diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-01-26 22:04:43 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-01-27 00:13:47 +0300 |
| commit | f52e3dde8c006aa1204b4d74d64bcda47fcd061e (patch) | |
| tree | 2b74f493eb9baa0f2943f045654c7ab8f6e00c59 /poky | |
| parent | 5de6da07e075e1c2294ecda8843cc773d33416b6 (diff) | |
| download | openbmc-f52e3dde8c006aa1204b4d74d64bcda47fcd061e.tar.xz | |
subtree updates
meta-openembedded: 4dbbef7a39..9953ca1ac0:
Andreas Cord-Landwehr (1):
freerdp: provide cmake integration
BELOUARGA Mohamed (1):
Monocypher: Correct source URI and license
Clément Péron (2):
abseil-cpp: rename recipe to follow the version
protobuf: upgrade 4.23.4 -> 4.25.2
Fabio Estevam (1):
v4l-utils: Remove unneeded musl patch
Gassner, Tobias.ext (1):
softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES
Gianfranco Costamagna (1):
vbxguestdrivers: upgrade 7.0.12 -> 7.0.14
Khem Raj (4):
Revert "rng-tools: move from oe-core to meta-oe"
python3-pillow: Correct branch parameter in SRC_URI
python3-multidict: Make it work with python 3.12
python3-multidict: Fix running ptests
Markus Volk (6):
eog: update 45.1 -> 45.2
file-roller: update 43.0 -> 43.1
gvfs: update 1.52.1 -> 1.52.2
gjs: update 1.78.1 -> 1.78.2
mozjs: update 115.2.0 -> 115.6.0
pipewire: update 1.0.0 -> 1.0.1
Michael Haener (1):
nginx: add http sub module feature
Pablo Saavedra (1):
libbacktrace: fix sdk installation
Peter Marko (2):
protobuf-c: change branch to master
srecord: fix malformed patch upstream status
Ross Burton (1):
mozjs-115: fix the build on ARMv5
Yi Zhao (1):
samba: upgrade 4.19.3 -> 4.19.4
Yoann Congal (3):
packagegroup-meta-oe: remove mongodb
python3-coverage: add native and nativesdk BBCLASSEXTEND
python3-pytest-cov: Add missing python3-pytest RDEPENDS
alperak (8):
fmt: upgrade 10.1.1 -> 10.2.1
gerbera: upgrade 1.12.1 -> 2.0.0
spdlog: upgrade 1.12 -> 1.13
libebml: upgrade 1.4.4 -> 1.4.5
lcms: upgrade 2.15 -> 2.16
libkcapi: upgrade 1.4.0 -> 1.5.0
icewm: upgrade 3.4.4 -> 3.4.5
libreport: upgrade 2.17.8 -> 2.17.11
meta-raspberrypi: b859bc3eca..9c901bf170:
Damiano Ferrari (2):
rpi-config: Add CAN0_INTERRUPT_PIN and CAN1_INTERRUPT_PIN variable
docs: add info on how to set different CAN interrupt pins
Florin Sarbu (1):
Add Raspberry Pi 5
Leon Anavi (7):
rpi-base.inc: Add vc4-kms-v3d-pi5.dtbo
u-boot_%.bbappend: Skip for Raspberry Pi 5
rpi-config: Reduce config.txt size
linux-raspberrypi.inc: bcm2712_defconfig for rpi5
conf/machine/raspberrypi5.conf: kernel_2712.img
conf/machine/raspberrypi5.conf: ttyAMA10
conf/machine/raspberrypi5.conf: Use "Image"
poky: 7af374c90c..348d9aba33:
Alejandro Hernandez Samaniego (1):
newlib: Upgrade 4.3.0 -> 4.4.0
Alexander Kanavin (1):
shadow: replace static linking with dynamic libraries in a custom location and bundled with shadow
Anuj Mittal (4):
bluez5: upgrade 5.71 -> 5.72
cronie: upgrade 1.7.0 -> 1.7.1
libpsl: upgrade 0.21.2 -> 0.21.5
grub2: upgrade 2.06 -> 2.12
Bruce Ashfield (12):
linux-yocto/6.6: update to v6.6.11
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.72
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.6: cfg: arm: introduce page size fragments
linux-yocto/6.6: security/cfg: add configs to harden protection
linux-yocto/6.1: security/cfg: add configs to harden protection
linux-yocto/6.6: update to v6.6.12
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.73
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: drop recipes
Chen Qi (5):
oeqa/selftest: add test case to cover 'devtool modify -n' for a git recipe
systemd: refresh musl patches for v255.1
systemd: upgrade to 255.1
systemd-boot: upgrade to 255.1
rootfs-postcommands.bbclass: ignore comment mismatch in systemd_user_check
Etienne Cordonnier (1):
cmake.bbclass: add Darwin support
Fabio Estevam (2):
weston: Update to 13.0.0
pulseaudio: Update to 17.0
Jiang Kai (4):
debianutils: upgrade 5.15 -> 5.16
enchant2: upgrade 2.6.4 -> 2.6.5
libsecret: upgrade 0.21.1 -> 0.21.2
libxrandr: upgrade 1.5.3 -> 1.5.4
Joe Slater (1):
eudev: modify predictable network if name search
Jonathan GUILLOT (1):
udev-extraconf: fix unmount directories containing octal-escaped chars
Julien Stephan (3):
externalsrc: fix task dependency for do_populate_lic
devtool: modify: add support for multiple source in SRC_URI
oeqa/selftest/devtool: add test for recipes with multiple sources in SRC_URI
Kai Kang (2):
nativesdk-cairo: fix build error
p11-kit: fix parallel build failures
Kevin Hao (2):
yocto-bsp: Bump the default kernel to v6.6
yocto-bsp: Drop the support for v6.1 kernel
Khem Raj (4):
libgudev: Pass export-dynamic to linker directly.
coreutils: Fix build with clang
glibc: Do not enable CET on 32bit x86
rust: Re-write RPATHs in the copies llvm-config
Pavel Zhukov (1):
mdadm: Disable ptests
Peter Marko (1):
zlib: ignore CVE-2023-6992
Richard Purdie (7):
qemu: add PACKAGECONFIG for sndio
poky-altcfg: Update PREFERRED_VERSION for kerenl
xev: Drop diet libx11 related patch
libxcomposite: Drop obsolete patch
python3-subunit: Add missing module dependency
qemu: Upgrade 8.1.2 -> 8.2.0
qemu: Fix segfaults in webkitgtk:do_compile on debian11
Robert Yang (1):
autoconf: 2.72d -> 2.72e
Ross Burton (7):
cve_check: handle CVE_STATUS being set to the empty string
cve_check: cleanup logging
xserver-xorg: add PACKAGECONFIG for xvfb
xserver-xorg: disable xvfb by default
libssh2: backport fix for CVE-2023-48795
bitbake: bitbake: Version bump for inherit_defer addition
sanity: require bitbake 2.7.2 for the inherit_defer statement
Ryan Eatmon (1):
python3-yamllint: Add recipe
Simone Weiß (2):
tune-core2: Update qemu cpu to supported model
gcc: Update status of CVE-2023-4039
Thomas Perrot (1):
opensbi: bump to 1.4
Timotheus Giuliani (1):
linux-firmware: fix mediatek MT76x empty license package
Vincent Davis Jr (1):
shaderc: update commit hash to v2023.7
Wang Mingyu (2):
python3-subunit: upgrade 1.4.2 -> 1.4.4
libtest-warnings-perl: upgrade 0.031 -> 0.032
William Hauser (1):
native.bbclass: base_libdir unique from libdir
William Lyu (1):
perl: Fix perl-module-* being ignored via COMPLEMENTARY_GLOB
Yash Shinde (7):
rust: Fetch cargo from rust-snapshot dir.
rust: detect user-specified custom targets in compiletest
rust: Enable RUSTC_BOOTSTRAP to use nightly features during rust oe-selftest.
rust: Fix assertion failure error on oe-selftest
rust: Add new tests in the exclude list for rust oe-selftest
rust: Remove the test cases whose parent dir is also present in the exclude list
rust: Enable rust oe-selftest.
Yogita Urade (1):
tiff: fix CVE-2023-6228
meta-arm: 1cad3c3813..6bb1fc8d8c:
Harsimran Singh Tungal (1):
n1sdp:arm-bsp/optee: Update optee to v4.0
Ross Burton (1):
arm-bsp/linux-yocto: add 6.1 recipe
Change-Id: Ib4cc4e128e4d41f3329cf83a0d5e8539ef07ebe3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'poky')
163 files changed, 1879 insertions, 9281 deletions
diff --git a/poky/bitbake/bin/bitbake b/poky/bitbake/bin/bitbake index abf7de26d8..1055635ffd 100755 --- a/poky/bitbake/bin/bitbake +++ b/poky/bitbake/bin/bitbake @@ -27,7 +27,7 @@ from bb.main import bitbake_main, BitBakeConfigParameters, BBMainException bb.utils.check_system_locale() -__version__ = "2.7.1" +__version__ = "2.7.2" if __name__ == "__main__": if __version__ != bb.__version__: diff --git a/poky/bitbake/lib/bb/__init__.py b/poky/bitbake/lib/bb/__init__.py index 019ab1977a..5e22d34747 100644 --- a/poky/bitbake/lib/bb/__init__.py +++ b/poky/bitbake/lib/bb/__init__.py @@ -9,7 +9,7 @@ # SPDX-License-Identifier: GPL-2.0-only # -__version__ = "2.7.1" +__version__ = "2.7.2" import sys if sys.version_info < (3, 8, 0): diff --git a/poky/meta-poky/conf/distro/include/poky-distro-alt-test-config.inc b/poky/meta-poky/conf/distro/include/poky-distro-alt-test-config.inc index 4c1eb552a3..3e10251e8b 100644 --- a/poky/meta-poky/conf/distro/include/poky-distro-alt-test-config.inc +++ b/poky/meta-poky/conf/distro/include/poky-distro-alt-test-config.inc @@ -1,8 +1,8 @@ # Add extra DISTRO_FEATUREs DISTRO_FEATURES:append = " pam usrmerge" -# Use the LTSI Kernel -PREFERRED_VERSION_linux-yocto = "6.1%" +# Use our alternate kernel version +PREFERRED_VERSION_linux-yocto = "6.6%" # Ensure the kernel nfs server is enabled KERNEL_FEATURES:append:pn-linux-yocto = " features/nfsd/nfsd-enable.scc" diff --git a/poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf b/poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf index 06a49f45f7..459c83f5c2 100644 --- a/poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf +++ b/poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf @@ -20,10 +20,11 @@ do_image_wic[depends] += "mtools-native:do_populate_sysroot dosfstools-native:do SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -PREFERRED_VERSION_linux-yocto ?= "6.1%" +PREFERRED_VERSION_linux-yocto ?= "6.6%" KERNEL_IMAGETYPE = "zImage" -KERNEL_DEVICETREE = "am335x-bone.dtb am335x-boneblack.dtb am335x-bonegreen.dtb" +DTB_FILES = "am335x-bone.dtb am335x-boneblack.dtb am335x-bonegreen.dtb" +KERNEL_DEVICETREE = '${@' '.join('ti/omap/%s' % d for d in '${DTB_FILES}'.split())}' PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot" @@ -33,7 +34,7 @@ UBOOT_MACHINE = "am335x_evm_defconfig" MACHINE_FEATURES = "usbgadget usbhost vfat alsa" -IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} ${SPL_BINARY} ${KERNEL_IMAGETYPE} ${KERNEL_DEVICETREE}" +IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} ${SPL_BINARY} ${KERNEL_IMAGETYPE} ${DTB_FILES}" # support runqemu EXTRA_IMAGEDEPENDS += "qemu-native qemu-helper-native" diff --git a/poky/meta-yocto-bsp/conf/machine/include/genericx86-common.inc b/poky/meta-yocto-bsp/conf/machine/include/genericx86-common.inc index 24d427a360..50a233dd8f 100644 --- a/poky/meta-yocto-bsp/conf/machine/include/genericx86-common.inc +++ b/poky/meta-yocto-bsp/conf/machine/include/genericx86-common.inc @@ -2,7 +2,7 @@ include conf/machine/include/x86/x86-base.inc require conf/machine/include/x86/qemuboot-x86.inc MACHINE_FEATURES += "wifi efi pcbios" -PREFERRED_VERSION_linux-yocto ?= "6.1%" +PREFERRED_VERSION_linux-yocto ?= "6.6%" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg" XSERVER ?= "${XSERVER_X86_BASE} \ diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.1.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.1.bbappend deleted file mode 100644 index ed2b18ab60..0000000000 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.1.bbappend +++ /dev/null @@ -1,19 +0,0 @@ -KBRANCH:genericx86 = "v6.1/standard/base" -KBRANCH:genericx86-64 = "v6.1/standard/base" -KBRANCH:beaglebone-yocto = "v6.1/standard/beaglebone" - -KMACHINE:genericx86 ?= "common-pc" -KMACHINE:genericx86-64 ?= "common-pc-64" -KMACHINE:beaglebone-yocto ?= "beaglebone" - -SRCREV_machine:genericx86 ?= "6ec439b4b456ce929c4c07fe457b5d6a4b468e86" -SRCREV_machine:genericx86-64 ?= "6ec439b4b456ce929c4c07fe457b5d6a4b468e86" -SRCREV_machine:beaglebone-yocto ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1" - -COMPATIBLE_MACHINE:genericx86 = "genericx86" -COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" -COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" - -LINUX_VERSION:genericx86 = "6.1.30" -LINUX_VERSION:genericx86-64 = "6.1.30" -LINUX_VERSION:beaglebone-yocto = "6.1.20" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.6.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.6.bbappend new file mode 100644 index 0000000000..49eed162d9 --- /dev/null +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_6.6.bbappend @@ -0,0 +1,19 @@ +KBRANCH:genericx86 = "v6.6/standard/base" +KBRANCH:genericx86-64 = "v6.6/standard/base" +KBRANCH:beaglebone-yocto = "v6.6/standard/beaglebone" + +KMACHINE:genericx86 ?= "common-pc" +KMACHINE:genericx86-64 ?= "common-pc-64" +KMACHINE:beaglebone-yocto ?= "beaglebone" + +SRCREV_machine:genericx86 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:genericx86-64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:beaglebone-yocto ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" + +COMPATIBLE_MACHINE:genericx86 = "genericx86" +COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" +COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" + +LINUX_VERSION:genericx86 = "6.6.12" +LINUX_VERSION:genericx86-64 = "6.6.12" +LINUX_VERSION:beaglebone-yocto = "6.6.12" diff --git a/poky/meta/classes-recipe/cmake.bbclass b/poky/meta/classes-recipe/cmake.bbclass index d978b88944..1e353f660f 100644 --- a/poky/meta/classes-recipe/cmake.bbclass +++ b/poky/meta/classes-recipe/cmake.bbclass @@ -72,6 +72,8 @@ OECMAKE_TARGET_COMPILE ?= "all" OECMAKE_TARGET_INSTALL ?= "install" def map_host_os_to_system_name(host_os): + if host_os.startswith('darwin'): + return 'Darwin' if host_os.startswith('mingw'): return 'Windows' if host_os.startswith('linux'): diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass index cfd299d0c8..84a3ec65da 100644 --- a/poky/meta/classes-recipe/native.bbclass +++ b/poky/meta/classes-recipe/native.bbclass @@ -77,7 +77,7 @@ exec_prefix = "${STAGING_DIR_NATIVE}${prefix_native}" bindir = "${STAGING_BINDIR_NATIVE}" sbindir = "${STAGING_SBINDIR_NATIVE}" -base_libdir = "${STAGING_LIBDIR_NATIVE}" +base_libdir = "${STAGING_BASE_LIBDIR_NATIVE}" libdir = "${STAGING_LIBDIR_NATIVE}" includedir = "${STAGING_INCDIR_NATIVE}" sysconfdir = "${STAGING_ETCDIR_NATIVE}" diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass index 163c7f41b1..3d05ff3b28 100644 --- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass @@ -106,12 +106,11 @@ def compare_users(user, e_user): # user and e_user must not have None values. Unset values must be '-'. (name, uid, gid, comment, homedir, ushell) = user (e_name, e_uid, e_gid, e_comment, e_homedir, e_ushell) = e_user - # Ignore 'uid', 'gid' or 'comment' if they are not set + # Ignore 'uid', 'gid' or 'homedir' if they are not set # Ignore 'shell' and 'ushell' if one is not set return name == e_name \ and (uid == '-' or uid == e_uid) \ and (gid == '-' or gid == e_gid) \ - and (comment == '-' or e_comment == '-' or comment.lower() == e_comment.lower()) \ and (homedir == '-' or e_homedir == '-' or homedir == e_homedir) \ and (ushell == '-' or e_ushell == '-' or ushell == e_ushell) diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index a54f316aa0..70e27a8d35 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -104,6 +104,7 @@ python () { # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one # Note that we cannot use d.appendVarFlag() here because deps is expected to be a list object, not a string d.setVarFlag('do_configure', 'deps', (d.getVarFlag('do_configure', 'deps', False) or []) + ['do_unpack']) + d.setVarFlag('do_populate_lic', 'deps', (d.getVarFlag('do_populate_lic', 'deps', False) or []) + ['do_unpack']) for task in d.getVar("SRCTREECOVEREDTASKS").split(): if local_srcuri and task in fetch_tasks: diff --git a/poky/meta/conf/distro/include/init-manager-systemd.inc b/poky/meta/conf/distro/include/init-manager-systemd.inc index 595d1f2644..0a76647459 100644 --- a/poky/meta/conf/distro/include/init-manager-systemd.inc +++ b/poky/meta/conf/distro/include/init-manager-systemd.inc @@ -5,3 +5,5 @@ VIRTUAL-RUNTIME_init_manager ??= "systemd" VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units" VIRTUAL-RUNTIME_login_manager ??= "shadow-base" VIRTUAL-RUNTIME_dev_manager ??= "systemd" +# systemd hardcodes /root in its source codes, other values are not offically supported +ROOT_HOME ?= "/root" diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 8dc63b138e..b0625a1097 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -724,6 +724,7 @@ RECIPE_MAINTAINER:pn-python3-wcwidth = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-webcolors = "Bruce Ashfield <bruce.ashfield@gmail.com>" RECIPE_MAINTAINER:pn-python3-wheel = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-xmltodict = "Leon Anavi <leon.anavi@konsulko.com>" +RECIPE_MAINTAINER:pn-python3-yamllint = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-zipp = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER:pn-qemu-helper-native = "Richard Purdie <richard.purdie@linuxfoundation.org>" diff --git a/poky/meta/conf/distro/include/no-static-libs.inc b/poky/meta/conf/distro/include/no-static-libs.inc index 8898d53d75..75359928a1 100644 --- a/poky/meta/conf/distro/include/no-static-libs.inc +++ b/poky/meta/conf/distro/include/no-static-libs.inc @@ -21,11 +21,6 @@ DISABLE_STATIC:pn-libusb1-native = "" # needed by rust DISABLE_STATIC:pn-musl = "" -# needed by shadow-native to build static executables, particularly useradd -DISABLE_STATIC:pn-attr-native = "" -DISABLE_STATIC:pn-libbsd-native = "" -DISABLE_STATIC:pn-libmd-native = "" - EXTRA_OECONF:append = "${DISABLE_STATIC}" EXTRA_OECMAKE:append:pn-libical = " -DSHARED_ONLY=True" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index ef6f471e7b..a1643c5548 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -104,7 +104,6 @@ PTESTS_SLOW = "\ libgcrypt \ libmodule-build-perl \ lttng-tools \ - mdadm \ openssh \ openssl \ parted \ @@ -135,6 +134,7 @@ PTESTS_PROBLEMS:append:x86 = " valgrind" # ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py # libinput \ # Tests need an unloaded system to be reliable # libpam \ # Needs pam DISTRO_FEATURE +# mdadm \ # tests are flaky in AB. # numactl \ # qemu not (yet) configured for numa; all tests are skipped # libseccomp \ # tests failed: 38; add to slow tests once addressed # python3-numpy \ # requires even more RAM and (possibly) disk space; multiple failures @@ -147,6 +147,7 @@ PTESTS_PROBLEMS = "\ libinput \ libpam \ libseccomp \ + mdadm \ numactl \ python3-license-expression \ python3-numpy \ diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc index 3720a4c5b8..a12b202e43 100644 --- a/poky/meta/conf/distro/include/tcmode-default.inc +++ b/poky/meta/conf/distro/include/tcmode-default.inc @@ -22,7 +22,7 @@ BINUVERSION ?= "2.41%" GDBVERSION ?= "14.%" GLIBCVERSION ?= "2.38%" LINUXLIBCVERSION ?= "6.6%" -QEMUVERSION ?= "8.1%" +QEMUVERSION ?= "8.2%" GOVERSION ?= "1.20%" LLVMVERSION ?= "17.%" RUSTVERSION ?= "1.74%" diff --git a/poky/meta/conf/machine/include/x86/tune-core2.inc b/poky/meta/conf/machine/include/x86/tune-core2.inc index 97b7c1b188..082fd4efc3 100644 --- a/poky/meta/conf/machine/include/x86/tune-core2.inc +++ b/poky/meta/conf/machine/include/x86/tune-core2.inc @@ -21,18 +21,18 @@ TUNE_FEATURES:tune-core2-32 = "${TUNE_FEATURES:tune-x86} core2" BASE_LIB:tune-core2-32 = "lib" TUNE_PKGARCH:tune-core2-32 = "core2-32" PACKAGE_EXTRA_ARCHS:tune-core2-32 = "${PACKAGE_EXTRA_ARCHS:tune-i686} core2-32" -QEMU_EXTRAOPTIONS_core2-32 = " -cpu n270" +QEMU_EXTRAOPTIONS_core2-32 = " -cpu Nehalem,check=false" AVAILTUNES += "core2-64" TUNE_FEATURES:tune-core2-64 = "${TUNE_FEATURES:tune-x86-64} core2" BASE_LIB:tune-core2-64 = "lib64" TUNE_PKGARCH:tune-core2-64 = "core2-64" PACKAGE_EXTRA_ARCHS:tune-core2-64 = "${PACKAGE_EXTRA_ARCHS:tune-x86-64} core2-64" -QEMU_EXTRAOPTIONS_core2-64 = " -cpu core2duo" +QEMU_EXTRAOPTIONS_core2-64 = " -cpu Nehalem,check=false" AVAILTUNES += "core2-64-x32" TUNE_FEATURES:tune-core2-64-x32 = "${TUNE_FEATURES:tune-x86-64-x32} core2" BASE_LIB:tune-core2-64-x32 = "libx32" TUNE_PKGARCH:tune-core2-64-x32 = "core2-64-x32" PACKAGE_EXTRA_ARCHS:tune-core2-64-x32 = "${PACKAGE_EXTRA_ARCHS:tune-x86-64-x32} core2-64-x32" -QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu core2duo" +QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu Nehalem,check=false" diff --git a/poky/meta/conf/sanity.conf b/poky/meta/conf/sanity.conf index 435455d9fb..c3e6c5179c 100644 --- a/poky/meta/conf/sanity.conf +++ b/poky/meta/conf/sanity.conf @@ -3,7 +3,7 @@ # See sanity.bbclass # # Expert users can confirm their sanity with "touch conf/sanity.conf" -BB_MIN_VERSION = "2.7.1" +BB_MIN_VERSION = "2.7.2" SANITY_ABIFILE = "${TMPDIR}/abi_version" diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index 3fa77bf9a7..ed5c714cb8 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -79,20 +79,19 @@ def get_patched_cves(d): import re import oe.patch - pn = d.getVar("PN") - cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") + cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+") # Matches the last "CVE-YYYY-ID" in the file name, also if written # in lowercase. Possible to have multiple CVE IDs in a single # file name, but only the last one will be detected from the file name. # However, patch files contents addressing multiple CVE IDs are supported # (cve_match regular expression) - - cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") + cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE) patched_cves = set() - bb.debug(2, "Looking for patches that solves CVEs for %s" % pn) - for url in oe.patch.src_patches(d): + patches = oe.patch.src_patches(d) + bb.debug(2, "Scanning %d patches for CVEs" % len(patches)) + for url in patches: patch_file = bb.fetch.decodeurl(url)[2] # Check patch file name for CVE ID @@ -100,7 +99,7 @@ def get_patched_cves(d): if fname_match: cve = fname_match.group(1).upper() patched_cves.add(cve) - bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) + bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file)) # Remote patches won't be present and compressed patches won't be # unpacked, so say we're not scanning them @@ -231,7 +230,7 @@ def decode_cve_status(d, cve): Convert CVE_STATUS into status, detail and description. """ status = d.getVarFlag("CVE_STATUS", cve) - if status is None: + if not status: return ("", "", "") status_split = status.split(':', 1) @@ -240,7 +239,7 @@ def decode_cve_status(d, cve): status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail) if status_mapping is None: - bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) + bb.warn('Invalid detail "%s" for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) status_mapping = "Unpatched" return (status_mapping, detail, description) diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index a877720769..15249b70fd 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -917,6 +917,28 @@ class DevtoolModifyTests(DevtoolBase): # Try building bitbake(testrecipe) + def test_devtool_modify_git_no_extract(self): + # Check preconditions + testrecipe = 'psplash' + src_uri = get_bb_var('SRC_URI', testrecipe) + self.assertIn('git://', src_uri, 'This test expects the %s recipe to be a git recipe' % testrecipe) + # Clean up anything in the workdir/sysroot/sstate cache + bitbake('%s -c cleansstate' % testrecipe) + # Try modifying a recipe + tempdir = tempfile.mkdtemp(prefix='devtoolqa') + self.track_for_cleanup(tempdir) + self.track_for_cleanup(self.workspacedir) + self.add_command_to_tearDown('bitbake -c clean %s' % testrecipe) + self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') + result = runCmd('git clone https://git.yoctoproject.org/psplash %s && devtool modify -n %s %s' % (tempdir, testrecipe, tempdir)) + self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created. devtool output: %s' % result.output) + matches = glob.glob(os.path.join(self.workspacedir, 'appends', 'psplash_*.bbappend')) + self.assertTrue(matches, 'bbappend not created') + # Test devtool status + result = runCmd('devtool status') + self.assertIn(testrecipe, result.output) + self.assertIn(tempdir, result.output) + def test_devtool_modify_git_crates_subpath(self): # This tests two things in devtool context: # - that we support local git dependencies for cargo based recipe @@ -1086,6 +1108,32 @@ class DevtoolModifyTests(DevtoolBase): check('devtool-override-qemuarm', 'This is a test for qemuarm\n') check('devtool-override-qemux86', 'This is a test for qemux86\n') + def test_devtool_modify_multiple_sources(self): + # This test check that recipes fetching several sources can be used with devtool modify/build + # Check preconditions + testrecipe = 'bzip2' + src_uri = get_bb_var('SRC_URI', testrecipe) + src1 = 'https://' in src_uri + src2 = 'git://' in src_uri + self.assertTrue(src1 and src2, 'This test expects the %s recipe to fetch both a git source and a tarball and it seems that it no longer does' % testrecipe) + # Clean up anything in the workdir/sysroot/sstate cache + bitbake('%s -c cleansstate' % testrecipe) + # Try modifying a recipe + tempdir = tempfile.mkdtemp(prefix='devtoolqa') + self.track_for_cleanup(tempdir) + self.track_for_cleanup(self.workspacedir) + self.add_command_to_tearDown('bitbake -c clean %s' % testrecipe) + self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') + result = runCmd('devtool modify %s -x %s' % (testrecipe, tempdir)) + self.assertEqual(result.status, 0, "Could not modify recipe %s. Output: %s" % (testrecipe, result.output)) + # Test devtool status + result = runCmd('devtool status') + self.assertIn(testrecipe, result.output) + self.assertIn(tempdir, result.output) + # Try building + result = bitbake(testrecipe) + self.assertEqual(result.status, 0, "Bitbake failed, exit code %s, output %s" % (result.status, result.output)) + class DevtoolUpdateTests(DevtoolBase): def test_devtool_update_recipe(self): diff --git a/poky/meta/lib/oeqa/selftest/cases/rust.py b/poky/meta/lib/oeqa/selftest/cases/rust.py index 6dbc517006..164ad11ecd 100644 --- a/poky/meta/lib/oeqa/selftest/cases/rust.py +++ b/poky/meta/lib/oeqa/selftest/cases/rust.py @@ -40,7 +40,12 @@ def parse_results(filename): class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase): def test_rust(self, *args, **kwargs): # Disable Rust Oe-selftest - self.skipTest("The Rust Oe-selftest is disabled.") + #self.skipTest("The Rust Oe-selftest is disabled.") + + # Skip mips32 target since it is unstable with rust tests + machine = get_bb_var('MACHINE') + if machine == "qemumips": + self.skipTest("The mips32 target is skipped for Rust Oe-selftest.") # build remote-test-server before image build recipe = "rust" @@ -102,108 +107,10 @@ class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase): 'tests/codegen/uninit-consts.rs', 'tests/pretty/raw-str-nonexpr.rs', 'tests/run-make', - 'tests/run-make/cdylib-fewer-symbols/foo.rs', - 'tests/run-make/doctests-keep-binaries/t.rs', 'tests/run-make-fulldeps', - 'tests/run-make/issue-22131/foo.rs', - 'tests/run-make/issue-36710/Makefile', - 'tests/run-make/issue-47551', - 'tests/run-make/pgo-branch-weights', - 'tests/run-make/pgo-gen', - 'tests/run-make/pgo-gen-lto', - 'tests/run-make/pgo-indirect-call-promotion', - 'tests/run-make/pgo-use', - 'tests/run-make/pointer-auth-link-with-c/Makefile', - 'tests/run-make/profile', - 'tests/run-make/static-pie', - 'tests/run-make/sysroot-crates-are-unstable', - 'tests/run-make/target-specs', 'tests/rustdoc', - 'tests/rustdoc/async-move-doctest.rs', - 'tests/rustdoc/async-trait.rs', - 'tests/rustdoc/auto-traits.rs', - 'tests/rustdoc/check-source-code-urls-to-def.rs', - 'tests/rustdoc/comment-in-doctest.rs', - 'tests/rustdoc/const-generics/const-generics-docs.rs', - 'tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs', - 'tests/rustdoc/cross-crate-hidden-impl-parameter.rs', - 'tests/rustdoc/cross-crate-links.rs', - 'tests/rustdoc/cross-crate-primitive-doc.rs', - 'tests/rustdoc/doctest-manual-crate-name.rs', - 'tests/rustdoc/edition-doctest.rs', - 'tests/rustdoc/edition-flag.rs', - 'tests/rustdoc/elided-lifetime.rs', - 'tests/rustdoc/external-macro-src.rs', - 'tests/rustdoc/extern-html-root-url.rs', - 'tests/rustdoc/extern-impl-trait.rs', - 'tests/rustdoc/hide-unstable-trait.rs', - 'tests/rustdoc/inline_cross/add-docs.rs', - 'tests/rustdoc/inline_cross/default-trait-method.rs', - 'tests/rustdoc/inline_cross/dyn_trait.rs', - 'tests/rustdoc/inline_cross/impl_trait.rs', - 'tests/rustdoc/inline_cross/issue-24183.rs', - 'tests/rustdoc/inline_cross/macros.rs', - 'tests/rustdoc/inline_cross/trait-vis.rs', - 'tests/rustdoc/inline_cross/use_crate.rs', - 'tests/rustdoc/intra-doc-crate/self.rs', - 'tests/rustdoc/intra-doc/cross-crate/additional_doc.rs', - 'tests/rustdoc/intra-doc/cross-crate/basic.rs', - 'tests/rustdoc/intra-doc/cross-crate/crate.rs', - 'tests/rustdoc/intra-doc/cross-crate/hidden.rs', - 'tests/rustdoc/intra-doc/cross-crate/macro.rs', - 'tests/rustdoc/intra-doc/cross-crate/module.rs', - 'tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs', - 'tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs', - 'tests/rustdoc/intra-doc/cross-crate/traits.rs', - 'tests/rustdoc/intra-doc/extern-builtin-type-impl.rs', - 'tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs', - 'tests/rustdoc/intra-doc/extern-crate.rs', - 'tests/rustdoc/intra-doc/extern-inherent-impl.rs', - 'tests/rustdoc/intra-doc/extern-reference-link.rs', - 'tests/rustdoc/intra-doc/issue-103463.rs', - 'tests/rustdoc/intra-doc/issue-104145.rs', - 'tests/rustdoc/intra-doc/issue-66159.rs', - 'tests/rustdoc/intra-doc/pub-use.rs', - 'tests/rustdoc/intra-doc/reexport-additional-docs.rs', - 'tests/rustdoc/issue-18199.rs', - 'tests/rustdoc/issue-23106.rs', - 'tests/rustdoc/issue-23744.rs', - 'tests/rustdoc/issue-25944.rs', - 'tests/rustdoc/issue-30252.rs', - 'tests/rustdoc/issue-38129.rs', - 'tests/rustdoc/issue-40936.rs', - 'tests/rustdoc/issue-43153.rs', - 'tests/rustdoc/issue-46727.rs', - 'tests/rustdoc/issue-48377.rs', - 'tests/rustdoc/issue-48414.rs', - 'tests/rustdoc/issue-53689.rs', - 'tests/rustdoc/issue-54478-demo-allocator.rs', - 'tests/rustdoc/issue-57180.rs', - 'tests/rustdoc/issue-61592.rs', - 'tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs', - 'tests/rustdoc/issue-75588.rs', - 'tests/rustdoc/issue-85454.rs', - 'tests/rustdoc/issue-86620.rs', 'tests/rustdoc-json', 'tests/rustdoc-js-std', - 'tests/rustdoc/macro_pub_in_module.rs', - 'tests/rustdoc/masked.rs', - 'tests/rustdoc/normalize-assoc-item.rs', - 'tests/rustdoc/no-stack-overflow-25295.rs', - 'tests/rustdoc/primitive-reexport.rs', - 'tests/rustdoc/process-termination.rs', - 'tests/rustdoc/pub-extern-crate.rs', - 'tests/rustdoc/pub-use-extern-macros.rs', - 'tests/rustdoc/reexport-check.rs', - 'tests/rustdoc/reexport-dep-foreign-fn.rs', - 'tests/rustdoc/reexport-doc.rs', - 'tests/rustdoc/reexports-priv.rs', - 'tests/rustdoc/reexports.rs', - 'tests/rustdoc/rustc,-incoherent-impls.rs', - 'tests/rustdoc/test_option_check/bar.rs', - 'tests/rustdoc/test_option_check/test.rs', - 'tests/rustdoc/trait-alias-mention.rs', - 'tests/rustdoc/trait-visibility.rs', 'tests/rustdoc-ui/cfg-test.rs', 'tests/rustdoc-ui/check-cfg-test.rs', 'tests/rustdoc-ui/display-output.rs', @@ -233,28 +140,6 @@ class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase): 'tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs', 'tests/ui/drop/dynamic-drop.rs', 'tests/ui/empty_global_asm.rs', - 'tests/ui-fulldeps/deriving-encodable-decodable-box.rs', - 'tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs', - 'tests/ui-fulldeps/deriving-global.rs', - 'tests/ui-fulldeps/deriving-hygiene.rs', - 'tests/ui-fulldeps/dropck_tarena_sound_drop.rs', - 'tests/ui-fulldeps/empty-struct-braces-derive.rs', - 'tests/ui-fulldeps/internal-lints/bad_opt_access.rs', - 'tests/ui-fulldeps/internal-lints/bad_opt_access.stderr', - 'tests/ui-fulldeps/internal-lints/default_hash_types.rs', - 'tests/ui-fulldeps/internal-lints/diagnostics.rs', - 'tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs', - 'tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs', - 'tests/ui-fulldeps/internal-lints/query_stability.rs', - 'tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs', - 'tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs', - 'tests/ui-fulldeps/issue-14021.rs', - 'tests/ui-fulldeps/lint-group-denied-lint-allowed.rs', - 'tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs', - 'tests/ui-fulldeps/lint-pass-macros.rs', - 'tests/ui-fulldeps/regions-mock-tcx.rs', - 'tests/ui-fulldeps/rustc_encodable_hygiene.rs', - 'tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs', 'tests/ui/functions-closures/fn-help-with-err.rs', 'tests/ui/linkage-attr/issue-10755.rs', 'tests/ui/macros/restricted-shadowing-legacy.rs', @@ -262,7 +147,43 @@ class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase): 'tests/ui/process/process-panic-after-fork.rs', 'tests/ui/process/process-sigpipe.rs', 'tests/ui/simd/target-feature-mixup.rs', - 'tests/ui/structs-enums/multiple-reprs.rs' + 'tests/ui/structs-enums/multiple-reprs.rs', + 'src/tools/jsondoclint', + 'src/tools/replace-version-placeholder', + 'tests/codegen/abi-efiapi.rs', + 'tests/codegen/abi-sysv64.rs', + 'tests/codegen/align-byval.rs', + 'tests/codegen/align-fn.rs', + 'tests/codegen/asm-powerpc-clobbers.rs', + 'tests/codegen/async-fn-debug-awaitee-field.rs', + 'tests/codegen/binary-search-index-no-bound-check.rs', + 'tests/codegen/call-metadata.rs', + 'tests/codegen/debug-column.rs', + 'tests/codegen/debug-limited.rs', + 'tests/codegen/debuginfo-generic-closure-env-names.rs', + 'tests/codegen/drop.rs', + 'tests/codegen/dst-vtable-align-nonzero.rs', + 'tests/codegen/enable-lto-unit-splitting.rs', + 'tests/codegen/enum/enum-u128.rs', + 'tests/codegen/fn-impl-trait-self.rs', + 'tests/codegen/inherit_overflow.rs', + 'tests/codegen/inline-function-args-debug-info.rs', + 'tests/codegen/intrinsics/mask.rs', + 'tests/codegen/intrinsics/transmute-niched.rs', + 'tests/codegen/issues/issue-73258.rs', + 'tests/codegen/issues/issue-75546.rs', + 'tests/codegen/issues/issue-77812.rs', + 'tests/codegen/issues/issue-98156-const-arg-temp-lifetime.rs', + 'tests/codegen/llvm-ident.rs', + 'tests/codegen/mainsubprogram.rs', + 'tests/codegen/move-operands.rs', + 'tests/codegen/repr/transparent-mips64.rs', + 'tests/mir-opt/', + 'tests/rustdoc-json', + 'tests/rustdoc-ui/doc-test-rustdoc-feature.rs', + 'tests/rustdoc-ui/no-run-flag.rs', + 'tests/ui-fulldeps/', + 'tests/ui/numbers-arithmetic/u128.rs' ] exclude_fail_tests = " ".join([" --exclude " + item for item in exclude_list]) diff --git a/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch b/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch index 6b73878cc0..05a4697a73 100644 --- a/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch +++ b/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch @@ -1,4 +1,4 @@ -From 96d9aa55d29b24e2490d5647a9efc66940fc400f Mon Sep 17 00:00:00 2001 +From 006799e9c4babe8a8340a24501b253e759614a2d Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 13 Jan 2016 19:17:31 +0000 Subject: [PATCH] Disable -mfpmath=sse as well when SSE is disabled @@ -24,15 +24,16 @@ Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Upstream-Status: Pending + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 7656f24..0868ea9 100644 +index cd667a2..8263876 100644 --- a/configure.ac +++ b/configure.ac -@@ -824,7 +824,7 @@ fi +@@ -846,7 +846,7 @@ fi if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$platform" != xemu; then # Some toolchains enable these features by default, but they need # registers that aren't set up properly in GRUB. @@ -40,4 +41,4 @@ index 7656f24..0868ea9 100644 + TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -mfpmath=387" fi - # GRUB doesn't use float or doubles at all. Yet some toolchains may decide + if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ); then diff --git a/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch index 2f15a91f68..cafa711731 100644 --- a/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch +++ b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch @@ -1,4 +1,4 @@ -From e4c41db74b8972285cbdfe614c95c1ffd97d70e1 Mon Sep 17 00:00:00 2001 +From b47029e8e582d17c6874d2622fe1a5b834377dbb Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 26 Mar 2021 11:59:43 -0700 Subject: [PATCH] RISC-V: Restore the typcast to 64bit type @@ -17,15 +17,16 @@ Cc: Daniel Kiper <daniel.kiper@oracle.com> Cc: Chester Lin <clin@suse.com> Cc: Nikita Ermakov <arei@altlinux.org> Cc: Alistair Francis <alistair.francis@wdc.com> + --- util/grub-mkimagexx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index 00f49ccaa..ac677d03d 100644 +index e50b295..2f09255 100644 --- a/util/grub-mkimagexx.c +++ b/util/grub-mkimagexx.c -@@ -1242,7 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, +@@ -1310,7 +1310,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, */ sym_addr += addend; @@ -34,6 +35,3 @@ index 00f49ccaa..ac677d03d 100644 switch (ELF_R_TYPE (info)) { --- -2.31.1 - diff --git a/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch b/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch deleted file mode 100644 index 98142a7b60..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch +++ /dev/null @@ -1,48 +0,0 @@ -From eb486898dac8cbc29b2cc39f911b657c3417ae34 Mon Sep 17 00:00:00 2001 -From: Fangrui Song via Grub-devel <grub-devel@gnu.org> -Date: Thu, 26 Aug 2021 09:02:31 -0700 -Subject: [PATCH 1/2] configure: Remove obsoleted -malign-{jumps, loops, - functions} -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The GCC warns "cc1: warning: ‘-malign-loops’ is obsolete, use ‘-falign-loops’". -The Clang silently ignores -malign-{jumps,loops,functions}. - -The preferred -falign-* forms have been supported since GCC 3.2. So, just -remove -malign-{jumps,loops,functions}. - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=eb486898dac8cbc29b2cc39f911b657c3417ae34] -Signed-off-by: Fangrui Song <maskray@google.com> -Acked-by: Paul Menzel <pmenzel@molgen.mpg.de> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - configure.ac | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/configure.ac b/configure.ac -index bee28dbeb..9a12151bd 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -805,17 +805,8 @@ if test "x$target_cpu" = xi386; then - [grub_cv_cc_falign_loop=no]) - ]) - -- AC_CACHE_CHECK([whether -malign-loops works], [grub_cv_cc_malign_loop], [ -- CFLAGS="$TARGET_CFLAGS -malign-loops=1 -Werror" -- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -- [grub_cv_cc_malign_loop=yes], -- [grub_cv_cc_malign_loop=no]) -- ]) -- - if test "x$grub_cv_cc_falign_loop" = xyes; then - TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1" -- elif test "x$grub_cv_cc_malign_loop" = xyes; then -- TARGET_CFLAGS="$TARGET_CFLAGS -malign-jumps=1 -malign-loops=1 -malign-functions=1" - fi - fi - --- -2.37.3 - diff --git a/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch b/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch deleted file mode 100644 index c575a31161..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch +++ /dev/null @@ -1,47 +0,0 @@ -From f1217c803cec90813eb834dde7829f4961b2a2e4 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 17 Feb 2022 15:07:02 -0800 -Subject: [PATCH] configure.ac: Use _zicsr_zifencei extentions on riscv - -From version 2.38, binutils defaults to ISA spec version 20191213. This -means that the csr read/write (csrr*/csrw*) instructions and fence.i -instruction has separated from the `I` extension, become two standalone -extensions: Zicsr and Zifencei. - -The fix is to specify those extensions explicitely in -march. Since we -are now using binutils 2.38+ in OE this is ok, a more upstreamable fix for -grub will be to detect these extentions, however thats not easy to -implement - -Upstream-Status: Inappropriate [OE specific] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.ac | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index c7fc55a..072f2c9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -849,14 +849,14 @@ if test x"$platform" != xemu ; then - [grub_cv_target_cc_soft_float="-mgeneral-regs-only"], []) - fi - if test "x$target_cpu" = xriscv32; then -- CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror" -+ CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -- [grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], []) -+ [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], []) - fi - if test "x$target_cpu" = xriscv64; then -- CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror" -+ CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -- [grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], []) -+ [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], []) - fi - if test "x$target_cpu" = xia64; then - CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror" --- -2.35.1 - diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch deleted file mode 100644 index efa00a3c6c..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 -From: Zhang Boyang <zhangboyang.id@gmail.com> -Date: Fri, 5 Aug 2022 00:51:20 +0800 -Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() - -The length of memory allocation and file read may overflow. This patch -fixes the problem by using safemath macros. - -There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe -if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). -It is safe replacement for such code. It has safemath-like prototype. - -This patch also introduces grub_cast(value, pointer), it casts value to -typeof(*pointer) then store the value to *pointer. It returns true when -overflow occurs or false if there is no overflow. The semantics of arguments -and return value are designed to be consistent with other safemath macros. - -Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport from -[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> - ---- - grub-core/font/font.c | 17 +++++++++++++---- - include/grub/bitmap.h | 18 ++++++++++++++++++ - include/grub/safemath.h | 2 ++ - 3 files changed, 33 insertions(+), 4 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index d09bb38..876b5b6 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - grub_int16_t xoff; - grub_int16_t yoff; - grub_int16_t dwidth; -- int len; -+ grub_ssize_t len; -+ grub_size_t sz; - - if (index_entry->glyph) - /* Return cached glyph. */ -@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - return 0; - } - -- len = (width * height + 7) / 8; -- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); -- if (!glyph) -+ /* Calculate real struct size of current glyph. */ -+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || -+ grub_add (sizeof (struct grub_font_glyph), len, &sz)) -+ { -+ remove_font (font); -+ return 0; -+ } -+ -+ /* Allocate and initialize the glyph struct. */ -+ glyph = grub_malloc (sz); -+ if (glyph == NULL) - { - remove_font (font); - return 0; -diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h -index 5728f8c..0d9603f 100644 ---- a/include/grub/bitmap.h -+++ b/include/grub/bitmap.h -@@ -23,6 +23,7 @@ - #include <grub/symbol.h> - #include <grub/types.h> - #include <grub/video.h> -+#include <grub/safemath.h> - - struct grub_video_bitmap - { -@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) - return bitmap->mode_info.height; - } - -+/* -+ * Calculate and store the size of data buffer of 1bit bitmap in result. -+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. -+ * Return true when overflow occurs or false if there is no overflow. -+ * This function is intentionally implemented as a macro instead of -+ * an inline function. Although a bit awkward, it preserves data types for -+ * safemath macros and reduces macro side effects as much as possible. -+ * -+ * XXX: Will report false overflow if width * height > UINT64_MAX. -+ */ -+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ -+({ \ -+ grub_uint64_t _bitmap_pixels; \ -+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ -+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ -+}) -+ - void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, - struct grub_video_mode_info *mode_info); - -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -index c17b89b..bb0f826 100644 ---- a/include/grub/safemath.h -+++ b/include/grub/safemath.h -@@ -30,6 +30,8 @@ - #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) - #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) - -+#define grub_cast(a, res) grub_add ((a), 0, (res)) -+ - #else - #error gcc 5.1 or newer or clang 3.8 or newer is required - #endif diff --git a/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch b/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch deleted file mode 100644 index a44d139375..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch +++ /dev/null @@ -1,66 +0,0 @@ -It enable the metadata_csum_seed feature by default in e2fsprogs 1.47.0 and -causes grub doesn't work. Backport patch to make grub support this feature. - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7fd5fef] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas <javierm@redhat.com> -Date: Fri, 11 Jun 2021 21:36:16 +0200 -Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature - -This incompat feature is used to denote that the filesystem stored its -metadata checksum seed in the superblock. This is used to allow tune2fs -changing the UUID on a mounted metdata_csum filesystem without having -to rewrite all the disk metadata. However, the GRUB doesn't use the -metadata checksum at all. So, it can just ignore this feature if it -is enabled. This is consistent with the GRUB filesystem code in general -which just does a best effort to access the filesystem's data. - -The checksum seed incompat feature has to be removed from the ignore -list if the support for metadata checksum verification is added to the -GRUB ext2 driver later. - -Suggested-by: Eric Sandeen <esandeen@redhat.com> -Suggested-by: Lukas Czerner <lczerner@redhat.com> -Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> -Reviewed-by: Lukas Czerner <lczerner@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - grub-core/fs/ext2.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index e7dd78e66..4953a1591 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 - #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 - #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 -+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000 - #define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 - - /* The set of back-incompatible features this driver DOES support. Add (OR) -@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+"); - * mmp: Not really back-incompatible - was added as such to - * avoid multiple read-write mounts. Safe to ignore for this - * RO driver. -+ * checksum seed: Not really back-incompatible - was added to allow tools -+ * such as tune2fs to change the UUID on a mounted metadata -+ * checksummed filesystem. Safe to ignore for now since the -+ * driver doesn't support checksum verification. However, it -+ * has to be removed from this list if the support is added later. - */ - #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \ -- | EXT4_FEATURE_INCOMPAT_MMP) -- -+ | EXT4_FEATURE_INCOMPAT_MMP \ -+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED) - - #define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U - --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch b/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch deleted file mode 100644 index a5fbd58f46..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch +++ /dev/null @@ -1,70 +0,0 @@ -From e43f3d93b28cce852c110c7a8e40d8311bcd8bb1 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood <rharwood@redhat.com> -Date: Fri, 15 Jul 2022 16:13:02 -0400 -Subject: [PATCH] fs/fat: Don't error when mtime is 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In the wild, we occasionally see valid ESPs where some file modification -times are 0. For instance: - - ├── [Dec 31 1979] EFI - │ ├── [Dec 31 1979] BOOT - │ │ ├── [Dec 31 1979] BOOTX64.EFI - │ │ └── [Dec 31 1979] fbx64.efi - │ └── [Jun 27 02:41] fedora - │ ├── [Dec 31 1979] BOOTX64.CSV - │ ├── [Dec 31 1979] fonts - │ ├── [Mar 14 03:35] fw - │ │ ├── [Mar 14 03:35] fwupd-359c1169-abd6-4a0d-8bce-e4d4713335c1.cap - │ │ ├── [Mar 14 03:34] fwupd-9d255c4b-2d88-4861-860d-7ee52ade9463.cap - │ │ └── [Mar 14 03:34] fwupd-b36438d8-9128-49d2-b280-487be02d948b.cap - │ ├── [Dec 31 1979] fwupdx64.efi - │ ├── [May 10 10:47] grub.cfg - │ ├── [Jun 3 12:38] grub.cfg.new.new - │ ├── [May 10 10:41] grub.cfg.old - │ ├── [Jun 27 02:41] grubenv - │ ├── [Dec 31 1979] grubx64.efi - │ ├── [Dec 31 1979] mmx64.efi - │ ├── [Dec 31 1979] shim.efi - │ ├── [Dec 31 1979] shimx64.efi - │ └── [Dec 31 1979] shimx64-fedora.efi - └── [Dec 31 1979] FSCK0000.REC - - 5 directories, 17 files - -This causes grub-probe failure, which in turn causes grub-mkconfig -failure. They are valid filesystems that appear intact, and the Linux -FAT stack is able to mount and manipulate them without complaint. - -The check for mtime of 0 has been present since -20def1a3c3952982395cd7c3ea7e78638527962b (fat: support file -modification times). - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e43f3d93b28cce852c110c7a8e40d8311bcd8bb1] - -Signed-off-by: Robbie Harwood <rharwood@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Ming Liu <liu.ming50@gmail.com> ---- - grub-core/fs/fat.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c -index 0951b2e63..c5efed724 100644 ---- a/grub-core/fs/fat.c -+++ b/grub-core/fs/fat.c -@@ -1027,9 +1027,6 @@ grub_fat_dir (grub_device_t device, const char *path, grub_fs_dir_hook_t hook, - grub_le_to_cpu16 (ctxt.dir.w_date), - &info.mtime); - #endif -- if (info.mtimeset == 0) -- grub_error (GRUB_ERR_OUT_OF_RANGE, -- "invalid modification timestamp for %s", path); - - if (hook (ctxt.filename, &info, hook_data)) - break; --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch b/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch index 69b04aa56f..69dec7695a 100644 --- a/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch +++ b/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch @@ -1,4 +1,4 @@ -From 8f47ed4aaefba087b6ca76e59c9f832b6a0702bc Mon Sep 17 00:00:00 2001 +From a80592e20f6c4b928a22862f52f268ab9d9908b2 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 13 Jan 2016 19:28:00 +0000 Subject: [PATCH] grub.d/10_linux.in: add oe's kernel name @@ -20,10 +20,10 @@ Upstream-Status: Inappropriate [OE specific] 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4532266..cba2617 100644 +index cc393be..8545cb6 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -164,12 +164,12 @@ machine=`uname -m` +@@ -166,12 +166,12 @@ machine=`uname -m` case "x$machine" in xi?86 | xx86_64) list= @@ -40,10 +40,10 @@ index 4532266..cba2617 100644 done ;; esac diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 96179ea..98d16ae 100644 +index 94dd8be..36cd554 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -154,7 +154,7 @@ EOF +@@ -181,7 +181,7 @@ EOF } linux_list= diff --git a/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch b/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch deleted file mode 100644 index f3f12b6f0e..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 64be669638e198bc0c7c1a344547265dfacd2470 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 23 Jan 2023 15:29:02 -0800 -Subject: [PATCH] risc-v: Handle R_RISCV_CALL_PLT reloc - -GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT -reloc for call in assembler [1], similarly llvm does not make -distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2] - -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/grub-devel/2023-02/msg00143.html] - -[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c -[2] https://reviews.llvm.org/D132530 - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - grub-core/kern/riscv/dl.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/grub-core/kern/riscv/dl.c -+++ b/grub-core/kern/riscv/dl.c -@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t - break; - - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - { - grub_uint32_t *abs_place = place; - grub_ssize_t off = sym_addr - (grub_addr_t) place; ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -1294,6 +1294,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, st - } - break; - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - { - grub_uint32_t hi20, lo12; - -@@ -1725,6 +1726,7 @@ translate_relocation_pe (struct translat - case R_RISCV_BRANCH: - case R_RISCV_JAL: - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - case R_RISCV_PCREL_HI20: - case R_RISCV_PCREL_LO12_I: - case R_RISCV_PCREL_LO12_S: diff --git a/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch b/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch deleted file mode 100644 index 437e5b29b2..0000000000 --- a/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch +++ /dev/null @@ -1,59 +0,0 @@ -From e372dcb0d4541ee9b9682cde088ec87a7b238ca2 Mon Sep 17 00:00:00 2001 -From: Fangrui Song via Grub-devel <grub-devel@gnu.org> -Date: Thu, 26 Aug 2021 09:02:32 -0700 -Subject: [PATCH 2/2] configure: Check for -falign-jumps=1 beside - -falign-loops=1 - -The Clang does not support -falign-jumps and only recently gained support -for -falign-loops. The -falign-jumps=1 should be tested beside --fliang-loops=1 to avoid passing unrecognized options to the Clang: - - clang-14: error: optimization flag '-falign-jumps=1' is not supported [-Werror,-Wignored-optimization-argument] - -The -falign-functions=1 is supported by GCC 5.1.0/Clang 3.8.0. So, just -add the option unconditionally. - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e372dcb0d4541ee9b9682cde088ec87a7b238ca2] -Signed-off-by: Fangrui Song <maskray@google.com> -Acked-by: Paul Menzel <pmenzel@molgen.mpg.de> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - configure.ac | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 9a12151bd..eeb5d2211 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -798,6 +798,8 @@ fi - - # Force no alignment to save space on i386. - if test "x$target_cpu" = xi386; then -+ TARGET_CFLAGS="$TARGET_CFLAGS -falign-functions=1" -+ - AC_CACHE_CHECK([whether -falign-loops works], [grub_cv_cc_falign_loop], [ - CFLAGS="$TARGET_CFLAGS -falign-loops=1 -Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -@@ -806,7 +808,18 @@ if test "x$target_cpu" = xi386; then - ]) - - if test "x$grub_cv_cc_falign_loop" = xyes; then -- TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1" -+ TARGET_CFLAGS="$TARGET_CFLAGS -falign-loops=1" -+ fi -+ -+ AC_CACHE_CHECK([whether -falign-jumps works], [grub_cv_cc_falign_jumps], [ -+ CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -Werror" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_cc_falign_jumps=yes], -+ [grub_cv_cc_falign_jumps=no]) -+ ]) -+ -+ if test "x$grub_cv_cc_falign_jumps" = xyes; then -+ TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1" - fi - fi - --- -2.37.3 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch deleted file mode 100644 index 7f7bb1acfe..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +++ /dev/null @@ -1,179 +0,0 @@ -From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 6 Jul 2021 18:51:35 +1000 -Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap - out-of-bounds write - -A 16-bit greyscale PNG without alpha is processed in the following loop: - - for (i = 0; i < (data->image_width * data->image_height); - i++, d1 += 4, d2 += 2) - { - d1[R3] = d2[1]; - d1[G3] = d2[1]; - d1[B3] = d2[1]; - } - -The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, -but there are only 3 bytes allocated for storage. This means that image -data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes -out of every 4 following the end of the image. - -This has existed since greyscale support was added in 2013 in commit -3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). - -Saving starfield.png as a 16-bit greyscale image without alpha in the gimp -and attempting to load it causes grub-emu to crash - I don't think this code -has ever worked. - -Delete all PNG greyscale support. - -Fixes: CVE-2021-3695 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2021-3695 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/readers/png.c | 87 +++-------------------------------- - 1 file changed, 7 insertions(+), 80 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 35ae553c8..a3161e25b 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -100,7 +100,7 @@ struct grub_png_data - - unsigned image_width, image_height; - int bpp, is_16bit; -- int raw_bytes, is_gray, is_alpha, is_palette; -+ int raw_bytes, is_alpha, is_palette; - int row_bytes, color_bits; - grub_uint8_t *image_data; - -@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp = 3; - else - { -- data->is_gray = 1; -- data->bpp = 1; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: color type not supported"); - } - - if ((color_bits != 8) && (color_bits != 16) - && (color_bits != 4 -- || !