9563e9930 100644
+--- a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
++++ b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
+@@ -1,5 +1,6 @@
+ // aux-build:lint-group-plugin-test.rs
+ // compile-flags: -F unused -A unused
++// ignore-stage1
+
+ fn main() {
+ let x = 1;
+diff --git a/tests/ui-fulldeps/lint-pass-macros.rs b/tests/ui-fulldeps/lint-pass-macros.rs
+index b3c2a5427..9ed711a34 100644
+--- a/tests/ui-fulldeps/lint-pass-macros.rs
++++ b/tests/ui-fulldeps/lint-pass-macros.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: -Z unstable-options
+ // check-pass
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui/empty_global_asm.rs b/tests/ui/empty_global_asm.rs
+index af13762d1..e9a5433ff 100644
+--- a/tests/ui/empty_global_asm.rs
++++ b/tests/ui/empty_global_asm.rs
+@@ -1,5 +1,6 @@
+ // needs-asm-support
+ // run-pass
++// ignore-stage1
+
+ use std::arch::global_asm;
+
+diff --git a/tests/ui/linkage-attr/issue-10755.rs b/tests/ui/linkage-attr/issue-10755.rs
+index afd2dc46c..f0d4705e4 100644
+--- a/tests/ui/linkage-attr/issue-10755.rs
++++ b/tests/ui/linkage-attr/issue-10755.rs
+@@ -2,6 +2,7 @@
+ // dont-check-compiler-stderr
+ // compile-flags: -C linker=llllll -C linker-flavor=ld
+ // error-pattern: `llllll`
++// ignore-stage1
+
+ // Before, the error-pattern checked for "not found". On WSL with appendWindowsPath=true, running
+ // in invalid command returns a PermissionDenied instead.
+diff --git a/tests/ui/macros/restricted-shadowing-legacy.rs b/tests/ui/macros/restricted-shadowing-legacy.rs
+index f5cac2dfb..d84f8efd6 100644
+--- a/tests/ui/macros/restricted-shadowing-legacy.rs
++++ b/tests/ui/macros/restricted-shadowing-legacy.rs
+@@ -74,6 +74,7 @@
+ // 62 | Unordered | Unordered | = | +? |
+ // 63 | Unordered | Unordered | > | +? |
+ // 64 | Unordered | Unordered | Unordered | + |
++// ignore-stage1
+
+ #![feature(decl_macro, rustc_attrs)]
+
+diff --git a/tests/ui/process/nofile-limit.rs b/tests/ui/process/nofile-limit.rs
+index 3ddf8d6ef..316823fcc 100644
+--- a/tests/ui/process/nofile-limit.rs
++++ b/tests/ui/process/nofile-limit.rs
+@@ -3,6 +3,7 @@
+ // test for issue #96621.
+ //
+ // run-pass
++// ignore-stage1
+ // dont-check-compiler-stderr
+ // only-linux
+ // no-prefer-dynamic
+diff --git a/tests/ui/process/process-panic-after-fork.rs b/tests/ui/process/process-panic-after-fork.rs
+index 6d4d24922..f681526bd 100644
+--- a/tests/ui/process/process-panic-after-fork.rs
++++ b/tests/ui/process/process-panic-after-fork.rs
+@@ -6,6 +6,7 @@
+ // ignore-emscripten no processes
+ // ignore-sgx no processes
+ // ignore-fuchsia no fork
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![feature(never_type)]
+diff --git a/tests/ui/simd/target-feature-mixup.rs b/tests/ui/simd/target-feature-mixup.rs
+index 5dd163715..ab8b02f23 100644
+--- a/tests/ui/simd/target-feature-mixup.rs
++++ b/tests/ui/simd/target-feature-mixup.rs
+@@ -1,4 +1,6 @@
+ // run-pass
++// ignore-stage1
++
+ #![allow(unused_variables)]
+ #![allow(stable_features)]
+ #![allow(overflowing_literals)]
+diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
+index d6bd6945e15..a5794e3636a 100644
+--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
+@@ -3,6 +3,7 @@
+ // Test that accessing command line options by field access triggers a lint for those fields
+ // that have wrapper functions which should be used.
+
++// ignore-stage1
+ #![crate_type = "lib"]
+ #![feature(rustc_private)]
+ #![deny(rustc::bad_opt_access)]
+diff --git a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
+index a0a8114e0c5..29faed24e13 100644
+--- a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
++++ b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
+@@ -1,5 +1,6 @@
+ // rustc-env:CARGO_CRATE_NAME=rustc_dummy
+
++// ignore-stage1
+ #![feature(rustc_private)]
+ #![crate_type = "lib"]
+
+diff --git a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
+index ff764015dc7..8d0184b40f5 100644
+--- a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
++++ b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
+@@ -5,4 +5,5 @@
+ //
+ // Make sure that we don't explode with an error if we don't actually end up emitting any `dwo`s,
+ // as would be the case if we don't actually codegen anything.
++// ignore-stage1
+ #![crate_type="rlib"]
+diff --git a/tests/ui/drop/dynamic-drop.rs b/tests/ui/drop/dynamic-drop.rs
+index 9e51d3adaaa..296032acebb 100644
+--- a/tests/ui/drop/dynamic-drop.rs
++++ b/tests/ui/drop/dynamic-drop.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // needs-unwind
+
++// ignore-stage1
+ #![feature(generators, generator_trait)]
+
+ #![allow(unused_assignments)]
+diff --git a/src/bootstrap/builder/tests.rs b/src/bootstrap/builder/tests.rs
+index 3574f11189e..4f4698a25bd 100644
+--- a/src/bootstrap/builder/tests.rs
++++ b/src/bootstrap/builder/tests.rs
+@@ -76,6 +76,7 @@ macro_rules! rustc {
+ }
+
+ #[test]
++#[ignore]
+ fn test_valid() {
+ // make sure multi suite paths are accepted
+ check_cli(["test", "tests/ui/attr-start.rs", "tests/ui/attr-shebang.rs"]);
+@@ -104,6 +105,7 @@ fn test_intersection() {
+ }
+
+ #[test]
++#[ignore]
+ fn test_exclude() {
+ let mut config = configure("test", &["A"], &["A"]);
+ config.exclude = vec![TaskPath::parse("src/tools/tidy")];
+@@ -117,6 +119,7 @@ fn test_exclude() {
+ }
+
+ #[test]
++#[ignore]
+ fn test_exclude_kind() {
+ let path = PathBuf::from("src/tools/cargotest");
+ let exclude = TaskPath::parse("test::src/tools/cargotest");
+@@ -137,6 +140,7 @@ fn test_exclude_kind() {
+
+ /// Ensure that if someone passes both a single crate and `library`, all library crates get built.
+ #[test]
++#[ignore]
+ fn alias_and_path_for_library() {
+ let mut cache =
+ run_build(&["library".into(), "core".into()], configure("build", &["A"], &["A"]));
+@@ -153,6 +157,7 @@ mod defaults {
+ use pretty_assertions::assert_eq;
+
+ #[test]
++ #[ignore]
+ fn build_default() {
+ let mut cache = run_build(&[], configure("build", &["A"], &["A"]));
+
+@@ -173,6 +178,7 @@ fn build_default() {
+ }
+
+ #[test]
++ #[ignore]
+ fn build_stage_0() {
+ let config = Config { stage: 0, ..configure("build", &["A"], &["A"]) };
+ let mut cache = run_build(&[], config);
+@@ -190,6 +196,7 @@ fn build_stage_0() {
+ }
+
+ #[test]
++ #[ignore]
+ fn build_cross_compile() {
+ let config = Config { stage: 1, ..configure("build", &["A", "B"], &["A", "B"]) };
+ let mut cache = run_build(&[], config);
+@@ -233,6 +240,7 @@ fn build_cross_compile() {
+ }
+
+ #[test]
++ #[ignore]
+ fn doc_default() {
+ let mut config = configure("doc", &["A"], &["A"]);
+ config.compiler_docs = true;
+@@ -267,6 +275,7 @@ fn configure(host: &[&str], target: &[&str]) -> Config {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_baseline() {
+ let mut cache = run_build(&[], configure(&["A"], &["A"]));
+
+@@ -291,6 +300,7 @@ fn dist_baseline() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_with_targets() {
+ let mut cache = run_build(&[], configure(&["A"], &["A", "B"]));
+
+@@ -320,6 +330,7 @@ fn dist_with_targets() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_with_hosts() {
+ let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"]));
+
+@@ -362,6 +373,7 @@ fn dist_with_hosts() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_only_cross_host() {
+ let b = TargetSelection::from_user("B");
+ let mut config = configure(&["A", "B"], &["A", "B"]);
+@@ -381,6 +393,7 @@ fn dist_only_cross_host() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_with_targets_and_hosts() {
+ let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B", "C"]));
+
+@@ -415,6 +428,7 @@ fn dist_with_targets_and_hosts() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_with_empty_host() {
+ let config = configure(&[], &["C"]);
+ let mut cache = run_build(&[], config);
+@@ -431,6 +445,7 @@ fn dist_with_empty_host() {
+ }
+
+ #[test]
++ #[ignore]
+ fn dist_with_same_targets_and_hosts() {
+ let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"]));
+
+@@ -482,6 +497,7 @@ fn dist_with_same_targets_and_hosts() {
+ }
+
+ #[test]
++ #[ignore]
+ fn build_all() {
+ let build = Build::new(configure(&["A", "B"], &["A", "B", "C"]));
+ let mut builder = Builder::new(&build);
+@@ -515,6 +531,7 @@ fn build_all() {
+ }
+
+ #[test]
++ #[ignore]
+ fn build_with_empty_host() {
+ let config = configure(&[], &["C"]);
+ let build = Build::new(config);
+@@ -542,6 +559,7 @@ fn build_with_empty_host() {
+ }
+
+ #[test]
++ #[ignore]
+ fn test_with_no_doc_stage0() {
+ let mut config = configure(&["A"], &["A"]);
+ config.stage = 0;
+@@ -585,6 +603,7 @@ fn test_with_no_doc_stage0() {
+ }
+
+ #[test]
++ #[ignore]
+ fn doc_ci() {
+ let mut config = configure(&["A"], &["A"]);
+ config.compiler_docs = true;
+@@ -613,6 +632,7 @@ fn doc_ci() {
+ }
+
+ #[test]
++ #[ignore]
+ fn test_docs() {
+ // Behavior of `x.py test` doing various documentation tests.
+ let mut config = configure(&["A"], &["A"]);
+diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr
+--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-10 10:47:33.000000000 -0800
++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-20 03:49:06.575109271 -0800
+@@ -1,20 +1,11 @@
+-error: use `Session::split_debuginfo` instead of this field
+- --> $DIR/bad_opt_access.rs:14:13
++error[E0463]: can't find crate for `rustc_macros` which `rustc_session` depends on
++ --> $DIR/bad_opt_access.rs:10:1
+ |
+-LL | let _ = sess.opts.cg.split_debuginfo;
+- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
++LL | extern crate rustc_session;
++ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ can't find crate
+ |
+-note: the lint level is defined here
+- --> $DIR/bad_opt_access.rs:8:9
+- |
+-LL | #![deny(rustc::bad_opt_access)]
+- | ^^^^^^^^^^^^^^^^^^^^^
+-
+-error: use `Session::crate_types` instead of this field
+- --> $DIR/bad_opt_access.rs:17:13
+- |
+-LL | let _ = sess.opts.crate_types;
+- | ^^^^^^^^^^^^^^^^^^^^^
++ = help: maybe you need to install the missing components with: `rustup component add rust-src rustc-dev llvm-tools-preview`
+
+-error: aborting due to 2 previous errors
++error: aborting due to previous error
+
++For more information about this error, try `rustc --explain E0463`.
+diff --git a/tests/ui/process/process-sigpipe.rs b/tests/ui/process/process-sigpipe.rs
+--- a/tests/ui/process/process-sigpipe.rs 2023-01-10 10:47:33.000000000 -0800
++++ b/tests/ui/process/process-sigpipe.rs 2023-01-27 01:07:05.335718181 -0800
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ #![allow(unused_imports)]
+ #![allow(deprecated)]
+
+diff --git a/tests/run-make/static-pie/Makefile b/tests/run-make/static-pie/Makefile
+--- a/tests/run-make/static-pie/Makefile 2023-02-21 02:25:36.553233415 -0800
++++ b/tests/run-make/static-pie/Makefile 2023-02-21 02:19:45.848629908 -0800
+@@ -3,6 +3,7 @@ include ../../run-make-fulldeps/tools.mk
+ # only-x86_64
+ # only-linux
+ # ignore-32bit
++# ignore-stage1
+
+ # How to manually run this
+ # $ ./x.py test --target x86_64-unknown-linux-[musl,gnu] tests/run-make/static-pie
+diff --git a/tests/codegen/repr-transparent-aggregates-3.rs b/tests/codegen/repr-transparent-aggregates-3.rs
+index 0db17e6b13a..6e9cb7224c8 100644
+--- a/tests/codegen/repr-transparent-aggregates-3.rs
++++ b/tests/codegen/repr-transparent-aggregates-3.rs
+@@ -3,6 +3,7 @@
+
+ // only-mips64
+ // See repr-transparent.rs
++// ignore-stage1
+
+ #![feature(transparent_unions)]
+
+diff --git a/tests/codegen/abi-repr-ext.rs b/tests/codegen/abi-repr-ext.rs
+index 23ade3c7216..addd8a2ebdc 100644
+--- a/tests/codegen/abi-repr-ext.rs
++++ b/tests/codegen/abi-repr-ext.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O
++// ignore-stage1
+
+ // revisions:x86_64 i686 aarch64-apple aarch64-windows aarch64-linux arm riscv
+
+diff --git a/tests/codegen/abi-x86-interrupt.rs b/tests/codegen/abi-x86-interrupt.rs
+index 928ad5a9bbd..5185edaae40 100644
+--- a/tests/codegen/abi-x86-interrupt.rs
++++ b/tests/codegen/abi-x86-interrupt.rs
+@@ -4,6 +4,7 @@
+
+ // needs-llvm-components: x86
+ // compile-flags: -C no-prepopulate-passes --target=x86_64-unknown-linux-gnu -Copt-level=0
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![no_core]
+diff --git a/tests/codegen/branch-protection.rs b/tests/codegen/branch-protection.rs
+index 994c71b2619..5d83a29da74 100644
+--- a/tests/codegen/branch-protection.rs
++++ b/tests/codegen/branch-protection.rs
+@@ -7,6 +7,7 @@
+ // [LEAF] compile-flags: -Z branch-protection=pac-ret,leaf
+ // [BKEY] compile-flags: -Z branch-protection=pac-ret,b-key
+ // compile-flags: --target aarch64-unknown-linux-gnu
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![feature(no_core, lang_items)]
+diff --git a/tests/codegen/catch-unwind.rs b/tests/codegen/catch-unwind.rs
+index b90ef104ce7..12d5d1451a2 100644
+--- a/tests/codegen/catch-unwind.rs
++++ b/tests/codegen/catch-unwind.rs
+@@ -10,6 +10,7 @@
+ // ignore-riscv64 FIXME
+ // On s390x the closure is also in another function
+ // ignore-s390x FIXME
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![feature(c_unwind)]
+diff --git a/tests/codegen/cf-protection.rs b/tests/codegen/cf-protection.rs
+index ccbc863f571..f4281d87abf 100644
+--- a/tests/codegen/cf-protection.rs
++++ b/tests/codegen/cf-protection.rs
+@@ -8,6 +8,7 @@
+ // [return] compile-flags: -Z cf-protection=return
+ // [full] compile-flags: -Z cf-protection=full
+ // compile-flags: --target x86_64-unknown-linux-gnu
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![feature(no_core, lang_items)]
+diff --git a/tests/codegen/enum-bounds-check-derived-idx.rs b/tests/codegen/enum-bounds-check-derived-idx.rs
+index aa66c2ed08e..db6c87c7338 100644
+--- a/tests/codegen/enum-bounds-check-derived-idx.rs
++++ b/tests/codegen/enum-bounds-check-derived-idx.rs
+@@ -1,7 +1,7 @@
+ // This test checks an optimization that is not guaranteed to work. This test case should not block
+ // a future LLVM update.
+ // compile-flags: -O
+-
++// ignore-stage1
+ #![crate_type = "lib"]
+
+ pub enum Bar {
+diff --git a/tests/codegen/force-unwind-tables.rs b/tests/codegen/force-unwind-tables.rs
+index 4c0a5602c6d..d5faf190290 100644
+--- a/tests/codegen/force-unwind-tables.rs
++++ b/tests/codegen/force-unwind-tables.rs
+@@ -1,5 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -C force-unwind-tables=y
+-
++// ignore-stage1
+ #![crate_type="lib"]
+
+ // CHECK: attributes #{{.*}} uwtable
+diff --git a/tests/codegen/intrinsic-no-unnamed-attr.rs b/tests/codegen/intrinsic-no-unnamed-attr.rs
+index c8a8e0b3e7a..f779f5cc27e 100644
+--- a/tests/codegen/intrinsic-no-unnamed-attr.rs
++++ b/tests/codegen/intrinsic-no-unnamed-attr.rs
+@@ -1,5 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes
+-
++// ignore-stage1
+ #![feature(intrinsics)]
+
+ extern "rust-intrinsic" {
+diff --git a/tests/codegen/issues/issue-103840.rs b/tests/codegeni/issues/issue-103840.rs
+index f19d7031bb3..92408e75964 100644
+--- a/tests/codegen/issues/issue-103840.rs
++++ b/tests/codegen/issues/issue-103840.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: -O
+ #![crate_type = "lib"]
++// ignore-stage1
+
+ pub fn foo(t: &mut Vec<usize>) {
+ // CHECK-NOT: __rust_dealloc
+diff --git a/tests/codegen/issues/issue-47278.rs b/tests/codegen/issues/issue-47278.rs
+index 9076274f45e..de7203e139b 100644
+--- a/tests/codegen/issues/issue-47278.rs
++++ b/tests/codegen/issues/issue-47278.rs
+@@ -1,5 +1,6 @@
+ // -C no-prepopulate-passes
+ #![crate_type="staticlib"]
++// ignore-stage1
+
+ #[repr(C)]
+ pub struct Foo(u64);
+diff --git a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
+index 1ad05906e21..8df862aeee5 100644
+--- a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
++++ b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
+@@ -2,6 +2,7 @@
+ // index is part of a (x | y) < C style condition
+
+ // compile-flags: -O
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/lifetime_start_end.rs b/tests/codegen/lifetime_start_end.rs
+index 471a0b8cedd..356650de0c1 100644
+--- a/tests/codegen/lifetime_start_end.rs
++++ b/tests/codegen/lifetime_start_end.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O -C no-prepopulate-passes -Zmir-opt-level=0
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/local-generics-in-exe-internalized.rs b/tests/codegen/local-generics-in-exe-internalized.rs
+index 449c5ca75fc..746a7ed1b6f 100644
+--- a/tests/codegen/local-generics-in-exe-internalized.rs
++++ b/tests/codegen/local-generics-in-exe-internalized.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -Zshare-generics=yes
++// ignore-stage1
+
+ // Check that local generics are internalized if they are in the same CGU
+
+diff --git a/tests/codegen/match-unoptimized.rs b/tests/codegen/match-unoptimized.rs
+index 78ea4f9b409..23b2c62bd38 100644
+--- a/tests/codegen/match-unoptimized.rs
++++ b/tests/codegen/match-unoptimized.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -Copt-level=0
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/noalias-rwlockreadguard.rs b/tests/codegen/noalias-rwlockreadguard.rs
+index 7f7b46c85a8..a32910da3e7 100644
+--- a/tests/codegen/noalias-rwlockreadguard.rs
++++ b/tests/codegen/noalias-rwlockreadguard.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O -C no-prepopulate-passes -Z mutable-noalias=yes
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/non-terminate/nonempty-infinite-loop.rs b/tests/codegen/non-terminate/nonempty-infinite-loop.rs
+index 5e25e04fc24..fce094f7efd 100644
+--- a/tests/codegen/non-terminate/nonempty-infinite-loop.rs
++++ b/tests/codegen/non-terminate/nonempty-infinite-loop.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C opt-level=3
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/noreturn-uninhabited.rs b/tests/codegen/noreturn-uninhabited.rs
+index 49f93cf62c7..2da42faeabd 100644
+--- a/tests/codegen/noreturn-uninhabited.rs
++++ b/tests/codegen/noreturn-uninhabited.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -g -C no-prepopulate-passes
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/rustdoc/async-move-doctest.rs b/tests/rustdoc/async-move-doctest.rs
+index 2ba61388c9e..402c5bbaaf7 100644
+--- a/tests/rustdoc/async-move-doctest.rs
++++ b/tests/rustdoc/async-move-doctest.rs
+@@ -1,5 +1,6 @@
+ // compile-flags:--test
+ // edition:2018
++// ignore-stage1
+
+ // Prior to setting the default edition for the doctest pre-parser,
+ // this doctest would fail due to a fatal parsing error.
+diff --git a/tests/rustdoc/async-trait.rs b/tests/rustdoc/async-trait.rs
+index a473e467473..df3be5adc17 100644
+--- a/tests/rustdoc/async-trait.rs
++++ b/tests/rustdoc/async-trait.rs
+@@ -1,5 +1,6 @@
+ // aux-build:async-trait-dep.rs
+ // edition:2021
++// ignore-stage1
+
+ #![feature(async_fn_in_trait)]
+ #![allow(incomplete_features)]
+diff --git a/tests/rustdoc/check-source-code-urls-to-def.rs b/tests/rustdoc/check-source-code-urls-to-def.rs
+index 41b9d41fa44..0805a07a0c9 100644
+--- a/tests/rustdoc/check-source-code-urls-to-def.rs
++++ b/tests/rustdoc/check-source-code-urls-to-def.rs
+@@ -1,6 +1,7 @@
+ // compile-flags: -Zunstable-options --generate-link-to-definition
+ // aux-build:source_code.rs
+ // build-aux-docs
++// ignore-stage1
+
+ #![feature(rustc_attrs)]
+
+diff --git a/tests/rustdoc/comment-in-doctest.rs b/tests/rustdoc/comment-in-doctest.rs
+index 5691d173569..a57c0e1f3bd 100644
+--- a/tests/rustdoc/comment-in-doctest.rs
++++ b/tests/rustdoc/comment-in-doctest.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ // comments, both doc comments and regular ones, used to trick rustdoc's doctest parser into
+ // thinking that everything after it was part of the regular program. combined with the librustc_ast
+diff --git a/tests/rustdoc/const-generics/const-generics-docs.rs b/tests/rustdoc/const-generics/const-generics-docs.rs
+index 828486a41d4..02a934996f8 100644
+--- a/tests/rustdoc/const-generics/const-generics-docs.rs
++++ b/tests/rustdoc/const-generics/const-generics-docs.rs
+@@ -1,5 +1,7 @@
+ // edition:2018
+ // aux-build: extern_crate.rs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+
+ extern crate extern_crate;
+diff --git a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
+index d02bc4fe712..6f432da06bf 100644
+--- a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
++++ b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
+@@ -1,5 +1,6 @@
+ // Regression test for issue #95717
+ // Hide cross-crate `#[doc(hidden)]` associated items in trait impls.
++// ignore-stage1
+
+ #![crate_name = "dependent"]
+ // edition:2021
+diff --git a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
+index eb2ced2f7f4..08a6f8b27f3 100644
+--- a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
++++ b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
+@@ -1,4 +1,6 @@
+ // Issue #86448: test for cross-crate `doc(hidden)`
++// ignore-stage1
++
+ #![crate_name = "foo"]
+
+ // aux-build:cross-crate-hidden-impl-parameter.rs
+diff --git a/tests/rustdoc/cross-crate-links.rs b/tests/rustdoc/cross-crate-links.rs
+index 7c736a4cc11..a0be9a367c6 100644
+--- a/tests/rustdoc/cross-crate-links.rs
++++ b/tests/rustdoc/cross-crate-links.rs
+@@ -1,5 +1,6 @@
+ // aux-build:all-item-types.rs
+ // build-aux-docs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/cross-crate-primitive-doc.rs b/tests/rustdoc/cross-crate-primitive-doc.rs
+index 4ba296ee04a..51fa62ffb53 100644
+--- a/tests/rustdoc/cross-crate-primitive-doc.rs
++++ b/tests/rustdoc/cross-crate-primitive-doc.rs
+@@ -1,6 +1,7 @@
+ // aux-build:primitive-doc.rs
+ // compile-flags: --extern-html-root-url=primitive_doc=../ -Z unstable-options
+ // only-linux
++// ignore-stage1
+
+ #![feature(no_core)]
+ #![no_core]
+diff --git a/tests/rustdoc/doctest-manual-crate-name.rs b/tests/rustdoc/doctest-manual-crate-name.rs
+index 3a5e3734e14..2b4b19b4708 100644
+--- a/tests/rustdoc/doctest-manual-crate-name.rs
++++ b/tests/rustdoc/doctest-manual-crate-name.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ //! ```
+ //! #![crate_name="asdf"]
+diff --git a/tests/rustdoc/edition-doctest.rs b/tests/rustdoc/edition-doctest.rs
+index 6de25996bed..4acb562a29c 100644
+--- a/tests/rustdoc/edition-doctest.rs
++++ b/tests/rustdoc/edition-doctest.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ /// ```rust,edition2018
+ /// #![feature(try_blocks)]
+diff --git a/tests/rustdoc/edition-flag.rs b/tests/rustdoc/edition-flag.rs
+index e54c7d2969b..4cee5e1a3cf 100644
+--- a/tests/rustdoc/edition-flag.rs
++++ b/tests/rustdoc/edition-flag.rs
+@@ -1,5 +1,6 @@
+ // compile-flags:--test
+ // edition:2018
++// ignore-stage1
+
+ /// ```rust
+ /// fn main() {
+diff --git a/tests/rustdoc/elided-lifetime.rs b/tests/rustdoc/elided-lifetime.rs
+index 006132ef8aa..75ac6496dfb 100644
+--- a/tests/rustdoc/elided-lifetime.rs
++++ b/tests/rustdoc/elided-lifetime.rs
+@@ -4,6 +4,7 @@
+ //
+ // Since Rust 2018 we encourage writing out <'_> explicitly to make it clear
+ // that borrowing is occurring. Make sure rustdoc is following the same idiom.
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/extern-html-root-url.rs b/tests/rustdoc/extern-html-root-url.rs
+index 17eedcf2ab8..429bf78b9d5 100644
+--- a/tests/rustdoc/extern-html-root-url.rs
++++ b/tests/rustdoc/extern-html-root-url.rs
+@@ -2,6 +2,7 @@
+ // aux-build:html_root.rs
+ // aux-build:no_html_root.rs
+ // NOTE: intentionally does not build any auxiliary docs
++// ignore-stage1
+
+ extern crate html_root;
+ extern crate no_html_root;
+diff --git a/tests/rustdoc/extern-impl-trait.rs b/tests/rustdoc/extern-impl-trait.rs
+index 8ab026afd1b..c47d6802211 100644
+--- a/tests/rustdoc/extern-impl-trait.rs
++++ b/tests/rustdoc/extern-impl-trait.rs
+@@ -1,4 +1,5 @@
+ // aux-build:extern-impl-trait.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/external-macro-src.rs b/tests/rustdoc/external-macro-src.rs
+index 359551ab78d..86499a0bf2e 100644
+--- a/tests/rustdoc/external-macro-src.rs
++++ b/tests/rustdoc/external-macro-src.rs
+@@ -1,4 +1,5 @@
+ // aux-build:external-macro-src.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/hide-unstable-trait.rs b/tests/rustdoc/hide-unstable-trait.rs
+index 0bf7cabc43b..9ceeccfead8 100644
+--- a/tests/rustdoc/hide-unstable-trait.rs
++++ b/tests/rustdoc/hide-unstable-trait.rs
+@@ -1,4 +1,5 @@
+ // aux-build:unstable-trait.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+ #![feature(private_trait)]
+diff --git a/tests/rustdoc/inline_cross/add-docs.rs b/tests/rustdoc/inline_cross/add-docs.rs
+index a1124d2094c..a11b866647d 100644
+--- a/tests/rustdoc/inline_cross/add-docs.rs
++++ b/tests/rustdoc/inline_cross/add-docs.rs
+@@ -1,4 +1,5 @@
+ // aux-build:add-docs.rs
++// ignore-stage1
+
+ extern crate inner;
+
+diff --git a/tests/rustdoc/inline_cross/default-trait-method.rs b/tests/rustdoc/inline_cross/default-trait-method.rs
+index a4ec73a127d..8db38c99791 100644
+--- a/tests/rustdoc/inline_cross/default-trait-method.rs
++++ b/tests/rustdoc/inline_cross/default-trait-method.rs
+@@ -1,4 +1,5 @@
+ // aux-build:default-trait-method.rs
++// ignore-stage1
+
+ extern crate foo;
+
+diff --git a/tests/rustdoc/inline_cross/impl_trait.rs b/tests/rustdoc/inline_cross/impl_trait.rs
+index b6a1552bc00..85377b19e0d 100644
+--- a/tests/rustdoc/inline_cross/impl_trait.rs
++++ b/tests/rustdoc/inline_cross/impl_trait.rs
+@@ -1,5 +1,6 @@
+ // aux-build:impl_trait_aux.rs
+ // edition:2018
++// ignore-stage1
+
+ extern crate impl_trait_aux;
+
+diff --git a/tests/rustdoc/inline_cross/issue-24183.rs b/tests/rustdoc/inline_cross/issue-24183.rs
+index 751a32385e8..d25211cb2b0 100644
+--- a/tests/rustdoc/inline_cross/issue-24183.rs
++++ b/tests/rustdoc/inline_cross/issue-24183.rs
+@@ -1,5 +1,6 @@
+ #![crate_type = "lib"]
+ #![crate_name = "usr"]
++// ignore-stage1
+
+ // aux-crate:issue_24183=issue-24183.rs
+ // edition: 2021
+diff --git a/tests/rustdoc/inline_cross/macros.rs b/tests/rustdoc/inline_cross/macros.rs
+index a41b9c5b197..1b4bccee176 100644
+--- a/tests/rustdoc/inline_cross/macros.rs
++++ b/tests/rustdoc/inline_cross/macros.rs
+@@ -1,5 +1,6 @@
+ // aux-build:macros.rs
+ // build-aux-docs
++// ignore-stage1
+
+ #![feature(macro_test)]
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/inline_cross/trait-vis.rs b/tests/rustdoc/inline_cross/trait-vis.rs
+index b646babacc5..b77e966afe3 100644
+--- a/tests/rustdoc/inline_cross/trait-vis.rs
++++ b/tests/rustdoc/inline_cross/trait-vis.rs
+@@ -1,4 +1,5 @@
+ // aux-build:trait-vis.rs
++// ignore-stage1
+
+ extern crate inner;
+
+diff --git a/tests/rustdoc/inline_cross/use_crate.rs b/tests/rustdoc/inline_cross/use_crate.rs
+index 00e0f041c56..c5bf6010d93 100644
+--- a/tests/rustdoc/inline_cross/use_crate.rs
++++ b/tests/rustdoc/inline_cross/use_crate.rs
+@@ -3,6 +3,7 @@
+ // build-aux-docs
+ // edition:2018
+ // compile-flags:--extern use_crate --extern use_crate_2
++// ignore-stage1
+
+ // During the buildup to Rust 2018, rustdoc would eagerly inline `pub use some_crate;` as if it
+ // were a module, so we changed it to make `pub use`ing crate roots remain as a `pub use` statement
+diff --git a/tests/rustdoc/intra-doc-crate/self.rs b/tests/rustdoc/intra-doc-crate/self.rs
+index 8c36a7fa002..848e17a18a1 100644
+--- a/tests/rustdoc/intra-doc-crate/self.rs
++++ b/tests/rustdoc/intra-doc-crate/self.rs
+@@ -1,5 +1,6 @@
+ // aux-build:self.rs
+ // build-aux-docs
++// ignore-stage1
+
+ extern crate cross_crate_self;
+
+diff --git a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
+index e52fb9b1c9f..765ad78fb4d 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
+@@ -1,5 +1,7 @@
+ // aux-build:additional_doc.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ extern crate my_rand;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/basic.rs b/tests/rustdoc/intra-doc/cross-crate/basic.rs
+index ad7454918b4..a959a15a672 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/basic.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/basic.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-doc-basic.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ // from https://github.com/rust-lang/rust/issues/65983
+diff --git a/tests/rustdoc/intra-doc/cross-crate/crate.rs b/tests/rustdoc/intra-doc/cross-crate/crate.rs
+index edf544708b6..735847bcbb5 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/crate.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/crate.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-link-cross-crate-crate.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![crate_name = "outer"]
+ extern crate inner;
+ // @has outer/fn.f.html '//a[@href="../inner/fn.g.html"]' "crate::g"
+diff --git a/tests/rustdoc/intra-doc/cross-crate/hidden.rs b/tests/rustdoc/intra-doc/cross-crate/hidden.rs
+index 4f7d075ba48..d7ffed2d19d 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/hidden.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/hidden.rs
+@@ -1,5 +1,7 @@
+ // aux-build:hidden.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ // tests https://github.com/rust-lang/rust/issues/73363
+diff --git a/tests/rustdoc/intra-doc/cross-crate/macro.rs b/tests/rustdoc/intra-doc/cross-crate/macro.rs
+index 32f0a55d3c6..31add14b3b6 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/macro.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/macro.rs
+@@ -1,6 +1,8 @@
+ // aux-build:macro_inner.rs
+ // aux-build:proc_macro.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ extern crate macro_inner;
+ extern crate proc_macro_inner;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/module.rs b/tests/rustdoc/intra-doc/cross-crate/module.rs
+index fde9322657d..72e55a83007 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/module.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/module.rs
+@@ -1,6 +1,8 @@
+ // outer.rs
+ // aux-build: module.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ extern crate module_inner;
+ // @has 'module/bar/index.html' '//a[@href="../../module_inner/trait.SomeTrait.html"]' 'SomeTrait'
+diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
+index 577fe78a508..1da901cd8b8 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
+@@ -1,5 +1,7 @@
+ // aux-build:submodule-inner.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ extern crate a;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
+index d0c0b7e85ae..39c42c5a684 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
+@@ -1,5 +1,7 @@
+ // aux-build:submodule-outer.rs
+ // edition:2018
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ extern crate bar as bar_;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/traits.rs b/tests/rustdoc/intra-doc/cross-crate/traits.rs
+index 7b9554bfdb0..0417a5f4537 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/traits.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/traits.rs
+@@ -1,5 +1,7 @@
+ // aux-build:traits.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+ extern crate inner;
+diff --git a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
+index 7bb1ded3f3c..994ece708ca 100644
+--- a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
++++ b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
+@@ -1,6 +1,7 @@
+ // Reexport of a structure that derefs to a type with lang item impls having doc links in their
+ // comments. The doc link points to an associated item, so we check that traits in scope for that
+ // link are populated.
++// ignore-stage1
+
+ // aux-build:extern-builtin-type-impl-dep.rs
+
+diff --git a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
+index ad50887e922..69d5aa1717a 100644
+--- a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
++++ b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
+@@ -7,6 +7,7 @@
+ // aux-crate:priv:empty2=empty2.rs
+ // build-aux-docs
+ // compile-flags:-Z unstable-options --edition 2018
++// ignore-stage1
+
+ // @has extern_crate_only_used_in_link/index.html
+ // @has - '//a[@href="../issue_66159_1/struct.Something.html"]' 'issue_66159_1::Something'
+diff --git a/tests/rustdoc/intra-doc/extern-crate.rs b/tests/rustdoc/intra-doc/extern-crate.rs
+index 4e4438dea03..b6793531515 100644
+--- a/tests/rustdoc/intra-doc/extern-crate.rs
++++ b/tests/rustdoc/intra-doc/extern-crate.rs
+@@ -3,6 +3,7 @@
+ // When loading `extern crate` statements, we would pull in their docs at the same time, even
+ // though they would never actually get displayed. This tripped intra-doc-link resolution failures,
+ // for items that aren't under our control, and not actually getting documented!