(data->is_gray || data->is_palette))) -+ || !data->is_palette)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: bit depth must be 8 or 16"); - -@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN -- if (data->is_16bit || data->is_gray || data->is_palette) -+ if (data->is_16bit || data->is_palette) - #endif - { - data->image_data = grub_calloc (data->image_height, data->row_bytes); -@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) - int shift; - int mask = (1 << data->color_bits) - 1; - unsigned j; -- if (data->is_gray) -- { -- /* Generic formula is -- (0xff * i) / ((1U << data->color_bits) - 1) -- but for allowed bit depth of 1, 2 and for it's -- equivalent to -- (0xff / ((1U << data->color_bits) - 1)) * i -- Precompute the multipliers to avoid division. -- */ -- -- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; -- for (i = 0; i < (1U << data->color_bits); i++) -- { -- grub_uint8_t col = multipliers[data->color_bits] * i; -- palette[i][0] = col; -- palette[i][1] = col; -- palette[i][2] = col; -- } -- } -- else -- grub_memcpy (palette, data->palette, 3 << data->color_bits); -+ -+ grub_memcpy (palette, data->palette, 3 << data->color_bits); - d1c = d1; - d2c = d2; - for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, -@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) - return; - } - -- if (data->is_gray) -- { -- switch (data->bpp) -- { -- case 4: -- /* 16-bit gray with alpha. */ -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 4) -- { -- d1[R4] = d2[3]; -- d1[G4] = d2[3]; -- d1[B4] = d2[3]; -- d1[A4] = d2[1]; -- } -- break; -- case 2: -- if (data->is_16bit) -- /* 16-bit gray without alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R3] = d2[1]; -- d1[G3] = d2[1]; -- d1[B3] = d2[1]; -- } -- } -- else -- /* 8-bit gray with alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R4] = d2[1]; -- d1[G4] = d2[1]; -- d1[B4] = d2[1]; -- d1[A4] = d2[0]; -- } -- } -- break; -- /* 8-bit gray without alpha. */ -- case 1: -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 3, d2++) -- { -- d1[R3] = d2[0]; -- d1[G3] = d2[0]; -- d1[B3] = d2[0]; -- } -- break; -- } -- return; -- } -- - { - /* Only copy the upper 8 bit. */ - #ifndef GRUB_CPU_WORDS_BIGENDIAN --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch deleted file mode 100644 index f06514e665..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 6 Jul 2021 23:25:07 +1000 -Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table - items - -In fuzzing we observed crashes where a code would attempt to be inserted -into a huffman table before the start, leading to a set of heap OOB reads -and writes as table entries with negative indices were shifted around and -the new code written in. - -Catch the case where we would underflow the array and bail. - -Fixes: CVE-2021-3696 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2021-3696 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/readers/png.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index a3161e25b..d7ed5aa6c 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) - for (i = len; i < ht->max_length; i++) - n += ht->maxval[i]; - -+ if (n > ht->num_values) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: out of range inserting huffman table item"); -+ return; -+ } -+ - for (i = 0; i < n; i++) - ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; - --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch deleted file mode 100644 index e9fc52df86..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Wed, 7 Jul 2021 15:38:19 +1000 -Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write - -Certain 1 px wide images caused a wild pointer write in -grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), -we have the following loop: - -for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - -We did not check if vb * width >= hb * nc1. - -On a 64-bit platform, if that turns out to be negative, it will underflow, -be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so -we see data->bitmap_ptr jump, e.g.: - -0x6180_0000_0480 to -0x6181_0000_0498 - ^ - ~--- carry has occurred and this pointer is now far away from - any object. - -On a 32-bit platform, it will decrement the pointer, creating a pointer -that won't crash but will overwrite random data. - -Catch the underflow and error out. - -Fixes: CVE-2021-3697 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2021-3697 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/readers/jpeg.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 579bbe8a4..09596fbf5 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -23,6 +23,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/bufio.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -699,6 +700,7 @@ static grub_err_t - grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; -+ unsigned stride_a, stride_b, stride; - int rst = data->dri; - grub_err_t err = GRUB_ERR_NONE; - -@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: attempted to decode data before start of stream"); - -+ if (grub_mul(vb, data->image_width, &stride_a) || -+ grub_mul(hb, nc1, &stride_b) || -+ grub_sub(stride_a, stride_b, &stride)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: cannot decode image with these dimensions"); -+ - for (; data->r1 < nr1 && (!data->dri || rst); -- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) -+ data->r1++, data->bitmap_ptr += stride * 3) - for (c1 = 0; c1 < nc1 && (!data->dri || rst); - c1++, rst--, data->bitmap_ptr += hb * 3) - { --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch deleted file mode 100644 index dae26fd8bb..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001 -From: Michael Chang <mchang@suse.com> -Date: Fri, 3 Dec 2021 16:13:28 +0800 -Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg - -The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating -configuration by grub-mkconfig) has inadvertently discarded umask for -creating grub.cfg in the process of running grub-mkconfig. The resulting -wrong permission (0644) would allow unprivileged users to read GRUB -configuration file content. This presents a low confidentiality risk -as grub.cfg may contain non-secured plain-text passwords. - -This patch restores the missing umask and sets the creation file mode -to 0600 preventing unprivileged access. - -Fixes: CVE-2021-3981 - -Signed-off-by: Michael Chang <mchang@suse.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2021-3981 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - util/grub-mkconfig.in | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index c3ea7612e..62335d027 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with - exit 1 - else - # none of the children aborted with error, install the new grub.cfg -+ oldumask=$(umask) -+ umask 077 - cat ${grub_cfg}.new > ${grub_cfg} -+ umask $oldumask - rm -f ${grub_cfg}.new - fi - fi --- -2.31.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch deleted file mode 100644 index 727c509694..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch +++ /dev/null @@ -1,85 +0,0 @@ -From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang <zhangboyang.id@gmail.com> -Date: Fri, 5 Aug 2022 01:58:27 +0800 -Subject: [PATCH] font: Fix several integer overflows in - grub_font_construct_glyph() - -This patch fixes several integer overflows in grub_font_construct_glyph(). -Glyphs of invalid size, zero or leading to an overflow, are rejected. -The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() -returns NULL is fixed too. - -Fixes: CVE-2022-2601 - -Reported-by: Zhang Boyang <zhangboyang.id@gmail.com> -Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport from -[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] -CVE: CVE-2022-2601 - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> - ---- - grub-core/font/font.c | 29 +++++++++++++++++------------ - 1 file changed, 17 insertions(+), 12 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 876b5b6..0ff5525 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, - struct grub_video_signed_rect bounds; - static struct grub_font_glyph *glyph = 0; - static grub_size_t max_glyph_size = 0; -+ grub_size_t cur_glyph_size; - - ensure_comb_space (glyph_id); - -@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, - if (!glyph_id->ncomb && !glyph_id->attributes) - return main_glyph; - -- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) -+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || -+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) -+ return main_glyph; -+ -+ if (max_glyph_size < cur_glyph_size) - { - grub_free (glyph); -- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; -- if (max_glyph_size < 8) -- max_glyph_size = 8; -- glyph = grub_malloc (max_glyph_size); -+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) -+ max_glyph_size = 0; -+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; - } - if (!glyph) - { -+ max_glyph_size = 0; - grub_errno = GRUB_ERR_NONE; - return main_glyph; - } - -- grub_memset (glyph, 0, sizeof (*glyph) -- + (bounds.width * bounds.height -- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); -+ grub_memset (glyph, 0, cur_glyph_size); - - glyph->font = main_glyph->font; -- glyph->width = bounds.width; -- glyph->height = bounds.height; -- glyph->offset_x = bounds.x; -- glyph->offset_y = bounds.y; -+ if (bounds.width == 0 || bounds.height == 0 || -+ grub_cast (bounds.width, &glyph->width) || -+ grub_cast (bounds.height, &glyph->height) || -+ grub_cast (bounds.x, &glyph->offset_x) || -+ grub_cast (bounds.y, &glyph->offset_y)) -+ return main_glyph; - - if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) - grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch deleted file mode 100644 index 8bf9090f94..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Mon, 20 Dec 2021 19:41:21 +1100 -Subject: [PATCH] net/ip: Do IP fragment maths safely - -We can receive packets with invalid IP fragmentation information. This -can lead to rsm->total_len underflowing and becoming very large. - -Then, in grub_netbuff_alloc(), we add to this very large number, which can -cause it to overflow and wrap back around to a small positive number. -The allocation then succeeds, but the resulting buffer is too small and -subsequent operations can write past the end of the buffer. - -Catch the underflow here. - -Fixes: CVE-2022-28733 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2022-28733 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> - ---- - grub-core/net/ip.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index e3d62e97f..3c3d0be0e 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -25,6 +25,7 @@ - #include <grub/net/netbuff.h> - #include <grub/mm.h> - #include <grub/priority_queue.h> -+#include <grub/safemath.h> - #include <grub/time.h> - - struct iphdr { -@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, - { - rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) - + (nb->tail - nb->data)); -- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); -+ -+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), -+ &rsm->total_len)) -+ { -+ grub_dprintf ("net", "IP reassembly size underflow\n"); -+ return GRUB_ERR_NONE; -+ } -+ - rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); - if (!rsm->asm_netbuff) - { --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch deleted file mode 100644 index f31167d315..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ /dev/null @@ -1,58 +0,0 @@ -From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 8 Mar 2022 19:04:40 +1100 -Subject: [PATCH] net/http: Error out on headers with LF without CR - -In a similar vein to the previous patch, parse_line() would write -a NUL byte past the end of the buffer if there was an HTTP header -with a LF rather than a CRLF. - -RFC-2616 says: - - Many HTTP/1.1 header field values consist of words separated by LWS - or special characters. These special characters MUST be in a quoted - string to be used within a parameter value (as defined in section 3.6). - -We don't support quoted sections or continuation lines, etc. - -If we see an LF that's not part of a CRLF, bail out. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2022-28734 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/net/http.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 33a0a28c4..9291a13e2 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - char *end = ptr + len; - while (end > ptr && *(end - 1) == '\r') - end--; -+ -+ /* LF without CR. */ -+ if (end == ptr + len) -+ { -+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); -+ return GRUB_ERR_NONE; -+ } - *end = 0; -+ - /* Trailing CRLF. */ - if (data->in_chunk_len == 1) - { --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch deleted file mode 100644 index e0ca1eec44..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch +++ /dev/null @@ -1,56 +0,0 @@ -From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 8 Mar 2022 18:17:03 +1100 -Subject: [PATCH] net/http: Fix OOB write for split http headers - -GRUB has special code for handling an http header that is split -across two packets. - -The code tracks the end of line by looking for a "\n" byte. The -code for split headers has always advanced the pointer just past the -end of the line, whereas the code that handles unsplit headers does -not advance the pointer. This extra advance causes the length to be -one greater, which breaks an assumption in parse_line(), leading to -it writing a NUL byte one byte past the end of the buffer where we -reconstruct the line from the two packets. - -It's conceivable that an attacker controlled set of packets could -cause this to zero out the first byte of the "next" pointer of the -grub_mm_region structure following the current_line buffer. - -Do not advance the pointer in the split header case. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2022-28734 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/net/http.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index f8d7bf0cd..33a0a28c4 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), - int have_line = 1; - char *t; - ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); -- if (ptr) -- ptr++; -- else -+ if (ptr == NULL) - { - have_line = 0; - ptr = (char *) nb->tail; --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch deleted file mode 100644 index 7a59f10bfb..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode <julian.klode@canonical.com> -Date: Thu, 2 Dec 2021 15:03:53 +0100 -Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock - verifier - -We must not allow other verifiers to pass things like the GRUB modules. -Instead of maintaining a blocklist, maintain an allowlist of things -that we do not care about. - -This allowlist really should be made reusable, and shared by the -lockdown verifier, but this is the minimal patch addressing -security concerns where the TPM verifier was able to mark modules -as verified (or the OpenPGP verifier for that matter), when it -should not do so on shim-powered secure boot systems. - -Fixes: CVE-2022-28735 - -Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE:CVE-2022-28735 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- - include/grub/verify.h | 1 + - 2 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index c52ec6226..89c4bb3fd 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - void **context __attribute__ ((unused)), - enum grub_verify_flags *flags) - { -- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ *flags = GRUB_VERIFY_FLAGS_NONE; - - switch (type & GRUB_FILE_TYPE_MASK) - { -+ /* Files we check. */ - case GRUB_FILE_TYPE_LINUX_KERNEL: - case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: - case GRUB_FILE_TYPE_BSD_KERNEL: -@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - case GRUB_FILE_TYPE_PLAN9_KERNEL: - case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ return GRUB_ERR_NONE; - -- /* Fall through. */ -+ /* Files that do not affect secureboot state. */ -+ case GRUB_FILE_TYPE_NONE: -+ case GRUB_FILE_TYPE_LOOPBACK: -+ case GRUB_FILE_TYPE_LINUX_INITRD: -+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: -+ case GRUB_FILE_TYPE_XNU_RAMDISK: -+ case GRUB_FILE_TYPE_SIGNATURE: -+ case GRUB_FILE_TYPE_PUBLIC_KEY: -+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: -+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: -+ case GRUB_FILE_TYPE_TESTLOAD: -+ case GRUB_FILE_TYPE_GET_SIZE: -+ case GRUB_FILE_TYPE_FONT: -+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: -+ case GRUB_FILE_TYPE_CAT: -+ case GRUB_FILE_TYPE_HEXCAT: -+ case GRUB_FILE_TYPE_CMP: -+ case GRUB_FILE_TYPE_HASHLIST: -+ case GRUB_FILE_TYPE_TO_HASH: -+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: -+ case GRUB_FILE_TYPE_PIXMAP: -+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: -+ case GRUB_FILE_TYPE_CONFIG: -+ case GRUB_FILE_TYPE_THEME: -+ case GRUB_FILE_TYPE_GETTEXT_CATALOG: -+ case GRUB_FILE_TYPE_FS_SEARCH: -+ case GRUB_FILE_TYPE_LOADENV: -+ case GRUB_FILE_TYPE_SAVEENV: -+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; - -+ /* Other files. */ - default: -- return GRUB_ERR_NONE; -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); - } - } - -diff --git a/include/grub/verify.h b/include/grub/verify.h -index cd129c398..672ae1692 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h -@@ -24,6 +24,7 @@ - - enum grub_verify_flags - { -+ GRUB_VERIFY_FLAGS_NONE = 0, - GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, - GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, - /* Defer verification to another authority. */ --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch deleted file mode 100644 index 5741e53f42..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Tue, 5 Apr 2022 11:48:58 +0100 -Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex() - -This ports the EFI chainloader to use grub_loader_set_ex() in order to fix -a use-after-free bug that occurs when grub_cmd_chainloader() is executed -more than once before a boot attempt is performed. - -Fixes: CVE-2022-28736 - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2022-28736 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - grub-core/loader/efi/chainloader.c | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index d1602c89b..7557eb269 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_handle_t image_handle; -- - static grub_err_t --grub_chainloader_unload (void) -+grub_chainloader_unload (void *context) - { -+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; - grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -@@ -64,8 +63,9 @@ grub_chainloader_unload (void) - } - - static grub_err_t --grub_chainloader_boot (void) -+grub_chainloader_boot (void *context) - { -+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; - grub_efi_boot_services_t *b; - grub_efi_status_t status; - grub_efi_uintn_t exit_data_size; -@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_physical_address_t address = 0; - grub_efi_uintn_t pages = 0; - grub_efi_char16_t *cmdline = NULL; -+ grub_efi_handle_t image_handle = NULL; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - grub_free (file_path); - -- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); -+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); - return 0; - - fail: -@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - - if (image_handle != NULL) -- { -- efi_call_1 (b->unload_image, image_handle); -- image_handle = NULL; -- } -+ efi_call_1 (b->unload_image, image_handle); - - grub_dl_unref (my_mod); - --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch deleted file mode 100644 index 853efd0486..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch +++ /dev/null @@ -1,95 +0,0 @@ -From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang <zhangboyang.id@gmail.com> -Date: Mon, 24 Oct 2022 08:05:35 +0800 -Subject: [PATCH] font: Fix an integer underflow in blit_comb() - -The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may -evaluate to a very big invalid value even if both ctx.bounds.height and -combining_glyphs[i]->height are small integers. For example, if -ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this -expression evaluates to 2147483647 (expected -1). This is because -coordinates are allowed to be negative but ctx.bounds.height is an -unsigned int. So, the subtraction operates on unsigned ints and -underflows to a very big value. The division makes things even worse. -The quotient is still an invalid value even if converted back to int. - -This patch fixes the problem by casting ctx.bounds.height to int. As -a result the subtraction will operate on int and grub_uint16_t which -will be promoted to an int. So, the underflow will no longer happen. Other -uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, -to ensure coordinates are always calculated on signed integers. - -Fixes: CVE-2022-3775 - -Reported-by: Daniel Axtens <dja@axtens.net> -Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport from -[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] -CVE: CVE-2022-3775 - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> - ---- - grub-core/font/font.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 0ff5525..7b1cbde 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - ctx.bounds.height = main_glyph->height; - - above_rightx = main_glyph->offset_x + main_glyph->width; -- above_righty = ctx.bounds.y + ctx.bounds.height; -+ above_righty = ctx.bounds.y + (int) ctx.bounds.height; - - above_leftx = main_glyph->offset_x; -- above_lefty = ctx.bounds.y + ctx.bounds.height; -+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; - -- below_rightx = ctx.bounds.x + ctx.bounds.width; -+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; - below_righty = ctx.bounds.y; - - comb = grub_unicode_get_comb (glyph_id); -@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - if (!combining_glyphs[i]) - continue; -- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; -+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; - /* CGJ is to avoid diacritics reordering. */ - if (comb[i].code - == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) -@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - case GRUB_UNICODE_COMB_OVERLAY: - do_blit (combining_glyphs[i], - targetx, -- (ctx.bounds.height - combining_glyphs[i]->height) / 2 -- - (ctx.bounds.height + ctx.bounds.y), &ctx); -+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 -+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; - break; -@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - /* Fallthrough. */ - case GRUB_UNICODE_STACK_ATTACHED_ABOVE: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height + ctx.bounds.y + space -+ -((int) ctx.bounds.height + ctx.bounds.y + space - + combining_glyphs[i]->height), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; -@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - case GRUB_UNICODE_COMB_HEBREW_DAGESH: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height / 2 + ctx.bounds.y -+ -((int) ctx.bounds.height / 2 + ctx.bounds.y - + combining_glyphs[i]->height / 2), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch deleted file mode 100644 index 305fcc93d8..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov <dfirblog@gmail.com> -Date: Mon, 28 Aug 2023 16:31:57 +0300 -Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute - for the $MFT file - -When parsing an extremely fragmented $MFT file, i.e., the file described -using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer -containing bytes read from the underlying drive to store sector numbers, -which are consumed later to read data from these sectors into another buffer. - -These sectors numbers, two 32-bit integers, are always stored at predefined -offsets, 0x10 and 0x14, relative to first byte of the selected entry within -the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. - -However, when parsing a specially-crafted file system image, this may cause -the NTFS code to write these integers beyond the buffer boundary, likely -causing the GRUB memory allocator to misbehave or fail. These integers contain -values which are controlled by on-disk structures of the NTFS file system. - -Such modification and resulting misbehavior may touch a memory range not -assigned to the GRUB and owned by firmware or another EFI application/driver. - -This fix introduces checks to ensure that these sector numbers are never -written beyond the boundary. - -Fixes: CVE-2023-4692 - -Upstream-Status: Backport from -[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] -CVE: CVE-2023-4692 - -Reported-by: Maxim Suhanov <dfirblog@gmail.com> -Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - grub-core/fs/ntfs.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index bbdbe24..c3c4db1 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - } - if (at->attr_end) - { -- grub_uint8_t *pa; -+ grub_uint8_t *pa, *pa_end; - - at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); - if (at->emft_buf == NULL) -@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - } - at->attr_nxt = at->edat_buf; - at->attr_end = at->edat_buf + u32at (pa, 0x30); -+ pa_end = at->edat_buf + n; - } - else - { - at->attr_nxt = at->attr_end + u16at (pa, 0x14); - at->attr_end = at->attr_end + u32at (pa, 4); -+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); - } - at->flags |= GRUB_NTFS_AF_ALST; - while (at->attr_nxt < at->attr_end) -@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - at->flags |= GRUB_NTFS_AF_GPOS; - at->attr_cur = at->attr_nxt; - pa = at->attr_cur; -+ -+ if ((pa >= pa_end) || (pa_end - pa < 0x18)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); -+ return NULL; -+ } -+ - grub_set_unaligned32 ((char *) pa + 0x10, - grub_cpu_to_le32 (at->mft->data->mft_start)); - grub_set_unaligned32 ((char *) pa + 0x14, -@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - { - if (*pa != attr) - break; -+ -+ if ((pa >= pa_end) || (pa_end - pa < 0x18)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); -+ return NULL; -+ } -+ - if (read_attr - (at, pa + 0x10, - u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), --- -cgit v1.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch deleted file mode 100644 index 420fe92ac3..0000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov <dfirblog@...> -Date: Mon, 28 Aug 2023 16:32:33 +0300 -Subject: fs/ntfs: Fix an OOB read when reading data from the resident $DATA - attribute - -When reading a file containing resident data, i.e., the file data is stored in -the $DATA attribute within the NTFS file record, not in external clusters, -there are no checks that this resident data actually fits the corresponding -file record segment. - -When parsing a specially-crafted file system image, the current NTFS code will -read the file data from an arbitrary, attacker-chosen memory offset and of -arbitrary, attacker-chosen length. - -This allows an attacker to display arbitrary chunks of memory, which could -contain sensitive information like password hashes or even plain-text, -obfuscated passwords from BS EFI variables. - -This fix implements a check to ensure that resident data is read from the -corresponding file record segment only. - -Fixes: CVE-2023-4693 - -Upstream-Status: Backport from -[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] -CVE: CVE-2023-4693 - -Reported-by: Maxim Suhanov <dfirblog@...> -Signed-off-by: Maxim Suhanov <dfirblog@...> -Reviewed-by: Daniel Kiper <daniel.kiper@...> -Signed-off-by: Xiangyu Chen <xiangyu.chen@...> ---- - grub-core/fs/ntfs.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index c3c4db1..a68e173 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, - { - if (ofs + len > u32at (pa, 0x10)) - return grub_error (GRUB_ERR_BAD_FS, "read out of range"); -- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); -+ -+ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); -+ -+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); -+ -+ if (u16at (pa, 0x14) + u32at (pa, 0x10) > -+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); -+ -+ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); - return 0; - } - --- -cgit v1.1 - diff --git a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch index 1323a54a59..f8dfda90ab 100644 --- a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch +++ b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch @@ -1,4 +1,4 @@ -From 8790aa8bea736f52341a0430ff3e317d3be0f99b Mon Sep 17 00:00:00 2001 +From 14c1d0459fb3561e627d3a5f6e91a0d2f7b4aa45 Mon Sep 17 00:00:00 2001 From: Naveen Saini <naveen.kumar.saini@intel.com> Date: Mon, 15 Mar 2021 14:44:15 +0800 Subject: [PATCH] autogen.sh: exclude .pc from po/POTFILES.in @@ -14,15 +14,16 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> + --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh -index 31b0ced7e..c63ae766c 100755 +index 195daa5..773b7b4 100755 --- a/autogen.sh +++ b/autogen.sh -@@ -13,7 +13,7 @@ fi +@@ -26,7 +26,7 @@ fi export LC_COLLATE=C unset LC_ALL @@ -31,6 +32,3 @@ index 31b0ced7e..c63ae766c 100755 find util -iname '*.in' ! -name Makefile.in |sort > po/POTFILES-shell.in echo "Importing unicode..." --- -2.17.1 - diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch deleted file mode 100644 index a2c0530f04..0000000000 --- a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Tue, 5 Apr 2022 10:58:28 +0100 -Subject: [PATCH] commands/boot: Add API to pass context to loader - -Loaders rely on global variables for saving context which is consumed -in the boot hook and freed in the unload hook. In the case where a loader -command is executed twice, calling grub_loader_set() a second time executes -the unload hook, but in some cases this runs when the loader's global -context has already been updated, resulting in the updated context being -freed and potential use-after-free bugs when the boot hook is subsequently -called. - -This adds a new API, grub_loader_set_ex(), which allows a loader to specify -context that is passed to its boot and unload hooks. This is an alternative -to requiring that loaders call grub_loader_unset() before mutating their -global context. - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++----- - include/grub/loader.h | 5 +++ - 2 files changed, 63 insertions(+), 8 deletions(-) - -diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c -index bbca81e94..61514788e 100644 ---- a/grub-core/commands/boot.c -+++ b/grub-core/commands/boot.c -@@ -27,10 +27,20 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --static grub_err_t (*grub_loader_boot_func) (void); --static grub_err_t (*grub_loader_unload_func) (void); -+static grub_err_t (*grub_loader_boot_func) (void *context); -+static grub_err_t (*grub_loader_unload_func) (void *context); -+static void *grub_loader_context; - static int grub_loader_flags; - -+struct grub_simple_loader_hooks -+{ -+ grub_err_t (*boot) (void); -+ grub_err_t (*unload) (void); -+}; -+ -+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */ -+static struct grub_simple_loader_hooks simple_loader_hooks; -+ - struct grub_preboot - { - grub_err_t (*preboot_func) (int); -@@ -44,6 +54,29 @@ static int grub_loader_loaded; - static struct grub_preboot *preboots_head = 0, - *preboots_tail = 0; - -+static grub_err_t -+grub_simple_boot_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ return hooks->boot (); -+} -+ -+static grub_err_t -+grub_simple_unload_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ grub_err_t ret; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ -+ ret = hooks->unload (); -+ grub_memset (hooks, 0, sizeof (*hooks)); -+ -+ return ret; -+} -+ - int - grub_loader_is_loaded (void) - { -@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) - } - - void --grub_loader_set (grub_err_t (*boot) (void), -- grub_err_t (*unload) (void), -- int flags) -+grub_loader_set_ex (grub_err_t (*boot) (void *context), -+ grub_err_t (*unload) (void *context), -+ void *context, -+ int flags) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = boot; - grub_loader_unload_func = unload; -+ grub_loader_context = context; - grub_loader_flags = flags; - - grub_loader_loaded = 1; - } - -+void -+grub_loader_set (grub_err_t (*boot) (void), -+ grub_err_t (*unload) (void), -+ int flags) -+{ -+ grub_loader_set_ex (grub_simple_boot_hook, -+ grub_simple_unload_hook, -+ &simple_loader_hooks, -+ flags); -+ -+ simple_loader_hooks.boot = boot; -+ simple_loader_hooks.unload = unload; -+} -+ - void - grub_loader_unset(void) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = 0; - grub_loader_unload_func = 0; -+ grub_loader_context = 0; - - grub_loader_loaded = 0; - } -@@ -158,7 +208,7 @@ grub_loader_boot (void) - return err; - } - } -- err = (grub_loader_boot_func) (); -+ err = (grub_loader_boot_func) (grub_loader_context); - - for (cur = preboots_tail; cur; cur = cur->prev) - if (! err) -diff --git a/include/grub/loader.h b/include/grub/loader.h -index b20864282..97f231054 100644 ---- a/include/grub/loader.h -+++ b/include/grub/loader.h -@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), - grub_err_t (*unload) (void), - int flags); - -+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context), -+ grub_err_t (*unload) (void *context), -+ void *context, -+ int flags); -+ - /* Unset current loader, if any. */ - void EXPORT_FUNC (grub_loader_unset) (void); - --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/determinism.patch b/poky/meta/recipes-bsp/grub/files/determinism.patch deleted file mode 100644 index 852b95a856..0000000000 --- a/poky/meta/recipes-bsp/grub/files/determinism.patch +++ /dev/null @@ -1,68 +0,0 @@ -From b6f9b3f6fa782807c4a7ec16ee8ef868cdfbf468 Mon Sep 17 00:00:00 2001 -From: Naveen Saini <naveen.kumar.saini@intel.com> -Date: Mon, 15 Mar 2021 14:56:18 +0800 -Subject: [PATCH] The output in moddep.lst generated from syminfo.lst using - genmoddep.awk is not deterministic since the order of the dependencies on - each line can vary depending on how awk sorts the values in the array. - -Be deterministic in the output by sorting the dependencies on each line. - -Also, the output of the SOURCES lines in grub-core/Makefile.core.am, generated -from grub-core/Makefile.core.def with gentpl.py is not deterministic due to -missing sorting of the list used to generate it. Add such a sort. - -Also ensure the generated unidata.c file is deterministic by sorting the -keys of the dict. - -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/grub-devel/2023-06/index.html] -Richard Purdie <richard.purdie@linuxfoundation.org> -Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> ---- - gentpl.py | 1 + - grub-core/genmoddep.awk | 4 +++- - util/import_unicode.py | 2 +- - 3 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/gentpl.py b/gentpl.py -index c86550d4f..589285192 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platform, suffix, closure): - for group in RMAP[platform]: - for value in defn.find_all(group + suffix): - r.append(closure(value)) -+ r.sort() - return ''.join(r) - - def platform_conditional(platform, closure): -diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk -index 04c2863e5..247436392 100644 ---- a/grub-core/genmoddep.awk -+++ b/grub-core/genmoddep.awk -@@ -59,7 +59,9 @@ END { - } - modlist = "" - depcount[mod] = 0 -- for (depmod in uniqmods) { -+ n = asorti(uniqmods, w) -+ for (i = 1; i <= n; i++) { -+ depmod = w[i] - modlist = modlist " " depmod; - inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod - depcount[mod]++ -diff --git a/util/import_unicode.py b/util/import_unicode.py -index 08f80591e..1f434a069 100644 ---- a/util/import_unicode.py -+++ b/util/import_unicode.py -@@ -174,7 +174,7 @@ infile.close () - - outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ") - --for x in arabicsubst: -+for x in sorted(arabicsubst): - try: - if arabicsubst[x]['join'] == "DUAL": - outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4])) --- -2.17.1 - diff --git a/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch b/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch index 26890261b7..d9012d1dd6 100644 --- a/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch +++ b/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch @@ -1,4 +1,4 @@ -From 917133acc701dbc4636165d3b08d15dc5829a06f Mon Sep 17 00:00:00 2001 +From b316ed326bd492106006d78f5bfcd767b49a4f2e Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Wed, 17 Aug 2016 04:06:34 -0400 Subject: [PATCH] grub module explicitly keeps symbole .module_license @@ -8,7 +8,7 @@ it stripped symbol table: --------------- root@localhost:~# objdump -t all_video.mod - + all_video.mod: file format elf64-x86-64 SYMBOL TABLE: @@ -40,12 +40,13 @@ SYMBOL TABLE: Upstream-Status: Pending Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + --- grub-core/genmod.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in -index 1250589..dd14308 100644 +index e57c4d9..42bb1ba 100644 --- a/grub-core/genmod.sh.in +++ b/grub-core/genmod.sh.in @@ -56,7 +56,7 @@ if test x@TARGET_APPLE_LINKER@ != x1; then diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch deleted file mode 100644 index a43025d425..0000000000 --- a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Tue, 5 Apr 2022 10:02:04 +0100 -Subject: [PATCH] loader/efi/chainloader: Simplify the loader state - -The chainloader command retains the source buffer and device path passed -to LoadImage(), requiring the unload hook passed to grub_loader_set() to -free them. It isn't required to retain this state though - they aren't -required by StartImage() or anything else in the boot hook, so clean them -up before grub_cmd_chainloader() finishes. - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++------------- - 1 file changed, 21 insertions(+), 17 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 2bd80f4db..d1602c89b 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_physical_address_t address; --static grub_efi_uintn_t pages; --static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; --static grub_efi_char16_t *cmdline; - - static grub_err_t - grub_chainloader_unload (void) - { -+ grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -+ loaded_image = grub_efi_get_loaded_image (image_handle); -+ if (loaded_image != NULL) -+ grub_free (loaded_image->load_options); -+ - b = grub_efi_system_table->boot_services; - efi_call_1 (b->unload_image, image_handle); -- efi_call_2 (b->free_pages, address, pages); -- -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; -@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - char *dir_start; - char *dir_end; - grub_size_t size; -- grub_efi_device_path_t *d; -+ grub_efi_device_path_t *d, *file_path; - - dir_start = grub_strchr (filename, ')'); - if (! dir_start) -@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; -- grub_efi_device_path_t *dp = 0; -+ grub_efi_device_path_t *dp = NULL, *file_path = NULL; - grub_efi_loaded_image_t *loaded_image; - char *filename; - void *boot_image = 0; - grub_efi_handle_t dev_handle = 0; -+ grub_efi_physical_address_t address = 0; -+ grub_efi_uintn_t pages = 0; -+ grub_efi_char16_t *cmdline = NULL; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -- /* Initialize some global variables. */ -- address = 0; -- image_handle = 0; -- file_path = 0; -- - b = grub_efi_system_table->boot_services; - - file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); -@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (file); - grub_device_close (dev); - -+ /* We're finished with the source image buffer and file path now. */ -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - return 0; - -@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - if (file) - grub_file_close (file); - -+ grub_free (cmdline); - grub_free (file_path); - - if (address) - efi_call_2 (b->free_pages, address, pages); - -+ if (image_handle != NULL) -+ { -+ efi_call_1 (b->unload_image, image_handle); -+ image_handle = NULL; -+ } -+ - grub_dl_unref (my_mod); - - return grub_errno; --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch deleted file mode 100644 index 2db9bcbbc5..0000000000 --- a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch +++ /dev/null @@ -1,693 +0,0 @@ -From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001 -From: Elyes Haouas <ehaouas@noos.fr> -Date: Fri, 4 Mar 2022 07:42:13 +0100 -Subject: [PATCH] video: Remove trailing whitespaces - -Signed-off-by: Elyes Haouas <ehaouas@noos.fr> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/bochs.c | 2 +- - grub-core/video/capture.c | 2 +- - grub-core/video/cirrus.c | 4 ++-- - grub-core/video/coreboot/cbfb.c | 2 +- - grub-core/video/efi_gop.c | 22 +++++++++---------- - grub-core/video/fb/fbblit.c | 8 +++---- - grub-core/video/fb/video_fb.c | 10 ++++----- - grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- - grub-core/video/i386/pc/vga.c | 6 ++--- - grub-core/video/ieee1275.c | 4 ++-- - grub-core/video/radeon_fuloong2e.c | 6 ++--- - grub-core/video/radeon_yeeloong3a.c | 6 ++--- - grub-core/video/readers/png.c | 2 +- - grub-core/video/readers/tga.c | 2 +- - grub-core/video/sis315_init.c | 2 +- - grub-core/video/sis315pro.c | 8 +++---- - grub-core/video/sm712.c | 10 ++++----- - grub-core/video/video.c | 8 +++---- - 18 files changed, 69 insertions(+), 69 deletions(-) - -diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c -index 30ea1bd82..edc651697 100644 ---- a/grub-core/video/bochs.c -+++ b/grub-core/video/bochs.c -@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - - if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) - return 0; -- -+ - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); - framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; - if (!framebuffer.base) -diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c -index 4d3195e01..c653d89f9 100644 ---- a/grub-core/video/capture.c -+++ b/grub-core/video/capture.c -@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, - framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); - if (!framebuffer.ptr) - return grub_errno; -- -+ - err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, - &framebuffer.mode_info, - framebuffer.ptr); -diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c -index e2149e8ce..f5542ccdc 100644 ---- a/grub-core/video/cirrus.c -+++ b/grub-core/video/cirrus.c -@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, - grub_uint8_t sr_ext = 0, hidden_dac = 0; - - grub_vga_set_geometry (&config, grub_vga_cr_write); -- -+ - grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, - GRUB_VGA_GR_MODE); - grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); -- -+ - grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); - - grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) -diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c -index 9af81fa5b..986003c51 100644 ---- a/grub-core/video/coreboot/cbfb.c -+++ b/grub-core/video/coreboot/cbfb.c -@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, - - grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); -- -+ - return err; - } - -diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c -index b7590dc6c..7a5054631 100644 ---- a/grub-core/video/efi_gop.c -+++ b/grub-core/video/efi_gop.c -@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo - grub_efi_status_t status; - struct grub_efi_gop_mode_info *info = NULL; - struct grub_video_mode_info mode_info; -- -+ - status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); - - if (status) -@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - found = 1; - } - } -- -+ - if (!found) - { - unsigned mode; -@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - { - grub_efi_uintn_t size; - grub_efi_status_t status; -- -+ - status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); - if (status) - { -@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; - framebuffer.offscreen - = grub_malloc (framebuffer.mode_info.height -- * framebuffer.mode_info.width -+ * framebuffer.mode_info.width - * sizeof (struct grub_efi_gop_blt_pixel)); - - buffer = framebuffer.offscreen; -- -+ - if (!buffer) - { - grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); -@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - &framebuffer.mode_info); - buffer = framebuffer.ptr; - } -- -+ - grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", - framebuffer.ptr, framebuffer.mode_info.width, - framebuffer.mode_info.height, framebuffer.mode_info.bpp); -- -+ - err = grub_video_fb_create_render_target_from_pointer - (&framebuffer.render_target, &framebuffer.mode_info, buffer); - -@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - grub_dprintf ("video", "GOP: Couldn't create FB target\n"); - return err; - } -- -+ - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - { - grub_dprintf ("video", "GOP: Couldn't set FB target\n"); - return err; - } -- -+ - err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); - -@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, - grub_dprintf ("video", "GOP: Couldn't set palette\n"); - else - grub_dprintf ("video", "GOP: Success\n"); -- -+ - return err; - } - -diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c -index d55924837..1010ef393 100644 ---- a/grub-core/video/fb/fbblit.c -+++ b/grub-core/video/fb/fbblit.c -@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, - for (i = 0; i < width; i++) - { - register grub_uint32_t col; -- if (*srcptr == 0xf0) -+ if (*srcptr == 0xf0) - col = palette[16]; - else - col = palette[*srcptr & 0xf]; -@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, - *dstptr++ = col >> 0; - *dstptr++ = col >> 8; - *dstptr++ = col >> 16; --#endif -+#endif - srcptr++; - } - -@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, - for (i = 0; i < width; i++) - { - register grub_uint32_t col; -- if (*srcptr != 0xf0) -+ if (*srcptr != 0xf0) - { - col = palette[*srcptr & 0xf]; - #ifdef GRUB_CPU_WORDS_BIGENDIAN -@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, - *dstptr++ = col >> 0; - *dstptr++ = col >> 8; - *dstptr++ = col >> 16; --#endif -+#endif - } - else - dstptr += 3; -diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c -index ae6b89f9a..fa4ebde26 100644 ---- a/grub-core/video/fb/video_fb.c -+++ b/grub-core/video/fb/video_fb.c -@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, - *alpha = 0; - return; - } -- -+ - /* If we have an out-of-bounds color, return transparent black. */ - if (color > 255) - { -@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - /* If everything is aligned on 32-bit use 32-bit copy. */ - if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) - % sizeof (grub_uint32_t) == 0 -- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) -+ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) - % sizeof (grub_uint32_t) == 0 - && linelen % sizeof (grub_uint32_t) == 0 - && linedelta % sizeof (grub_uint32_t) == 0) -@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) - % sizeof (grub_uint16_t) == 0 - && (grub_addr_t) grub_video_fb_get_video_ptr (&target, -- dst_x, dst_y) -+ dst_x, dst_y) - % sizeof (grub_uint16_t) == 0 - && linelen % sizeof (grub_uint16_t) == 0 - && linedelta % sizeof (grub_uint16_t) == 0) -@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - { - grub_uint8_t *src, *dst; - DO_SCROLL -- } -+ } - } - - /* 4. Fill empty space with specified color. In this implementation -@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, - framebuffer.render_target = framebuffer.back_target; - return GRUB_ERR_NONE; - } -- -+ - mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED - | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); - -diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index b7f911926..0e65b5206 100644 ---- a/grub-core/video/i386/pc/vbe.c -+++ b/grub-core/video/i386/pc/vbe.c -@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) - } - - /* Call VESA BIOS 0x4f09 to set palette data, return status. */ --static grub_vbe_status_t -+static grub_vbe_status_t - grub_vbe_bios_set_palette_data (grub_uint32_t color_count, - grub_uint32_t start_index, - struct grub_vbe_palette_data *palette_data) -@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, - } - - /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) - { - struct grub_bios_int_registers regs; -@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) - } - - /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_mode_info (grub_uint32_t mode, - struct grub_vbe_mode_info_block *mode_info) - { -@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, - } - - /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_mode (grub_uint32_t *mode) - { - struct grub_bios_int_registers regs; -@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) - return regs.eax & 0xffff; - } - --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) - { - struct grub_bios_int_registers regs; -@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, - } - - /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_set_scanline_length (grub_uint32_t length) - { - struct grub_bios_int_registers regs; -@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) - regs.ecx = length; - regs.eax = 0x4f06; - /* BL = 2, Set Scan Line in Bytes. */ -- regs.ebx = 0x0002; -+ regs.ebx = 0x0002; - regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; - grub_bios_interrupt (0x10, ®s); - return regs.eax & 0xffff; - } - - /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_scanline_length (grub_uint32_t *length) - { - struct grub_bios_int_registers regs; -@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) - } - - /* Call VESA BIOS 0x4f07 to set display start, return status. */ --static grub_vbe_status_t -+static grub_vbe_status_t - grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - { - struct grub_bios_int_registers regs; -@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - regs.edx = y; - regs.eax = 0x4f07; - /* BL = 80h, Set Display Start during Vertical Retrace. */ -- regs.ebx = 0x0080; -+ regs.ebx = 0x0080; - regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; - grub_bios_interrupt (0x10, ®s); - -@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - } - - /* Call VESA BIOS 0x4f07 to get display start, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_display_start (grub_uint32_t *x, - grub_uint32_t *y) - { -@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, - } - - /* Call VESA BIOS 0x4f0a. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, - grub_uint16_t *length) - { -@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, - case GRUB_VBE_MEMORY_MODEL_YUV: - mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; - break; -- -+ - case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: - mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; - break; -@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, - break; - case 8: - mode_info->bytes_per_pixel = 1; -- break; -+ break; - case 4: - mode_info->bytes_per_pixel = 0; -- break; -+ break; - } - - if (controller_info.version >= 0x300) -@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo - - static grub_err_t - grub_video_vbe_setup (unsigned int width, unsigned int height, -- grub_video_mode_type_t mode_type, -+ grub_video_mode_type_t mode_type, - grub_video_mode_type_t mode_mask) - { - grub_uint16_t *p; -@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void) - controller_info.version & 0xFF, - controller_info.oem_software_rev >> 8, - controller_info.oem_software_rev & 0xFF); -- -+ - /* The total_memory field is in 64 KiB units. */ - grub_printf_ (N_(" total memory: %d KiB\n"), - (controller_info.total_memory << 6)); -diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c -index b2f776c99..50d0b5e02 100644 ---- a/grub-core/video/i386/pc/vga.c -+++ b/grub-core/video/i386/pc/vga.c -@@ -48,7 +48,7 @@ static struct - int back_page; - } framebuffer; - --static unsigned char -+static unsigned char - grub_vga_set_mode (unsigned char mode) - { - struct grub_bios_int_registers regs; -@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, - - is_target = 1; - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; -- -+ - err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); - -diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c -index f437fb0df..ca3d3c3b2 100644 ---- a/grub-core/video/ieee1275.c -+++ b/grub-core/video/ieee1275.c -@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, - /* TODO. */ - return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); - } -- -+ - err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); - if (err) - { -@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, - - grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, - grub_video_fbstd_colors); -- -+ - return err; - } - -diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c -index b4da34b5e..40917acb7 100644 ---- a/grub-core/video/radeon_fuloong2e.c -+++ b/grub-core/video/radeon_fuloong2e.c -@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != 0x515a1002) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, - framebuffer.mapped = 1; - - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0x55, -+ grub_memset (framebuffer.ptr, 0x55, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - - #ifndef TEST -@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, - return err; - - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; - -diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c -index 52614feb6..48631c181 100644 ---- a/grub-core/video/radeon_yeeloong3a.c -+++ b/grub-core/video/radeon_yeeloong3a.c -@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != 0x96151002) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, - #endif - - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0, -+ grub_memset (framebuffer.ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - - #ifndef TEST -@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, - return err; - - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 0157ff742..54dfedf43 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) - } - return; - } -- -+ - if (data->is_gray) - { - switch (data->bpp) -diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c -index 7cb9d1d2a..a9ec3a1b6 100644 ---- a/grub-core/video/readers/tga.c -+++ b/grub-core/video/readers/tga.c -@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) - - if (len > sizeof (data->palette)) - len = sizeof (data->palette); -- -+ - if (grub_file_read (data->file, &data->palette, len) - != (grub_ssize_t) len) - return grub_errno; -diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c -index ae5c1419c..09c3c7bbe 100644 ---- a/grub-core/video/sis315_init.c -+++ b/grub-core/video/sis315_init.c -@@ -1,4 +1,4 @@ --static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = -+static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = - { - { 0x28, 0x81 }, - { 0x2a, 0x00 }, -diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c -index 22a0c85a6..4d2f9999a 100644 ---- a/grub-core/video/sis315pro.c -+++ b/grub-core/video/sis315pro.c -@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != GRUB_SIS315PRO_PCIID) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - - #ifndef TEST - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0, -+ grub_memset (framebuffer.ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - grub_arch_sync_dma_caches (framebuffer.ptr, - framebuffer.mode_info.height -@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 - | GRUB_VGA_IO_MISC_28MHZ - | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS -- | GRUB_VGA_IO_MISC_COLOR, -+ | GRUB_VGA_IO_MISC_COLOR, - GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); - - grub_vga_sr_write (0x86, 5); -@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - { - if (read_sis_cmd (0x5) != 0xa1) - write_sis_cmd (0x86, 0x5); -- -+ - write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); - write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); - -diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c -index 10c46eb65..65f59f84b 100644 ---- a/grub-core/video/sm712.c -+++ b/grub-core/video/sm712.c -@@ -167,7 +167,7 @@ enum - GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, - GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, - GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, -- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, -+ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, - GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, - GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, - GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, -@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != GRUB_SM712_PCIID) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - - #if !defined (TEST) && !defined(GENINIT) - /* Prevent garbage from appearing on the screen. */ -- grub_memset ((void *) framebuffer.cached_ptr, 0, -+ grub_memset ((void *) framebuffer.cached_ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - #endif - -@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - grub_sm712_sr_write (0x2, 0x6b); - grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); - grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); -- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY -+ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY - | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY - | GRUB_VGA_IO_MISC_UPPER_64K - | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 -@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) - grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, - dda_lookups[i].vcentering); -- -+ - /* Undocumented */ - grub_sm712_cr_write (0, 0x9c); - grub_sm712_cr_write (0, 0x9d); -diff --git a/grub-core/video/video.c b/grub-core/video/video.c -index 983424107..8937da745 100644 ---- a/grub-core/video/video.c -+++ b/grub-core/video/video.c -@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) - current_mode); - - param++; -- -+ - *width = grub_strtoul (value, 0, 0); - if (grub_errno != GRUB_ERR_NONE) - return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("invalid video mode specification `%s'"), - current_mode); -- -+ - /* Find height value. */ - value = param; - param = grub_strchr(param, 'x'); -@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) - { - /* We have optional color depth value. */ - param++; -- -+ - *height = grub_strtoul (value, 0, 0); - if (grub_errno != GRUB_ERR_NONE) - return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("invalid video mode specification `%s'"), - current_mode); -- -+ - /* Convert color depth value. */ - value = param; - *depth = grub_strtoul (value, 0, 0); --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch deleted file mode 100644 index 0c7deae858..0000000000 --- a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +++ /dev/null @@ -1,264 +0,0 @@ -From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Mon, 28 Jun 2021 14:16:14 +1000 -Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- - 1 file changed, 70 insertions(+), 16 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index c47ffd651..806c56c78 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -109,9 +109,17 @@ static grub_uint8_t - grub_jpeg_get_byte (struct grub_jpeg_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return r; - } -@@ -120,9 +128,17 @@ static grub_uint16_t - grub_jpeg_get_word (struct grub_jpeg_data *data) - { - grub_uint16_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ -+ if (bytes_read != sizeof (grub_uint16_t)) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return grub_be_to_cpu16 (r); - } -@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - if (data->bit_mask == 0) - { - data->bit_save = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: file read error"); -+ return 0; -+ } - if (data->bit_save == JPEG_ESC_CHAR) - { - if (grub_jpeg_get_byte (data) != 0) -@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - "jpeg: invalid 0xFF in data stream"); - return 0; - } -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); -+ return 0; -+ } - } - data->bit_mask = 0x80; - } -@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) - return 0; - - msb = value = grub_jpeg_get_bit (data); -- for (i = 1; i < num; i++) -+ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) - value = (value << 1) + (grub_jpeg_get_bit (data) != 0); - if (!msb) - value += 1 - (1 << num); -@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - while (data->file->offset + sizeof (count) + 1 <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ac = (id >> 4) & 1; - id &= 0xF; - if (id > 1) -@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (next_marker > data->file->size) - { -@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (id >= 0x10) /* Upper 4-bit is precision. */ - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (grub_jpeg_get_byte (data) != 8) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); - - ss = grub_jpeg_get_byte (data); /* Sampling factor. */ -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (!id) - { - grub_uint8_t vs, hs; -@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) - } - } - --static void -+static grub_err_t - grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - { - int h1, h2, qt; -@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - data->dc_value[id] += - grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; - pos = 1; - while (pos < ARRAY_SIZE (data->quan_table[qt])) -@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - num >>= 4; - pos += num; - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) - { -- grub_error (GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: invalid position in zigzag order!?"); -- return; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: invalid position in zigzag order!?"); - } - - du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; -@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - } - - grub_jpeg_idct_transform (du); -+ return GRUB_ERR_NONE; - } - - static void -@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - data_offset += grub_jpeg_get_word (data); - - cc = grub_jpeg_get_byte (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (cc != 3 && cc != 1) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: component count must be 1 or 3"); -@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - id = grub_jpeg_get_byte (data) - 1; - if ((id < 0) || (id >= 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ht = grub_jpeg_get_byte (data); - data->comp_index[id][1] = (ht >> 4); - data->comp_index[id][2] = (ht & 0xF) + 2; -@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || - (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - } - - grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ - grub_jpeg_get_word (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; - int rst = data->dri; -+ grub_err_t err = GRUB_ERR_NONE; - - vb = 8 << data->log_vs; - hb = 8 << data->log_hs; -@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - - for (r2 = 0; r2 < (1U << data->log_vs); r2++) - for (c2 = 0; c2 < (1U << data->log_hs); c2++) -- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ { -+ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ } - - if (data->color_components >= 3) - { -- grub_jpeg_decode_du (data, 1, data->cbdu); -- grub_jpeg_decode_du (data, 2, data->crdu); -+ err = grub_jpeg_decode_du (data, 1, data->cbdu); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ err = grub_jpeg_decode_du (data, 2, data->crdu); -+ if (err != GRUB_ERR_NONE) -+ return err; - } - -- if (grub_errno) -- return grub_errno; -- - nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; - nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; - --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch deleted file mode 100644 index 91ecaad98a..0000000000 --- a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Mon, 28 Jun 2021 14:25:17 +1000 -Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of - streams - -An invalid file could contain multiple start of stream blocks, which -would cause us to reallocate and leak our bitmap. Refuse to handle -multiple start of streams. - -Additionally, fix a grub_error() call formatting. - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/video/readers/jpeg.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 2284a6c06..579bbe8a4 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -+ if (*data->bitmap) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); -+ - if (grub_video_bitmap_create (data->bitmap, data->image_width, - data->image_height, - GRUB_VIDEO_BLIT_FORMAT_RGB_888)) -@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); - - if (data->bitmap_ptr == NULL) -- return grub_error(GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: attempted to decode data before start of stream"); -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempted to decode data before start of stream"); - - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) --- -2.34.1 - diff --git a/poky/meta/recipes-bsp/grub/grub-efi_2.06.bb b/poky/meta/recipes-bsp/grub/grub-efi_2.12.bb index 9857e8e036..9857e8e036 100644 --- a/poky/meta/recipes-bsp/grub/grub-efi_2.06.bb +++ b/poky/meta/recipes-bsp/grub/grub-efi_2.12.bb diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 1215b24668..5685cae0ab 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -18,36 +18,10 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://autogen.sh-exclude-pc.patch \ file://grub-module-explicitly-keeps-symbole-.module_license.patch \ file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ - file://determinism.patch \ file://0001-RISC-V-Restore-the-typcast-to-long.patch \ - file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ - file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ - file://video-Remove-trailing-whitespaces.patch \ - file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ - file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ - file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ - file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ - file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ - file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ - file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ - file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ - file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ - file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ - file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ - file://loader-efi-chainloader-Simplify-the-loader-state.patch \ - file://commands-boot-Add-API-to-pass-context-to-loader.patch \ - file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ - file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ - file://CVE-2022-2601.patch \ - file://CVE-2022-3775.patch \ - file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ - file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ - file://CVE-2023-4692.patch \ - file://CVE-2023-4693.patch \ - file://0001-fs-fat-Don-t-error-when-mtime-is-0.patch \ " -SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" +SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91" CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL" CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE" @@ -101,6 +75,11 @@ export PYTHON = "python3" do_configure:prepend() { cd ${S} + + # Remove in next version. + # See: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e + echo "depends bli part_gpt" > ${S}/grub-core/extra_deps.lst + FROM_BOOTSTRAP=1 ${S}/autogen.sh cd ${B} } diff --git a/poky/meta/recipes-bsp/grub/grub_2.06.bb b/poky/meta/recipes-bsp/grub/grub_2.12.bb index 05d462785c..05d462785c 100644 --- a/poky/meta/recipes-bsp/grub/grub_2.06.bb +++ b/poky/meta/recipes-bsp/grub/grub_2.12.bb diff --git a/poky/meta/recipes-bsp/opensbi/opensbi_1.3.bb b/poky/meta/recipes-bsp/opensbi/opensbi_1.4.bb index f01cae34d1..fd18c03cfb 100644 --- a/poky/meta/recipes-bsp/opensbi/opensbi_1.3.bb +++ b/poky/meta/recipes-bsp/opensbi/opensbi_1.4.bb @@ -8,12 +8,12 @@ require opensbi-payloads.inc inherit autotools-brokensep deploy -SRCREV = "057eb10b6d523540012e6947d5c9f63e95244e94" -SRC_URI = "git://github.com/riscv/opensbi.git;branch=release-1.3.x;protocol=https" +SRCREV = "a2b255b88918715173942f2c5e1f97ac9e90c877" +SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https" S = "${WORKDIR}/git" -EXTRA_OEMAKE += "PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_PIC=n CLANG_TARGET= " +EXTRA_OEMAKE += "PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_PIC=y CLANG_TARGET= " # If RISCV_SBI_PAYLOAD is set then include it as a payload EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_image(d)}" EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_fdt(d)}" @@ -43,5 +43,3 @@ FILES:${PN} += "/share/opensbi/*/${RISCV_SBI_PLAT}/firmware/fw_dynamic.*" COMPATIBLE_HOST = "(riscv64|riscv32).*" INHIBIT_PACKAGE_STRIP = "1" - -SECURITY_CFLAGS = "" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch index 3546c7c305..b1e93dbe19 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch @@ -1,4 +1,4 @@ -From e8808a2f5e17d375411c7409eaffb17e72f65022 Mon Sep 17 00:00:00 2001 +From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001 From: Mingli Yu <Mingli.Yu@windriver.com> Date: Fri, 24 Aug 2018 12:04:03 +0800 Subject: [PATCH] test-gatt: Fix hung issue @@ -27,10 +27,10 @@ Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index f92d860..a5f7117 100644 +index 5e06d4e..4864d36 100644 --- a/unit/test-gatt.c +++ b/unit/test-gatt.c -@@ -4479,7 +4479,7 @@ int main(int argc, char *argv[]) +@@ -4546,7 +4546,7 @@ int main(int argc, char *argv[]) test_server, service_db_1, NULL, raw_pdu(0x03, 0x00, 0x02), raw_pdu(0xbf, 0x00), diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch index be05093551..881494a354 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch @@ -1,4 +1,4 @@ -From 3724958858b0ee430f37fb83388c3737d2039a3a Mon Sep 17 00:00:00 2001 +From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 1 Apr 2016 17:07:34 +0300 Subject: [PATCH] tests: add a target for building tests without running them @@ -11,7 +11,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am -index e7221bd..9595fd1 100644 +index e738eb3..dab17dd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -710,6 +710,9 @@ endif diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch index 6ef135327d..516d859069 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch @@ -1,4 +1,4 @@ -From ad069fadfcce2cf70f45b1c4a42665448675297e Mon Sep 17 00:00:00 2001 +From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Mon, 12 Dec 2022 13:10:19 +0100 Subject: [PATCH] src/shared/util.c: include linux/limits.h @@ -14,7 +14,7 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 1 file changed, 1 insertion(+) diff --git a/src/shared/util.c b/src/shared/util.c -index 34491f4..412f3ad 100644 +index c0c2c4a..036dc0d 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -23,6 +23,7 @@ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.72.bb index b9bc3dd1b6..9fda960ea7 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.72.bb @@ -1,6 +1,6 @@ require bluez5.inc -SRC_URI[sha256sum] = "b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8" +SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e" CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" diff --git a/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch new file mode 100644 index 0000000000..e6c84be3c4 --- /dev/null +++ b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch @@ -0,0 +1,38 @@ +From 67c298c36f69b6906840b7584be06b7b5f33f829 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Tue, 16 Jan 2024 17:21:08 -0800 +Subject: [PATCH] posixtm: pacify clang 18 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem reported by Khem Raj in: +https://lists.gnu.org/r/bug-gnulib/2024-01/msg00045.html +* lib/posixtm.c (posixtime): Pacify clang 18 by converting bool to int. +Arguably this is a bug in draft C2x, since the non-pointer args to +ckd_add should promote just like any other expressions do; +but that’s not clang’s fault. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-gnulib/2024-01/msg00046.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + ChangeLog | 10 ++++++++++ + lib/posixtm.c | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/posixtm.c b/lib/posixtm.c +index ef9f55f873..a072c7cad0 100644 +--- a/lib/posixtm.c ++++ b/lib/posixtm.c +@@ -191,7 +191,7 @@ posixtime (time_t *p, const char *s, unsigned int syntax_bits) + | (tm0.tm_min ^ tm1.tm_min) + | (tm0.tm_sec ^ tm1.tm_sec))) + { +- if (ckd_add (&t, t, leapsec)) ++ if (ckd_add (&t, t, +leapsec)) + return false; + *p = t; + return true; +-- +2.43.0 + diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.4.bb b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb index 367b011988..a79cabd3d2 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.4.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb @@ -16,6 +16,7 @@ inherit autotools gettext texinfo SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://remove-usr-local-lib-from-m4.patch \ file://0001-local.mk-fix-cross-compiling-problem.patch \ + file://0001-posixtm-pacify-clang-18.patch \ file://run-ptest \ " SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52" diff --git a/poky/meta/recipes-core/glibc/glibc_2.38.bb b/poky/meta/recipes-core/glibc/glibc_2.38.bb index 32ccb888f0..417f0c8bd0 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.38.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.38.bb @@ -83,7 +83,6 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}" -EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', '--disable-cet', '--enable-cet', d)}" EXTRA_OECONF:append:x86-64 = " --enable-cet" PACKAGECONFIG ??= "nscd memory-tagging" diff --git a/poky/meta/recipes-core/newlib/libgloss_4.3.0.bb b/poky/meta/recipes-core/newlib/libgloss_git.bb index 7e34e33c7a..7e34e33c7a 100644 --- a/poky/meta/recipes-core/newlib/libgloss_4.3.0.bb +++ b/poky/meta/recipes-core/newlib/libgloss_git.bb diff --git a/poky/meta/recipes-core/newlib/newlib.inc b/poky/meta/recipes-core/newlib/newlib.inc index da753f11ad..6113f5e831 100644 --- a/poky/meta/recipes-core/newlib/newlib.inc +++ b/poky/meta/recipes-core/newlib/newlib.inc @@ -3,21 +3,21 @@ HOMEPAGE = "https://sourceware.org/newlib/" DESCRIPTION = "C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products." SECTION = "libs" -LICENSE = "GPL-2.0-only & LGPL-3.0-only & GPL-3.0-only & LGPL-2.0-only & BSD-2-Clause & BSD-3-Clause & TCL" +LICENSE = "GPL-2.0-only & LGPL-3.0-only & GPL-3.0-only & LGPL-2.0-only & BSD-2-Clause & BSD-3-Clause & TCL & Apache-2.0-with-LLVM-exception" LIC_FILES_CHKSUM = " \ file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \ file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://COPYING3;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.LIBGLOSS;md5=c0469b6ebb847a75781066be515f032d \ file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://COPYING.NEWLIB;md5=5a9d477b5f4eab20dccf655a77107a6e \ + file://COPYING.NEWLIB;md5=4f1a15846ffee91e352418563e1bce27 \ file://newlib/libc/posix/COPYRIGHT;md5=103468ff1982be840fdf4ee9f8b51bbf \ " -BASEVER = "4.3.0" +BASEVER = "4.4.0" PV = "${BASEVER}+git" SRC_URI = "git://sourceware.org/git/newlib-cygwin.git;protocol=https;branch=main" -SRCREV="9e09d6ed83cce4777a5950412647ccc603040409" +SRCREV="ad11e2587f83d61357a32c61c36d72ea4f39315e" INHIBIT_DEFAULT_DEPS = "1" DEPENDS = "virtual/${TARGET_PREFIX}gcc" diff --git a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_255.1.bb index 2b43ccf243..4ee25ee72f 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_255.1.bb @@ -8,10 +8,6 @@ DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native inherit meson pkgconfig gettext inherit deploy -SRC_URI += " \ - file://0030-meson-Pass-all-static-pie-args-to-linker.patch \ - " - LDFLAGS:prepend = "${@ " ".join(d.getVar('LD').split()[1:])} " EFI_LD = "bfd" diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index ccc3236457..1417e0150f 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -15,8 +15,8 @@ LICENSE:libsystemd = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "2e7504449a51fb38db9cd2da391c6434f82def51" -SRCBRANCH = "v254-stable" +SRCREV = "2018ccef6645ce00c784369a22dc4e98f6d7061d" +SRCBRANCH = "v255-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch b/poky/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch index e50b47a5a0..2aa5dee6b5 100644 --- a/poky/meta/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch +++ b/poky/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch @@ -1,7 +1,7 @@ -From 542f999a846dfd49d9373d30fffb2a44168d7b5e Mon Sep 17 00:00:00 2001 +From 01195eb9f7d59139fb45df506ac6b3968c14a57f Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 13:55:12 +0800 -Subject: [PATCH] missing_type.h: add comparison_fn_t +Subject: [PATCH 01/22] missing_type.h: add comparison_fn_t Make it work with musl where comparison_fn_t and is not provided. @@ -33,7 +33,7 @@ index f6233090a9..6c0456349d 100644 +typedef int (*comparison_fn_t)(const void *, const void *); +#endif diff --git a/src/basic/sort-util.h b/src/basic/sort-util.h -index f0bf246aa3..33669c7a75 100644 +index 9c818bd747..ef10c8be2c 100644 --- a/src/basic/sort-util.h +++ b/src/basic/sort-util.h @@ -4,6 +4,7 @@ @@ -45,7 +45,7 @@ index f0bf246aa3..33669c7a75 100644 /* This is the same as glibc's internal __compar_d_fn_t type. glibc exports a public comparison_fn_t, for the * external type __compar_fn_t, but doesn't do anything similar for __compar_d_fn_t. Let's hence do that diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c -index 7527abf636..f33383e57f 100644 +index ae91534198..7f67eea38b 100644 --- a/src/libsystemd/sd-journal/catalog.c +++ b/src/libsystemd/sd-journal/catalog.c @@ -28,6 +28,7 @@ @@ -57,5 +57,5 @@ index 7527abf636..f33383e57f 100644 const char * const catalog_file_dirs[] = { "/usr/local/lib/systemd/catalog/", -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch b/poky/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch index 4143ab4d70..900a931632 100644 --- a/poky/meta/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch +++ b/poky/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch @@ -1,7 +1,7 @@ -From 383e85e15f16a46aac925aa439b8b60f58b40aa6 Mon Sep 17 00:00:00 2001 +From 872b72739e62123867ce6c4f82aa37de24cc3f75 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Sat, 22 May 2021 20:26:24 +0200 -Subject: [PATCH] add fallback parse_printf_format implementation +Subject: [PATCH 02/22] add fallback parse_printf_format implementation Upstream-Status: Inappropriate [musl specific] @@ -21,9 +21,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> create mode 100644 src/basic/parse-printf-format.c create mode 100644 src/basic/parse-printf-format.h +diff --git a/meson.build b/meson.build +index 7419e2b0b0..01fd3ffc19 100644 --- a/meson.build +++ b/meson.build -@@ -781,6 +781,7 @@ endif +@@ -725,6 +725,7 @@ endif foreach header : ['crypt.h', 'linux/memfd.h', 'linux/vm_sockets.h', @@ -31,9 +33,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> 'sys/auxv.h', 'threads.h', 'valgrind/memcheck.h', +diff --git a/src/basic/meson.build b/src/basic/meson.build +index d7450d8b44..c3e3daf4bd 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build -@@ -179,6 +179,11 @@ endforeach +@@ -183,6 +183,11 @@ endforeach basic_sources += generated_gperf_headers @@ -45,6 +49,9 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> ############################################################ arch_list = [ +diff --git a/src/basic/parse-printf-format.c b/src/basic/parse-printf-format.c +new file mode 100644 +index 0000000000..49437e5445 --- /dev/null +++ b/src/basic/parse-printf-format.c @@ -0,0 +1,273 @@ @@ -321,6 +328,9 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> + + return last; +} +diff --git a/src/basic/parse-printf-format.h b/src/basic/parse-printf-format.h +new file mode 100644 +index 0000000000..47be7522d7 --- /dev/null +++ b/src/basic/parse-printf-format.h @@ -0,0 +1,57 @@ @@ -381,6 +391,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> +size_t parse_printf_format(const char *fmt, size_t n, int *types); + +#endif /* HAVE_PRINTF_H */ +diff --git a/src/basic/stdio-util.h b/src/basic/stdio-util.h +index 4e93ac90c9..f9deb6f662 100644 --- a/src/basic/stdio-util.h +++ b/src/basic/stdio-util.h @@ -1,12 +1,12 @@ @@ -397,6 +409,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> _printf_(3, 4) static inline char *snprintf_ok(char *buf, size_t len, const char *format, ...) { +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index be23b2fe75..69a2eb6404 100644 --- a/src/libsystemd/sd-journal/journal-send.c +++ b/src/libsystemd/sd-journal/journal-send.c @@ -2,7 +2,6 @@ @@ -407,7 +421,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> #include <stddef.h> #include <sys/un.h> #include <unistd.h> -@@ -27,6 +26,7 @@ +@@ -28,6 +27,7 @@ #include "stdio-util.h" #include "string-util.h" #include "tmpfile-util.h" @@ -415,3 +429,6 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> #define SNDBUF_SIZE (8*1024*1024) +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch index 085f1e9052..be231cf6b2 100644 --- a/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch +++ b/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch @@ -1,8 +1,8 @@ -From ca7d9a8d9c81702af9c599bb79706f12b1a465cf Mon Sep 17 00:00:00 2001 +From 29a58009a172e369ad7166e16dab2f4945c6b0d2 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Thu, 21 Feb 2019 16:23:24 +0800 -Subject: [PATCH] binfmt: Don't install dependency links at install time for - the binfmt services +Subject: [PATCH 1/2] binfmt: Don't install dependency links at install time + for the binfmt services use [Install] blocks so that they get created when the service is enabled like a traditional service. @@ -25,10 +25,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/units/meson.build b/units/meson.build -index c7939a10f8..219570ab19 100644 +index e7bfb7f838..1d5ec4b178 100644 --- a/units/meson.build +++ b/units/meson.build -@@ -149,7 +149,6 @@ units = [ +@@ -154,7 +154,6 @@ units = [ { 'file' : 'proc-sys-fs-binfmt_misc.automount', 'conditions' : ['ENABLE_BINFMT'], @@ -36,7 +36,7 @@ index c7939a10f8..219570ab19 100644 }, { 'file' : 'proc-sys-fs-binfmt_misc.mount', -@@ -246,7 +245,6 @@ units = [ +@@ -251,7 +250,6 @@ units = [ { 'file' : 'systemd-binfmt.service.in', 'conditions' : ['ENABLE_BINFMT'], @@ -45,7 +45,7 @@ index c7939a10f8..219570ab19 100644 { 'file' : 'systemd-bless-boot.service.in', diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount -index 6b1bbdc91e..5ec5b8670a 100644 +index 5d212015a5..6c2900ca77 100644 --- a/units/proc-sys-fs-binfmt_misc.automount +++ b/units/proc-sys-fs-binfmt_misc.automount @@ -22,3 +22,6 @@ Before=shutdown.target @@ -56,7 +56,7 @@ index 6b1bbdc91e..5ec5b8670a 100644 +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in -index b04412e037..63f116e4fa 100644 +index 6861c76674..531e9fbd90 100644 --- a/units/systemd-binfmt.service.in +++ b/units/systemd-binfmt.service.in @@ -14,6 +14,7 @@ Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html @@ -68,12 +68,12 @@ index b04412e037..63f116e4fa 100644 After=proc-sys-fs-binfmt_misc.mount After=local-fs.target @@ -31,3 +32,6 @@ RemainAfterExit=yes - ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt - ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister + ExecStart={{LIBEXECDIR}}/systemd-binfmt + ExecStop={{LIBEXECDIR}}/systemd-binfmt --unregister TimeoutSec=90s + +[Install] +WantedBy=sysinit.target -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch b/poky/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch index ec451cddb7..5595b5bc23 100644 --- a/poky/meta/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch +++ b/poky/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch @@ -1,7 +1,7 @@ -From ee5c8b494a3269edd154a0b799a03b39dba2ceb0 Mon Sep 17 00:00:00 2001 +From 87f1d38f40c5fe9cadf2b2de442473e4e5605788 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 14:18:21 +0800 -Subject: [PATCH] src/basic/missing.h: check for missing strndupa +Subject: [PATCH 03/22] src/basic/missing.h: check for missing strndupa include missing.h for definition of strndupa @@ -18,6 +18,8 @@ Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> [Rebased for v247] Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com> [Rebased for v254] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +[Rebased for v255.1] --- meson.build | 1 + src/backlight/backlight.c | 1 + @@ -66,16 +68,17 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com> src/shared/pager.c | 1 + src/socket-proxy/socket-proxyd.c | 1 + src/test/test-hexdecoct.c | 1 + + src/udev/udev-builtin-net_id.c | 1 + src/udev/udev-builtin-path_id.c | 1 + src/udev/udev-event.c | 1 + src/udev/udev-rules.c | 1 + - 50 files changed, 61 insertions(+) + 51 files changed, 62 insertions(+) diff --git a/meson.build b/meson.build -index fb96143c37..739b2f7f72 100644 +index 01fd3ffc19..61a872b753 100644 --- a/meson.build +++ b/meson.build -@@ -595,6 +595,7 @@ foreach ident : ['secure_getenv', '__secure_getenv'] +@@ -567,6 +567,7 @@ foreach ident : ['secure_getenv', '__secure_getenv'] endforeach foreach ident : [ @@ -84,10 +87,10 @@ index fb96143c37..739b2f7f72 100644 ['gettid', '''#include <sys/types.h> #include <unistd.h>'''], diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c -index e66477f328..2613d1e3f9 100644 +index 5ac9f904a9..99d5122dd7 100644 --- a/src/backlight/backlight.c +++ b/src/backlight/backlight.c -@@ -19,6 +19,7 @@ +@@ -20,6 +20,7 @@ #include "string-util.h" #include "strv.h" #include "terminal-util.h" @@ -96,7 +99,7 @@ index e66477f328..2613d1e3f9 100644 #define PCI_CLASS_GRAPHICS_CARD 0x30000 diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index feda596939..11b4375ed5 100644 +index 18b16ecc0e..d2be79622f 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -38,6 +38,7 @@ @@ -105,10 +108,10 @@ index feda596939..11b4375ed5 100644 #include "xattr-util.h" +#include "missing_stdlib.h" - static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) { + static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) { _cleanup_free_ char *fs = NULL; diff --git a/src/basic/env-util.c b/src/basic/env-util.c -index 55ac11a512..7ccb1d7887 100644 +index d3bf73385f..16b17358ca 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -19,6 +19,7 @@ @@ -120,7 +123,7 @@ index 55ac11a512..7ccb1d7887 100644 /* We follow bash for the character set. Different shells have different rules. */ #define VALID_BASH_ENV_NAME_CHARS \ diff --git a/src/basic/log.c b/src/basic/log.c -index fc5793139e..515218fca8 100644 +index 1470611a75..9924ec2b9a 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -40,6 +40,7 @@ @@ -152,10 +155,10 @@ index 8c76f93eb2..9068bfb4f0 100644 + }) +#endif diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c -index 7ad19ee33b..cc1d5e1e5b 100644 +index c770e5ed32..1fd8816cd0 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c -@@ -15,6 +15,7 @@ +@@ -16,6 +16,7 @@ #include "stat-util.h" #include "stdio-util.h" #include "user-util.h" @@ -164,7 +167,7 @@ index 7ad19ee33b..cc1d5e1e5b 100644 int mkdirat_safe_internal( int dir_fd, diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c -index bc74fbef8f..cdb609bb84 100644 +index bf67f7e01a..409f8d8a73 100644 --- a/src/basic/mountpoint-util.c +++ b/src/basic/mountpoint-util.c @@ -18,6 +18,7 @@ @@ -176,7 +179,7 @@ index bc74fbef8f..cdb609bb84 100644 #include "nulstr-util.h" #include "parse-util.h" diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c -index 3445d31307..d82b4415d9 100644 +index 0430e33e40..f3728de026 100644 --- a/src/basic/parse-util.c +++ b/src/basic/parse-util.c @@ -18,6 +18,7 @@ @@ -188,7 +191,7 @@ index 3445d31307..d82b4415d9 100644 int parse_boolean(const char *v) { if (!v) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index c99e9d8786..71a917a0b0 100644 +index 4e3d59fc56..726e240df0 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c @@ -16,6 +16,7 @@ @@ -212,7 +215,7 @@ index cab9d0eaea..5f6ca258e9 100644 static int parse_parts_value_whole(const char *p, const char *symbol) { const char *pc, *n; diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c -index eea70d8606..ae3abd8402 100644 +index 522d8de1f4..7c129dc0fc 100644 --- a/src/basic/proc-cmdline.c +++ b/src/basic/proc-cmdline.c @@ -16,6 +16,7 @@ @@ -224,7 +227,7 @@ index eea70d8606..ae3abd8402 100644 int proc_cmdline_filter_pid1_args(char **argv, char ***ret) { enum { diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c -index bcba5a5208..64a95dd866 100644 +index d7cfcd9105..6cb0ddf575 100644 --- a/src/basic/procfs-util.c +++ b/src/basic/procfs-util.c @@ -12,6 +12,7 @@ @@ -236,7 +239,7 @@ index bcba5a5208..64a95dd866 100644 int procfs_get_pid_max(uint64_t *ret) { _cleanup_free_ char *value = NULL; diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index b700f364ef..48a26bcec9 100644 +index f9014dc560..1d7840a5b5 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -27,6 +27,7 @@ @@ -248,7 +251,7 @@ index b700f364ef..48a26bcec9 100644 static clockid_t map_clock_id(clockid_t c) { diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c -index 59f02b761a..7496646350 100644 +index 0c0b4f23c7..68fe5ca509 100644 --- a/src/boot/bless-boot.c +++ b/src/boot/bless-boot.c @@ -22,6 +22,7 @@ @@ -260,22 +263,22 @@ index 59f02b761a..7496646350 100644 static char **arg_path = NULL; diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index b5484eda78..54ed62c790 100644 +index 4237e694c0..05f9d9d9a9 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c -@@ -23,6 +23,7 @@ +@@ -25,6 +25,7 @@ #include "parse-util.h" #include "path-util.h" #include "percent-util.h" +#include "missing_stdlib.h" #include "socket-util.h" - BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve); + BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve); diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index f514b8fd12..4febd0d496 100644 +index 4daa1cefd3..2c77901471 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c -@@ -48,6 +48,7 @@ +@@ -42,6 +42,7 @@ #include "unit-printf.h" #include "user-util.h" #include "utf8.h" @@ -284,7 +287,7 @@ index f514b8fd12..4febd0d496 100644 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput); static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput); diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c -index edfa0eb69a..6fd2ec9062 100644 +index d680a64268..e59f48103e 100644 --- a/src/core/dbus-util.c +++ b/src/core/dbus-util.c @@ -9,6 +9,7 @@ @@ -296,19 +299,19 @@ index edfa0eb69a..6fd2ec9062 100644 int bus_property_get_triggered_unit( sd_bus *bus, diff --git a/src/core/execute.c b/src/core/execute.c -index 853e87450f..8ef76de9ab 100644 +index ef0bf88687..bd3da0c401 100644 --- a/src/core/execute.c +++ b/src/core/execute.c -@@ -113,6 +113,7 @@ +@@ -72,6 +72,7 @@ #include "unit-serialize.h" #include "user-util.h" #include "utmp-wtmp.h" +#include "missing_stdlib.h" - #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC) - #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC) + static bool is_terminal_input(ExecInput i) { + return IN_SET(i, diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c -index e843743777..e149807492 100644 +index b8e3f7aadd..8ce8ca68d8 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -13,6 +13,7 @@ @@ -320,7 +323,7 @@ index e843743777..e149807492 100644 #if HAVE_KMOD #include "module-util.h" diff --git a/src/core/service.c b/src/core/service.c -index 9ad3c3d995..b112d64919 100644 +index b9eb40c555..268fe7573b 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -45,6 +45,7 @@ @@ -332,7 +335,7 @@ index 9ad3c3d995..b112d64919 100644 #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__) diff --git a/src/coredump/coredump-vacuum.c b/src/coredump/coredump-vacuum.c -index c6e201ecf2..ab034475e2 100644 +index 7e0c98cb7d..978a7f5874 100644 --- a/src/coredump/coredump-vacuum.c +++ b/src/coredump/coredump-vacuum.c @@ -17,6 +17,7 @@ @@ -344,7 +347,7 @@ index c6e201ecf2..ab034475e2 100644 #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL) /* 1 MiB */ #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index efc553b698..acea922311 100644 +index 016f3baa7f..b1def81313 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -37,6 +37,7 @@ @@ -356,10 +359,10 @@ index efc553b698..acea922311 100644 typedef enum MountPointFlags { MOUNT_NOAUTO = 1 << 0, diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index 7df264fb53..9463a0e9fb 100644 +index da0f20d3ce..f22ce41908 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c -@@ -26,6 +26,7 @@ +@@ -27,6 +27,7 @@ #include "stat-util.h" #include "string-table.h" #include "strv.h" @@ -368,7 +371,7 @@ index 7df264fb53..9463a0e9fb 100644 #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem" #define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem" diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index da0fac548e..c1c043e0e0 100644 +index 7f3dcd56a4..41b7cbaaf1 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -77,6 +77,7 @@ @@ -380,7 +383,7 @@ index da0fac548e..c1c043e0e0 100644 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE) #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */ diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index 9719f97c02..75decd9834 100644 +index ff0228081f..9066fcb133 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -19,6 +19,7 @@ @@ -392,7 +395,7 @@ index 9719f97c02..75decd9834 100644 static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored); static int message_parse_fields(sd_bus_message *m); diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c -index 2ad7a9993d..bba72f99f4 100644 +index c25c40ff37..57a5da704f 100644 --- a/src/libsystemd/sd-bus/bus-objects.c +++ b/src/libsystemd/sd-bus/bus-objects.c @@ -11,6 +11,7 @@ @@ -404,10 +407,10 @@ index 2ad7a9993d..bba72f99f4 100644 static int node_vtable_get_userdata( sd_bus *bus, diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 64037e4fe0..9b9ce0aaa9 100644 +index 3c59d0d615..746922d46f 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -28,6 +28,7 @@ +@@ -29,6 +29,7 @@ #include "string-util.h" #include "user-util.h" #include "utf8.h" @@ -416,7 +419,7 @@ index 64037e4fe0..9b9ce0aaa9 100644 #define SNDBUF_SIZE (8*1024*1024) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index f6a5e4aa06..b36faa79a3 100644 +index 4a0259f8bb..aaa90d2223 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -46,6 +46,7 @@ @@ -428,19 +431,19 @@ index f6a5e4aa06..b36faa79a3 100644 #define log_debug_bus_message(m) \ do { \ diff --git a/src/libsystemd/sd-bus/test-bus-benchmark.c b/src/libsystemd/sd-bus/test-bus-benchmark.c -index 1eb6edd329..d434a3c178 100644 +index d988588de0..458df8df9a 100644 --- a/src/libsystemd/sd-bus/test-bus-benchmark.c +++ b/src/libsystemd/sd-bus/test-bus-benchmark.c -@@ -13,6 +13,7 @@ - #include "missing_resource.h" +@@ -14,6 +14,7 @@ #include "string-util.h" + #include "tests.h" #include "time-util.h" +#include "missing_stdlib.h" #define MAX_SIZE (2*1024*1024) diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 9947947ef2..8dc6f93159 100644 +index 6b9ff0a4ed..4a5027ad0f 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -44,6 +44,7 @@ @@ -452,19 +455,19 @@ index 9947947ef2..8dc6f93159 100644 #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c -index ba2fca32c6..e1f9caa13b 100644 +index b8da266e27..4bb8dd9496 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c -@@ -34,6 +34,7 @@ - #include "locale-util.h" +@@ -35,6 +35,7 @@ #include "login-util.h" #include "macro.h" + #include "missing_syscall.h" +#include "missing_stdlib.h" #include "pam-util.h" #include "parse-util.h" #include "path-util.h" diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c -index 1090934bfc..69a77f66e2 100644 +index 48527a2c73..9777fe0561 100644 --- a/src/network/generator/network-generator.c +++ b/src/network/generator/network-generator.c @@ -14,6 +14,7 @@ @@ -476,7 +479,7 @@ index 1090934bfc..69a77f66e2 100644 /* # .network diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c -index 05bde1c756..aa29587868 100644 +index 161b1c1c70..ba1c459f78 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -16,6 +16,7 @@ @@ -500,7 +503,7 @@ index c64e79bdff..eda26b0b9a 100644 static void setup_logging_once(void) { static pthread_once_t once = PTHREAD_ONCE_INIT; diff --git a/src/portable/portable.c b/src/portable/portable.c -index 7811833fac..c6414da91c 100644 +index d4b448a627..bb26623565 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -40,6 +40,7 @@ @@ -512,7 +515,7 @@ index 7811833fac..c6414da91c 100644 /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was * dropped there by the portable service logic and b) for which image it was dropped there. */ diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c -index 2638e985fb..82c903fd66 100644 +index afa537f160..32ccee4ae5 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -48,6 +48,7 @@ @@ -524,7 +527,7 @@ index 2638e985fb..82c903fd66 100644 static int arg_family = AF_UNSPEC; static int arg_ifindex = 0; diff --git a/src/shared/bus-get-properties.c b/src/shared/bus-get-properties.c -index 8b4f66b22e..5926e4c61b 100644 +index 53e5d6b99f..851ecd5644 100644 --- a/src/shared/bus-get-properties.c +++ b/src/shared/bus-get-properties.c @@ -4,6 +4,7 @@ @@ -548,10 +551,10 @@ index 8b462b5627..183ce1c18e 100644 struct CGroupInfo { char *cgroup_path; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index 1e95e36678..640ee031d5 100644 +index 4ee9706847..30c8084847 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c -@@ -51,6 +51,7 @@ +@@ -50,6 +50,7 @@ #include "unit-def.h" #include "user-util.h" #include "utf8.h" @@ -560,7 +563,7 @@ index 1e95e36678..640ee031d5 100644 int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u) { assert(message); diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index d09ec5148d..f38a8f7cc1 100644 +index 4123152d93..74f148c8b4 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -24,6 +24,7 @@ @@ -572,7 +575,7 @@ index d09ec5148d..f38a8f7cc1 100644 static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { sd_event *e = ASSERT_PTR(userdata); diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c -index 620b156563..5ee5b09186 100644 +index b41c9b06ca..e69050a507 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -18,6 +18,7 @@ @@ -584,7 +587,7 @@ index 620b156563..5ee5b09186 100644 int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) { const char *n; diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c -index d9eabec886..534c6cf7e3 100644 +index 83e9834bbf..74eaae6f5e 100644 --- a/src/shared/journal-importer.c +++ b/src/shared/journal-importer.c @@ -16,6 +16,7 @@ @@ -596,7 +599,7 @@ index d9eabec886..534c6cf7e3 100644 enum { IMPORTER_STATE_LINE = 0, /* waiting to read, or reading line */ diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c -index b72e516c8d..6e832b74c3 100644 +index a5d04003bd..10392c132d 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -41,6 +41,7 @@ @@ -608,7 +611,7 @@ index b72e516c8d..6e832b74c3 100644 /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */ #define PRINT_LINE_THRESHOLD 3 diff --git a/src/shared/pager.c b/src/shared/pager.c -index 6ed35a3ca9..99d9d36140 100644 +index 19deefab56..6b6d0af1a0 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -25,6 +25,7 @@ @@ -620,7 +623,7 @@ index 6ed35a3ca9..99d9d36140 100644 static pid_t pager_pid = 0; diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c -index 821049e667..08a5bdae3d 100644 +index 287fd6c181..8f8d5493da 100644 --- a/src/socket-proxy/socket-proxyd.c +++ b/src/socket-proxy/socket-proxyd.c @@ -27,6 +27,7 @@ @@ -632,7 +635,7 @@ index 821049e667..08a5bdae3d 100644 #define BUFFER_SIZE (256 * 1024) diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c -index 9d71db6ae1..a9938c1e6e 100644 +index f884008660..987e180697 100644 --- a/src/test/test-hexdecoct.c +++ b/src/test/test-hexdecoct.c @@ -7,6 +7,7 @@ @@ -643,8 +646,20 @@ index 9d71db6ae1..a9938c1e6e 100644 #include "tests.h" TEST(hexchar) { +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 91b40088f4..f528a46b8e 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -39,6 +39,7 @@ + #include "strv.h" + #include "strxcpyx.h" + #include "udev-builtin.h" ++#include "missing_stdlib.h" + + #define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1) + #define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1) diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c -index 8e4d57ee72..6b4555b4d5 100644 +index 467c9a6ad3..f74dae60af 100644 --- a/src/udev/udev-builtin-path_id.c +++ b/src/udev/udev-builtin-path_id.c @@ -24,6 +24,7 @@ @@ -656,22 +671,22 @@ index 8e4d57ee72..6b4555b4d5 100644 _printf_(2,3) static void path_prepend(char **path, const char *fmt, ...) { diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index ec4ad30824..bc40303a46 100644 +index ed22c8b679..19ebe20237 100644 --- a/src/udev/udev-event.c +++ b/src/udev/udev-event.c -@@ -34,6 +34,7 @@ +@@ -16,6 +16,7 @@ #include "udev-util.h" #include "udev-watch.h" #include "user-util.h" +#include "missing_stdlib.h" - typedef struct Spawn { - sd_device *device; + UdevEvent *udev_event_new(sd_device *dev, usec_t exec_delay_usec, sd_netlink *rtnl, int log_level) { + UdevEvent *event; diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index 5bd09a64d1..0ce79f815c 100644 +index 5f12002394..febe345b4c 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c -@@ -35,6 +35,7 @@ +@@ -41,6 +41,7 @@ #include "udev-util.h" #include "user-util.h" #include "virt.h" @@ -680,5 +695,5 @@ index 5bd09a64d1..0ce79f815c 100644 #define RULES_DIRS ((const char* const*) CONF_PATHS_STRV("udev/rules.d")) -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch b/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch deleted file mode 100644 index 98914ae154..0000000000 --- a/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f75f03ef6bc3554068e456bed227f333d5cb8c34 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 29 Sep 2020 18:01:41 -0700 -Subject: [PATCH] Move sysusers.d/sysctl.d/binfmt.d/modules-load.d to /usr - -These directories are moved to /lib since systemd v246, commit -4a56315a990b ("path: use ROOTPREFIX properly"), but in oe-core/yocto, -the old /usr/lib is still being used. - -Upstream-Status: Inappropriate (OE-specific) -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> ---- - src/core/systemd.pc.in | 8 ++++---- - src/libsystemd/sd-path/sd-path.c | 8 ++++---- - 2 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 693433b34b..8368a3ff02 100644 ---- a/src/core/systemd.pc.in -+++ b/src/core/systemd.pc.in -@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir} - - user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d - --sysusers_dir=${rootprefix}/lib/sysusers.d -+sysusers_dir=${prefix}/lib/sysusers.d - sysusersdir=${sysusers_dir} - --sysctl_dir=${rootprefix}/lib/sysctl.d -+sysctl_dir=${prefix}/lib/sysctl.d - sysctldir=${sysctl_dir} - --binfmt_dir=${rootprefix}/lib/binfmt.d -+binfmt_dir=${prefix}/lib/binfmt.d - binfmtdir=${binfmt_dir} - --modules_load_dir=${rootprefix}/lib/modules-load.d -+modules_load_dir=${prefix}/lib/modules-load.d - modulesloaddir=${modules_load_dir} - - catalog_dir=${prefix}/lib/systemd/catalog -diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c -index 1af3a36d1d..def502b717 100644 ---- a/src/libsystemd/sd-path/sd-path.c -+++ b/src/libsystemd/sd-path/sd-path.c -@@ -365,19 +365,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) { - return 0; - - case SD_PATH_SYSUSERS: -- *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d"; -+ *ret = "/usr/lib/sysusers.d"; - return 0; - - case SD_PATH_SYSCTL: -- *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d"; -+ *ret = "/usr/lib/sysctl.d"; - return 0; - - case SD_PATH_BINFMT: -- *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d"; -+ *ret = "/usr/lib/binfmt.d"; - return 0; - - case SD_PATH_MODULES_LOAD: -- *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d"; -+ *ret = "/usr/lib/modules-load.d"; - return 0; - - case SD_PATH_CATALOG: --- -2.39.2 - diff --git a/poky/meta/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/poky/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch index 0d69e8e9cd..15877bea88 100644 --- a/poky/meta/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch +++ b/poky/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch @@ -1,7 +1,8 @@ -From 747ff78ecda6afe01c7eab4d7c27aea6af810c86 Mon Sep 17 00:00:00 2001 +From 5325ab5813617f35f03806ec420829dde7104387 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 14:56:21 +0800 -Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined +Subject: [PATCH 04/22] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not + defined If the standard library doesn't provide brace expansion users just won't get it. @@ -23,7 +24,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> 3 files changed, 38 insertions(+) diff --git a/src/basic/glob-util.c b/src/basic/glob-util.c -index fd60a6eda2..c73edc41ea 100644 +index 802ca8c655..23818a67c6 100644 --- a/src/basic/glob-util.c +++ b/src/basic/glob-util.c @@ -12,6 +12,12 @@ @@ -114,7 +115,7 @@ index 9b3e73cce0..3790ba3be5 100644 (void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL); diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 458aed7054..2cf24b38c0 100644 +index 230ec09b97..2cc5f391d7 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -73,6 +73,12 @@ @@ -130,9 +131,9 @@ index 458aed7054..2cf24b38c0 100644 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates * them in the file system. This is intended to be used to create * properly owned directories beneath /tmp, /var/tmp, /run, which are -@@ -2355,7 +2361,9 @@ finish: +@@ -2434,7 +2440,9 @@ finish: - static int glob_item(Item *i, action_t action) { + static int glob_item(Context *c, Item *i, action_t action) { _cleanup_globfree_ glob_t g = { +#ifdef GLOB_ALTDIRFUNC .gl_opendir = (void *(*)(const char *)) opendir_nomod, @@ -140,9 +141,9 @@ index 458aed7054..2cf24b38c0 100644 }; int r = 0, k; -@@ -2375,7 +2383,9 @@ static int glob_item(Item *i, action_t action) { +@@ -2461,7 +2469,9 @@ static int glob_item_recursively( + fdaction_t action) { - static int glob_item_recursively(Item *i, fdaction_t action) { _cleanup_globfree_ glob_t g = { +#ifdef GLOB_ALTDIRFUNC .gl_opendir = (void *(*)(const char *)) opendir_nomod, @@ -151,5 +152,5 @@ index 458aed7054..2cf24b38c0 100644 int r = 0, k; -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch index d6aaadc006..a1dfca22cd 100644 --- a/poky/meta/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch +++ b/poky/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch @@ -1,7 +1,7 @@ -From efd7b41cf270c7b07ee3b9aec0fedd8e52dd422f Mon Sep 17 00:00:00 2001 +From dad7f897c0de654fa5592fda3e90f874639849f9 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 15:00:06 +0800 -Subject: [PATCH] add missing FTW_ macros for musl +Subject: [PATCH 05/22] add missing FTW_ macros for musl This is to avoid build failures like below for musl. @@ -28,10 +28,10 @@ index 6c0456349d..73a5b90e3c 100644 +#define FTW_CONTINUE 0 +#endif diff --git a/src/test/test-recurse-dir.c b/src/test/test-recurse-dir.c -index 2c2120b136..bc60a178a2 100644 +index 8684d064ec..70fc2b5376 100644 --- a/src/test/test-recurse-dir.c +++ b/src/test/test-recurse-dir.c -@@ -6,6 +6,7 @@ +@@ -8,6 +8,7 @@ #include "recurse-dir.h" #include "strv.h" #include "tests.h" @@ -40,5 +40,5 @@ index 2c2120b136..bc60a178a2 100644 static char **list_nftw = NULL; -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch b/poky/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch index 2071f4fb20..4be14b72ec 100644 --- a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch +++ b/poky/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch @@ -1,7 +1,7 @@ -From 60f7d2c62bc3718023df93c01688d3ee1625d64d Mon Sep 17 00:00:00 2001 +From 96e975a2412a20e5f80bd3ab144057d275eb8597 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 15:12:41 +0800 -Subject: [PATCH] Use uintmax_t for handling rlim_t +Subject: [PATCH 06/22] Use uintmax_t for handling rlim_t PRIu{32,64} is not right format to represent rlim_t type therefore use %ju and typecast the rlim_t variables to @@ -26,9 +26,11 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> src/core/execute.c | 4 ++-- 3 files changed, 9 insertions(+), 15 deletions(-) +diff --git a/src/basic/format-util.h b/src/basic/format-util.h +index 8719df3e29..9becc96066 100644 --- a/src/basic/format-util.h +++ b/src/basic/format-util.h -@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32 +@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t)); # error Unknown timex member size #endif @@ -43,9 +45,11 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> #if SIZEOF_DEV_T == 8 # define DEV_FMT "%" PRIu64 +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index c1f0b2b974..61c5412582 100644 --- a/src/basic/rlimit-util.c +++ b/src/basic/rlimit-util.c -@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, cons +@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) { fixed.rlim_max == highest.rlim_max) return 0; @@ -54,7 +58,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> return RET_NERRNO(setrlimit(resource, &fixed)); } -@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *r +@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *rl, char **ret) { if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY) r = free_and_strdup(&s, "infinity"); else if (rl->rlim_cur >= RLIM_INFINITY) @@ -72,7 +76,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> if (r < 0) return -ENOMEM; -@@ -407,7 +407,7 @@ int rlimit_nofile_safe(void) { +@@ -422,7 +422,7 @@ int rlimit_nofile_safe(void) { rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open()); rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max); if (setrlimit(RLIMIT_NOFILE, &rl) < 0) @@ -81,9 +85,11 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> return 1; } +diff --git a/src/core/execute.c b/src/core/execute.c +index bd3da0c401..df1870fd2f 100644 --- a/src/core/execute.c +++ b/src/core/execute.c -@@ -6707,9 +6707,9 @@ void exec_context_dump(const ExecContext +@@ -1045,9 +1045,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { for (unsigned i = 0; i < RLIM_NLIMITS; i++) if (c->rlimit[i]) { fprintf(f, "%sLimit%s: " RLIM_FMT "\n", @@ -95,3 +101,6 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> } if (c->ioprio_set) { +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/poky/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch index 543fba7cdb..8d6084239e 100644 --- a/poky/meta/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch +++ b/poky/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch @@ -1,7 +1,7 @@ -From 26b02348e39fe72b73dd61bba8a0cefb0352717d Mon Sep 17 00:00:00 2001 +From 4842cff4f1329f0b5034b529d56f8ad1f234ac4c Mon Sep 17 00:00:00 2001 From: Andre McCurdy <armccurdy@gmail.com> Date: Tue, 10 Oct 2017 14:33:30 -0700 -Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() +Subject: [PATCH 07/22] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right thing to do and it's not portable (not supported by musl). See: @@ -31,7 +31,7 @@ Signed-off-by: Andre McCurdy <armccurdy@gmail.com> 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h -index 932d003f19..33215dbf5f 100644 +index 1023ab73ca..c78ff6f27f 100644 --- a/src/basic/fs-util.h +++ b/src/basic/fs-util.h @@ -49,8 +49,27 @@ int futimens_opath(int fd, const struct timespec ts[2]); @@ -64,7 +64,7 @@ index 932d003f19..33215dbf5f 100644 int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode); diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c -index be6dd1654a..2726dc946a 100644 +index 569ef466c3..7ae921a113 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -145,7 +145,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) { @@ -95,5 +95,5 @@ index be6dd1654a..2726dc946a 100644 } -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/poky/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch index 24dd6b0df1..c1a8bb19fe 100644 --- a/poky/meta/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch +++ b/poky/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch @@ -1,7 +1,8 @@ -From fdc7fb940bb41020271b9db41d5608004efdbde5 Mon Sep 17 00:00:00 2001 +From bab07e779ff23d5593bb118efaaa31b60a6dce87 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Sun, 27 May 2018 08:36:44 -0700 -Subject: [PATCH] Define glibc compatible basename() for non-glibc systems +Subject: [PATCH 08/22] Define glibc compatible basename() for non-glibc + systems Fixes builds with musl, even though systemd is adamant about using non-posix basename implementation, we have a way out @@ -10,9 +11,11 @@ Upstream-Status: Inappropriate [musl specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - src/machine/machine-dbus.c | 5 +++++ - 1 file changed, 5 insertions(+) + src/basic/string-util.h | 4 ++++ + 1 file changed, 4 insertions(+) +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index b6d8be3083..0a29036c4c 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h @@ -26,6 +26,10 @@ @@ -26,3 +29,6 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> static inline char* strstr_ptr(const char *haystack, const char *needle) { if (!haystack || !needle) return NULL; +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/poky/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch index 8162bc2c57..3ff0177ae3 100644 --- a/poky/meta/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch +++ b/poky/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch @@ -1,7 +1,7 @@ -From 32fd0dc67b6df531f0769dbb099dbe8f30c28514 Mon Sep 17 00:00:00 2001 +From 25093c5017725b8577c444dfea0f42ad85b43522 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Wed, 4 Jul 2018 15:00:44 +0800 -Subject: [PATCH] Do not disable buffering when writing to oom_score_adj +Subject: [PATCH 