++// ignore-stage1
+
+ #![deny(rustdoc::broken_intra_doc_links)]
+
+diff --git a/tests/rustdoc/intra-doc/extern-inherent-impl.rs b/tests/rustdoc/intra-doc/extern-inherent-impl.rs
+index 2e41c2214f4..8851071adbd 100644
+--- a/tests/rustdoc/intra-doc/extern-inherent-impl.rs
++++ b/tests/rustdoc/intra-doc/extern-inherent-impl.rs
+@@ -1,5 +1,6 @@
+ // Reexport of a structure with public inherent impls having doc links in their comments. The doc
+ // link points to an associated item, so we check that traits in scope for that link are populated.
++// ignore-stage1
+
+ // aux-build:extern-inherent-impl-dep.rs
+
+diff --git a/tests/rustdoc/intra-doc/extern-reference-link.rs b/tests/rustdoc/intra-doc/extern-reference-link.rs
+index bad6ec75579..43cf0c23e8b 100644
+--- a/tests/rustdoc/intra-doc/extern-reference-link.rs
++++ b/tests/rustdoc/intra-doc/extern-reference-link.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: --extern pub_struct
+ // aux-build:pub-struct.rs
++// ignore-stage1
+
+ /// [SomeStruct]
+ ///
+diff --git a/tests/rustdoc/intra-doc/issue-103463.rs b/tests/rustdoc/intra-doc/issue-103463.rs
+index 4adf8a9a8a4..3b965529577 100644
+--- a/tests/rustdoc/intra-doc/issue-103463.rs
++++ b/tests/rustdoc/intra-doc/issue-103463.rs
+@@ -1,6 +1,7 @@
+ // The `Trait` is not pulled into the crate resulting in doc links in its methods being resolved.
+
+ // aux-build:issue-103463-aux.rs
++// ignore-stage1
+
+ extern crate issue_103463_aux;
+ use issue_103463_aux::Trait;
+diff --git a/tests/rustdoc/intra-doc/issue-104145.rs b/tests/rustdoc/intra-doc/issue-104145.rs
+index 9ce36740d60..74c790ddd45 100644
+--- a/tests/rustdoc/intra-doc/issue-104145.rs
++++ b/tests/rustdoc/intra-doc/issue-104145.rs
+@@ -1,6 +1,7 @@
+ // Doc links in `Trait`'s methods are resolved because it has a local impl.
+
+ // aux-build:issue-103463-aux.rs
++// ignore-stage1
+
+ extern crate issue_103463_aux;
+ use issue_103463_aux::Trait;
+diff --git a/tests/rustdoc/intra-doc/issue-66159.rs b/tests/rustdoc/intra-doc/issue-66159.rs
+index 56742b39790..64ef5f3d07c 100644
+--- a/tests/rustdoc/intra-doc/issue-66159.rs
++++ b/tests/rustdoc/intra-doc/issue-66159.rs
+@@ -1,5 +1,6 @@
+ // aux-crate:priv:pub_struct=pub-struct.rs
+ // compile-flags:-Z unstable-options
++// ignore-stage1
+
+ // The issue was an ICE which meant that we never actually generated the docs
+ // so if we have generated the docs, we're okay.
+diff --git a/tests/rustdoc/intra-doc/pub-use.rs b/tests/rustdoc/intra-doc/pub-use.rs
+index 8a998496cf5..26109bc52fc 100644
+--- a/tests/rustdoc/intra-doc/pub-use.rs
++++ b/tests/rustdoc/intra-doc/pub-use.rs
+@@ -1,4 +1,5 @@
+ // aux-build: intra-link-pub-use.rs
++// ignore-stage1
+ #![deny(rustdoc::broken_intra_doc_links)]
+ #![crate_name = "outer"]
+
+diff --git a/tests/rustdoc/intra-doc/reexport-additional-docs.rs b/tests/rustdoc/intra-doc/reexport-additional-docs.rs
+index 64683bacd65..6ed63e4dd26 100644
+--- a/tests/rustdoc/intra-doc/reexport-additional-docs.rs
++++ b/tests/rustdoc/intra-doc/reexport-additional-docs.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-link-reexport-additional-docs.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+ extern crate inner;
+
+diff --git a/tests/rustdoc/issue-18199.rs b/tests/rustdoc/issue-18199.rs
+index bc0c4a56502..1995fd2ec7d 100644
+--- a/tests/rustdoc/issue-18199.rs
++++ b/tests/rustdoc/issue-18199.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ #![doc(test(attr(feature(staged_api))))]
+
+diff --git a/tests/rustdoc/issue-23106.rs b/tests/rustdoc/issue-23106.rs
+index 8cda2fc3380..e7b5c1e28c5 100644
+--- a/tests/rustdoc/issue-23106.rs
++++ b/tests/rustdoc/issue-23106.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ /// ```
+ /// #
+diff --git a/tests/rustdoc/issue-23744.rs b/tests/rustdoc/issue-23744.rs
+index 642817396b2..780b131a842 100644
+--- a/tests/rustdoc/issue-23744.rs
++++ b/tests/rustdoc/issue-23744.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ /// Example of rustdoc incorrectly parsing <code>```rust,should_panic</code>.
+ ///
+diff --git a/tests/rustdoc/issue-25944.rs b/tests/rustdoc/issue-25944.rs
+index 49625294bbe..b6df4518de4 100644
+--- a/tests/rustdoc/issue-25944.rs
++++ b/tests/rustdoc/issue-25944.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ /// ```
+ /// let a = r#"
+diff --git a/tests/rustdoc/issue-30252.rs b/tests/rustdoc/issue-30252.rs
+index c3777362a66..a80f92dc754 100644
+--- a/tests/rustdoc/issue-30252.rs
++++ b/tests/rustdoc/issue-30252.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test --cfg feature="bar"
++// ignore-stage1
+
+ /// ```rust
+ /// assert_eq!(cfg!(feature = "bar"), true);
+diff --git a/tests/rustdoc/issue-38129.rs b/tests/rustdoc/issue-38129.rs
+index 156d50fa52a..60ab5dd1885 100644
+--- a/tests/rustdoc/issue-38129.rs
++++ b/tests/rustdoc/issue-38129.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ // This file tests the source-partitioning behavior of rustdoc.
+ // Each test contains some code that should be put into the generated
+diff --git a/tests/rustdoc/issue-40936.rs b/tests/rustdoc/issue-40936.rs
+index 4d2e4c17b1f..8dcfc4068d3 100644
+--- a/tests/rustdoc/issue-40936.rs
++++ b/tests/rustdoc/issue-40936.rs
+@@ -1,5 +1,6 @@
+ // aux-build:issue-40936.rs
+ // build-aux-docs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/issue-43153.rs b/tests/rustdoc/issue-43153.rs
+index 0fe680f10af..8c67d64826a 100644
+--- a/tests/rustdoc/issue-43153.rs
++++ b/tests/rustdoc/issue-43153.rs
+@@ -1,5 +1,6 @@
+ // Test that `include!` in a doc test searches relative to the directory in
+ // which the test is declared.
++// ignore-stage1
+
+ // compile-flags:--test
+
+diff --git a/tests/rustdoc/issue-46727.rs b/tests/rustdoc/issue-46727.rs
+index 8cfc4827a7f..55f155e0219 100644
+--- a/tests/rustdoc/issue-46727.rs
++++ b/tests/rustdoc/issue-46727.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-46727.rs
++// ignore-stage1
+
+ extern crate issue_46727;
+
+diff --git a/tests/rustdoc/issue-48377.rs b/tests/rustdoc/issue-48377.rs
+index c32bcf380ea..c196b77a3e7 100644
+--- a/tests/rustdoc/issue-48377.rs
++++ b/tests/rustdoc/issue-48377.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ //! This is a doc comment
+ //!
+diff --git a/tests/rustdoc/issue-48414.rs b/tests/rustdoc/issue-48414.rs
+index b35743d887b..e8ade910228 100644
+--- a/tests/rustdoc/issue-48414.rs
++++ b/tests/rustdoc/issue-48414.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-48414.rs
++// ignore-stage1
+
+ // ICE when resolving paths for a trait that linked to another trait, when both were in an external
+ // crate
+diff --git a/tests/rustdoc/issue-53689.rs b/tests/rustdoc/issue-53689.rs
+index 832140e061b..9a40ea6bc1b 100644
+--- a/tests/rustdoc/issue-53689.rs
++++ b/tests/rustdoc/issue-53689.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-53689.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/issue-54478-demo-allocator.rs b/tests/rustdoc/issue-54478-demo-allocator.rs
+index 4811f363bc9..f4d12f6f630 100644
+--- a/tests/rustdoc/issue-54478-demo-allocator.rs
++++ b/tests/rustdoc/issue-54478-demo-allocator.rs
+@@ -1,5 +1,6 @@
+ // Issue #54478: regression test showing that we can demonstrate
+ // `#[global_allocator]` in code blocks built by `rustdoc`.
++// ignore-stage1
+ //
+ // ## Background
+ //
+@@ -11,6 +12,7 @@
+ // Rather than try to revise the visbility semanics, we instead
+ // decided to change `rustdoc` to behave more like the compiler's
+ // default setting, by leaving off `-C prefer-dynamic`.
++// ignore-stage1
+
+ // compile-flags:--test
+
+diff --git a/tests/rustdoc/issue-57180.rs b/tests/rustdoc/issue-57180.rs
+index 14bd2b0fec0..5f89e5d42f5 100644
+--- a/tests/rustdoc/issue-57180.rs
++++ b/tests/rustdoc/issue-57180.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-57180.rs
++// ignore-stage1
+
+ extern crate issue_57180;
+ use issue_57180::Trait;
+diff --git a/tests/rustdoc/issue-61592.rs b/tests/rustdoc/issue-61592.rs
+index 4b6c37b94aa..048487390bb 100644
+--- a/tests/rustdoc/issue-61592.rs
++++ b/tests/rustdoc/issue-61592.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-61592.rs
++// ignore-stage1
+
+ extern crate foo;
+
+diff --git a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
+index 2700f2370ee..d883c03d7d2 100644
+--- a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
++++ b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
+@@ -1,4 +1,5 @@
+ // Regression test for ICE #73061
++// ignore-stage1
+
+ // aux-build:issue-73061.rs
+
+diff --git a/tests/rustdoc/issue-75588.rs b/tests/rustdoc/issue-75588.rs
+index 3b11059a755..e78cdfa236e 100644
+--- a/tests/rustdoc/issue-75588.rs
++++ b/tests/rustdoc/issue-75588.rs
+@@ -1,5 +1,6 @@
+ // aux-build:realcore.rs
+ // aux-build:real_gimli.rs
++// ignore-stage1
+
+ // Ensure unstably exported traits have their Implementors sections.
+
+diff --git a/tests/rustdoc/issue-85454.rs b/tests/rustdoc/issue-85454.rs
+index 5a49a9d0651..fd2f4f8b535 100644
+--- a/tests/rustdoc/issue-85454.rs
++++ b/tests/rustdoc/issue-85454.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-85454.rs
++// ignore-stage1
+ // build-aux-docs
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/issue-86620.rs b/tests/rustdoc/issue-86620.rs
+index ef15946ec50..675a12b4d14 100644
+--- a/tests/rustdoc/issue-86620.rs
++++ b/tests/rustdoc/issue-86620.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-86620-1.rs
++// ignore-stage1
+
+ extern crate issue_86620_1;
+
+diff --git a/tests/rustdoc/macro_pub_in_module.rs b/tests/rustdoc/macro_pub_in_module.rs
+index 42f760cff6a..1a51aef9a8a 100644
+--- a/tests/rustdoc/macro_pub_in_module.rs
++++ b/tests/rustdoc/macro_pub_in_module.rs
+@@ -1,5 +1,6 @@
+ // aux-build:macro_pub_in_module.rs
+ // edition:2018
++// ignore-stage1
+ // build-aux-docs
+
+ //! See issue #74355
+diff --git a/tests/rustdoc/masked.rs b/tests/rustdoc/masked.rs
+index 875c026fd05..416d8fbabd0 100644
+--- a/tests/rustdoc/masked.rs
++++ b/tests/rustdoc/masked.rs
+@@ -1,4 +1,5 @@
+ // aux-build:masked.rs
++// ignore-stage1
+
+ #![feature(doc_masked)]
+
+diff --git a/tests/rustdoc/no-stack-overflow-25295.rs b/tests/rustdoc/no-stack-overflow-25295.rs
+index dd79f1e4baa..0bc58afa4cb 100644
+--- a/tests/rustdoc/no-stack-overflow-25295.rs
++++ b/tests/rustdoc/no-stack-overflow-25295.rs
+@@ -1,5 +1,6 @@
+ // Ensure this code doesn't stack overflow.
+ // aux-build:enum-primitive.rs
++// ignore-stage1
+
+ #[macro_use] extern crate enum_primitive;
+
+diff --git a/tests/rustdoc/normalize-assoc-item.rs b/tests/rustdoc/normalize-assoc-item.rs
+index c6fd5e1101e..945a31853f4 100644
+--- a/tests/rustdoc/normalize-assoc-item.rs
++++ b/tests/rustdoc/normalize-assoc-item.rs
+@@ -1,4 +1,5 @@
+ // ignore-tidy-linelength
++// ignore-stage1
+ // aux-build:normalize-assoc-item.rs
+ // build-aux-docs
+ // compile-flags:-Znormalize-docs
+diff --git a/tests/rustdoc/primitive-reexport.rs b/tests/rustdoc/primitive-reexport.rs
+index 10a8a47db52..ecdb4848265 100644
+--- a/tests/rustdoc/primitive-reexport.rs
++++ b/tests/rustdoc/primitive-reexport.rs
+@@ -1,5 +1,6 @@
+ // aux-build: primitive-reexport.rs
+ // compile-flags:--extern foo --edition 2018
++// ignore-stage1
+
+ #![crate_name = "bar"]
+
+diff --git a/tests/rustdoc/process-termination.rs b/tests/rustdoc/process-termination.rs
+index 32258792b6e..2236842afc9 100644
+--- a/tests/rustdoc/process-termination.rs
++++ b/tests/rustdoc/process-termination.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+
+ /// A check of using various process termination strategies
+ ///
+diff --git a/tests/rustdoc/pub-extern-crate.rs b/tests/rustdoc/pub-extern-crate.rs
+index 26747a4d1ac..98b3068cfd5 100644
+--- a/tests/rustdoc/pub-extern-crate.rs
++++ b/tests/rustdoc/pub-extern-crate.rs
+@@ -1,4 +1,5 @@
+ // aux-build:pub-extern-crate.rs
++// ignore-stage1
+
+ // @has pub_extern_crate/index.html
+ // @!has - '//code' 'pub extern crate inner'
+diff --git a/tests/rustdoc/pub-use-extern-macros.rs b/tests/rustdoc/pub-use-extern-macros.rs
+index eefe6b4b073..f67ec499459 100644
+--- a/tests/rustdoc/pub-use-extern-macros.rs
++++ b/tests/rustdoc/pub-use-extern-macros.rs
+@@ -1,4 +1,5 @@
+ // aux-build:pub-use-extern-macros.rs
++// ignore-stage1
+
+ extern crate macros;
+
+diff --git a/tests/rustdoc/reexport-check.rs b/tests/rustdoc/reexport-check.rs
+index 5908d2150f2..9e3c825558e 100644
+--- a/tests/rustdoc/reexport-check.rs
++++ b/tests/rustdoc/reexport-check.rs
+@@ -1,4 +1,6 @@
+ // aux-build:reexport-check.rs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+
+ extern crate reexport_check;
+diff --git a/tests/rustdoc/reexport-dep-foreign-fn.rs b/tests/rustdoc/reexport-dep-foreign-fn.rs
+index e7f5720d583..f09e2da12f8 100644
+--- a/tests/rustdoc/reexport-dep-foreign-fn.rs
++++ b/tests/rustdoc/reexport-dep-foreign-fn.rs
+@@ -1,4 +1,5 @@
+ // aux-build:all-item-types.rs
++// ignore-stage1
+
+ // This test is to ensure there is no problem on handling foreign functions
+ // coming from a dependency.
+diff --git a/tests/rustdoc/reexport-doc.rs b/tests/rustdoc/reexport-doc.rs
+index df2c889b4d5..52558b39068 100644
+--- a/tests/rustdoc/reexport-doc.rs
++++ b/tests/rustdoc/reexport-doc.rs
+@@ -1,4 +1,5 @@
+ // aux-build:reexport-doc-aux.rs
++// ignore-stage1
+
+ extern crate reexport_doc_aux as dep;
+
+diff --git a/tests/rustdoc/reexports-priv.rs b/tests/rustdoc/reexports-priv.rs
+index 571d7f06fdc..bec1096ad14 100644
+--- a/tests/rustdoc/reexports-priv.rs
++++ b/tests/rustdoc/reexports-priv.rs
+@@ -1,4 +1,5 @@
+ // aux-build: reexports.rs
++// ignore-stage1
+ // compile-flags: --document-private-items
+
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/reexports.rs b/tests/rustdoc/reexports.rs
+index 3c51ac395af..018abbfd277 100644
+--- a/tests/rustdoc/reexports.rs
++++ b/tests/rustdoc/reexports.rs
+@@ -1,4 +1,5 @@
+ // aux-build: reexports.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/rustc-incoherent-impls.rs b/tests/rustdoc/rustc-incoherent-impls.rs
+index 3fdefbecc54..c8382a50679 100644
+--- a/tests/rustdoc/rustc-incoherent-impls.rs
++++ b/tests/rustdoc/rustc-incoherent-impls.rs
+@@ -1,4 +1,5 @@
+ // aux-build:incoherent-impl-types.rs
++// ignore-stage1
+ // build-aux-docs
+
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/test_option_check/bar.rs b/tests/rustdoc/test_option_check/bar.rs
+index 50a182cf7e0..6f48c9c923b 100644
+--- a/tests/rustdoc/test_option_check/bar.rs
++++ b/tests/rustdoc/test_option_check/bar.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: --test
+ // check-test-line-numbers-match
++// ignore-stage1
+
+ /// This looks like another awesome test!
+ ///
+diff --git a/tests/rustdoc/test_option_check/test.rs b/tests/rustdoc/test_option_check/test.rs
+index 964e8e37ed5..208bccafe4c 100644
+--- a/tests/rustdoc/test_option_check/test.rs
++++ b/tests/rustdoc/test_option_check/test.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: --test
++// ignore-stage1
+ // check-test-line-numbers-match
+
+ pub mod bar;
+diff --git a/tests/rustdoc/trait-alias-mention.rs b/tests/rustdoc/trait-alias-mention.rs
+index 6da0dc68785..8916e1321c7 100644
+--- a/tests/rustdoc/trait-alias-mention.rs
++++ b/tests/rustdoc/trait-alias-mention.rs
+@@ -1,5 +1,6 @@
+ // aux-build:trait-alias-mention.rs
+ // build-aux-docs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/trait-visibility.rs b/tests/rustdoc/trait-visibility.rs
+index 8ba3ee03a74..9bd62dd5c0a 100644
+--- a/tests/rustdoc/trait-visibility.rs
++++ b/tests/rustdoc/trait-visibility.rs
+@@ -1,4 +1,5 @@
+ // aux-build:trait-visibility.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/rustdoc/unit-return.rs b/tests/rustdoc/unit-return.rs
+index 6ddfa0c4d5c..a144308a581 100644
+--- a/tests/rustdoc/unit-return.rs
++++ b/tests/rustdoc/unit-return.rs
+@@ -1,4 +1,5 @@
+ // aux-build:unit-return.rs
++// ignore-stage1
+
+ #![crate_name = "foo"]
+
+diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
+index 1c376f59e51..8f852db5efd 100644
+--- a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
++++ b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(unused_imports)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
+index 844d40f2ecd..d0d530ac79f 100644
+--- a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
++++ b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(unused_imports)]
+ // This briefly tests the capability of `Cell` and `RefCell` to implement the
+diff --git a/tests/ui-fulldeps/deriving-global.rs b/tests/ui-fulldeps/deriving-global.rs
+index 214bb4368ff..7ff6e31f09e 100644
+--- a/tests/ui-fulldeps/deriving-global.rs
++++ b/tests/ui-fulldeps/deriving-global.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui-fulldeps/deriving-hygiene.rs b/tests/ui-fulldeps/deriving-hygiene.rs
+index e1084a08fec..f18b703116a 100644
+--- a/tests/ui-fulldeps/deriving-hygiene.rs
++++ b/tests/ui-fulldeps/deriving-hygiene.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(non_upper_case_globals)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
+index ffad80171da..d60062be118 100644
+--- a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
++++ b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(unknown_lints)]
+ // Check that an arena (TypedArena) can carry elements whose drop
+diff --git a/tests/ui-fulldeps/empty-struct-braces-derive.rs b/tests/ui-fulldeps/empty-struct-braces-derive.rs
+index 10e8beaa7b1..29419f97aa1 100644
+--- a/tests/ui-fulldeps/empty-struct-braces-derive.rs
++++ b/tests/ui-fulldeps/empty-struct-braces-derive.rs
+@@ -1,5 +1,6 @@
+ // run-pass
+ // `#[derive(Trait)]` works for empty structs/variants with braces or parens.
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui-fulldeps/issue-14021.rs b/tests/ui-fulldeps/issue-14021.rs
+index 309b5c4a03d..5b9fb023d85 100644
+--- a/tests/ui-fulldeps/issue-14021.rs
++++ b/tests/ui-fulldeps/issue-14021.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(unused_mut)]
+ #![allow(unused_imports)]
+diff --git a/tests/ui-fulldeps/regions-mock-tcx.rs b/tests/ui-fulldeps/regions-mock-tcx.rs
+index 63975ef62c5..24e008bb76b 100644
+--- a/tests/ui-fulldeps/regions-mock-tcx.rs
++++ b/tests/ui-fulldeps/regions-mock-tcx.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(dead_code)]
+ #![allow(unused_imports)]
+diff --git a/tests/ui-fulldeps/rustc_encodable_hygiene.rs b/tests/ui-fulldeps/rustc_encodable_hygiene.rs
+index 509a6b1d22c..ab5f4aed548 100644
+--- a/tests/ui-fulldeps/rustc_encodable_hygiene.rs
++++ b/tests/ui-fulldeps/rustc_encodable_hygiene.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/run-make/cdylib-fewer-symbols/foo.rs b/tests/run-make/cdylib-fewer-symbols/foo.rs
+index af37bc8e953..2f080fb37b2 100644
+--- a/tests/run-make/cdylib-fewer-symbols/foo.rs
++++ b/tests/run-make/cdylib-fewer-symbols/foo.rs
+@@ -1,5 +1,5 @@
+ #![crate_type = "cdylib"]
+-
++#[ignore]
+ #[no_mangle]
+ pub extern "C" fn foo() -> u32 {
+ 3
+diff --git a/tests/run-make/doctests-keep-binaries/t.rs b/tests/run-make/doctests-keep-binaries/t.rs
+index c38cf0a0b25..13b89c05e03 100644
+--- a/tests/run-make/doctests-keep-binaries/t.rs
++++ b/tests/run-make/doctests-keep-binaries/t.rs
+@@ -1,3 +1,4 @@
++// ignore-stage1
+ /// Fungle the foople.
+ /// ```
+ /// t::foople();
+diff --git a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
+index 260f5a7a64f..c05f9adf46b 100644
+--- a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
++++ b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ /// ```
+ /// #![deprecated(since = "5.2", note = "foo was rarely used. \
+diff --git a/tests/rustdoc-ui/issue-80992.rs b/tests/rustdoc-ui/issue-80992.rs
+index 80ff225b879..e589999ae29 100644
+--- a/tests/rustdoc-ui/issue-80992.rs
++++ b/tests/rustdoc-ui/issue-80992.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ pub fn test() -> Result<(), ()> {
+ //! ```compile_fail
+diff --git a/tests/rustdoc-ui/no-run-flag.rs b/tests/rustdoc-ui/no-run-flag.rs
+index 181730eb416..33fa85d7d9d 100644
+--- a/tests/rustdoc-ui/no-run-flag.rs
++++ b/tests/rustdoc-ui/no-run-flag.rs
+@@ -4,6 +4,7 @@
+ // compile-flags:-Z unstable-options --test --no-run --test-args=--test-threads=1
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// let a = true;
+diff --git a/tests/rustdoc-ui/nocapture-fail.rs b/tests/rustdoc-ui/nocapture-fail.rs
+index 9a3fb592c63..9899183cdf6 100644
+--- a/tests/rustdoc-ui/nocapture-fail.rs
++++ b/tests/rustdoc-ui/nocapture-fail.rs
+@@ -3,6 +3,7 @@
+ // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```compile_fail
+ /// fn foo() {
+diff --git a/tests/run-make/issue-22131/foo.rs b/tests/run-make/issue-22131/foo.rs
+index 33255d76879..56ffc4224e4 100644
+--- a/tests/run-make/issue-22131/foo.rs
++++ b/tests/run-make/issue-22131/foo.rs
+@@ -1,5 +1,6 @@
+ /// ```rust
+ /// assert_eq!(foo::foo(), 1);
+ /// ```
++// ignore-stage1
+ #[cfg(feature = "bar")]
+ pub fn foo() -> i32 { 1 }
+diff --git a/tests/rustdoc/auto-traits.rs b/tests/rustdoc/auto-traits.rs
+index 93d4bf2f656..b0eb5f1af7c 100644
+--- a/tests/rustdoc/auto-traits.rs
++++ b/tests/rustdoc/auto-traits.rs
+@@ -1,4 +1,5 @@
+ // aux-build:auto-traits.rs
++// ignore-stage1
+
+ #![feature(auto_traits)]
+
+diff --git a/tests/rustdoc/inline_cross/dyn_trait.rs b/tests/rustdoc/inline_cross/dyn_trait.rs
+index 649d98f7139..82f88a4713c 100644
+--- a/tests/rustdoc/inline_cross/dyn_trait.rs
++++ b/tests/rustdoc/inline_cross/dyn_trait.rs
+@@ -1,4 +1,5 @@
+ #![crate_name = "user"]
++// ignore-stage1
+
+ // aux-crate:dyn_trait=dyn_trait.rs
+ // edition:2021
+diff --git a/tests/ui/abi/stack-probes-lto.rs b/tests/ui/abi/stack-probes-lto.rs
+index 0dccb633df9..36e4d04ccaa 100644
+--- a/tests/ui/abi/stack-probes-lto.rs
++++ b/tests/ui/abi/stack-probes-lto.rs
+@@ -13,6 +13,7 @@
+ // ignore-fuchsia no exception handler registered for segfault
+ // compile-flags: -C lto
+ // no-prefer-dynamic
++// ignore-stage1
+ // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino
+
+ include!("stack-probes.rs");
+diff --git a/tests/ui/abi/stack-probes.rs b/tests/ui/abi/stack-probes.rs
+index 8137c92304d..9f4edca3caf 100644
+--- a/tests/ui/abi/stack-probes.rs
++++ b/tests/ui/abi/stack-probes.rs
+@@ -11,6 +11,7 @@
+ // ignore-sgx no processes
+ // ignore-fuchsia no exception handler registered for segfault
+ // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino
++// ignore-stage1
+
+ use std::env;
+ use std::mem::MaybeUninit;
+diff --git a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
+index 5a6283e9f13..c036f7f03e6 100644
+--- a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
++++ b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
+@@ -1,7 +1,7 @@
+ // Test that slice subslice patterns are correctly handled in const evaluation.
+
+ // run-pass
+-
++// ignore-stage1
+ #[derive(PartialEq, Debug, Clone)]
+ struct N(u8);
+
+diff --git a/tests/ui/asm/x86_64/sym.rs b/tests/ui/asm/x86_64/sym.rs
+index 93ef4f09062..6b076924bda 100644
+--- a/tests/ui/asm/x86_64/sym.rs
++++ b/tests/ui/asm/x86_64/sym.rs
+@@ -2,6 +2,7 @@
+ // only-linux
+ // needs-asm-support
+ // run-pass
++// ignore-stage1
+
+ #![feature(thread_local)]
+
+diff --git a/tests/ui/associated-type-bounds/fn-apit.rs b/tests/ui/associated-type-bounds/fn-apit.rs
+index 3c9f511338f..e8fd5fc3c3e 100644
+--- a/tests/ui/associated-type-bounds/fn-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-apit.rs
+@@ -1,6 +1,6 @@
+ // run-pass
+ // aux-build:fn-aux.rs
+-
++// ignore-stage1
+ #![allow(unused)]
+ #![feature(associated_type_bounds)]
+
+diff --git a/tests/ui/associated-type-bounds/fn-dyn-apit.rs b/tests/ui/associated-type-bounds/fn-dyn-apit.rs
+index c4e8092c211..7c690f42846 100644
+--- a/tests/ui/associated-type-bounds/fn-dyn-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-dyn-apit.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // aux-build:fn-dyn-aux.rs
+
++// ignore-stage1
+ #![allow(unused)]
+ #![feature(associated_type_bounds)]
+
+diff --git a/tests/ui/associated-type-bounds/fn-wrap-apit.rs b/tests/ui/associated-type-bounds/fn-wrap-apit.rs
+index 96df13e372a..b1df6e867f2 100644
+--- a/tests/ui/associated-type-bounds/fn-wrap-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-wrap-apit.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // aux-build:fn-aux.rs
+
++// ignore-stage1
+ #![feature(associated_type_bounds)]
+ #![allow(dead_code)]
+
+diff --git a/tests/ui/structs-enums/multiple-reprs.rs b/tests/ui/structs-enums/multiple-reprs.rs
+index 4be503a0ef4..2cf0875fc5c 100644
+--- a/tests/ui/structs-enums/multiple-reprs.rs
++++ b/tests/ui/structs-enums/multiple-reprs.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+
+ #![allow(dead_code)]
+
+diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs
+--- a/src/tools/compiletest/src/common.rs
++++ b/src/tools/compiletest/src/common.rs
+@@ -431,7 +431,6 @@
+ .unwrap()
+ };
+
+- let mut current = None;
+ let mut all_targets = HashSet::new();
+ let mut all_archs = HashSet::new();
+ let mut all_oses = HashSet::new();
+@@ -452,14 +451,11 @@
+ }
+ all_pointer_widths.insert(format!("{}bit", cfg.pointer_width));
+
+- if target == config.target {
+- current = Some(cfg);
+- }
+ all_targets.insert(target.into());
+ }
+
+ Self {
+- current: current.expect("current target not found"),
++ current: Self::get_current_target_config(config),
+ all_targets,
+ all_archs,
+ all_oses,
+@@ -471,6 +467,89 @@
+ }
+ }
+
++ fn get_current_target_config(config: &Config) -> TargetCfg {
++ let mut arch = None;
++ let mut os = None;
++ let mut env = None;
++ let mut abi = None;
++ let mut families = Vec::new();
++ let mut pointer_width = None;
++ let mut endian = None;
++ let mut panic = None;
++
++ for config in
++ rustc_output(config, &["--print=cfg", "--target", &config.target]).trim().lines()
++ {
++ let (name, value) = config
++ .split_once("=\"")
++ .map(|(name, value)| {
++ (
++ name,
++ Some(
++ value
++ .strip_suffix("\"")
++ .expect("key-value pair should be properly quoted"),
++ ),
++ )
++ })
++ .unwrap_or_else(|| (config, None));
++
++ match name {
++ "target_arch" => {
++ arch = Some(value.expect("target_arch should be a key-value pair").to_string());
++ }
++ "target_os" => {
++ os = Some(value.expect("target_os sould be a key-value pair").to_string());
++ }
++ "target_env" => {
++ env = Some(value.expect("target_env should be a key-value pair").to_string());
++ }
++ "target_abi" => {
++ abi = Some(value.expect("target_abi should be a key-value pair").to_string());
++ }
++ "target_family" => {
++ families
++ .push(value.expect("target_family should be a key-value pair").to_string());
++ }
++ "target_pointer_width" => {
++ pointer_width = Some(
++ value
++ .expect("target_pointer_width should be a key-value pair")
++ .parse::<u32>()
++ .expect("target_pointer_width should be a valid u32"),
++ );
++ }
++ "target_endian" => {
++ endian = Some(match value.expect("target_endian should be a key-value pair") {
++ "big" => Endian::Big,
++ "little" => Endian::Little,
++ _ => panic!("target_endian should be either 'big' or 'little'"),
++ });
++ }
++ "panic" => {
++ panic = Some(match value.expect("panic should be a key-value pair") {
++ "abort" => PanicStrategy::Abort,
++ "unwind" => PanicStrategy::Unwind,
++ _ => panic!("panic should be either 'abort' or 'unwind'"),
++ });
++ }
++ _ => (),
++ }
++ }
++
++ TargetCfg {
++ arch: arch.expect("target configuration should specify target_arch"),
++ os: os.expect("target configuration should specify target_os"),
++ env: env.expect("target configuration should specify target_env"),
++ abi: abi.expect("target configuration should specify target_abi"),
++ families,
++ pointer_width: pointer_width
++ .expect("target configuration should specify target_pointer_width"),
++ endian: endian.expect("target configuration should specify target_endian"),
++ panic: panic.expect("target configuration should specify panic"),
++ }
++ }
++
+ // #[cfg(bootstrap)]
+ // Needed only for one cycle, remove during the bootstrap bump.
+ fn collect_all_slow(config: &Config) -> HashMap<String, TargetCfg> {
+diff --git a/tests/run-make/issue-47551/Makefile b/tests/run-make/issue-47551/Makefile
+index 5a6ac725701..9290f2e0555 100644
+--- a/tests/run-make/issue-47551/Makefile
++++ b/tests/run-make/issue-47551/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # only-linux
+ # ignore-32bit
+
+diff --git a/tests/run-make/pgo-branch-weights/Makefile b/tests/run-make/pgo-branch-weights/Makefile
+index c60206a1f34..4666be03b85 100644
+--- a/tests/run-make/pgo-branch-weights/Makefile
++++ b/tests/run-make/pgo-branch-weights/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+
+diff --git a/tests/run-make/pgo-gen-lto/Makefile b/tests/run-make/pgo-gen-lto/Makefile
+index 3f2f6a838b5..9e4f555d21c 100644
+--- a/tests/run-make/pgo-gen-lto/Makefile
++++ b/tests/run-make/pgo-gen-lto/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+
+diff --git a/tests/run-make/pgo-gen/Makefile b/tests/run-make/pgo-gen/Makefile
+index 4623a74957b..22aed059cf4 100644
+--- a/tests/run-make/pgo-gen/Makefile
++++ b/tests/run-make/pgo-gen/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+
+diff --git a/tests/run-make/pgo-indirect-call-promotion/Makefile b/tests/run-make/pgo-indirect-call-promotion/Makefile
+index 45302215cc6..519447882ea 100644
+--- a/tests/run-make/pgo-indirect-call-promotion/Makefile
++++ b/tests/run-make/pgo-indirect-call-promotion/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+
+diff --git a/tests/run-make/pgo-use/Makefile b/tests/run-make/pgo-use/Makefile
+index 3bac9b77aa3..5c64b2342e1 100644
+--- a/tests/run-make/pgo-use/Makefile
++++ b/tests/run-make/pgo-use/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+
+diff --git a/tests/run-make/profile/Makefile b/tests/run-make/profile/Makefile
+index fffc051adbf..42a63a871d6 100644
+--- a/tests/run-make/profile/Makefile
++++ b/tests/run-make/profile/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+
+ include ../tools.mk
+diff --git a/tests/run-make/sysroot-crates-are-unstable/Makefile b/tests/run-make/sysroot-crates-are-unstable/Makefile
+index 1e267fb9576..e3e83c52cc2 100644
+--- a/tests/run-make/sysroot-crates-are-unstable/Makefile
++++ b/tests/run-make/sysroot-crates-are-unstable/Makefile
+@@ -1,2 +1,3 @@
++# ignore-stage1
+ all:
+ '$(PYTHON)' test.py
+diff --git a/tests/run-make/target-specs/Makefile b/tests/run-make/target-specs/Makefile
+index a33f5368e3c..84459293364 100644
+--- a/tests/run-make/target-specs/Makefile
++++ b/tests/run-make/target-specs/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ include ../tools.mk
+ all:
+ $(RUSTC) foo.rs --target=my-awesome-platform.json --crate-type=lib --emit=asm
+diff --git a/tests/ui/functions-closures/fn-help-with-err.rs b/tests/ui/functions-closures/fn-help-with-err.rs
+index 612fe1b8419..d021f33c550 100644
+--- a/tests/ui/functions-closures/fn-help-with-err.rs
++++ b/tests/ui/functions-closures/fn-help-with-err.rs
+@@ -1,4 +1,5 @@
+ // This test case checks the behavior of typeck::check::method::suggest::is_fn on Ty::Error.