09/22] Do not disable buffering when writing to oom_score_adj On musl, disabling buffering when writing to oom_score_adj will cause the following error. @@ -24,10 +24,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 0747c14c1c..8d0c5aae92 100644 +index 201c5596ae..ea51595b6c 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c -@@ -1516,7 +1516,7 @@ int set_oom_score_adjust(int value) { +@@ -1716,7 +1716,7 @@ int set_oom_score_adjust(int value) { xsprintf(t, "%i", value); return write_string_file("/proc/self/oom_score_adj", t, @@ -37,5 +37,5 @@ index 0747c14c1c..8d0c5aae92 100644 int get_oom_score_adjust(int *ret) { -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/poky/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch index f6d908f947..cf59ac7d06 100644 --- a/poky/meta/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch +++ b/poky/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch @@ -1,7 +1,7 @@ -From ed46afcbc6bc1f6277a0a54c3db8cf1b056bca1e Mon Sep 17 00:00:00 2001 +From 2adbe9773cd65c48eec9df96868d4a738927c8d9 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Tue, 10 Jul 2018 15:40:17 +0800 -Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi +Subject: [PATCH 10/22] distinguish XSI-compliant strerror_r from GNU-specifi strerror_r XSI-compliant strerror_r and GNU-specifi strerror_r are different. @@ -24,7 +24,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c -index 413e2dd43f..805e5da0c0 100644 +index 77b2e1a0fd..fdba0e0142 100644 --- a/src/libsystemd/sd-bus/bus-error.c +++ b/src/libsystemd/sd-bus/bus-error.c @@ -408,7 +408,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) { @@ -55,10 +55,10 @@ index 413e2dd43f..805e5da0c0 100644 static bool map_ok(const sd_bus_error_map *map) { diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c -index 136ebcb153..8a75ba4ecd 100644 +index 69a2eb6404..1561859650 100644 --- a/src/libsystemd/sd-journal/journal-send.c +++ b/src/libsystemd/sd-journal/journal-send.c -@@ -360,7 +360,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove +@@ -361,7 +361,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove char* j; errno = 0; @@ -72,5 +72,5 @@ index 136ebcb153..8a75ba4ecd 100644 char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1]; -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch b/poky/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch index e5f017347c..e481b2e2e4 100644 --- a/poky/meta/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch +++ b/poky/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch @@ -1,7 +1,7 @@ -From 277b680d07a178b8278862b60417052d05c1376f Mon Sep 17 00:00:00 2001 +From 49c446cfb78cf74a909bed8c3798b77a5469866a Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 25 Feb 2019 15:44:54 +0800 -Subject: [PATCH] avoid redefinition of prctl_mm_map structure +Subject: [PATCH 11/22] avoid redefinition of prctl_mm_map structure Fix the following compile failure: error: redefinition of 'struct prctl_mm_map' @@ -14,7 +14,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 2 insertions(+) diff --git a/src/basic/missing_prctl.h b/src/basic/missing_prctl.h -index ab851306ba..5547cad875 100644 +index 7d9e395c92..88c2d7dfac 100644 --- a/src/basic/missing_prctl.h +++ b/src/basic/missing_prctl.h @@ -1,7 +1,9 @@ @@ -28,5 +28,5 @@ index ab851306ba..5547cad875 100644 /* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */ #ifndef PR_CAP_AMBIENT -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch b/poky/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch index c85087219c..66be79077e 100644 --- a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch +++ b/poky/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch @@ -1,7 +1,7 @@ -From aa6e5588e6d01c12e2f101d140cc710ab199df16 Mon Sep 17 00:00:00 2001 +From e4885a8e60f883d9217e26e1db3754c2906aca31 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Fri, 1 Mar 2019 15:22:15 +0800 -Subject: [PATCH] do not disable buffer in writing files +Subject: [PATCH 12/22] do not disable buffer in writing files Do not disable buffer in writing files, otherwise we get failure at boot for musl like below. @@ -19,6 +19,8 @@ Signed-off-by: Andrej Valek <andrej.valek@siemens.com> [rebased for systemd 243] Signed-off-by: Scott Murray <scott.murray@konsulko.com> [rebased for systemd 254] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +[rebased for systemd 255.1] --- src/basic/cgroup-util.c | 12 ++++++------ src/basic/namespace-util.c | 4 ++-- @@ -34,17 +36,21 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> src/nspawn/nspawn.c | 6 +++--- src/shared/binfmt-util.c | 2 +- src/shared/cgroup-setup.c | 4 ++-- - src/shared/coredump-util.c | 2 +- - src/shared/sleep-util.c | 4 ++-- + src/shared/coredump-util.c | 4 ++-- + src/shared/hibernate-util.c | 4 ++-- src/shared/smack-util.c | 2 +- + src/shared/watchdog.c | 2 +- src/sleep/sleep.c | 4 ++-- + src/storagetm/storagetm.c | 24 ++++++++++++------------ src/udev/udev-rules.c | 1 - src/vconsole/vconsole-setup.c | 2 +- - 20 files changed, 36 insertions(+), 37 deletions(-) + 22 files changed, 50 insertions(+), 51 deletions(-) +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index d2be79622f..e65fecb68d 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c -@@ -400,7 +400,7 @@ int cg_kill_kernel_sigkill(const char *c +@@ -417,7 +417,7 @@ int cg_kill_kernel_sigkill(const char *path) { if (r < 0) return r; @@ -53,7 +59,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; -@@ -806,7 +806,7 @@ int cg_install_release_agent(const char +@@ -843,7 +843,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { sc = strstrip(contents); if (isempty(sc)) { @@ -62,7 +68,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; } else if (!path_equal(sc, agent)) -@@ -824,7 +824,7 @@ int cg_install_release_agent(const char +@@ -861,7 +861,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { sc = strstrip(contents); if (streq(sc, "0")) { @@ -71,7 +77,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; -@@ -851,7 +851,7 @@ int cg_uninstall_release_agent(const cha +@@ -888,7 +888,7 @@ int cg_uninstall_release_agent(const char *controller) { if (r < 0) return r; @@ -80,7 +86,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; -@@ -861,7 +861,7 @@ int cg_uninstall_release_agent(const cha +@@ -898,7 +898,7 @@ int cg_uninstall_release_agent(const char *controller) { if (r < 0) return r; @@ -89,7 +95,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; -@@ -1764,7 +1764,7 @@ int cg_set_attribute(const char *control +@@ -1814,7 +1814,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri if (r < 0) return r; @@ -98,9 +104,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> } int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) { +diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c +index 2101f617ad..63817bae17 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c -@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map, +@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { freeze(); xsprintf(path, "/proc/" PID_FMT "/uid_map", pid); @@ -115,9 +123,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_error_errno(r, "Failed to write GID map: %m"); +diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c +index 6cb0ddf575..247cf9e1d1 100644 --- a/src/basic/procfs-util.c +++ b/src/basic/procfs-util.c -@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limi +@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limit) { * decrease it, as threads-max is the much more relevant sysctl. */ if (limit > pid_max-1) { sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ @@ -133,9 +143,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) { uint64_t threads_max; +diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c +index b66a6622ae..8d1c93008a 100644 --- a/src/basic/sysctl-util.c +++ b/src/basic/sysctl-util.c -@@ -58,7 +58,7 @@ int sysctl_write(const char *property, c +@@ -58,7 +58,7 @@ int sysctl_write(const char *property, const char *value) { log_debug("Setting '%s' to '%s'", p, value); @@ -144,6 +156,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> } int sysctl_writef(const char *property, const char *format, ...) { +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index d21f3f79ff..258607cc7e 100644 --- a/src/binfmt/binfmt.c +++ b/src/binfmt/binfmt.c @@ -30,7 +30,7 @@ static bool arg_unregister = false; @@ -155,7 +169,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> } static int apply_rule(const char *filename, unsigned line, const char *rule) { -@@ -58,7 +58,7 @@ static int apply_rule(const char *filena +@@ -58,7 +58,7 @@ static int apply_rule(const char *filename, unsigned line, const char *rule) { if (r >= 0) log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename); @@ -164,7 +178,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_error_errno(r, "%s:%u: Failed to add binary format '%s': %m", filename, line, rulename); -@@ -244,7 +244,7 @@ static int run(int argc, char *argv[]) { +@@ -248,7 +248,7 @@ static int run(int argc, char *argv[]) { return r; /* Flush out all rules */ @@ -173,9 +187,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m"); else +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 61ac4df1a6..ea18970196 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -4349,7 +4349,7 @@ int unit_cgroup_freezer_action(Unit *u, +@@ -4578,7 +4578,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { u->freezer_state = FREEZER_THAWING; } @@ -184,9 +200,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; +diff --git a/src/core/main.c b/src/core/main.c +index 3f71cc0947..0e5aec3e9e 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1737,7 +1737,7 @@ static void initialize_core_pattern(bool +@@ -1678,7 +1678,7 @@ static void initialize_core_pattern(bool skip_setup) { if (getpid_cached() != 1) return; @@ -195,9 +213,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern); +diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c +index 7ea902b6f9..1aef2988d0 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c -@@ -319,17 +319,17 @@ int mac_smack_setup(bool *loaded_policy) +@@ -321,17 +321,17 @@ int mac_smack_setup(bool *loaded_policy) { } #if HAVE_SMACK_RUN_LABEL @@ -219,6 +239,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); #endif +diff --git a/src/home/homework.c b/src/home/homework.c +index 066483e342..5f92dd7064 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -278,7 +278,7 @@ static void drop_caches_now(void) { @@ -230,9 +252,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) log_warning_errno(r, "Failed to drop caches, ignoring: %m"); else +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 2fbc619a34..09d9591e37 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c -@@ -2515,7 +2515,7 @@ _public_ int sd_device_set_sysattr_value +@@ -2516,7 +2516,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, if (!value) return -ENOMEM; @@ -241,9 +265,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) { /* On failure, clear cache entry, as we do not know how it fails. */ device_remove_cached_sysattr_value(device, sysattr); +diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c +index a5002437c6..b12e6cd9c9 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c -@@ -122,7 +122,7 @@ int sync_cgroup(pid_t pid, CGroupUnified +@@ -124,7 +124,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { fn = strjoina(tree, cgroup, "/cgroup.procs"); sprintf(pid_string, PID_FMT, pid); @@ -252,9 +278,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) { log_error_errno(r, "Failed to move process: %m"); goto finish; +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 6ab604d3dc..bbec6b686c 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -2774,7 +2774,7 @@ static int reset_audit_loginuid(void) { +@@ -2688,7 +2688,7 @@ static int reset_audit_loginuid(void) { if (streq(p, "4294967295")) return 0; @@ -263,7 +291,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) { log_error_errno(r, "Failed to reset audit login UID. This probably means that your kernel is too\n" -@@ -4214,7 +4214,7 @@ static int setup_uid_map( +@@ -4141,7 +4141,7 @@ static int setup_uid_map( return log_oom(); xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); @@ -272,7 +300,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_error_errno(r, "Failed to write UID map: %m"); -@@ -4224,7 +4224,7 @@ static int setup_uid_map( +@@ -4151,7 +4151,7 @@ static int setup_uid_map( return log_oom(); xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid); @@ -281,6 +309,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_error_errno(r, "Failed to write GID map: %m"); +diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c +index a26175474b..1413a9c72c 100644 --- a/src/shared/binfmt-util.c +++ b/src/shared/binfmt-util.c @@ -46,7 +46,7 @@ int disable_binfmt(void) { @@ -292,18 +322,20 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m"); +diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c +index 934a16eaf3..c921ced861 100644 --- a/src/shared/cgroup-setup.c +++ b/src/shared/cgroup-setup.c -@@ -351,7 +351,7 @@ int cg_attach(const char *controller, co +@@ -351,7 +351,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { xsprintf(c, PID_FMT "\n", pid); - r = write_string_file(fs, c, WRITE_STRING_FILE_DISABLE_BUFFER); + r = write_string_file(fs, c, 0); - if (r == -EOPNOTSUPP && cg_is_threaded(controller, path) > 0) + if (r == -EOPNOTSUPP && cg_is_threaded(path) > 0) /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */ return -EUCLEAN; -@@ -964,7 +964,7 @@ int cg_enable_everywhere( +@@ -966,7 +966,7 @@ int cg_enable_everywhere( return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p); } @@ -312,9 +344,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) { log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); +diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c +index 805503f366..01a7ccb291 100644 --- a/src/shared/coredump-util.c +++ b/src/shared/coredump-util.c -@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value) +@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value) { xsprintf(t, "0x%"PRIx64, value); return write_string_file("/proc/self/coredump_filter", t, @@ -323,9 +357,20 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> } /* Turn off core dumps but only if we're running outside of a container. */ ---- a/src/shared/sleep-util.c -+++ b/src/shared/sleep-util.c -@@ -1044,7 +1044,7 @@ int write_resume_config(dev_t devno, uin +@@ -173,7 +173,7 @@ void disable_coredumps(void) { + if (detect_container() > 0) + return; + +- r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); + if (r < 0) + log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); + } +diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c +index 3eb13d48f6..d09b901be1 100644 +--- a/src/shared/hibernate-util.c ++++ b/src/shared/hibernate-util.c +@@ -481,7 +481,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so * fail gracefully if it doesn't exist and we're only overwriting it with 0. */ @@ -334,7 +379,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r == -ENOENT) { if (offset != 0) return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), -@@ -1060,7 +1060,7 @@ int write_resume_config(dev_t devno, uin +@@ -497,7 +497,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.", offset_str, device); @@ -343,9 +388,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_error_errno(r, "Failed to write device '%s' (%s) to /sys/power/resume: %m", +diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c +index 1f88e724d0..feb18b320a 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c -@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const +@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { return 0; p = procfs_file_alloca(pid, "attr/current"); @@ -354,29 +401,142 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return r; +diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c +index 4c1a968718..6faf6806a5 100644 +--- a/src/shared/watchdog.c ++++ b/src/shared/watchdog.c +@@ -93,7 +93,7 @@ static int set_pretimeout_governor(const char *governor) { + + r = write_string_file(sys_fn, + governor, +- WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE); ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE); + if (r < 0) + return log_error_errno(r, "Failed to set pretimeout_governor to '%s': %m", governor); + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index 21af3e9e52..6d4b84b5d5 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -139,7 +139,7 @@ static int write_mode(char **modes) { +@@ -137,7 +137,7 @@ static int write_state(int fd, char * const *states) { + if (k < 0) + return RET_GATHER(r, k); + +- k = write_string_stream(f, *state, WRITE_STRING_FILE_DISABLE_BUFFER); ++ k = write_string_stream(f, *state, 0); + if (k >= 0) { + log_debug("Using sleep state '%s'.", *state); + return 0; +@@ -155,7 +155,7 @@ static int write_mode(char * const *modes) { STRV_FOREACH(mode, modes) { int k; - k = write_string_file("/sys/power/disk", *mode, WRITE_STRING_FILE_DISABLE_BUFFER); + k = write_string_file("/sys/power/disk", *mode, 0); - if (k >= 0) + if (k >= 0) { + log_debug("Using sleep disk mode '%s'.", *mode); return 0; +diff --git a/src/storagetm/storagetm.c b/src/storagetm/storagetm.c +index ae63baaf79..82eeca479a 100644 +--- a/src/storagetm/storagetm.c ++++ b/src/storagetm/storagetm.c +@@ -186,7 +186,7 @@ static int nvme_subsystem_unlink(NvmeSubsystem *s) { + if (!enable_fn) + return log_oom(); + +- r = write_string_file_at(namespaces_fd, enable_fn, "0", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(namespaces_fd, enable_fn, "0", 0); + if (r < 0) + log_warning_errno(r, "Failed to disable namespace '%s' of NVME subsystem '%s', ignoring: %m", e->d_name, s->name); + +@@ -254,7 +254,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) { + _cleanup_free_ char *truncated = strndup(w, 40); /* kernel refuses more than 40 chars (as per nvme spec) */ + + /* The default string stored in 'attr_model' is "Linux" btw. */ +- r = write_string_file_at(subsystem_fd, "attr_model", truncated, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(subsystem_fd, "attr_model", truncated, 0); + if (r < 0) + log_warning_errno(r, "Failed to set model of subsystem to '%s', ignoring: %m", w); + } +@@ -268,7 +268,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) { + return log_oom(); -@@ -160,7 +160,7 @@ static int write_state(FILE **f, char ** - STRV_FOREACH(state, states) { - int k; + /* The default string stored in 'attr_firmware' is `uname -r` btw, but truncated to 8 chars. */ +- r = write_string_file_at(subsystem_fd, "attr_firmware", truncated, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(subsystem_fd, "attr_firmware", truncated, 0); + if (r < 0) + log_warning_errno(r, "Failed to set model of subsystem to '%s', ignoring: %m", truncated); + } +@@ -295,7 +295,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) { + if (!truncated) + return log_oom(); -- k = write_string_stream(*f, *state, WRITE_STRING_FILE_DISABLE_BUFFER); -+ k = write_string_stream(*f, *state, 0); - if (k >= 0) - return 0; - log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); +- r = write_string_file_at(subsystem_fd, "attr_serial", truncated, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(subsystem_fd, "attr_serial", truncated, 0); + if (r < 0) + log_warning_errno(r, "Failed to set serial of subsystem to '%s', ignoring: %m", truncated); + } +@@ -345,7 +345,7 @@ static int nvme_namespace_write_metadata(int namespace_fd, sd_device *device, co + id = id128_digest(j, l); + } + +- r = write_string_file_at(namespace_fd, "device_uuid", SD_ID128_TO_UUID_STRING(id), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(namespace_fd, "device_uuid", SD_ID128_TO_UUID_STRING(id), 0); + if (r < 0) + log_warning_errno(r, "Failed to set uuid of namespace to '%s', ignoring: %m", SD_ID128_TO_UUID_STRING(id)); + +@@ -408,7 +408,7 @@ static int nvme_subsystem_add(const char *node, int consumed_fd, sd_device *devi + if (subsystem_fd < 0) + return log_error_errno(subsystem_fd, "Failed to create NVME subsystem '%s': %m", j); + +- r = write_string_file_at(subsystem_fd, "attr_allow_any_host", "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(subsystem_fd, "attr_allow_any_host", "1", 0); + if (r < 0) + return log_error_errno(r, "Failed to set 'attr_allow_any_host' flag: %m"); + +@@ -423,11 +423,11 @@ static int nvme_subsystem_add(const char *node, int consumed_fd, sd_device *devi + + /* We use /proc/$PID/fd/$FD rather than /proc/self/fd/$FD, because this string is visible to others + * via configfs, and by including the PID it's clear to who the stuff belongs. */ +- r = write_string_file_at(namespace_fd, "device_path", FORMAT_PROC_PID_FD_PATH(0, fd), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(namespace_fd, "device_path", FORMAT_PROC_PID_FD_PATH(0, fd), 0); + if (r < 0) + return log_error_errno(r, "Failed to write 'device_path' attribute: %m"); + +- r = write_string_file_at(namespace_fd, "enable", "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(namespace_fd, "enable", "1", 0); + if (r < 0) + return log_error_errno(r, "Failed to write 'enable' attribute: %m"); + +@@ -557,19 +557,19 @@ static int nvme_port_add_portnr( + return 0; + } + +- r = write_string_file_at(port_fd, "addr_adrfam", af_to_ipv4_ipv6(ip_family), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(port_fd, "addr_adrfam", af_to_ipv4_ipv6(ip_family), 0); + if (r < 0) + return log_error_errno(r, "Failed to set address family on NVME port %" PRIu16 ": %m", portnr); + +- r = write_string_file_at(port_fd, "addr_trtype", "tcp", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(port_fd, "addr_trtype", "tcp", 0); + if (r < 0) + return log_error_errno(r, "Failed to set transport type on NVME port %" PRIu16 ": %m", portnr); + +- r = write_string_file_at(port_fd, "addr_trsvcid", fname, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(port_fd, "addr_trsvcid", fname, 0); + if (r < 0) + return log_error_errno(r, "Failed to set IP port on NVME port %" PRIu16 ": %m", portnr); + +- r = write_string_file_at(port_fd, "addr_traddr", ip_family == AF_INET6 ? "::" : "0.0.0.0", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file_at(port_fd, "addr_traddr", ip_family == AF_INET6 ? "::" : "0.0.0.0", 0); + if (r < 0) + return log_error_errno(r, "Failed to set IP address on NVME port %" PRIu16 ": %m", portnr); + +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index febe345b4c..a90b610ba1 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c -@@ -2634,7 +2634,6 @@ static int udev_rule_apply_token_to_even +@@ -2711,7 +2711,6 @@ static int udev_rule_apply_token_to_event( log_event_debug(dev, token, "ATTR '%s' writing '%s'", buf, value); r = write_string_file(buf, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | @@ -384,9 +544,11 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> WRITE_STRING_FILE_AVOID_NEWLINE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE); if (r < 0) +diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c +index 4d82c65f0a..3a3d861b83 100644 --- a/src/vconsole/vconsole-setup.c +++ b/src/vconsole/vconsole-setup.c -@@ -260,7 +260,7 @@ static int toggle_utf8_vc(const char *na +@@ -261,7 +261,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { static int toggle_utf8_sysfs(bool utf8) { int r; @@ -395,3 +557,6 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> if (r < 0) return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8)); +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch b/poky/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch index 580aff327d..43f75373a6 100644 --- a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch +++ b/poky/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch @@ -1,7 +1,7 @@ -From a50ec65dbe660421052656dda7499c925005f486 Mon Sep 17 00:00:00 2001 +From 2f90f8463423cfbb7e83fcef42f1071018c3b56e Mon Sep 17 00:00:00 2001 From: Scott Murray <scott.murray@konsulko.com> Date: Fri, 13 Sep 2019 19:26:27 -0400 -Subject: [PATCH] Handle __cpu_mask usage +Subject: [PATCH 13/22] Handle __cpu_mask usage Fixes errors: @@ -23,6 +23,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> src/test/test-sizeof.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) +diff --git a/src/shared/cpu-set-util.h b/src/shared/cpu-set-util.h +index 3c63a58826..4c2d4347fc 100644 --- a/src/shared/cpu-set-util.h +++ b/src/shared/cpu-set-util.h @@ -6,6 +6,8 @@ @@ -34,6 +36,8 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> /* This wraps the libc interface with a variable to keep the allocated size. */ typedef struct CPUSet { cpu_set_t *set; +diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c +index ea0c58770e..b65c0bd370 100644 --- a/src/test/test-sizeof.c +++ b/src/test/test-sizeof.c @@ -1,6 +1,5 @@ @@ -51,3 +55,6 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> /* Print information about various types. Useful when diagnosing * gcc diagnostics on an unfamiliar architecture. */ +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch b/poky/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch index 19ee3ff311..a751e1ba6f 100644 --- a/poky/meta/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch +++ b/poky/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch @@ -1,7 +1,7 @@ -From ebf0f69d8614b8d86a971b97ff0d847d1e5d47c9 Mon Sep 17 00:00:00 2001 +From b7c827bb44edbb6251c9fcdb80aa03982c0e7bf3 Mon Sep 17 00:00:00 2001 From: Alex Kiernan <alex.kiernan@gmail.com> Date: Tue, 10 Mar 2020 11:05:20 +0000 -Subject: [PATCH] Handle missing gshadow +Subject: [PATCH 14/22] Handle missing gshadow gshadow usage is now present in the userdb code. Mask all uses of it to allow compilation on musl @@ -17,7 +17,7 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com> 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c -index 88b8fc2f8f..a819d41bac 100644 +index 414a49331b..1a4e1b628c 100644 --- a/src/shared/user-record-nss.c +++ b/src/shared/user-record-nss.c @@ -329,8 +329,10 @@ int nss_group_to_group_record( @@ -138,7 +138,7 @@ index 22ab04d6ee..4e52e7a911 100644 #include <shadow.h> diff --git a/src/shared/userdb.c b/src/shared/userdb.c -index a77eff4407..955e361d3a 100644 +index f60d48ace4..e878199a28 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -1038,13 +1038,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { @@ -169,5 +169,5 @@ index a77eff4407..955e361d3a 100644 return r; -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch index d64cec1585..e112766a9b 100644 --- a/poky/meta/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch +++ b/poky/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch @@ -1,7 +1,7 @@ -From a2f56a2a6cdd5137bb1e680aa9f6c40540107166 Mon Sep 17 00:00:00 2001 +From 3dc9d9d410bcce54fddfd94f43f7f77f3aa8e281 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 12 Apr 2021 23:44:53 -0700 -Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl +Subject: [PATCH 15/22] missing_syscall.h: Define MIPS ABI defines for musl musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64 unlike glibc where these are provided by libc headers, therefore define @@ -16,7 +16,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 2 files changed, 7 insertions(+) diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h -index 98cd037962..ea6a76c2e2 100644 +index d795efd8f2..d6729d3c1d 100644 --- a/src/basic/missing_syscall.h +++ b/src/basic/missing_syscall.h @@ -20,6 +20,12 @@ @@ -33,7 +33,7 @@ index 98cd037962..ea6a76c2e2 100644 #include "missing_keyctl.h" #include "missing_stat.h" diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c -index 2726dc946a..484f63e0b4 100644 +index 7ae921a113..0ef9d1fd39 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -20,6 +20,7 @@ @@ -45,5 +45,5 @@ index 2726dc946a..484f63e0b4 100644 typedef struct BaseFilesystem { const char *dir; /* directory or symlink to create */ -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch b/poky/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch index c634d8ec3d..0be817e62d 100644 --- a/poky/meta/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch +++ b/poky/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch @@ -1,7 +1,7 @@ -From 17766c64ecc7dedf09ed2d361690fc4eda77bf42 Mon Sep 17 00:00:00 2001 +From 0994b59dba9f248ad31cb7087046dc00b72cb4ea Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 21 Jan 2022 15:15:11 -0800 -Subject: [PATCH] pass correct parameters to getdents64 +Subject: [PATCH 16/22] pass correct parameters to getdents64 Fixes ../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] @@ -33,5 +33,5 @@ index 5e98b7a5d8..aef065047b 100644 return -errno; if (n == 0) -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch b/poky/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch index 5e9646c569..4176522a1c 100644 --- a/poky/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch +++ b/poky/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch @@ -1,11 +1,14 @@ -From e5f067cb3dc845dd865e450f4e64077b28feb4c0 Mon Sep 17 00:00:00 2001 +From 3c094d443ca30f19114392fd8ef274af6eabc12d Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 21 Jan 2022 22:19:37 -0800 -Subject: [PATCH] Adjust for musl headers +Subject: [PATCH 17/22] Adjust for musl headers Upstream-Status: Inappropriate [musl specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> + +[Rebased for v255.1] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> --- src/libsystemd-network/sd-dhcp6-client.c | 2 +- src/network/netdev/bareudp.c | 2 +- @@ -33,7 +36,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> src/network/netdev/xfrm.c | 2 +- src/network/networkd-bridge-mdb.c | 4 ++-- src/network/networkd-dhcp-common.c | 3 ++- - src/network/networkd-dhcp-prefix-delegation.c | 4 ++-- + src/network/networkd-dhcp-prefix-delegation.c | 3 ++- src/network/networkd-dhcp-server.c | 2 +- src/network/networkd-dhcp4.c | 2 +- src/network/networkd-ipv6ll.c | 2 +- @@ -41,13 +44,14 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> src/network/networkd-ndisc.c | 2 +- src/network/networkd-route.c | 8 ++++---- src/network/networkd-setlink.c | 2 +- + src/network/networkd-sysctl.c | 2 +- src/shared/linux/ethtool.h | 3 ++- src/shared/netif-util.c | 2 +- src/udev/udev-builtin-net_id.c | 2 +- - 37 files changed, 44 insertions(+), 42 deletions(-) + 38 files changed, 45 insertions(+), 42 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index 57dd91f81f..2b7f4fa3a7 100644 +index c20367dfc9..b8d4cd8c2a 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -5,7 +5,7 @@ @@ -60,7 +64,7 @@ index 57dd91f81f..2b7f4fa3a7 100644 #include "sd-dhcp6-client.h" diff --git a/src/network/netdev/bareudp.c b/src/network/netdev/bareudp.c -index 24d3afb877..f6241b41ee 100644 +index 1df886573b..c8b6714726 100644 --- a/src/network/netdev/bareudp.c +++ b/src/network/netdev/bareudp.c @@ -2,7 +2,7 @@ @@ -73,7 +77,7 @@ index 24d3afb877..f6241b41ee 100644 #include "bareudp.h" #include "netlink-util.h" diff --git a/src/network/netdev/batadv.c b/src/network/netdev/batadv.c -index 7e97619657..50fcffcfdf 100644 +index 26da0231d4..2e8002af8c 100644 --- a/src/network/netdev/batadv.c +++ b/src/network/netdev/batadv.c @@ -3,7 +3,7 @@ @@ -86,7 +90,7 @@ index 7e97619657..50fcffcfdf 100644 #include "batadv.h" #include "fileio.h" diff --git a/src/network/netdev/bond.c b/src/network/netdev/bond.c -index 601bff0a9c..dfed8d9e54 100644 +index 4d75a0d6bf..985b3197e0 100644 --- a/src/network/netdev/bond.c +++ b/src/network/netdev/bond.c @@ -1,7 +1,7 @@ @@ -99,7 +103,7 @@ index 601bff0a9c..dfed8d9e54 100644 #include "alloc-util.h" #include "bond.h" diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c -index b65c3b49fc..6875b4fbdb 100644 +index 3e394edadf..f12f667687 100644 --- a/src/network/netdev/bridge.c +++ b/src/network/netdev/bridge.c @@ -2,7 +2,7 @@ @@ -124,7 +128,7 @@ index 00df1d2787..77b506b422 100644 #include "dummy.h" diff --git a/src/network/netdev/geneve.c b/src/network/netdev/geneve.c -index 777a32d75c..73bfa2b5c1 100644 +index bc655ec7ff..a77e8e17e4 100644 --- a/src/network/netdev/geneve.c +++ b/src/network/netdev/geneve.c @@ -2,7 +2,7 @@ @@ -150,7 +154,7 @@ index d7ff44cb9e..e037629ae4 100644 #include "ifb.h" diff --git a/src/network/netdev/ipoib.c b/src/network/netdev/ipoib.c -index 5dd9286d57..4036d66dad 100644 +index d5fe299b7b..c9c8002eac 100644 --- a/src/network/netdev/ipoib.c +++ b/src/network/netdev/ipoib.c @@ -1,6 +1,6 @@ @@ -162,7 +166,7 @@ index 5dd9286d57..4036d66dad 100644 #include "ipoib.h" diff --git a/src/network/netdev/ipvlan.c b/src/network/netdev/ipvlan.c -index 058eadebd7..c470ebb6d7 100644 +index 05d5d010f6..d440f49537 100644 --- a/src/network/netdev/ipvlan.c +++ b/src/network/netdev/ipvlan.c @@ -2,7 +2,7 @@ @@ -175,7 +179,7 @@ index 058eadebd7..c470ebb6d7 100644 #include "conf-parser.h" #include "ipvlan.h" diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c -index 0da3dd4bd2..eb20f04469 100644 +index 17d6acefb6..679d0984f9 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -1,7 +1,7 @@ @@ -188,7 +192,7 @@ index 0da3dd4bd2..eb20f04469 100644 #include <linux/if_macsec.h> #include <linux/genetlink.h> diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c -index 1114bb0cb1..6c79a219a4 100644 +index 203807e3a5..8ab09a387e 100644 --- a/src/network/netdev/macvlan.c +++ b/src/network/netdev/macvlan.c @@ -2,7 +2,7 @@ @@ -201,7 +205,7 @@ index 1114bb0cb1..6c79a219a4 100644 #include "conf-parser.h" #include "macvlan.h" diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c -index 038a27c118..67155f0db7 100644 +index 57127a861a..7f787d0b9f 100644 --- a/src/network/netdev/netdev.c +++ b/src/network/netdev/netdev.c @@ -2,7 +2,7 @@ @@ -238,7 +242,7 @@ index ff372092e6..eef66811f4 100644 #include "nlmon.h" diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c -index 2addfeecaa..954987f26d 100644 +index db84e7cf6e..93d5642962 100644 --- a/src/network/netdev/tunnel.c +++ b/src/network/netdev/tunnel.c @@ -2,7 +2,7 @@ @@ -263,7 +267,7 @@ index 380547ee1e..137c1adf8a 100644 #include "vcan.h" diff --git a/src/network/netdev/veth.c b/src/network/netdev/veth.c -index fb00e6667f..f52d9ee89a 100644 +index e0f5b4ebb1..8a424ed03d 100644 --- a/src/network/netdev/veth.c +++ b/src/network/netdev/veth.c @@ -3,7 +3,7 @@ @@ -276,7 +280,7 @@ index fb00e6667f..f52d9ee89a 100644 #include "netlink-util.h" diff --git a/src/network/netdev/vlan.c b/src/network/netdev/vlan.c -index a3d961dac3..386b567a42 100644 +index 2390206993..efec630e30 100644 --- a/src/network/netdev/vlan.c +++ b/src/network/netdev/vlan.c @@ -2,7 +2,7 @@ @@ -289,7 +293,7 @@ index a3d961dac3..386b567a42 100644 #include "parse-util.h" diff --git a/src/network/netdev/vrf.c b/src/network/netdev/vrf.c -index 05ef3ff13d..825fc4a398 100644 +index b75ec2bcc6..6aeeea640b 100644 --- a/src/network/netdev/vrf.c +++ b/src/network/netdev/vrf.c @@ -2,7 +2,7 @@ @@ -302,7 +306,7 @@ index 05ef3ff13d..825fc4a398 100644 #include "vrf.h" diff --git a/src/network/netdev/vxcan.c b/src/network/netdev/vxcan.c -index 83269b0707..39c6dbe29c 100644 +index c0343f45b6..f9e718f40b 100644 --- a/src/network/netdev/vxcan.c +++ b/src/network/netdev/vxcan.c @@ -1,7 +1,7 @@ @@ -315,7 +319,7 @@ index 83269b0707..39c6dbe29c 100644 #include "vxcan.h" diff --git a/src/network/netdev/vxlan.c b/src/network/netdev/vxlan.c -index 589161938a..0ec9625b7a 100644 +index b11fdbbd0d..a971a917f0 100644 --- a/src/network/netdev/vxlan.c +++ b/src/network/netdev/vxlan.c @@ -2,7 +2,7 @@ @@ -328,7 +332,7 @@ index 589161938a..0ec9625b7a 100644 #include "conf-parser.h" #include "alloc-util.h" diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c -index 51e7e02990..fc36c0623a 100644 +index 4c7d837c41..6df6dfb816 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -6,7 +6,7 @@ @@ -341,7 +345,7 @@ index 51e7e02990..fc36c0623a 100644 #include "sd-resolve.h" diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c -index a961d8fef2..6c1815b257 100644 +index 905bfc0bdf..39e34dbb3b 100644 --- a/src/network/netdev/xfrm.c +++ b/src/network/netdev/xfrm.c @@ -1,6 +1,6 @@ @@ -374,7 +378,7 @@ index bd1a9745dc..949d3da029 100644 #define STATIC_BRIDGE_MDB_ENTRIES_PER_NETWORK_MAX 1024U diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c -index ca9a825e7b..8735e261ad 100644 +index 080b15387c..efe8283957 100644 --- a/src/network/networkd-dhcp-common.c +++ b/src/network/networkd-dhcp-common.c @@ -1,7 +1,8 @@ @@ -388,18 +392,17 @@ index ca9a825e7b..8735e261ad 100644 #include "bus-error.h" #include "bus-locator.h" diff --git a/src/network/networkd-dhcp-prefix-delegation.c b/src/network/networkd-dhcp-prefix-delegation.c -index 66c5e979d9..581b6b8c29 100644 +index af2fe9efcd..511565700f 100644 --- a/src/network/networkd-dhcp-prefix-delegation.c +++ b/src/network/networkd-dhcp-prefix-delegation.c -@@ -1,7 +1,5 @@ +@@ -1,6 +1,5 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ -#include <linux/ipv6_route.h> -- - #include "sd-dhcp6-client.h" + #include "dhcp6-lease-internal.h" #include "hashmap.h" -@@ -21,6 +19,8 @@ +@@ -20,6 +19,8 @@ #include "strv.h" #include "tunnel.h" @@ -409,7 +412,7 @@ index 66c5e979d9..581b6b8c29 100644 assert(link); diff --git a/src/network/networkd-dhcp-server.c b/src/network/networkd-dhcp-server.c -index 620fbbddc7..c8af20fb34 100644 +index 607fe0053c..9ce4005874 100644 --- a/src/network/networkd-dhcp-server.c +++ b/src/network/networkd-dhcp-server.c @@ -1,7 +1,7 @@ @@ -422,7 +425,7 @@ index 620fbbddc7..c8af20fb34 100644 #include "sd-dhcp-server.h" diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c -index d4b4942173..3d78da5609 100644 +index efbae6d868..1ea2151d50 100644 --- a/src/network/networkd-dhcp4.c +++ b/src/network/networkd-dhcp4.c @@ -3,7 +3,7 @@ @@ -448,7 +451,7 @@ index 32229a3fc7..662a345d6e 100644 #include "in-addr-util.h" #include "networkd-address.h" diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 019bef0590..657fc41ae6 100644 +index ee5f0f2c0a..ea5269a2de 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -3,7 +3,7 @@ @@ -461,7 +464,7 @@ index 019bef0590..657fc41ae6 100644 #include <linux/netdevice.h> #include <sys/socket.h> diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c -index 99a07e16fc..e51cd81d96 100644 +index ab9eeb13a5..dd96fe7483 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -6,7 +6,7 @@ @@ -474,7 +477,7 @@ index 99a07e16fc..e51cd81d96 100644 #include "sd-ndisc.h" diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 5214a8ad2c..9dd758daae 100644 +index 7218d799fc..30d5574eae 100644 --- a/src/network/networkd-route.c +++ b/src/network/networkd-route.c @@ -1,9 +1,5 @@ @@ -499,7 +502,7 @@ index 5214a8ad2c..9dd758daae 100644 _cleanup_(route_freep) Route *route = NULL; diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index 541c4b8a72..06ebda8f0f 100644 +index 2298f9ea3a..7d5f87de53 100644 --- a/src/network/networkd-setlink.c +++ b/src/network/networkd-setlink.c @@ -2,7 +2,7 @@ @@ -511,8 +514,21 @@ index 541c4b8a72..06ebda8f0f 100644 #include <linux/if_bridge.h> #include "missing_network.h" +diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c +index 2b226b2e2a..f12a474e2f 100644 +--- a/src/network/networkd-sysctl.c ++++ b/src/network/networkd-sysctl.c +@@ -2,7 +2,7 @@ + + #include <netinet/in.h> + #include <linux/if.h> +-#include <linux/if_arp.h> ++//#include <linux/if_arp.h> + + #include "missing_network.h" + #include "networkd-link.h" diff --git a/src/shared/linux/ethtool.h b/src/shared/linux/ethtool.h -index 1458de3627..d5c2d2e0ac 100644 +index 3d1da515c0..3fca9a4faf 100644 --- a/src/shared/linux/ethtool.h +++ b/src/shared/linux/ethtool.h @@ -16,7 +16,8 @@ @@ -539,7 +555,7 @@ index f56c5646c1..5af28ff119 100644 #include "arphrd-util.h" #include "device-util.h" diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c -index a48d5dedf8..31a8bc1b3c 100644 +index f528a46b8e..830318cda5 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -18,7 +18,7 @@ @@ -552,5 +568,5 @@ index a48d5dedf8..31a8bc1b3c 100644 #include <linux/pci_regs.h> -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/poky/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch index 96322e5a56..75f6b9094a 100644 --- a/poky/meta/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch +++ b/poky/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch @@ -1,8 +1,8 @@ -From fa598869cca684c001f3dc23ce2198f5a6169e2a Mon Sep 17 00:00:00 2001 +From be02bd0876a061728661535a709d313e39fe1ac3 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 8 Nov 2022 13:31:34 -0800 -Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific - version mark it so +Subject: [PATCH 18/22] test-bus-error: strerror() is assumed to be GNU + specific version mark it so Upstream-Status: Inappropriate [Upstream systemd only supports glibc] @@ -27,7 +27,7 @@ index a55f3f9856..4123bf3da0 100644 assert_se(sd_bus_error_get_errno(&error) == EBUSY); assert_se(sd_bus_error_is_set(&error)); diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c -index d3d022c33f..74e95c804d 100644 +index 376d532281..967cfd4d67 100644 --- a/src/test/test-errno-util.c +++ b/src/test/test-errno-util.c @@ -4,7 +4,7 @@ @@ -48,5 +48,5 @@ index d3d022c33f..74e95c804d 100644 TEST(PROTECT_ERRNO) { errno = 12; -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch index fcc56a2e65..e038b73678 100644 --- a/poky/meta/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch +++ b/poky/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch @@ -1,7 +1,7 @@ -From f629a76e0fba300a9d511614160fee38dd4a5e57 Mon Sep 17 00:00:00 2001 +From 46d80840bfe37e67d4f18c37a77751ea1fe63a07 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 23 Jan 2023 23:39:46 -0800 -Subject: [PATCH] errno-util: Make STRERROR portable for musl +Subject: [PATCH 19/22] errno-util: Make STRERROR portable for musl Sadly, systemd has decided to use yet another GNU extention in a macro lets make this such that we can use XSI compliant strerror_r() for @@ -11,20 +11,21 @@ Upstream-Status: Inappropriate [musl specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - src/basic/errno-util.h | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) + src/basic/errno-util.h | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index 091f99c590..eb5c1f9961 100644 +index 27804e6382..274c1c6ef1 100644 --- a/src/basic/errno-util.h +++ b/src/basic/errno-util.h -@@ -14,8 +14,16 @@ +@@ -15,8 +15,16 @@ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks * * Note that we use the GNU variant of strerror_r() here. */ -#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) +- +static inline const char * STRERROR(int errnum); - ++ +static inline const char * STRERROR(int errnum) { +#ifdef __GLIBC__ + return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN); @@ -37,5 +38,5 @@ index 091f99c590..eb5c1f9961 100644 * Note that we can't use ({ … }) to define a temporary variable, so errnum is * evaluated twice. */ -- -2.39.2 +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/poky/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch index c9ec00012e..b83fffe793 100644 --- a/poky/meta/recipes-core/systemd/systemd/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch +++ b/poky/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch @@ -1,7 +1,7 @@ -From 148645ba8b62f04c7c5ff5907378663f97880f22 Mon Sep 17 00:00:00 2001 +From 9eb4867b4e2dbdb2484ae854022aff97e2f0feb3 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 2 Aug 2023 12:06:27 -0700 -Subject: [PATCH 1/4] sd-event: Make malloc_trim() conditional on glibc +Subject: [PATCH 20/22] sd-event: Make malloc_trim() conditional on glibc musl does not have this API @@ -12,28 +12,28 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index aba458185b..48c94a7672 100644 +index 288798a0dc..6419a7f216 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1874,7 +1874,7 @@ _public_ int sd_event_add_exit( } - + _public_ int sd_event_trim_memory(void) { - int r; + int r = 0; - + /* A default implementation of a memory pressure callback. Simply releases our own allocation caches * and glibc's. This is automatically used when people call sd_event_add_memory_pressure() with a @@ -1888,7 +1888,9 @@ _public_ int sd_event_trim_memory(void) { - + usec_t before_timestamp = now(CLOCK_MONOTONIC); hashmap_trim_pools(); +#ifdef __GLIBC__ r = malloc_trim(0); +#endif usec_t after_timestamp = now(CLOCK_MONOTONIC); - + if (r > 0) --- -2.41.0 +-- +2.34.1 diff --git a/poky/meta/recipes-core/systemd/systemd/0029-shared-Do-not-use-malloc_info-on-musl.patch b/poky/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch index 8e386551a1..7eff069bb7 100644 --- a/poky/meta/recipes-core/systemd/systemd/0029-shared-Do-not-use-malloc_info-on-musl.patch +++ b/poky/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch @@ -1,7 +1,7 @@ -From 9430646e72ea5d260ade300038a6d976fecf7da5 Mon Sep 17 00:00:00 2001 +From 502597b9ddd6b145541b23fadca0b1d3ca9f6367 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 2 Aug 2023 12:20:40 -0700 -Subject: [PATCH 4/4] shared: Do not use malloc_info on musl +Subject: [PATCH 21/22] shared: Do not use malloc_info on musl Upstream-Status: Inappropriate [musl-specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> @@ -10,9 +10,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> src/shared/common-signal.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index 74f148c8b4..2d862a123d 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c -@@ -617,15 +617,16 @@ static int method_dump_memory_state_by_f +@@ -611,15 +611,16 @@ static int method_dump_memory_state_by_fd(sd_bus_message *message, void *userdat _cleanup_close_ int fd = -EBADF; size_t dump_size; FILE *f; @@ -31,9 +33,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> if (r < 0) return r; +diff --git a/src/shared/common-signal.c b/src/shared/common-signal.c +index 8e70e365dd..9e782caec9 100644 --- a/src/shared/common-signal.c +++ b/src/shared/common-signal.c -@@ -65,12 +65,12 @@ int sigrtmin18_handler(sd_event_source * +@@ -65,12 +65,12 @@ int sigrtmin18_handler(sd_event_source *s, const struct signalfd_siginfo *si, vo log_oom(); break; } @@ -48,3 +52,6 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> (void) memstream_dump(LOG_INFO, &m); break; } +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch new file mode 100644 index 0000000000..24f3bf74a0 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch @@ -0,0 +1,43 @@ +From fd52f1764647e03a35e8f0ed0ef952049073ccbd Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 2 Jan 2024 11:03:27 +0800 +Subject: [PATCH 22/22] avoid missing LOCK_EX declaration + +This only happens on MUSL. Include sys/file.h to avoid compilation +error about missing LOCK_EX declaration. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/core/exec-invoke.c | 1 + + src/shared/dev-setup.h | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c +index 70d963e269..7084811439 100644 +--- a/src/core/exec-invoke.c ++++ b/src/core/exec-invoke.c +@@ -4,6 +4,7 @@ + #include <sys/ioctl.h> + #include <sys/mount.h> + #include <sys/prctl.h> ++#include <sys/file.h> + + #if HAVE_PAM + #include <security/pam_appl.h> +diff --git a/src/shared/dev-setup.h b/src/shared/dev-setup.h +index 5339bc4e5e..0697495f23 100644 +--- a/src/shared/dev-setup.h ++++ b/src/shared/dev-setup.h +@@ -2,6 +2,7 @@ + #pragma once + + #include <sys/types.h> ++#include <sys/file.h> + + int lock_dev_console(void); + +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch deleted file mode 100644 index 8e563238ef..0000000000 --- a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f85a387a67900b02c69abccb88c2ef7191c67277 Mon Sep 17 00:00:00 2001 -From: Jan Janssen <medhefgo@web.de> -Date: Sun, 1 Oct 2023 09:55:48 +0200 -Subject: [PATCH] meson: Pass all -static-pie args to linker - -Fixes: #29381 - -Upstream-Status: Backport [https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef] -Signed-off-by: Viswanath Kraleti <quic_vkraleti@quicinc.com> ---- - src/boot/efi/meson.build | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build -index 2773eaf286..9a60a57329 100644 ---- a/src/boot/efi/meson.build -+++ b/src/boot/efi/meson.build -@@ -161,9 +161,14 @@ efi_c_ld_args = [ - '-Wl,--entry=efi_main', - '-Wl,--fatal-warnings', - -- # These flags should be passed by -static-pie, but seem to be missing sometimes. -- '-Wl,--no-dynamic-linker', -- '-z', 'text', -+ # These flags should be passed by -static-pie, but for whatever reason the flag translation -+ # is not enabled on all architectures. Not passing `-static` would just allow the linker to -+ # use dynamic libraries, (which we can't/don't use anyway). But if `-pie` is missing and the -+ # gcc build does not default to `-pie` we get a regular (no-pie) binary that will be -+ # rightfully rejected by elf2efi. Note that meson also passes `-pie` to the linker driver, -+ # but it is overridden by our `-static-pie`. We also need to pass these directly to the -+ # linker as `-static`+`-pie` seem to get translated differently. -+ '-Wl,-static,-pie,--no-dynamic-linker,-z,text', - - # EFI has 4KiB pages. - '-z', 'common-page-size=4096', diff --git a/poky/meta/recipes-core/systemd/systemd/basic.conf.in b/poky/meta/recipes-core/systemd/systemd/basic.conf.in deleted file mode 100644 index fac288f7fa..0000000000 --- a/poky/meta/recipes-core/systemd/systemd/basic.conf.in +++ /dev/null @@ -1,40 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# The superuser -u root 0 "root" :ROOT_HOME: - -# The nobody user/group for NFS file systems -g {{NOBODY_GROUP_NAME}} 65534 - - -u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - - -# Administrator group: can *see* more than normal users -g adm {{ADM_GID }} - - - -# Administrator group: can *do* more than normal users -g wheel {{WHEEL_GID }} - - - -# Access to shared database of users on the system -g utmp {{UTMP_GID }} - - - -# Physical and virtual hardware access groups -g audio {{AUDIO_GID }} - - -g cdrom {{CDROM_GID }} - - -g dialout {{DIALOUT_GID}} - - -g disk {{DISK_GID }} - - -g input {{INPUT_GID }} - - -g kmem {{KMEM_GID }} - - -g kvm {{KVM_GID }} - - -g lp {{LP_GID }} - - -g render {{RENDER_GID }} - - -g sgx {{SGX_GID }} - - -g tape {{TAPE_GID }} - - -g tty {{TTY_GID }} - - -g video {{VIDEO_GID }} - - - -# Default group for normal users -g users {{USERS_GID }} - - diff --git a/poky/meta/recipes-core/systemd/systemd_254.4.bb b/poky/meta/recipes-core/systemd/systemd_255.1.bb index 05cfc734bf..c0de44090d 100644 --- a/poky/meta/recipes-core/systemd/systemd_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_255.1.bb @@ -21,7 +21,6 @@ REQUIRED_DISTRO_FEATURES += "systemd" SRC_URI += " \ file://touchscreen.rules \ file://00-create-volatile.conf \ - file://basic.conf.in \ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ file://init \ @@ -29,33 +28,33 @@ SRC_URI += " \ file://systemd-pager.sh \ file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0008-implment-systemd-sysv-install-for-OE.patch \ - file://0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \ " # patches needed by musl SRC_URI:append:libc-musl = " ${SRC_URI_MUSL}" SRC_URI_MUSL = "\ - file://0009-missing_type.h-add-comparison_fn_t.patch \ - file://0010-add-fallback-parse_printf_format-implementation.patch \ - file://0011-src-basic-missing.h-check-for-missing-strndupa.patch \ - file://0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \ - file://0013-add-missing-FTW_-macros-for-musl.patch \ - file://0014-Use-uintmax_t-for-handling-rlim_t.patch \ - file://0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \ - file://0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch \ - file://0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \ - file://0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \ - file://0020-avoid-redefinition-of-prctl_mm_map-structure.patch \ - file://0021-do-not-disable-buffer-in-writing-files.patch \ - file://0022-Handle-__cpu_mask-usage.patch \ - file://0023-Handle-missing-gshadow.patch \ - file://0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \ - file://0005-pass-correct-parameters-to-getdents64.patch \ - file://0001-Adjust-for-musl-headers.patch \ - file://0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \ - file://0003-errno-util-Make-STRERROR-portable-for-musl.patch \ - file://0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch \ - file://0029-shared-Do-not-use-malloc_info-on-musl.patch \ + file://0001-missing_type.h-add-comparison_fn_t.patch \ + file://0002-add-fallback-parse_printf_format-implementation.patch \ + file://0003-src-basic-missing.h-check-for-missing-strndupa.patch \ + file://0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \ + file://0005-add-missing-FTW_-macros-for-musl.patch \ + file://0006-Use-uintmax_t-for-handling-rlim_t.patch \ + file://0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \ + file://0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch \ + file://0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \ + file://0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \ + file://0011-avoid-redefinition-of-prctl_mm_map-structure.patch \ + file://0012-do-not-disable-buffer-in-writing-files.patch \ + file://0013-Handle-__cpu_mask-usage.patch \ + file://0014-Handle-missing-gshadow.patch \ + file://0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \ + file://0016-pass-correct-parameters-to-getdents64.patch \ + file://0017-Adjust-for-musl-headers.patch \ + file://0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \ + file://0019-errno-util-Make-STRERROR-portable-for-musl.patch \ + file://0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch \ + file://0021-shared-Do-not-use-malloc_info-on-musl.patch \ + file://0022-avoid-missing-LOCK_EX-declaration.patch \ " PAM_PLUGINS = " \ @@ -73,6 +72,7 @@ PACKAGECONFIG ??= " \ ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 'link-udev-shared', d)} \ backlight \ binfmt \ + cgroupv2 \ gshadow \ hibernate \ hostnamed \ @@ -266,12 +266,16 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ # The 60 seconds is watchdog's default vaule. WATCHDOG_TIMEOUT ??= "60" -do_configure:prepend() { - sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in -} - do_install() { meson_do_install + # Change the root user's home directory in /lib/sysusers.d/basic.conf. + # This is done merely for backward compatibility with previous systemd recipes. + # systemd hardcodes root user's HOME to be "/root". Changing to use other values + # may have unexpected runtime behaviors. + if [ "${ROOT_HOME}" != "/root" ]; then + bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd" + sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf + fi install -d ${D}/${base_sbindir} if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then # Provided by a separate recipe @@ -756,6 +760,7 @@ FILES:udev += "${base_sbindir}/udevd \ ${rootlibexecdir}/udev/rules.d/60-persistent-alsa.rules \ ${rootlibexecdir}/udev/rules.d/60-persistent-input.rules \ ${rootlibexecdir}/udev/rules.d/60-persistent-storage.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-storage-mtd.rules \ ${rootlibexecdir}/udev/rules.d/60-persistent-storage-tape.rules \ ${rootlibexecdir}/udev/rules.d/60-persistent-v4l.rules \ ${rootlibexecdir}/udev/rules.d/60-sensor.rules \ diff --git a/poky/meta/recipes-core/udev/eudev/netifnames.patch b/poky/meta/recipes-core/udev/eudev/netifnames.patch new file mode 100644 index 0000000000..8f6e9a1538 --- /dev/null +++ b/poky/meta/recipes-core/udev/eudev/netifnames.patch @@ -0,0 +1,17 @@ +eudev: consider ID_NET_NAME_MAC as an interface name + +eudev might not create names based on slot or path. + +Upstream-Status: Submitted [github.com/eudev-project/eudev/pull/274] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- a/rules/80-net-name-slot.rules ++++ b/rules/80-net-name-slot.rules +@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl + NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" + NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" + NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" ++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}" + + LABEL="net_name_slot_end" diff --git a/poky/meta/recipes-core/udev/eudev_3.2.14.bb b/poky/meta/recipes-core/udev/eudev_3.2.14.bb index d0758691bd..ddb3c3340f 100644 --- a/poky/meta/recipes-core/udev/eudev_3.2.14.bb +++ b/poky/meta/recipes-core/udev/eudev_3.2.14.bb @@ -10,6 +10,7 @@ DEPENDS = "gperf-native" PROVIDES = "udev" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ + file://netifnames.patch \ file://init \ file://local.rules \ " @@ -50,6 +51,7 @@ do_install:append() { # Use classic network interface naming scheme touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules + } do_install:prepend:class-target () { diff --git a/poky/meta/recipes-core/udev/udev-extraconf/mount.sh b/poky/meta/recipes-core/udev/udev-extraconf/mount.sh index 0cd51fcde8..c19e2aa68a 100644 --- a/poky/meta/recipes-core/udev/udev-extraconf/mount.sh +++ b/poky/meta/recipes-core/udev/udev-extraconf/mount.sh @@ -211,7 +211,7 @@ if [ "$ACTION" = "remove" ] || [ "$ACTION" = "change" ] && [ -x "$UMOUNT" ] && [ logger "mount.sh/remove" "cleaning up $DEVNAME, was mounted by the auto-mounter" for mnt in `cat /proc/mounts | grep "$DEVNAME" | cut -f 2 -d " " ` do - $UMOUNT $mnt + $UMOUNT "`printf $mnt`" done # Remove mount directory created by the auto-mounter # and clean up our tmp cache file diff --git a/poky/meta/recipes-core/zlib/zlib_1.3.bb b/poky/meta/recipes-core/zlib/zlib_1.3.bb index 1ed18172fa..ede75f90bd 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.3.