++// ignore-stage1
+
+ struct Foo;
+
+diff --git a/tests/run-make/pointer-auth-link-with-c/Makefile b/tests/run-make/pointer-auth-link-with-c/Makefile
+index dffbd303582..5347d0a90f1 100644
+--- a/tests/run-make/pointer-auth-link-with-c/Makefile
++++ b/tests/run-make/pointer-auth-link-with-c/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ include ../tools.mk
+
+ # only-aarch64
diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc
index fbe2492fb4..0009c50172 100644
--- a/poky/meta/recipes-devtools/rust/rust-source.inc
+++ b/poky/meta/recipes-devtools/rust/rust-source.inc
@@ -6,6 +6,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
file://0001-Do-not-use-LFS64-on-linux-with-musl.patch;patchdir=${RUSTSRC} \
file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
+ file://rust-oe-selftest.patch;patchdir=${RUSTSRC} \
"
SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"
@@ -16,8 +17,3 @@ export TARGET_VENDOR
UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html"
UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
-
-# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
-# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'"
-# when building MACHINE=qemux86 for musl
-WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared"
diff --git a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
index 8669291d08..3b9c05a19f 100644
--- a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
+++ b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
@@ -66,6 +66,7 @@ do_rust_setup_snapshot () {
fi
}
addtask rust_setup_snapshot after do_unpack before do_configure
+addtask do_test_compile after do_configure do_rust_gen_targets
do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot"
do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER"
@@ -223,6 +224,11 @@ FILES:${PN}-dev = ""
do_compile () {
}
+do_test_compile[dirs] = "${B}"
+do_test_compile () {
+ rust_runx build src/tools/remote-test-server --target "${RUST_TARGET_SYS}"
+}
+
ALLOW_EMPTY:${PN} = "1"
PACKAGES =+ "${PN}-tools-clippy ${PN}-tools-rustfmt"
diff --git a/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch
new file mode 100644
index 0000000000..bdf815e55e
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch
@@ -0,0 +1,303 @@
+From 00ace1392f5bd289239b755458dcdeeed69af1da Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Mon, 26 Jun 2023 10:00:00 +0000
+Subject: [PATCH] tests: avoid accept() libc function when tracing accept()
+ syscall
+
+The libc function is allowed to implement accept() using accept4()
+syscall, so migrate to accept4() those tests that trace accept() syscall
+but do not test accept() specifically, and change the test of accept()
+syscall to invoke either __NR_accept or __NR_socketcall(SYS_ACCEPT)
+directly.
+
+* tests/accept_compat.h: Remove.
+* tests/Makefile.am (EXTRA_DIST): Remove accept_compat.h.
+* tests/accept.c [TEST_SYSCALL_NAME]: Do not invoke accept(),
+call __NR_accept or __NR_socketcall if available, or skip the test.
+* tests/net-y-unix.c: Do not include "accept_compat.h".
+(main): Invoke accept4() instead of accept().
+* tests/net-yy-inet.c: Likewise.
+* tests/net-yy-unix.c: Likewise.
+
+Resolves: https://github.com/strace/strace/issues/260
+
+Upstream-Status: Backport
+---
+ tests/Makefile.am | 1 -
+ tests/accept.c | 36 ++++++++++++++++++++----------------
+ tests/accept_compat.h | 32 --------------------------------
+ tests/net-y-unix.c | 16 ++++++++--------
+ tests/net-yy-inet.c | 12 ++++++------
+ tests/net-yy-unix.c | 16 ++++++++--------
+ 6 files changed, 42 insertions(+), 71 deletions(-)
+ delete mode 100644 tests/accept_compat.h
+
+Index: strace-6.3/tests/Makefile.am
+===================================================================
+--- strace-6.3.orig/tests/Makefile.am
++++ strace-6.3/tests/Makefile.am
+@@ -776,7 +776,6 @@ check_DATA = \
+ # end of check_DATA
+
+ EXTRA_DIST = \
+- accept_compat.h \
+ attach-p-cmd.h \
+ clock_adjtime-common.c \
+ clock_xettime-common.c \
+Index: strace-6.3/tests/accept.c
+===================================================================
+--- strace-6.3.orig/tests/accept.c
++++ strace-6.3/tests/accept.c
+@@ -9,38 +9,36 @@
+ */
+
+ #include "tests.h"
+-
++#include "scno.h"
+ #include <unistd.h>
+
+-#include "scno.h"
++#ifndef TEST_SYSCALL_NAME
+
+-#if defined __NR_accept
++# if defined __NR_accept || defined __NR_socketcall
+
+-# ifndef TEST_SYSCALL_NAME
+ # define TEST_SYSCALL_NAME do_accept
+-
+-# ifndef TEST_SYSCALL_STR
+-# define TEST_SYSCALL_STR "accept"
+-# endif
++# define TEST_SYSCALL_STR "accept"
+
+ static int
+ do_accept(int sockfd, void *addr, void *addrlen)
+ {
++# ifdef __NR_accept
+ return syscall(__NR_accept, sockfd, addr, addrlen);
++# else /* __NR_socketcall */
++ const long args[] = { sockfd, (long) addr, (long) addrlen };
++ return syscall(__NR_socketcall, 5, args);
++# endif
+ }
+-# endif /* !TEST_SYSCALL_NAME */
+
+-#else /* !__NR_accept */
++# endif /* __NR_accept || __NR_socketcall */
+
+-# ifndef TEST_SYSCALL_NAME
+-# define TEST_SYSCALL_NAME accept
+-# endif
++#endif /* !TEST_SYSCALL_NAME */
+
+-#endif /* __NR_accept */
++#ifdef TEST_SYSCALL_NAME
+
+-#define TEST_SYSCALL_PREPARE connect_un()
++# define TEST_SYSCALL_PREPARE connect_un()
+ static void connect_un(void);
+-#include "sockname.c"
++# include "sockname.c"
+
+ static void
+ connect_un(void)
+@@ -90,3 +88,9 @@ main(void)
+ puts("+++ exited with 0 +++");
+ return 0;
+ }
++
++#else
++
++SKIP_MAIN_UNDEFINED("__NR_accept || __NR_socketcall")
++
++#endif
+Index: strace-6.3/tests/accept_compat.h
+===================================================================
+--- strace-6.3.orig/tests/accept_compat.h
++++ /dev/null
+@@ -1,32 +0,0 @@
+-/*
+- * Copyright (c) 2018-2019 The strace developers.
+- * All rights reserved.
+- *
+- * SPDX-License-Identifier: GPL-2.0-or-later
+- */
+-
+-#ifndef _STRACE_TESTS_ACCEPT_COMPAT_H_
+-# define _STRACE_TESTS_ACCEPT_COMPAT_H_
+-
+-# include <unistd.h>
+-# include <sys/socket.h>
+-# include "scno.h"
+-
+-# if defined __NR_socketcall && defined __sparc__
+-/*
+- * Work around the fact that
+- * - glibc >= 2.26 uses accept4 syscall to implement accept() call on sparc;
+- * - accept syscall had not been wired up on sparc until v4.4-rc8~4^2~1.
+- */
+-static inline int
+-do_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
+-{
+- const long args[] = { sockfd, (long) addr, (long) addrlen };
+-
+- return syscall(__NR_socketcall, 5, args);
+-}
+-# else
+-# define do_accept accept
+-# endif
+-
+-#endif /* !_STRACE_TESTS_ACCEPT_COMPAT_H_ */
+Index: strace-6.3/tests/net-y-unix.c
+===================================================================
+--- strace-6.3.orig/tests/net-y-unix.c
++++ strace-6.3/tests/net-y-unix.c
+@@ -10,6 +10,7 @@
+
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -18,8 +19,6 @@
+ #include <sys/socket.h>
+ #include <sys/un.h>
+
+-#include "accept_compat.h"
+-
+ #define TEST_SOCKET "net-y-unix.socket"
+
+ int
+@@ -88,12 +87,12 @@ main(void)
+ struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ memset(accept_sa, 0, sizeof(addr));
+ *len = sizeof(addr);
+- int accept_fd = do_accept(listen_fd, accept_sa, len);
++ int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ if (accept_fd < 0)
+ perror_msg_and_fail("accept");
+ unsigned long accept_inode = inode_of_sockfd(accept_fd);
+- printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX}"
+- ", [%d => %d]) = %d<socket:[%lu]>\n",
++ printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX}"
++ ", [%d => %d], SOCK_CLOEXEC) = %d<socket:[%lu]>\n",
+ listen_fd, listen_inode,
+ (int) sizeof(addr), (int) *len,
+ accept_fd, accept_inode);
+@@ -160,14 +159,15 @@ main(void)
+
+ memset(accept_sa, 0, sizeof(addr));
+ *len = sizeof(addr);
+- accept_fd = do_accept(listen_fd, accept_sa, len);
++ accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ if (accept_fd < 0)
+ perror_msg_and_fail("accept");
+ accept_inode = inode_of_sockfd(accept_fd);
+ const char * const sun_path1 =
+ ((struct sockaddr_un *) accept_sa)->sun_path + 1;
+- printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX"
+- ", sun_path=@\"%s\"}, [%d => %d]) = %d<socket:[%lu]>\n",
++ printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX"
++ ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)"
++ " = %d<socket:[%lu]>\n",
+ listen_fd, listen_inode, sun_path1,
+ (int) sizeof(addr), (int) *len,
+ accept_fd, accept_inode);
+Index: strace-6.3/tests/net-yy-inet.c
+===================================================================
+--- strace-6.3.orig/tests/net-yy-inet.c
++++ strace-6.3/tests/net-yy-inet.c
+@@ -10,6 +10,7 @@
+
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -19,8 +20,6 @@
+ #include <netinet/tcp.h>
+ #include <arpa/inet.h>
+
+-#include "accept_compat.h"
+-
+ #ifndef ADDR_FAMILY
+ # define ADDR_FAMILY_FIELD sin_family
+ # define ADDR_FAMILY AF_INET
+@@ -104,14 +103,15 @@ main(void)
+ struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ memset(accept_sa, 0, sizeof(addr));
+ *len = sizeof(addr);
+- const int accept_fd = do_accept(listen_fd, accept_sa, len);
++ const int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ if (accept_fd < 0)
+ perror_msg_and_fail("accept");
+ const unsigned int connect_port =
+ ntohs(((struct SOCKADDR_TYPE *) accept_sa)->INPORT);
+- printf("accept(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR
+- ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}"
+- ", [%u]) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK ":%u]>\n",
++ printf("accept4(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR
++ ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}, [%u]"
++ ", SOCK_CLOEXEC) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK
++ ":%u]>\n",
+ listen_fd, listen_port, connect_port, (unsigned) *len,
+ accept_fd, listen_port, connect_port);
+
+Index: strace-6.3/tests/net-yy-unix.c
+===================================================================
+--- strace-6.3.orig/tests/net-yy-unix.c
++++ strace-6.3/tests/net-yy-unix.c
+@@ -10,6 +10,7 @@
+
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -22,8 +23,6 @@
+ # include "xmalloc.h"
+ #endif
+
+-#include "accept_compat.h"
+-
+ #define TEST_SOCKET "net-yy-unix.socket"
+
+ int
+@@ -112,12 +111,12 @@ main(void)
+ struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ memset(accept_sa, 0, sizeof(addr));
+ *len = sizeof(addr);
+- int accept_fd = do_accept(listen_fd, accept_sa, len);
++ int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ if (accept_fd < 0)
+ perror_msg_and_fail("accept");
+ unsigned long accept_inode = inode_of_sockfd(accept_fd);
+- printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}"
+- ", [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n",
++ printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}"
++ ", [%d => %d], SOCK_CLOEXEC) = %d<%s:[%lu->%lu,\"%s\"]>\n",
+ listen_fd, sock_proto_name, listen_inode, TEST_SOCKET,
+ (int) sizeof(addr), (int) *len,
+ accept_fd, sock_proto_name, accept_inode, connect_inode,
+@@ -191,14 +190,15 @@ main(void)
+
+ memset(accept_sa, 0, sizeof(addr));
+ *len = sizeof(addr);
+- accept_fd = do_accept(listen_fd, accept_sa, len);
++ accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ if (accept_fd < 0)
+ perror_msg_and_fail("accept");
+ accept_inode = inode_of_sockfd(accept_fd);
+ const char * const sun_path1 =
+ ((struct sockaddr_un *) accept_sa)->sun_path + 1;
+- printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX"
+- ", sun_path=@\"%s\"}, [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n",
++ printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX"
++ ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)"
++ " = %d<%s:[%lu->%lu,\"%s\"]>\n",
+ listen_fd, sock_proto_name, listen_inode, TEST_SOCKET,
+ sun_path1, (int) sizeof(addr), (int) *len,
+ accept_fd, sock_proto_name, accept_inode, connect_inode,
diff --git a/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch
new file mode 100644
index 0000000000..b4c6ff99de
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch
@@ -0,0 +1,50 @@
+From 3bbfb541b258baec9eba674b5d8dc30007a61542 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Wed, 21 Jun 2023 08:00:00 +0000
+Subject: [PATCH] net: enhance getsockopt decoding
+
+When getsockopt syscall fails the kernel sometimes updates the optlen
+argument, for example, NETLINK_LIST_MEMBERSHIPS updates it even if
+optval is not writable.
+
+* src/net.c (SYS_FUNC(getsockopt)): Try to fetch and print optlen
+argument on exiting syscall regardless of getsockopt exit status.
+
+Upstream-Status: Backport
+---
+ src/net.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/net.c b/src/net.c
+index f68ccb947..7244b5e57 100644
+--- a/src/net.c
++++ b/src/net.c
+@@ -1038,7 +1038,7 @@ SYS_FUNC(getsockopt)
+ } else {
+ ulen = get_tcb_priv_ulong(tcp);
+
+- if (syserror(tcp) || umove(tcp, tcp->u_arg[4], &rlen) < 0) {
++ if (umove(tcp, tcp->u_arg[4], &rlen) < 0) {
+ /* optval */
+ printaddr(tcp->u_arg[3]);
+ tprint_arg_next();
+@@ -1047,6 +1047,19 @@ SYS_FUNC(getsockopt)
+ tprint_indirect_begin();
+ PRINT_VAL_D(ulen);
+ tprint_indirect_end();
++ } else if (syserror(tcp)) {
++ /* optval */
++ printaddr(tcp->u_arg[3]);
++ tprint_arg_next();
++
++ /* optlen */
++ tprint_indirect_begin();
++ if (ulen != rlen) {
++ PRINT_VAL_D(ulen);
++ tprint_value_changed();
++ }
++ PRINT_VAL_D(rlen);
++ tprint_indirect_end();
+ } else {
+ /* optval */
+ print_getsockopt(tcp, tcp->u_arg[1], tcp->u_arg[2],
diff --git a/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch
new file mode 100644
index 0000000000..a0843836c2
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch
@@ -0,0 +1,50 @@
+From f31c2f4494779e5c5f170ad10539bfc2dfafe967 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Sat, 24 Jun 2023 08:00:00 +0000
+Subject: [PATCH] tests: update sockopt-sol_netlink test
+
+Update sockopt-sol_netlink test that started to fail, likely
+due to recent linux kernel commit f4e4534850a9 ("net/netlink: fix
+NETLINK_LIST_MEMBERSHIPS length report").
+
+* tests/sockopt-sol_netlink.c (main): Always print changing optlen value
+on exiting syscall.
+
+Reported-by: Alexander Gordeev <agordeev@linux.ibm.com>
+---
+ tests/sockopt-sol_netlink.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+Upstream-Status: Backport
+
+diff --git a/tests/sockopt-sol_netlink.c b/tests/sockopt-sol_netlink.c
+index 82b98adc23..1c33219ac5 100644
+--- a/tests/sockopt-sol_netlink.c
++++ b/tests/sockopt-sol_netlink.c
+@@ -94,7 +94,10 @@ main(void)
+ printf("%p", val);
+ else
+ printf("[%d]", *val);
+- printf(", [%d]) = %s\n", *len, errstr);
++ printf(", [%d", (int) sizeof(*val));
++ if ((int) sizeof(*val) != *len)
++ printf(" => %d", *len);
++ printf("]) = %s\n", errstr);
+
+ /* optlen larger than necessary - shortened */
+ *len = sizeof(*val) + 1;
+@@ -150,8 +153,12 @@ main(void)
+ /* optval EFAULT - print address */
+ *len = sizeof(*val);
+ get_sockopt(fd, names[i].val, efault, len);
+- printf("getsockopt(%d, SOL_NETLINK, %s, %p, [%d]) = %s\n",
+- fd, names[i].str, efault, *len, errstr);
++ printf("getsockopt(%d, SOL_NETLINK, %s, %p",
++ fd, names[i].str, efault);
++ printf(", [%d", (int) sizeof(*val));
++ if ((int) sizeof(*val) != *len)
++ printf(" => %d", *len);
++ printf("]) = %s\n", errstr);
+
+ /* optlen EFAULT - print address */
+ get_sockopt(fd, names[i].val, val, len + 1);
diff --git a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch b/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch
deleted file mode 100644
index 5741bf8672..0000000000
--- a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Upstream-Status: Inappropriate [avoid this test until fixed by upstream]
-
-Reported at https://github.com/strace/strace/issues/257
-
-root@qemux86-64:/usr/lib/strace/ptest/tests# make sockopt-sol_netlink.gen.log
-FAIL: sockopt-sol_netlink.gen.test
-
-#root@qemux86-64:/usr/lib/strace/ptest/tests# diff sockopt-sol_netlink.dir/exp sockopt-sol_netlink.dir/out
-#--- sockopt-sol_netlink.dir/exp
-#+++ sockopt-sol_netlink.dir/out
-#@@ -86,11 +86,11 @@
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, -1) = -1 EINVAL (Invalid argument)
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, 3) = 0
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a803000, 4) = -1 EFAULT (Bad address)
--getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [8]) = 0
-+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [4 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [5 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, [0 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [], [3 => 8]) = 0
--getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [8]) = -1 EFAULT (Bad address)
-+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [4]) = -1 EFAULT (Bad address)
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a802ffc, 0x7fa18a7fd000) = -1 EFAULT (Bad address)
- setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 4) = -1 ENOPROTOOPT (Protocol not available)
- setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 5) = -1 ENOPROTOOPT (Protocol not available)
-
-
-
-Index: strace-6.3/tests/sockopt-sol_netlink.gen.test
-===================================================================
---- strace-6.3.orig/tests/sockopt-sol_netlink.gen.test
-+++ strace-6.3/tests/sockopt-sol_netlink.gen.test
-@@ -1,4 +1,5 @@
- #!/bin/sh -efu
- # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (sockopt-sol_netlink -e trace=getsockopt,setsockopt); do not edit.
- . "${srcdir=.}/init.sh"
-+skip_ "Test failing after system upgrades, wait for upstream fixes"
- run_strace_match_diff -e trace=getsockopt,setsockopt
diff --git a/poky/meta/recipes-devtools/strace/strace_6.3.bb b/poky/meta/recipes-devtools/strace/strace_6.3.bb
index 7ba9fcc468..a47cc71724 100644
--- a/poky/meta/recipes-devtools/strace/strace_6.3.bb
+++ b/poky/meta/recipes-devtools/strace/strace_6.3.bb
@@ -14,7 +14,9 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
file://skip-load.patch \
file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \
file://0002-tests-Replace-off64_t-with-off_t.patch \
- file://skip-sockopt-test.patch \
+ file://00ace1392f5bd289239b755458dcdeeed69af1da.patch \
+ file://f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch \
+ file://3bbfb541b258baec9eba674b5d8dc30007a61542.patch \
"
SRC_URI[sha256sum] = "e17878e301506c1cc301611118ad14efee7f8bcef63b27ace5d290acce7bb731"
diff --git a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
index 982f370edb..91fc81352e 100644
--- a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
+++ b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
@@ -29,10 +29,6 @@ SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f
SRC_URI:class-native = "${BASE_SRC_URI}"
-# Upstream don't believe this is an exploitable issue
-# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
-CVE_CHECK_IGNORE += "CVE-2021-35331"
-
UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html"
UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"
diff --git a/poky/meta/recipes-extended/acpica/acpica_20230331.bb b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
index 01b8833f50..06db99cef5 100644
--- a/poky/meta/recipes-extended/acpica/acpica_20230331.bb
+++ b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
@@ -17,7 +17,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
DEPENDS = "m4-native flex-native bison-native"
SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
-SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2"
+SRC_URI[sha256sum] = "86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce"
UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
diff --git a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
index 4182372057..c5d3e04ed5 100644
--- a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
+++ b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "These are introductory examples to showcase the use of QEMU to ru
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449"
-SRCREV = "ea7f59b02467ed1fb36c3b4c6d5cabe702df26ec"
+SRCREV = "fc7c43d138185028b6ac14c83f6492fce26eca95"
PV = "0.1+git${SRCPV}"
SRC_URI = "git://github.com/ahcbb6/baremetal-helloqemu.git;protocol=https;branch=master"
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.14.bb b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
index e55fb70cb1..560038d2a6 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.14.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
@@ -16,8 +16,7 @@ SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905c
inherit autotools gettext texinfo ptest
-# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
-CVE_CHECK_IGNORE += "CVE-2010-4226"
+CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS"
EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
@@ -66,7 +65,7 @@ do_install_ptest_base:append() {
# The tests need to run as a non-root user, so pull in the ptest user
DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}"
-PACKAGE_WRITE_DEPS += "ptest-runner"
+PACKAGE_WRITE_DEPS:append:class-target = " ${MLPREFIX}ptest-runner"
RDEPENDS:${PN}-ptest += "ptest-runner"
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index d77758fd3f..36feaddcf8 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -15,19 +15,15 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://0004-cups-fix-multilib-install-file-conflicts.patch \
file://volatiles.99_cups \
file://cups-volatiles.conf \
- file://CVE-2023-32324.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
-# Issue only applies to MacOS
-CVE_CHECK_IGNORE += "CVE-2008-1033"
-# Issue affects pdfdistiller plugin used with but not part of cups
-CVE_CHECK_IGNORE += "CVE-2009-0032"
-# This is an Ubuntu only issue.
-CVE_CHECK_IGNORE += "CVE-2018-6553"
-# This is fixed in 2.4.2 but the cve-check class still reports it
-CVE_CHECK_IGNORE += "CVE-2022-26691"
+CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS"
+CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups"
+CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue"
+CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it"
+CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply."
LEAD_SONAME = "libcupsdriver.so"
@@ -115,7 +111,3 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess"
cups_sysroot_preprocess () {
sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
}
-
-# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is
-# root:root, so this doesn't apply.
-CVE_CHECK_IGNORE += "CVE-2021-25317"
diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
deleted file mode 100644
index 40b89c9899..0000000000
--- a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Thu, 1 Jun 2023 12:04:00 +0200
-Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
-
-CVE: CVE-2023-32324
-Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589]
-
-(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e)
-Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
----
- cups/string.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/cups/string.c b/cups/string.c
-index 93cdad19..6ef58515 100644
---- a/cups/string.c
-+++ b/cups/string.c
-@@ -1,6 +1,7 @@
- /*
- * String functions for CUPS.
- *
-+ * Copyright © 2023 by OpenPrinting.
- * Copyright © 2007-2019 by Apple Inc.
- * Copyright © 1997-2007 by Easy Software Products.
- *
-@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
- size_t srclen; /* Length of source string */
-
-
-+ if (size == 0)
-+ return (0);
-+
- /*
- * Figure out how much room is needed...
- */
diff --git a/poky/meta/recipes-extended/cups/cups_2.4.2.bb b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
index f5ca749bac..58029fdbd4 100644
--- a/poky/meta/recipes-extended/cups/cups_2.4.2.bb
+++ b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
@@ -2,4 +2,4 @@ require cups.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908"
+SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262"
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c308f2..32793233f9 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
timezone \
- colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
-
- XFAIL_TESTS = large-subopt
-
+ colors \
+ y2038-vs-32bit
diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f32d..08e8305612 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://0001-Skip-strip-trailing-cr-test-case.patch \
"
-SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index f03ebf4478..fdbdfb6502 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -18,9 +18,6 @@ DEPENDS = "tiff jpeg fontconfig cups libpng freetype zlib"
UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
-# We use a system libjpeg-turbo which has this fix
-CVE_CHECK_IGNORE += "CVE-2013-6629"
-
def gs_verdir(v):
return "".join(v.split("."))
@@ -30,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://avoid-host-contamination.patch \
"
-SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
diff --git a/poky/meta/recipes-extended/iputils/iputils_20221126.bb b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
index cd5fe9bd3e..7d94271a64 100644
--- a/poky/meta/recipes-extended/iputils/iputils_20221126.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -17,9 +17,8 @@ S = "${WORKDIR}/git"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)"
-# Fixed in 2000-10-10, but the versioning of iputils
-# breaks the version order.
-CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
+CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
+CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
PACKAGECONFIG ??= "libcap"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
index d0afb3ca0a..f0e687c330 100644
--- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -13,9 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SECTION = "libs"
DEPENDS += "libtirpc libnsl2"
-PV = "3.1+git${SRCPV}"
+PV = "3.2"
-SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
+SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59"
SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
"
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index f55e0b0ed1..d466905426 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -14,8 +14,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3"
-# Was fixed in 1.3.3rc1 so not present in 1.3.3
-CVE_CHECK_IGNORE += "CVE-2021-46828"
+CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3"
inherit autotools pkgconfig
diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
index f0755e3ae5..10a6149abc 100644
--- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
+++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
@@ -16,8 +16,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \
SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516"
-# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used
-CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
+CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}"
diff --git a/poky/meta/recipes-extended/ltp/ltp_20230516.bb b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
index ddc6523e30..e9407d3148 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20230516.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
@@ -93,6 +93,7 @@ RDEPENDS:${PN} = "\
e2fsprogs-mke2fs \
expect \
file \
+ findutils \
gawk \
gdb \
gzip \
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 0000000000..cea435f83b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 88 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, &ldsize)) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+ /* Must be a fresh device to add to a container */
+- return validate_geometry_ddf_container(st, level, layout,
+- raiddisks, *chunk,
+- size, data_offset, dev,
+- freesize,
+- verbose);
++ return validate_geometry_ddf_container(st, level, raiddisks,
++ data_offset, dev,
++ freesize, verbose);
+ }
+
+ if (!dev) {
+@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ return 1;
+ }
+
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose)
+-{
+- int fd;
+- unsigned long long ldsize;
+-
+- if (level != LEVEL_CONTAINER)
+- return 0;
+- if (!dev)
+- return 1;
+-
+- fd = dev_open(dev, O_RDONLY|O_EXCL);
+- if (fd < 0) {
+- if (verbose)
+- pr_err("ddf: Cannot open %s: %s\n",
+- dev, strerror(errno));
+- return 0;
+- }
+- if (!get_dev_size(fd, dev, &ldsize)) {
+- close(fd);
+- return 0;
+- }
+- close(fd);
+- if (freesize) {
+- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
+- if (*freesize == 0)
+- return 0;
+- }
+-
+- return 1;
+-}
+-
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
new file mode 100644
index 0000000000..fafe88b49c
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
@@ -0,0 +1,56 @@
+From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:08 -0600
+Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in
+ validate_geometry_ddf()
+
+A relatively recent patch added a call to validate_geometry() in
+Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL.
+
+This causes some ddf tests to segfault which aborts the test suite.
+
+To fix this, avoid dereferencing chunk when the level is
+LEVEL_CONTAINER or LEVEL_NONE.
+
+Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container")
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 65cf727..3ef1293 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ * If given BVDs, we make an SVD, changing all the GUIDs in the process.
+ */
+
+- if (*chunk == UnSet)
+- *chunk = DEFAULT_CHUNK;
+-
+ if (level == LEVEL_NONE)
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ freesize, verbose);
+ }
+
++ if (*chunk == UnSet)
++ *chunk = DEFAULT_CHUNK;
++
+ if (!dev) {
+ mdu_array_info_t array = {
+ .level = level,
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
new file mode 100644
index 0000000000..a954ab027a
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
@@ -0,0 +1,91 @@
+From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:09 -0600
+Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork
+
+The test 07reshape-grow fails most of the time. But it succeeds around
+1 in 5 times. When it does succeed, it causes the tests to die because
+mdadm has segfaulted.
+
+The segfault was caused by mdadm attempting to repoen a file
+descriptor that was already closed. The backtrace of the segfault
+was:
+
+ #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
+ #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
+ #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
+ at util.c:1072
+ #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
+ #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
+ #5 0x000056146e329f36 in start_array (mdfd=4,
+ mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
+ st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
+ bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
+ sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
+ clean=1, avail=0x56146fc78720 "\001\001\001\001\001",
+ start_partial_ok=0, err_ok=0, was_forced=0)
+ at Assemble.c:1206
+ #6 0x000056146e32c36e in Assemble (st=0x56146fc78660,
+ mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
+ devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
+ at Assemble.c:1914
+ #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
+ at mdadm.c:1510
+
+The file descriptor was closed early in Grow_continue(). The noted commit
+moved the close() call to close the fd above the fork which caused the
+parent process to return with a closed fd.
+
+This meant reshape_array() and Grow_continue() would return in the parent
+with the fd forked. The fd would eventually be passed to reopen_mddev()
+which returned an unhandled NULL from fd2devnm() which would then be
+dereferenced in devnm2devid.
+
+Fix this by moving the close() call below the fork. This appears to
+fix the 07revert-grow test. While we're at it, switch to using
+close_fd() to invalidate the file descriptor.
+
+Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time")
+Cc: Alex Wu <alexwu@synology.com>
+Cc: BingJing Chang <bingjingc@synology.com>
+Cc: Danny Shih <dannyshih@synology.com>
+Cc: ChangSyun Peng <allenpeng@synology.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Grow.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Grow.c b/Grow.c
+index 9c6fc95..a8e4e83 100644
+--- a/Grow.c
++++ b/Grow.c
+@@ -3501,7 +3501,6 @@ started:
+ return 0;
+ }
+
+- close(fd);
+ /* Now we just need to kick off the reshape and watch, while
+ * handling backups of the data...
+ * This is all done by a forked background process.
+@@ -3522,6 +3521,9 @@ started:
+ break;
+ }
+
++ /* Close unused file descriptor in the forked process */
++ close_fd(&fd);
++
+ /* If another array on the same devices is busy, the
+ * reshape will wait for them. This would mean that
+ * the first section that we suspend will stay suspended
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
new file mode 100644
index 0000000000..72cb40f782
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
@@ -0,0 +1,42 @@
+From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:10 -0600
+Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks
+
+Not all struct superswitch implement a get_bad_blocks() function,
+yet mdmon seems to call it without checking for NULL and thus
+occasionally segfaults in the test 10ddf-geometry.
+
+Fix this by checking for NULL before calling it.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ monitor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/monitor.c b/monitor.c
+index afc3e50..8e43c0d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi)
+ struct md_bb *bb;
+ int i;
+
++ if (!ss->get_bad_blocks)
++ return -1;
++
+ /*
+ * Get a list of bad blocks for an array, then read list of
+ * acknowledged bad blocks from kernel and compare it against metadata
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 0000000000..c55bfb125b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ test | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
++++ b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++ -a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all tests
++ --skip-broken Skip tests that are known to be broken
++ --skip-always-broken Skip tests that are known to always fail
+ --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk
+ --disks= Provide a bunch of physical devices for test
+ --volgroup=name LVM volume group for LVM test
+@@ -211,6 +234,12 @@ parse_args() {
+ --keep-going | --no-error )
+ exitonerror=0
+ ;;
++ --skip-broken )
++ skipbroken=all
++ ;;
++ --skip-always-broken )
++ skipbroken=always
++ ;;
+ --disable-multipath )
+ unset MULTIPATH
+ ;;
+@@ -275,7 +304,11 @@ main() {
+ if [ $script == "$testdir/11spare-migration" ];then
+ continue
+ fi
+- do_test $script
++ case $script in
++ *.broken) ;;
++ *)
++ do_test $script
++ esac
+ done
+ fi
+
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
new file mode 100644
index 0000000000..115b23bac5
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
@@ -0,0 +1,454 @@
+From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:19 -0600
+Subject: [PATCH 6/6] tests: Add broken files for all broken tests
+
+Each broken file contains the rough frequency of brokeness as well
+as a brief explanation of what happens when it breaks. Estimates
+of failure rates are not statistically significant and can vary
+run to run.
+
+This is really just a view from my window. Tests were done on a
+small VM with the default loop devices, not real hardware. We've
+seen different kernel configurations can cause bugs to appear as well
+(ie. different block schedulers). It may also be that different race
+conditions will be seen on machines with different performance
+characteristics.
+
+These annotations were done with the kernel currently in md/md-next:
+
+ facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ tests/01r5integ.broken | 7 ++++
+ tests/01raid6integ.broken | 7 ++++
+ tests/04r5swap.broken | 7 ++++
+ tests/07autoassemble.broken | 8 ++++
+ tests/07autodetect.broken | 5 +++
+ tests/07changelevelintr.broken | 9 +++++
+ tests/07changelevels.broken | 9 +++++
+ tests/07reshape5intr.broken | 45 ++++++++++++++++++++++
+ tests/07revert-grow.broken | 31 +++++++++++++++
+ tests/07revert-shrink.broken | 9 +++++
+ tests/07testreshape5.broken | 12 ++++++
+ tests/09imsm-assemble.broken | 6 +++
+ tests/09imsm-create-fail-rebuild.broken | 5 +++
+ tests/09imsm-overlap.broken | 7 ++++
+ tests/10ddf-assemble-missing.broken | 6 +++
+ tests/10ddf-fail-create-race.broken | 7 ++++
+ tests/10ddf-fail-two-spares.broken | 5 +++
+ tests/10ddf-incremental-wrong-order.broken | 9 +++++
+ tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++
+ tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++
+ tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++
+ tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++
+ tests/19raid6auto-repair.broken | 5 +++
+ tests/19raid6repair.broken | 5 +++
+ 24 files changed, 226 insertions(+)
+ create mode 100644 tests/01r5integ.broken
+ create mode 100644 tests/01raid6integ.broken
+ create mode 100644 tests/04r5swap.broken
+ create mode 100644 tests/07autoassemble.broken
+ create mode 100644 tests/07autodetect.broken
+ create mode 100644 tests/07changelevelintr.broken
+ create mode 100644 tests/07changelevels.broken
+ create mode 100644 tests/07reshape5intr.broken
+ create mode 100644 tests/07revert-grow.broken
+ create mode 100644 tests/07revert-shrink.broken
+ create mode 100644 tests/07testreshape5.broken
+ create mode 100644 tests/09imsm-assemble.broken
+ create mode 100644 tests/09imsm-create-fail-rebuild.broken
+ create mode 100644 tests/09imsm-overlap.broken
+ create mode 100644 tests/10ddf-assemble-missing.broken
+ create mode 100644 tests/10ddf-fail-create-race.broken
+ create mode 100644 tests/10ddf-fail-two-spares.broken
+ create mode 100644 tests/10ddf-incremental-wrong-order.broken
+ create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken
+ create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken
+ create mode 100644 tests/19raid6auto-repair.broken
+ create mode 100644 tests/19raid6repair.broken
+
+diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken
+new file mode 100644
+index 0000000..2073763
+--- /dev/null
++++ b/tests/01r5integ.broken
+@@ -0,0 +1,7 @@
++fails rarely
++
++Fails about 1 in every 30 runs with a sha mismatch error:
++
++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match
++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3
++ missing
+diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken
+new file mode 100644
+index 0000000..1df735f
+--- /dev/null
++++ b/tests/01raid6integ.broken
+@@ -0,0 +1,7 @@
++fails infrequently
++
++Fails about 1 in 5 with a sha mismatch:
++
++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match
++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and
++ /dev/loop3 missing
+diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken
+new file mode 100644
+index 0000000..e38987d
+--- /dev/null
++++ b/tests/04r5swap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 has no superblock - assembly aborted
++
++ ERROR: no recovery happening
+diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken
+new file mode 100644
+index 0000000..8be0940
+--- /dev/null
++++ b/tests/07autoassemble.broken
+@@ -0,0 +1,8 @@
++always fails
++
++Prints lots of messages, but the array doesn't assemble. Error
++possibly related to:
++
++ mdadm: /dev/md/1 is busy - skipping
++ mdadm: no recogniseable superblock on /dev/md/testing:0
++ mdadm: /dev/md/2 is busy - skipping
+diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken
+new file mode 100644
+index 0000000..294954a
+--- /dev/null
++++ b/tests/07autodetect.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ ERROR: no resync happening
+diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken
+new file mode 100644
+index 0000000..284b490
+--- /dev/null
++++ b/tests/07changelevelintr.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 56832
++
++ ERROR: no reshape happening
+diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken
+new file mode 100644
+index 0000000..9b930d9
+--- /dev/null
++++ b/tests/07changelevels.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata
++
++ ERROR: /dev/md0 isn't a block device.
+diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken
+new file mode 100644
+index 0000000..efe52a6
+--- /dev/null
++++ b/tests/07reshape5intr.broken
+@@ -0,0 +1,45 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex
++held")
++
++The new error is simply:
++
++ ERROR: no reshape happening
++
++Before the patch, the error seen is below.
++
++--
++
++fails infrequently
++
++Fails roughly 1 in 4 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: cannot re-read metadata from /dev/loop6 - aborting
++
++ ERROR: no reshape happening
++
++Also have seen a random deadlock:
++
++ INFO: task mdadm:109702 blocked for more than 30 seconds.
++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040
++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000
++ Call Trace:
++ <TASK>
++ __schedule+0x67e/0x13b0
++ schedule+0x82/0x110
++ mddev_suspend+0x2e1/0x330
++ suspend_lo_store+0xbd/0x140
++ md_attr_store+0xcb/0x130
++ sysfs_kf_write+0x89/0xb0
++ kernfs_fop_write_iter+0x202/0x2c0
++ new_sync_write+0x222/0x330
++ vfs_write+0x3bc/0x4d0
++ ksys_write+0xd9/0x180
++ __x64_sys_write+0x43/0x50
++ do_syscall_64+0x3b/0x90
++ entry_SYSCALL_64_after_hwframe+0x44/0xae
+diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken
+new file mode 100644
+index 0000000..9b6db86
+--- /dev/null
++++ b/tests/07revert-grow.broken
+@@ -0,0 +1,31 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held")
++
++The errors are:
++
++ mdadm: No active reshape to revert on /dev/loop0
++ ERROR: active raid5 not found
++
++Before the patch, the error seen is below.
++
++--
++
++fails rarely
++
++Fails about 1 in every 30 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory
++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument
++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it
++ (use --run to insist).
++
++ grep: /sys/block/md*/md/sync_action: No such file or directory
++
++ ERROR: active raid5 not found
+diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken
+new file mode 100644
+index 0000000..c33c39e
+--- /dev/null
++++ b/tests/07revert-shrink.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 53760
++
++ ERROR: active raid5 not found
+diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken
+new file mode 100644
+index 0000000..a8ce03e
+--- /dev/null
++++ b/tests/07testreshape5.broken
+@@ -0,0 +1,12 @@
++always fails
++
++Test seems to run 'test_stripe' at $dir directory, but $dir is never
++set. If $dir is adjusted to $PWD, the test still fails with:
++
++ mdadm: /dev/loop2 is not suitable for this array.
++ mdadm: create aborted
++ ++ return 1
++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile
++ ++ echo cmp failed
++ cmp failed
++ ++ exit 2
+diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken
+new file mode 100644
+index 0000000..a6d4d5c
+--- /dev/null
++++ b/tests/09imsm-assemble.broken
+@@ -0,0 +1,6 @@
++fails infrequently
++
++Fails roughly 1 in 10 runs with errors:
++
++ mdadm: /dev/loop2 is still in use, cannot remove.
++ /dev/loop2 removal from /dev/md/container should have succeeded
+diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken
+new file mode 100644
+index 0000000..40c4b29
+--- /dev/null
++++ b/tests/09imsm-create-fail-rebuild.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ **Error**: Array size mismatch - expected 3072, actual 16384
+diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken
+new file mode 100644
+index 0000000..e7ccab7
+--- /dev/null
++++ b/tests/09imsm-overlap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ **Error**: Offset mismatch - expected 15360, actual 0
++ **Error**: Offset mismatch - expected 15360, actual 0
++ /dev/md/vol3 failed check
+diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken
+new file mode 100644
+index 0000000..bfd8d10
+--- /dev/null
++++ b/tests/10ddf-assemble-missing.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with errors:
++
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
+diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken
+new file mode 100644
+index 0000000..6c0df02
+--- /dev/null
++++ b/tests/10ddf-fail-create-race.broken
+@@ -0,0 +1,7 @@
++usually fails
++
++Fails about 9 out of 10 times with many errors:
++
++ mdadm: cannot open MISSING: No such file or directory
++ ERROR: non-degraded array found
++ ERROR: disk 0 not marked as failed in meta data
+diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken
+new file mode 100644
+index 0000000..eeea56d
+--- /dev/null
++++ b/tests/10ddf-fail-two-spares.broken
+@@ -0,0 +1,5 @@
++fails infrequently
++
++Fails roughly 1 in 3 with error:
++
++ ERROR: /dev/md/vol1 should be optimal in meta data
+diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken
+new file mode 100644
+index 0000000..a5af3ba
+--- /dev/null
++++ b/tests/10ddf-incremental-wrong-order.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++ ERROR: sha1sum of /dev/md/vol0 has changed
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8
++ ERROR: unexpected number of online disks on /dev/loop8
++ ERROR: sha1sum of /dev/md/vol0 has changed
+diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken
+new file mode 100644
+index 0000000..4ef1d40
+--- /dev/null
++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk")
+diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..89cd4e5
+--- /dev/null
++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..a27399f
+--- /dev/null
++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+@@ -0,0 +1,5 @@
++fails rarely
++
++Fails about 1 run in 100 with message:
++
++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0
+diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+new file mode 100644
+index 0000000..aa1982e
+--- /dev/null
++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6auto-repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/run-ptest b/poky/meta/recipes-extended/mdadm/files/run-ptest
index fae8071d43..2380c322a9 100644
--- a/poky/meta/recipes-extended/mdadm/files/run-ptest
+++ b/poky/meta/recipes-extended/mdadm/files/run-ptest
@@ -2,6 +2,6 @@
mkdir -p /mdadm-testing-dir
# make the test continue to execute even one fail
-dir=. ./test --keep-going --disable-integrity
+dir=. ./test --keep-going --disable-integrity --skip-broken
rm -rf /mdadm-testing-dir/*
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 14de9d88c2..50d9548747 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -32,6 +32,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
+ file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \
+ file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
+ file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
+ file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
+ file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
+ file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -101,10 +107,9 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
- util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
index 5e68a7ea92..b8c867161b 100644
--- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb
+++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/"
SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz"
-SRC_URI[sha256sum] = "cf04c16b099b3d414db4b5b93fc5ed9d46aad564c81a352aa107a33964c356b8"
+SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59"
inherit gettext autotools update-alternatives pkgconfig
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
new file mode 100644
index 0000000000..95c437df4f
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
@@ -0,0 +1,39 @@
+From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Jul 2023 07:48:17 -0700
+Subject: [PATCH] examples: Replace use of termio.h with termios.h
+
+Fixes build with musl and makes it portable
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ examples/tty_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/examples/tty_conv.c b/examples/tty_conv.c
+index 23f0684..db22500 100644
+--- a/examples/tty_conv.c
++++ b/examples/tty_conv.c
+@@ -6,7 +6,8 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <unistd.h>
+-#include <termio.h>
++#include <termios.h>
++#include <sys/ioctl.h>
+ #include <security/pam_appl.h>
+
+ /***************************************
+@@ -16,7 +17,7 @@
+ ***************************************/
+ static void echoOff(int fd, int off)
+ {
+- struct termio tty;
++ struct termios tty;
+ if (ioctl(fd, TCGETA, &tty) < 0)
+ {
+ fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
+--
+2.41.0
+
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
deleted file mode 100644
index 94dcb04f0a..0000000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
-From: Per Jessen <per@jessen.ch>
-Date: Fri, 22 Apr 2022 18:15:36 +0200
-Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
-
-When using scandir() to look for MOTD files to display, we wrongly
-relied on all filesystems providing a filetype. This is a fix to divert
-to lstat() when we have no filetype. To maintain MT safety, it isn't
-possible to use lstat() in the scandir() filter function, so all of the
-filtering has been moved to an additional loop after scanning all the
-motd dirs.
-Also, remove superfluous alphasort from scandir(), we are doing
-a qsort() later.
-
-Resolves: https://github.com/linux-pam/linux-pam/issues/455
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
-
-Signed-off-by: Per Jessen <per@jessen.ch>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
- 1 file changed, 40 insertions(+), 9 deletions(-)
-
-diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
-index 6ac8cba2..5ca486e4 100644
---- a/modules/pam_motd/pam_motd.c
-+++ b/modules/pam_motd/pam_motd.c
-@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
- }
- }
-
--static int filter_dirents(const struct dirent *d)
--{
-- return (d->d_type == DT_REG || d->d_type == DT_LNK);
--}
--
- static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
- {
-@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
-
- for (i = 0; i < num_motd_dirs; i++) {
- int rv;
-- rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
-- filter_dirents, alphasort);
-+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
- if (rv < 0) {
- if (errno != ENOENT || report_missing) {
- pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
-@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- if (dirscans_size_total == 0)
- goto out;
-
-+ /* filter out unwanted names, directories, and complement data with lstat() */
-+ for (i = 0; i < num_motd_dirs; i++) {
-+ struct dirent **d = dirscans[i];
-+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
-+ int rc;
-+ char *fullpath;
-+ struct stat s;
-+
-+ switch(d[j]->d_type) { /* the filetype determines how to proceed */
-+ case DT_REG: /* regular files and */
-+ case DT_LNK: /* symlinks */
-+ continue; /* are good. */
-+ case DT_UNKNOWN: /* for file systems that do not provide */
-+ /* a filetype, we use lstat() */
-+ if (join_dir_strings(&fullpath, motd_dir_path_split[i],
-+ d[j]->d_name) <= 0)
-+ break;
-+ rc = lstat(fullpath, &s);
-+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */
-+ if (rc != 0) /* if the lstat() somehow failed */
-+ break;
-+
-+ if (S_ISREG(s.st_mode) || /* regular files and */
-+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */
-+ break;
-+ case DT_DIR: /* We don't want directories */
-+ default: /* nor anything else */
-+ break;
-+ }
-+ _pam_drop(d[j]); /* free memory */
-+ d[j] = NULL; /* indicate this one was dropped */
-+ dirscans_size_total--;
-+ }
-+ }
-+
- /* Allocate space for all file names found in the directories, including duplicates. */
- if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
- pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
-@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- unsigned int j;
-
- for (j = 0; j < dirscans_sizes[i]; j++) {
-- dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
-- i_dirnames++;
-+ if (NULL != dirscans[i][j]) {
-+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
-+ i_dirnames++;
-+ }
- }
- }
-
---
-2.39.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
deleted file mode 100644
index 40040a873a..0000000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 27 Oct 2021 10:30:46 +0800
-Subject: [PATCH] run-xtests.sh: check whether files exist
-
-Fixes:
- # ./run-xtests.sh . tst-pam_access1
- mv: cannot stat '/etc/security/opasswd': No such file or directory
- PASS: tst-pam_access1
- mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory
- ==================
- 1 tests passed
- 0 tests not run
- ==================
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- xtests/run-xtests.sh | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
-index 14f585d9..ff9a4dc1 100755
---- a/xtests/run-xtests.sh
-+++ b/xtests/run-xtests.sh
-@@ -18,10 +18,12 @@ all=0
-
- mkdir -p /etc/security
- for config in access.conf group.conf time.conf limits.conf ; do
-- cp /etc/security/$config /etc/security/$config-pam-xtests
-+ [ -f "/etc/security/$config" ] &&
-+ mv /etc/security/$config /etc/security/$config-pam-xtests
- install -m 644 "${SRCDIR}"/$config /etc/security/$config
- done
--mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
-+[ -f /etc/security/opasswd ] &&
-+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
-
- for testname in $XTESTS ; do
- for cfg in "${SRCDIR}"/$testname*.pamd ; do
-@@ -47,11 +49,15 @@ for testname in $XTESTS ; do
- all=`expr $all + 1`
- rm -f /etc/pam.d/$testname*
- done
--mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
--mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
--mv /etc/security/time.conf-pam-xtests /etc/security/time.conf
--mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
--mv /etc/security/opasswd-pam-xtests /etc/security/opasswd
-+
-+for config in access.conf group.conf time.conf limits.conf opasswd ; do
-+ if [ -f "/etc/security/$config-pam-xtests" ]; then
-+ mv /etc/security/$config-pam-xtests /etc/security/$config
-+ else
-+ rm -f /etc/security/$config
-+ fi
-+done
-+
- if test "$failed" -ne 0; then
- echo "==================="
- echo "$failed of $all tests failed"
---
-2.32.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
deleted file mode 100644
index e7bf03f9f7..0000000000
--- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001
-From: Thorsten Kukuk <kukuk@suse.com>
-Date: Thu, 24 Feb 2022 10:37:32 +0100
-Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf
-
-According to the manual page, the following entry is valid but does not
-work:
--:root:ALL EXCEPT localhost
-
-See https://bugzilla.suse.com/show_bug.cgi?id=1019866
-
-Patched is based on PR#226 from Josef Moellers
-
-Upstream-Status: Backport
-CVE: CVE-2022-28321
-
-Reference to upstream patch:
-[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f]
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++-------
- 1 file changed, 76 insertions(+), 19 deletions(-)
-
-diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
-index 277192b..bca424f 100644
---- a/modules/pam_access/pam_access.c
-+++ b/modules/pam_access/pam_access.c
-@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
- if ((str_len = strlen(string)) > tok_len
- && strcasecmp(tok, string + str_len - tok_len) == 0)
- return YES;
-- } else if (tok[tok_len - 1] == '.') {
-+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */
- struct addrinfo hint;
-
- memset (&hint, '\0', sizeof (hint));
-@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
- return NO;
- }
-
-- /* Assume network/netmask with an IP of a host. */
-+ /* Assume network/netmask, IP address or hostname. */
- return network_netmask_match(pamh, tok, string, item);
- }
-
-@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
- /*
- * If the token has the magic value "ALL" the match always succeeds.
- * Otherwise, return YES if the token fully matches the string.
-- * "NONE" token matches NULL string.
-+ * "NONE" token matches NULL string.
- */
-
- if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
-@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
-
- /* network_netmask_match - match a string against one token
- * where string is a hostname or ip (v4,v6) address and tok
-- * represents either a single ip (v4,v6) address or a network/netmask
-+ * represents either a hostname, a single ip (v4,v6) address
-+ * or a network/netmask
- */
- static int
- network_netmask_match (pam_handle_t *pamh,
-@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh,
- char *netmask_ptr;
- char netmask_string[MAXHOSTNAMELEN + 1];
- int addr_type;
-+ struct addrinfo *ai = NULL;
-
- if (item->debug)
-- pam_syslog (pamh, LOG_DEBUG,
-+ pam_syslog (pamh, LOG_DEBUG,
- "network_netmask_match: tok=%s, item=%s", tok, string);
-+
- /* OK, check if tok is of type addr/mask */
- if ((netmask_ptr = strchr(tok, '/')) != NULL)
- {
-@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh,
- netmask_ptr = number_to_netmask(netmask, addr_type,
- netmask_string, MAXHOSTNAMELEN);
- }
-- }
-+
-+ /*
-+ * Construct an addrinfo list from the IP address.
-+ * This should not fail as the input is a correct IP address...
-+ */
-+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
-+ {
-+ return NO;
-+ }
-+ }
- else
-- /* NO, then check if it is only an addr */
-- if (isipaddr(tok, NULL, NULL) != YES)
-+ {
-+ /*
-+ * It is either an IP address or a hostname.
-+ * Let getaddrinfo sort everything out
-+ */
-+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
- {
-+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
-+
- return NO;
- }
-+ netmask_ptr = NULL;
-+ }
-
- if (isipaddr(string, NULL, NULL) != YES)
- {
-- /* Assume network/netmask with a name of a host. */
- struct addrinfo hint;
-
-+ /* Assume network/netmask with a name of a host. */
- memset (&hint, '\0', sizeof (hint));
- hint.ai_flags = AI_CANONNAME;
- hint.ai_family = AF_UNSPEC;
-
- if (item->gai_rv != 0)
-+ {
-+ freeaddrinfo(ai);
- return NO;
-+ }
- else if (!item->res &&
- (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0)
-+ {
-+ freeaddrinfo(ai);
- return NO;
-+ }
- else
- {
- struct addrinfo *runp = item->res;
-+ struct addrinfo *runp1;
-
- while (runp != NULL)
- {
- char buf[INET6_ADDRSTRLEN];
-
-- DIAG_PUSH_IGNORE_CAST_ALIGN;
-- inet_ntop (runp->ai_family,
-- runp->ai_family == AF_INET
-- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
-- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
-- buf, sizeof (buf));
-- DIAG_POP_IGNORE_CAST_ALIGN;
-+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0)
-+ {
-+ freeaddrinfo(ai);
-+ return NO;
-+ }
-
-- if (are_addresses_equal(buf, tok, netmask_ptr))
-+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
- {
-- return YES;
-+ char buf1[INET6_ADDRSTRLEN];
-+
-+ if (runp->ai_family != runp1->ai_family)
-+ continue;
-+
-+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0)
-+ {
-+ freeaddrinfo(ai);
-+ return NO;
-+ }
-+
-+ if (are_addresses_equal (buf, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
- }
- runp = runp->ai_next;
- }
- }
- }
- else
-- return (are_addresses_equal(string, tok, netmask_ptr));
-+ {
-+ struct addrinfo *runp1;
-+
-+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
-+ {
-+ char buf1[INET6_ADDRSTRLEN];
-+
-+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
-+
-+ if (are_addresses_equal(string, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
-+ }
-+ }
-+
-+ freeaddrinfo(ai);
-
- return NO;
- }
---
-2.37.3
-
diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
index bec47ab836..eafb5aae43 100644
--- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -21,14 +21,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
file://pam.d/common-session-noninteractive \
file://pam.d/other \
file://libpam-xtests.patch \
- file://0001-run-xtests.sh-check-whether-files-exist.patch \
+ file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \
file://run-ptest \
file://pam-volatiles.conf \
- file://CVE-2022-28321-0002.patch \
- file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
"
-SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
+SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
index cc3420df4e..dc0e957bda 100644
--- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb
+++ b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
@@ -72,10 +72,6 @@ python __anonymous() {
d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}
-# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
-CVE_CHECK_IGNORE += "CVE-2018-1121"
-
PROCPS_PACKAGES = "${PN}-lib \
${PN}-ps \
${PN}-sysctl"
diff --git a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
index 8a68dd341a..09df77d2e7 100644
--- a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
+++ b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0
#
# /etc/login.defs - Configuration control definitions for the shadow package.
#
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/login b/poky/meta/recipes-extended/shadow/files/pam.d/login
index b340058539..d39e09b1ea 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/login
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/login
@@ -57,10 +57,6 @@ auth optional pam_group.so
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session optional pam_lastlog.so
-
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index e05fa237a2..6580bd9166 100644
--- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow"
BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
SECTION = "base utils"
LICENSE = "BSD-3-Clause | Artistic-1.0"
-LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5"
+LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed"
DEPENDS = "base-passwd"
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index cf05a3af93..83e1a84769 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -65,14 +65,11 @@ PAM_PLUGINS = "libpam-runtime \
pam-plugin-env \
pam-plugin-group \
pam-plugin-limits \
- pam-plugin-lastlog \
pam-plugin-motd \
pam-plugin-mail \
pam-plugin-shells \
pam-plugin-rootok"
-PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog"
-
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
index d1a3fd5593..4e55446312 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
@@ -6,9 +6,6 @@ BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p
BBCLASSEXTEND = "native nativesdk"
-# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
-CVE_CHECK_IGNORE += "CVE-2013-4235"
-
-# This is an issue for a different shadow
-CVE_CHECK_IGNORE += "CVE-2016-15024"
+CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
+CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow"
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index 3051e9b5bc..a53663d086 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -39,8 +39,7 @@ UPSTREAM_VERSION_UNKNOWN = "1"
SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
-# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
-CVE_CHECK_IGNORE += "CVE-2008-0888"
+CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source"
# exclude version 5.5.2 which triggers a false positive
UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index c390fcf33c..72eb1ae067 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -18,7 +18,7 @@ SRCREV = "6a4af7786630ce48747d9687e2f18f45ea6684c4"
S = "${WORKDIR}/git"
# https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision
-CVE_CHECK_IGNORE += "CVE-2013-4342"
+CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision"
inherit autotools update-rc.d systemd pkgconfig
diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb
index 82153131b4..3425e8eb7b 100644
--- a/poky/meta/recipes-extended/zip/zip_3.0.bb
+++ b/poky/meta/recipes-extended/zip/zip_3.0.bb
@@ -26,11 +26,8 @@ UPSTREAM_VERSION_UNKNOWN = "1"
SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
-# Disputed and also Debian doesn't consider a vulnerability
-CVE_CHECK_IGNORE += "CVE-2018-13410"
-
-# Not for zip but for smart contract implementation for it
-CVE_CHECK_IGNORE += "CVE-2018-13684"
+CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability"
+CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it"
# zip.inc sets CFLAGS, but what Makefile actually uses is
# CFLAGS_NOOPT. It will also force -O3 optimization, overriding
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
index ea22723a97..c97ede459d 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
@@ -38,3 +38,6 @@ PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false"
FILES:${PN} += "${datadir}/dbus-1 ${datadir}/gnome-shell/search-providers ${datadir}/metainfo"
RDEPENDS:${PN} = "iso-codes adwaita-icon-theme gsettings-desktop-schemas"
+
+# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86
+COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}"
diff --git a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
index 08e9899d00..6888c33d14 100644
--- a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
+++ b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
@@ -33,4 +33,4 @@ RCONFLICTS:${PN} += "libnotify3"
RREPLACES:${PN} += "libnotify3"
# -7381 is specific to the NodeJS bindings
-CVE_CHECK_IGNORE += "CVE-2013-7381"
+CVE_STATUS[CVE-2013-7381] = "cpe-incorrect: The issue is specific to the NodeJS bindings"
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
index d73d1ae693..8d790c32f8 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
+++ b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
@@ -3,13 +3,18 @@
# from Cargo.lock
SRC_URI += " \
crate://crates.io/adler/1.0.2 \
- crate://crates.io/aho-corasick/0.7.20 \
+ crate://crates.io/aho-corasick/1.0.1 \
+ crate://crates.io/android-tzdata/0.1.1 \
crate://crates.io/android_system_properties/0.1.5 \
crate://crates.io/anes/0.1.6 \
- crate://crates.io/anstyle/0.3.4 \
- crate://crates.io/anyhow/1.0.69 \
+ crate://crates.io/anstream/0.3.2 \
+ crate://crates.io/anstyle/1.0.0 \
+ crate://crates.io/anstyle-parse/0.2.0 \
+ crate://crates.io/anstyle-query/1.0.0 \
+ crate://crates.io/anstyle-wincon/1.0.1 \
+ crate://crates.io/anyhow/1.0.71 \
crate://crates.io/approx/0.5.1 \
- crate://crates.io/assert_cmd/2.0.10 \
+ crate://crates.io/assert_cmd/2.0.11 \
crate://crates.io/atty/0.2.14 \
crate://crates.io/autocfg/1.1.0 \
crate://crates.io/base-x/0.2.11 \
@@ -17,44 +22,41 @@ SRC_URI += " \
crate://crates.io/bit-vec/0.6.3 \
crate://crates.io/bitflags/1.3.2 \
crate://crates.io/block/0.1.6 \
- crate://crates.io/bstr/1.3.0 \
- crate://crates.io/bumpalo/3.12.0 \
+ crate://crates.io/bstr/1.5.0 \
+ crate://crates.io/bumpalo/3.13.0 \
crate://crates.io/bytemuck/1.13.1 \
crate://crates.io/byteorder/1.4.3 \
crate://crates.io/cairo-rs/0.17.0 \
crate://crates.io/cairo-sys-rs/0.17.0 \
crate://crates.io/cast/0.3.0 \
crate://crates.io/cc/1.0.79 \
- crate://crates.io/cfg-expr/0.11.0 \
+ crate://crates.io/cfg-expr/0.15.1 \
crate://crates.io/cfg-if/1.0.0 \
- crate://crates.io/chrono/0.4.24 \
- crate://crates.io/ciborium/0.2.0 \
- crate://crates.io/ciborium-io/0.2.0 \
- crate://crates.io/ciborium-ll/0.2.0 \
- crate://crates.io/clap/3.2.23 \
- crate://crates.io/clap/4.1.9 \
- crate://crates.io/clap_complete/4.1.5 \
- crate://crates.io/clap_derive/4.1.9 \
+ crate://crates.io/chrono/0.4.25 \
+ crate://crates.io/ciborium/0.2.1 \
+ crate://crates.io/ciborium-io/0.2.1 \
+ crate://crates.io/ciborium-ll/0.2.1 \
+ crate://crates.io/clap/3.2.25 \
+ crate://crates.io/clap/4.3.0 \
+ crate://crates.io/clap_builder/4.3.0 \
+ crate://crates.io/clap_complete/4.3.0 \
+ crate://crates.io/clap_derive/4.3.0 \
crate://crates.io/clap_lex/0.2.4 \
- crate://crates.io/clap_lex/0.3.3 \
- crate://crates.io/codespan-reporting/0.11.1 \
+ crate://crates.io/clap_lex/0.5.0 \
+ crate://crates.io/colorchoice/1.0.0 \
crate://crates.io/const-cstr/0.3.0 \
crate://crates.io/const_fn/0.4.9 \
crate://crates.io/convert_case/0.4.0 \
- crate://crates.io/core-foundation-sys/0.8.3 \
+ crate://crates.io/core-foundation-sys/0.8.4 \
crate://crates.io/crc32fast/1.3.2 \
crate://crates.io/criterion/0.4.0 \
crate://crates.io/criterion-plot/0.5.0 \
- crate://crates.io/crossbeam-channel/0.5.7 \
+ crate://crates.io/crossbeam-channel/0.5.8 \
crate://crates.io/crossbeam-deque/0.8.3 \
crate://crates.io/crossbeam-epoch/0.9.14 \
crate://crates.io/crossbeam-utils/0.8.15 \
crate://crates.io/cssparser/0.29.6 \
crate://crates.io/cssparser-macros/0.6.0 \
- crate://crates.io/cxx/1.0.92 \
- crate://crates.io/cxx-build/1.0.92 \
- crate://crates.io/cxxbridge-flags/1.0.92 \
- crate://crates.io/cxxbridge-macro/1.0.92 \
crate://crates.io/data-url/0.2.0 \
crate://crates.io/derive_more/0.99.17 \
crate://crates.io/difflib/0.4.0 \
@@ -71,30 +73,32 @@ SRC_URI += " \
crate://crates.io/encoding-index-singlebyte/1.20141219.5 \
crate://crates.io/encoding-index-tradchinese/1.20141219.5 \
crate://crates.io/encoding_index_tests/0.1.4 \