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.3.bb @@ -47,3 +47,4 @@ do_install_ptest() { BBCLASSEXTEND = "native nativesdk" CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip" +CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib" diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch b/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch index c73aca41ee..2814196200 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch @@ -1,25 +1,26 @@ -From 0071d28e304745a16871561f23117fdb00dd2559 Mon Sep 17 00:00:00 2001 +From 1a50157aa11da48921200a0d8d4308863716eab0 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 12 Mar 2020 17:25:23 +0000 -Subject: [PATCH 4/7] autoreconf-exclude.patch +Subject: [PATCH] autoreconf-exclude.patch Upstream-Status: Inappropriate [oe specific] + --- bin/autoreconf.in | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/bin/autoreconf.in b/bin/autoreconf.in -index bb9f316d..7da3005b 100644 +index 98ebab6..937f758 100644 --- a/bin/autoreconf.in +++ b/bin/autoreconf.in -@@ -82,6 +82,7 @@ Operation modes: +@@ -83,6 +83,7 @@ Operation modes: -i, --install copy missing standard auxiliary files --no-recursive don't rebuild sub-packages -s, --symlink with -i, install symbolic links instead of copies + -x, --exclude=STEPS steps we should not run -m, --make when applicable, re-run ./configure && make - -W, --warnings=CATEGORY report the warnings falling in CATEGORY [syntax] - + -W, --warnings=CATEGORY report the warnings falling in CATEGORY + (comma-separated list accepted) @@ -141,6 +142,10 @@ my $run_make = 0; # Recurse into subpackages my $recursive = 1; @@ -60,7 +61,7 @@ index bb9f316d..7da3005b 100644 } -@@ -687,9 +698,12 @@ sub autoreconf_current_directory ($) +@@ -691,9 +702,12 @@ sub autoreconf_current_directory ($) { $libtoolize .= " --ltdl"; } @@ -73,7 +74,7 @@ index bb9f316d..7da3005b 100644 } else { -@@ -726,8 +740,11 @@ sub autoreconf_current_directory ($) +@@ -730,8 +744,11 @@ sub autoreconf_current_directory ($) } elsif ($install) { @@ -85,7 +86,7 @@ index bb9f316d..7da3005b 100644 } else { -@@ -765,7 +782,10 @@ sub autoreconf_current_directory ($) +@@ -769,7 +786,10 @@ sub autoreconf_current_directory ($) # latter runs the former, and (ii) autoconf is stricter than # autoheader. So all in all, autoconf should give better error # messages. @@ -96,7 +97,7 @@ index bb9f316d..7da3005b 100644 # -------------------- # -@@ -786,7 +806,10 @@ sub autoreconf_current_directory ($) +@@ -790,7 +810,10 @@ sub autoreconf_current_directory ($) } else { @@ -107,7 +108,7 @@ index bb9f316d..7da3005b 100644 } -@@ -803,7 +826,10 @@ sub autoreconf_current_directory ($) +@@ -807,7 +830,10 @@ sub autoreconf_current_directory ($) # We should always run automake, and let it decide whether it shall # update the file or not. In fact, the effect of '$force' is already # included in '$automake' via '--no-force'. @@ -118,6 +119,3 @@ index bb9f316d..7da3005b 100644 } # ---------------------------------------------------- # --- -2.25.1 - diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch b/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch index 23329f7927..38725574ba 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch @@ -1,18 +1,19 @@ -From 8c0f24404bebffdaf3132d81e2b9560d34ff1677 Mon Sep 17 00:00:00 2001 +From b28bd61e4716e744617bd681a5b0d5472f62bd67 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 12 Mar 2020 17:25:45 +0000 -Subject: [PATCH 6/7] autotest-automake-result-format.patch +Subject: [PATCH] autotest-automake-result-format.patch Upstream-Status: Inappropriate [oe specific] + --- lib/autotest/general.m4 | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/lib/autotest/general.m4 b/lib/autotest/general.m4 -index 0c0e3c5b..17590e96 100644 +index bf18866..8097523 100644 --- a/lib/autotest/general.m4 +++ b/lib/autotest/general.m4 -@@ -412,6 +412,9 @@ at_recheck= +@@ -427,6 +427,9 @@ at_recheck= # Whether a write failure occurred at_write_fail=0 @@ -22,7 +23,7 @@ index 0c0e3c5b..17590e96 100644 # The directory we run the suite in. Default to . if no -C option. at_dir=`pwd` # An absolute reference to this testsuite script. -@@ -525,6 +528,10 @@ do +@@ -540,6 +543,10 @@ do at_check_filter_trace=at_fn_filter_trace ;; @@ -33,7 +34,7 @@ index 0c0e3c5b..17590e96 100644 [[0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]]) at_fn_validate_ranges at_option AS_VAR_APPEND([at_groups], ["$at_option$as_nl"]) -@@ -713,10 +720,10 @@ m4_divert_push([HELP_MODES])dnl +@@ -728,10 +735,10 @@ m4_divert_push([HELP_MODES])dnl cat <<_ATEOF || at_write_fail=1 Operation modes: @@ -48,7 +49,7 @@ index 0c0e3c5b..17590e96 100644 _ATEOF m4_divert_pop([HELP_MODES])dnl m4_wrap([m4_divert_push([HELP_TUNING_BEGIN])dnl -@@ -742,6 +749,7 @@ Execution tuning: +@@ -757,6 +764,7 @@ Execution tuning: -d, --debug inhibit clean up and top-level logging [ default for debugging scripts] -x, --trace enable tests shell tracing @@ -56,7 +57,7 @@ index 0c0e3c5b..17590e96 100644 _ATEOF m4_divert_pop([HELP_TUNING_BEGIN])])dnl m4_divert_push([HELP_END])dnl -@@ -1129,7 +1137,9 @@ at_fn_group_banner () +@@ -1139,7 +1147,9 @@ at_fn_group_banner () [*]) at_desc_line="$[1]: " ;; esac AS_VAR_APPEND([at_desc_line], ["$[3]$[4]"]) @@ -67,7 +68,7 @@ index 0c0e3c5b..17590e96 100644 echo "# -*- compilation -*-" >> "$at_group_log" } -@@ -1155,42 +1165,51 @@ _ATEOF +@@ -1165,42 +1175,51 @@ _ATEOF case $at_xfail:$at_status in yes:0) at_msg="UNEXPECTED PASS" @@ -124,6 +125,3 @@ index 0c0e3c5b..17590e96 100644 fi at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg" case $at_status in --- -2.25.1 - diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch b/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch index c6c135625d..0f49583a64 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch @@ -1,13 +1,20 @@ -Don't use the target perl when regenerating the man pages. +From 1c033f2a23941c46d88b9ac279f87bf2c6e99499 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Wed, 15 Jul 2020 16:03:21 +0100 +Subject: [PATCH] Don't use the target perl when regenerating the man pages. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + man/local.mk | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + diff --git a/man/local.mk b/man/local.mk -index e69858b1..78c68ab5 100644 +index 775c131..ba94753 100644 --- a/man/local.mk +++ b/man/local.mk -@@ -67,13 +67,12 @@ SUFFIXES += .w .1 +@@ -77,13 +77,12 @@ SUFFIXES += .w .1 @echo "Updating man page $@" $(MKDIR_P) $(@D) PATH="$(top_srcdir)/man$(PATH_SEPARATOR)$$PATH"; \ diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch b/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch index 2c44375f43..3e741edfb2 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch @@ -1,14 +1,26 @@ +From 8bcaf677e41f1f5d3fa0a746e35958e7b303ac71 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Wed, 15 Jul 2020 16:03:21 +0100 +Subject: [PATCH] autoconf: upgrade to 2.71 + For native builds we don't care about the documentation, and this would otherwise pull in a dependency on help2man. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + Makefile.in | 10 ---------- + 1 file changed, 10 deletions(-) + diff --git a/Makefile.in b/Makefile.in -index 146e8e3..a1827c1 100644 +index c8d6425..72d6d05 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -763,10 +762,0 @@ dist_buildaux_SCRIPTS = \ +@@ -771,16 +771,6 @@ buildauxdir = $(pkgdatadir)/build-aux + dist_buildaux_DATA = \ + $(AUXSCRIPTS) + -dist_man_MANS = \ - man/autoconf.1 \ - man/autoheader.1 \ @@ -19,3 +31,6 @@ index 146e8e3..a1827c1 100644 - man/ifnames.1 - - + # Each manpage depends on: + # - its .w and .x files and its source script in bin/ + # - common.x for the SEE ALSO list diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch b/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch index cfb145a279..64fed1fd82 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch @@ -1,7 +1,7 @@ -From 0aac3047cd7681d610b22d79501c297fa3433148 Mon Sep 17 00:00:00 2001 +From a877ff979349d3bf6f5f0d92fe4e741be0ad98b4 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 12 Mar 2020 17:25:41 +0000 -Subject: [PATCH 2/7] m4sh: prefer bash over sh +Subject: [PATCH] m4sh: prefer bash over sh _AS_DETECT_BETTER_SHELL looks for a good shell to use, and tries to look for 'sh' before 'bash'. Whilst for many systems sh is a symlink to bash, @@ -16,15 +16,16 @@ Change the search order to bash then sh, so that a known-good shell (bash) is used if available over something which is merely POSIX compliant. Upstream-Status: Inappropriate [oe specific] + --- lib/m4sugar/m4sh.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/m4sugar/m4sh.m4 b/lib/m4sugar/m4sh.m4 -index 9d543952..84ef84a9 100644 +index 368487f..cc70f51 100644 --- a/lib/m4sugar/m4sh.m4 +++ b/lib/m4sugar/m4sh.m4 -@@ -230,7 +230,7 @@ dnl Remove any tests from suggested that are also required +@@ -233,7 +233,7 @@ dnl Remove any tests from suggested that are also required [_AS_PATH_WALK([/bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH], [case $as_dir in @%:@( /*) @@ -33,6 +34,3 @@ index 9d543952..84ef84a9 100644 # Try only shells that exist, to save several forks. as_shell=$as_dir$as_base AS_IF([{ test -f "$as_shell" || test -f "$as_shell.exe"; } && --- -2.25.1 - diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch b/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch index 657cbb351b..f647f2a8c0 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch @@ -1,19 +1,20 @@ -From f4f19a5c03e8ae3b9cc93d24b76694f4b7b2eb76 Mon Sep 17 00:00:00 2001 +From 7949496ff3834dcd98407cc3f3ea022ee2471d52 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 12 Mar 2020 17:28:38 +0000 -Subject: [PATCH 3/7] program_prefix.patch +Subject: [PATCH] program_prefix.patch Upstream-Status: Inappropriate [oe specific] Signed-off-by: Ross Burton <ross.burton@intel.com> + --- lib/autoconf/general.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/autoconf/general.m4 b/lib/autoconf/general.m4 -index 16f0d074..4c5e0b36 100644 +index 47d896d..3deaa46 100644 --- a/lib/autoconf/general.m4 +++ b/lib/autoconf/general.m4 -@@ -2070,7 +2070,7 @@ _AC_CANONICAL_SPLIT([target]) +@@ -2071,7 +2071,7 @@ _AC_CANONICAL_SPLIT([target]) # The aliases save the names the user supplied, while $host etc. # will get canonicalized. @@ -22,6 +23,3 @@ index 16f0d074..4c5e0b36 100644 test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}-[]dnl --- -2.25.1 - diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch b/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch index f38780130a..ca1534b8f0 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch +++ b/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch @@ -1,19 +1,20 @@ -From a08643ac3fef884900d6cfa161f0acec3ef104d1 Mon Sep 17 00:00:00 2001 +From 294a8d47a70db077691624615c5cb6d331a3299b Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 12 Mar 2020 17:25:37 +0000 -Subject: [PATCH 1/7] remove-usr-local-lib-from-m4.patch +Subject: [PATCH] remove-usr-local-lib-from-m4.patch Upstream-Status: Inappropriate [oe specific] Signed-off-by: Ross Burton <ross.burton@intel.com> + --- lib/autoconf/functions.m4 | 9 --------- 1 file changed, 9 deletions(-) diff --git a/lib/autoconf/functions.m4 b/lib/autoconf/functions.m4 -index 12f60b99..07da7941 100644 +index 9b3f3c0..1faa99b 100644 --- a/lib/autoconf/functions.m4 +++ b/lib/autoconf/functions.m4 -@@ -801,15 +801,6 @@ if test $ac_have_func = no; then +@@ -825,15 +825,6 @@ if test $ac_have_func = no; then [LIBS="-lutil $LIBS" ac_have_func=yes ac_cv_func_getloadavg_setgid=yes]) fi @@ -29,6 +30,3 @@ index 12f60b99..07da7941 100644 # Make sure it is really in the library, if we think we found it, # otherwise set up the replacement function. AC_CHECK_FUNCS(getloadavg, [], --- -2.25.1 - diff --git a/poky/meta/recipes-devtools/autoconf/autoconf_2.72d.bb b/poky/meta/recipes-devtools/autoconf/autoconf_2.72e.bb index 6741746184..db374373cf 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf_2.72d.bb +++ b/poky/meta/recipes-devtools/autoconf/autoconf_2.72e.bb @@ -22,7 +22,7 @@ SRC_URI = " \ " SRC_URI:append:class-native = " file://no-man.patch" -SRC_URI[sha256sum] = "c09dcba3d051507459df2fcd58d6f19e5b342568fa910e3bb3a74b4402cde3a6" +SRC_URI[sha256sum] = "f3478d3b597d51f5d61596fb2f6f6aba49cdd974b4b05ff0bac57f56b5cfdb39" RDEPENDS:${PN} = "m4 gnu-config \ perl \ diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc index 359db1e278..32fddd11c2 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc @@ -115,3 +115,4 @@ EXTRA_OECONF_PATHS = "\ " CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc" +CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source" diff --git a/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.031.bb b/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.032.bb index e03deaf15f..5876e8a63c 100644 --- a/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.031.bb +++ b/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.032.bb @@ -1,6 +1,3 @@ -# Copyright (C) 2020 Jens Rehsack <sno@netbsd.org> -# Released under the MIT license (see COPYING.MIT for the terms) - SUMMARY = "Test::Warnings - Test for warnings and the lack of them" DESCRIPTION = "If you've ever tried to use Test::NoWarnings to confirm there are no \ warnings generated by your tests, combined with the convenience of \ @@ -12,13 +9,13 @@ demonstration.)" HOMEPAGE = "https://github.com/karenetheridge/Test-Warnings" BUGTRACKER = "https://rt.cpan.org/Public/Dist/Display.html?Name=Test-Warnings" SECTION = "libs" -LICENSE = "Artistic-1.0 | GPL-1.0-or-later" +LICENSE = "Artistic-1.0-Perl | GPL-1.0-or-later" -LIC_FILES_CHKSUM = "file://LICENCE;md5=6f2b02f39e7d359efd9525fbc56c84a1" +LIC_FILES_CHKSUM = "file://LICENCE;md5=f98106ac3cc05d9cbebcdb8fbf7b7815" SRC_URI = "${CPAN_MIRROR}/authors/id/E/ET/ETHER/Test-Warnings-${PV}.tar.gz" -SRC_URI[sha256sum] = "1e542909fef305e45563e9878ea1c3b0c7cef1b28bb7ae07eba2e1efabec477b" +SRC_URI[sha256sum] = "4727dae2416e9f07e41e2dc3a9143ba6affc1ec57652117c99d50038e313e9d9" S = "${WORKDIR}/Test-Warnings-${PV}" diff --git a/poky/meta/recipes-devtools/perl/perl_5.38.2.bb b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb index a9d684cfc5..b6c9cda7ae 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.38.2.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb @@ -273,7 +273,7 @@ FILES:${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/ ${libdir}/perl5/${PV}/ExtUtils/typemap \ " RPROVIDES:${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \ - perl-module-warnings-register" + perl-module-warnings-register perl-module-config-git" FILES:${PN}-staticdev:append = " ${libdir}/perl5/${PV}/*/CORE/libperl.a" @@ -306,8 +306,8 @@ ALTERNATIVE_PRIORITY = "40" ALTERNATIVE:${PN}-doc = "Thread.3" ALTERNATIVE_LINK_NAME[Thread.3] = "${mandir}/man3/Thread.3" -# Create a perl-modules package recommending all the other perl -# packages (actually the non modules packages and not created too) +# Create a perl-modules package that represents the collection of all the +# other perl packages (actually the non modules packages and not created too). ALLOW_EMPTY:${PN}-modules = "1" PACKAGES += "${PN}-modules " @@ -322,11 +322,13 @@ python split_perl_packages () { do_split_packages(d, libdir, r'.*linux/([^\/].*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) do_split_packages(d, libdir, r'(^(?!(CPAN\/|CPANPLUS\/|Module\/|unicore\/|.*linux\/)[^\/]).*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) - # perl-modules should recommend every perl module, and only the + # perl-modules should runtime-depend on every perl module, and only the # modules. Don't attempt to use the result of do_split_packages() as some - # modules are manually split (eg. perl-module-unicore). - packages = filter(lambda p: 'perl-module-' in p, d.getVar('PACKAGES').split()) - d.setVar(d.expand("RRECOMMENDS:${PN}-modules"), ' '.join(packages)) + # modules are manually split (eg. perl-module-unicore). Also, the split + # packages should not include packages defined in RPROVIDES:${PN}. + perl_sub_pkgs = d.getVar(d.expand("RPROVIDES:${PN}")).split() + packages = filter(lambda p: 'perl-module-' in p and p not in perl_sub_pkgs, d.getVar('PACKAGES').split()) + d.setVar(d.expand("RDEPENDS:${PN}-modules"), ' '.join(packages)) # Read the pre-generated dependency file, and use it to set module dependecies for line in open(d.expand("${WORKDIR}") + '/perl-rdepends.txt').readlines(): @@ -352,7 +354,8 @@ python() { d.setVar("PACKAGES_DYNAMIC", "^nativesdk-perl-module-.*") } -RDEPENDS:${PN}-misc += "perl perl-modules" +RDEPENDS:${PN}-misc += "perl" +RRECOMMENDS:${PN}-misc += "perl-modules" RDEPENDS:${PN}-pod += "perl" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb b/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb deleted file mode 100644 index a018ef1dc8..0000000000 --- a/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "Python implementation of subunit test streaming protocol" -HOMEPAGE = "https://pypi.org/project/python-subunit/" -SECTION = "devel/python" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://README.rst;beginline=1;endline=20;md5=909c08e291647fd985fbe5d9836d51b6" - -PYPI_PACKAGE = "python-subunit" - -SRC_URI[sha256sum] = "2988d324d55ec35dd037e502e3f74ac38f4e457bd44ee0edf5e898f7ee1134d4" - -inherit pypi setuptools3 - -RDEPENDS:${PN} = " python3-testtools" - -BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb b/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb new file mode 100644 index 0000000000..11be10bab6 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb @@ -0,0 +1,15 @@ +SUMMARY = "Python implementation of subunit test streaming protocol" +HOMEPAGE = "https://pypi.org/project/python-subunit/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;beginline=1;endline=20;md5=b1121e68d06c8d9ea544fcd895df0d39" + +PYPI_PACKAGE = "python-subunit" + +SRC_URI[sha256sum] = "1079363131aa1d3f45259237265bc2e61a77e35f20edfb6e3d1d2558a2cdea34" + +inherit pypi setuptools3 + +RDEPENDS:${PN} = " python3-testtools python3-iso8601" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb b/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb new file mode 100644 index 0000000000..4b7bd065f9 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb @@ -0,0 +1,15 @@ +SUMMARY = "A linter for YAML files." +HOMEPAGE = "https://github.com/adrienverge/yamllint" +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1ebbd3e34237af26da5dc08a4e440464" + +inherit pypi setuptools3 + +PYPI_PACKAGE = "yamllint" + +SRC_URI[sha256sum] = "2dceab9ef2d99518a2fcf4ffc964d44250ac4459be1ba3ca315118e4a1a81f7d" + +DEPENDS += "${PYTHON_PN}-setuptools-scm-native" +RDEPENDS:${PN} += "${PYTHON_PN}-pyyaml" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.2.0.bb index a77953529b..a77953529b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_8.2.0.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.2.0.bb index 0634b34242..0634b34242 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.2.0.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 70515d980e..bc1440249d 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -32,19 +32,16 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ file://fixedmeson.patch \ - file://fixmips.patch \ file://0001-vfio-Include-libgen.h-for-basename-API.patch \ file://no-pip.patch \ + file://fix_segv.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087" - -SRC_URI:append:class-target = " file://cross.patch" -SRC_URI:append:class-nativesdk = " file://cross.patch" +SRC_URI[sha256sum] = "bf00d2fa12010df8b0ade93371def58e632cb32a6bfdc5f5a0ff8e6a1fb1bf32" CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself" @@ -117,9 +114,13 @@ EXTRA_OECONF = " \ --extra-ldflags='${LDFLAGS}' \ --disable-download \ --disable-docs \ + --host-cc=${BUILD_CC} \ ${PACKAGECONFIG_CONFARGS} \ " +EXTRA_OECONF:append:class-target = " --cross-prefix=${HOST_PREFIX}" +EXTRA_OECONF:append:class-nativesdk = " --cross-prefix=${HOST_PREFIX}" + B = "${WORKDIR}/build" #EXTRA_OECONF:append = " --python=${HOSTTOOLS_DIR}/python3" @@ -133,6 +134,7 @@ do_configure:prepend:class-native() { } do_configure() { + export PKG_CONFIG=pkg-config ${S}/configure ${EXTRA_OECONF} } do_configure[cleandirs] += "${B}" @@ -176,7 +178,7 @@ do_install:append() { # Disable kvm/virgl/mesa on targets that do not support it PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" -PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+" +PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie" PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" @@ -237,6 +239,7 @@ PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack," PACKAGECONFIG[debuginfo] = "--enable-libdw,--disable-libdw,elfutils" PACKAGECONFIG[pipewire] = "--enable-pipewire,--disable-pipewire,pipewire" +PACKAGECONFIG[sndio] = "--enable-sndio,--disable-sndio,sndio" INSANE_SKIP:${PN}-common = "arch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/cross.patch b/poky/meta/recipes-devtools/qemu/qemu/cross.patch deleted file mode 100644 index 112eb92593..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/cross.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 76c3fc4c87231bed32974ebbbdb5079cff45a6b7 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Tue, 5 Jan 2021 23:00:14 +0000 -Subject: [PATCH 12/12] qemu: Upgrade 5.1.0->5.2.0 - -We need to be able to trigger configure's cross code but we don't want -to set cross_prefix as it does other things we don't want. Patch things -so we can do what we need in the target config case. - -Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?] -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - ---- - configure | 4 ---- - 1 file changed, 4 deletions(-) - -Index: qemu-8.0.0/configure -=================================================================== ---- qemu-8.0.0.orig/configure -+++ qemu-8.0.0/configure -@@ -2590,7 +2590,6 @@ if test "$skip_meson" = no; then - echo "widl = [$(meson_quote $widl)]" >> $cross - echo "windres = [$(meson_quote $windres)]" >> $cross - echo "windmc = [$(meson_quote $windmc)]" >> $cross -- if test "$cross_compile" = "yes"; then - cross_arg="--cross-file config-meson.cross" - echo "[host_machine]" >> $cross - echo "system = '$targetos'" >> $cross -@@ -2608,9 +2607,6 @@ if test "$skip_meson" = no; then - else - echo "endian = 'little'" >> $cross - fi -- else -- cross_arg="--native-file config-meson.cross" -- fi - mv $cross config-meson.cross - - rm -rf meson-private meson-info meson-logs diff --git a/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch b/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch new file mode 100644 index 0000000000..da5ae87e0c --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch @@ -0,0 +1,47 @@ +With qemu 8.2.0 we started seeing SEGV errors when compiling webkitgtk from +usermode qemu: + +qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20} +Segmentation fault + +By bisection, this was tracked down to: + +commit 7b7a3366e142d3baeb3fd1d3660a50e7956c19eb +Author: Richard Henderson <richard.henderson@linaro.org> +Date: Tue Aug 8 20:02:19 2023 -0700 + + linux-user: Use walk_memory_regions for open_self_maps + + Replace the by-hand method of region identification with + the official user-exec interface. Cross-check the region + provided to the callback with the interval tree from + read_self_maps(). + + Tested-by: Helge Deller <deller@gmx.de> + Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> + Signed-off-by: Richard Henderson <richard.henderson@linaro.org> + +and specifically to 'n' being NULL. For now, just skip in that case +until a proper fix can be identified. + +Reported upstream: https://www.mail-archive.com/qemu-devel@nongnu.org/msg1018813.html + +YOCTO #15367 + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Upstream-Status: Pending + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index e384e14248..2577fb770d 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -8085,6 +8085,9 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start, + while (1) { + IntervalTreeNode *n = + interval_tree_iter_first(d->host_maps, host_start, host_start); ++ if (!n) { ++ return 0; ++ } + MapInfo *mi = container_of(n, MapInfo, itree); + uintptr_t this_hlast = MIN(host_last, n->last); + target_ulong this_gend = h2g(this_hlast) + 1; diff --git a/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch b/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch index 0cbaea07ca..9047f66dc3 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch @@ -1,12 +1,12 @@ Upstream-Status: Inappropriate [workaround, would need a real fix for upstream] -Index: qemu-8.1.0/configure +Index: qemu-8.2.0/configure =================================================================== ---- qemu-8.1.0.orig/configure -+++ qemu-8.1.0/configure -@@ -1032,12 +1032,7 @@ then - exit 1 - fi +--- qemu-8.2.0.orig/configure ++++ qemu-8.2.0/configure +@@ -955,12 +955,7 @@ fi + $mkvenv ensuregroup --dir "${source_path}/python/wheels" \ + ${source_path}/pythondeps.toml meson || exit 1 -# At this point, we expect Meson to be installed and available. -# We expect mkvenv or pip to have created pyvenv/bin/meson for us. diff --git a/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch b/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch deleted file mode 100644 index 01546d1030..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch +++ /dev/null @@ -1,18 +0,0 @@ -Patch to fix mips boot hangs where virtio appears broken. Patch under discussion upstream. -Regression is introduced by other fixes to 8.1.0 to get x86 boots working. - -Upstream-Status: Pending [https://lore.kernel.org/qemu-devel/6c956b90-5a13-db96-9c02-9834a512fe6f@linaro.org/] - -Index: qemu-8.1.0/softmmu/physmem.c -=================================================================== ---- qemu-8.1.0.orig/softmmu/physmem.c -+++ qemu-8.1.0/softmmu/physmem.c -@@ -2517,7 +2517,7 @@ static void tcg_commit(MemoryListener *l - * That said, the listener is also called during realize, before - * all of the tcg machinery for run-on is initialized: thus halt_cond. - */ -- if (cpu->halt_cond) { -+ if (cpu->halt_cond && !qemu_cpu_is_self(cpu)) { - async_run_on_cpu(cpu, tcg_commit_cpu, RUN_ON_CPU_HOST_PTR(cpuas)); - } else { - tcg_commit_cpu(cpu, RUN_ON_CPU_HOST_PTR(cpuas)); diff --git a/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch b/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch index f52b4e4b83..92b2edbe9f 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch @@ -22,11 +22,11 @@ as it stands is a workaround. Upstream-Status: Inappropriate [oe specific] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -diff --git a/configure b/configure -index 133f4e3235..e4c144b4e2 100755 ---- a/configure -+++ b/configure -@@ -1009,7 +1009,7 @@ python="$(command -v "$python")" +Index: qemu-8.2.0/configure +=================================================================== +--- qemu-8.2.0.orig/configure ++++ qemu-8.2.0/configure +@@ -937,7 +937,7 @@ python="$(command -v "$python")" echo "python determined to be '$python'" echo "python version: $($python --version)" @@ -35,11 +35,11 @@ index 133f4e3235..e4c144b4e2 100755 if test "$?" -ne 0 ; then error_exit "python venv creation failed" fi -@@ -1017,6 +1017,7 @@ fi +@@ -945,6 +945,7 @@ fi # Suppress writing compiled files python="$python -B" mkvenv="$python ${source_path}/python/scripts/mkvenv.py" +mkvenv=true - mkvenv_flags="" - if test "$download" = "enabled" ; then + # Finish preparing the virtual environment using vendored .whl files + diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu_8.2.0.bb index dc1352232e..dc1352232e 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_8.2.0.bb diff --git a/poky/meta/recipes-devtools/rust/files/cargo-path.patch b/poky/meta/recipes-devtools/rust/files/cargo-path.patch new file mode 100644 index 0000000000..84bd580aa7 --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/cargo-path.patch @@ -0,0 +1,37 @@ +Fix the cargo binary path error and ensure that it is fetched +during rustc bootstrap in rust oe-selftest. + +====================================================================== +ERROR: test_cargoflags (bootstrap_test.BuildBootstrap) +---------------------------------------------------------------------- +Traceback (most recent call last): + File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 157, in test_cargoflags + args, _ = self.build_args(env={"CARGOFLAGS": "--timings"}) + File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 154, in build_args + return build.build_bootstrap_cmd(env), env + File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap.py", line 960, in build_bootstrap_cmd + raise Exception("no cargo executable found at `{}`".format( +Exception: no cargo executable found at `/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/build/x86_64-unknown-linux-gnu/stage0/bin/cargo` + +Upstream-Status: Submitted [https://github.com/rust-lang/rust/pull/120125] + +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- +diff --git a/src/bootstrap/bootstrap.py b/src/bootstrap/bootstrap.py +--- a/src/bootstrap/bootstrap.py ++++ b/src/bootstrap/bootstrap.py +@@ -954,9 +954,11 @@ + if deny_warnings: + env["RUSTFLAGS"] += " -Dwarnings" + +- env["PATH"] = os.path.join(self.bin_root(), "bin") + \ +- os.pathsep + env["PATH"] +- if not os.path.isfile(self.cargo()): ++ cargo_bin_path = os.path.join(self.bin_root(), "bin", "cargo") ++ if not os.path.isfile(cargo_bin_path): ++ cargo_bin_path = os.getenv("RUST_TARGET_PATH") + "rust-snapshot/bin/cargo" ++ env["PATH"] = os.path.dirname(cargo_bin_path) + os.pathsep + env["PATH"] ++ else: + raise Exception("no cargo executable found at `{}`".format( + self.cargo())) + args = [self.cargo(), "build", "--manifest-path", diff --git a/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch b/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch new file mode 100644 index 0000000000..15a7f252cc --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch @@ -0,0 +1,90 @@ +Detect and fetch custom target configurations when rustc is +bootstrapped in rust oe-selftest. + +Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/26c71cbcf1a9bce6ceb962d753c467d098f63cf6] + +Signed-off-by: onur-ozkan <work@onurozkan.dev> +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- +diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs +index e85f6319936..c45c0b3c652 100644 +--- a/src/tools/compiletest/src/common.rs ++++ b/src/tools/compiletest/src/common.rs +@@ -479,6 +479,7 @@ fn new(config: &Config) -> TargetCfgs { + let mut targets: HashMap<String, TargetCfg> = serde_json::from_str(&rustc_output( + config, + &["--print=all-target-specs-json", "-Zunstable-options"], ++ Default::default(), + )) + .unwrap(); + +@@ -491,16 +492,33 @@ fn new(config: &Config) -> TargetCfgs { + let mut all_families = HashSet::new(); + let mut all_pointer_widths = HashSet::new(); + +- // Handle custom target specs, which are not included in `--print=all-target-specs-json`. +- if config.target.ends_with(".json") { +- targets.insert( +- config.target.clone(), +- serde_json::from_str(&rustc_output( +- config, +- &["--print=target-spec-json", "-Zunstable-options", "--target", &config.target], +- )) +- .unwrap(), +- ); ++ // If current target is not included in the `--print=all-target-specs-json` output, ++ // we check whether it is a custom target from the user or a synthetic target from bootstrap. ++ if !targets.contains_key(&config.target) { ++ let mut envs: HashMap<String, String> = HashMap::new(); ++ ++ if let Ok(t) = std::env::var("RUST_TARGET_PATH") { ++ envs.insert("RUST_TARGET_PATH".into(), t); ++ } ++ ++ // This returns false only when the target is neither a synthetic target ++ // nor a custom target from the user, indicating it is most likely invalid. ++ if config.target.ends_with(".json") || !envs.is_empty() { ++ targets.insert( ++ config.target.clone(), ++ serde_json::from_str(&rustc_output( ++ config, ++ &[ ++ "--print=target-spec-json", ++ "-Zunstable-options", ++ "--target", ++ &config.target, ++ ], ++ envs, ++ )) ++ .unwrap(), ++ ); ++ } + } + + for (target, cfg) in targets.iter() { +@@ -545,7 +563,9 @@ fn get_current_target_config( + // code below extracts them from `--print=cfg`: make sure to only override fields that can + // actually be changed with `-C` flags. + for config in +- rustc_output(config, &["--print=cfg", "--target", &config.target]).trim().lines() ++ rustc_output(config, &["--print=cfg", "--target", &config.target], Default::default()) ++ .trim() ++ .lines() + { + let (name, value) = config + .split_once("=\"") +@@ -624,11 +644,12 @@ pub enum Endian { + Big, + } + +-fn rustc_output(config: &Config, args: &[&str]) -> String { ++fn rustc_output(config: &Config, args: &[&str], envs: HashMap<String, String>) -> String { + let mut command = Command::new(&config.rustc_path); + add_dylib_path(&mut command, iter::once(&config.compile_lib_path)); + command.args(&config.target_rustcflags).args(args); + command.env("RUSTC_BOOTSTRAP", "1"); ++ command.envs(envs); + + let output = match command.output() { + Ok(output) => output, + diff --git a/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch b/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch new file mode 100644 index 0000000000..406fc610bb --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch @@ -0,0 +1,21 @@ +When rust.channel is set to either beta or stable, we can't use +nightly features on bootstrap without RUSTC_BOOTSTRAP. Set RUSTC_BOOTSTRAP=1 +to use nightly features on stable or beta. + +Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/8aa7dd06f6e50621dc10f9f9490681be8a45876f] + +Signed-off-by: onur-ozkan <work@onurozkan.dev> +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- +diff --git a/src/bootstrap/synthetic_targets.rs b/ src/bootstrap/synthetic_targets.rs +index d2c65b740da..45baf56f46b 100644 +--- a/src/bootstrap/synthetic_targets.rs ++++ b/src/bootstrap/synthetic_targets.rs +@@ -59,6 +59,7 @@ fn create_synthetic_target( + let mut cmd = Command::new(builder.rustc(compiler)); + cmd.arg("--target").arg(base.rustc_target_arg()); + cmd.args(["-Zunstable-options", "--print", "target-spec-json"]); ++ cmd.env("RUSTC_BOOTSTRAP", "1"); + cmd.stdout(Stdio::piped()); + + let output = cmd.spawn().unwrap().wait_with_output().unwrap(); diff --git a/poky/meta/recipes-devtools/rust/files/target-build-value.patch b/poky/meta/recipes-devtools/rust/files/target-build-value.patch new file mode 100644 index 0000000000..23e8c76801 --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/target-build-value.patch @@ -0,0 +1,26 @@ +Add correct build value for cross-compiled targets on stage1 when +bootstapping rustc. + +Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/b888e2f82b9dbe81875f50d13adbc0271a9401ff] + +Signed-off-by: onur-ozkan <work@onurozkan.dev> +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- +diff --git a/src/bootstrap/test.rs b/src/bootstrap/test.rs +--- a/src/bootstrap/test.rs ++++ b/src/bootstrap/test.rs +@@ -1489,8 +1489,12 @@ + // NOTE: Only stage 1 is special cased because we need the rustc_private artifacts to match the + // running compiler in stage 2 when plugins run. + let stage_id = if suite == "ui-fulldeps" && compiler.stage == 1 { +- compiler = builder.compiler(compiler.stage - 1, target); +- format!("stage{}-{}", compiler.stage + 1, target) ++ // At stage 0 (stage - 1) we are using the beta compiler. Using `self.target` can lead finding ++ // an incorrect compiler path on cross-targets, as the stage 0 beta compiler is always equal ++ // to `build.build` in the configuration. ++ let build = builder.build.build; ++ compiler = builder.compiler(compiler.stage - 1, build); ++ format!("stage{}-{}", compiler.stage + 1, build) + } else { + format!("stage{}-{}", compiler.stage, target) + }; diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc index 83a0dbc15f..e02829e6b3 100644 --- a/poky/meta/recipes-devtools/rust/rust-source.inc +++ b/poky/meta/recipes-devtools/rust/rust-source.inc @@ -10,6 +10,10 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://0004-musl-Define-O_LARGEFILE-for-riscv32.patch;patchdir=${RUSTSRC} \ file://0005-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \ file://0001-Revert-Map-source-absolute-paths-to-OUT_DIR-as-relat.patch;patchdir=${RUSTSRC} \ + file://cargo-path.patch;patchdir=${RUSTSRC} \ + file://custom-target-cfg.patch;patchdir=${RUSTSRC} \ + file://rustc-bootstrap.patch;patchdir=${RUSTSRC} \ + file://target-build-value.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "b98c09d968529212fb29eec7d6d3e9bdaa869810679b7fb86a1ca69469d75f5e" diff --git a/poky/meta/recipes-devtools/rust/rust_1.74.1.bb b/poky/meta/recipes-devtools/rust/rust_1.74.1.bb index 30543ada7d..f8db186890 100644 --- a/poky/meta/recipes-devtools/rust/rust_1.74.1.bb +++ b/poky/meta/recipes-devtools/rust/rust_1.74.1.bb @@ -200,7 +200,11 @@ rust_runx () { if [ ${RUST_ALTERNATE_EXE_PATH_NATIVE} != ${RUST_ALTERNATE_EXE_PATH} -a ! -f ${RUST_ALTERNATE_EXE_PATH} ]; then mkdir -p `dirname ${RUST_ALTERNATE_EXE_PATH}` cp ${RUST_ALTERNATE_EXE_PATH_NATIVE} ${RUST_ALTERNATE_EXE_PATH} - chrpath -d ${RUST_ALTERNATE_EXE_PATH} + if [ -e ${STAGING_LIBDIR_NATIVE}/libc++.so.1 ]; then + chrpath -r \$ORIGIN/../../../../../`basename ${STAGING_DIR_NATIVE}`${libdir_native} ${RUST_ALTERNATE_EXE_PATH} + else + chrpath -d ${RUST_ALTERNATE_EXE_PATH} + fi fi oe_cargo_fix_env diff --git a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch index c374790d1d..464d1470e3 100644 --- a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch +++ b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch @@ -1,9 +1,19 @@ +From f5b325cba73018e5be984570fd4e680e59e7865d Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong.fan@windriver.com> +Date: Wed, 20 Jul 2011 02:42:28 +0000 +Subject: [PATCH] cronie: enable PAM support for cronie + password-auth is the Fedora's common pam configure file, use oe common pam configure files instead. Upstream-Status: Pending Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> + +--- + pam/crond | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + diff --git a/pam/crond b/pam/crond index 560529d..95a6457 100644 --- a/pam/crond diff --git a/poky/meta/recipes-extended/cronie/cronie_1.7.0.bb b/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb index 24c419b1c5..854b68163c 100644 --- a/poky/meta/recipes-extended/cronie/cronie_1.7.0.bb +++ b/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb @@ -25,7 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/cronie-${PV}/cronie-${PV}.tar.gz \ PAM_SRC_URI = "file://crond_pam_config.patch" PAM_DEPS = "libpam libpam-runtime pam-plugin-access pam-plugin-loginuid" -SRC_URI[sha256sum] = "6827f5a47760cc64afeef0a60d3cb5376f52569109fc9a73957dd5e9fdae7619" +SRC_URI[sha256sum] = "78033100c24413f0c40f93e6138774d6a4f55bc31050567b90db45a2f9f1b954" inherit autotools update-rc.d useradd systemd github-releases UPSTREAM_CHECK_REGEX = "releases/tag/cronie-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 43f456251a..b8e5e285c4 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -47,16 +47,6 @@ EXTRA_OECONF += "--without-libcrack \ CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" -# Force static linking of utilities so we can use from the sysroot/sstate for useradd -# without worrying about the dependency libraries being available -LDFLAGS:append:class-native = " -no-pie" -do_compile:prepend:class-native () { - sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \ - -e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \ - -e 's#\(LIBATTR.*\)-lattr#\1 ${STAGING_LIBDIR}/libattr.a#g' \ - ${B}/lib/Makefile ${B}/src/Makefile -} - NSCDOPT = "" NSCDOPT:class-native = "--without-nscd" NSCDOPT:class-nativesdk = "--without-nscd" @@ -161,6 +151,20 @@ do_install:append() { touch ${D}${sysconfdir}/subgid } +# Make executables look for dynamically linked libraries in a custom location, and install +# the needed libraries there. That way we can use them from sstate +# in setscene tasks without worrying about the dependency libraries being available. +do_install:append:class-native() { + binaries=$(find ${D}${base_bindir}/ ${D}${base_sbindir}/ ${D}${bindir}/ ${D}${sbindir}/ -executable -type f) + chrpath -k -r ${STAGING_DIR_NATIVE}/lib-shadow-deps $binaries + mkdir -p ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ + install ${STAGING_LIBDIR_NATIVE}/libattr.so.* ${STAGING_LIBDIR_NATIVE}/libbsd.so.* ${STAGING_LIBDIR_NATIVE}/libmd.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ + install ${D}${libdir}/*.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ +} + +SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/" +INSANE_SKIP:${PN}:class-native = "already-stripped" + PACKAGES =+ "${PN}-base" FILES:${PN}-base = "\ ${base_bindir}/login.shadow \ diff --git a/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch b/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch new file mode 100644 index 0000000000..8a06d244e4 --- /dev/null +++ b/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch @@ -0,0 +1,38 @@ +From dc4fcfb1e1e2326a412b252314af3e9424a31457 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 16 Jan 2024 12:02:46 -0800 +Subject: [PATCH] meson: Pass --export-dynamic option to linker + +Bypass the compiler driver trying to comprehend and translate it for +linker, since its not clear what the right behavior should be, gcc seems +to translate it into --export-dynamic but clang 18+ rejects it + +| x86_64-yoe-linux-clang: error: unknown argument: '-export-dynamic' + +also see [1] + +This makes it work as intended across gcc and clang + +Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/30] +[1] https://discourse.llvm.org/t/clang-option-export-dynamic-parse-to-e-xport-dynamic-error/72454 +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + gudev/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gudev/meson.build b/gudev/meson.build +index e904203..3ed580b 100644 +--- a/gudev/meson.build ++++ b/gudev/meson.build +@@ -33,7 +33,7 @@ libgudev_c_args = [ + ] + + libgudev_link_args = [ +- '-export-dynamic', ++ '-Wl,--export-dynamic', + '-Wl,--version-script,@0@/libgudev-1.0.sym'.format(top_srcdir), + ] + +-- +2.43.0 + diff --git a/poky/meta/recipes-gnome/libgudev/libgudev_238.bb b/poky/meta/recipes-gnome/libgudev/libgudev_238.bb index 5923544eca..f197f6421d 100644 --- a/poky/meta/recipes-gnome/libgudev/libgudev_238.bb +++ b/poky/meta/recipes-gnome/libgudev/libgudev_238.bb @@ -16,6 +16,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" inherit gnomebase gobject-introspection gtk-doc +SRC_URI += "file://0001-meson-Pass-export-dynamic-option-to-linker.patch" + GIR_MESON_ENABLE_FLAG = 'enabled' GIR_MESON_DISABLE_FLAG = 'disabled' diff --git a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.2.bb index f762d7c343..2d8ea952c5 100644 --- a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb +++ b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.2.bb @@ -13,7 +13,7 @@ inherit gnomebase gi-docgen vala gobject-introspection manpages DEPENDS += "glib-2.0 libgcrypt gettext-native" -SRC_URI[archive.sha256sum] = "674f51323a5f74e4cb7e3277da68b5afddd333eca25bc9fd2d820a92972f90b1" +SRC_URI[archive.sha256sum] = "e4a341496a0815e64c8d3b8fabab33d7bae7efdeab77b843669731d5b181dcee" GTKDOC_MESON_OPTION = 'gtk_doc' diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb index fe72537b77..4c97e973d0 100644 --- a/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb +++ b/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb @@ -38,12 +38,13 @@ inherit meson pkgconfig upstream-version-is-even gtk-doc multilib_script # if qemu usermode isn't available, this value needs to be set statically # (otherwise it's determinted by running a small target executable with qemu) -do_write_config:append:class-target() { +do_write_config:append() { cat >${WORKDIR}/cairo.cross <<EOF [properties] ipc_rmid_deferred_release = 'true' EOF } +EXTRA_OEMESON:append:class-nativesdk = "${@' --cross-file ${WORKDIR}/cairo.cross' if d.getVar('EXEWRAPPER_ENABLED') == 'False' else ''}" EXTRA_OEMESON:append:class-target = "${@' --cross-file ${WORKDIR}/cairo.cross' if d.getVar('EXEWRAPPER_ENABLED') == 'False' else ''}" GTKDOC_MESON_OPTION = "gtk_doc" diff --git a/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb b/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb index e4555af6d5..cf2ced98f0 100644 --- a/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb +++ b/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/google/shaderc" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRCREV = "23cc2d78fd4f866b6ab527886a396bec36948605" +SRCREV = "3882b16417077aa8eaa7b5775920e7ba4b8a224d" SRC_URI = "git://github.com/google/shaderc.git;protocol=https;branch=main \ file://0001-cmake-disable-building-external-dependencies.patch \ file://0002-libshaderc_util-fix-glslang-header-file-location.patch \ diff --git a/poky/meta/recipes-graphics/wayland/weston_12.0.2.bb b/poky/meta/recipes-graphics/wayland/weston_13.0.0.bb index cfcaaca9c7..c74f471f07 100644 --- a/poky/meta/recipes-graphics/wayland/weston_12.0.2.bb +++ b/poky/meta/recipes-graphics/wayland/weston_13.0.0.bb @@ -14,7 +14,7 @@ SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downlo file://systemd-notify.weston-start \ " -SRC_URI[sha256sum] = "eb686a7cf00992a23b17f192fca9a887313e92c346ee35d8575196983d656b4a" +SRC_URI[sha256sum] = "52ff1d4aa2394a2e416c85a338b627ce97fa71d43eb762fd4aaf145d36fc795a" UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" @@ -38,7 +38,6 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms wayla ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \ - launcher-libseat \ image-jpeg \ screenshare \ shell-desktop \ @@ -54,7 +53,7 @@ SIMPLECLIENTS ?= "all" # Compositor choices # # Weston on KMS -PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev virtual/egl virtual/libgles2 virtual/libgbm mtdev" +PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev seatd virtual/egl virtual/libgles2 virtual/libgbm mtdev" # Weston on Wayland (nested Weston) PACKAGECONFIG[wayland] = "-Dbackend-wayland=true,-Dbackend-wayland=false,virtual/egl virtual/libgles2" # Weston on X11 @@ -93,10 +92,6 @@ PACKAGECONFIG[shell-ivi] = "-Dshell-ivi=true,-Dshell-ivi=false" PACKAGECONFIG[shell-kiosk] = "-Dshell-kiosk=true,-Dshell-kiosk=false" # JPEG image loading support PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg" -# support libseat based launch -PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd" -# deprecated and superseded by libseat launcher -PACKAGECONFIG[launcher-logind] = "-Ddeprecated-launcher-logind=true,-Ddeprecated-launcher-logind=false," # screencasting via PipeWire PACKAGECONFIG[pipewire] = "-Dbackend-pipewire=true,-Dbackend-pipewire=false,pipewire" # VNC remote screensharing diff --git a/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch b/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch deleted file mode 100644 index 361369b291..0000000000 --- a/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch +++ /dev/null @@ -1,114 +0,0 @@ -From b9b2b8d1af283a13cdccea55562cf332de48dcb9 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross@openedhand.com> -Date: Wed, 28 Mar 2007 16:10:50 +0000 -Subject: [PATCH] Add xev - -Upstream-Status: Inappropriate [disable feature] - ---- - xev.c | 64 +---------------------------------------------------------- - 1 file changed, 1 insertion(+), 63 deletions(-) - -diff --git a/xev.c b/xev.c -index ea69234..6d5eb30 100644 ---- a/xev.c -+++ b/xev.c -@@ -175,17 +175,6 @@ do_KeyPress(XEvent *eventp) - nbytes = XLookupString(e, str, 256, &ks, NULL); - - /* not supposed to call XmbLookupString on a key release event */ -- if (e->type == KeyPress && xic) { -- do { -- nmbbytes = XmbLookupString(xic, e, buf, bsize - 1, &ks, &status); -- buf[nmbbytes] = '\0'; -- -- if (status == XBufferOverflow) { -- bsize = nmbbytes + 1; -- buf = realloc(buf, bsize); -- } -- } while (status == XBufferOverflow); -- } - - if (ks == NoSymbol) - ksname = "NoSymbol"; -@@ -220,16 +209,6 @@ do_KeyPress(XEvent *eventp) - } - - /* not supposed to call XmbLookupString on a key release event */ -- if (e->type == KeyPress && xic) { -- output(Indent, "XmbLookupString gives %d bytes: ", nmbbytes); -- if (nmbbytes > 0) { -- dump(buf, nmbbytes); -- output(NewLine, " \"%s\"", buf); -- } -- else { -- output_new_line(); -- } -- } - - output(Indent | NewLine, "XFilterEvent returns: %s", - XFilterEvent(eventp, e->window) ? "True" : "False"); -@@ -1211,7 +1190,7 @@ parse_event_mask(const char *s, long event_masks[]) - if (s) - return True; - } -- } -+ } - - if (s != NULL) - fprintf(stderr, "%s: unrecognized event mask '%s'\n", ProgramName, s); -@@ -1361,37 +1340,6 @@ main(int argc, char **argv) - fprintf(stderr, "%s: XSetLocaleModifiers failed\n", ProgramName); - } - -- xim = XOpenIM(dpy, NULL, NULL, NULL); -- if (xim == NULL) { -- fprintf(stderr, "%s: XOpenIM failed\n", ProgramName); -- } -- -- if (xim) { -- imvalret = XGetIMValues(xim, XNQueryInputStyle, &xim_styles, NULL); -- if (imvalret != NULL || xim_styles == NULL) { -- fprintf(stderr, "%s: input method doesn't support any styles\n", -- ProgramName); -- } -- -- if (xim_styles) { -- xim_style = 0; -- for (i = 0; i < xim_styles->count_styles; i++) { -- if (xim_styles->supported_styles[i] == -- (XIMPreeditNothing | XIMStatusNothing)) { -- xim_style = xim_styles->supported_styles[i]; -- break; -- } -- } -- -- if (xim_style == 0) { -- fprintf(stderr, -- "%s: input method doesn't support the style we support\n", -- ProgramName); -- } -- XFree(xim_styles); -- } -- } -- - screen = DefaultScreen(dpy); - - attr.event_mask = event_masks[EVENT_MASK_INDEX_CORE]; -@@ -1446,16 +1394,6 @@ main(int argc, char **argv) - printf("Outer window is 0x%lx, inner window is 0x%lx\n", w, subw); - } - -- if (xim && xim_style) { -- xic = XCreateIC(xim, -- XNInputStyle, xim_style, -- XNClientWindow, w, XNFocusWindow, w, NULL); -- -- if (xic == NULL) { -- fprintf(stderr, "XCreateIC failed\n"); -- } -- } -- - have_rr = XRRQueryExtension(dpy, &rr_event_base, &rr_error_base); - if (have_rr) { - int rr_major, rr_minor; diff --git a/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb index 0e3def6eee..1d2e66b7b4 100644 --- a/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb +++ b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb @@ -12,8 +12,6 @@ PE = "1" DEPENDS += "libxrandr xorgproto" -SRC_URI += "file://diet-x11.patch" - SRC_URI[sha256sum] = "c9461a4389714e0f33974f9e75934bdc38d836a0f059b8dc089c7cbf2ce36ec1" SRC_URI_EXT = "xz" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch b/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch deleted file mode 100644 index 60331f6e78..0000000000 --- a/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch +++ /dev/null @@ -1,18 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -This patch makes the build use its own Xcomposite.h over rather than an -older Xcomposite.h that might already be installed in the staging dir. - -Index: libXcomposite-0.4.3/src/Makefile.am -=================================================================== ---- libXcomposite-0.4.3.orig/src/Makefile.am 2010-06-30 22:42:53.000000000 -0700 -+++ libXcomposite-0.4.3/src/Makefile.am 2010-11-23 23:09:34.544322930 -0800 -@@ -19,7 +19,7 @@ - # TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - # PERFORMANCE OF THIS SOFTWARE. - --AM_CFLAGS = $(CWARNFLAGS) $(XCOMPOSITE_CFLAGS) $(XFIXES_CFLAGS) -+AM_CFLAGS = -I$(top_srcdir)/include $(CWARNFLAGS) $(XCOMPOSITE_CFLAGS) $(XFIXES_CFLAGS) - AM_CPPFLAGS = -I$(top_srcdir)/include - - lib_LTLIBRARIES = libXcomposite.la diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb b/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb index 77b3db5cf9..881f579695 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb @@ -22,6 +22,4 @@ PE = "1" XORG_PN = "libXcomposite" -SRC_URI += " file://change-include-order.patch" - SRC_URI[sha256sum] = "fe40bcf0ae1a09070eba24088a5eb9810efe57453779ec1e20a55080c6dc2c87" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.3.bb b/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.4.bb index 98572bd969..3e2825b916 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.3.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.4.bb @@ -19,4 +19,4 @@ XORG_PN = "libXrandr" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "897639014a78e1497704d669c5dd5682d721931a4452c89a7ba62676064eb428" +SRC_URI[sha256sum] = "1ad5b065375f4a85915aa60611cc6407c060492a214d7f9daf214be752c3b4d3" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 085fcaf87a..22f7d9a8ad 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -116,7 +116,6 @@ FILES:xf86-video-modesetting = "${libdir}/xorg/modules/drivers/modesetting_drv.s EXTRA_OEMESON += " \ -Dxnest=false \ - -Dxvfb=true \ -Ddtrace=false \ -Dint10=x86emu \ -Dxkb_output_dir=/var/lib/xkb \ @@ -138,6 +137,7 @@ PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,li PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind" PACKAGECONFIG[systemd-logind] = "-Dsystemd_logind=true,-Dsystemd_logind=false,dbus," PACKAGECONFIG[xinerama] = "-Dxinerama=true,-Dxinerama=false" +PACKAGECONFIG[xvfb] = "-Dxvfb=true,-Dxvfb=false" # Xorg requires a SHA1 implementation, pick one XORG_CRYPTO ??