- crate://crates.io/errno/0.2.8 \
+ crate://crates.io/encoding_rs/0.8.32 \
+ crate://crates.io/errno/0.3.1 \
crate://crates.io/errno-dragonfly/0.1.2 \
crate://crates.io/fastrand/1.9.0 \
- crate://crates.io/flate2/1.0.25 \
+ crate://crates.io/fdeflate/0.3.0 \
+ crate://crates.io/flate2/1.0.26 \
crate://crates.io/float-cmp/0.9.0 \
crate://crates.io/fnv/1.0.7 \
crate://crates.io/form_urlencoded/1.1.0 \
crate://crates.io/futf/0.1.5 \
- crate://crates.io/futures-channel/0.3.27 \
- crate://crates.io/futures-core/0.3.27 \
- crate://crates.io/futures-executor/0.3.27 \
- crate://crates.io/futures-io/0.3.27 \
- crate://crates.io/futures-macro/0.3.27 \
- crate://crates.io/futures-task/0.3.27 \
- crate://crates.io/futures-util/0.3.27 \
+ crate://crates.io/futures-channel/0.3.28 \
+ crate://crates.io/futures-core/0.3.28 \
+ crate://crates.io/futures-executor/0.3.28 \
+ crate://crates.io/futures-io/0.3.28 \
+ crate://crates.io/futures-macro/0.3.28 \
+ crate://crates.io/futures-task/0.3.28 \
+ crate://crates.io/futures-util/0.3.28 \
crate://crates.io/fxhash/0.2.1 \
crate://crates.io/gdk-pixbuf/0.17.0 \
crate://crates.io/gdk-pixbuf-sys/0.17.0 \
crate://crates.io/getrandom/0.1.16 \
- crate://crates.io/getrandom/0.2.8 \
- crate://crates.io/gio/0.17.4 \
+ crate://crates.io/getrandom/0.2.9 \
+ crate://crates.io/gio/0.17.9 \
crate://crates.io/gio-sys/0.17.4 \
- crate://crates.io/glib/0.17.5 \
- crate://crates.io/glib-macros/0.17.5 \
+ crate://crates.io/glib/0.17.9 \
+ crate://crates.io/glib-macros/0.17.9 \
crate://crates.io/glib-sys/0.17.4 \
crate://crates.io/gobject-sys/0.17.4 \
crate://crates.io/half/1.8.2 \
@@ -103,36 +107,35 @@ SRC_URI += " \
crate://crates.io/hermit-abi/0.1.19 \
crate://crates.io/hermit-abi/0.2.6 \
crate://crates.io/hermit-abi/0.3.1 \
- crate://crates.io/iana-time-zone/0.1.53 \
- crate://crates.io/iana-time-zone-haiku/0.1.1 \
+ crate://crates.io/iana-time-zone/0.1.56 \
+ crate://crates.io/iana-time-zone-haiku/0.1.2 \
crate://crates.io/idna/0.3.0 \
- crate://crates.io/indexmap/1.9.2 \
+ crate://crates.io/indexmap/1.9.3 \
crate://crates.io/instant/0.1.12 \
- crate://crates.io/io-lifetimes/1.0.7 \
- crate://crates.io/is-terminal/0.4.4 \
+ crate://crates.io/io-lifetimes/1.0.11 \
+ crate://crates.io/is-terminal/0.4.7 \
crate://crates.io/itertools/0.10.5 \
crate://crates.io/itoa/1.0.6 \
- crate://crates.io/js-sys/0.3.61 \
+ crate://crates.io/js-sys/0.3.63 \
crate://crates.io/language-tags/0.3.2 \
crate://crates.io/lazy_static/1.4.0 \
- crate://crates.io/libc/0.2.140 \
+ crate://crates.io/libc/0.2.144 \
crate://crates.io/libloading/0.7.4 \
- crate://crates.io/libm/0.2.6 \
- crate://crates.io/link-cplusplus/1.0.8 \
+ crate://crates.io/libm/0.2.7 \
crate://crates.io/linked-hash-map/0.5.6 \
- crate://crates.io/linux-raw-sys/0.1.4 \
+ crate://crates.io/linux-raw-sys/0.3.8 \
crate://crates.io/locale_config/0.3.0 \
crate://crates.io/lock_api/0.4.9 \
- crate://crates.io/log/0.4.17 \
+ crate://crates.io/log/0.4.18 \
crate://crates.io/lopdf/0.29.0 \
crate://crates.io/mac/0.1.1 \
crate://crates.io/malloc_buf/0.0.6 \
crate://crates.io/markup5ever/0.11.0 \
crate://crates.io/matches/0.1.10 \
- crate://crates.io/matrixmultiply/0.3.2 \
+ crate://crates.io/matrixmultiply/0.3.7 \
crate://crates.io/memchr/2.5.0 \
crate://crates.io/memoffset/0.8.0 \
- crate://crates.io/miniz_oxide/0.6.2 \
+ crate://crates.io/miniz_oxide/0.7.1 \
crate://crates.io/nalgebra/0.32.2 \
crate://crates.io/nalgebra-macros/0.2.0 \
crate://crates.io/new_debug_unreachable/1.0.4 \
@@ -146,9 +149,9 @@ SRC_URI += " \
crate://crates.io/objc/0.2.7 \
crate://crates.io/objc-foundation/0.1.1 \
crate://crates.io/objc_id/0.1.1 \
- crate://crates.io/once_cell/1.17.1 \
+ crate://crates.io/once_cell/1.17.2 \
crate://crates.io/oorandom/11.1.3 \
- crate://crates.io/os_str_bytes/6.4.1 \
+ crate://crates.io/os_str_bytes/6.5.0 \
crate://crates.io/pango/0.17.4 \
crate://crates.io/pango-sys/0.17.0 \
crate://crates.io/pangocairo/0.17.0 \
@@ -168,27 +171,26 @@ SRC_URI += " \
crate://crates.io/phf_shared/0.10.0 \
crate://crates.io/pin-project-lite/0.2.9 \
crate://crates.io/pin-utils/0.1.0 \
- crate://crates.io/pkg-config/0.3.26 \
+ crate://crates.io/pkg-config/0.3.27 \
crate://crates.io/plotters/0.3.4 \
crate://crates.io/plotters-backend/0.3.4 \
crate://crates.io/plotters-svg/0.3.3 \
- crate://crates.io/png/0.17.7 \
+ crate://crates.io/png/0.17.8 \
crate://crates.io/pom/3.2.0 \
crate://crates.io/ppv-lite86/0.2.17 \
crate://crates.io/precomputed-hash/0.1.1 \
crate://crates.io/predicates/2.1.5 \
- crate://crates.io/predicates/3.0.1 \
+ crate://crates.io/predicates/3.0.3 \
crate://crates.io/predicates-core/1.0.6 \
crate://crates.io/predicates-tree/1.0.9 \
crate://crates.io/proc-macro-crate/1.3.1 \
crate://crates.io/proc-macro-error/1.0.4 \
crate://crates.io/proc-macro-error-attr/1.0.4 \
crate://crates.io/proc-macro-hack/0.5.20+deprecated \
- crate://crates.io/proc-macro2/1.0.52 \
- crate://crates.io/proptest/1.1.0 \
+ crate://crates.io/proc-macro2/1.0.59 \
+ crate://crates.io/proptest/1.2.0 \
crate://crates.io/quick-error/1.2.3 \
- crate://crates.io/quick-error/2.0.1 \
- crate://crates.io/quote/1.0.26 \
+ crate://crates.io/quote/1.0.28 \
crate://crates.io/rand/0.7.3 \
crate://crates.io/rand/0.8.5 \
crate://crates.io/rand_chacha/0.2.2 \
@@ -203,30 +205,33 @@ SRC_URI += " \
crate://crates.io/rayon-core/1.11.0 \
crate://crates.io/rctree/0.5.0 \
crate://crates.io/redox_syscall/0.2.16 \
- crate://crates.io/regex/1.7.1 \
+ crate://crates.io/redox_syscall/0.3.5 \
+ crate://crates.io/regex/1.8.3 \
crate://crates.io/regex-automata/0.1.10 \
- crate://crates.io/regex-syntax/0.6.28 \
+ crate://crates.io/regex-syntax/0.6.29 \
+ crate://crates.io/regex-syntax/0.7.2 \
crate://crates.io/rgb/0.8.36 \
crate://crates.io/rustc_version/0.2.3 \
crate://crates.io/rustc_version/0.4.0 \
- crate://crates.io/rustix/0.36.9 \
+ crate://crates.io/rustix/0.37.19 \
crate://crates.io/rusty-fork/0.3.0 \
crate://crates.io/ryu/1.0.13 \
crate://crates.io/safe_arch/0.6.0 \
crate://crates.io/same-file/1.0.6 \
crate://crates.io/scopeguard/1.1.0 \
- crate://crates.io/scratch/1.0.5 \
crate://crates.io/selectors/0.24.0 \
crate://crates.io/semver/0.9.0 \
crate://crates.io/semver/1.0.17 \
crate://crates.io/semver-parser/0.7.0 \
- crate://crates.io/serde/1.0.156 \
- crate://crates.io/serde_derive/1.0.156 \
- crate://crates.io/serde_json/1.0.94 \
+ crate://crates.io/serde/1.0.163 \
+ crate://crates.io/serde_derive/1.0.163 \
+ crate://crates.io/serde_json/1.0.96 \
+ crate://crates.io/serde_spanned/0.6.2 \
crate://crates.io/servo_arc/0.2.0 \
crate://crates.io/sha1/0.6.1 \
crate://crates.io/sha1_smol/1.0.0 \
- crate://crates.io/simba/0.8.0 \
+ crate://crates.io/simba/0.8.1 \
+ crate://crates.io/simd-adler32/0.3.5 \
crate://crates.io/siphasher/0.3.10 \
crate://crates.io/slab/0.4.8 \
crate://crates.io/smallvec/1.10.0 \
@@ -240,72 +245,87 @@ SRC_URI += " \
crate://crates.io/string_cache_codegen/0.5.2 \
crate://crates.io/strsim/0.10.0 \
crate://crates.io/syn/1.0.109 \
- crate://crates.io/system-deps/6.0.3 \
- crate://crates.io/tempfile/3.4.0 \
+ crate://crates.io/syn/2.0.18 \
+ crate://crates.io/system-deps/6.1.0 \
+ crate://crates.io/target-lexicon/0.12.7 \
+ crate://crates.io/tempfile/3.5.0 \
crate://crates.io/tendril/0.4.3 \
- crate://crates.io/termcolor/1.2.0 \
crate://crates.io/termtree/0.4.1 \
crate://crates.io/textwrap/0.16.0 \
- crate://crates.io/thiserror/1.0.39 \
- crate://crates.io/thiserror-impl/1.0.39 \
+ crate://crates.io/thiserror/1.0.40 \
+ crate://crates.io/thiserror-impl/1.0.40 \
crate://crates.io/time/0.2.27 \
crate://crates.io/time-macros/0.1.1 \
crate://crates.io/time-macros-impl/0.1.2 \
crate://crates.io/tinytemplate/1.2.1 \
crate://crates.io/tinyvec/1.6.0 \
crate://crates.io/tinyvec_macros/0.1.1 \
- crate://crates.io/toml/0.5.11 \
- crate://crates.io/toml_datetime/0.6.1 \
- crate://crates.io/toml_edit/0.19.7 \
+ crate://crates.io/toml/0.7.4 \
+ crate://crates.io/toml_datetime/0.6.2 \
+ crate://crates.io/toml_edit/0.19.10 \
crate://crates.io/typenum/1.16.0 \
crate://crates.io/unarray/0.1.4 \
- crate://crates.io/unicode-bidi/0.3.11 \
- crate://crates.io/unicode-ident/1.0.8 \
+ crate://crates.io/unicode-bidi/0.3.13 \
+ crate://crates.io/unicode-ident/1.0.9 \
crate://crates.io/unicode-normalization/0.1.22 \
- crate://crates.io/unicode-width/0.1.10 \
crate://crates.io/url/2.3.1 \
crate://crates.io/utf-8/0.7.6 \
+ crate://crates.io/utf8parse/0.2.1 \
crate://crates.io/version-compare/0.1.1 \
crate://crates.io/version_check/0.9.4 \
crate://crates.io/wait-timeout/0.2.0 \
crate://crates.io/walkdir/2.3.3 \
crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \
crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
- crate://crates.io/wasm-bindgen/0.2.84 \
- crate://crates.io/wasm-bindgen-backend/0.2.84 \
- crate://crates.io/wasm-bindgen-macro/0.2.84 \
- crate://crates.io/wasm-bindgen-macro-support/0.2.84 \
- crate://crates.io/wasm-bindgen-shared/0.2.84 \
- crate://crates.io/web-sys/0.3.61 \
+ crate://crates.io/wasm-bindgen/0.2.86 \
+ crate://crates.io/wasm-bindgen-backend/0.2.86 \
+ crate://crates.io/wasm-bindgen-macro/0.2.86 \
+ crate://crates.io/wasm-bindgen-macro-support/0.2.86 \
+ crate://crates.io/wasm-bindgen-shared/0.2.86 \
+ crate://crates.io/web-sys/0.3.63 \
crate://crates.io/weezl/0.1.7 \
- crate://crates.io/wide/0.7.8 \
+ crate://crates.io/wide/0.7.9 \
crate://crates.io/winapi/0.3.9 \
crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
crate://crates.io/winapi-util/0.1.5 \
crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
- crate://crates.io/windows-sys/0.42.0 \
+ crate://crates.io/windows/0.48.0 \
crate://crates.io/windows-sys/0.45.0 \
+ crate://crates.io/windows-sys/0.48.0 \
crate://crates.io/windows-targets/0.42.2 \
+ crate://crates.io/windows-targets/0.48.0 \
crate://crates.io/windows_aarch64_gnullvm/0.42.2 \
+ crate://crates.io/windows_aarch64_gnullvm/0.48.0 \
crate://crates.io/windows_aarch64_msvc/0.42.2 \
+ crate://crates.io/windows_aarch64_msvc/0.48.0 \
crate://crates.io/windows_i686_gnu/0.42.2 \
+ crate://crates.io/windows_i686_gnu/0.48.0 \
crate://crates.io/windows_i686_msvc/0.42.2 \
+ crate://crates.io/windows_i686_msvc/0.48.0 \
crate://crates.io/windows_x86_64_gnu/0.42.2 \
+ crate://crates.io/windows_x86_64_gnu/0.48.0 \
crate://crates.io/windows_x86_64_gnullvm/0.42.2 \
+ crate://crates.io/windows_x86_64_gnullvm/0.48.0 \
crate://crates.io/windows_x86_64_msvc/0.42.2 \
- crate://crates.io/winnow/0.3.6 \
+ crate://crates.io/windows_x86_64_msvc/0.48.0 \
+ crate://crates.io/winnow/0.4.6 \
crate://crates.io/xml5ever/0.17.0 \
crate://crates.io/yeslogic-fontconfig-sys/4.0.1 \
"
SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-SRC_URI[aho-corasick-0.7.20.sha256sum] = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
+SRC_URI[aho-corasick-1.0.1.sha256sum] = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04"
+SRC_URI[android-tzdata-0.1.1.sha256sum] = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
SRC_URI[anes-0.1.6.sha256sum] = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
-SRC_URI[anstyle-0.3.4.sha256sum] = "1ba0b55c2201aa802adb684e7963ce2c3191675629e7df899774331e3ac747cf"
-SRC_URI[anyhow-1.0.69.sha256sum] = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800"
+SRC_URI[anstream-0.3.2.sha256sum] = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163"
+SRC_URI[anstyle-1.0.0.sha256sum] = "41ed9a86bf92ae6580e0a31281f65a1b1d867c0cc68d5346e2ae128dddfa6a7d"
+SRC_URI[anstyle-parse-0.2.0.sha256sum] = "e765fd216e48e067936442276d1d57399e37bce53c264d6fefbe298080cb57ee"
+SRC_URI[anstyle-query-1.0.0.sha256sum] = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b"
+SRC_URI[anstyle-wincon-1.0.1.sha256sum] = "180abfa45703aebe0093f79badacc01b8fd4ea2e35118747e5811127f926e188"
+SRC_URI[anyhow-1.0.71.sha256sum] = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
SRC_URI[approx-0.5.1.sha256sum] = "cab112f0a86d568ea0e627cc1d6be74a1e9cd55214684db5561995f6dad897c6"
-SRC_URI[assert_cmd-2.0.10.sha256sum] = "ec0b2340f55d9661d76793b2bfc2eb0e62689bd79d067a95707ea762afd5e9dd"
+SRC_URI[assert_cmd-2.0.11.sha256sum] = "86d6b683edf8d1119fe420a94f8a7e389239666aa72e65495d91c00462510151"
SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
SRC_URI[base-x-0.2.11.sha256sum] = "4cbbc9d0964165b47557570cce6c952866c2678457aca742aafc9fb771d30270"
@@ -313,44 +333,41 @@ SRC_URI[bit-set-0.5.3.sha256sum] = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0
SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
SRC_URI[block-0.1.6.sha256sum] = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a"
-SRC_URI[bstr-1.3.0.sha256sum] = "5ffdb39cb703212f3c11973452c2861b972f757b021158f3516ba10f2fa8b2c1"
-SRC_URI[bumpalo-3.12.0.sha256sum] = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
+SRC_URI[bstr-1.5.0.sha256sum] = "a246e68bb43f6cd9db24bea052a53e40405417c5fb372e3d1a8a7f770a564ef5"
+SRC_URI[bumpalo-3.13.0.sha256sum] = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
SRC_URI[bytemuck-1.13.1.sha256sum] = "17febce684fd15d89027105661fec94afb475cb995fbc59d2865198446ba2eea"
SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
SRC_URI[cairo-rs-0.17.0.sha256sum] = "a8af54f5d48af1226928adc1f57edd22f5df1349e7da1fc96ae15cf43db0e871"
SRC_URI[cairo-sys-rs-0.17.0.sha256sum] = "f55382a01d30e5e53f185eee269124f5e21ab526595b872751278dfbb463594e"
SRC_URI[cast-0.3.0.sha256sum] = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
-SRC_URI[cfg-expr-0.11.0.sha256sum] = "b0357a6402b295ca3a86bc148e84df46c02e41f41fef186bda662557ef6328aa"
+SRC_URI[cfg-expr-0.15.1.sha256sum] = "c8790cf1286da485c72cf5fc7aeba308438800036ec67d89425924c4807268c9"
SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[chrono-0.4.24.sha256sum] = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b"
-SRC_URI[ciborium-0.2.0.sha256sum] = "b0c137568cc60b904a7724001b35ce2630fd00d5d84805fbb608ab89509d788f"
-SRC_URI[ciborium-io-0.2.0.sha256sum] = "346de753af073cc87b52b2083a506b38ac176a44cfb05497b622e27be899b369"
-SRC_URI[ciborium-ll-0.2.0.sha256sum] = "213030a2b5a4e0c0892b6652260cf6ccac84827b83a85a534e178e3906c4cf1b"
-SRC_URI[clap-3.2.23.sha256sum] = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
-SRC_URI[clap-4.1.9.sha256sum] = "9a9d6ada83c1edcce028902ea27dd929069c70df4c7600b131b4d9a1ad2879cc"
-SRC_URI[clap_complete-4.1.5.sha256sum] = "37686beaba5ac9f3ab01ee3172f792fc6ffdd685bfb9e63cfef02c0571a4e8e1"
-SRC_URI[clap_derive-4.1.9.sha256sum] = "fddf67631444a3a3e3e5ac51c36a5e01335302de677bd78759eaa90ab1f46644"
+SRC_URI[chrono-0.4.25.sha256sum] = "fdbc37d37da9e5bce8173f3a41b71d9bf3c674deebbaceacd0ebdabde76efb03"
+SRC_URI[ciborium-0.2.1.sha256sum] = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926"
+SRC_URI[ciborium-io-0.2.1.sha256sum] = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656"
+SRC_URI[ciborium-ll-0.2.1.sha256sum] = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b"
+SRC_URI[clap-3.2.25.sha256sum] = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123"
+SRC_URI[clap-4.3.0.sha256sum] = "93aae7a4192245f70fe75dd9157fc7b4a5bf53e88d30bd4396f7d8f9284d5acc"
+SRC_URI[clap_builder-4.3.0.sha256sum] = "4f423e341edefb78c9caba2d9c7f7687d0e72e89df3ce3394554754393ac3990"
+SRC_URI[clap_complete-4.3.0.sha256sum] = "a04ddfaacc3bc9e6ea67d024575fafc2a813027cf374b8f24f7bc233c6b6be12"
+SRC_URI[clap_derive-4.3.0.sha256sum] = "191d9573962933b4027f932c600cd252ce27a8ad5979418fe78e43c07996f27b"
SRC_URI[clap_lex-0.2.4.sha256sum] = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5"
-SRC_URI[clap_lex-0.3.3.sha256sum] = "033f6b7a4acb1f358c742aaca805c939ee73b4c6209ae4318ec7aca81c42e646"
-SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+SRC_URI[clap_lex-0.5.0.sha256sum] = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
+SRC_URI[colorchoice-1.0.0.sha256sum] = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"
SRC_URI[const-cstr-0.3.0.sha256sum] = "ed3d0b5ff30645a68f35ece8cea4556ca14ef8a1651455f789a099a0513532a6"
SRC_URI[const_fn-0.4.9.sha256sum] = "fbdcdcb6d86f71c5e97409ad45898af11cbc995b4ee8112d59095a28d376c935"
SRC_URI[convert_case-0.4.0.sha256sum] = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
-SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+SRC_URI[core-foundation-sys-0.8.4.sha256sum] = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
SRC_URI[criterion-0.4.0.sha256sum] = "e7c76e09c1aae2bc52b3d2f29e13c6572553b30c4aa1b8a49fd70de6412654cb"
SRC_URI[criterion-plot-0.5.0.sha256sum] = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1"
-SRC_URI[crossbeam-channel-0.5.7.sha256sum] = "cf2b3e8478797446514c91ef04bafcb59faba183e621ad488df88983cc14128c"
+SRC_URI[crossbeam-channel-0.5.8.sha256sum] = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200"
SRC_URI[crossbeam-deque-0.8.3.sha256sum] = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef"
SRC_URI[crossbeam-epoch-0.9.14.sha256sum] = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695"
SRC_URI[crossbeam-utils-0.8.15.sha256sum] = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b"
SRC_URI[cssparser-0.29.6.sha256sum] = "f93d03419cb5950ccfd3daf3ff1c7a36ace64609a1a8746d493df1ca0afde0fa"
SRC_URI[cssparser-macros-0.6.0.sha256sum] = "dfae75de57f2b2e85e8768c3ea840fd159c8f33e2b6522c7835b7abac81be16e"
-SRC_URI[cxx-1.0.92.sha256sum] = "9a140f260e6f3f79013b8bfc65e7ce630c9ab4388c6a89c71e07226f49487b72"
-SRC_URI[cxx-build-1.0.92.sha256sum] = "da6383f459341ea689374bf0a42979739dc421874f112ff26f829b8040b8e613"
-SRC_URI[cxxbridge-flags-1.0.92.sha256sum] = "90201c1a650e95ccff1c8c0bb5a343213bdd317c6e600a93075bca2eff54ec97"
-SRC_URI[cxxbridge-macro-1.0.92.sha256sum] = "0b75aed41bb2e6367cae39e6326ef817a851db13c13e4f3263714ca3cfb8de56"
SRC_URI[data-url-0.2.0.sha256sum] = "8d7439c3735f405729d52c3fbbe4de140eaf938a1fe47d227c27f8254d4302a5"
SRC_URI[derive_more-0.99.17.sha256sum] = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321"
SRC_URI[difflib-0.4.0.sha256sum] = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8"
@@ -367,30 +384,32 @@ SRC_URI[encoding-index-simpchinese-1.20141219.5.sha256sum] = "d87a7194909b9118fc
SRC_URI[encoding-index-singlebyte-1.20141219.5.sha256sum] = "3351d5acffb224af9ca265f435b859c7c01537c0849754d3db3fdf2bfe2ae84a"
SRC_URI[encoding-index-tradchinese-1.20141219.5.sha256sum] = "fd0e20d5688ce3cab59eb3ef3a2083a5c77bf496cb798dc6fcdb75f323890c18"
SRC_URI[encoding_index_tests-0.1.4.sha256sum] = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569"
-SRC_URI[errno-0.2.8.sha256sum] = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
+SRC_URI[encoding_rs-0.8.32.sha256sum] = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394"
+SRC_URI[errno-0.3.1.sha256sum] = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a"
SRC_URI[errno-dragonfly-0.1.2.sha256sum] = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
SRC_URI[fastrand-1.9.0.sha256sum] = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be"
-SRC_URI[flate2-1.0.25.sha256sum] = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841"
+SRC_URI[fdeflate-0.3.0.sha256sum] = "d329bdeac514ee06249dabc27877490f17f5d371ec693360768b838e19f3ae10"
+SRC_URI[flate2-1.0.26.sha256sum] = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743"
SRC_URI[float-cmp-0.9.0.sha256sum] = "98de4bbd547a563b716d8dfa9aad1cb19bfab00f4fa09a6a4ed21dbcf44ce9c4"
SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
SRC_URI[form_urlencoded-1.1.0.sha256sum] = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8"
SRC_URI[futf-0.1.5.sha256sum] = "df420e2e84819663797d1ec6544b13c5be84629e7bb00dc960d6917db2987843"
-SRC_URI[futures-channel-0.3.27.sha256sum] = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac"
-SRC_URI[futures-core-0.3.27.sha256sum] = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd"
-SRC_URI[futures-executor-0.3.27.sha256sum] = "1997dd9df74cdac935c76252744c1ed5794fac083242ea4fe77ef3ed60ba0f83"
-SRC_URI[futures-io-0.3.27.sha256sum] = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91"
-SRC_URI[futures-macro-0.3.27.sha256sum] = "3eb14ed937631bd8b8b8977f2c198443447a8355b6e3ca599f38c975e5a963b6"
-SRC_URI[futures-task-0.3.27.sha256sum] = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879"
-SRC_URI[futures-util-0.3.27.sha256sum] = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab"
+SRC_URI[futures-channel-0.3.28.sha256sum] = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2"
+SRC_URI[futures-core-0.3.28.sha256sum] = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c"
+SRC_URI[futures-executor-0.3.28.sha256sum] = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0"
+SRC_URI[futures-io-0.3.28.sha256sum] = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964"
+SRC_URI[futures-macro-0.3.28.sha256sum] = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
+SRC_URI[futures-task-0.3.28.sha256sum] = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65"
+SRC_URI[futures-util-0.3.28.sha256sum] = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533"
SRC_URI[fxhash-0.2.1.sha256sum] = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c"
SRC_URI[gdk-pixbuf-0.17.0.sha256sum] = "b023fbe0c6b407bd3d9805d107d9800da3829dc5a676653210f1d5f16d7f59bf"
SRC_URI[gdk-pixbuf-sys-0.17.0.sha256sum] = "7b41bd2b44ed49d99277d3925652a163038bd5ed943ec9809338ffb2f4391e3b"
SRC_URI[getrandom-0.1.16.sha256sum] = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-SRC_URI[getrandom-0.2.8.sha256sum] = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
-SRC_URI[gio-0.17.4.sha256sum] = "2261a3b4e922ec676d1c27ac466218c38cf5dcb49a759129e54bb5046e442125"
+SRC_URI[getrandom-0.2.9.sha256sum] = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
+SRC_URI[gio-0.17.9.sha256sum] = "d14522e56c6bcb6f7a3aebc25cbcfb06776af4c0c25232b601b4383252d7cb92"
SRC_URI[gio-sys-0.17.4.sha256sum] = "6b1d43b0d7968b48455244ecafe41192871257f5740aa6b095eb19db78e362a5"
-SRC_URI[glib-0.17.5.sha256sum] = "cfb53061756195d76969292c2d2e329e01259276524a9bae6c9b73af62854773"
-SRC_URI[glib-macros-0.17.5.sha256sum] = "454924cafe58d9174dc32972261fe271d6cd3c10f5e9ff505522a28dcf601a40"
+SRC_URI[glib-0.17.9.sha256sum] = "a7f1de7cbde31ea4f0a919453a2dcece5d54d5b70e08f8ad254dc4840f5f09b6"
+SRC_URI[glib-macros-0.17.9.sha256sum] = "0a7206c5c03851ef126ea1444990e81fdd6765fb799d5bc694e4897ca01bb97f"
SRC_URI[glib-sys-0.17.4.sha256sum] = "49f00ad0a1bf548e61adfff15d83430941d9e1bb620e334f779edd1c745680a5"
SRC_URI[gobject-sys-0.17.4.sha256sum] = "15e75b0000a64632b2d8ca3cf856af9308e3a970844f6e9659bd197f026793d0"
SRC_URI[half-1.8.2.sha256sum] = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7"
@@ -399,36 +418,35 @@ SRC_URI[heck-0.4.1.sha256sum] = "95505c38b4572b2d910cecb0281560f54b440a19336cbbc
SRC_URI[hermit-abi-0.1.19.sha256sum] = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
SRC_URI[hermit-abi-0.2.6.sha256sum] = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
SRC_URI[hermit-abi-0.3.1.sha256sum] = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286"
-SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
-SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
+SRC_URI[iana-time-zone-0.1.56.sha256sum] = "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c"
+SRC_URI[iana-time-zone-haiku-0.1.2.sha256sum] = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
SRC_URI[idna-0.3.0.sha256sum] = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
-SRC_URI[indexmap-1.9.2.sha256sum] = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
+SRC_URI[indexmap-1.9.3.sha256sum] = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-SRC_URI[io-lifetimes-1.0.7.sha256sum] = "76e86b86ae312accbf05ade23ce76b625e0e47a255712b7414037385a1c05380"
-SRC_URI[is-terminal-0.4.4.sha256sum] = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857"
+SRC_URI[io-lifetimes-1.0.11.sha256sum] = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
+SRC_URI[is-terminal-0.4.7.sha256sum] = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
SRC_URI[itertools-0.10.5.sha256sum] = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
SRC_URI[itoa-1.0.6.sha256sum] = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
-SRC_URI[js-sys-0.3.61.sha256sum] = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+SRC_URI[js-sys-0.3.63.sha256sum] = "2f37a4a5928311ac501dee68b3c7613a1037d0edb30c8e5427bd832d55d1b790"
SRC_URI[language-tags-0.3.2.sha256sum] = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388"
SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.140.sha256sum] = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
+SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
SRC_URI[libloading-0.7.4.sha256sum] = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
-SRC_URI[libm-0.2.6.sha256sum] = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"
-SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+SRC_URI[libm-0.2.7.sha256sum] = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4"
SRC_URI[linked-hash-map-0.5.6.sha256sum] = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
-SRC_URI[linux-raw-sys-0.1.4.sha256sum] = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4"
+SRC_URI[linux-raw-sys-0.3.8.sha256sum] = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
SRC_URI[locale_config-0.3.0.sha256sum] = "08d2c35b16f4483f6c26f0e4e9550717a2f6575bcd6f12a53ff0c490a94a6934"
SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+SRC_URI[log-0.4.18.sha256sum] = "518ef76f2f87365916b142844c16d8fefd85039bc5699050210a7778ee1cd1de"
SRC_URI[lopdf-0.29.0.sha256sum] = "de0f69c40d6dbc68ebac4bf5aec3d9978e094e22e29fcabd045acd9cec74a9dc"
SRC_URI[mac-0.1.1.sha256sum] = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4"
SRC_URI[malloc_buf-0.0.6.sha256sum] = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb"
SRC_URI[markup5ever-0.11.0.sha256sum] = "7a2629bb1404f3d34c2e921f21fd34ba00b206124c81f65c50b43b6aaefeb016"
SRC_URI[matches-0.1.10.sha256sum] = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5"
-SRC_URI[matrixmultiply-0.3.2.sha256sum] = "add85d4dd35074e6fedc608f8c8f513a3548619a9024b751949ef0e8e45a4d84"
+SRC_URI[matrixmultiply-0.3.7.sha256sum] = "090126dc04f95dc0d1c1c91f61bdd474b3930ca064c1edc8a849da2c6cbe1e77"
SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
-SRC_URI[miniz_oxide-0.6.2.sha256sum] = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa"
+SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
SRC_URI[nalgebra-0.32.2.sha256sum] = "d68d47bba83f9e2006d117a9a33af1524e655516b8919caac694427a6fb1e511"
SRC_URI[nalgebra-macros-0.2.0.sha256sum] = "d232c68884c0c99810a5a4d333ef7e47689cfd0edc85efc9e54e1e6bf5212766"
SRC_URI[new_debug_unreachable-1.0.4.sha256sum] = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
@@ -442,9 +460,9 @@ SRC_URI[num_cpus-1.15.0.sha256sum] = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff7
SRC_URI[objc-0.2.7.sha256sum] = "915b1b472bc21c53464d6c8461c9d3af805ba1ef837e1cac254428f4a77177b1"
SRC_URI[objc-foundation-0.1.1.sha256sum] = "1add1b659e36c9607c7aab864a76c7a4c2760cd0cd2e120f3fb8b952c7e22bf9"
SRC_URI[objc_id-0.1.1.sha256sum] = "c92d4ddb4bd7b50d730c215ff871754d0da6b2178849f8a2a2ab69712d0c073b"
-SRC_URI[once_cell-1.17.1.sha256sum] = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b"
SRC_URI[oorandom-11.1.3.sha256sum] = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
-SRC_URI[os_str_bytes-6.4.1.sha256sum] = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee"
+SRC_URI[os_str_bytes-6.5.0.sha256sum] = "ceedf44fb00f2d1984b0bc98102627ce622e083e49a5bacdb3e514fa4238e267"
SRC_URI[pango-0.17.4.sha256sum] = "52c280b82a881e4208afb3359a8e7fde27a1b272280981f1f34610bed5770d37"
SRC_URI[pango-sys-0.17.0.sha256sum] = "4293d0f0b5525eb5c24734d30b0ed02cd02aa734f216883f376b54de49625de8"
SRC_URI[pangocairo-0.17.0.sha256sum] = "2feeb7ea7874507f83f5e7ba869c54e321959431c8fbd70d4b735c8b15d90506"
@@ -464,27 +482,26 @@ SRC_URI[phf_shared-0.8.0.sha256sum] = "c00cf8b9eafe68dde5e9eaa2cef8ee84a9336a47d
SRC_URI[phf_shared-0.10.0.sha256sum] = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
SRC_URI[pin-project-lite-0.2.9.sha256sum] = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
SRC_URI[pin-utils-0.1.0.sha256sum] = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-SRC_URI[pkg-config-0.3.26.sha256sum] = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
+SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
SRC_URI[plotters-0.3.4.sha256sum] = "2538b639e642295546c50fcd545198c9d64ee2a38620a628724a3b266d5fbf97"
SRC_URI[plotters-backend-0.3.4.sha256sum] = "193228616381fecdc1224c62e96946dfbc73ff4384fba576e052ff8c1bea8142"
SRC_URI[plotters-svg-0.3.3.sha256sum] = "f9a81d2759aae1dae668f783c308bc5c8ebd191ff4184aaa1b37f65a6ae5a56f"
-SRC_URI[png-0.17.7.sha256sum] = "5d708eaf860a19b19ce538740d2b4bdeeb8337fa53f7738455e706623ad5c638"
+SRC_URI[png-0.17.8.sha256sum] = "aaeebc51f9e7d2c150d3f3bfeb667f2aa985db5ef1e3d212847bdedb488beeaa"
SRC_URI[pom-3.2.0.sha256sum] = "07e2192780e9f8e282049ff9bffcaa28171e1cb0844f49ed5374e518ae6024ec"
SRC_URI[ppv-lite86-0.2.17.sha256sum] = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
SRC_URI[precomputed-hash-0.1.1.sha256sum] = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
SRC_URI[predicates-2.1.5.sha256sum] = "59230a63c37f3e18569bdb90e4a89cbf5bf8b06fea0b84e65ea10cc4df47addd"
-SRC_URI[predicates-3.0.1.sha256sum] = "1ba7d6ead3e3966038f68caa9fc1f860185d95a793180bbcfe0d0da47b3961ed"
+SRC_URI[predicates-3.0.3.sha256sum] = "09963355b9f467184c04017ced4a2ba2d75cbcb4e7462690d388233253d4b1a9"
SRC_URI[predicates-core-1.0.6.sha256sum] = "b794032607612e7abeb4db69adb4e33590fa6cf1149e95fd7cb00e634b92f174"
SRC_URI[predicates-tree-1.0.9.sha256sum] = "368ba315fb8c5052ab692e68a0eefec6ec57b23a36959c14496f0b0df2c0cecf"
SRC_URI[proc-macro-crate-1.3.1.sha256sum] = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919"
SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
-SRC_URI[proc-macro2-1.0.52.sha256sum] = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224"
-SRC_URI[proptest-1.1.0.sha256sum] = "29f1b898011ce9595050a68e60f90bad083ff2987a695a42357134c8381fba70"
+SRC_URI[proc-macro2-1.0.59.sha256sum] = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b"
+SRC_URI[proptest-1.2.0.sha256sum] = "4e35c06b98bf36aba164cc17cb25f7e232f5c4aeea73baa14b8a9f0d92dbfa65"
SRC_URI[quick-error-1.2.3.sha256sum] = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
-SRC_URI[quick-error-2.0.1.sha256sum] = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
-SRC_URI[quote-1.0.26.sha256sum] = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
SRC_URI[rand-0.7.3.sha256sum] = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
SRC_URI[rand_chacha-0.2.2.sha256sum] = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
@@ -499,30 +516,33 @@ SRC_URI[rayon-1.7.0.sha256sum] = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a
SRC_URI[rayon-core-1.11.0.sha256sum] = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d"
SRC_URI[rctree-0.5.0.sha256sum] = "3b42e27ef78c35d3998403c1d26f3efd9e135d3e5121b0a4845cc5cc27547f4f"
SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
-SRC_URI[regex-1.7.1.sha256sum] = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
+SRC_URI[redox_syscall-0.3.5.sha256sum] = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
+SRC_URI[regex-1.8.3.sha256sum] = "81ca098a9821bd52d6b24fd8b10bd081f47d39c22778cafaa75a2857a62c6390"
SRC_URI[regex-automata-0.1.10.sha256sum] = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-SRC_URI[regex-syntax-0.6.28.sha256sum] = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
+SRC_URI[regex-syntax-0.6.29.sha256sum] = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
+SRC_URI[regex-syntax-0.7.2.sha256sum] = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78"
SRC_URI[rgb-0.8.36.sha256sum] = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59"
SRC_URI[rustc_version-0.2.3.sha256sum] = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
SRC_URI[rustc_version-0.4.0.sha256sum] = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
-SRC_URI[rustix-0.36.9.sha256sum] = "fd5c6ff11fecd55b40746d1995a02f2eb375bf8c00d192d521ee09f42bef37bc"
+SRC_URI[rustix-0.37.19.sha256sum] = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d"
SRC_URI[rusty-fork-0.3.0.sha256sum] = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
SRC_URI[ryu-1.0.13.sha256sum] = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
SRC_URI[safe_arch-0.6.0.sha256sum] = "794821e4ccb0d9f979512f9c1973480123f9bd62a90d74ab0f9426fcf8f4a529"
SRC_URI[same-file-1.0.6.sha256sum] = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
-SRC_URI[scratch-1.0.5.sha256sum] = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1"
SRC_URI[selectors-0.24.0.sha256sum] = "0c37578180969d00692904465fb7f6b3d50b9a2b952b87c23d0e2e5cb5013416"
SRC_URI[semver-0.9.0.sha256sum] = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
SRC_URI[semver-1.0.17.sha256sum] = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed"
SRC_URI[semver-parser-0.7.0.sha256sum] = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
-SRC_URI[serde-1.0.156.sha256sum] = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4"
-SRC_URI[serde_derive-1.0.156.sha256sum] = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d"
-SRC_URI[serde_json-1.0.94.sha256sum] = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea"
+SRC_URI[serde-1.0.163.sha256sum] = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2"
+SRC_URI[serde_derive-1.0.163.sha256sum] = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e"
+SRC_URI[serde_json-1.0.96.sha256sum] = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1"
+SRC_URI[serde_spanned-0.6.2.sha256sum] = "93107647184f6027e3b7dcb2e11034cf95ffa1e3a682c67951963ac69c1c007d"
SRC_URI[servo_arc-0.2.0.sha256sum] = "d52aa42f8fdf0fed91e5ce7f23d8138441002fa31dca008acf47e6fd4721f741"
SRC_URI[sha1-0.6.1.sha256sum] = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770"
SRC_URI[sha1_smol-1.0.0.sha256sum] = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
-SRC_URI[simba-0.8.0.sha256sum] = "50582927ed6f77e4ac020c057f37a268fc6aebc29225050365aacbb9deeeddc4"
+SRC_URI[simba-0.8.1.sha256sum] = "061507c94fc6ab4ba1c9a0305018408e312e17c041eb63bef8aa726fa33aceae"
+SRC_URI[simd-adler32-0.3.5.sha256sum] = "238abfbb77c1915110ad968465608b68e869e0772622c9656714e73e5a1a522f"
SRC_URI[siphasher-0.3.10.sha256sum] = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de"
SRC_URI[slab-0.4.8.sha256sum] = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d"
SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
@@ -536,59 +556,69 @@ SRC_URI[string_cache-0.8.7.sha256sum] = "f91138e76242f575eb1d3b38b4f1362f10d3a43
SRC_URI[string_cache_codegen-0.5.2.sha256sum] = "6bb30289b722be4ff74a408c3cc27edeaad656e06cb1fe8fa9231fa59c728988"
SRC_URI[strsim-0.10.0.sha256sum] = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-SRC_URI[system-deps-6.0.3.sha256sum] = "2955b1fe31e1fa2fbd1976b71cc69a606d7d4da16f6de3333d0c92d51419aeff"
-SRC_URI[tempfile-3.4.0.sha256sum] = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
+SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
+SRC_URI[system-deps-6.1.0.sha256sum] = "e5fa6fb9ee296c0dc2df41a656ca7948546d061958115ddb0bcaae43ad0d17d2"
+SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5"
+SRC_URI[tempfile-3.5.0.sha256sum] = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
SRC_URI[tendril-0.4.3.sha256sum] = "d24a120c5fc464a3458240ee02c299ebcb9d67b5249c8848b09d639dca8d7bb0"
-SRC_URI[termcolor-1.2.0.sha256sum] = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
SRC_URI[termtree-0.4.1.sha256sum] = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76"
SRC_URI[textwrap-0.16.0.sha256sum] = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d"
-SRC_URI[thiserror-1.0.39.sha256sum] = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c"
-SRC_URI[thiserror-impl-1.0.39.sha256sum] = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e"
+SRC_URI[thiserror-1.0.40.sha256sum] = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac"
+SRC_URI[thiserror-impl-1.0.40.sha256sum] = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
SRC_URI[time-0.2.27.sha256sum] = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242"
SRC_URI[time-macros-0.1.1.sha256sum] = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1"
SRC_URI[time-macros-impl-0.1.2.sha256sum] = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
SRC_URI[tinytemplate-1.2.1.sha256sum] = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
SRC_URI[tinyvec-1.6.0.sha256sum] = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
SRC_URI[tinyvec_macros-0.1.1.sha256sum] = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
-SRC_URI[toml-0.5.11.sha256sum] = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
-SRC_URI[toml_datetime-0.6.1.sha256sum] = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622"
-SRC_URI[toml_edit-0.19.7.sha256sum] = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274"
+SRC_URI[toml-0.7.4.sha256sum] = "d6135d499e69981f9ff0ef2167955a5333c35e36f6937d382974566b3d5b94ec"
+SRC_URI[toml_datetime-0.6.2.sha256sum] = "5a76a9312f5ba4c2dec6b9161fdf25d87ad8a09256ccea5a556fef03c706a10f"
+SRC_URI[toml_edit-0.19.10.sha256sum] = "2380d56e8670370eee6566b0bfd4265f65b3f432e8c6d85623f728d4fa31f739"
SRC_URI[typenum-1.16.0.sha256sum] = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
SRC_URI[unarray-0.1.4.sha256sum] = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
-SRC_URI[unicode-bidi-0.3.11.sha256sum] = "524b68aca1d05e03fdf03fcdce2c6c94b6daf6d16861ddaa7e4f2b6638a9052c"
-SRC_URI[unicode-ident-1.0.8.sha256sum] = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+SRC_URI[unicode-bidi-0.3.13.sha256sum] = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
+SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0"
SRC_URI[unicode-normalization-0.1.22.sha256sum] = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
-SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
SRC_URI[url-2.3.1.sha256sum] = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643"
SRC_URI[utf-8-0.7.6.sha256sum] = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
+SRC_URI[utf8parse-0.2.1.sha256sum] = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
SRC_URI[version-compare-0.1.1.sha256sum] = "579a42fc0b8e0c63b76519a339be31bed574929511fa53c1a3acae26eb258f29"
SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
SRC_URI[wait-timeout-0.2.0.sha256sum] = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
SRC_URI[walkdir-2.3.3.sha256sum] = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698"
SRC_URI[wasi-0.9.0+wasi-snapshot-preview1.sha256sum] = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
-SRC_URI[wasm-bindgen-0.2.84.sha256sum] = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
-SRC_URI[wasm-bindgen-backend-0.2.84.sha256sum] = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
-SRC_URI[wasm-bindgen-macro-0.2.84.sha256sum] = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
-SRC_URI[wasm-bindgen-macro-support-0.2.84.sha256sum] = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
-SRC_URI[wasm-bindgen-shared-0.2.84.sha256sum] = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
-SRC_URI[web-sys-0.3.61.sha256sum] = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+SRC_URI[wasm-bindgen-0.2.86.sha256sum] = "5bba0e8cb82ba49ff4e229459ff22a191bbe9a1cb3a341610c9c33efc27ddf73"
+SRC_URI[wasm-bindgen-backend-0.2.86.sha256sum] = "19b04bc93f9d6bdee709f6bd2118f57dd6679cf1176a1af464fca3ab0d66d8fb"
+SRC_URI[wasm-bindgen-macro-0.2.86.sha256sum] = "14d6b024f1a526bb0234f52840389927257beb670610081360e5a03c5df9c258"
+SRC_URI[wasm-bindgen-macro-support-0.2.86.sha256sum] = "e128beba882dd1eb6200e1dc92ae6c5dbaa4311aa7bb211ca035779e5efc39f8"
+SRC_URI[wasm-bindgen-shared-0.2.86.sha256sum] = "ed9d5b4305409d1fc9482fee2d7f9bcbf24b3972bf59817ef757e23982242a93"
+SRC_URI[web-sys-0.3.63.sha256sum] = "3bdd9ef4e984da1187bf8110c5cf5b845fbc87a23602cdf912386a76fcd3a7c2"
SRC_URI[weezl-0.1.7.sha256sum] = "9193164d4de03a926d909d3bc7c30543cecb35400c02114792c2cae20d5e2dbb"
-SRC_URI[wide-0.7.8.sha256sum] = "b689b6c49d6549434bf944e6b0f39238cf63693cb7a147e9d887507fffa3b223"
+SRC_URI[wide-0.7.9.sha256sum] = "5cd0496a71f3cc6bc4bf0ed91346426a5099e93d89807e663162dc5a1069ff65"
SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-SRC_URI[windows-sys-0.42.0.sha256sum] = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
+SRC_URI[windows-0.48.0.sha256sum] = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f"
SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+SRC_URI[windows-sys-0.48.0.sha256sum] = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
+SRC_URI[windows-targets-0.48.0.sha256sum] = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5"
SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+SRC_URI[windows_aarch64_gnullvm-0.48.0.sha256sum] = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc"
SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+SRC_URI[windows_aarch64_msvc-0.48.0.sha256sum] = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3"
SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+SRC_URI[windows_i686_gnu-0.48.0.sha256sum] = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241"
SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+SRC_URI[windows_i686_msvc-0.48.0.sha256sum] = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00"
SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+SRC_URI[windows_x86_64_gnu-0.48.0.sha256sum] = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1"
SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+SRC_URI[windows_x86_64_gnullvm-0.48.0.sha256sum] = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953"
SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
-SRC_URI[winnow-0.3.6.sha256sum] = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966"
+SRC_URI[windows_x86_64_msvc-0.48.0.sha256sum] = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
+SRC_URI[winnow-0.4.6.sha256sum] = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699"
SRC_URI[xml5ever-0.17.0.sha256sum] = "4034e1d05af98b51ad7214527730626f019682d797ba38b51689212118d8e650"
SRC_URI[yeslogic-fontconfig-sys-4.0.1.sha256sum] = "ec657fd32bbcbeaef5c7bc8e10b3db95b143fab8db0a50079773dbf936fd4f73"
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch b/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch
deleted file mode 100644
index 15d5abecc6..0000000000
--- a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From c0b0ef51b3c997a1c20ef9381ba2201ed477f609 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Tue, 21 Sep 2021 16:54:23 +0200
-Subject: [PATCH] system-deps/src/lib.rs: do not probe into harcoded list of
- targets
-
-Oe-core defines custom targets, and this probe fails.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- system-deps-6.0.3/src/lib.rs | 16 +---------------
- 2 files changed, 2 insertions(+), 16 deletions(-)
-
-diff --git a/system-deps-6.0.3/src/lib.rs b/system-deps-6.0.3/src/lib.rs
-index 45ab1ce..f87d1ec 100644
---- a/system-deps-6.0.3/src/lib.rs
-+++ b/system-deps-6.0.3/src/lib.rs
-@@ -800,21 +800,7 @@ impl Config {
- }
-
- fn check_cfg(&self, cfg: &cfg_expr::Expression) -> Result<bool, Error> {
-- use cfg_expr::{targets::get_builtin_target_by_triple, Predicate};
--
-- let target = self
-- .env
-- .get("TARGET")
-- .expect("no TARGET env variable defined");
-- let target = get_builtin_target_by_triple(&target)
-- .unwrap_or_else(|| panic!("Invalid TARGET: {}", target));
--
-- let res = cfg.eval(|pred| match pred {
-- Predicate::Target(tp) => Some(tp.matches(target)),
-- _ => None,
-- });
--
-- res.ok_or_else(|| Error::UnsupportedCfg(cfg.original().to_string()))
-+ Ok(true)
- }
- }
-
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
index 1a5d8a6b04..edd7ad38fd 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb
+++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
@@ -19,10 +19,9 @@ inherit cargo_common gnomebase pixbufcache upstream-version-is-even gobject-intr
require ${BPN}-crates.inc
SRC_URI += "file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \
- file://0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch;patchdir=${CARGO_VENDORING_DIRECTORY} \
"
-SRC_URI[archive.sha256sum] = "194b5097d9cd107495f49c291cf0da65ec2b4bb55e5628369751a3f44ba222b3"
+SRC_URI[archive.sha256sum] = "1685aeacae9a441dcb12c0c3ec63706172a2f52705dafbefb8e7311d4d5e430b"
# librsvg is still autotools-based, but is calling cargo from its automake-driven makefiles
# so we cannot use cargo class directly, but still need bits and pieces from it
@@ -51,8 +50,7 @@ do_compile:prepend() {
sed -ie 's,"linker": ".*","linker": "${RUST_TARGET_CC}",g' ${RUST_TARGETS_DIR}/${RUST_HOST_SYS}.json
}
-# Issue only on windows
-CVE_CHECK_IGNORE += "CVE-2018-1000041"
+CVE_STATUS[CVE-2018-1000041] = "not-applicable-platform: Issue only applies on Windows"
CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
diff --git a/poky/meta/recipes-graphics/builder/builder_0.1.bb b/poky/meta/recipes-graphics/builder/builder_0.1.bb
index 39be3bd63f..1700015ded 100644
--- a/poky/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/poky/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,5 +29,4 @@ do_install () {
chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
}
-# -4178 is an unrelated 'builder'
-CVE_CHECK_IGNORE = "CVE-2008-4178"
+CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
index 514672c0ee..5b1c520944 100644
--- a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb
+++ b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=843b6efc16f6b1652ec97f89d5a516c0 \
"
SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "5ee23abd047636c24b2d43c6625dcafc66661d1aca64dec9e0d05df29592624c"
+SRC_URI[sha256sum] = "ea67e3b019b1104d1667aa274f5dc307d8cbd606b399bc32df308a77f1a564bf"
UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb
index 7ecbb04a6a..359272e934 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \
"
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "20770789749ac9ba846df33983dbda22db836c70d9f5d050cb9aa5347094a8fb"
+SRC_URI[sha256sum] = "c1ce780acd385569f25b9a29603d1d5bc71e6940e55bfdd4f7266fad50e42620"
DEPENDS += "glib-2.0-native"
diff --git a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch b/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
deleted file mode 100644
index fab5109f83..0000000000
--- a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 5cf847b5bef8dc3f9f89bd09dd5af4e6603f393c Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 27 Aug 2018 16:10:55 +0800
-Subject: [PATCH] libjpeg-turbo: fix package_qa error
-
-Fix package qa errors like below:
-libjpeg.so.62.3.0 contains probably-redundant RPATH /usr/lib [useless-rpaths]
-usr/bin/cjpeg contains probably-redundant RPATH /usr/lib
-
-Upstream-Status: Inappropriate [oe-specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- CMakeLists.txt | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 2bc3458..ea3041e 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -191,10 +191,6 @@ endif()
- report_option(ENABLE_SHARED "Shared libraries")
- report_option(ENABLE_STATIC "Static libraries")
-
--if(ENABLE_SHARED)
-- set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
--endif()
--
- if(WITH_JPEG8 OR WITH_JPEG7)
- set(WITH_ARITH_ENC 1)
- set(WITH_ARITH_DEC 1)
diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
index e086830c02..146d80008c 100644
--- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
+++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
@@ -2,19 +2,15 @@ SUMMARY = "Hardware accelerated JPEG compression/decompression library"
DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression"
HOMEPAGE = "http://libjpeg-turbo.org/"
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://cdjpeg.h;endline=13;md5=8a61af33cc1c681cd5cc297150bbb5bd \
- file://jpeglib.h;endline=16;md5=52b5eaade8d5b6a452a7693dfe52c084 \
- file://djpeg.c;endline=11;md5=510b386442ab6a27ee241fc5669bc5ea \
- "
+LICENSE = "IJG & BSD-3-Clause & Zlib"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2a8e0d8226a102f07ab63ed7fd6ce155"
+
DEPENDS:append:x86-64:class-target = " nasm-native"
DEPENDS:append:x86:class-target = " nasm-native"
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
- file://0001-libjpeg-turbo-fix-package_qa-error.patch \
- "
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
+SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa"
UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
index 3274475da1..1228217e8c 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
@@ -25,7 +25,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz"
S = "${WORKDIR}/SDL2-${PV}"
-SRC_URI[sha256sum] = "ad8fea3da1be64c83c45b1d363a6b4ba8fd60f5bde3b23ec73855709ec5eabf7"
+SRC_URI[sha256sum] = "d215ae4541e69d628953711496cd7b0e8b8d5c8d811d5b0f98fdc7fd1422998a"
inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even
diff --git a/poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb
index 453096822f..453096822f 100644
--- a/poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb
+++ b/poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb
diff --git a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
index c7bf36023d..acb25a3f0d 100644
--- a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb
+++ b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
@@ -14,8 +14,8 @@ SECTION = "x11"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e"
-SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.18-branch;protocol=https"
-SRCREV = "76993ae8d0fbd17e5bfff80ed495c71e727f0d06"
+SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.19-branch;protocol=https"
+SRCREV = "5bf107ec4f7b18a6457d23abf57560dfb382a751"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))$"
diff --git a/poky/meta/recipes-graphics/libva/libva.inc b/poky/meta/recipes-graphics/libva/libva.inc
index 7ed0c9ed89..3388fea32b 100644
--- a/poky/meta/recipes-graphics/libva/libva.inc
+++ b/poky/meta/recipes-graphics/libva/libva.inc
@@ -18,7 +18,7 @@ LICENSE = "MIT"
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libva-${PV}.tar.bz2"
LIC_FILES_CHKSUM = "file://COPYING;md5=2e48940f94acb0af582e5ef03537800f"
-SRC_URI[sha256sum] = "a3577eeba0c23924686c7e2f2030073736c8282a80f27b5473e33ea94ccd4982"
+SRC_URI[sha256sum] = "963be798d559df7feebda6fa81aa0dae6f9409c633a37909c44c6aa8af1e2174"
S = "${WORKDIR}/libva-${PV}"
diff --git a/poky/meta/recipes-graphics/libva/libva_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva_2.19.0.bb
index 63dc5af8f2..63dc5af8f2 100644
--- a/poky/meta/recipes-graphics/libva/libva_2.18.0.bb
+++ b/poky/meta/recipes-graphics/libva/libva_2.19.0.bb
diff --git a/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
new file mode 100644
index 0000000000..3631a918b0
--- /dev/null
+++ b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
@@ -0,0 +1,34 @@
+From 865762e0a767a121206d818bdd58301afbf30104 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 23 Jun 2023 01:20:38 -0700
+Subject: [PATCH] gallium: Fix build with llvm 17
+
+These headers are not available for C files in llvm 17+
+and they seem to be not needed to compile after all with llvm 17
+so add conditions to exclude them for llvm >= 17
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23827]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/gallium/auxiliary/gallivm/lp_bld_init.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/gallium/auxiliary/gallivm/lp_bld_init.c b/src/gallium/auxiliary/gallivm/lp_bld_init.c
+index 24d0823..3d4573e 100644
+--- a/src/gallium/auxiliary/gallivm/lp_bld_init.c
++++ b/src/gallium/auxiliary/gallivm/lp_bld_init.c
+@@ -42,8 +42,10 @@
+
+ #include <llvm/Config/llvm-config.h>
+ #include <llvm-c/Analysis.h>
++#if LLVM_VERSION_MAJOR < 17
+ #include <llvm-c/Transforms/Scalar.h>
+-#if LLVM_VERSION_MAJOR >= 7
++#endif
++#if LLVM_VERSION_MAJOR >= 7 && LLVM_VERSION_MAJOR < 17
+ #include <llvm-c/Transforms/Utils.h>
+ #endif
+ #include <llvm-c/BitWriter.h>
+--
+2.41.0
+
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb
index ca160f1bfc..ca160f1bfc 100644
--- a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb
+++ b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb
diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc
index ac42a8dd4f..928899008e 100644
--- a/poky/meta/recipes-graphics/mesa/mesa.inc
+++ b/poky/meta/recipes-graphics/mesa/mesa.inc
@@ -17,9 +17,10 @@ PE = "2"
SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
+ file://0001-gallium-Fix-build-with-llvm-17.patch \
"
-SRC_URI[sha256sum] = "a2679031ed5b73b29c4f042ac64d96f83b0cfe4858617de32e2efc196c653a40"
+SRC_URI[sha256sum] = "2f6d7381bc10fbd2d6263ad1022785b8b511046c1a904162f8f7da18eea8aed9"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb
index 96e8aa38d6..96e8aa38d6 100644
--- a/poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb
+++ b/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
new file mode 100644
index 0000000000..4db686fe2f
--- /dev/null
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
@@ -0,0 +1,28 @@
+From ea7b9e6fc0b3f45d6032ce624bed85bbde5ec0bf Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Wed, 21 Jun 2023 20:03:03 +0200
+Subject: [PATCH] scripts/CMakeLists.txt: append to CMAKE_FIND_ROOT_PATH
+ instead of replacing it
+
+Resetting CMAKE_FIND_ROOT_PATH in particular breaks builds in Yocto
+(which is a major cross compiling framework).
+
+Upstream-Status: Backport [https://github.com/KhronosGroup/Vulkan-ValidationLayers/commit/e1b11dc7856765cf45a283ac805ea5066c81cd9b]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ scripts/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
+index 94c8528c8..cd86c54eb 100644
+--- a/scripts/CMakeLists.txt
++++ b/scripts/CMakeLists.txt
+@@ -124,7 +124,7 @@ if (MIMALLOC_INSTALL_DIR)
+ endif()
+
+ if (CMAKE_CROSSCOMPILING)
+- set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
++ set(CMAKE_FIND_ROOT_PATH ${CMAKE_FIND_ROOT_PATH} ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
+ else()
+ set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
+ endif()
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
index bfb4b370b8..62c6343c45 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
@@ -8,8 +8,10 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8df9e8826734226d08cb412babfa599c"
-SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.243;protocol=https"
-SRCREV = "4ac0fd8e6cb3d49105d707d9ec07f0f3aa0943d6"
+SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.250;protocol=https \
+ file://0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch \
+ "
+SRCREV = "1541e00a63cd125f15d231d5a8059ebe66503b25"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb
index afde995fd4..05943bc388 100644
--- a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb
+++ b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c7b12b6702da38ca028ace54aae3d484 \
file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53"
SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/releases/${PV}/downloads/wayland-protocols-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a07fa722ed87676ec020d867714bc9a2f24c464da73912f39706eeef5219e238"
+SRC_URI[sha256sum] = "7459799d340c8296b695ef857c07ddef24c5a09b09ab6a74f7b92640d2b1ba11"
UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
diff --git a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb
index 0838791a6b..d9eae1ff62 100644
--- a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb
+++ b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb
@@ -6,14 +6,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \
file://libweston/compositor.c;endline=27;md5=eb6d5297798cabe2ddc65e2af519bcf0 \
"
-SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/uploads/f5648c818fba5432edc3ea63c4db4813/${BPN}-${PV}.tar.xz \
+SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \
file://weston.png \
file://weston.desktop \
file://xwayland.weston-start \
file://systemd-notify.weston-start \
"
-SRC_URI[sha256sum] = "a413f68c252957fc3191c3650823ec356ae8c124ccc0cb440da5cdc4e2cb9e57"
+SRC_URI[sha256sum] = "b18591eab278bc191720f6c09158040b795e7118af1d5ddca6acd9a8e2039535"
UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
@@ -37,7 +37,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms wayla
${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \
- ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'launcher-libseat', '', d)} \
+ launcher-libseat \
image-jpeg \
screenshare \
shell-desktop \
@@ -71,9 +71,9 @@ PACKAGECONFIG[lcms] = "-Dcolor-management-lcms=true,-Dcolor-management-lcms=fals
# Weston with webp support
PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp"
# Weston with systemd-login support
-PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus"
+PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd dbus"
# Weston with Xwayland support (requires X11 and Wayland)
-PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xwayland"
+PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xcb-util-cursor xwayland"
# colord CMS support
PACKAGECONFIG[colord] = "-Ddeprecated-color-management-colord=true,-Ddeprecated-color-management-colord=false,colord"
# Clients support
@@ -94,6 +94,13 @@ PACKAGECONFIG[shell-kiosk] = "-Dshell-kiosk=true,-Dshell-kiosk=false"
PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg"
# support libseat based launch
PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd"
+# deprecated and superseded by libseat launcher
+PACKAGECONFIG[launcher-logind] = "-Ddeprecated-launcher-logind=true,-Ddeprecated-launcher-logind=false,"
+# screencasting via PipeWire
+PACKAGECONFIG[pipewire] = "-Dbackend-pipewire=true,-Dbackend-pipewire=false,pipewire"
+# VNC remote screensharing
+PACKAGECONFIG[vnc] = "-Dbackend-vnc=true,-Dbackend-vnc=false,neatvnc"
+
do_install:append() {
# Weston doesn't need the .la files to load modules, so wipe them
diff --git a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
index aaa8aa8903..3becd40281 100644
--- a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
+++ b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
@@ -9,7 +9,7 @@ clients and the server, and the different types of screens and visuals \
that are available."
LIC_FILES_CHKSUM = "file://COPYING;md5=f3d09e6b9e203a1af489e16c708f4fb3"
-DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libdmx libxau libxcomposite"
+DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libxau libxcomposite"
PE = "1"
SRC_URI += "file://disable-xkb.patch"
diff --git a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb
index 73d09f058d..3d1a7063ea 100644
--- a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb
+++ b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb
@@ -8,6 +8,7 @@ PE = "1"
LIC_FILES_CHKSUM = "file://COPYING;md5=3ea51b365051ac32d1813a7dbaa4bfc6"
-SRC_URI[sha256sum] = "f8a17e23146bef1ab345a1e303c6749e42aaa7bcf4f25428afad41770721b6db"
+SRC_URI_EXT = "xz"
+SRC_URI[sha256sum] = "0950c600bf33447e169a539ee6655ef9f36d6cebf2c1be67f7ab55dacb753023"
DEPENDS += "libxau libxt libxext libxmu libxrender libxi"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
deleted file mode 100644
index 3634d53208..0000000000
--- a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-require xorg-lib-common.inc
-
-SUMMARY = "DMX: Distributed Multihead X extension library"
-
-DESCRIPTION = "The DMX extension provides support for communication with \
-and control of Xdmx(1) server. Attributes of the Xdmx(1) server and of \
-the back-end screens attached to the server can be queried and modified \
-via this protocol."
-
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a3c3499231a8035efd0e004cfbd3b72a \
- file://src/dmx.c;endline=33;md5=c43f19af03c7c8619cadc9724ed9afe1"
-
-DEPENDS += "libxext xorgproto"
-
-PE = "1"
-
-XORG_EXT = "tar.bz2"
-
-SRC_URI[md5sum] = "d2f1f0ec68ac3932dd7f1d9aa0a7a11c"
-SRC_URI[sha256sum] = "253f90005d134fa7a209fbcbc5a3024335367c930adf0f3203e754cf32747243"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
index cf2e29471a..1cfa56b21e 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
@@ -24,7 +24,7 @@ XORG_PN = "libX11"
SRC_URI += "file://disable_tests.patch"
-SRC_URI[sha256sum] = "e362c6f03c793171becd1ce2078c64789504c7d7ff48ee40a76ff76b59f6b561"
+SRC_URI[sha256sum] = "59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9"
inherit gettext
diff --git a/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb
new file mode 100644
index 0000000000..047697845c
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb
@@ -0,0 +1,10 @@
+require recipes-graphics/xorg-lib/xcb-util.inc
+
+SUMMARY = "XCB port of libXcursor"
+
+DEPENDS += "xcb-util xcb-util-renderutil xcb-util-image"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ce469b61c70ff8d7cce0547476891974"
+
+SRC_URI[sha256sum] = "28dcfe90bcab7b3561abe0dd58eb6832aa9cc77cfe42fcdfa4ebe20d605231fb"
diff --git a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb
index 53dfe1634a..4795464ac0 100644
--- a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb
@@ -13,7 +13,7 @@ LICENSE = "MIT & MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=0e7f21ca7db975c63467d2e7624a12f9"
SRC_URI = "${XORG_MIRROR}/individual/data/xkeyboard-config/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0690a91bab86b18868f3eee6d41e9ec4ce6894f655443d490a2184bfac56c872"
+SRC_URI[sha256sum] = "5ac5f533eff7b0c116805fe254fd79b2c9882700a4f9f2c070f8c4eae5aaa682"
SECTION = "x11/libs"
DEPENDS = "util-macros libxslt-native"
diff --git a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb
index cd5aedb59d..781382e516 100644
--- a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb
@@ -9,10 +9,8 @@ except in the X Transport Interface code."
require xorg-lib-common.inc
-LICENSE = "MIT & MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=49347921d4d5268021a999f250edc9ca"
-
-XORG_EXT = "tar.bz2"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=bc875e1c864f4f62b29f7d8651f627fa"
SRC_URI += "file://multilibfix.patch"
@@ -24,5 +22,4 @@ inherit gettext
BBCLASSEXTEND = "native nativesdk"
-SRC_URI[md5sum] = "ce2fb8100c6647ee81451ebe388b17ad"
-SRC_URI[sha256sum] = "377c4491593c417946efcd2c7600d1e62639f7a8bbca391887e2c4679807d773"
+SRC_URI[sha256sum] = "1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd"
diff --git a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb
index a1cd66c744..94d37c56bc 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb
@@ -6,10 +6,10 @@ BUGTRACKER = "https://bugs.freedesktop.org/enter_bug.cgi?product=xorg"
SECTION = "x11/libs"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=dfc4bd2b0568b31725b85b0604e69b56"
+LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=0b9fe3db4015bcbe920e7c67a39ee3f1"
SRC_URI = "${XORG_MIRROR}/individual/proto/${BP}.tar.xz"
-SRC_URI[sha256sum] = "5d13dbf2be08f95323985de53352c4f352713860457b95ccaf894a647ac06b9e"
+SRC_URI[sha256sum] = "b61fbc7db82b14ce2dc705ab590efc32b9ad800037113d1973811781d5118c2c"
inherit meson
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index ecb164ddf7..085fcaf87a 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -20,16 +20,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
CVE_PRODUCT = "xorg-server x_server"
-# This is specific to Debian's xserver-wrapper.c
-CVE_CHECK_IGNORE += "CVE-2011-4613"
-# As per upstream, exploiting this flaw is non-trivial and it requires exact
-# timing on the behalf of the attacker. Many graphical applications exit if their
-# connection to the X server is lost, so a typical desktop session is either
-# impossible or difficult to exploit. There is currently no upstream patch
-# available for this flaw.
-CVE_CHECK_IGNORE += "CVE-2020-25697"
-# This is specific to XQuartz, which is the macOS X server port
-CVE_CHECK_IGNORE += "CVE-2022-3553"
+
+CVE_STATUS[CVE-2011-4613] = "not-applicable-platform: This is specific to Debian's xserver-wrapper.c"
+CVE_STATUS[CVE-2020-25697] = "upstream-wontfix: \
+As per upstream, exploiting this flaw is non-trivial and it requires exact \
+timing on the behalf of the attacker. Many graphical applications exit if their \
+connection to the X server is lost, so a typical desktop session is either \
+impossible or difficult to exploit. There is currently no upstream patch \
+available for this flaw."
+CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port"
S = "${WORKDIR}/${XORG_PN}-${PV}"
diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
index a065e92f01..de516536d1 100644
--- a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb
+++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "fb9461f5cb9fea5e07e91882311b0c88b43e8843b017ebac05eb5af69aa34c15"
+SRC_URI[sha256sum] = "bd25d8498ee4d77874fda125127e2db37fc332531febc966231ea06fae8cf77f"
UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
diff --git a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb
index b5c0834d89..f9a3811669 100644
--- a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb
+++ b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSES/GPL-2.0;md5=e6a75371ba4d16749254a51215d13f97
file://LICENSES/LGPL-2.1;md5=b370887980db5dd40659b50909238dbd"
SECTION = "libs"
-SRCREV = "1c6f0f3b2bb47571fc455dc565dc343152517d98"
+SRCREV = "dd148189b74da3e2f45c7e536319fec97cb71213"
SRC_URI = "git://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git;branch=${BPN};protocol=https \
file://0001-makefile-Do-not-preserve-ownership-in-cp-command.patch"
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index 3470131294..329a3e3c9a 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "a0997fc7a9af4e46d96529d6ef13b58a"
+WHENCE_CHKSUM = "57bf874056926f12aec2405d3fc390d9"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "8b1acfa16f1ee94732a6acb50d9d6c835cf53af11068bd89ed207bbe04a1e951"
+SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d"
inherit allarch
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch
deleted file mode 100644
index 5b7c1b6e21..0000000000
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From dc221138c809125dc1bbff8506c70cb7bd846368 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 12 Sep 2018 17:08:58 -0700
-Subject: [PATCH] include linux/stddef.h in swab.h uapi header
-
-swab.h uses __always_inline without including the header where it is
-defined, this is exposed by musl based distributions where this macro is
-not defined by system C library headers unlike glibc where it is defined
-in sys/cdefs.h and that header gets pulled in indirectly via
-
-features.h -> sys/cdefs.h
-
-and features.h gets pulled in a lot of headers. Therefore it may work in
-cases where features.h is includes but not otherwise.
-
-Adding linux/stddef.h here ensures that __always_inline is always
-defined independent of which C library is used in userspace
-
-Upstream-Status: Submitted [https://lkml.org/lkml/2018/9/13/78]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Cc: Philippe Ombredanne <pombredanne@nexb.com>
-Cc: Kate Stewart <kstewart@linuxfoundation.org>
-Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-
----
- include/uapi/linux/swab.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
-index 7272f85d6..2912fe463 100644
---- a/include/uapi/linux/swab.h
-+++ b/include/uapi/linux/swab.h
-@@ -3,6 +3,7 @@
- #define _UAPI_LINUX_SWAB_H
-
- #include <linux/types.h>
-+#include <linux/stddef.h>
- #include <linux/compiler.h>
- #include <asm/bitsperlong.h>
- #include <asm/swab.h>
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
index cbdebdc1e8..c52315499e 100644
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb
+++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
@@ -4,7 +4,6 @@ SRC_URI:append:libc-musl = "\
file://0001-libc-compat.h-fix-some-issues-arising-from-in6.h.patch \
file://0003-remove-inclusion-of-sysinfo.h-in-kernel.h.patch \
file://0001-libc-compat.h-musl-_does_-define-IFF_LOWER_UP-DORMAN.patch \
- file://0001-include-linux-stddef.h-in-swab.h-uapi-header.patch \
"
SRC_URI += "\
@@ -13,6 +12,6 @@ SRC_URI += "\
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-SRC_URI[sha256sum] = "2ca1f17051a430f6fed1196e4952717507171acfd97d96577212502703b25deb"
+SRC_URI[sha256sum] = "8fa0588f0c2ceca44cac77a0e39ba48c9f00a6b9dc69761c02a5d3efac8da7f3"
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 4cc151901b..2eb4836c35 100644
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,20 +1,329 @@
+CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3016
+# Fixed with 5.6
+CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed in version v5.6"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3819
+# Fixed with 5.1
+CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed in version v5.1"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3887
+# Fixed with 5.2
+CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed in version v5.2"
+
+CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_STATUS[CVE-2020-27784] = "cpe-stable-backport: Backported in version v5.4.73"
+
+
+# 2021
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
+CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed in version v5.15"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_STATUS[CVE-2021-3759] = "cpe-stable-backport: Backported in versions v5.4.224 and v6.1.11"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
+CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed in version v5.8"
+
+
+# 2022
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
+CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed in version v5.15"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
+# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
+# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
+# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
+CVE_STATUS[CVE-2022-1184] = "cpe-stable-backport: Backported in versions v5.4.198, v5.10.121 and v5.15.46"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_STATUS[CVE-2022-1462] = "cpe-stable-backport: Backported in versions v5.4.208, v5.10.134 and v5.15.58"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54
+# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in versions v5.4.1233, v5.10.170, v5.15.46 and v6.1.14"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
+# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
+# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
+# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
+# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
+CVE_STATUS[CVE-2022-2308] = "cpe-stable-backport: Backported in versions v5.15.72 and v5.19.14"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
+CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed in version v5.10.125"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
+# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
+# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
+# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
+# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
+# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
+CVE_STATUS[CVE-2022-2663] = "cpe-stable-backport: Backported in versions v5.4.213, v5.10.143, v5.15.68 and v5.19.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
+# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
+# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
+CVE_STATUS[CVE-2022-2785] = "cpe-stable-backport: Backported in version v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
+# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
+# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
+# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
+CVE_STATUS[CVE-2022-3176] = "cpe-stable-backport: Backported in version v5.15.65"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.86 and v 6.1.2"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
+# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
+# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
+# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_STATUS[CVE-2022-3435] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.158 and v5.15.82"
+
# https://nvd.nist.gov/vuln/detail/CVE-2022-3523
# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
# Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33
-CVE_CHECK_IGNORE += "CVE-2022-3523"
+CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed in version v6.1"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
+# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
+# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
+# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
+CVE_STATUS[CVE-2022-3526] = "cpe-stable-backport: Backported in version v5.15.35"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
+# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
+# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
+# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
+# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
+# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
+CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in versions v5.10.163, v5.15.86 and v6.1.2"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_STATUS[CVE-2022-3564] = "cpe-stable-backport: Backported in versions v5.10.154 and v5.15.78"
# https://nvd.nist.gov/vuln/detail/CVE-2022-3566
# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
# Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57
-CVE_CHECK_IGNORE += "CVE-2022-3566"
+CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed in version v6.1"
# https://nvd.nist.gov/vuln/detail/CVE-2022-3567
# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
# Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
-CVE_CHECK_IGNORE += "CVE-2022-3567"
+CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed in version v6.1"
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
+# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
+# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
+# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
+CVE_STATUS[CVE-2022-3619] = "cpe-stable-backport: Backported in version v5.15.78"
-# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_STATUS[CVE-2022-3621] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_STATUS[CVE-2022-3623] = "cpe-stable-backport: Backported in versions v5.4.228, v5.10.159, v5.15.78 and v 5.19.17"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
+# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
+# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
+CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed in version v6.0"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
+# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
+# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
+# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
+# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
+# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
+# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
+CVE_STATUS[CVE-2022-3625] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_STATUS[CVE-2022-3629] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
+# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
+# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
+# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
+CVE_STATUS[CVE-2022-3630] = "cpe-stable-backport: Backported in version v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_STATUS[CVE-2022-3633] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_STATUS[CVE-2022-3635] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
+# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
+# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
+CVE_STATUS[CVE-2022-3636] = "cpe-stable-backport: Backported in version v5.19"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
+# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
+# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
+# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
+# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
+# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
+# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
+# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
+# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
+CVE_STATUS[CVE-2022-3640] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_STATUS[CVE-2022-3646] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_STATUS[CVE-2022-3649] = "cpe-stable-backport: Backported in versions v5.4.220, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
+# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in versions v5.4.230, v5.10.165, v5.15.90 and v6.1.8"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_STATUS[CVE-2022-26365] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_STATUS[CVE-2022-33740] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_STATUS[CVE-2022-33741] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_STATUS[CVE-2022-33742] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_STATUS[CVE-2022-42895] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
+# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
+# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
+# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
+CVE_STATUS[CVE-2022-42896] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.154 and v5.15.78"
# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
@@ -26,11 +335,271 @@ CVE_CHECK_IGNORE += "CVE-2022-3567"
# * https://www.linuxkernelcves.com/cves/CVE-2022-38457
# * https://www.linuxkernelcves.com/cves/CVE-2022-40133
# * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
-CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133"
+CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in version v6.1.7"
+CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in version v6.1.7"
+
+# Backported to 6.1.33
+CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in version v6.1.33"
+
+# 2023
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
+# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
+# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
+# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
+# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
+CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in versions v5.10.164, v5.15.89 and v6.1.7"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
+# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
+# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
+CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in versions v5.15.88 and v6.1.6"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.164, v5.15.89 and v6.1.7"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
+# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
+# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
+# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
+# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
+CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.88 and v6.1.5"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
+# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in versions v5.10.166, v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in versions v5.15.91 andv6.1.9"
# https://nvd.nist.gov/vuln/detail/CVE-2023-1075
# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
# 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch
-CVE_CHECK_IGNORE += "CVE-2023-1075"
+CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in version v6.1.11"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
+# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
+# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11
+# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178
+# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
+# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
+# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
+CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in versions v5.15.99 and v6.1.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in versions v5.15.94 and v6.1.12"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
+# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
+# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6
+# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
+# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
+# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
+# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
+CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in versions v5.10.169, v5.15.95 and v6.1.13"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in versions v5.4.232, v5.10.169, v5.15.95 and v6.1.13"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
+# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
+# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
+# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
+# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
+CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
+# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
+CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.100, v6.1.18 and v6.2.5"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
+# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
+# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
+# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
+# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
+# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
+CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in versions v5.15.05, v6.1.20 and v6.2.7"
+
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-0615
+# Fixed in 6.1 onwards
+CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed in version v6.1 onwards"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-28328
+# Fixed with 6.1.2
+CVE_STATUS[CVE-2023-28328] = "fixed-version: Fixed in version v6.1.2"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-2162
+# Fixed in 6.1.11
+CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed in version v6.1.11"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-0459
+# Fixed in 6.1.14 onwards
+CVE_STATUS[CVE-2023-0459] = "fixed-version: Fixed in version v6.1.14"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1999
+# https://www.linuxkernelcves.com/cves/CVE-2023-2985
+# Fixed in 6.1.16
+CVE_STATUS[CVE-2023-1998] = "fixed-version: Fixed in version v6.1.16"
+CVE_STATUS[CVE-2023-2985] = "fixed-version: Fixed in version v6.1.16"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1855
+# https://www.linuxkernelcves.com/cves/CVE-2023-1990
+# https://www.linuxkernelcves.com/cves/CVE-2023-2235
+# https://www.linuxkernelcves.com/cves/CVE-2023-30456
+# Fixed in 6.1.21
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6121"
+CVE_STATUS_KERNEL_6121 = "CVE-2023-1855 CVE-2023-1990 CVE-2023-2235 CVE-2023-30456"
+CVE_STATUS_KERNEL_6121[status] = "fixed-version: Fixed in version v6.1.21"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1989
+# https://www.linuxkernelcves.com/cves/CVE-2023-2194
+# https://www.linuxkernelcves.com/cves/CVE-2023-28866
+# https://www.linuxkernelcves.com/cves/CVE-2023-30772
+# https://www.linuxkernelcves.com/cves/CVE-2023-33203
+# https://www.linuxkernelcves.com/cves/CVE-2023-33288
+# Fixed with 6.1.22
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6122"
+CVE_STATUS_KERNEL_6122 = "CVE-2023-2194 CVE-2023-1989 CVE-2023-28866 CVE-2023-30772 CVE-2023-33203 CVE-2023-33288"
+CVE_STATUS_KERNEL_6122[status] = "fixed-version: Fixed in version v6.1.22"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1611
+# Fixed in 6.1.23
+CVE_STATUS[CVE-2023-1611] = "fixed-version: Fixed in version v6.1.23"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1859
+# Fixed in 6.1.25
+CVE_STATUS[CVE-2023-1859] = "fixed-version: Fixed in version v6.1.25"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-2156
+# https://www.linuxkernelcves.com/cves/CVE-2023-31436
+# Fixed in 6.1.26
+CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed in version v6.1.26"
+CVE_STATUS[CVE-2023-31436] = "fixed-version: Fixed in version v6.1.26"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1380
+# https://www.linuxkernelcves.com/cves/CVE-2023-2002
+# Fixed in 6.1.27
+CVE_STATUS[CVE-2023-1380] = "fixed-version: Fixed in version v6.1.27"
+CVE_STATUS[CVE-2023-2002] = "fixed-version: Fixed in version v6.1.27"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-32233
+# Fixed with 6.1.28
+CVE_STATUS[CVE-2023-32233] = "fixed-version: Fixed in version v6.1.28"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-34256
+# Fixed in 6.1.29
+CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed in version v6.1.29"
+
+
+# Backported to 6.1.9
+CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in version v6.1.9"
+
+# Backported to 6.1.11
+CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in version v6.1.11"
+CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in version v6.1.11"
+
+# Backported to 6.1.16
+CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in version v6.1.16"
+
+# Backported to 6.1.28
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6128"
+CVE_STATUS_KERNEL_6128 = "CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35826 CVE-2023-35828 CVE-2023-35829"
+CVE_STATUS_KERNEL_6122[status] = "cpe-stable-backport: Backported in version v6.1.28"
+
+# Backported to 6.1.30
+# Backported to 6.1.30 as 9a342d4
+CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in version v6.1.30"
+CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in version v6.1.30 as 9a342d4"
+
+# Backported to 6.1.33
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6133"
+CVE_STATUS_KERNEL_6133 = "CVE-2023-2124 CVE-2023-3212 CVE-2023-35788"
+CVE_STATUS_KERNEL_6133[status] = "cpe-stable-backport: Backported in version v6.1.33"
+
+# Backported to 6.1.35
+CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in version v6.1.35"
+CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in version v6.1.35"
+
+# Backported to 6.1.36
+CVE_STATUS[CVE-2023-3389] = "cpe-stable-backport: Backported in version v6.1.36"
+
+# Only in 6.2.0 to 6.2.14, and 6.3.0 to 6.3.1
+CVE_STATUS[CVE-2023-3312] = "not-applicable-config: Only in versions v6.2.0 to v6.2.4 and v6.3.0 to v6.3.1"
+
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
+# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
+# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
+# But, the CVE is disputed:
+CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \
+in which a user can cause the alloc_memory_type error case to be reached. \
+See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2"
+
+CVE_STATUS[CVE-2023-28464] = "not-applicable-config: Only in 6.3-rc"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index 54ead24ded..d4488b360c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "6f370bf9127713eccdfb3cf009c46ef4852aec28"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine ?= "efb2c857761e865cd7947aab42eaa5ba77ef6ee7"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
new file mode 100644
index 0000000000..9273a08c61
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
@@ -0,0 +1,48 @@
+KBRANCH ?= "v6.4/standard/preempt-rt/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+# Skip processing of this recipe if it is not explicitly specified as the
+# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
+# to build multiple virtual/kernel providers, e.g. as dependency of
+# core-image-rt-sdk, core-image-rt.
+python () {
+ if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt":
+ raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
+}
+
+SRCREV_machine ?= "917d160a84f61aada28d09f5afc04d6451fa52a0"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+LINUX_VERSION ?= "6.4.3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+LINUX_KERNEL_TYPE = "preempt-rt"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index fd2e2511d5..4e45e25975 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.1.inc
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
new file mode 100644
index 0000000000..39abfcbb08
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
@@ -0,0 +1,33 @@
+KBRANCH ?= "v6.4/standard/tiny/base"
+
+LINUX_KERNEL_TYPE = "tiny"
+KCONFIG_MODE = "--allnoconfig"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+LINUX_VERSION ?= "6.4.3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "2"
+
+SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$"
+
+# Functionality flags
+KERNEL_FEATURES = ""
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 04a8105e17..0cc303c009 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -62,7 +62,7 @@ KERNEL_FEATURES:append:qemuall=" features/kernel-sample/kernel-sample.scc"
KERNEL_DEBUG ?= ""
# These used to be version specific, but are now common dependencies. New
# tools / dependencies will continue to be added in version specific recipes.
-DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64" ], "elfutils-native", "", d)}'
+DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64", "powerpc" ], "elfutils-native", "", d)}'
DEPENDS += "openssl-native util-linux-native"
DEPENDS += "gmp-native libmpc-native"
DEPENDS += '${@bb.utils.contains("KERNEL_DEBUG", "True", "pahole-native", "", d)}'
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 1838a1e031..a76d2dc404 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -17,25 +17,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.1/standard/base"
KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "915f4d2237d1c8e23eb67eda0b8e9b24373a80b4"
-SRCREV_machine:qemuarm64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuloongarch64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemumips ?= "1aad3fa2eba5594fb4e779fc53fef6046d833c91"
-SRCREV_machine:qemuppc ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuriscv64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuriscv32 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemux86 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemux86-64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemumips64 ?= "53e7685d6da27e112397e71c27a0bce0fc9313a9"
-SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine:qemuarm ?= "a74344429a095a5941cd8dfac532160349344c92"
+SRCREV_machine:qemuarm64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuloongarch64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemumips ?= "78c81e178f8e2ffbb7c03cd324cf50ee0c5c4cf2"
+SRCREV_machine:qemuppc ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuriscv64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuriscv32 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemux86 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemux86-64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemumips64 ?= "6c6b1170464e1f64f78a45cf7e78d5c678f38f48"
+SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "e84a4e368abe42cf359fe237f0238820859d5044"
+SRCREV_machine:class-devupstream ?= "61fd484b2cf6bc8022e8e5ea6f693a9991740ac2"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.1/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
new file mode 100644
index 0000000000..443a89cc1e
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
@@ -0,0 +1,71 @@
+KBRANCH ?= "v6.4/standard/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+# board specific branches
+KBRANCH:qemuarm ?= "v6.4/standard/arm-versatile-926ejs"
+KBRANCH:qemuarm64 ?= "v6.4/standard/qemuarm64"
+KBRANCH:qemumips ?= "v6.4/standard/mti-malta32"
+KBRANCH:qemuppc ?= "v6.4/standard/qemuppc"
+KBRANCH:qemuriscv64 ?= "v6.4/standard/base"
+KBRANCH:qemuriscv32 ?= "v6.4/standard/base"
+KBRANCH:qemux86 ?= "v6.4/standard/base"
+KBRANCH:qemux86-64 ?= "v6.4/standard/base"
+KBRANCH:qemuloongarch64 ?= "v6.4/standard/base"
+KBRANCH:qemumips64 ?= "v6.4/standard/mti-malta64"
+
+SRCREV_machine:qemuarm ?= "aa7642358697dc9be32c4563a3d950f257a3f2ed"
+SRCREV_machine:qemuarm64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuloongarch64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemumips ?= "8a3ac37b45e7dcc98d28ab3920309340202272d9"
+SRCREV_machine:qemuppc ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuriscv64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuriscv32 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemux86 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemux86-64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemumips64 ?= "144ff37fee7f0499574d5b508e4db82234f38fec"
+SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
+# get the <version>/base branch, which is pure upstream -stable, and the same
+# meta SRCREV as the linux-yocto-standard builds. Select your version using the
+# normal PREFERRED_VERSION settings.
+BBCLASSEXTEND = "devupstream:target"
+SRCREV_machine:class-devupstream ?= "160f4124ea8b4cd6c86867e111fa55e266345a16"
+PN:class-devupstream = "linux-yocto-upstream"
+KBRANCH:class-devupstream = "v6.4/base"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
+ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+LINUX_VERSION ?= "6.4.3"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
+KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc"
+
+INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel"
+
diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
index 916408bff0..424b0fa645 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
@@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://0001-Makefile.am-update-rpath-link.patch \
"
-SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
+SRC_URI[sha256sum] = "e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5"
CVE_PRODUCT = "ust"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 2d803381bb..7d90ac3612 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -383,7 +383,7 @@ PACKAGESPLITFUNCS =+ "perf_fix_sources"
perf_fix_sources () {
for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \
- util/expr-flex.h util/expr-flex.c; do
+ util/pmu-flex.h util/expr-flex.h util/expr-flex.c; do
f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f
if [ -e $f ]; then
sed -i -e 's#${S}/##g' $f
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
index a8bf09904d..d482e27683 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
@@ -16,7 +16,7 @@ inherit autotools pkgconfig
EXTRA_OECONF += " \
${@bb.utils.contains('TARGET_FPU', 'soft', '--with-softfloat', '', d)} \
- --disable-python \
+ --disable-python --disable-old-symbols \
"
PACKAGES =+ "alsa-server alsa-conf libatopology"
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch
new file mode 100644
index 0000000000..94e0ba6d10
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch
@@ -0,0 +1,35 @@
+From 85eefb65eb632d827e17a72518dd289dcd721084 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 2 Jul 2023 19:29:55 -0700
+Subject: [PATCH] libswscale/riscv: Fix syntax of vsetvli
+
+Add missing operand which clang complains about but gcc assumes it to be
+'m1' if not specifiied.
+
+Fixes building with clang
+| src/libswscale/riscv/rgb2rgb_rvv.S:88:25: error: operand must be e[8|16|32|64|128|256|512|1024],m[1|2|4|8|f2|f4|f8],[ta|tu],[ma|mu]
+| vsetvli t4, t3, e8, ta, ma
+| ^
+
+Upstream-Status: Submitted [https://ffmpeg.org/pipermail/ffmpeg-devel/2023-July/311514.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libswscale/riscv/rgb2rgb_rvv.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libswscale/riscv/rgb2rgb_rvv.S b/libswscale/riscv/rgb2rgb_rvv.S
+index 5626d90..bbdfdbe 100644
+--- a/libswscale/riscv/rgb2rgb_rvv.S
++++ b/libswscale/riscv/rgb2rgb_rvv.S
+@@ -85,7 +85,7 @@ func ff_interleave_bytes_rvv, zve32x
+ mv t3, a3
+ addi a4, a4, -1
+ 2:
+- vsetvli t4, t3, e8, ta, ma
++ vsetvli t4, t3, e8, m1, ta, ma
+ sub t3, t3, t4
+ vle8.v v8, (t0)
+ add t0, t4, t0
+--
+2.41.0
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
index f84d9bb6d0..181c17d9d6 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
@@ -22,7 +22,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \
file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
-SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
+SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
+ file://0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch"
SRC_URI[sha256sum] = "57be87c22d9b49c112b6d24bc67d42508660e6b718b3db89c44e47e289137082"
diff --git a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb
index d3ece3f3cf..d4e463cda5 100644
--- a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb
+++ b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb
@@ -5,15 +5,15 @@ BUGTRACKER = "https://github.com/xiph/flac/issues"
SECTION = "libs"
LICENSE = "GFDL-1.2 & GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
- file://src/Makefile.am;beginline=1;endline=17;md5=146d2c8c2fd287545cc1bd81f31e8758 \
+ file://src/Makefile.am;beginline=1;endline=17;md5=b1dab2704be7f01bfbd9b7f6d5f000a9 \
file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://src/flac/main.c;beginline=1;endline=18;md5=893456854ce6bf14a1a7ea77266eebab \
+ file://src/flac/main.c;beginline=1;endline=18;md5=23099119c034d894bd1bf7ef5bd22101 \
file://COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24 \
- file://COPYING.Xiph;md5=3d6da238b5b57a0965d6730291119f65 \
+ file://COPYING.Xiph;md5=0c90e41ab2fa7e69ca9391330d870221 \
file://include/FLAC/all.h;beginline=65;endline=70;md5=39aaf5e03c7364363884c8b8ddda8eea"
SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz"
-SRC_URI[sha256sum] = "e322d58a1f48d23d9dd38f432672865f6f79e73a6f9cc5a5f57fcaa83eb5a8e4"
+SRC_URI[sha256sum] = "6c58e69cd22348f441b861092b825e591d0b822e106de6eb0ee4d05d27205b70"
CVE_PRODUCT = "libflac flac"
@@ -25,11 +25,8 @@ EXTRA_OECONF = "--disable-oggtest \
"
PACKAGECONFIG ??= " \
- ${@bb.utils.filter("TUNE_FEATURES", "altivec vsx", d)} \
ogg \
"
-PACKAGECONFIG[altivec] = "--enable-altivec,--disable-altivec"
-PACKAGECONFIG[vsx] = "--enable-vsx,--disable-vsx"
PACKAGECONFIG[avx] = "--enable-avx,--disable-avx"
PACKAGECONFIG[ogg] = "--enable-ogg --with-ogg-libraries=${STAGING_LIBDIR} --with-ogg-includes=${STAGING_INCDIR},--disable-ogg,libogg"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb
index fa82ef7861..beaf1a9b91 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "446ac9c42d502cbfd9081737cc1b853b3c1f50db77ca7ccd01aea10f687550c1"
+SRC_URI[sha256sum] = "4c52053ce8c1df72fd81721e9f53de3b146edcf2de28f607be705bce4cf909d1"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb
index c5af676a95..4d59353e08 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "2ec5c805808b4371a7e32b1da0202a1c8a6b36b6ce905080bf5c34097d12a923"
+SRC_URI[sha256sum] = "9a751bc740de768e791c37a95f0a924c6a41d12fd7f37f54ce6a4e834be122d3"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb
index 694a12b1c1..fc70805daf 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "6f51c2331c334593c2c3cf12e9f22b9e3b419a3247cfb2fec0e1bd845569863a"
+SRC_URI[sha256sum] = "5fcb872d977b035fb75a2d0ea955ba052dc3bdae282f8f60aa9d865808784211"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb
index 3aa53193af..16d53203a4 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb
@@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://0002-avoid-including-sys-poll.h-directly.patch \
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[sha256sum] = "e1798fee2d86127f0637481c607f983293bf0fd81aad70a5c7b47205af3621d8"
+SRC_URI[sha256sum] = "eaaf53224565eaabd505ca39c6d5769719b45795cf532ce1ceb60e1b2ebe99ac"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb
index 44056b04e9..3c0cb7dc6c 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
"
-SRC_URI[sha256sum] = "1c596289a0d4207380233eba8c36a932c4d1aceba19932937d9b57c24cef89f3"
+SRC_URI[sha256sum] = "292424e82dea170528c42b456f62a89532bcabc0508f192e34672fb86f68e5b8"
S = "${WORKDIR}/gst-plugins-base-${PV}"
@@ -21,7 +21,8 @@ inherit gobject-introspection
# opengl packageconfig factored out to make it easy for distros
# and BSP layers to choose OpenGL APIs/platforms/window systems
-PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl', '', d)}"
+PACKAGECONFIG_X11 = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'opengl glx', '', d)}"
+PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl ${PACKAGECONFIG_X11}', '', d)}"
PACKAGECONFIG ??= " \
${GSTREAMER_ORC} \
@@ -32,7 +33,7 @@ PACKAGECONFIG ??= " \
"
OPENGL_APIS = 'opengl gles2'
-OPENGL_PLATFORMS = 'egl'
+OPENGL_PLATFORMS = 'egl glx'
X11DEPENDS = "virtual/libx11 libsm libxrender libxv"
X11ENABLEOPTS = "-Dx11=enabled -Dxvideo=enabled -Dxshm=enabled"
@@ -61,6 +62,7 @@ PACKAGECONFIG[gles2] = ",,virtual/libgles2"
# OpenGL platform packageconfigs
PACKAGECONFIG[egl] = ",,virtual/egl"
+PACKAGECONFIG[glx] = ",,virtual/libgl"
# OpenGL window systems (except for X11)
PACKAGECONFIG[gbm] = ",,virtual/libgbm libgudev libdrm"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb
index 8de1d1c5f5..0ae1758a3f 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch"
-SRC_URI[sha256sum] = "af81154b3a2ef3f4d2feba395f25696feea6fd13ec62c92d3c7a973470710273"
+SRC_URI[sha256sum] = "d7120c1146a9d723d53d5bfe8074da2575a81f0598438752937f39bb7c833b6a"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb
index 21102d59b6..1b3d3b6da7 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb
@@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial"
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "3dc98ed5c2293368b3c4e6ce55d89be834a0a62e9bf88ef17928cf03b7d5a360"
+SRC_URI[sha256sum] = "ffb461fda6c06d316c4be5682632cc8901454ed72b1098b1e0221bc55e673cd7"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb
index 0cf1908e76..e35bef3d56 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "70bed3fabe634bc622ef6de4e6eb1c33bc9cefd64bdab200f6fa316b468c731c"
+SRC_URI[sha256sum] = "e1302dcc0f2451b64380dcc0dd3b82735795e8951dc812d938d8ba91f388163e"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb
index 0f8a89db7c..29eb4bb011 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "d02a39dfa9bdbf99a3dd2d378e17942b3ce42dfe36fb0c27e2d0b01722fc561d"
+SRC_URI[sha256sum] = "4666612d7a99c60dcd6f0bdba1b7a74d2562a0501b2a3e0576f0916bf1d8811b"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb
index 6e0014c090..34c15bb377 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a27867062e8b69305fca5b7d3f13ed7c318b703e7d72756c94395bd305c7b32c"
+SRC_URI[sha256sum] = "967b8e353d82d0081a68dc53639b25d9fb4ca89bfa1e061403e0cd7d23585ba6"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb
index ca7548758c..2eadb79637 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb
@@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
"
-SRC_URI[sha256sum] = "9ffeab95053f9f6995eb3b3da225e88f21c129cd60da002d3f795db70d6d5974"
+SRC_URI[sha256sum] = "11cb0498bc16b93d8b99d22f75f829b8d0abfd8254840b2120618db5532dc655"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
index a6c229f5cf..293bf2858d 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
@@ -5,13 +5,13 @@ library for use in applications that read, create, and manipulate PNG \
HOMEPAGE = "http://www.libpng.org/"
SECTION = "libs"
LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8f533bc367bfd43f556b6f782234c076"
DEPENDS = "zlib"
LIBV = "16"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
+SRC_URI[sha256sum] = "535b479b2467ff231a3ec6d92a525906fb8ef27978be4f66dbe05d3f3a01b3a1"
MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
@@ -32,5 +32,4 @@ FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
BBCLASSEXTEND = "native nativesdk"
-# CVE-2019-17371 is actually a memory leak in gif2png 2.x
-CVE_CHECK_IGNORE += "CVE-2019-17371"
+CVE_STATUS[CVE-2019-17371] = "cpe-incorrect: A memory leak in gif2png 2.x"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
deleted file mode 100644
index e356d377ea..0000000000
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-CVE: CVE-2022-48281
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
-From: Su Laus <sulau@freenet.de>
-Date: Sat, 21 Jan 2023 15:58:10 +0000
-Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
-
----
- tools/tiffcrop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 14fa18da..7db69883 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
- cropsize + NUM_BUFF_OVERSIZE_BYTES);
- else
- {
-- prev_cropsize = seg_buffs[0].size;
-+ prev_cropsize = seg_buffs[i].size;
- if (prev_cropsize < cropsize)
- {
- next_buff = _TIFFrealloc(
---
-GitLab
-
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
deleted file mode 100644
index 7db0a35f72..0000000000
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 29 Apr 2023 12:20:46 +0200
-Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
- strip whith a missing end-of-information marker (fixes #548)
-
-CVE: CVE-2023-2731
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
-
----
- libtiff/tif_lzw.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index ba75a07e..d631fa10 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
-
- if (sp->read_error)
- {
-+ TIFFErrorExtR(tif, module,
-+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
-+ "previous error",
-+ tif->tif_row);
- return 0;
- }
-
-@@ -742,6 +746,7 @@ after_loop:
- return (1);
-
- no_eoi:
-+ sp->read_error = 1;
- TIFFErrorExtR(tif, module,
- "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
- tif->tif_curstrip);
---
-2.34.1
-
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
index ca4a3eff91..6171a538e5 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
@@ -8,24 +8,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
CVE_PRODUCT = "libtiff"
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
- file://CVE-2022-48281.patch \
- file://CVE-2023-2731.patch \
-"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
-SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
+SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
# exclude betas
UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
-# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
-# and 4.3.0 doesn't have the issue
-CVE_CHECK_IGNORE += "CVE-2015-7313"
-# These issues only affect libtiff post-4.3.0 but before 4.4.0,
-# caused by 3079627e and fixed by b4e79bfa.
-CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-# Issue is in jbig which we don't enable
-CVE_CHECK_IGNORE += "CVE-2022-1210"
+CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
inherit autotools multilib_header
diff --git a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch b/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
deleted file mode 100644
index d293ab93ab..0000000000
--- a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
-From: James Zern <jzern@google.com>
-Date: Wed, 22 Feb 2023 22:15:47 -0800
-Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
-
-This avoids a double free should the function fail prior to
-VP8BitWriterInit() and a previous trial result's buffer carried over.
-Previously in ApplyFiltersAndEncode() trial.bw (with a previous
-iteration's buffer) would be freed, followed by best.bw pointing to the
-same buffer.
-
-Since:
-187d379d add a fallback to ALPHA_NO_COMPRESSION
-
-In addition, check the return value of VP8BitWriterInit() in this
-function.
-
-Bug: webp:603
-Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
-
-CVE: CVE-2023-1999
-Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129]
-Signed-off-by: Nikhil R <nikhil.r@kpit.com>
----
- src/enc/alpha_enc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
-index f7c02690e3..7d205586fe 100644
---- a/src/enc/alpha_enc.c
-+++ b/src/enc/alpha_enc.c
-@@ -13,6 +13,7 @@
-
- #include <assert.h>
- #include <stdlib.h>
-+#include <string.h>
-
- #include "src/enc/vp8i_enc.h"
- #include "src/dsp/dsp.h"
-@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
- }
- } else {
- VP8LBitWriterWipeOut(&tmp_bw);
-+ memset(&result->bw, 0, sizeof(result->bw));
- return 0;
- }
- }
-@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
- header = method | (filter << 2);
- if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
-
-- VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
-+ if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
- ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
- ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);
diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
index 7ca67e44fb..b9e763b08e 100644
--- a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb
+++ b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
@@ -14,14 +14,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \
file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz"
-SRC_URI[sha256sum] = "64ac4614db292ae8c5aa26de0295bf1623dbb3985054cb656c55e67431def17c"
+SRC_URI[sha256sum] = "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66"
UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
-SRC_URI += " \
- file://CVE-2023-1999.patch \
-"
-
EXTRA_OECONF = " \
--disable-wic \
--enable-libwebpmux \
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
new file mode 100644
index 0000000000..bbe265059d
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
@@ -0,0 +1,28 @@
+From cd65e3d9256a4f6eb7906a9f10678c29a4ffef2f Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 26 Jun 2023 14:30:02 +0200
+Subject: [PATCH] Source/JavaScriptCore/CMakeLists.txt: ensure reproducibility
+ of __TIMESTAMP__
+
+__TIMESTAMP__ refers to mtime of the file that contains it, which is unstable
+and breaks binary reproducibility when the file is generated at build time. To ensure
+this does not happen, mtime should be set from the original file.
+
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/15293]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Source/JavaScriptCore/CMakeLists.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
+index 43dc22ff..c2e3b1cd 100644
+--- a/Source/JavaScriptCore/CMakeLists.txt
++++ b/Source/JavaScriptCore/CMakeLists.txt
+@@ -159,6 +159,7 @@ add_custom_command(
+ OUTPUT ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
+ MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in
+ COMMAND ${PERL_EXECUTABLE} -pe s/CACHED_TYPES_CKSUM/__TIMESTAMP__/ ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in > ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
++ COMMAND touch -r ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
+ VERBATIM
+ )
+
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
index 32f92f7ff5..34e0ff9af3 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -1,8 +1,8 @@
-From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From 647c93de99a0f71f478d76a4cc7714eba7ba1447 Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Thu, 2 Jun 2022 11:19:06 +0300
-Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
- path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+Subject: [PATCH] FELightningNEON.cpp fails to build, NEON fast path seems
+ unused https://bugs.webkit.org/show_bug.cgi?id=241182
Reviewed by NOBODY (OOPS!).
@@ -30,19 +30,21 @@ left for a follow-up fix.
* Source/WebCore/platform/graphics/filters/PointLightSource.h:
* Source/WebCore/platform/graphics/filters/SpotLightSource.h:
* Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
----
+
Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
+---
.../cpu/arm/filters/FELightingNEON.cpp | 4 +-
- .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +++++++++----------
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 52 +++++++++----------
.../graphics/filters/DistantLightSource.h | 4 ++
.../platform/graphics/filters/FELighting.h | 7 ---
.../graphics/filters/PointLightSource.h | 4 ++
.../graphics/filters/SpotLightSource.h | 4 ++
.../software/FELightingSoftwareApplier.h | 16 ++++++
- 7 files changed, 57 insertions(+), 36 deletions(-)
+ 7 files changed, 56 insertions(+), 35 deletions(-)
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+index f6ff8c20..42a97ffc 100644
--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
@@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
@@ -63,6 +65,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
{
// Calling a powf function from the assembly code would require to save
// and reload a lot of NEON registers. Since the base is in range [0..1]
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+index b17c603d..e4629cda 100644
--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
@@ -24,14 +24,15 @@
@@ -104,7 +108,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
0,
0,
0,
-@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeo
+@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
// Set light source arguments.
floatArguments.constOne = 1;
@@ -133,7 +137,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
floatArguments.lightX = spotLightSource.position().x();
floatArguments.lightY = spotLightSource.position().y();
floatArguments.lightZ = spotLightSource.position().z();
-@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeo
+@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
if (spotLightSource.specularExponent() == 1)
neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
} else {
@@ -142,7 +146,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
floatArguments.lightX = paintingData.initialLightingData.lightVector.x();
floatArguments.lightY = paintingData.initialLightingData.lightVector.y();
floatArguments.lightZ = paintingData.initialLightingData.lightVector.z();
-@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeo
+@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
// Set lighting arguments.
floatArguments.surfaceScale = data.surfaceScale;
floatArguments.minusSurfaceScaleDividedByFour = -data.surfaceScale / 4;
@@ -192,16 +196,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
}
parallelJobs.execute();
return;
-@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeo
+@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
} // namespace WebCore
#endif // CPU(ARM_NEON) && COMPILER(GCC_COMPATIBLE)
-
-#endif // FELightingNEON_h
+diff --git a/Source/WebCore/platform/graphics/filters/DistantLightSource.h b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
+index 70c6512f..b032c82e 100644
--- a/Source/WebCore/platform/graphics/filters/DistantLightSource.h
+++ b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
-@@ -25,6 +25,10 @@
- #include "LightSource.h"
+@@ -26,6 +26,10 @@
+ #include <wtf/ArgumentCoder.h>
#include <wtf/Ref.h>
+namespace WTF {
@@ -211,6 +217,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
namespace WebCore {
class DistantLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h
+index 53beb596..e78a9354 100644
--- a/Source/WebCore/platform/graphics/filters/FELighting.h
+++ b/Source/WebCore/platform/graphics/filters/FELighting.h
@@ -35,8 +35,6 @@
@@ -222,7 +230,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
class FELighting : public FilterEffect {
public:
const Color& lightingColor() const { return m_lightingColor; }
-@@ -67,11 +65,6 @@ protected:
+@@ -64,11 +62,6 @@ protected:
std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
@@ -234,6 +242,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
Color m_lightingColor;
float m_surfaceScale;
float m_diffuseConstant;
+diff --git a/Source/WebCore/platform/graphics/filters/PointLightSource.h b/Source/WebCore/platform/graphics/filters/PointLightSource.h
+index 3a5723f0..675d63f5 100644
--- a/Source/WebCore/platform/graphics/filters/PointLightSource.h
+++ b/Source/WebCore/platform/graphics/filters/PointLightSource.h
@@ -26,6 +26,10 @@
@@ -247,6 +257,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
namespace WebCore {
class PointLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/SpotLightSource.h b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
+index 684626f7..dea58389 100644
--- a/Source/WebCore/platform/graphics/filters/SpotLightSource.h
+++ b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
@@ -26,6 +26,10 @@
@@ -260,6 +272,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
namespace WebCore {
class SpotLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
+index c974d921..e2896660 100644
--- a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
+++ b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
@@ -36,6 +36,7 @@
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
new file mode 100644
index 0000000000..79da855ff4
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
@@ -0,0 +1,41 @@
+From 4977290ab4ab35258a6da9b13795c9b0f7894bf4 Mon Sep 17 00:00:00 2001
+From: Diego Pino Garcia <dpino@igalia.com>
+Date: Mon, 22 May 2023 19:58:50 -0700
+Subject: [PATCH] [GLIB] Fix build error after 264196@main
+ https://bugs.webkit.org/show_bug.cgi?id=256917
+
+Reviewed by Michael Catanzaro.
+
+Variable BWRAP_EXECUTABLE is only defined when BUBBLEWRAP_SANDBOX is
+enabled.
+
+* Source/WTF/wtf/glib/Sandbox.cpp:
+(WTF::isInsideUnsupportedContainer):
+
+Canonical link: https://commits.webkit.org/264395@main
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/4977290ab4ab35258a6da9b13795c9b0f7894bf4]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Source/WTF/wtf/glib/Sandbox.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Source/WTF/wtf/glib/Sandbox.cpp b/Source/WTF/wtf/glib/Sandbox.cpp
+index 7d84e830ab33e..9b07bb8cb5a9b 100644
+--- a/Source/WTF/wtf/glib/Sandbox.cpp
++++ b/Source/WTF/wtf/glib/Sandbox.cpp
+@@ -36,6 +36,7 @@ bool isInsideFlatpak()
+ return returnValue;
+ }
+
++#if ENABLE(BUBBLEWRAP_SANDBOX)
+ bool isInsideUnsupportedContainer()
+ {
+ static bool inContainer = g_file_test("/run/.containerenv", G_FILE_TEST_EXISTS);
+@@ -64,6 +65,7 @@ bool isInsideUnsupportedContainer()
+
+ return inContainer && !supportedContainer;
+ }
++#endif
+
+ bool isInsideSnap()
+ {
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch b/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch
deleted file mode 100644
index 762de40995..0000000000
--- a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 93920b55f52ff8b883296f4845269e2ed746acb3 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@redhat.com>
-Date: Fri, 31 Mar 2023 12:24:09 -0700
-Subject: [PATCH] Fix build of SourceBrush.cpp
- https://bugs.webkit.org/show_bug.cgi?id=254821
-
-Unreviewed build fix.
-
-* Source/WebCore/platform/graphics/SourceBrush.cpp:
-(WebCore::SourceBrush::setGradient):
-(WebCore::SourceBrush::setPattern):
-
-Canonical link: https://commits.webkit.org/262434@main
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/93920b55f52ff8b883296f4845269e2ed746acb3]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Source/WebCore/platform/graphics/SourceBrush.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/Source/WebCore/platform/graphics/SourceBrush.cpp
-+++ b/Source/WebCore/platform/graphics/SourceBrush.cpp
-@@ -65,12 +65,12 @@ Pattern* SourceBrush::pattern() const
-
- void SourceBrush::setGradient(Ref<Gradient>&& gradient, const AffineTransform& spaceTransform)
- {
-- m_brush = { Brush::LogicalGradient { WTFMove(gradient), spaceTransform } };
-+ m_brush = Brush { Brush::LogicalGradient { { WTFMove(gradient) }, spaceTransform } };
- }
-
- void SourceBrush::setPattern(Ref<Pattern>&& pattern)
- {
-- m_brush = { WTFMove(pattern) };
-+ m_brush = Brush { WTFMove(pattern) };
- }
-
- WTF::TextStream& operator<<(TextStream& ts, const SourceBrush& brush)
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch
new file mode 100644
index 0000000000..ae99810ced
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch
@@ -0,0 +1,33 @@
+Add additional check on GST_GL_HAVE_PLATFORM_GLX before using gst_gl_display_x11_new_with_display
+
+This ensures that there is a compile time check for glx support in gstreamer as
+runtime check is not enough because gst_gl_display_x11_new_with_display() API comes from
+gst/gl/x11/gstgldisplay_x11.h which is only included when GST_GL_HAVE_PLATFORM_GLX is defined
+therefore make this check consistent to fix build with some platforms which use pvr gl drivers
+where this problem appear at compile time.
+
+
+/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/webkitgtk/2.40.2-r0/webkitgtk-2.40.2/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp:68:31: error: use of undeclared identifier 'gst_gl_display_x11_new_with_display'; did you mean 'gst_gl_display_egl_new_with_egl_display'?
+ 68 | return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native()));
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | gst_gl_display_egl_new_with_egl_display
+
+This issue is 2.40 specific since GLX support is removed [1] from trunk upstream, therefore
+this patch wont be needed when upgrading to 2.42+
+
+[1] https://github.com/WebKit/WebKit/commit/320560f9e53ddcd53954059bd005e0c75eb91abf
+
+Upstream-Status: Inappropriate [GLX support is gone in 2.41+]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp 2023-02-20 01:22:18.917743700 -0800
++++ b/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp 2023-07-08 08:45:09.739177065 -0700
+@@ -63,7 +63,7 @@
+ if (glPlatform == GST_GL_PLATFORM_EGL)
+ return GST_GL_DISPLAY(gst_gl_display_egl_new_with_egl_display(sharedDisplay.eglDisplay()));
+ #endif
+-#if USE(GLX)
++#if USE(GLX) && GST_GL_HAVE_PLATFORM_GLX
+ if (is<PlatformDisplayX11>(sharedDisplay) && glPlatform == GST_GL_PLATFORM_GLX)
+ return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native()));
+ #endif
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch b/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
deleted file mode 100644
index 1ff9dcea7e..0000000000
--- a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From d318bb461f040b90453bc4e100dcf967243ecd98 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@redhat.com>
-Date: Mon, 16 Jan 2023 16:55:26 -0800
-Subject: [PATCH] WebKitGTK 2.39.4 does not build due to missing #include in
- ANGLE https://bugs.webkit.org/show_bug.cgi?id=250689
-
-Unreviewed build fix.
-
-* Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h:
-
-Canonical link: https://commits.webkit.org/258968@main
-
-Upstream-Status: Backport [https://bugs.webkit.org/show_bug.cgi?id=250689]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-index 94cb93e01fc0..ec7bda372f30 100644
---- a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-+++ b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-@@ -12,6 +12,7 @@
-
- #include <algorithm>
- #include <array>
-+#include <cstdint>
- #include <string>
- #include <vector>
-
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb
index f7fa6dfb98..8bef0b1605 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb
@@ -13,10 +13,11 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
file://reproducibility.patch \
file://0d3344e17d258106617b0e6d783d073b188a2548.patch \
- file://d318bb461f040b90453bc4e100dcf967243ecd98.patch \
- file://93920b55f52ff8b883296f4845269e2ed746acb3.patch \
+ file://4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch \
+ file://0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch \
+ file://check-GST_GL_HAVE_PLATFORM_GLX.patch \
"
-SRC_URI[sha256sum] = "40c20c43022274df5893f22b1054fa894c3eea057389bb08aee08c5b0bb0c1a7"
+SRC_URI[sha256sum] = "96898870d994da406ee7a632816dcde9a3bb395ee5f344fcb3f3b8cc8a77e000"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
@@ -28,6 +29,7 @@ CVE_PRODUCT = "webkitgtk webkitgtk\+"
DEPENDS += " \
ruby-native \
gperf-native \
+ unifdef-native \
cairo \
harfbuzz \
jpeg \
@@ -72,6 +74,8 @@ PACKAGECONFIG[lcms] = "-DUSE_LCMS=ON,-DUSE_LCMS=OFF,lcms"
PACKAGECONFIG[soup2] = "-DUSE_SOUP2=ON,-DUSE_SOUP2=OFF,libsoup-2.4,,,soup3"
PACKAGECONFIG[soup3] = ",,libsoup,,,soup2"
PACKAGECONFIG[journald] = "-DENABLE_JOURNALD_LOG=ON,-DENABLE_JOURNALD_LOG=OFF,systemd"
+PACKAGECONFIG[avif] = "-DUSE_AVIF_LOG=ON,-DUSE_AVIF=OFF,libavif"
+PACKAGECONFIG[media-recorder] = "-DENABLE_MEDIA_RECORDER=ON,-DENABLE_MEDIA_RECORDER=OFF,gstreamer1.0-plugins-bad"
EXTRA_OECMAKE = " \
-DPORT=GTK \
@@ -106,7 +110,7 @@ EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF "
# JIT and gold linker does not work on RISCV
EXTRA_OECMAKE:append:riscv32 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF"
-EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF"
+EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF"
# JIT not supported on MIPS either
EXTRA_OECMAKE:append:mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON "
@@ -137,6 +141,9 @@ ARM_INSTRUCTION_SET:armv7a = "thumb"
ARM_INSTRUCTION_SET:armv7r = "thumb"
ARM_INSTRUCTION_SET:armv7ve = "thumb"
+# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86
+COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}"
+
# introspection inside qemu-arm hangs forever on musl/arm builds
# therefore disable GI_DATA
GI_DATA_ENABLED:libc-musl:armv7a = "False"
@@ -152,8 +159,8 @@ src_package_preprocess () {
${B}/JavaScriptCore/DerivedSources/*.h \
${B}/JavaScriptCore/DerivedSources/yarr/*.h \
${B}/JavaScriptCore/PrivateHeaders/JavaScriptCore/*.h \
- ${B}/WebKit2Gtk/DerivedSources/webkit2/*.cpp \
- ${B}/WebKit2Gtk/DerivedSources/webkit2/*.h
+ ${B}/WebCore/DerivedSources/*.cpp \
+ ${B}/WebKitGTK/DerivedSources/webkit/*.cpp
}
diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb
index 7d705c6ff4..fb17d2d24f 100644
--- a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb
+++ b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb
@@ -6,12 +6,12 @@ HOMEPAGE = "https://packages.debian.org/sid/debianutils"
BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debianutils;dist=unstable"
SECTION = "base"
LICENSE = "GPL-2.0-only & SMAIL_GPL"
-LIC_FILES_CHKSUM = "file://debian/copyright;md5=9b912cd0cc654134c0ef3424a0705b94"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=74765f57ae5dd2b10ffbc39528d98753"
SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
"
-SRCREV = "de14223e5bffe15e374a441302c528ffc1cbed57"
+SRCREV = "69116b856177ceb270908103b5776f897d2863c3"
inherit autotools update-alternatives
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb
index 4b0d518edc..c17bd81f5b 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb
@@ -12,9 +12,22 @@ PYPI_PACKAGE = "diffoscope"
inherit pypi setuptools3
-SRC_URI[sha256sum] = "d858c591d2c8d42b2b29eb6d229408607b1cd8a4e7ade72d0cd002db6d1c2a6e"
+SRC_URI[sha256sum] = "8bee8bbb144cdb7ddfa21886d5ce1822220139241c9a53def09b4adc3340db93"
-RDEPENDS:${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic python3-rpm"
+RDEPENDS:${PN} += "\
+ binutils \
+ python3-curses \
+ python3-difflib \
+ python3-fcntl \
+ python3-json \
+ python3-libarchive-c \
+ python3-magic \
+ python3-multiprocessing \
+ python3-pprint \
+ python3-rpm \
+ squashfs-tools \
+ vim \
+ "
# Dependencies don't build for musl
COMPATIBLE_HOST:libc-musl = 'null'
diff --git a/poky/meta/recipes-support/icu/icu_72-1.bb b/poky/meta/recipes-support/icu/icu_73-2.bb
index c2eae5298f..7c59f8bb89 100644
--- a/poky/meta/recipes-support/icu/icu_72-1.bb
+++ b/poky/meta/recipes-support/icu/icu_73-2.bb
@@ -78,7 +78,7 @@ FILES:libicuio = "${libdir}/libicuio.so.*"
BBCLASSEXTEND = "native nativesdk"
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=a89d03060ff9c46552434dbd1fe3ed1f"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=80c2cf39ad8ae12b9b9482a1737c6650"
def icu_download_version(d):
pvsplit = d.getVar('PV').split('-')
@@ -111,8 +111,8 @@ SRC_URI = "${BASE_SRC_URI};name=code \
SRC_URI:append:class-target = "\
file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
"
-SRC_URI[code.sha256sum] = "a2d2d38217092a7ed56635e34467f92f976b370e20182ad325edea6681a71d68"
-SRC_URI[data.sha256sum] = "ee19f876507d6c23d9e0a2b631096f6b0eaa6fa61728c33a89efdb55e3385dea"
+SRC_URI[code.sha256sum] = "818a80712ed3caacd9b652305e01afc7fa167e6f2e94996da44b90c2ab604ce1"
+SRC_URI[data.sha256sum] = "ca1ee076163b438461e484421a7679fc33a64cd0a54f9d4b401893fa1eb42701"
UPSTREAM_CHECK_REGEX = "releases/tag/release-(?P<pver>(?!.+rc).+)"
GITHUB_BASE_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb
index 2bab3ac955..7e899e7399 100644
--- a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb
+++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \
file://libassuan-add-pkgconfig-support.patch \
"
-SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4"
+SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426"
BINCONFIG = "${bindir}/libassuan-config"
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
index 58f07a116d..524b06ca22 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
@@ -29,8 +29,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
"
SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03"
-# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
-CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438"
+CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
+CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
BINCONFIG = "${bindir}/libgcrypt-config"
diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb
index dc39693be4..f9636f9433 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb
@@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
+SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b"
do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb
index b93dc2d78d..dc588a0f95 100644
--- a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb
+++ b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=0436d4fb62a71f661d6e8b7812f9e1df"
SRC_URI = "https://archive.hadrons.org/software/libmd/libmd-${PV}.tar.xz"
-SRC_URI[sha256sum] = "f51c921042e34beddeded4b75557656559cf5b1f2448033b4c1eec11c07e530f"
+SRC_URI[sha256sum] = "1bd6aa42275313af3141c7cf2e5b964e8b1fd488025caf2f971f43b00776b332"
inherit autotools
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb
deleted file mode 100644
index 01ba2a6fe9..0000000000
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Library providing automatic proxy configuration management"
-DESCRIPTION = "libproxy provides interfaces to get the proxy that will be \
-used to access network resources. It uses various plugins to get proxy \
-configuration via different mechanisms (e.g. environment variables or \
-desktop settings)."
-HOMEPAGE = "https://github.com/libproxy/libproxy"
-BUGTRACKER = "https://github.com/libproxy/libproxy/issues"
-SECTION = "libs"
-LICENSE = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
- file://utils/proxy.c;beginline=1;endline=18;md5=55152a1006d7dafbef32baf9c30a99c0"
-
-DEPENDS = "glib-2.0"
-
-SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "69b5856e9ea42c38ac77e6b8c92ffc86a71d341fef74e77bef85f9cc6c47a4b1"
-
-inherit cmake pkgconfig github-releases
-
-PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)} gnome3"
-PACKAGECONFIG[gnome] = "-DWITH_GNOME=yes,-DWITH_GNOME=no,gconf"
-PACKAGECONFIG[gnome3] = "-DWITH_GNOME3=yes,-DWITH_GNOME3=no"
-
-EXTRA_OECMAKE += " \
- -DWITH_KDE=no \
- -DWITH_MOZJS=no \
- -DWITH_NM=no \
- -DWITH_PERL=no \
- -DWITH_PYTHON2=no \
- -DWITH_PYTHON3=no \
- -DWITH_WEBKIT=no \
- -DWITH_SYSCONFIG=no \
- -DLIB_INSTALL_DIR=${libdir} \
- -DLIBEXEC_INSTALL_DIR=${libexecdir} \
-"
-SECURITY_PIE_CFLAGS:remove = "-fPIE -pie"
-
-FILES:${PN} += "${libdir}/${BPN}/${PV}/modules"
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb
new file mode 100644
index 0000000000..db88af093e
--- /dev/null
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb
@@ -0,0 +1,28 @@
+SUMMARY = "Library providing automatic proxy configuration management"
+DESCRIPTION = "libproxy provides interfaces to get the proxy that will be \
+used to access network resources. It uses various plugins to get proxy \
+configuration via different mechanisms (e.g. environment variables or \
+desktop settings)."
+HOMEPAGE = "https://github.com/libproxy/libproxy"
+BUGTRACKER = "https://github.com/libproxy/libproxy/issues"
+SECTION = "libs"
+LICENSE = "LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
+ file://src/libproxy/proxy.c;beginline=1;endline=20;md5=bb9a177ef1c995311070f34c5638a402 \
+ "
+
+DEPENDS = "glib-2.0"
+
+SRC_URI = "git://github.com/libproxy/libproxy;protocol=https;branch=main"
+SRCREV = "29d51a611f28af0bdbd51a5779cc8df264c8dcff"
+S = "${WORKDIR}/git"
+
+inherit meson pkgconfig gobject-introspection vala gi-docgen
+GIDOCGEN_MESON_OPTION = 'docs'
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[curl] = "-Dcurl=true,-Dcurl=false,curl"
+PACKAGECONFIG[config-gnome] = "-Dconfig-gnome=true,-Dconfig-gnome=false,gsettings-desktop-schemas"
+PACKAGECONFIG[pacrunner-duktape] = "-Dpacrunner-duktape=true,-Dpacrunner-duktape=false,duktape"
+
+FILES:${PN} += "${libdir}/${BPN}/${PV}/modules"
diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
deleted file mode 100644
index ee916c42d4..0000000000
--- a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
-so we need to re-enable them as a workaround for the test
-suite until upstream updates the tests.
-
-See: https://github.com/libssh2/libssh2/issues/630
-
-Upstream-Status: Backport [alternative fixes merged upstream]
-
-Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5
-
---- a/tests/ssh2.sh
-+++ b/tests/ssh2.sh
-@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
- -o 'Port 4711' \
- -o 'Protocol 2' \
- -o "AuthorizedKeysFile $srcdir/etc/user.pub" \
-- -o 'UsePrivilegeSeparation no' \
-+ -o 'HostKeyAlgorithms +ssh-rsa' \
-+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
- -o 'StrictModes no' \
- -D \
- $libssh2_sshd_params &
-
diff --git a/poky/meta/recipes-support/libssh2/libssh2/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
index 5e7426f79d..0f5526e316 100644
--- a/poky/meta/recipes-support/libssh2/libssh2/run-ptest
+++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
@@ -2,7 +2,7 @@
ptestdir=$(dirname "$(readlink -f "$0")")
cd tests
-for test in simple mansyntax.sh ssh2.sh
+for test in mansyntax.sh test_simple test_sshd.test
do
./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test
done
diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
index d5513373b0..edc25db1b1 100644
--- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
@@ -5,21 +5,22 @@ SECTION = "libs"
DEPENDS = "zlib"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
+LIC_FILES_CHKSUM = "file://COPYING;md5=24a33237426720395ebb1dd1349ca225"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
- file://fix-ssh2-test.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
+SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461"
inherit autotools pkgconfig ptest
EXTRA_OECONF += "\
--with-libz \
--with-libz-prefix=${STAGING_LIBDIR} \
+ --disable-rpath \
"
+DISABLE_STATIC = ""
# only one of openssl and gcrypt could be set
PACKAGECONFIG ??= "openssl"
@@ -29,7 +30,7 @@ PACKAGECONFIG[gcrypt] = "--with-crypto=libgcrypt --with-libgcrypt-prefix=${STAGI
BBCLASSEXTEND = "native nativesdk"
# required for ptest on documentation
-RDEPENDS:${PN}-ptest = "man-db openssh util-linux-col"
+RDEPENDS:${PN}-ptest = "bash man-db openssh util-linux-col"
RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us"
do_compile_ptest() {
@@ -41,9 +42,11 @@ do_install_ptest() {
install -d ${D}${PTEST_PATH}/tests
install -m 0755 ${S}/test-driver ${D}${PTEST_PATH}/
cp -rf ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests/
+ cp -rf ${B}/tests/test_simple ${D}${PTEST_PATH}/tests/
cp -rf ${S}/tests/mansyntax.sh ${D}${PTEST_PATH}/tests/
- cp -rf ${S}/tests/ssh2.sh ${D}${PTEST_PATH}/tests/
- cp -rf ${S}/tests/etc ${D}${PTEST_PATH}/tests/
+ cp -rf ${S}/tests/key* ${D}${PTEST_PATH}/tests/
+ cp -rf ${S}/tests/openssh_server/ ${D}${PTEST_PATH}/tests/
+ cp -rf ${S}/tests/*.test ${D}${PTEST_PATH}/tests/
mkdir -p ${D}${PTEST_PATH}/docs
cp -r ${S}/docs/* ${D}${PTEST_PATH}/docs/
}
diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
index bf35a94b7f..ed5b15badd 100644
--- a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
+++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
@@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e
UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
-# We have libxml2 2.9.14 and we don't link statically with it anyway
-# so this isn't an issue.
-CVE_CHECK_IGNORE += "CVE-2022-29824"
+CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled."
S = "${WORKDIR}/libxslt-${PV}"
diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
index d2a25fd5b0..51a854d44a 100644
--- a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
+++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -21,8 +21,7 @@ S = "${WORKDIR}/git"
inherit ptest
-# Fixed in r118, which is larger than the current version.
-CVE_CHECK_IGNORE += "CVE-2014-4715"
+CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version."
EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
diff --git a/poky/meta/recipes-support/nettle/nettle_3.9.bb b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb
index 7a5bdb2a03..6bb76a6217 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.9.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
file://check-header-files-of-openssl-only-if-enable_.patch \
"
-SRC_URI[sha256sum] = "0ee7adf5a7201610bb7fe0acbb7c9b3be83be44904dd35ebbcd965cd896bfeaa"
+SRC_URI[sha256sum] = "ccfeff981b0ca71bbd6fbcb054f407c60ffb644389a5be80d6716d5b550c6ce3"
UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
index 88d5f31083..1be9a348ae 100644
--- a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb
+++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
@@ -8,7 +8,7 @@ SRC_URI = "\
${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \
file://0001-fetch-ocsp-response-use-python3.patch \
"
-SRC_URI[sha256sum] = "b867184254e5a29b0ba68413aa14f8b0ce1142a371761374598dec092dabb809"
+SRC_URI[sha256sum] = "19490b7c8c2ded1cf7c3e3a54ef4304e3a7876ae2d950d60a81d0dc6053be419"
inherit cmake manpages python3native github-releases
PACKAGECONFIG[manpages] = ""
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb
index 72b446204a..ad207d0c9f 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb
@@ -11,7 +11,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi"
DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https"
-SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0"
+SRCREV = "a8cce8bd8065bbf80bd47219f85f0cd9cf27dd0c"
S = "${WORKDIR}/git"
PACKAGECONFIG ??= ""
diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index 9a9b8ec260..60918a3892 100644
--- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
+++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/"
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
-SRCREV = "a6c7dcda520402adb62a31b8b1c7686c5b8a4875"
+SRCREV = "4148e75284e443fc8ffaef425c467aa5523528ff"
PV .= "+git${SRCPV}"
SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
deleted file mode 100644
index b09e8e7f55..0000000000
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require sqlite3.inc
-
-LICENSE = "PD"
-LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-
-SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499"
-
-# -19242 is only an issue in specific development branch commits
-CVE_CHECK_IGNORE += "CVE-2019-19242"
-# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
-CVE_CHECK_IGNORE += "CVE-2015-3717"
-# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
-CVE_CHECK_IGNORE += "CVE-2021-36690"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
new file mode 100644
index 0000000000..8783f620f4
--- /dev/null
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
@@ -0,0 +1,8 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
+
diff --git a/poky/meta/recipes-support/taglib/taglib_1.13.bb b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb
index 6560bc3660..3f0a759f95 100644
--- a/poky/meta/recipes-support/taglib/taglib_1.13.bb
+++ b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb
@@ -11,7 +11,7 @@ DEPENDS = "zlib"
SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz"
-SRC_URI[sha256sum] = "58f08b4db3dc31ed152c04896ee9172d22052bc7ef12888028c01d8b1d60ade0"
+SRC_URI[sha256sum] = "c8da2b10f1bfec2cd7dbfcd33f4a2338db0765d851a50583d410bacf055cfd0b"
UPSTREAM_CHECK_URI = "https://taglib.org/"
diff --git a/poky/meta/recipes-support/vte/vte_0.72.1.bb b/poky/meta/recipes-support/vte/vte_0.72.2.bb
index b9ff3183c8..4249b75ac0 100644
--- a/poky/meta/recipes-support/vte/vte_0.72.1.bb
+++ b/poky/meta/recipes-support/vte/vte_0.72.2.bb
@@ -21,7 +21,7 @@ inherit gnomebase gi-docgen features_check upstream-version-is-even gobject-intr
# vapigen.m4 is required when vala is not present (but the one from vala should be used normally)
SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
-SRC_URI[archive.sha256sum] = "0554f9f88d56ce2d78398fcc7f69bc00e53bbbc5f694e0ae1dcaf5286f89d7e4"
+SRC_URI[archive.sha256sum] = "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
diff --git a/poky/scripts/lib/recipetool/create.py b/poky/scripts/lib/recipetool/create.py
index 824ac6350d..e99e0714bf 100644
--- a/poky/scripts/lib/recipetool/create.py
+++ b/poky/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@ def create_recipe(args):
for handler in handlers:
handler.process(srctree_use, classes, lines_before, lines_after, handled, extravalues)
+ # native and nativesdk classes are special and must be inherited last
+ # If present, put them at the end of the classes list
+ classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
extrafiles = extravalues.pop('extrafiles', {})
extra_pn = extravalues.pop('PN', None)
extra_pv = extravalues.pop('PV', None)
diff --git a/poky/scripts/lib/recipetool/create_npm.py b/poky/scripts/lib/recipetool/create_npm.py
index 3394a89970..113a89f6a6 100644
--- a/poky/scripts/lib/recipetool/create_npm.py
+++ b/poky/scripts/lib/recipetool/create_npm.py
@@ -13,6 +13,7 @@ import sys
import tempfile
import bb
from bb.fetch2.npm import NpmEnvironment
+from bb.fetch2.npm import npm_package
from bb.fetch2.npmsw import foreach_dependencies
from recipetool.create import RecipeHandler
from recipetool.create import get_license_md5sums
@@ -31,15 +32,6 @@ class NpmRecipeHandler(RecipeHandler):
"""Class to handle the npm recipe creation"""
@staticmethod
- def _npm_name(name):
- """Generate a Yocto friendly npm name"""
- name = re.sub("/", "-", name)
- name = name.lower()
- name = re.sub(r"[^\-a-z0-9]", "", name)
- name = name.strip("-")
- return name
-
- @staticmethod
def _get_registry(lines):
"""Get the registry value from the 'npm://registry' url"""
registry = None
@@ -142,11 +134,10 @@ class NpmRecipeHandler(RecipeHandler):
licfiles.append(os.path.relpath(readme, srctree))
# Handle the dependencies
- def _handle_dependency(name, params, deptree):
- suffix = "-".join([self._npm_name(dep) for dep in deptree])
- destdirs = [os.path.join("node_modules", dep) for dep in deptree]
- destdir = os.path.join(*destdirs)
- packages["${PN}-" + suffix] = destdir
+ def _handle_dependency(name, params, destdir):
+ deptree = destdir.split('node_modules/')
+ suffix = "-".join([npm_package(dep) for dep in deptree])
+ packages["${PN}" + suffix] = destdir
_licfiles_append_fallback_readme_files(destdir)
with open(shrinkwrap_file, "r") as f:
@@ -155,6 +146,23 @@ class NpmRecipeHandler(RecipeHandler):
foreach_dependencies(shrinkwrap, _handle_dependency, dev)
return licfiles, packages
+
+ # Handle the peer dependencies
+ def _handle_peer_dependency(self, shrinkwrap_file):
+ """Check if package has peer dependencies and show warning if it is the case"""
+ with open(shrinkwrap_file, "r") as f:
+ shrinkwrap = json.load(f)
+
+ packages = shrinkwrap.get("packages", {})
+ peer_deps = packages.get("", {}).get("peerDependencies", {})
+
+ for peer_dep in peer_deps:
+ peer_dep_yocto_name = npm_package(peer_dep)
+ bb.warn(peer_dep + " is a peer dependencie of the actual package. " +
+ "Please add this peer dependencie to the RDEPENDS variable as %s and generate its recipe with devtool"
+ % peer_dep_yocto_name)
+
+
def process(self, srctree, classes, lines_before, lines_after, handled, extravalues):
"""Handle the npm recipe creation"""
@@ -173,7 +181,7 @@ class NpmRecipeHandler(RecipeHandler):
if "name" not in data or "version" not in data:
return False
- extravalues["PN"] = self._npm_name(data["name"])
+ extravalues["PN"] = npm_package(data["name"])
extravalues["PV"] = data["version"]
if "description" in data:
@@ -242,7 +250,7 @@ class NpmRecipeHandler(RecipeHandler):
value = origvalue.replace("version=" + data["version"], "version=${PV}")
value = value.replace("version=latest", "version=${PV}")
values = [line.strip() for line in value.strip('\n').splitlines()]
- if "dependencies" in shrinkwrap:
+ if "dependencies" in shrinkwrap.get("packages", {}).get("", {}):
values.append(url_recipe)
return values, None, 4, False
@@ -292,6 +300,9 @@ class NpmRecipeHandler(RecipeHandler):
classes.append("npm")
handled.append("buildsystem")
+ # Check if package has peer dependencies and inform the user
+ self._handle_peer_dependency(shrinkwrap_file)
+
return True
def register_recipe_handlers(handlers):
diff --git a/poky/scripts/lib/resulttool/resultutils.py b/poky/scripts/lib/resulttool/resultutils.py
index 7666331ba2..c5521d81bd 100644
--- a/poky/scripts/lib/resulttool/resultutils.py
+++ b/poky/scripts/lib/resulttool/resultutils.py
@@ -58,7 +58,11 @@ def append_resultsdata(results, f, configmap=store_map, configvars=extra_configv
testseries = posixpath.basename(posixpath.dirname(url.path))
else:
with open(f, "r") as filedata:
- data = json.load(filedata)
+ try:
+ data = json.load(filedata)
+ except json.decoder.JSONDecodeError:
+ print("Cannot decode {}. Possible corruption. Skipping.".format(f))
+ data = ""
testseries = os.path.basename(os.path.dirname(f))
else:
data = f
diff --git a/poky/scripts/oe-setup-builddir b/poky/scripts/oe-setup-builddir
index 89ae30f609..678aeac4be 100755
--- a/poky/scripts/oe-setup-builddir
+++ b/poky/scripts/oe-setup-builddir
@@ -98,9 +98,17 @@ EOM
SHOWYPDOC=yes
fi
+if [ -z "$OECORENOTESCONF" ]; then
+ OECORENOTESCONF="$OEROOT/meta/conf/templates/default/conf-notes.txt"
+fi
+if [ ! -r "$BUILDDIR/conf/conf-notes.txt" ]; then
+ [ ! -r "$OECORENOTESCONF" ] || cp "$OECORENOTESCONF" "$BUILDDIR/conf/conf-notes.txt"
+fi
+
# Prevent disturbing a new GIT clone in same console
unset OECORELOCALCONF
unset OECORELAYERCONF
+unset OECORENOTESCONF
# Ending the first-time run message. Show the YP Documentation banner.
if [ -n "$SHOWYPDOC" ]; then
@@ -116,11 +124,7 @@ EOM
# unset SHOWYPDOC
fi
-if [ -z "$OECORENOTESCONF" ]; then
- OECORENOTESCONF="$OEROOT/meta/conf/templates/default/conf-notes.txt"
-fi
-[ ! -r "$OECORENOTESCONF" ] || cat "$OECORENOTESCONF"
-unset OECORENOTESCONF
+[ ! -r "$BUILDDIR/conf/conf-notes.txt" ] || cat "$BUILDDIR/conf/conf-notes.txt"
if [ ! -f "$BUILDDIR/conf/templateconf.cfg" ]; then
echo "$ORG_TEMPLATECONF" >"$BUILDDIR/conf/templateconf.cfg"
diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
index e71fe09ea6..3d1ff695c1 100644
--- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py
+++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
@@ -620,8 +620,8 @@ def render_charts(ctx, options, clip, trace, curr_y, w, h, sec_w):
return curr_y
-def render_processes_chart(ctx, options, trace, curr_y, w, h, sec_w):
- chart_rect = [off_x, curr_y+header_h, w, h - curr_y - 1 * off_y - header_h ]
+def render_processes_chart(ctx, options, trace, curr_y, width, h, sec_w):
+ chart_rect = [off_x, curr_y+header_h, width, h - curr_y - 1 * off_y - header_h ]
draw_legend_box (ctx, "Configure", \
TASK_COLOR_CONFIGURE, off_x , curr_y + 45, leg_s)
@@ -646,8 +646,9 @@ def render_processes_chart(ctx, options, trace, curr_y, w, h, sec_w):
offset = trace.min or min(trace.start.keys())
for start in sorted(trace.start.keys()):
for process in sorted(trace.start[start]):
+ elapsed_time = trace.processes[process][1] - start
if not options.app_options.show_all and \
- trace.processes[process][1] - start < options.app_options.mintime:
+ elapsed_time < options.app_options.mintime:
continue
task = process.split(":")[1]
@@ -656,7 +657,7 @@ def render_processes_chart(ctx, options, trace, curr_y, w, h, sec_w):
#print(s)
x = chart_rect[0] + (start - offset) * sec_w
- w = ((trace.processes[process][1] - start) * sec_w)
+ w = elapsed_time * sec_w
#print("proc at %s %s %s %s" % (x, y, w, proc_h))
col = None
@@ -681,11 +682,9 @@ def render_processes_chart(ctx, options, trace, curr_y, w, h, sec_w):
draw_fill_rect(ctx, col, (x, y, w, proc_h))
draw_rect(ctx, PROC_BORDER_COLOR, (x, y, w, proc_h))
- draw_label_in_box(ctx, PROC_TEXT_COLOR, process, x, y + proc_h - 4, w, proc_h)
-
# Show elapsed time for each task
- elapsed_time = f"{trace.processes[process][1] - start}s"
- draw_text(ctx, elapsed_time, PROC_TEXT_COLOR, x + w + 4, y + proc_h - 4)
+ process = "%ds %s" % (elapsed_time, process)
+ draw_label_in_box(ctx, PROC_TEXT_COLOR, process, x, y + proc_h - 4, w, width)
y = y + proc_h
diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu
index e1aa5a925c..5e6793d44e 100755
--- a/poky/scripts/runqemu
+++ b/poky/scripts/runqemu
@@ -648,10 +648,10 @@ to your build configuration.
elif fsflag == 'kernel-in-fs':
wic_fs = False
else:
- logger.warn('Unknown flag "%s:%s" in QB_FSINFO', fstype, fsflag)
+ logger.warning('Unknown flag "%s:%s" in QB_FSINFO', fstype, fsflag)
continue
else:
- logger.warn('QB_FSINFO is not supported for image type "%s"', fstype)
+ logger.warning('QB_FSINFO is not supported for image type "%s"', fstype)
continue
if fstype in self.fsinfo:
@@ -1186,7 +1186,7 @@ to your build configuration.
gid = os.getgid()
uid = os.getuid()
logger.info("Setting up tap interface under sudo")
- cmd = ('sudo', self.qemuifup, str(uid), str(gid))
+ cmd = ('sudo', self.qemuifup, str(gid))
try:
tap = subprocess.check_output(cmd).decode('utf-8').strip()
except subprocess.CalledProcessError as e:
@@ -1597,7 +1597,7 @@ to your build configuration.
uptime_seconds = f.readline().split()[0]
logger.info('Host uptime: %s\n' % uptime_seconds)
if self.cleantap:
- cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native)
+ cmd = ('sudo', self.qemuifdown, self.tap)
logger.debug('Running %s' % str(cmd))
subprocess.check_call(cmd)
self.release_taplock()
diff --git a/poky/scripts/runqemu-ifdown b/poky/scripts/runqemu-ifdown
index 78be28812d..822a2a39b9 100755
--- a/poky/scripts/runqemu-ifdown
+++ b/poky/scripts/runqemu-ifdown
@@ -16,7 +16,7 @@
#
usage() {
- echo "sudo $(basename $0) <tap-dev> <native-sysroot-basedir>"
+ echo "sudo $(basename $0) <tap-dev>"
}
if [ $EUID -ne 0 ]; then
@@ -24,15 +24,19 @@ if [ $EUID -ne 0 ]; then
exit 1
fi
-if [ $# -ne 2 ]; then
+if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage
exit 1
fi
+# backward compatibility
+if [ $# -eq 2 ] ; then
+ echo "Warning: native-sysroot-basedir parameter is ignored. It is no longer needed." >&2
+fi
+
TAP=$1
-STAGING_BINDIR_NATIVE=$2
-if !ip tuntap del $TAP mode tap 2>/dev/null; then
+if ! ip tuntap del $TAP mode tap 2>/dev/null; then
echo "Error: Unable to run up tuntap del"
exit 1
fi
@@ -56,8 +60,13 @@ if [ ! -x "$IPTABLES" ]; then
echo "$IPTABLES cannot be executed"
exit 1
fi
-n=$[ (`echo $TAP | sed 's/tap//'` * 2) + 1 ]
-dest=$[ (`echo $TAP | sed 's/tap//'` * 2) + 2 ]
+
+if [ -z "$OE_TAP_NAME" ]; then
+ OE_TAP_NAME=tap
+fi
+
+n=$[ (`echo $TAP | sed "s/$OE_TAP_NAME//"` * 2) + 1 ]
+dest=$[ (`echo $TAP | sed "s/$OE_TAP_NAME//"` * 2) + 2 ]
$IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$n/32
$IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$dest/32
true
diff --git a/poky/scripts/runqemu-ifup b/poky/scripts/runqemu-ifup
index c65ceaf1c8..05c9325b6b 100755
--- a/poky/scripts/runqemu-ifup
+++ b/poky/scripts/runqemu-ifup
@@ -30,7 +30,7 @@ if [ $EUID -ne 0 ]; then
fi
if [ $# -eq 2 ]; then
- echo "Warning: uid parameter is ignored. It is no longer needed."
+ echo "Warning: uid parameter is ignored. It is no longer needed." >&2
GROUP="$2"
elif [ $# -eq 1 ]; then
GROUP="$1"