= "openssl" @@ -175,3 +175,5 @@ python populate_packages:prepend() { d.appendVar("RPROVIDES:" + pn, " " + get_abi("input")) d.appendVar("RPROVIDES:" + pn, " " + get_abi("video")) } + +CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', '', 'not-applicable-config: specific to Xvfb', d)}" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb index 16cf8e241b..9347cde298 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb @@ -263,9 +263,7 @@ do_install() { PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ ${PN}-cw1200-license ${PN}-cw1200 \ ${PN}-ralink-license ${PN}-ralink \ - ${PN}-mt7601u-license ${PN}-mt7601u \ - ${PN}-mt7650-license ${PN}-mt7650 \ - ${PN}-mt76x2-license ${PN}-mt76x2 \ + ${PN}-mt76x-license ${PN}-mt7601u ${PN}-mt7650 ${PN}-mt76x2 \ ${PN}-radeon-license ${PN}-radeon \ ${PN}-amdgpu-license ${PN}-amdgpu \ ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ @@ -507,43 +505,36 @@ FILES:${PN}-ralink = " \ RDEPENDS:${PN}-ralink += "${PN}-ralink-license" # For mediatek MT7601U +LICENSE:${PN}-mt76x-license = "Firmware-ralink_a_mediatek_company_firmware" +FILES:${PN}-mt76x-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" + LICENSE:${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware" -LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" -FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u = " \ ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \ ${nonarch_base_libdir}/firmware/mt7601u.bin \ " -RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" +RDEPENDS:${PN}-mt7601u += "${PN}-mt76x-license" # For MediaTek Bluetooth USB driver 7650 LICENSE:${PN}-mt7650 = "Firmware-ralink_a_mediatek_company_firmware" -LICENSE:${PN}-mt7650-license = "Firmware-ralink_a_mediatek_company_firmware" -FILES:${PN}-mt7650-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ -" FILES:${PN}-mt7650 = " \ ${nonarch_base_libdir}/firmware/mediatek/mt7650.bin \ ${nonarch_base_libdir}/firmware/mt7650.bin \ " -RDEPENDS:${PN}-mt7650 += "${PN}-mt7650-license" +RDEPENDS:${PN}-mt7650 += "${PN}-mt76x-license" # For MediaTek MT76x2 Wireless MACs LICENSE:${PN}-mt76x2 = "Firmware-ralink_a_mediatek_company_firmware" -LICENSE:${PN}-mt76x2-license = "Firmware-ralink_a_mediatek_company_firmware" -FILES:${PN}-mt76x2-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ -" FILES:${PN}-mt76x2 = " \ ${nonarch_base_libdir}/firmware/mediatek/mt7662.bin \ ${nonarch_base_libdir}/firmware/mt7662.bin \ ${nonarch_base_libdir}/firmware/mediatek/mt7662_rom_patch.bin \ ${nonarch_base_libdir}/firmware/mt7662_rom_patch.bin \ " -RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x2-license" +RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x-license" # For MediaTek LICENSE:${PN}-mediatek = "Firmware-mediatek" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc deleted file mode 100644 index 8d345831d3..0000000000 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ /dev/null @@ -1,5172 +0,0 @@ - -# Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70 - -python check_kernel_cve_status_version() { - this_version = "6.1.70" - kernel_version = d.getVar("LINUX_VERSION") - if kernel_version != this_version: - bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) -} -do_cve_check[prefuncs] += "check_kernel_cve_status_version" - -CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed from version 2.6.12rc2" - -CVE_STATUS[CVE-2004-0230] = "fixed-version: Fixed from version 3.6rc1" - -# CVE-2005-3660 has no known resolution - -CVE_STATUS[CVE-2006-3635] = "fixed-version: Fixed from version 2.6.26rc5" - -CVE_STATUS[CVE-2006-5331] = "fixed-version: Fixed from version 2.6.19rc3" - -CVE_STATUS[CVE-2006-6128] = "fixed-version: Fixed from version 2.6.19rc2" - -# CVE-2007-3719 has no known resolution - -CVE_STATUS[CVE-2007-4774] = "fixed-version: Fixed from version 2.6.12rc2" - -CVE_STATUS[CVE-2007-6761] = "fixed-version: Fixed from version 2.6.24rc6" - -CVE_STATUS[CVE-2007-6762] = "fixed-version: Fixed from version 2.6.20rc5" - -# CVE-2008-2544 has no known resolution - -# CVE-2008-4609 has no known resolution - -CVE_STATUS[CVE-2008-7316] = "fixed-version: Fixed from version 2.6.25rc1" - -CVE_STATUS[CVE-2009-2692] = "fixed-version: Fixed from version 2.6.31rc6" - -CVE_STATUS[CVE-2010-0008] = "fixed-version: Fixed from version 2.6.23rc9" - -CVE_STATUS[CVE-2010-3432] = "fixed-version: Fixed from version 2.6.36rc5" - -# CVE-2010-4563 has no known resolution - -CVE_STATUS[CVE-2010-4648] = "fixed-version: Fixed from version 2.6.37rc6" - -CVE_STATUS[CVE-2010-5313] = "fixed-version: Fixed from version 2.6.38rc1" - -# CVE-2010-5321 has no known resolution - -CVE_STATUS[CVE-2010-5328] = "fixed-version: Fixed from version 2.6.35rc1" - -CVE_STATUS[CVE-2010-5329] = "fixed-version: Fixed from version 2.6.39rc1" - -CVE_STATUS[CVE-2010-5331] = "fixed-version: Fixed from version 2.6.34rc7" - -CVE_STATUS[CVE-2010-5332] = "fixed-version: Fixed from version 2.6.37rc1" - -CVE_STATUS[CVE-2011-4098] = "fixed-version: Fixed from version 3.2rc1" - -CVE_STATUS[CVE-2011-4131] = "fixed-version: Fixed from version 3.3rc1" - -CVE_STATUS[CVE-2011-4915] = "fixed-version: Fixed from version 3.2rc1" - -# CVE-2011-4916 has no known resolution - -# CVE-2011-4917 has no known resolution - -CVE_STATUS[CVE-2011-5321] = "fixed-version: Fixed from version 3.2rc1" - -CVE_STATUS[CVE-2011-5327] = "fixed-version: Fixed from version 3.1rc1" - -CVE_STATUS[CVE-2012-0957] = "fixed-version: Fixed from version 3.7rc2" - -CVE_STATUS[CVE-2012-2119] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2012-2136] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2012-2137] = "fixed-version: Fixed from version 3.5rc2" - -CVE_STATUS[CVE-2012-2313] = "fixed-version: Fixed from version 3.4rc6" - -CVE_STATUS[CVE-2012-2319] = "fixed-version: Fixed from version 3.4rc6" - -CVE_STATUS[CVE-2012-2372] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2012-2375] = "fixed-version: Fixed from version 3.4rc1" - -CVE_STATUS[CVE-2012-2390] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2012-2669] = "fixed-version: Fixed from version 3.5rc4" - -CVE_STATUS[CVE-2012-2744] = "fixed-version: Fixed from version 2.6.34rc1" - -CVE_STATUS[CVE-2012-2745] = "fixed-version: Fixed from version 3.4rc3" - -CVE_STATUS[CVE-2012-3364] = "fixed-version: Fixed from version 3.5rc6" - -CVE_STATUS[CVE-2012-3375] = "fixed-version: Fixed from version 3.4rc5" - -CVE_STATUS[CVE-2012-3400] = "fixed-version: Fixed from version 3.5rc5" - -CVE_STATUS[CVE-2012-3412] = "fixed-version: Fixed from version 3.6rc2" - -CVE_STATUS[CVE-2012-3430] = "fixed-version: Fixed from version 3.6rc1" - -CVE_STATUS[CVE-2012-3510] = "fixed-version: Fixed from version 2.6.19rc4" - -CVE_STATUS[CVE-2012-3511] = "fixed-version: Fixed from version 3.5rc6" - -CVE_STATUS[CVE-2012-3520] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-3552] = "fixed-version: Fixed from version 3.0rc1" - -# Skipping CVE-2012-4220, no affected_versions - -# Skipping CVE-2012-4221, no affected_versions - -# Skipping CVE-2012-4222, no affected_versions - -CVE_STATUS[CVE-2012-4398] = "fixed-version: Fixed from version 3.4rc1" - -CVE_STATUS[CVE-2012-4444] = "fixed-version: Fixed from version 2.6.36rc4" - -CVE_STATUS[CVE-2012-4461] = "fixed-version: Fixed from version 3.7rc6" - -CVE_STATUS[CVE-2012-4467] = "fixed-version: Fixed from version 3.6rc5" - -CVE_STATUS[CVE-2012-4508] = "fixed-version: Fixed from version 3.7rc3" - -CVE_STATUS[CVE-2012-4530] = "fixed-version: Fixed from version 3.8rc1" - -# CVE-2012-4542 has no known resolution - -CVE_STATUS[CVE-2012-4565] = "fixed-version: Fixed from version 3.7rc4" - -CVE_STATUS[CVE-2012-5374] = "fixed-version: Fixed from version 3.8rc1" - -CVE_STATUS[CVE-2012-5375] = "fixed-version: Fixed from version 3.8rc1" - -CVE_STATUS[CVE-2012-5517] = "fixed-version: Fixed from version 3.6rc1" - -CVE_STATUS[CVE-2012-6536] = "fixed-version: Fixed from version 3.6rc7" - -CVE_STATUS[CVE-2012-6537] = "fixed-version: Fixed from version 3.6rc7" - -CVE_STATUS[CVE-2012-6538] = "fixed-version: Fixed from version 3.6rc7" - -CVE_STATUS[CVE-2012-6539] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6540] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6541] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6542] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6543] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6544] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6545] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6546] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2012-6547] = "fixed-version: Fixed from version 3.6rc1" - -CVE_STATUS[CVE-2012-6548] = "fixed-version: Fixed from version 3.6rc1" - -CVE_STATUS[CVE-2012-6549] = "fixed-version: Fixed from version 3.6rc1" - -CVE_STATUS[CVE-2012-6638] = "fixed-version: Fixed from version 3.3rc1" - -CVE_STATUS[CVE-2012-6647] = "fixed-version: Fixed from version 3.6rc2" - -CVE_STATUS[CVE-2012-6657] = "fixed-version: Fixed from version 3.6" - -CVE_STATUS[CVE-2012-6689] = "fixed-version: Fixed from version 3.6rc5" - -CVE_STATUS[CVE-2012-6701] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2012-6703] = "fixed-version: Fixed from version 3.7rc1" - -CVE_STATUS[CVE-2012-6704] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2012-6712] = "fixed-version: Fixed from version 3.4rc1" - -CVE_STATUS[CVE-2013-0160] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-0190] = "fixed-version: Fixed from version 3.8rc5" - -CVE_STATUS[CVE-2013-0216] = "fixed-version: Fixed from version 3.8rc7" - -CVE_STATUS[CVE-2013-0217] = "fixed-version: Fixed from version 3.8rc7" - -CVE_STATUS[CVE-2013-0228] = "fixed-version: Fixed from version 3.8" - -CVE_STATUS[CVE-2013-0231] = "fixed-version: Fixed from version 3.8rc7" - -CVE_STATUS[CVE-2013-0268] = "fixed-version: Fixed from version 3.8rc6" - -CVE_STATUS[CVE-2013-0290] = "fixed-version: Fixed from version 3.8" - -CVE_STATUS[CVE-2013-0309] = "fixed-version: Fixed from version 3.7rc1" - -CVE_STATUS[CVE-2013-0310] = "fixed-version: Fixed from version 3.5" - -CVE_STATUS[CVE-2013-0311] = "fixed-version: Fixed from version 3.7rc8" - -CVE_STATUS[CVE-2013-0313] = "fixed-version: Fixed from version 3.8rc5" - -CVE_STATUS[CVE-2013-0343] = "fixed-version: Fixed from version 3.11rc7" - -CVE_STATUS[CVE-2013-0349] = "fixed-version: Fixed from version 3.8rc6" - -CVE_STATUS[CVE-2013-0871] = "fixed-version: Fixed from version 3.8rc5" - -CVE_STATUS[CVE-2013-0913] = "fixed-version: Fixed from version 3.9rc4" - -CVE_STATUS[CVE-2013-0914] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-1059] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-1763] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-1767] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-1772] = "fixed-version: Fixed from version 3.5rc1" - -CVE_STATUS[CVE-2013-1773] = "fixed-version: Fixed from version 3.3rc1" - -CVE_STATUS[CVE-2013-1774] = "fixed-version: Fixed from version 3.8rc5" - -CVE_STATUS[CVE-2013-1792] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-1796] = "fixed-version: Fixed from version 3.9rc4" - -CVE_STATUS[CVE-2013-1797] = "fixed-version: Fixed from version 3.9rc4" - -CVE_STATUS[CVE-2013-1798] = "fixed-version: Fixed from version 3.9rc4" - -CVE_STATUS[CVE-2013-1819] = "fixed-version: Fixed from version 3.8rc6" - -CVE_STATUS[CVE-2013-1826] = "fixed-version: Fixed from version 3.6rc7" - -CVE_STATUS[CVE-2013-1827] = "fixed-version: Fixed from version 3.6rc3" - -CVE_STATUS[CVE-2013-1828] = "fixed-version: Fixed from version 3.9rc2" - -CVE_STATUS[CVE-2013-1848] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-1858] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-1860] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-1928] = "fixed-version: Fixed from version 3.7rc3" - -CVE_STATUS[CVE-2013-1929] = "fixed-version: Fixed from version 3.9rc6" - -# Skipping CVE-2013-1935, no affected_versions - -CVE_STATUS[CVE-2013-1943] = "fixed-version: Fixed from version 3.0rc1" - -CVE_STATUS[CVE-2013-1956] = "fixed-version: Fixed from version 3.9rc5" - -CVE_STATUS[CVE-2013-1957] = "fixed-version: Fixed from version 3.9rc5" - -CVE_STATUS[CVE-2013-1958] = "fixed-version: Fixed from version 3.9rc5" - -CVE_STATUS[CVE-2013-1959] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-1979] = "fixed-version: Fixed from version 3.9rc8" - -CVE_STATUS[CVE-2013-2015] = "fixed-version: Fixed from version 3.8rc2" - -CVE_STATUS[CVE-2013-2017] = "fixed-version: Fixed from version 2.6.34" - -CVE_STATUS[CVE-2013-2058] = "fixed-version: Fixed from version 3.8rc4" - -CVE_STATUS[CVE-2013-2094] = "fixed-version: Fixed from version 3.9rc8" - -CVE_STATUS[CVE-2013-2128] = "fixed-version: Fixed from version 2.6.34rc4" - -CVE_STATUS[CVE-2013-2140] = "fixed-version: Fixed from version 3.11rc3" - -CVE_STATUS[CVE-2013-2141] = "fixed-version: Fixed from version 3.9rc8" - -CVE_STATUS[CVE-2013-2146] = "fixed-version: Fixed from version 3.9rc8" - -CVE_STATUS[CVE-2013-2147] = "fixed-version: Fixed from version 3.12rc3" - -CVE_STATUS[CVE-2013-2148] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-2164] = "fixed-version: Fixed from version 3.11rc1" - -# Skipping CVE-2013-2188, no affected_versions - -CVE_STATUS[CVE-2013-2206] = "fixed-version: Fixed from version 3.9rc4" - -# Skipping CVE-2013-2224, no affected_versions - -CVE_STATUS[CVE-2013-2232] = "fixed-version: Fixed from version 3.10" - -CVE_STATUS[CVE-2013-2234] = "fixed-version: Fixed from version 3.10" - -CVE_STATUS[CVE-2013-2237] = "fixed-version: Fixed from version 3.9rc6" - -# Skipping CVE-2013-2239, no affected_versions - -CVE_STATUS[CVE-2013-2546] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-2547] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-2548] = "fixed-version: Fixed from version 3.9rc1" - -CVE_STATUS[CVE-2013-2596] = "fixed-version: Fixed from version 3.9rc8" - -CVE_STATUS[CVE-2013-2634] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-2635] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-2636] = "fixed-version: Fixed from version 3.9rc3" - -CVE_STATUS[CVE-2013-2850] = "fixed-version: Fixed from version 3.10rc4" - -CVE_STATUS[CVE-2013-2851] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-2852] = "fixed-version: Fixed from version 3.10rc6" - -CVE_STATUS[CVE-2013-2888] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-2889] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2890] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2891] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2892] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-2893] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2894] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2895] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2896] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-2897] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-2898] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-2899] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-2929] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-2930] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-3076] = "fixed-version: Fixed from version 3.9" - -CVE_STATUS[CVE-2013-3222] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3223] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3224] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3225] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3226] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3227] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3228] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3229] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3230] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3231] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3232] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3233] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3234] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3235] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3236] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3237] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3301] = "fixed-version: Fixed from version 3.9rc7" - -CVE_STATUS[CVE-2013-3302] = "fixed-version: Fixed from version 3.8rc3" - -CVE_STATUS[CVE-2013-4125] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-4127] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-4129] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-4162] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-4163] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2013-4205] = "fixed-version: Fixed from version 3.11rc5" - -CVE_STATUS[CVE-2013-4220] = "fixed-version: Fixed from version 3.10rc4" - -CVE_STATUS[CVE-2013-4247] = "fixed-version: Fixed from version 3.10rc5" - -CVE_STATUS[CVE-2013-4254] = "fixed-version: Fixed from version 3.11rc6" - -CVE_STATUS[CVE-2013-4270] = "fixed-version: Fixed from version 3.12rc4" - -CVE_STATUS[CVE-2013-4299] = "fixed-version: Fixed from version 3.12rc6" - -CVE_STATUS[CVE-2013-4300] = "fixed-version: Fixed from version 3.11" - -CVE_STATUS[CVE-2013-4312] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2013-4343] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-4345] = "fixed-version: Fixed from version 3.13rc2" - -CVE_STATUS[CVE-2013-4348] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-4350] = "fixed-version: Fixed from version 3.12rc2" - -CVE_STATUS[CVE-2013-4387] = "fixed-version: Fixed from version 3.12rc4" - -CVE_STATUS[CVE-2013-4470] = "fixed-version: Fixed from version 3.12rc7" - -CVE_STATUS[CVE-2013-4483] = "fixed-version: Fixed from version 3.10rc1" - -CVE_STATUS[CVE-2013-4511] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4512] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4513] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4514] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4515] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4516] = "fixed-version: Fixed from version 3.12" - -CVE_STATUS[CVE-2013-4563] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-4579] = "fixed-version: Fixed from version 3.13rc7" - -CVE_STATUS[CVE-2013-4587] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2013-4588] = "fixed-version: Fixed from version 2.6.33rc4" - -CVE_STATUS[CVE-2013-4591] = "fixed-version: Fixed from version 3.8rc1" - -CVE_STATUS[CVE-2013-4592] = "fixed-version: Fixed from version 3.7rc1" - -# Skipping CVE-2013-4737, no affected_versions - -# Skipping CVE-2013-4738, no affected_versions - -# Skipping CVE-2013-4739, no affected_versions - -CVE_STATUS[CVE-2013-5634] = "fixed-version: Fixed from version 3.10rc5" - -CVE_STATUS[CVE-2013-6282] = "fixed-version: Fixed from version 3.6rc6" - -CVE_STATUS[CVE-2013-6367] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2013-6368] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2013-6376] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2013-6378] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-6380] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-6381] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-6382] = "fixed-version: Fixed from version 3.13rc4" - -CVE_STATUS[CVE-2013-6383] = "fixed-version: Fixed from version 3.12" - -# Skipping CVE-2013-6392, no affected_versions - -CVE_STATUS[CVE-2013-6431] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2013-6432] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-6885] = "fixed-version: Fixed from version 3.14rc1" - -CVE_STATUS[CVE-2013-7026] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7027] = "fixed-version: Fixed from version 3.12rc7" - -CVE_STATUS[CVE-2013-7263] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7264] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7265] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7266] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7267] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7268] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7269] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7270] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7271] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7281] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7339] = "fixed-version: Fixed from version 3.13rc7" - -CVE_STATUS[CVE-2013-7348] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2013-7421] = "fixed-version: Fixed from version 3.19rc1" - -# CVE-2013-7445 has no known resolution - -CVE_STATUS[CVE-2013-7446] = "fixed-version: Fixed from version 4.4rc4" - -CVE_STATUS[CVE-2013-7470] = "fixed-version: Fixed from version 3.12rc7" - -CVE_STATUS[CVE-2014-0038] = "fixed-version: Fixed from version 3.14rc1" - -CVE_STATUS[CVE-2014-0049] = "fixed-version: Fixed from version 3.14rc5" - -CVE_STATUS[CVE-2014-0055] = "fixed-version: Fixed from version 3.14" - -CVE_STATUS[CVE-2014-0069] = "fixed-version: Fixed from version 3.14rc4" - -CVE_STATUS[CVE-2014-0077] = "fixed-version: Fixed from version 3.14" - -CVE_STATUS[CVE-2014-0100] = "fixed-version: Fixed from version 3.14rc7" - -CVE_STATUS[CVE-2014-0101] = "fixed-version: Fixed from version 3.14rc6" - -CVE_STATUS[CVE-2014-0102] = "fixed-version: Fixed from version 3.14rc6" - -CVE_STATUS[CVE-2014-0131] = "fixed-version: Fixed from version 3.14rc7" - -CVE_STATUS[CVE-2014-0155] = "fixed-version: Fixed from version 3.15rc2" - -CVE_STATUS[CVE-2014-0181] = "fixed-version: Fixed from version 3.15rc5" - -CVE_STATUS[CVE-2014-0196] = "fixed-version: Fixed from version 3.15rc5" - -CVE_STATUS[CVE-2014-0203] = "fixed-version: Fixed from version 2.6.33rc5" - -CVE_STATUS[CVE-2014-0205] = "fixed-version: Fixed from version 2.6.37rc1" - -CVE_STATUS[CVE-2014-0206] = "fixed-version: Fixed from version 3.16rc3" - -# Skipping CVE-2014-0972, no affected_versions - -CVE_STATUS[CVE-2014-1438] = "fixed-version: Fixed from version 3.13" - -CVE_STATUS[CVE-2014-1444] = "fixed-version: Fixed from version 3.12rc7" - -CVE_STATUS[CVE-2014-1445] = "fixed-version: Fixed from version 3.12rc7" - -CVE_STATUS[CVE-2014-1446] = "fixed-version: Fixed from version 3.13rc7" - -CVE_STATUS[CVE-2014-1690] = "fixed-version: Fixed from version 3.13rc8" - -CVE_STATUS[CVE-2014-1737] = "fixed-version: Fixed from version 3.15rc5" - -CVE_STATUS[CVE-2014-1738] = "fixed-version: Fixed from version 3.15rc5" - -CVE_STATUS[CVE-2014-1739] = "fixed-version: Fixed from version 3.15rc6" - -CVE_STATUS[CVE-2014-1874] = "fixed-version: Fixed from version 3.14rc2" - -CVE_STATUS[CVE-2014-2038] = "fixed-version: Fixed from version 3.14rc1" - -CVE_STATUS[CVE-2014-2039] = "fixed-version: Fixed from version 3.14rc3" - -CVE_STATUS[CVE-2014-2309] = "fixed-version: Fixed from version 3.14rc7" - -CVE_STATUS[CVE-2014-2523] = "fixed-version: Fixed from version 3.14rc1" - -CVE_STATUS[CVE-2014-2568] = "fixed-version: Fixed from version 3.14" - -CVE_STATUS[CVE-2014-2580] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-2672] = "fixed-version: Fixed from version 3.14rc6" - -CVE_STATUS[CVE-2014-2673] = "fixed-version: Fixed from version 3.14rc6" - -CVE_STATUS[CVE-2014-2678] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-2706] = "fixed-version: Fixed from version 3.14rc6" - -CVE_STATUS[CVE-2014-2739] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-2851] = "fixed-version: Fixed from version 3.15rc2" - -CVE_STATUS[CVE-2014-2889] = "fixed-version: Fixed from version 3.2rc7" - -CVE_STATUS[CVE-2014-3122] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-3144] = "fixed-version: Fixed from version 3.15rc2" - -CVE_STATUS[CVE-2014-3145] = "fixed-version: Fixed from version 3.15rc2" - -CVE_STATUS[CVE-2014-3153] = "fixed-version: Fixed from version 3.15" - -CVE_STATUS[CVE-2014-3180] = "fixed-version: Fixed from version 3.17rc4" - -CVE_STATUS[CVE-2014-3181] = "fixed-version: Fixed from version 3.17rc3" - -CVE_STATUS[CVE-2014-3182] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-3183] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-3184] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-3185] = "fixed-version: Fixed from version 3.17rc3" - -CVE_STATUS[CVE-2014-3186] = "fixed-version: Fixed from version 3.17rc3" - -# Skipping CVE-2014-3519, no affected_versions - -CVE_STATUS[CVE-2014-3534] = "fixed-version: Fixed from version 3.16rc7" - -CVE_STATUS[CVE-2014-3535] = "fixed-version: Fixed from version 2.6.36rc1" - -CVE_STATUS[CVE-2014-3601] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-3610] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-3611] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-3631] = "fixed-version: Fixed from version 3.17rc5" - -CVE_STATUS[CVE-2014-3645] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2014-3646] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-3647] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-3673] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-3687] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-3688] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-3690] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-3917] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2014-3940] = "fixed-version: Fixed from version 3.15" - -CVE_STATUS[CVE-2014-4014] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2014-4027] = "fixed-version: Fixed from version 3.14rc1" - -CVE_STATUS[CVE-2014-4157] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-4171] = "fixed-version: Fixed from version 3.16rc3" - -# Skipping CVE-2014-4322, no affected_versions - -# Skipping CVE-2014-4323, no affected_versions - -CVE_STATUS[CVE-2014-4508] = "fixed-version: Fixed from version 3.16rc3" - -CVE_STATUS[CVE-2014-4608] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-4611] = "fixed-version: Fixed from version 3.16rc3" - -CVE_STATUS[CVE-2014-4652] = "fixed-version: Fixed from version 3.16rc2" - -CVE_STATUS[CVE-2014-4653] = "fixed-version: Fixed from version 3.16rc2" - -CVE_STATUS[CVE-2014-4654] = "fixed-version: Fixed from version 3.16rc2" - -CVE_STATUS[CVE-2014-4655] = "fixed-version: Fixed from version 3.16rc2" - -CVE_STATUS[CVE-2014-4656] = "fixed-version: Fixed from version 3.16rc2" - -CVE_STATUS[CVE-2014-4667] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2014-4699] = "fixed-version: Fixed from version 3.16rc4" - -CVE_STATUS[CVE-2014-4943] = "fixed-version: Fixed from version 3.16rc6" - -CVE_STATUS[CVE-2014-5045] = "fixed-version: Fixed from version 3.16rc7" - -CVE_STATUS[CVE-2014-5077] = "fixed-version: Fixed from version 3.16" - -CVE_STATUS[CVE-2014-5206] = "fixed-version: Fixed from version 3.17rc1" - -CVE_STATUS[CVE-2014-5207] = "fixed-version: Fixed from version 3.17rc1" - -# Skipping CVE-2014-5332, no affected_versions - -CVE_STATUS[CVE-2014-5471] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-5472] = "fixed-version: Fixed from version 3.17rc2" - -CVE_STATUS[CVE-2014-6410] = "fixed-version: Fixed from version 3.17rc5" - -CVE_STATUS[CVE-2014-6416] = "fixed-version: Fixed from version 3.17rc5" - -CVE_STATUS[CVE-2014-6417] = "fixed-version: Fixed from version 3.17rc5" - -CVE_STATUS[CVE-2014-6418] = "fixed-version: Fixed from version 3.17rc5" - -CVE_STATUS[CVE-2014-7145] = "fixed-version: Fixed from version 3.17rc2" - -# Skipping CVE-2014-7207, no affected_versions - -CVE_STATUS[CVE-2014-7283] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-7284] = "fixed-version: Fixed from version 3.15rc7" - -CVE_STATUS[CVE-2014-7822] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2014-7825] = "fixed-version: Fixed from version 3.18rc3" - -CVE_STATUS[CVE-2014-7826] = "fixed-version: Fixed from version 3.18rc3" - -CVE_STATUS[CVE-2014-7841] = "fixed-version: Fixed from version 3.18rc5" - -CVE_STATUS[CVE-2014-7842] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-7843] = "fixed-version: Fixed from version 3.18rc5" - -CVE_STATUS[CVE-2014-7970] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-7975] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-8086] = "fixed-version: Fixed from version 3.18rc3" - -CVE_STATUS[CVE-2014-8133] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-8134] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-8159] = "fixed-version: Fixed from version 4.0rc7" - -CVE_STATUS[CVE-2014-8160] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-8171] = "fixed-version: Fixed from version 3.12rc1" - -CVE_STATUS[CVE-2014-8172] = "fixed-version: Fixed from version 3.13rc1" - -CVE_STATUS[CVE-2014-8173] = "fixed-version: Fixed from version 3.13rc5" - -# Skipping CVE-2014-8181, no affected_versions - -CVE_STATUS[CVE-2014-8369] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-8480] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-8481] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-8559] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-8709] = "fixed-version: Fixed from version 3.14rc3" - -CVE_STATUS[CVE-2014-8884] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2014-8989] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9090] = "fixed-version: Fixed from version 3.18rc6" - -CVE_STATUS[CVE-2014-9322] = "fixed-version: Fixed from version 3.18rc6" - -CVE_STATUS[CVE-2014-9419] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9420] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9428] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2014-9529] = "fixed-version: Fixed from version 3.19rc4" - -CVE_STATUS[CVE-2014-9584] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2014-9585] = "fixed-version: Fixed from version 3.19rc4" - -CVE_STATUS[CVE-2014-9644] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9683] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9710] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2014-9715] = "fixed-version: Fixed from version 3.15rc1" - -CVE_STATUS[CVE-2014-9717] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2014-9728] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2014-9729] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2014-9730] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2014-9731] = "fixed-version: Fixed from version 3.19rc3" - -# Skipping CVE-2014-9777, no affected_versions - -# Skipping CVE-2014-9778, no affected_versions - -# Skipping CVE-2014-9779, no affected_versions - -# Skipping CVE-2014-9780, no affected_versions - -# Skipping CVE-2014-9781, no affected_versions - -# Skipping CVE-2014-9782, no affected_versions - -# Skipping CVE-2014-9783, no affected_versions - -# Skipping CVE-2014-9784, no affected_versions - -# Skipping CVE-2014-9785, no affected_versions - -# Skipping CVE-2014-9786, no affected_versions - -# Skipping CVE-2014-9787, no affected_versions - -# Skipping CVE-2014-9788, no affected_versions - -# Skipping CVE-2014-9789, no affected_versions - -CVE_STATUS[CVE-2014-9803] = "fixed-version: Fixed from version 3.16rc1" - -# Skipping CVE-2014-9863, no affected_versions - -# Skipping CVE-2014-9864, no affected_versions - -# Skipping CVE-2014-9865, no affected_versions - -# Skipping CVE-2014-9866, no affected_versions - -# Skipping CVE-2014-9867, no affected_versions - -# Skipping CVE-2014-9868, no affected_versions - -# Skipping CVE-2014-9869, no affected_versions - -CVE_STATUS[CVE-2014-9870] = "fixed-version: Fixed from version 3.11rc1" - -# Skipping CVE-2014-9871, no affected_versions - -# Skipping CVE-2014-9872, no affected_versions - -# Skipping CVE-2014-9873, no affected_versions - -# Skipping CVE-2014-9874, no affected_versions - -# Skipping CVE-2014-9875, no affected_versions - -# Skipping CVE-2014-9876, no affected_versions - -# Skipping CVE-2014-9877, no affected_versions - -# Skipping CVE-2014-9878, no affected_versions - -# Skipping CVE-2014-9879, no affected_versions - -# Skipping CVE-2014-9880, no affected_versions - -# Skipping CVE-2014-9881, no affected_versions - -# Skipping CVE-2014-9882, no affected_versions - -# Skipping CVE-2014-9883, no affected_versions - -# Skipping CVE-2014-9884, no affected_versions - -# Skipping CVE-2014-9885, no affected_versions - -# Skipping CVE-2014-9886, no affected_versions - -# Skipping CVE-2014-9887, no affected_versions - -CVE_STATUS[CVE-2014-9888] = "fixed-version: Fixed from version 3.13rc1" - -# Skipping CVE-2014-9889, no affected_versions - -# Skipping CVE-2014-9890, no affected_versions - -# Skipping CVE-2014-9891, no affected_versions - -# Skipping CVE-2014-9892, no affected_versions - -# Skipping CVE-2014-9893, no affected_versions - -# Skipping CVE-2014-9894, no affected_versions - -CVE_STATUS[CVE-2014-9895] = "fixed-version: Fixed from version 3.11rc1" - -# Skipping CVE-2014-9896, no affected_versions - -# Skipping CVE-2014-9897, no affected_versions - -# Skipping CVE-2014-9898, no affected_versions - -# Skipping CVE-2014-9899, no affected_versions - -# Skipping CVE-2014-9900, no affected_versions - -CVE_STATUS[CVE-2014-9903] = "fixed-version: Fixed from version 3.14rc4" - -CVE_STATUS[CVE-2014-9904] = "fixed-version: Fixed from version 3.17rc1" - -CVE_STATUS[CVE-2014-9914] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2014-9922] = "fixed-version: Fixed from version 3.18rc2" - -CVE_STATUS[CVE-2014-9940] = "fixed-version: Fixed from version 3.19rc1" - -CVE_STATUS[CVE-2015-0239] = "fixed-version: Fixed from version 3.19rc6" - -CVE_STATUS[CVE-2015-0274] = "fixed-version: Fixed from version 3.15rc5" - -CVE_STATUS[CVE-2015-0275] = "fixed-version: Fixed from version 4.1rc1" - -# Skipping CVE-2015-0777, no affected_versions - -# Skipping CVE-2015-1328, no affected_versions - -CVE_STATUS[CVE-2015-1333] = "fixed-version: Fixed from version 4.2rc5" - -CVE_STATUS[CVE-2015-1339] = "fixed-version: Fixed from version 4.4rc5" - -CVE_STATUS[CVE-2015-1350] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2015-1420] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-1421] = "fixed-version: Fixed from version 3.19rc7" - -CVE_STATUS[CVE-2015-1465] = "fixed-version: Fixed from version 3.19rc7" - -CVE_STATUS[CVE-2015-1573] = "fixed-version: Fixed from version 3.19rc5" - -CVE_STATUS[CVE-2015-1593] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2015-1805] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2015-2041] = "fixed-version: Fixed from version 3.19rc7" - -CVE_STATUS[CVE-2015-2042] = "fixed-version: Fixed from version 3.19" - -CVE_STATUS[CVE-2015-2150] = "fixed-version: Fixed from version 4.0rc4" - -CVE_STATUS[CVE-2015-2666] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2015-2672] = "fixed-version: Fixed from version 4.0rc3" - -CVE_STATUS[CVE-2015-2686] = "fixed-version: Fixed from version 4.0rc6" - -CVE_STATUS[CVE-2015-2830] = "fixed-version: Fixed from version 4.0rc3" - -# CVE-2015-2877 has no known resolution - -CVE_STATUS[CVE-2015-2922] = "fixed-version: Fixed from version 4.0rc7" - -CVE_STATUS[CVE-2015-2925] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2015-3212] = "fixed-version: Fixed from version 4.2rc1" - -CVE_STATUS[CVE-2015-3214] = "fixed-version: Fixed from version 2.6.33rc8" - -CVE_STATUS[CVE-2015-3288] = "fixed-version: Fixed from version 4.2rc2" - -CVE_STATUS[CVE-2015-3290] = "fixed-version: Fixed from version 4.2rc3" - -CVE_STATUS[CVE-2015-3291] = "fixed-version: Fixed from version 4.2rc3" - -CVE_STATUS[CVE-2015-3331] = "fixed-version: Fixed from version 4.0rc5" - -# Skipping CVE-2015-3332, no affected_versions - -CVE_STATUS[CVE-2015-3339] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-3636] = "fixed-version: Fixed from version 4.1rc2" - -CVE_STATUS[CVE-2015-4001] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-4002] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-4003] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-4004] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2015-4036] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2015-4167] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2015-4170] = "fixed-version: Fixed from version 3.13rc5" - -CVE_STATUS[CVE-2015-4176] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-4177] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-4178] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-4692] = "fixed-version: Fixed from version 4.2rc1" - -CVE_STATUS[CVE-2015-4700] = "fixed-version: Fixed from version 4.1rc6" - -CVE_STATUS[CVE-2015-5156] = "fixed-version: Fixed from version 4.2rc7" - -CVE_STATUS[CVE-2015-5157] = "fixed-version: Fixed from version 4.2rc3" - -CVE_STATUS[CVE-2015-5257] = "fixed-version: Fixed from version 4.3rc3" - -CVE_STATUS[CVE-2015-5283] = "fixed-version: Fixed from version 4.3rc3" - -CVE_STATUS[CVE-2015-5307] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-5327] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-5364] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-5366] = "fixed-version: Fixed from version 4.1rc7" - -CVE_STATUS[CVE-2015-5697] = "fixed-version: Fixed from version 4.2rc6" - -CVE_STATUS[CVE-2015-5706] = "fixed-version: Fixed from version 4.1rc3" - -CVE_STATUS[CVE-2015-5707] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-6252] = "fixed-version: Fixed from version 4.2rc5" - -CVE_STATUS[CVE-2015-6526] = "fixed-version: Fixed from version 4.1rc1" - -# CVE-2015-6619 has no known resolution - -# CVE-2015-6646 has no known resolution - -CVE_STATUS[CVE-2015-6937] = "fixed-version: Fixed from version 4.3rc1" - -# Skipping CVE-2015-7312, no affected_versions - -CVE_STATUS[CVE-2015-7509] = "fixed-version: Fixed from version 3.7rc1" - -CVE_STATUS[CVE-2015-7513] = "fixed-version: Fixed from version 4.4rc7" - -CVE_STATUS[CVE-2015-7515] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-7550] = "fixed-version: Fixed from version 4.4rc8" - -# Skipping CVE-2015-7553, no affected_versions - -CVE_STATUS[CVE-2015-7566] = "fixed-version: Fixed from version 4.5rc2" - -CVE_STATUS[CVE-2015-7613] = "fixed-version: Fixed from version 4.3rc4" - -CVE_STATUS[CVE-2015-7799] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-7833] = "fixed-version: Fixed from version 4.6rc6" - -# Skipping CVE-2015-7837, no affected_versions - -CVE_STATUS[CVE-2015-7872] = "fixed-version: Fixed from version 4.3rc7" - -CVE_STATUS[CVE-2015-7884] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-7885] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-7990] = "fixed-version: Fixed from version 4.4rc4" - -# Skipping CVE-2015-8019, no affected_versions - -CVE_STATUS[CVE-2015-8104] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-8215] = "fixed-version: Fixed from version 4.0rc3" - -CVE_STATUS[CVE-2015-8324] = "fixed-version: Fixed from version 2.6.34rc1" - -CVE_STATUS[CVE-2015-8374] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-8539] = "fixed-version: Fixed from version 4.4rc3" - -CVE_STATUS[CVE-2015-8543] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8550] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8551] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8552] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8553] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8569] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8575] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8660] = "fixed-version: Fixed from version 4.4rc4" - -CVE_STATUS[CVE-2015-8709] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2015-8746] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2015-8767] = "fixed-version: Fixed from version 4.3rc4" - -CVE_STATUS[CVE-2015-8785] = "fixed-version: Fixed from version 4.4rc5" - -CVE_STATUS[CVE-2015-8787] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-8812] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2015-8816] = "fixed-version: Fixed from version 4.4rc6" - -CVE_STATUS[CVE-2015-8830] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-8839] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2015-8844] = "fixed-version: Fixed from version 4.4rc3" - -CVE_STATUS[CVE-2015-8845] = "fixed-version: Fixed from version 4.4rc3" - -# Skipping CVE-2015-8937, no affected_versions - -# Skipping CVE-2015-8938, no affected_versions - -# Skipping CVE-2015-8939, no affected_versions - -# Skipping CVE-2015-8940, no affected_versions - -# Skipping CVE-2015-8941, no affected_versions - -# Skipping CVE-2015-8942, no affected_versions - -# Skipping CVE-2015-8943, no affected_versions - -# Skipping CVE-2015-8944, no affected_versions - -CVE_STATUS[CVE-2015-8950] = "fixed-version: Fixed from version 4.1rc2" - -CVE_STATUS[CVE-2015-8952] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2015-8953] = "fixed-version: Fixed from version 4.3" - -CVE_STATUS[CVE-2015-8955] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2015-8956] = "fixed-version: Fixed from version 4.2rc1" - -CVE_STATUS[CVE-2015-8961] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-8962] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2015-8963] = "fixed-version: Fixed from version 4.4" - -CVE_STATUS[CVE-2015-8964] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2015-8966] = "fixed-version: Fixed from version 4.4rc8" - -CVE_STATUS[CVE-2015-8967] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2015-8970] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2015-9004] = "fixed-version: Fixed from version 3.19rc7" - -CVE_STATUS[CVE-2015-9016] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2015-9289] = "fixed-version: Fixed from version 4.2rc1" - -CVE_STATUS[CVE-2016-0617] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-0723] = "fixed-version: Fixed from version 4.5rc2" - -CVE_STATUS[CVE-2016-0728] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-0758] = "fixed-version: Fixed from version 4.6" - -# Skipping CVE-2016-0774, no affected_versions - -CVE_STATUS[CVE-2016-0821] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2016-0823] = "fixed-version: Fixed from version 4.0rc5" - -CVE_STATUS[CVE-2016-10044] = "fixed-version: Fixed from version 4.8rc7" - -CVE_STATUS[CVE-2016-10088] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10147] = "fixed-version: Fixed from version 4.9" - -CVE_STATUS[CVE-2016-10150] = "fixed-version: Fixed from version 4.9rc8" - -CVE_STATUS[CVE-2016-10153] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10154] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10200] = "fixed-version: Fixed from version 4.9rc7" - -CVE_STATUS[CVE-2016-10208] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10229] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-10318] = "fixed-version: Fixed from version 4.8rc6" - -CVE_STATUS[CVE-2016-10723] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2016-10741] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10764] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-10905] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2016-10906] = "fixed-version: Fixed from version 4.5rc6" - -CVE_STATUS[CVE-2016-10907] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2016-1237] = "fixed-version: Fixed from version 4.7rc5" - -CVE_STATUS[CVE-2016-1575] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-1576] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-1583] = "fixed-version: Fixed from version 4.7rc3" - -CVE_STATUS[CVE-2016-2053] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2016-2069] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2070] = "fixed-version: Fixed from version 4.4" - -CVE_STATUS[CVE-2016-2085] = "fixed-version: Fixed from version 4.5rc4" - -CVE_STATUS[CVE-2016-2117] = "fixed-version: Fixed from version 4.6rc5" - -CVE_STATUS[CVE-2016-2143] = "fixed-version: Fixed from version 4.5" - -CVE_STATUS[CVE-2016-2184] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-2185] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-2186] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-2187] = "fixed-version: Fixed from version 4.6rc5" - -CVE_STATUS[CVE-2016-2188] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2016-2383] = "fixed-version: Fixed from version 4.5rc4" - -CVE_STATUS[CVE-2016-2384] = "fixed-version: Fixed from version 4.5rc4" - -CVE_STATUS[CVE-2016-2543] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2544] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2545] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2546] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2547] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2548] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2549] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2016-2550] = "fixed-version: Fixed from version 4.5rc4" - -CVE_STATUS[CVE-2016-2782] = "fixed-version: Fixed from version 4.5rc2" - -CVE_STATUS[CVE-2016-2847] = "fixed-version: Fixed from version 4.5rc1" - -# Skipping CVE-2016-2853, no affected_versions - -# Skipping CVE-2016-2854, no affected_versions - -CVE_STATUS[CVE-2016-3044] = "fixed-version: Fixed from version 4.5" - -CVE_STATUS[CVE-2016-3070] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2016-3134] = "fixed-version: Fixed from version 4.6rc2" - -CVE_STATUS[CVE-2016-3135] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-3136] = "fixed-version: Fixed from version 4.6rc3" - -CVE_STATUS[CVE-2016-3137] = "fixed-version: Fixed from version 4.6rc3" - -CVE_STATUS[CVE-2016-3138] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-3139] = "fixed-version: Fixed from version 3.17rc1" - -CVE_STATUS[CVE-2016-3140] = "fixed-version: Fixed from version 4.6rc3" - -CVE_STATUS[CVE-2016-3156] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-3157] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-3672] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-3689] = "fixed-version: Fixed from version 4.6rc1" - -# Skipping CVE-2016-3695, no affected_versions - -# Skipping CVE-2016-3699, no affected_versions - -# Skipping CVE-2016-3707, no affected_versions - -CVE_STATUS[CVE-2016-3713] = "fixed-version: Fixed from version 4.7rc1" - -# CVE-2016-3775 has no known resolution - -# CVE-2016-3802 has no known resolution - -# CVE-2016-3803 has no known resolution - -CVE_STATUS[CVE-2016-3841] = "fixed-version: Fixed from version 4.4rc4" - -CVE_STATUS[CVE-2016-3857] = "fixed-version: Fixed from version 4.8rc2" - -CVE_STATUS[CVE-2016-3951] = "fixed-version: Fixed from version 4.5" - -CVE_STATUS[CVE-2016-3955] = "fixed-version: Fixed from version 4.6rc3" - -CVE_STATUS[CVE-2016-3961] = "fixed-version: Fixed from version 4.6rc5" - -CVE_STATUS[CVE-2016-4440] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4470] = "fixed-version: Fixed from version 4.7rc4" - -CVE_STATUS[CVE-2016-4482] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4485] = "fixed-version: Fixed from version 4.6" - -CVE_STATUS[CVE-2016-4486] = "fixed-version: Fixed from version 4.6" - -CVE_STATUS[CVE-2016-4557] = "fixed-version: Fixed from version 4.6rc6" - -CVE_STATUS[CVE-2016-4558] = "fixed-version: Fixed from version 4.6rc7" - -CVE_STATUS[CVE-2016-4565] = "fixed-version: Fixed from version 4.6rc6" - -CVE_STATUS[CVE-2016-4568] = "fixed-version: Fixed from version 4.6rc6" - -CVE_STATUS[CVE-2016-4569] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4578] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4580] = "fixed-version: Fixed from version 4.6" - -CVE_STATUS[CVE-2016-4581] = "fixed-version: Fixed from version 4.6rc7" - -CVE_STATUS[CVE-2016-4794] = "fixed-version: Fixed from version 4.7rc4" - -CVE_STATUS[CVE-2016-4805] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-4913] = "fixed-version: Fixed from version 4.6" - -CVE_STATUS[CVE-2016-4951] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4997] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-4998] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-5195] = "fixed-version: Fixed from version 4.9rc2" - -CVE_STATUS[CVE-2016-5243] = "fixed-version: Fixed from version 4.7rc3" - -CVE_STATUS[CVE-2016-5244] = "fixed-version: Fixed from version 4.7rc3" - -# Skipping CVE-2016-5340, no affected_versions - -# Skipping CVE-2016-5342, no affected_versions - -# Skipping CVE-2016-5343, no affected_versions - -# Skipping CVE-2016-5344, no affected_versions - -CVE_STATUS[CVE-2016-5400] = "fixed-version: Fixed from version 4.7" - -CVE_STATUS[CVE-2016-5412] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2016-5696] = "fixed-version: Fixed from version 4.7" - -CVE_STATUS[CVE-2016-5728] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-5828] = "fixed-version: Fixed from version 4.7rc6" - -CVE_STATUS[CVE-2016-5829] = "fixed-version: Fixed from version 4.7rc5" - -# CVE-2016-5870 has no known resolution - -CVE_STATUS[CVE-2016-6130] = "fixed-version: Fixed from version 4.6rc6" - -CVE_STATUS[CVE-2016-6136] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2016-6156] = "fixed-version: Fixed from version 4.7rc7" - -CVE_STATUS[CVE-2016-6162] = "fixed-version: Fixed from version 4.7" - -CVE_STATUS[CVE-2016-6187] = "fixed-version: Fixed from version 4.7rc7" - -CVE_STATUS[CVE-2016-6197] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-6198] = "fixed-version: Fixed from version 4.6" - -CVE_STATUS[CVE-2016-6213] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2016-6327] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-6480] = "fixed-version: Fixed from version 4.8rc3" - -CVE_STATUS[CVE-2016-6516] = "fixed-version: Fixed from version 4.8rc1" - -# Skipping CVE-2016-6753, no affected_versions - -CVE_STATUS[CVE-2016-6786] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2016-6787] = "fixed-version: Fixed from version 4.0rc1" - -CVE_STATUS[CVE-2016-6828] = "fixed-version: Fixed from version 4.8rc5" - -CVE_STATUS[CVE-2016-7039] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-7042] = "fixed-version: Fixed from version 4.9rc3" - -CVE_STATUS[CVE-2016-7097] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2016-7117] = "fixed-version: Fixed from version 4.6rc1" - -# Skipping CVE-2016-7118, no affected_versions - -CVE_STATUS[CVE-2016-7425] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2016-7910] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2016-7911] = "fixed-version: Fixed from version 4.7rc7" - -CVE_STATUS[CVE-2016-7912] = "fixed-version: Fixed from version 4.6rc5" - -CVE_STATUS[CVE-2016-7913] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-7914] = "fixed-version: Fixed from version 4.6rc4" - -CVE_STATUS[CVE-2016-7915] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-7916] = "fixed-version: Fixed from version 4.6rc7" - -CVE_STATUS[CVE-2016-7917] = "fixed-version: Fixed from version 4.5rc6" - -CVE_STATUS[CVE-2016-8399] = "fixed-version: Fixed from version 4.9" - -# Skipping CVE-2016-8401, no affected_versions - -# Skipping CVE-2016-8402, no affected_versions - -# Skipping CVE-2016-8403, no affected_versions - -# Skipping CVE-2016-8404, no affected_versions - -CVE_STATUS[CVE-2016-8405] = "fixed-version: Fixed from version 4.10rc6" - -# Skipping CVE-2016-8406, no affected_versions - -# Skipping CVE-2016-8407, no affected_versions - -CVE_STATUS[CVE-2016-8630] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-8632] = "fixed-version: Fixed from version 4.9rc8" - -CVE_STATUS[CVE-2016-8633] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-8636] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2016-8645] = "fixed-version: Fixed from version 4.9rc6" - -CVE_STATUS[CVE-2016-8646] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2016-8650] = "fixed-version: Fixed from version 4.9rc7" - -CVE_STATUS[CVE-2016-8655] = "fixed-version: Fixed from version 4.9rc8" - -CVE_STATUS[CVE-2016-8658] = "fixed-version: Fixed from version 4.8rc7" - -# CVE-2016-8660 has no known resolution - -CVE_STATUS[CVE-2016-8666] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-9083] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-9084] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-9120] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-9178] = "fixed-version: Fixed from version 4.8rc7" - -CVE_STATUS[CVE-2016-9191] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2016-9313] = "fixed-version: Fixed from version 4.9rc3" - -CVE_STATUS[CVE-2016-9555] = "fixed-version: Fixed from version 4.9rc4" - -CVE_STATUS[CVE-2016-9576] = "fixed-version: Fixed from version 4.9" - -CVE_STATUS[CVE-2016-9588] = "fixed-version: Fixed from version 4.10rc1" - -CVE_STATUS[CVE-2016-9604] = "fixed-version: Fixed from version 4.11rc8" - -# Skipping CVE-2016-9644, no affected_versions - -CVE_STATUS[CVE-2016-9685] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2016-9754] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-9755] = "fixed-version: Fixed from version 4.9rc8" - -CVE_STATUS[CVE-2016-9756] = "fixed-version: Fixed from version 4.9rc7" - -CVE_STATUS[CVE-2016-9777] = "fixed-version: Fixed from version 4.9rc7" - -CVE_STATUS[CVE-2016-9793] = "fixed-version: Fixed from version 4.9rc8" - -CVE_STATUS[CVE-2016-9794] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-9806] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2016-9919] = "fixed-version: Fixed from version 4.9rc8" - -# Skipping CVE-2017-0403, no affected_versions - -# Skipping CVE-2017-0404, no affected_versions - -# Skipping CVE-2017-0426, no affected_versions - -# Skipping CVE-2017-0427, no affected_versions - -# CVE-2017-0507 has no known resolution - -# CVE-2017-0508 has no known resolution - -# Skipping CVE-2017-0510, no affected_versions - -# Skipping CVE-2017-0528, no affected_versions - -# Skipping CVE-2017-0537, no affected_versions - -# CVE-2017-0564 has no known resolution - -CVE_STATUS[CVE-2017-0605] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-0627] = "fixed-version: Fixed from version 4.14rc1" - -# CVE-2017-0630 has no known resolution - -# CVE-2017-0749 has no known resolution - -CVE_STATUS[CVE-2017-0750] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2017-0786] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-0861] = "fixed-version: Fixed from version 4.15rc3" - -CVE_STATUS[CVE-2017-1000] = "fixed-version: Fixed from version 4.13rc5" - -CVE_STATUS[CVE-2017-1000111] = "fixed-version: Fixed from version 4.13rc5" - -CVE_STATUS[CVE-2017-1000112] = "fixed-version: Fixed from version 4.13rc5" - -CVE_STATUS[CVE-2017-1000251] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-1000252] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-1000253] = "fixed-version: Fixed from version 4.1rc1" - -CVE_STATUS[CVE-2017-1000255] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-1000363] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-1000364] = "fixed-version: Fixed from version 4.12rc6" - -CVE_STATUS[CVE-2017-1000365] = "fixed-version: Fixed from version 4.12rc7" - -CVE_STATUS[CVE-2017-1000370] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-1000371] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-1000379] = "fixed-version: Fixed from version 4.12rc6" - -CVE_STATUS[CVE-2017-1000380] = "fixed-version: Fixed from version 4.12rc5" - -CVE_STATUS[CVE-2017-1000405] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2017-1000407] = "fixed-version: Fixed from version 4.15rc3" - -CVE_STATUS[CVE-2017-1000410] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2017-10661] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-10662] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-10663] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-10810] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-10911] = "fixed-version: Fixed from version 4.12rc7" - -CVE_STATUS[CVE-2017-11089] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-11176] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-11472] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-11473] = "fixed-version: Fixed from version 4.13rc2" - -CVE_STATUS[CVE-2017-11600] = "fixed-version: Fixed from version 4.13" - -CVE_STATUS[CVE-2017-12134] = "fixed-version: Fixed from version 4.13rc6" - -CVE_STATUS[CVE-2017-12146] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-12153] = "fixed-version: Fixed from version 4.14rc2" - -CVE_STATUS[CVE-2017-12154] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-12168] = "fixed-version: Fixed from version 4.9rc6" - -CVE_STATUS[CVE-2017-12188] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-12190] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-12192] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-12193] = "fixed-version: Fixed from version 4.14rc7" - -CVE_STATUS[CVE-2017-12762] = "fixed-version: Fixed from version 4.13rc4" - -CVE_STATUS[CVE-2017-13080] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-13166] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2017-13167] = "fixed-version: Fixed from version 4.5rc4" - -CVE_STATUS[CVE-2017-13168] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2017-13215] = "fixed-version: Fixed from version 4.5rc1" - -CVE_STATUS[CVE-2017-13216] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2017-13220] = "fixed-version: Fixed from version 3.19rc3" - -# CVE-2017-13221 has no known resolution - -# CVE-2017-13222 has no known resolution - -CVE_STATUS[CVE-2017-13305] = "fixed-version: Fixed from version 4.12rc5" - -CVE_STATUS[CVE-2017-13686] = "fixed-version: Fixed from version 4.13rc7" - -# CVE-2017-13693 has no known resolution - -# CVE-2017-13694 has no known resolution - -CVE_STATUS[CVE-2017-13695] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2017-13715] = "fixed-version: Fixed from version 4.3rc1" - -CVE_STATUS[CVE-2017-14051] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-14106] = "fixed-version: Fixed from version 4.12rc3" - -CVE_STATUS[CVE-2017-14140] = "fixed-version: Fixed from version 4.13rc6" - -CVE_STATUS[CVE-2017-14156] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-14340] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-14489] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-14497] = "fixed-version: Fixed from version 4.13" - -CVE_STATUS[CVE-2017-14954] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-14991] = "fixed-version: Fixed from version 4.14rc2" - -CVE_STATUS[CVE-2017-15102] = "fixed-version: Fixed from version 4.9rc1" - -CVE_STATUS[CVE-2017-15115] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-15116] = "fixed-version: Fixed from version 4.2rc1" - -CVE_STATUS[CVE-2017-15121] = "fixed-version: Fixed from version 3.11rc1" - -CVE_STATUS[CVE-2017-15126] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-15127] = "fixed-version: Fixed from version 4.13rc5" - -CVE_STATUS[CVE-2017-15128] = "fixed-version: Fixed from version 4.14rc8" - -CVE_STATUS[CVE-2017-15129] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-15265] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-15274] = "fixed-version: Fixed from version 4.12rc5" - -CVE_STATUS[CVE-2017-15299] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-15306] = "fixed-version: Fixed from version 4.14rc7" - -CVE_STATUS[CVE-2017-15537] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-15649] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-15868] = "fixed-version: Fixed from version 3.19rc3" - -CVE_STATUS[CVE-2017-15951] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-16525] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-16526] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-16527] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-16528] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2017-16529] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-16530] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-16531] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-16532] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-16533] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-16534] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2017-16535] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-16536] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-16537] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-16538] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2017-16643] = "fixed-version: Fixed from version 4.14rc7" - -CVE_STATUS[CVE-2017-16644] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2017-16645] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2017-16646] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-16647] = "fixed-version: Fixed from version 4.14" - -CVE_STATUS[CVE-2017-16648] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-16649] = "fixed-version: Fixed from version 4.14" - -CVE_STATUS[CVE-2017-16650] = "fixed-version: Fixed from version 4.14" - -CVE_STATUS[CVE-2017-16911] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-16912] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-16913] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-16914] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-16939] = "fixed-version: Fixed from version 4.14rc7" - -CVE_STATUS[CVE-2017-16994] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-16995] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-16996] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17052] = "fixed-version: Fixed from version 4.13rc7" - -CVE_STATUS[CVE-2017-17053] = "fixed-version: Fixed from version 4.13rc7" - -CVE_STATUS[CVE-2017-17448] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17449] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17450] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17558] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17712] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17741] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17805] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17806] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-17807] = "fixed-version: Fixed from version 4.15rc3" - -CVE_STATUS[CVE-2017-17852] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17853] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17854] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17855] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17856] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17857] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17862] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-17863] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17864] = "fixed-version: Fixed from version 4.15rc5" - -CVE_STATUS[CVE-2017-17975] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2017-18017] = "fixed-version: Fixed from version 4.11rc7" - -CVE_STATUS[CVE-2017-18075] = "fixed-version: Fixed from version 4.15rc7" - -CVE_STATUS[CVE-2017-18079] = "fixed-version: Fixed from version 4.13rc1" - -# CVE-2017-18169 has no known resolution - -CVE_STATUS[CVE-2017-18174] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2017-18193] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-18200] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-18202] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2017-18203] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-18204] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-18208] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2017-18216] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-18218] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-18221] = "fixed-version: Fixed from version 4.12rc4" - -CVE_STATUS[CVE-2017-18222] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-18224] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2017-18232] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2017-18241] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-18249] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-18255] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-18257] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-18261] = "fixed-version: Fixed from version 4.13rc6" - -CVE_STATUS[CVE-2017-18270] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-18344] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2017-18360] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-18379] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2017-18509] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-18549] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-18550] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-18551] = "fixed-version: Fixed from version 4.15rc9" - -CVE_STATUS[CVE-2017-18552] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-18595] = "fixed-version: Fixed from version 4.15rc6" - -CVE_STATUS[CVE-2017-2583] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-2584] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-2596] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-2618] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-2634] = "fixed-version: Fixed from version 2.6.25rc1" - -CVE_STATUS[CVE-2017-2636] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2017-2647] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2017-2671] = "fixed-version: Fixed from version 4.11rc6" - -CVE_STATUS[CVE-2017-5123] = "fixed-version: Fixed from version 4.14rc5" - -CVE_STATUS[CVE-2017-5546] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-5547] = "fixed-version: Fixed from version 4.10rc5" - -CVE_STATUS[CVE-2017-5548] = "fixed-version: Fixed from version 4.10rc5" - -CVE_STATUS[CVE-2017-5549] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-5550] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-5551] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-5576] = "fixed-version: Fixed from version 4.10rc6" - -CVE_STATUS[CVE-2017-5577] = "fixed-version: Fixed from version 4.10rc6" - -CVE_STATUS[CVE-2017-5669] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-5715] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2017-5753] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2017-5754] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2017-5897] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-5967] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-5970] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-5972] = "fixed-version: Fixed from version 4.4rc1" - -CVE_STATUS[CVE-2017-5986] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-6001] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-6074] = "fixed-version: Fixed from version 4.10" - -CVE_STATUS[CVE-2017-6214] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-6345] = "fixed-version: Fixed from version 4.10" - -CVE_STATUS[CVE-2017-6346] = "fixed-version: Fixed from version 4.10" - -CVE_STATUS[CVE-2017-6347] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-6348] = "fixed-version: Fixed from version 4.10" - -CVE_STATUS[CVE-2017-6353] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-6874] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2017-6951] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2017-7184] = "fixed-version: Fixed from version 4.11rc5" - -CVE_STATUS[CVE-2017-7187] = "fixed-version: Fixed from version 4.11rc5" - -CVE_STATUS[CVE-2017-7261] = "fixed-version: Fixed from version 4.11rc6" - -CVE_STATUS[CVE-2017-7273] = "fixed-version: Fixed from version 4.10rc4" - -CVE_STATUS[CVE-2017-7277] = "fixed-version: Fixed from version 4.11rc4" - -CVE_STATUS[CVE-2017-7294] = "fixed-version: Fixed from version 4.11rc6" - -CVE_STATUS[CVE-2017-7308] = "fixed-version: Fixed from version 4.11rc6" - -CVE_STATUS[CVE-2017-7346] = "fixed-version: Fixed from version 4.12rc5" - -# CVE-2017-7369 has no known resolution - -CVE_STATUS[CVE-2017-7374] = "fixed-version: Fixed from version 4.11rc4" - -CVE_STATUS[CVE-2017-7472] = "fixed-version: Fixed from version 4.11rc8" - -CVE_STATUS[CVE-2017-7477] = "fixed-version: Fixed from version 4.11" - -CVE_STATUS[CVE-2017-7482] = "fixed-version: Fixed from version 4.12rc7" - -CVE_STATUS[CVE-2017-7487] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-7495] = "fixed-version: Fixed from version 4.7rc1" - -CVE_STATUS[CVE-2017-7518] = "fixed-version: Fixed from version 4.12rc7" - -CVE_STATUS[CVE-2017-7533] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-7541] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-7542] = "fixed-version: Fixed from version 4.13rc2" - -CVE_STATUS[CVE-2017-7558] = "fixed-version: Fixed from version 4.13" - -CVE_STATUS[CVE-2017-7616] = "fixed-version: Fixed from version 4.11rc6" - -CVE_STATUS[CVE-2017-7618] = "fixed-version: Fixed from version 4.11rc8" - -CVE_STATUS[CVE-2017-7645] = "fixed-version: Fixed from version 4.11" - -CVE_STATUS[CVE-2017-7889] = "fixed-version: Fixed from version 4.11rc7" - -CVE_STATUS[CVE-2017-7895] = "fixed-version: Fixed from version 4.11" - -CVE_STATUS[CVE-2017-7979] = "fixed-version: Fixed from version 4.11rc8" - -CVE_STATUS[CVE-2017-8061] = "fixed-version: Fixed from version 4.11rc4" - -CVE_STATUS[CVE-2017-8062] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2017-8063] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-8064] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-8065] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-8066] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-8067] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2017-8068] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-8069] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-8070] = "fixed-version: Fixed from version 4.10rc8" - -CVE_STATUS[CVE-2017-8071] = "fixed-version: Fixed from version 4.10rc7" - -CVE_STATUS[CVE-2017-8072] = "fixed-version: Fixed from version 4.10rc7" - -CVE_STATUS[CVE-2017-8106] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2017-8240] = "fixed-version: Fixed from version 3.19rc6" - -# CVE-2017-8242 has no known resolution - -# CVE-2017-8244 has no known resolution - -# CVE-2017-8245 has no known resolution - -# CVE-2017-8246 has no known resolution - -CVE_STATUS[CVE-2017-8797] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-8824] = "fixed-version: Fixed from version 4.15rc3" - -CVE_STATUS[CVE-2017-8831] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-8890] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-8924] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2017-8925] = "fixed-version: Fixed from version 4.11rc2" - -CVE_STATUS[CVE-2017-9059] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-9074] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-9075] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-9076] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-9077] = "fixed-version: Fixed from version 4.12rc2" - -CVE_STATUS[CVE-2017-9150] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2017-9211] = "fixed-version: Fixed from version 4.12rc3" - -CVE_STATUS[CVE-2017-9242] = "fixed-version: Fixed from version 4.12rc3" - -CVE_STATUS[CVE-2017-9605] = "fixed-version: Fixed from version 4.12rc5" - -CVE_STATUS[CVE-2017-9725] = "fixed-version: Fixed from version 4.3rc7" - -CVE_STATUS[CVE-2017-9984] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-9985] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2017-9986] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2018-1000004] = "fixed-version: Fixed from version 4.15rc9" - -CVE_STATUS[CVE-2018-1000026] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-1000028] = "fixed-version: Fixed from version 4.15" - -CVE_STATUS[CVE-2018-1000199] = "fixed-version: Fixed from version 4.16" - -CVE_STATUS[CVE-2018-1000200] = "fixed-version: Fixed from version 4.17rc5" - -CVE_STATUS[CVE-2018-1000204] = "fixed-version: Fixed from version 4.17rc7" - -CVE_STATUS[CVE-2018-10021] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-10074] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-10087] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2018-10124] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2018-10322] = "fixed-version: Fixed from version 4.17rc4" - -CVE_STATUS[CVE-2018-10323] = "fixed-version: Fixed from version 4.17rc4" - -CVE_STATUS[CVE-2018-1065] = "fixed-version: Fixed from version 4.16rc3" - -CVE_STATUS[CVE-2018-1066] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2018-10675] = "fixed-version: Fixed from version 4.13rc6" - -CVE_STATUS[CVE-2018-1068] = "fixed-version: Fixed from version 4.16rc5" - -CVE_STATUS[CVE-2018-10840] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-10853] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-1087] = "fixed-version: Fixed from version 4.16rc7" - -# CVE-2018-10872 has no known resolution - -CVE_STATUS[CVE-2018-10876] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10877] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10878] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10879] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10880] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10881] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10882] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10883] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-10901] = "fixed-version: Fixed from version 2.6.36rc1" - -CVE_STATUS[CVE-2018-10902] = "fixed-version: Fixed from version 4.18rc6" - -CVE_STATUS[CVE-2018-1091] = "fixed-version: Fixed from version 4.14rc2" - -CVE_STATUS[CVE-2018-1092] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-1093] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-10938] = "fixed-version: Fixed from version 4.13rc5" - -CVE_STATUS[CVE-2018-1094] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-10940] = "fixed-version: Fixed from version 4.17rc3" - -CVE_STATUS[CVE-2018-1095] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-1108] = "fixed-version: Fixed from version 4.17rc2" - -CVE_STATUS[CVE-2018-1118] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-1120] = "fixed-version: Fixed from version 4.17rc6" - -# CVE-2018-1121 has no known resolution - -CVE_STATUS[CVE-2018-11232] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2018-1128] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-1129] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-1130] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-11412] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-11506] = "fixed-version: Fixed from version 4.17rc7" - -CVE_STATUS[CVE-2018-11508] = "fixed-version: Fixed from version 4.17rc5" - -# CVE-2018-11987 has no known resolution - -CVE_STATUS[CVE-2018-12126] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2018-12127] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2018-12130] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2018-12207] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2018-12232] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-12233] = "fixed-version: Fixed from version 4.18rc2" - -CVE_STATUS[CVE-2018-12633] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-12714] = "fixed-version: Fixed from version 4.18rc2" - -CVE_STATUS[CVE-2018-12896] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-12904] = "fixed-version: Fixed from version 4.18rc1" - -# CVE-2018-12928 has no known resolution - -# CVE-2018-12929 has no known resolution - -# CVE-2018-12930 has no known resolution - -# CVE-2018-12931 has no known resolution - -CVE_STATUS[CVE-2018-13053] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13093] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-13094] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-13095] = "fixed-version: Fixed from version 4.18rc3" - -CVE_STATUS[CVE-2018-13096] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13097] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13098] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13099] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13100] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-13405] = "fixed-version: Fixed from version 4.18rc4" - -CVE_STATUS[CVE-2018-13406] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-14609] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14610] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14611] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14612] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14613] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14614] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14615] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14616] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14617] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-14619] = "fixed-version: Fixed from version 4.15rc4" - -CVE_STATUS[CVE-2018-14625] = "fixed-version: Fixed from version 4.20rc6" - -CVE_STATUS[CVE-2018-14633] = "fixed-version: Fixed from version 4.19rc6" - -CVE_STATUS[CVE-2018-14634] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2018-14641] = "fixed-version: Fixed from version 4.19rc4" - -CVE_STATUS[CVE-2018-14646] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2018-14656] = "fixed-version: Fixed from version 4.19rc2" - -CVE_STATUS[CVE-2018-14678] = "fixed-version: Fixed from version 4.18rc8" - -CVE_STATUS[CVE-2018-14734] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-15471] = "fixed-version: Fixed from version 4.19rc7" - -CVE_STATUS[CVE-2018-15572] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-15594] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-16276] = "fixed-version: Fixed from version 4.18rc5" - -CVE_STATUS[CVE-2018-16597] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2018-16658] = "fixed-version: Fixed from version 4.19rc2" - -CVE_STATUS[CVE-2018-16862] = "fixed-version: Fixed from version 4.20rc5" - -CVE_STATUS[CVE-2018-16871] = "fixed-version: Fixed from version 4.20rc3" - -CVE_STATUS[CVE-2018-16880] = "fixed-version: Fixed from version 5.0rc5" - -CVE_STATUS[CVE-2018-16882] = "fixed-version: Fixed from version 4.20" - -CVE_STATUS[CVE-2018-16884] = "fixed-version: Fixed from version 5.0rc1" - -# CVE-2018-16885 has no known resolution - -CVE_STATUS[CVE-2018-17182] = "fixed-version: Fixed from version 4.19rc4" - -CVE_STATUS[CVE-2018-17972] = "fixed-version: Fixed from version 4.19rc7" - -# CVE-2018-17977 has no known resolution - -CVE_STATUS[CVE-2018-18021] = "fixed-version: Fixed from version 4.19rc7" - -CVE_STATUS[CVE-2018-18281] = "fixed-version: Fixed from version 4.19" - -CVE_STATUS[CVE-2018-18386] = "fixed-version: Fixed from version 4.15rc6" - -CVE_STATUS[CVE-2018-18397] = "fixed-version: Fixed from version 4.20rc5" - -CVE_STATUS[CVE-2018-18445] = "fixed-version: Fixed from version 4.19rc7" - -CVE_STATUS[CVE-2018-18559] = "fixed-version: Fixed from version 4.15rc2" - -# CVE-2018-18653 has no known resolution - -CVE_STATUS[CVE-2018-18690] = "fixed-version: Fixed from version 4.17rc4" - -CVE_STATUS[CVE-2018-18710] = "fixed-version: Fixed from version 4.20rc1" - -CVE_STATUS[CVE-2018-18955] = "fixed-version: Fixed from version 4.20rc2" - -CVE_STATUS[CVE-2018-19406] = "fixed-version: Fixed from version 4.20rc5" - -CVE_STATUS[CVE-2018-19407] = "fixed-version: Fixed from version 4.20rc5" - -CVE_STATUS[CVE-2018-19824] = "fixed-version: Fixed from version 4.20rc6" - -CVE_STATUS[CVE-2018-19854] = "fixed-version: Fixed from version 4.20rc3" - -CVE_STATUS[CVE-2018-19985] = "fixed-version: Fixed from version 4.20" - -CVE_STATUS[CVE-2018-20169] = "fixed-version: Fixed from version 4.20rc6" - -CVE_STATUS[CVE-2018-20449] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2018-20509] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2018-20510] = "fixed-version: Fixed from version 4.16rc3" - -CVE_STATUS[CVE-2018-20511] = "fixed-version: Fixed from version 4.19rc5" - -CVE_STATUS[CVE-2018-20669] = "fixed-version: Fixed from version 5.0rc1" - -CVE_STATUS[CVE-2018-20784] = "fixed-version: Fixed from version 5.0rc1" - -CVE_STATUS[CVE-2018-20836] = "fixed-version: Fixed from version 4.20rc1" - -CVE_STATUS[CVE-2018-20854] = "fixed-version: Fixed from version 4.20rc1" - -CVE_STATUS[CVE-2018-20855] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-20856] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-20961] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-20976] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-21008] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2018-25015] = "fixed-version: Fixed from version 4.15rc9" - -CVE_STATUS[CVE-2018-25020] = "fixed-version: Fixed from version 4.17rc7" - -# CVE-2018-3574 has no known resolution - -CVE_STATUS[CVE-2018-3620] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-3639] = "fixed-version: Fixed from version 4.17rc7" - -CVE_STATUS[CVE-2018-3646] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-3665] = "fixed-version: Fixed from version 3.7rc1" - -CVE_STATUS[CVE-2018-3693] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-5332] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2018-5333] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2018-5344] = "fixed-version: Fixed from version 4.15rc8" - -CVE_STATUS[CVE-2018-5390] = "fixed-version: Fixed from version 4.18rc7" - -CVE_STATUS[CVE-2018-5391] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-5703] = "fixed-version: Fixed from version 4.16rc5" - -CVE_STATUS[CVE-2018-5750] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-5803] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-5814] = "fixed-version: Fixed from version 4.17rc6" - -CVE_STATUS[CVE-2018-5848] = "fixed-version: Fixed from version 4.16rc1" - -# Skipping CVE-2018-5856, no affected_versions - -CVE_STATUS[CVE-2018-5873] = "fixed-version: Fixed from version 4.11rc8" - -CVE_STATUS[CVE-2018-5953] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2018-5995] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2018-6412] = "fixed-version: Fixed from version 4.16rc5" - -CVE_STATUS[CVE-2018-6554] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2018-6555] = "fixed-version: Fixed from version 4.17rc1" - -# CVE-2018-6559 has no known resolution - -CVE_STATUS[CVE-2018-6927] = "fixed-version: Fixed from version 4.15rc9" - -CVE_STATUS[CVE-2018-7191] = "fixed-version: Fixed from version 4.14rc6" - -CVE_STATUS[CVE-2018-7273] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2018-7480] = "fixed-version: Fixed from version 4.11rc1" - -CVE_STATUS[CVE-2018-7492] = "fixed-version: Fixed from version 4.15rc3" - -CVE_STATUS[CVE-2018-7566] = "fixed-version: Fixed from version 4.16rc2" - -CVE_STATUS[CVE-2018-7740] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-7754] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2018-7755] = "fixed-version: Fixed from version 4.19rc5" - -CVE_STATUS[CVE-2018-7757] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-7995] = "fixed-version: Fixed from version 4.16rc5" - -CVE_STATUS[CVE-2018-8043] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-8087] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2018-8781] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-8822] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-8897] = "fixed-version: Fixed from version 4.16rc7" - -CVE_STATUS[CVE-2018-9363] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2018-9385] = "fixed-version: Fixed from version 4.17rc3" - -CVE_STATUS[CVE-2018-9415] = "fixed-version: Fixed from version 4.17rc3" - -CVE_STATUS[CVE-2018-9422] = "fixed-version: Fixed from version 4.6rc1" - -CVE_STATUS[CVE-2018-9465] = "fixed-version: Fixed from version 4.15rc6" - -CVE_STATUS[CVE-2018-9516] = "fixed-version: Fixed from version 4.18rc5" - -CVE_STATUS[CVE-2018-9517] = "fixed-version: Fixed from version 4.14rc1" - -CVE_STATUS[CVE-2018-9518] = "fixed-version: Fixed from version 4.16rc3" - -CVE_STATUS[CVE-2018-9568] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2019-0136] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-0145] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-0146] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-0147] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-0148] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-0149] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-0154] = "fixed-version: Fixed from version 5.4rc8" - -CVE_STATUS[CVE-2019-0155] = "fixed-version: Fixed from version 5.4rc8" - -CVE_STATUS[CVE-2019-10124] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-10125] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-10126] = "fixed-version: Fixed from version 5.2rc6" - -# CVE-2019-10140 has no known resolution - -CVE_STATUS[CVE-2019-10142] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-10207] = "fixed-version: Fixed from version 5.3rc3" - -CVE_STATUS[CVE-2019-10220] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-10638] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-10639] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-11085] = "fixed-version: Fixed from version 5.0rc3" - -CVE_STATUS[CVE-2019-11091] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-11135] = "fixed-version: Fixed from version 5.4rc8" - -CVE_STATUS[CVE-2019-11190] = "fixed-version: Fixed from version 4.8rc5" - -CVE_STATUS[CVE-2019-11191] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-1125] = "fixed-version: Fixed from version 5.3rc4" - -CVE_STATUS[CVE-2019-11477] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-11478] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-11479] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-11486] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-11487] = "fixed-version: Fixed from version 5.1rc5" - -CVE_STATUS[CVE-2019-11599] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-11683] = "fixed-version: Fixed from version 5.1" - -CVE_STATUS[CVE-2019-11810] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-11811] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-11815] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-11833] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-11884] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-12378] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-12379] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-12380] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-12381] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-12382] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-12454] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-12455] = "fixed-version: Fixed from version 5.3rc1" - -# CVE-2019-12456 has no known resolution - -CVE_STATUS[CVE-2019-12614] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-12615] = "fixed-version: Fixed from version 5.2rc4" - -CVE_STATUS[CVE-2019-12817] = "fixed-version: Fixed from version 5.2rc7" - -CVE_STATUS[CVE-2019-12818] = "fixed-version: Fixed from version 5.0" - -CVE_STATUS[CVE-2019-12819] = "fixed-version: Fixed from version 5.0rc8" - -CVE_STATUS[CVE-2019-12881] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2019-12984] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-13233] = "fixed-version: Fixed from version 5.2rc4" - -CVE_STATUS[CVE-2019-13272] = "fixed-version: Fixed from version 5.2" - -CVE_STATUS[CVE-2019-13631] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-13648] = "fixed-version: Fixed from version 5.3rc2" - -CVE_STATUS[CVE-2019-14283] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-14284] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-14615] = "fixed-version: Fixed from version 5.5rc7" - -CVE_STATUS[CVE-2019-14763] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2019-14814] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-14815] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-14816] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-14821] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-14835] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-14895] = "fixed-version: Fixed from version 5.5rc3" - -CVE_STATUS[CVE-2019-14896] = "fixed-version: Fixed from version 5.5" - -CVE_STATUS[CVE-2019-14897] = "fixed-version: Fixed from version 5.5" - -# CVE-2019-14898 has no known resolution - -CVE_STATUS[CVE-2019-14901] = "fixed-version: Fixed from version 5.5rc3" - -CVE_STATUS[CVE-2019-15030] = "fixed-version: Fixed from version 5.3rc8" - -CVE_STATUS[CVE-2019-15031] = "fixed-version: Fixed from version 5.3rc8" - -CVE_STATUS[CVE-2019-15090] = "fixed-version: Fixed from version 5.2rc2" - -CVE_STATUS[CVE-2019-15098] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-15099] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-15117] = "fixed-version: Fixed from version 5.3rc5" - -CVE_STATUS[CVE-2019-15118] = "fixed-version: Fixed from version 5.3rc5" - -CVE_STATUS[CVE-2019-15211] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15212] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-15213] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15214] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-15215] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15216] = "fixed-version: Fixed from version 5.1" - -CVE_STATUS[CVE-2019-15217] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15218] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-15219] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2019-15220] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15221] = "fixed-version: Fixed from version 5.2" - -CVE_STATUS[CVE-2019-15222] = "fixed-version: Fixed from version 5.3rc3" - -CVE_STATUS[CVE-2019-15223] = "fixed-version: Fixed from version 5.2rc3" - -# CVE-2019-15239 has no known resolution - -# CVE-2019-15290 has no known resolution - -CVE_STATUS[CVE-2019-15291] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-15292] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-15504] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-15505] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-15538] = "fixed-version: Fixed from version 5.3rc6" - -CVE_STATUS[CVE-2019-15666] = "fixed-version: Fixed from version 5.1" - -# CVE-2019-15791 has no known resolution - -# CVE-2019-15792 has no known resolution - -# CVE-2019-15793 has no known resolution - -CVE_STATUS[CVE-2019-15794] = "fixed-version: Fixed from version 5.12" - -CVE_STATUS[CVE-2019-15807] = "fixed-version: Fixed from version 5.2rc3" - -# CVE-2019-15902 has no known resolution - -CVE_STATUS[CVE-2019-15916] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-15917] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-15918] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-15919] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-15920] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-15921] = "fixed-version: Fixed from version 5.1rc3" - -CVE_STATUS[CVE-2019-15922] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-15923] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-15924] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-15925] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15926] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-15927] = "fixed-version: Fixed from version 5.0rc2" - -# CVE-2019-16089 has no known resolution - -CVE_STATUS[CVE-2019-16229] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-16230] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-16231] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-16232] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-16233] = "fixed-version: Fixed from version 5.4rc5" - -CVE_STATUS[CVE-2019-16234] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-16413] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-16714] = "fixed-version: Fixed from version 5.3rc7" - -CVE_STATUS[CVE-2019-16746] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-16921] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2019-16994] = "fixed-version: Fixed from version 5.0" - -CVE_STATUS[CVE-2019-16995] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-17052] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-17053] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-17054] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-17055] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-17056] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-17075] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-17133] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-17351] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-17666] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-18198] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-18282] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-18660] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-18675] = "fixed-version: Fixed from version 4.17rc5" - -# CVE-2019-18680 has no known resolution - -CVE_STATUS[CVE-2019-18683] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-18786] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-18805] = "fixed-version: Fixed from version 5.1rc7" - -CVE_STATUS[CVE-2019-18806] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-18807] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-18808] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-18809] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-18810] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-18811] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-18812] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-18813] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-18814] = "fixed-version: Fixed from version 5.7rc7" - -CVE_STATUS[CVE-2019-18885] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-19036] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19037] = "fixed-version: Fixed from version 5.5rc3" - -CVE_STATUS[CVE-2019-19039] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2019-19043] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19044] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-19045] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-19046] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19047] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-19048] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19049] = "fixed-version: Fixed from version 5.4rc5" - -CVE_STATUS[CVE-2019-19050] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19051] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-19052] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-19053] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19054] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19055] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-19056] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19057] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19058] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-19059] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-19060] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19061] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19062] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19063] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19064] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19065] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19066] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19067] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-19068] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19069] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19070] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19071] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19072] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19073] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19074] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19075] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-19076] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19077] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19078] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19079] = "fixed-version: Fixed from version 5.3" - -CVE_STATUS[CVE-2019-19080] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19081] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19082] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19083] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-19227] = "fixed-version: Fixed from version 5.1rc3" - -CVE_STATUS[CVE-2019-19241] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19252] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19318] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19319] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-19332] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19338] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19377] = "fixed-version: Fixed from version 5.7rc1" - -# CVE-2019-19378 has no known resolution - -CVE_STATUS[CVE-2019-19447] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19448] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2019-19449] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2019-19462] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2019-19523] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19524] = "fixed-version: Fixed from version 5.4rc8" - -CVE_STATUS[CVE-2019-19525] = "fixed-version: Fixed from version 5.4rc2" - -CVE_STATUS[CVE-2019-19526] = "fixed-version: Fixed from version 5.4rc4" - -CVE_STATUS[CVE-2019-19527] = "fixed-version: Fixed from version 5.3rc4" - -CVE_STATUS[CVE-2019-19528] = "fixed-version: Fixed from version 5.4rc3" - -CVE_STATUS[CVE-2019-19529] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-19530] = "fixed-version: Fixed from version 5.3rc5" - -CVE_STATUS[CVE-2019-19531] = "fixed-version: Fixed from version 5.3rc4" - -CVE_STATUS[CVE-2019-19532] = "fixed-version: Fixed from version 5.4rc6" - -CVE_STATUS[CVE-2019-19533] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19534] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-19535] = "fixed-version: Fixed from version 5.3rc4" - -CVE_STATUS[CVE-2019-19536] = "fixed-version: Fixed from version 5.3rc4" - -CVE_STATUS[CVE-2019-19537] = "fixed-version: Fixed from version 5.3rc5" - -CVE_STATUS[CVE-2019-19543] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-19602] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19767] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2019-19768] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2019-19769] = "fixed-version: Fixed from version 5.6rc5" - -CVE_STATUS[CVE-2019-19770] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2019-19807] = "fixed-version: Fixed from version 5.4rc7" - -CVE_STATUS[CVE-2019-19813] = "fixed-version: Fixed from version 5.2rc1" - -# CVE-2019-19814 has no known resolution - -CVE_STATUS[CVE-2019-19815] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2019-19816] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-19922] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-19927] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-19947] = "fixed-version: Fixed from version 5.5rc3" - -CVE_STATUS[CVE-2019-19965] = "fixed-version: Fixed from version 5.5rc2" - -CVE_STATUS[CVE-2019-19966] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-1999] = "fixed-version: Fixed from version 5.1rc3" - -CVE_STATUS[CVE-2019-20054] = "fixed-version: Fixed from version 5.1rc3" - -CVE_STATUS[CVE-2019-20095] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-20096] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-2024] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2019-2025] = "fixed-version: Fixed from version 4.20rc5" - -CVE_STATUS[CVE-2019-20422] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-2054] = "fixed-version: Fixed from version 4.8rc1" - -CVE_STATUS[CVE-2019-20636] = "fixed-version: Fixed from version 5.5rc6" - -# CVE-2019-20794 has no known resolution - -CVE_STATUS[CVE-2019-20806] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-20810] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2019-20811] = "fixed-version: Fixed from version 5.1rc3" - -CVE_STATUS[CVE-2019-20812] = "fixed-version: Fixed from version 5.5rc3" - -CVE_STATUS[CVE-2019-20908] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2019-20934] = "fixed-version: Fixed from version 5.3rc2" - -CVE_STATUS[CVE-2019-2101] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-2181] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-2182] = "fixed-version: Fixed from version 4.16rc3" - -CVE_STATUS[CVE-2019-2213] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-2214] = "fixed-version: Fixed from version 5.3rc2" - -CVE_STATUS[CVE-2019-2215] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2019-25044] = "fixed-version: Fixed from version 5.2rc4" - -CVE_STATUS[CVE-2019-25045] = "fixed-version: Fixed from version 5.1" - -CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2019-3459] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-3460] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-3701] = "fixed-version: Fixed from version 5.0rc3" - -CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed from version 5.0rc6" - -CVE_STATUS[CVE-2019-3837] = "fixed-version: Fixed from version 3.18rc1" - -CVE_STATUS[CVE-2019-3846] = "fixed-version: Fixed from version 5.2rc6" - -CVE_STATUS[CVE-2019-3874] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-3882] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed from version 5.1rc4" - -CVE_STATUS[CVE-2019-3892] = "fixed-version: Fixed from version 5.1rc6" - -CVE_STATUS[CVE-2019-3896] = "fixed-version: Fixed from version 2.6.35rc1" - -CVE_STATUS[CVE-2019-3900] = "fixed-version: Fixed from version 5.2rc4" - -CVE_STATUS[CVE-2019-3901] = "fixed-version: Fixed from version 4.6rc6" - -CVE_STATUS[CVE-2019-5108] = "fixed-version: Fixed from version 5.3" - -# Skipping CVE-2019-5489, no affected_versions - -CVE_STATUS[CVE-2019-6133] = "fixed-version: Fixed from version 5.0rc2" - -CVE_STATUS[CVE-2019-6974] = "fixed-version: Fixed from version 5.0rc6" - -CVE_STATUS[CVE-2019-7221] = "fixed-version: Fixed from version 5.0rc6" - -CVE_STATUS[CVE-2019-7222] = "fixed-version: Fixed from version 5.0rc6" - -CVE_STATUS[CVE-2019-7308] = "fixed-version: Fixed from version 5.0rc3" - -CVE_STATUS[CVE-2019-8912] = "fixed-version: Fixed from version 5.0rc8" - -CVE_STATUS[CVE-2019-8956] = "fixed-version: Fixed from version 5.0rc6" - -CVE_STATUS[CVE-2019-8980] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-9003] = "fixed-version: Fixed from version 5.0rc4" - -CVE_STATUS[CVE-2019-9162] = "fixed-version: Fixed from version 5.0rc7" - -CVE_STATUS[CVE-2019-9213] = "fixed-version: Fixed from version 5.0" - -CVE_STATUS[CVE-2019-9245] = "fixed-version: Fixed from version 5.0rc1" - -CVE_STATUS[CVE-2019-9444] = "fixed-version: Fixed from version 4.15rc2" - -CVE_STATUS[CVE-2019-9445] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-9453] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2019-9454] = "fixed-version: Fixed from version 4.15rc9" - -CVE_STATUS[CVE-2019-9455] = "fixed-version: Fixed from version 5.0rc1" - -CVE_STATUS[CVE-2019-9456] = "fixed-version: Fixed from version 4.16rc6" - -CVE_STATUS[CVE-2019-9457] = "fixed-version: Fixed from version 4.13rc1" - -CVE_STATUS[CVE-2019-9458] = "fixed-version: Fixed from version 4.19rc7" - -CVE_STATUS[CVE-2019-9466] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-9500] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-9503] = "fixed-version: Fixed from version 5.1rc1" - -CVE_STATUS[CVE-2019-9506] = "fixed-version: Fixed from version 5.2" - -CVE_STATUS[CVE-2019-9857] = "fixed-version: Fixed from version 5.1rc2" - -CVE_STATUS[CVE-2020-0009] = "fixed-version: Fixed from version 5.6rc3" - -CVE_STATUS[CVE-2020-0030] = "fixed-version: Fixed from version 4.16rc3" - -CVE_STATUS[CVE-2020-0041] = "fixed-version: Fixed from version 5.5rc2" - -CVE_STATUS[CVE-2020-0066] = "fixed-version: Fixed from version 4.3rc7" - -CVE_STATUS[CVE-2020-0067] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2020-0110] = "fixed-version: Fixed from version 5.6rc2" - -CVE_STATUS[CVE-2020-0255] = "fixed-version: Fixed from version 5.7rc4" - -CVE_STATUS[CVE-2020-0305] = "fixed-version: Fixed from version 5.5rc6" - -# CVE-2020-0347 has no known resolution - -CVE_STATUS[CVE-2020-0404] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2020-0423] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-0427] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2020-0429] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2020-0430] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2020-0431] = "fixed-version: Fixed from version 5.5rc6" - -CVE_STATUS[CVE-2020-0432] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2020-0433] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2020-0435] = "fixed-version: Fixed from version 4.19rc1" - -CVE_STATUS[CVE-2020-0444] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2020-0465] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-0466] = "fixed-version: Fixed from version 5.9rc2" - -CVE_STATUS[CVE-2020-0543] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10135] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10690] = "fixed-version: Fixed from version 5.5rc5" - -# CVE-2020-10708 has no known resolution - -CVE_STATUS[CVE-2020-10711] = "fixed-version: Fixed from version 5.7rc6" - -CVE_STATUS[CVE-2020-10720] = "fixed-version: Fixed from version 5.2rc3" - -CVE_STATUS[CVE-2020-10732] = "fixed-version: Fixed from version 5.7" - -CVE_STATUS[CVE-2020-10742] = "fixed-version: Fixed from version 3.16rc1" - -CVE_STATUS[CVE-2020-10751] = "fixed-version: Fixed from version 5.7rc4" - -CVE_STATUS[CVE-2020-10757] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10766] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10767] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10768] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-10769] = "fixed-version: Fixed from version 5.0rc3" - -CVE_STATUS[CVE-2020-10773] = "fixed-version: Fixed from version 5.4rc6" - -# CVE-2020-10774 has no known resolution - -CVE_STATUS[CVE-2020-10781] = "fixed-version: Fixed from version 5.8rc6" - -CVE_STATUS[CVE-2020-10942] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2020-11494] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-11565] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-11608] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-11609] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-11668] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-11669] = "fixed-version: Fixed from version 5.2rc1" - -# CVE-2020-11725 has no known resolution - -CVE_STATUS[CVE-2020-11884] = "fixed-version: Fixed from version 5.7rc4" - -# CVE-2020-11935 has no known resolution - -CVE_STATUS[CVE-2020-12114] = "fixed-version: Fixed from version 5.3rc1" - -CVE_STATUS[CVE-2020-12351] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-12352] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-12362] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-12363] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-12364] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-12464] = "fixed-version: Fixed from version 5.7rc3" - -CVE_STATUS[CVE-2020-12465] = "fixed-version: Fixed from version 5.6rc6" - -CVE_STATUS[CVE-2020-12652] = "fixed-version: Fixed from version 5.5rc7" - -CVE_STATUS[CVE-2020-12653] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2020-12654] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2020-12655] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-12656] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-12657] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-12659] = "fixed-version: Fixed from version 5.7rc2" - -CVE_STATUS[CVE-2020-12768] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2020-12769] = "fixed-version: Fixed from version 5.5rc6" - -CVE_STATUS[CVE-2020-12770] = "fixed-version: Fixed from version 5.7rc3" - -CVE_STATUS[CVE-2020-12771] = "fixed-version: Fixed from version 5.8rc2" - -CVE_STATUS[CVE-2020-12826] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-12888] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-12912] = "fixed-version: Fixed from version 5.10rc4" - -CVE_STATUS[CVE-2020-13143] = "fixed-version: Fixed from version 5.7rc6" - -CVE_STATUS[CVE-2020-13974] = "fixed-version: Fixed from version 5.8rc1" - -# CVE-2020-14304 has no known resolution - -CVE_STATUS[CVE-2020-14305] = "fixed-version: Fixed from version 4.12rc1" - -CVE_STATUS[CVE-2020-14314] = "fixed-version: Fixed from version 5.9rc2" - -CVE_STATUS[CVE-2020-14331] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2020-14351] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-14353] = "fixed-version: Fixed from version 4.14rc3" - -CVE_STATUS[CVE-2020-14356] = "fixed-version: Fixed from version 5.8rc5" - -CVE_STATUS[CVE-2020-14381] = "fixed-version: Fixed from version 5.6rc6" - -CVE_STATUS[CVE-2020-14385] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-14386] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-14390] = "fixed-version: Fixed from version 5.9rc6" - -CVE_STATUS[CVE-2020-14416] = "fixed-version: Fixed from version 5.5" - -CVE_STATUS[CVE-2020-15393] = "fixed-version: Fixed from version 5.8rc3" - -CVE_STATUS[CVE-2020-15436] = "fixed-version: Fixed from version 5.8rc2" - -CVE_STATUS[CVE-2020-15437] = "fixed-version: Fixed from version 5.8rc7" - -CVE_STATUS[CVE-2020-15780] = "fixed-version: Fixed from version 5.8rc3" - -# CVE-2020-15802 has no known resolution - -CVE_STATUS[CVE-2020-15852] = "fixed-version: Fixed from version 5.8rc6" - -CVE_STATUS[CVE-2020-16119] = "fixed-version: Fixed from version 5.15rc2" - -CVE_STATUS[CVE-2020-16120] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-16166] = "fixed-version: Fixed from version 5.8" - -CVE_STATUS[CVE-2020-1749] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2020-24394] = "fixed-version: Fixed from version 5.8rc4" - -CVE_STATUS[CVE-2020-24490] = "fixed-version: Fixed from version 5.8" - -# CVE-2020-24502 has no known resolution - -# CVE-2020-24503 has no known resolution - -CVE_STATUS[CVE-2020-24504] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2020-24586] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2020-24587] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2020-24588] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2020-25211] = "fixed-version: Fixed from version 5.9rc7" - -CVE_STATUS[CVE-2020-25212] = "fixed-version: Fixed from version 5.9rc1" - -# CVE-2020-25220 has no known resolution - -CVE_STATUS[CVE-2020-25221] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-25284] = "fixed-version: Fixed from version 5.9rc5" - -CVE_STATUS[CVE-2020-25285] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-25639] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2020-25641] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2020-25643] = "fixed-version: Fixed from version 5.9rc7" - -CVE_STATUS[CVE-2020-25645] = "fixed-version: Fixed from version 5.9rc7" - -CVE_STATUS[CVE-2020-25656] = "fixed-version: Fixed from version 5.10rc2" - -# CVE-2020-25661 has no known resolution - -# CVE-2020-25662 has no known resolution - -CVE_STATUS[CVE-2020-25668] = "fixed-version: Fixed from version 5.10rc3" - -CVE_STATUS[CVE-2020-25669] = "fixed-version: Fixed from version 5.10rc5" - -CVE_STATUS[CVE-2020-25670] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2020-25671] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2020-25672] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2020-25673] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2020-25704] = "fixed-version: Fixed from version 5.10rc3" - -CVE_STATUS[CVE-2020-25705] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-26088] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2020-26139] = "fixed-version: Fixed from version 5.13rc4" - -# CVE-2020-26140 has no known resolution - -CVE_STATUS[CVE-2020-26141] = "fixed-version: Fixed from version 5.13rc4" - -# CVE-2020-26142 has no known resolution - -# CVE-2020-26143 has no known resolution - -CVE_STATUS[CVE-2020-26145] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2020-26147] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2020-26541] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2020-26555] = "fixed-version: Fixed from version 5.13rc1" - -# CVE-2020-26556 has no known resolution - -# CVE-2020-26557 has no known resolution - -CVE_STATUS[CVE-2020-26558] = "fixed-version: Fixed from version 5.13rc1" - -# CVE-2020-26559 has no known resolution - -# CVE-2020-26560 has no known resolution - -CVE_STATUS[CVE-2020-27066] = "fixed-version: Fixed from version 5.6" - -CVE_STATUS[CVE-2020-27067] = "fixed-version: Fixed from version 4.14rc4" - -CVE_STATUS[CVE-2020-27068] = "fixed-version: Fixed from version 5.6rc2" - -CVE_STATUS[CVE-2020-27152] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27170] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2020-27171] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed from version 5.9" - -CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2020-27418] = "fixed-version: Fixed from version 5.6rc5" - -CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27777] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27784] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27786] = "fixed-version: Fixed from version 5.7rc6" - -CVE_STATUS[CVE-2020-27815] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-27820] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2020-27825] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-27830] = "fixed-version: Fixed from version 5.10rc7" - -CVE_STATUS[CVE-2020-27835] = "fixed-version: Fixed from version 5.10rc6" - -CVE_STATUS[CVE-2020-28097] = "fixed-version: Fixed from version 5.9rc6" - -CVE_STATUS[CVE-2020-28374] = "fixed-version: Fixed from version 5.11rc4" - -CVE_STATUS[CVE-2020-28588] = "fixed-version: Fixed from version 5.10rc7" - -CVE_STATUS[CVE-2020-28915] = "fixed-version: Fixed from version 5.9" - -CVE_STATUS[CVE-2020-28941] = "fixed-version: Fixed from version 5.10rc5" - -CVE_STATUS[CVE-2020-28974] = "fixed-version: Fixed from version 5.10rc3" - -CVE_STATUS[CVE-2020-29368] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-29369] = "fixed-version: Fixed from version 5.8rc7" - -CVE_STATUS[CVE-2020-29370] = "fixed-version: Fixed from version 5.6rc7" - -CVE_STATUS[CVE-2020-29371] = "fixed-version: Fixed from version 5.9rc2" - -CVE_STATUS[CVE-2020-29372] = "fixed-version: Fixed from version 5.7rc3" - -CVE_STATUS[CVE-2020-29373] = "fixed-version: Fixed from version 5.6rc2" - -CVE_STATUS[CVE-2020-29374] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-29534] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-29568] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-29569] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-29660] = "fixed-version: Fixed from version 5.10rc7" - -CVE_STATUS[CVE-2020-29661] = "fixed-version: Fixed from version 5.10rc7" - -CVE_STATUS[CVE-2020-35499] = "fixed-version: Fixed from version 5.11rc1" - -# CVE-2020-35501 has no known resolution - -CVE_STATUS[CVE-2020-35508] = "fixed-version: Fixed from version 5.10rc3" - -CVE_STATUS[CVE-2020-35513] = "fixed-version: Fixed from version 4.17rc1" - -CVE_STATUS[CVE-2020-35519] = "fixed-version: Fixed from version 5.10rc7" - -CVE_STATUS[CVE-2020-36158] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-36310] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-36311] = "fixed-version: Fixed from version 5.9rc5" - -CVE_STATUS[CVE-2020-36312] = "fixed-version: Fixed from version 5.9rc5" - -CVE_STATUS[CVE-2020-36313] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-36322] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2020-36385] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2020-36386] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2020-36387] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2020-36516] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2020-36557] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-36558] = "fixed-version: Fixed from version 5.6rc3" - -CVE_STATUS[CVE-2020-36691] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10" - -CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5" - -CVE_STATUS[CVE-2020-7053] = "fixed-version: Fixed from version 5.2rc1" - -CVE_STATUS[CVE-2020-8428] = "fixed-version: Fixed from version 5.5" - -CVE_STATUS[CVE-2020-8647] = "fixed-version: Fixed from version 5.6rc5" - -CVE_STATUS[CVE-2020-8648] = "fixed-version: Fixed from version 5.6rc3" - -CVE_STATUS[CVE-2020-8649] = "fixed-version: Fixed from version 5.6rc5" - -CVE_STATUS[CVE-2020-8694] = "fixed-version: Fixed from version 5.10rc4" - -# CVE-2020-8832 has no known resolution - -CVE_STATUS[CVE-2020-8834] = "fixed-version: Fixed from version 4.18rc1" - -CVE_STATUS[CVE-2020-8835] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2020-8992] = "fixed-version: Fixed from version 5.6rc2" - -CVE_STATUS[CVE-2020-9383] = "fixed-version: Fixed from version 5.6rc4" - -CVE_STATUS[CVE-2020-9391] = "fixed-version: Fixed from version 5.6rc3" - -CVE_STATUS[CVE-2021-0129] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-0342] = "fixed-version: Fixed from version 5.8rc1" - -# CVE-2021-0399 has no known resolution - -CVE_STATUS[CVE-2021-0447] = "fixed-version: Fixed from version 4.15rc1" - -CVE_STATUS[CVE-2021-0448] = "fixed-version: Fixed from version 5.9rc7" - -CVE_STATUS[CVE-2021-0512] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-0605] = "fixed-version: Fixed from version 5.8" - -# CVE-2021-0606 has no known resolution - -# CVE-2021-0695 has no known resolution - -CVE_STATUS[CVE-2021-0707] = "fixed-version: Fixed from version 5.11rc3" - -CVE_STATUS[CVE-2021-0920] = "fixed-version: Fixed from version 5.14rc4" - -# CVE-2021-0924 has no known resolution - -CVE_STATUS[CVE-2021-0929] = "fixed-version: Fixed from version 5.6rc1" - -CVE_STATUS[CVE-2021-0935] = "fixed-version: Fixed from version 4.16rc7" - -# CVE-2021-0936 has no known resolution - -CVE_STATUS[CVE-2021-0937] = "fixed-version: Fixed from version 5.12rc8" - -CVE_STATUS[CVE-2021-0938] = "fixed-version: Fixed from version 5.10rc4" - -CVE_STATUS[CVE-2021-0941] = "fixed-version: Fixed from version 5.12rc1" - -# CVE-2021-0961 has no known resolution - -CVE_STATUS[CVE-2021-1048] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2021-20177] = "fixed-version: Fixed from version 5.5rc1" - -CVE_STATUS[CVE-2021-20194] = "fixed-version: Fixed from version 5.10rc1" - -# CVE-2021-20219 has no known resolution - -CVE_STATUS[CVE-2021-20226] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2021-20239] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2021-20261] = "fixed-version: Fixed from version 4.5rc5" - -CVE_STATUS[CVE-2021-20265] = "fixed-version: Fixed from version 4.5rc3" - -CVE_STATUS[CVE-2021-20268] = "fixed-version: Fixed from version 5.11rc5" - -CVE_STATUS[CVE-2021-20292] = "fixed-version: Fixed from version 5.9rc1" - -CVE_STATUS[CVE-2021-20317] = "fixed-version: Fixed from version 5.4rc1" - -CVE_STATUS[CVE-2021-20320] = "fixed-version: Fixed from version 5.15rc3" - -CVE_STATUS[CVE-2021-20321] = "fixed-version: Fixed from version 5.15rc5" - -CVE_STATUS[CVE-2021-20322] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-21781] = "fixed-version: Fixed from version 5.11rc7" - -CVE_STATUS[CVE-2021-22543] = "fixed-version: Fixed from version 5.13" - -CVE_STATUS[CVE-2021-22555] = "fixed-version: Fixed from version 5.12rc8" - -CVE_STATUS[CVE-2021-22600] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2021-23133] = "fixed-version: Fixed from version 5.12rc8" - -CVE_STATUS[CVE-2021-23134] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-26401] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2021-26708] = "fixed-version: Fixed from version 5.11rc7" - -CVE_STATUS[CVE-2021-26930] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-26931] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-26932] = "fixed-version: Fixed from version 5.12rc1" - -# CVE-2021-26934 has no known resolution - -CVE_STATUS[CVE-2021-27363] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-27364] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-27365] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-28038] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-28039] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-28375] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-28660] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-28688] = "fixed-version: Fixed from version 5.12rc6" - -CVE_STATUS[CVE-2021-28691] = "fixed-version: Fixed from version 5.13rc6" - -CVE_STATUS[CVE-2021-28711] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-28712] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-28713] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-28714] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-28715] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-28950] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-28951] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-28952] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-28964] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-28971] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-28972] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-29154] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2021-29155] = "fixed-version: Fixed from version 5.12rc8" - -CVE_STATUS[CVE-2021-29264] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-29265] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-29266] = "fixed-version: Fixed from version 5.12rc4" - -CVE_STATUS[CVE-2021-29646] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-29647] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-29648] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-29649] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-29650] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-29657] = "fixed-version: Fixed from version 5.12rc6" - -CVE_STATUS[CVE-2021-30002] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-30178] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2021-31440] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-3178] = "fixed-version: Fixed from version 5.11rc5" - -CVE_STATUS[CVE-2021-31829] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-31916] = "fixed-version: Fixed from version 5.12rc5" - -CVE_STATUS[CVE-2021-32078] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-32399] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-32606] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2021-33033] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-33034] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-33061] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2021-33098] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2021-33135] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2021-33200] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2021-3347] = "fixed-version: Fixed from version 5.11rc6" - -CVE_STATUS[CVE-2021-3348] = "fixed-version: Fixed from version 5.11rc6" - -CVE_STATUS[CVE-2021-33624] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-33655] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2021-33656] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-33909] = "fixed-version: Fixed from version 5.14rc3" - -CVE_STATUS[CVE-2021-3411] = "fixed-version: Fixed from version 5.10" - -CVE_STATUS[CVE-2021-3428] = "fixed-version: Fixed from version 5.9rc2" - -CVE_STATUS[CVE-2021-3444] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-34556] = "fixed-version: Fixed from version 5.14rc4" - -CVE_STATUS[CVE-2021-34693] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-3483] = "fixed-version: Fixed from version 5.12rc6" - -CVE_STATUS[CVE-2021-34866] = "fixed-version: Fixed from version 5.14" - -CVE_STATUS[CVE-2021-3489] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2021-3490] = "fixed-version: Fixed from version 5.13rc4" - -CVE_STATUS[CVE-2021-3491] = "fixed-version: Fixed from version 5.13rc1" - -# CVE-2021-3492 has no known resolution - -CVE_STATUS[CVE-2021-3493] = "fixed-version: Fixed from version 5.11rc1" - -CVE_STATUS[CVE-2021-34981] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-3501] = "fixed-version: Fixed from version 5.12rc8" - -CVE_STATUS[CVE-2021-35039] = "fixed-version: Fixed from version 5.13" - -CVE_STATUS[CVE-2021-3506] = "fixed-version: Fixed from version 5.13rc1" - -# CVE-2021-3542 has no known resolution - -CVE_STATUS[CVE-2021-3543] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-35477] = "fixed-version: Fixed from version 5.14rc4" - -CVE_STATUS[CVE-2021-3564] = "fixed-version: Fixed from version 5.13rc5" - -CVE_STATUS[CVE-2021-3573] = "fixed-version: Fixed from version 5.13rc5" - -CVE_STATUS[CVE-2021-3587] = "fixed-version: Fixed from version 5.13rc5" - -CVE_STATUS[CVE-2021-3600] = "fixed-version: Fixed from version 5.11" - -CVE_STATUS[CVE-2021-3609] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-3612] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-3635] = "fixed-version: Fixed from version 5.5rc7" - -CVE_STATUS[CVE-2021-3640] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2021-3653] = "fixed-version: Fixed from version 5.14rc7" - -CVE_STATUS[CVE-2021-3655] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-3656] = "fixed-version: Fixed from version 5.14rc7" - -CVE_STATUS[CVE-2021-3659] = "fixed-version: Fixed from version 5.12rc7" - -CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-3679] = "fixed-version: Fixed from version 5.14rc3" - -# CVE-2021-3714 has no known resolution - -CVE_STATUS[CVE-2021-3715] = "fixed-version: Fixed from version 5.6" - -CVE_STATUS[CVE-2021-37159] = "fixed-version: Fixed from version 5.14rc3" - -CVE_STATUS[CVE-2021-3732] = "fixed-version: Fixed from version 5.14rc6" - -CVE_STATUS[CVE-2021-3736] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-3739] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-3743] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-3744] = "fixed-version: Fixed from version 5.15rc4" - -CVE_STATUS[CVE-2021-3752] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2021-3753] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-37576] = "fixed-version: Fixed from version 5.14rc3" - -CVE_STATUS[CVE-2021-3759] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-3760] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-3764] = "fixed-version: Fixed from version 5.15rc4" - -CVE_STATUS[CVE-2021-3772] = "fixed-version: Fixed from version 5.15" - -CVE_STATUS[CVE-2021-38160] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-38166] = "fixed-version: Fixed from version 5.14rc6" - -CVE_STATUS[CVE-2021-38198] = "fixed-version: Fixed from version 5.13rc6" - -CVE_STATUS[CVE-2021-38199] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-38200] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-38201] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-38202] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-38203] = "fixed-version: Fixed from version 5.14rc2" - -CVE_STATUS[CVE-2021-38204] = "fixed-version: Fixed from version 5.14rc3" - -CVE_STATUS[CVE-2021-38205] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-38206] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-38207] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2021-38208] = "fixed-version: Fixed from version 5.13rc5" - -CVE_STATUS[CVE-2021-38209] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-38300] = "fixed-version: Fixed from version 5.15rc4" - -# CVE-2021-3847 has no known resolution - -# CVE-2021-3864 has no known resolution - -# CVE-2021-3892 has no known resolution - -CVE_STATUS[CVE-2021-3894] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-3896] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-3923] = "fixed-version: Fixed from version 5.16" - -CVE_STATUS[CVE-2021-39633] = "fixed-version: Fixed from version 5.14" - -CVE_STATUS[CVE-2021-39634] = "fixed-version: Fixed from version 5.9rc8" - -CVE_STATUS[CVE-2021-39636] = "fixed-version: Fixed from version 4.16rc1" - -CVE_STATUS[CVE-2021-39648] = "fixed-version: Fixed from version 5.11rc3" - -CVE_STATUS[CVE-2021-39656] = "fixed-version: Fixed from version 5.12rc3" - -CVE_STATUS[CVE-2021-39657] = "fixed-version: Fixed from version 5.11rc4" - -CVE_STATUS[CVE-2021-39685] = "fixed-version: Fixed from version 5.16rc5" - -CVE_STATUS[CVE-2021-39686] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2021-39698] = "fixed-version: Fixed from version 5.16rc5" - -CVE_STATUS[CVE-2021-39711] = "fixed-version: Fixed from version 4.18rc6" - -CVE_STATUS[CVE-2021-39713] = "fixed-version: Fixed from version 4.20rc1" - -CVE_STATUS[CVE-2021-39714] = "fixed-version: Fixed from version 4.12rc1" - -# CVE-2021-39800 has no known resolution - -# CVE-2021-39801 has no known resolution - -# CVE-2021-39802 has no known resolution - -CVE_STATUS[CVE-2021-4001] = "fixed-version: Fixed from version 5.16rc2" - -CVE_STATUS[CVE-2021-4002] = "fixed-version: Fixed from version 5.16rc3" - -CVE_STATUS[CVE-2021-4023] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-4028] = "fixed-version: Fixed from version 5.15rc4" - -CVE_STATUS[CVE-2021-4032] = "fixed-version: Fixed from version 5.15rc7" - -CVE_STATUS[CVE-2021-4037] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2021-40490] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-4083] = "fixed-version: Fixed from version 5.16rc4" - -CVE_STATUS[CVE-2021-4090] = "fixed-version: Fixed from version 5.16rc2" - -CVE_STATUS[CVE-2021-4093] = "fixed-version: Fixed from version 5.15rc7" - -CVE_STATUS[CVE-2021-4095] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2021-41073] = "fixed-version: Fixed from version 5.15rc2" - -CVE_STATUS[CVE-2021-4135] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2021-4148] = "fixed-version: Fixed from version 5.15" - -CVE_STATUS[CVE-2021-4149] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-4150] = "fixed-version: Fixed from version 5.15rc7" - -CVE_STATUS[CVE-2021-4154] = "fixed-version: Fixed from version 5.14rc2" - -CVE_STATUS[CVE-2021-4155] = "fixed-version: Fixed from version 5.16" - -CVE_STATUS[CVE-2021-4157] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-4159] = "fixed-version: Fixed from version 5.7rc1" - -CVE_STATUS[CVE-2021-41864] = "fixed-version: Fixed from version 5.15rc5" - -CVE_STATUS[CVE-2021-4197] = "fixed-version: Fixed from version 5.16" - -CVE_STATUS[CVE-2021-42008] = "fixed-version: Fixed from version 5.14rc7" - -CVE_STATUS[CVE-2021-4202] = "fixed-version: Fixed from version 5.16rc2" - -CVE_STATUS[CVE-2021-4203] = "fixed-version: Fixed from version 5.15rc4" - -CVE_STATUS[CVE-2021-4204] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed from version 5.8rc1" - -CVE_STATUS[CVE-2021-42252] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2021-42327] = "fixed-version: Fixed from version 5.15" - -CVE_STATUS[CVE-2021-42739] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2021-43056] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-43057] = "fixed-version: Fixed from version 5.15rc3" - -CVE_STATUS[CVE-2021-43267] = "fixed-version: Fixed from version 5.15" - -CVE_STATUS[CVE-2021-43389] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2021-43975] = "fixed-version: Fixed from version 5.16rc2" - -CVE_STATUS[CVE-2021-43976] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2021-44733] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-44879] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2021-45095] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2021-45100] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2021-45402] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2021-45469] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2021-45480] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2021-45485] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2021-45486] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2021-45868] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2021-46283] = "fixed-version: Fixed from version 5.13rc7" - -CVE_STATUS[CVE-2022-0001] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-0002] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-0168] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-0171] = "fixed-version: Fixed from version 5.18rc4" - -CVE_STATUS[CVE-2022-0185] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-0264] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2022-0286] = "fixed-version: Fixed from version 5.14rc2" - -CVE_STATUS[CVE-2022-0322] = "fixed-version: Fixed from version 5.15rc6" - -CVE_STATUS[CVE-2022-0330] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-0382] = "fixed-version: Fixed from version 5.16" - -# CVE-2022-0400 has no known resolution - -CVE_STATUS[CVE-2022-0433] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-0435] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2022-0487] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2022-0492] = "fixed-version: Fixed from version 5.17rc3" - -CVE_STATUS[CVE-2022-0494] = "fixed-version: Fixed from version 5.17rc5" - -CVE_STATUS[CVE-2022-0500] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-0516] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2022-0617] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-0644] = "fixed-version: Fixed from version 5.15rc7" - -CVE_STATUS[CVE-2022-0646] = "fixed-version: Fixed from version 5.17rc5" - -CVE_STATUS[CVE-2022-0742] = "fixed-version: Fixed from version 5.17rc7" - -CVE_STATUS[CVE-2022-0812] = "fixed-version: Fixed from version 5.8rc6" - -CVE_STATUS[CVE-2022-0847] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-0850] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2022-0854] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-0995] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-0998] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-1011] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-1012] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2022-1015] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1016] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1043] = "fixed-version: Fixed from version 5.14rc7" - -CVE_STATUS[CVE-2022-1048] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1055] = "fixed-version: Fixed from version 5.17rc3" - -# CVE-2022-1116 has no known resolution - -CVE_STATUS[CVE-2022-1158] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1184] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1195] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2022-1198] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-1199] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-1204] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1205] = "fixed-version: Fixed from version 5.18rc1" - -# CVE-2022-1247 has no known resolution - -CVE_STATUS[CVE-2022-1263] = "fixed-version: Fixed from version 5.18rc3" - -CVE_STATUS[CVE-2022-1280] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2022-1353] = "fixed-version: Fixed from version 5.17" - -CVE_STATUS[CVE-2022-1419] = "fixed-version: Fixed from version 5.6rc2" - -CVE_STATUS[CVE-2022-1462] = "fixed-version: Fixed from version 5.19rc7" - -CVE_STATUS[CVE-2022-1508] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2022-1516] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1651] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1652] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2022-1671] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-1678] = "fixed-version: Fixed from version 4.20rc1" - -CVE_STATUS[CVE-2022-1679] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-1729] = "fixed-version: Fixed from version 5.18" - -CVE_STATUS[CVE-2022-1734] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2022-1786] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-1789] = "fixed-version: Fixed from version 5.18" - -CVE_STATUS[CVE-2022-1836] = "fixed-version: Fixed from version 5.18rc5" - -CVE_STATUS[CVE-2022-1852] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1882] = "fixed-version: Fixed from version 5.19rc8" - -CVE_STATUS[CVE-2022-1943] = "fixed-version: Fixed from version 5.18rc7" - -CVE_STATUS[CVE-2022-1966] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1972] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1973] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1974] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2022-1975] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2022-1976] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-1998] = "fixed-version: Fixed from version 5.17rc3" - -CVE_STATUS[CVE-2022-20008] = "fixed-version: Fixed from version 5.17rc5" - -CVE_STATUS[CVE-2022-20132] = "fixed-version: Fixed from version 5.16rc5" - -CVE_STATUS[CVE-2022-20141] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2022-20148] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2022-20153] = "fixed-version: Fixed from version 5.13rc1" - -CVE_STATUS[CVE-2022-20154] = "fixed-version: Fixed from version 5.16rc8" - -CVE_STATUS[CVE-2022-20158] = "fixed-version: Fixed from version 5.17" - -CVE_STATUS[CVE-2022-20166] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2022-20368] = "fixed-version: Fixed from version 5.17" - -CVE_STATUS[CVE-2022-20369] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-20409] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-20421] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-20422] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-20423] = "fixed-version: Fixed from version 5.17" - -CVE_STATUS[CVE-2022-20424] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-20565] = "fixed-version: Fixed from version 5.9rc4" - -CVE_STATUS[CVE-2022-20566] = "fixed-version: Fixed from version 5.19" - -CVE_STATUS[CVE-2022-20567] = "fixed-version: Fixed from version 4.16rc5" - -CVE_STATUS[CVE-2022-20568] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-20572] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-2078] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-21123] = "fixed-version: Fixed from version 5.19rc3" - -CVE_STATUS[CVE-2022-21125] = "fixed-version: Fixed from version 5.19rc3" - -CVE_STATUS[CVE-2022-21166] = "fixed-version: Fixed from version 5.19rc3" - -CVE_STATUS[CVE-2022-21385] = "fixed-version: Fixed from version 4.20" - -CVE_STATUS[CVE-2022-21499] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-21505] = "fixed-version: Fixed from version 5.19rc8" - -CVE_STATUS[CVE-2022-2153] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in 6.1.14" - -# CVE-2022-2209 has no known resolution - -CVE_STATUS[CVE-2022-22942] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-23036] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23037] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23038] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23039] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23040] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23041] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-23042] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-2308] = "fixed-version: Fixed from version 6.0" - -CVE_STATUS[CVE-2022-2318] = "fixed-version: Fixed from version 5.19rc5" - -CVE_STATUS[CVE-2022-23222] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-2380] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-23816] = "fixed-version: Fixed from version 5.19rc7" - -# CVE-2022-23825 has no known resolution - -CVE_STATUS[CVE-2022-23960] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-24122] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-24448] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-24958] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-24959] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-2503] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-25258] = "fixed-version: Fixed from version 5.17rc4" - -# CVE-2022-25265 has no known resolution - -CVE_STATUS[CVE-2022-25375] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2022-25636] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-2585] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-2586] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-2588] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-2590] = "fixed-version: Fixed from version 6.0rc3" - -CVE_STATUS[CVE-2022-2602] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-26365] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-26373] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-2639] = "fixed-version: Fixed from version 5.18rc4" - -CVE_STATUS[CVE-2022-26490] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-2663] = "fixed-version: Fixed from version 6.0rc5" - -# CVE-2022-26878 has no known resolution - -CVE_STATUS[CVE-2022-26966] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-27223] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-27666] = "fixed-version: Fixed from version 5.17rc8" - -CVE_STATUS[CVE-2022-27672] = "cpe-stable-backport: Backported in 6.1.12" - -CVE_STATUS[CVE-2022-2785] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-27950] = "fixed-version: Fixed from version 5.17rc5" - -CVE_STATUS[CVE-2022-28356] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-28388] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-28389] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-28390] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-2873] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-28796] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-28893] = "fixed-version: Fixed from version 5.18rc2" - -CVE_STATUS[CVE-2022-2905] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-29156] = "fixed-version: Fixed from version 5.17rc6" - -CVE_STATUS[CVE-2022-2938] = "fixed-version: Fixed from version 5.17rc2" - -CVE_STATUS[CVE-2022-29581] = "fixed-version: Fixed from version 5.18rc4" - -CVE_STATUS[CVE-2022-29582] = "fixed-version: Fixed from version 5.18rc2" - -CVE_STATUS[CVE-2022-2959] = "fixed-version: Fixed from version 5.19rc1" - -# CVE-2022-2961 has no known resolution - -CVE_STATUS[CVE-2022-2964] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2022-2977] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-2978] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-29900] = "fixed-version: Fixed from version 5.19rc7" - -CVE_STATUS[CVE-2022-29901] = "fixed-version: Fixed from version 5.19rc7" - -CVE_STATUS[CVE-2022-2991] = "fixed-version: Fixed from version 5.15rc1" - -CVE_STATUS[CVE-2022-29968] = "fixed-version: Fixed from version 5.18rc5" - -CVE_STATUS[CVE-2022-3028] = "fixed-version: Fixed from version 6.0rc3" - -CVE_STATUS[CVE-2022-30594] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-3061] = "fixed-version: Fixed from version 5.18rc5" - -CVE_STATUS[CVE-2022-3077] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3078] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-3103] = "fixed-version: Fixed from version 6.0rc3" - -CVE_STATUS[CVE-2022-3104] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3105] = "fixed-version: Fixed from version 5.16" - -CVE_STATUS[CVE-2022-3106] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2022-3107] = "fixed-version: Fixed from version 5.17" - -CVE_STATUS[CVE-2022-3108] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-3110] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3111] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-3112] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-3113] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-3114] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3115] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3169] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3170] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-3176] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2022-3202] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-32250] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-32296] = "fixed-version: Fixed from version 5.18rc6" - -# CVE-2022-3238 has no known resolution - -CVE_STATUS[CVE-2022-3239] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2022-32981] = "fixed-version: Fixed from version 5.19rc2" - -CVE_STATUS[CVE-2022-3303] = "fixed-version: Fixed from version 6.0rc5" - -CVE_STATUS[CVE-2022-3344] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2022-33740] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-33741] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-33742] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-33743] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-33744] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-33981] = "fixed-version: Fixed from version 5.18rc5" - -CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2022-3435] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-34494] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-34495] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-34918] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-3521] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3522] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3524] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3526] = "fixed-version: Fixed from version 5.18rc3" - -CVE_STATUS[CVE-2022-3531] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2022-3532] = "cpe-stable-backport: Backported in 6.1.2" - -# CVE-2022-3533 has no known resolution - -CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2022-3535] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3541] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3542] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3543] = "fixed-version: Fixed from version 6.1rc1" - -# CVE-2022-3544 has no known resolution - -CVE_STATUS[CVE-2022-3545] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3564] = "fixed-version: Fixed from version 6.1rc4" - -CVE_STATUS[CVE-2022-3565] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3577] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3586] = "fixed-version: Fixed from version 6.0rc5" - -CVE_STATUS[CVE-2022-3594] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3595] = "fixed-version: Fixed from version 6.1rc1" - -# CVE-2022-3606 has no known resolution - -CVE_STATUS[CVE-2022-36123] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-3619] = "fixed-version: Fixed from version 6.1rc4" - -CVE_STATUS[CVE-2022-3621] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3623] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3625] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3628] = "fixed-version: Fixed from version 6.1rc5" - -CVE_STATUS[CVE-2022-36280] = "cpe-stable-backport: Backported in 6.1.4" - -CVE_STATUS[CVE-2022-3629] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3630] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3633] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3635] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-3636] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-3640] = "fixed-version: Fixed from version 6.1rc4" - -# CVE-2022-36402 has no known resolution - -# CVE-2022-3642 has no known resolution - -CVE_STATUS[CVE-2022-3643] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2022-3646] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-3649] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-36879] = "fixed-version: Fixed from version 5.19rc8" - -CVE_STATUS[CVE-2022-36946] = "fixed-version: Fixed from version 5.19" - -CVE_STATUS[CVE-2022-3707] = "cpe-stable-backport: Backported in 6.1.5" - -# CVE-2022-38096 has no known resolution - -CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in 6.1.7" - -CVE_STATUS[CVE-2022-3903] = "fixed-version: Fixed from version 6.1rc2" - -CVE_STATUS[CVE-2022-3910] = "fixed-version: Fixed from version 6.0rc6" - -CVE_STATUS[CVE-2022-39188] = "fixed-version: Fixed from version 5.19rc8" - -CVE_STATUS[CVE-2022-39189] = "fixed-version: Fixed from version 5.19rc2" - -CVE_STATUS[CVE-2022-39190] = "fixed-version: Fixed from version 6.0rc3" - -CVE_STATUS[CVE-2022-3977] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-39842] = "fixed-version: Fixed from version 5.19rc4" - -CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in 6.1.7" - -CVE_STATUS[CVE-2022-40307] = "fixed-version: Fixed from version 6.0rc5" - -CVE_STATUS[CVE-2022-40476] = "fixed-version: Fixed from version 5.19rc4" - -CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.1.44" - -CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4" - -CVE_STATUS[CVE-2022-41222] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2022-4127] = "fixed-version: Fixed from version 5.19rc6" - -CVE_STATUS[CVE-2022-4128] = "fixed-version: Fixed from version 5.19rc7" - -CVE_STATUS[CVE-2022-4129] = "fixed-version: Fixed from version 6.1rc6" - -CVE_STATUS[CVE-2022-4139] = "fixed-version: Fixed from version 6.1rc8" - -CVE_STATUS[CVE-2022-41674] = "fixed-version: Fixed from version 6.1rc1" - -# CVE-2022-41848 has no known resolution - -CVE_STATUS[CVE-2022-41849] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-41850] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-41858] = "fixed-version: Fixed from version 5.18rc2" - -CVE_STATUS[CVE-2022-42328] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2022-42329] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2022-42432] = "fixed-version: Fixed from version 6.0rc7" - -CVE_STATUS[CVE-2022-4269] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2022-42703] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-42719] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-42720] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-42721] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-42722] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-42895] = "fixed-version: Fixed from version 6.1rc4" - -CVE_STATUS[CVE-2022-42896] = "fixed-version: Fixed from version 6.1rc4" - -CVE_STATUS[CVE-2022-43750] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2022-4378] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2022-4379] = "cpe-stable-backport: Backported in 6.1.3" - -CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in 6.1.8" - -CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" - -# CVE-2022-44032 needs backporting (fixed from 6.4rc1) - -# CVE-2022-44033 needs backporting (fixed from 6.4rc1) - -# CVE-2022-44034 needs backporting (fixed from 6.4rc1) - -# CVE-2022-4543 has no known resolution - -CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7" - -# CVE-2022-45884 has no known resolution - -# CVE-2022-45885 has no known resolution - -CVE_STATUS[CVE-2022-45886] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2022-45887] = "cpe-stable-backport: Backported in 6.1.33" - -# CVE-2022-45888 needs backporting (fixed from 6.2rc1) - -CVE_STATUS[CVE-2022-45919] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2022-4662] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2022-4696] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2022-4744] = "fixed-version: Fixed from version 5.16rc7" - -CVE_STATUS[CVE-2022-47518] = "fixed-version: Fixed from version 6.1rc8" - -CVE_STATUS[CVE-2022-47519] = "fixed-version: Fixed from version 6.1rc8" - -CVE_STATUS[CVE-2022-47520] = "fixed-version: Fixed from version 6.1rc8" - -CVE_STATUS[CVE-2022-47521] = "fixed-version: Fixed from version 6.1rc8" - -CVE_STATUS[CVE-2022-47929] = "cpe-stable-backport: Backported in 6.1.6" - -CVE_STATUS[CVE-2022-47938] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-47939] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-47940] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2022-47941] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-47942] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-47943] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2022-47946] = "fixed-version: Fixed from version 5.12rc2" - -CVE_STATUS[CVE-2022-4842] = "cpe-stable-backport: Backported in 6.1.8" - -CVE_STATUS[CVE-2022-48423] = "cpe-stable-backport: Backported in 6.1.3" - -CVE_STATUS[CVE-2022-48424] = "cpe-stable-backport: Backported in 6.1.3" - -CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2022-48502] = "cpe-stable-backport: Backported in 6.1.40" - -CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1" - -CVE_STATUS[CVE-2023-0045] = "cpe-stable-backport: Backported in 6.1.5" - -CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed from version 6.0rc4" - -CVE_STATUS[CVE-2023-0160] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in 6.1.7" - -CVE_STATUS[CVE-2023-0210] = "cpe-stable-backport: Backported in 6.1.5" - -CVE_STATUS[CVE-2023-0240] = "fixed-version: Fixed from version 5.10rc1" - -CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in 6.1.6" - -CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in 6.1.7" - -CVE_STATUS[CVE-2023-0458] = "cpe-stable-backport: Backported in 6.1.8" - -CVE_STATUS[CVE-2023-0459] = "cpe-stable-backport: Backported in 6.1.14" - -CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in 6.1.5" - -CVE_STATUS[CVE-2023-0468] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-0469] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-0590] = "fixed-version: Fixed from version 6.1rc2" - -# CVE-2023-0597 needs backporting (fixed from 6.2rc1) - -CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed from version 6.1rc3" - -CVE_STATUS[CVE-2023-1032] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in 6.1.11" - -CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in 6.1.12" - -CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-1095] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-1192] = "cpe-stable-backport: Backported in 6.1.33" - -# CVE-2023-1193 needs backporting (fixed from 6.3rc6) - -CVE_STATUS[CVE-2023-1194] = "cpe-stable-backport: Backported in 6.1.34" - -CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3" - -CVE_STATUS[CVE-2023-1206] = "cpe-stable-backport: Backported in 6.1.43" - -CVE_STATUS[CVE-2023-1249] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2023-1252] = "fixed-version: Fixed from version 5.16rc1" - -CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in 6.1.13" - -CVE_STATUS[CVE-2023-1295] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2023-1380] = "cpe-stable-backport: Backported in 6.1.27" - -CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4" - -CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in 6.1.13" - -CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4" - -CVE_STATUS[CVE-2023-1583] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-1611] = "cpe-stable-backport: Backported in 6.1.23" - -CVE_STATUS[CVE-2023-1637] = "fixed-version: Fixed from version 5.18rc2" - -CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-1670] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in 6.1.18" - -CVE_STATUS[CVE-2023-1838] = "fixed-version: Fixed from version 5.18" - -CVE_STATUS[CVE-2023-1855] = "cpe-stable-backport: Backported in 6.1.21" - -CVE_STATUS[CVE-2023-1859] = "cpe-stable-backport: Backported in 6.1.25" - -CVE_STATUS[CVE-2023-1872] = "fixed-version: Fixed from version 5.18rc2" - -CVE_STATUS[CVE-2023-1989] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-1990] = "cpe-stable-backport: Backported in 6.1.21" - -CVE_STATUS[CVE-2023-1998] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-2002] = "cpe-stable-backport: Backported in 6.1.27" - -CVE_STATUS[CVE-2023-2006] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-2007] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed from version 5.19rc4" - -CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.1.44" - -CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41" - -CVE_STATUS[CVE-2023-20928] = "fixed-version: Fixed from version 6.0rc1" - -# CVE-2023-20937 has no known resolution - -CVE_STATUS[CVE-2023-20938] = "fixed-version: Fixed from version 5.18rc5" - -# CVE-2023-20941 has no known resolution - -CVE_STATUS[CVE-2023-21102] = "cpe-stable-backport: Backported in 6.1.8" - -CVE_STATUS[CVE-2023-21106] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-2124] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2023-21255] = "cpe-stable-backport: Backported in 6.1.31" - -# CVE-2023-21264 needs backporting (fixed from 6.4rc5) - -# CVE-2023-21400 has no known resolution - -CVE_STATUS[CVE-2023-2156] = "cpe-stable-backport: Backported in 6.1.26" - -CVE_STATUS[CVE-2023-2162] = "cpe-stable-backport: Backported in 6.1.11" - -CVE_STATUS[CVE-2023-2163] = "cpe-stable-backport: Backported in 6.1.26" - -CVE_STATUS[CVE-2023-2166] = "fixed-version: Fixed from version 6.1" - -# CVE-2023-2176 needs backporting (fixed from 6.3rc1) - -CVE_STATUS[CVE-2023-2177] = "fixed-version: Fixed from version 5.19" - -CVE_STATUS[CVE-2023-2194] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-2235] = "cpe-stable-backport: Backported in 6.1.21" - -CVE_STATUS[CVE-2023-2236] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-2248] = "cpe-stable-backport: Backported in 6.1.26" - -CVE_STATUS[CVE-2023-2269] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-22995] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2023-22996] = "fixed-version: Fixed from version 5.18rc1" - -CVE_STATUS[CVE-2023-22997] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2023-22998] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-22999] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2023-23000] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2023-23001] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2023-23002] = "fixed-version: Fixed from version 5.17rc1" - -CVE_STATUS[CVE-2023-23003] = "fixed-version: Fixed from version 5.16rc6" - -CVE_STATUS[CVE-2023-23004] = "fixed-version: Fixed from version 5.19rc1" - -# CVE-2023-23005 needs backporting (fixed from 6.2rc1) - -CVE_STATUS[CVE-2023-23006] = "fixed-version: Fixed from version 5.16rc8" - -# CVE-2023-23039 has no known resolution - -CVE_STATUS[CVE-2023-23454] = "cpe-stable-backport: Backported in 6.1.5" - -CVE_STATUS[CVE-2023-23455] = "cpe-stable-backport: Backported in 6.1.5" - -CVE_STATUS[CVE-2023-23559] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1" - -CVE_STATUS[CVE-2023-2430] = "cpe-stable-backport: Backported in 6.1.50" - -CVE_STATUS[CVE-2023-2483] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-25012] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-25775] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards" - -# CVE-2023-26242 has no known resolution - -# CVE-2023-2640 has no known resolution - -CVE_STATUS[CVE-2023-26544] = "cpe-stable-backport: Backported in 6.1.3" - -CVE_STATUS[CVE-2023-26545] = "cpe-stable-backport: Backported in 6.1.13" - -CVE_STATUS[CVE-2023-26605] = "fixed-version: Fixed from version 6.1rc7" - -CVE_STATUS[CVE-2023-26606] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2023-26607] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2023-28327] = "fixed-version: Fixed from version 6.1" - -CVE_STATUS[CVE-2023-28328] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2023-28410] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2023-28464] = "fixed-version: only affects 6.3rc1 onwards" - -CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in 6.1.20" - -CVE_STATUS[CVE-2023-2860] = "fixed-version: Fixed from version 6.0rc5" - -CVE_STATUS[CVE-2023-28772] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2023-28866] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-2898] = "cpe-stable-backport: Backported in 6.1.39" - -CVE_STATUS[CVE-2023-2985] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-3006] = "fixed-version: Fixed from version 6.1rc1" - -# Skipping CVE-2023-3022, no affected_versions - -CVE_STATUS[CVE-2023-30456] = "cpe-stable-backport: Backported in 6.1.21" - -CVE_STATUS[CVE-2023-30772] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in 6.1.30" - -CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7" - -# Skipping CVE-2023-3108, no affected_versions - -# CVE-2023-31081 has no known resolution - -# CVE-2023-31082 has no known resolution - -# CVE-2023-31083 needs backporting (fixed from 6.6rc1) - -# CVE-2023-31084 needs backporting (fixed from 6.4rc3) - -CVE_STATUS[CVE-2023-31085] = "cpe-stable-backport: Backported in 6.1.57" - -CVE_STATUS[CVE-2023-3111] = "fixed-version: Fixed from version 6.0rc2" - -CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in 6.1.35" - -CVE_STATUS[CVE-2023-31248] = "cpe-stable-backport: Backported in 6.1.39" - -CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in 6.1.30" - -CVE_STATUS[CVE-2023-31436] = "cpe-stable-backport: Backported in 6.1.26" - -CVE_STATUS[CVE-2023-3159] = "fixed-version: Fixed from version 5.18rc6" - -CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in 6.1.11" - -CVE_STATUS[CVE-2023-3212] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-32233] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-32247] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-32248] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-32250] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-32252] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-32254] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-32257] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-32258] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-32269] = "cpe-stable-backport: Backported in 6.1.11" - -# CVE-2023-32629 has no known resolution - -CVE_STATUS[CVE-2023-3268] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-3269] = "cpe-stable-backport: Backported in 6.1.37" - -CVE_STATUS[CVE-2023-3312] = "fixed-version: only affects 6.2rc1 onwards" - -CVE_STATUS[CVE-2023-3317] = "fixed-version: only affects 6.2rc1 onwards" - -CVE_STATUS[CVE-2023-33203] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-33250] = "fixed-version: only affects 6.2rc1 onwards" - -CVE_STATUS[CVE-2023-33288] = "cpe-stable-backport: Backported in 6.1.22" - -CVE_STATUS[CVE-2023-3338] = "fixed-version: Fixed from version 6.1rc1" - -CVE_STATUS[CVE-2023-3355] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-3357] = "cpe-stable-backport: Backported in 6.1.2" - -CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in 6.1.9" - -CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in 6.1.11" - -CVE_STATUS[CVE-2023-3389] = "fixed-version: Fixed from version 6.0rc1" - -CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in 6.1.35" - -CVE_STATUS[CVE-2023-33951] = "cpe-stable-backport: Backported in 6.1.13" - -CVE_STATUS[CVE-2023-33952] = "cpe-stable-backport: Backported in 6.1.13" - -# CVE-2023-3397 has no known resolution - -CVE_STATUS[CVE-2023-34255] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29" - -CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.1.44" - -CVE_STATUS[CVE-2023-34324] = "cpe-stable-backport: Backported in 6.1.57" - -CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed from version 5.18rc5" - -CVE_STATUS[CVE-2023-35001] = "cpe-stable-backport: Backported in 6.1.39" - -CVE_STATUS[CVE-2023-3567] = "cpe-stable-backport: Backported in 6.1.11" - -# CVE-2023-35693 has no known resolution - -CVE_STATUS[CVE-2023-35788] = "cpe-stable-backport: Backported in 6.1.33" - -CVE_STATUS[CVE-2023-35823] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-35824] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-35826] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-35827] = "cpe-stable-backport: Backported in 6.1.59" - -CVE_STATUS[CVE-2023-35828] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-35829] = "cpe-stable-backport: Backported in 6.1.28" - -CVE_STATUS[CVE-2023-3609] = "cpe-stable-backport: Backported in 6.1.35" - -CVE_STATUS[CVE-2023-3610] = "cpe-stable-backport: Backported in 6.1.36" - -CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40" - -# CVE-2023-3640 has no known resolution - -CVE_STATUS[CVE-2023-37453] = "fixed-version: only affects 6.3rc1 onwards" - -# CVE-2023-37454 has no known resolution - -CVE_STATUS[CVE-2023-3772] = "cpe-stable-backport: Backported in 6.1.47" - -CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.1.47" - -CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40" - -CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.1.42" - -CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4" - -CVE_STATUS[CVE-2023-38409] = "cpe-stable-backport: Backported in 6.1.25" - -CVE_STATUS[CVE-2023-38426] = "cpe-stable-backport: Backported in 6.1.30" - -CVE_STATUS[CVE-2023-38427] = "cpe-stable-backport: Backported in 6.1.34" - -CVE_STATUS[CVE-2023-38428] = "cpe-stable-backport: Backported in 6.1.30" - -CVE_STATUS[CVE-2023-38429] = "cpe-stable-backport: Backported in 6.1.30" - -CVE_STATUS[CVE-2023-38430] = "cpe-stable-backport: Backported in 6.1.35" - -CVE_STATUS[CVE-2023-38431] = "cpe-stable-backport: Backported in 6.1.34" - -CVE_STATUS[CVE-2023-38432] = "cpe-stable-backport: Backported in 6.1.36" - -CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39" - -CVE_STATUS[CVE-2023-3865] = "cpe-stable-backport: Backported in 6.1.36" - -CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36" - -CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40" - -CVE_STATUS[CVE-2023-39189] = "cpe-stable-backport: Backported in 6.1.54" - -# CVE-2023-39191 needs backporting (fixed from 6.3rc1) - -CVE_STATUS[CVE-2023-39192] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" - -CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" - -CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" - -CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" - -# CVE-2023-4010 has no known resolution - -CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43" - -CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-40791] = "fixed-version: only affects 6.3rc1 onwards" - -CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39" - -# CVE-2023-4133 needs backporting (fixed from 6.3) - -# CVE-2023-4134 needs backporting (fixed from 6.5rc1) - -CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43" - -CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46" - -CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards" - -CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.1.56" - -CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45" - -CVE_STATUS[CVE-2023-42752] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-42753] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-42754] = "cpe-stable-backport: Backported in 6.1.56" - -CVE_STATUS[CVE-2023-42755] = "cpe-stable-backport: Backported in 6.1.55" - -CVE_STATUS[CVE-2023-42756] = "fixed-version: only affects 6.4rc6 onwards" - -CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1" - -CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18" - -CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed from version 5.18rc3" - -CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3" - -CVE_STATUS[CVE-2023-44466] = "cpe-stable-backport: Backported in 6.1.40" - -CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18" - -CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.1.56" - -CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47" - -CVE_STATUS[CVE-2023-45862] = "cpe-stable-backport: Backported in 6.1.18" - -CVE_STATUS[CVE-2023-45863] = "cpe-stable-backport: Backported in 6.1.16" - -CVE_STATUS[CVE-2023-45871] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-45898] = "fixed-version: only affects 6.5rc1 onwards" - -# CVE-2023-4610 needs backporting (fixed from 6.4) - -CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards" - -# CVE-2023-4622 needs backporting (fixed from 6.5rc1) - -CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.1.53" - -CVE_STATUS[CVE-2023-46813] = "cpe-stable-backport: Backported in 6.1.60" - -CVE_STATUS[CVE-2023-46862] = "cpe-stable-backport: Backported in 6.1.61" - -# CVE-2023-47233 has no known resolution - -CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1" - -CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" - -CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" - -# CVE-2023-50431 has no known resolution - -CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" - -CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" - -# CVE-2023-51779 needs backporting (fixed from 6.7rc7) - -CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60" - -CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69" - -CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69" - -CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69" - -CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" - -CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" - -CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" - -CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" - -CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards" - -# CVE-2023-6039 needs backporting (fixed from 6.5rc5) - -CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" - -CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" - -CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" - -# CVE-2023-6238 has no known resolution - -# CVE-2023-6356 has no known resolution - -# CVE-2023-6535 has no known resolution - -# CVE-2023-6536 has no known resolution - -CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47" - -# CVE-2023-6560 needs backporting (fixed from 6.7rc4) - -# CVE-2023-6606 needs backporting (fixed from 6.7rc7) - -# CVE-2023-6610 needs backporting (fixed from 6.7rc7) - -CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68" - -# CVE-2023-6679 needs backporting (fixed from 6.7rc6) - -CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68" - -CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68" - -CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66" - -# CVE-2023-7042 has no known resolution - diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index ee7df04c4a..3a4451b6f8 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-03 18:54:52.866645+00:00 for version 6.6.9 +# Generated at 2024-01-18 21:07:26.764606+00:00 for version 6.6.12 python check_kernel_cve_status_version() { - this_version = "6.6.9" + this_version = "6.6.12" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4584,6 +4584,8 @@ CVE_STATUS[CVE-2022-48425] = "fixed-version: Fixed from version 6.4rc1" CVE_STATUS[CVE-2022-48502] = "fixed-version: Fixed from version 6.2rc1" +CVE_STATUS[CVE-2022-48619] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1" CVE_STATUS[CVE-2023-0045] = "fixed-version: Fixed from version 6.2rc3" @@ -4666,6 +4668,8 @@ CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7" CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4" +# CVE-2023-1476 has no known resolution + CVE_STATUS[CVE-2023-1513] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4" @@ -5114,7 +5118,7 @@ CVE_STATUS[CVE-2023-5090] = "fixed-version: Fixed from version 6.6rc7" CVE_STATUS[CVE-2023-5158] = "fixed-version: Fixed from version 6.6rc5" -# CVE-2023-51779 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-51779] = "cpe-stable-backport: Backported in 6.6.9" CVE_STATUS[CVE-2023-5178] = "fixed-version: Fixed from version 6.6rc7" @@ -5136,6 +5140,8 @@ CVE_STATUS[CVE-2023-5972] = "fixed-version: Fixed from version 6.6rc7" CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" +CVE_STATUS[CVE-2023-6040] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-6111] = "cpe-stable-backport: Backported in 6.6.3" CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.6.4" @@ -5144,8 +5150,12 @@ CVE_STATUS[CVE-2023-6176] = "fixed-version: Fixed from version 6.6rc2" # CVE-2023-6238 has no known resolution +# CVE-2023-6270 has no known resolution + # CVE-2023-6356 has no known resolution +CVE_STATUS[CVE-2023-6531] = "cpe-stable-backport: Backported in 6.6.7" + # CVE-2023-6535 has no known resolution # CVE-2023-6536 has no known resolution @@ -5154,13 +5164,13 @@ CVE_STATUS[CVE-2023-6546] = "fixed-version: Fixed from version 6.5rc7" CVE_STATUS[CVE-2023-6560] = "cpe-stable-backport: Backported in 6.6.5" -# CVE-2023-6606 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-6606] = "cpe-stable-backport: Backported in 6.6.9" # CVE-2023-6610 needs backporting (fixed from 6.7rc7) CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.6.7" -# CVE-2023-6679 needs backporting (fixed from 6.7rc6) +CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards" CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.6.7" @@ -5170,3 +5180,13 @@ CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.6.5" # CVE-2023-7042 has no known resolution +CVE_STATUS[CVE-2023-7192] = "fixed-version: Fixed from version 6.3rc1" + +CVE_STATUS[CVE-2024-0193] = "cpe-stable-backport: Backported in 6.6.10" + +CVE_STATUS[CVE-2024-0340] = "fixed-version: Fixed from version 6.4rc6" + +CVE_STATUS[CVE-2024-0443] = "fixed-version: Fixed from version 6.4rc7" + +# Skipping dd=CVE-2023-1476, no affected_versions + diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb deleted file mode 100644 index 3dbec14af8..0000000000 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ /dev/null @@ -1,48 +0,0 @@ -KBRANCH ?= "v6.1/standard/preempt-rt/base" - -require recipes-kernel/linux/linux-yocto.inc - -# CVE exclusions -include recipes-kernel/linux/cve-exclusion_6.1.inc - -# Skip processing of this recipe if it is not explicitly specified as the -# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying -# to build multiple virtual/kernel providers, e.g. as dependency of -# core-image-rt-sdk, core-image-rt. -python () { - if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt": - raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") -} - -SRCREV_machine ?= "c7164e4299dfbd93c9ec4f9bd307ebbb88aa6b71" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" - -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" - -LINUX_VERSION ?= "6.1.70" - -LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" - -DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" -DEPENDS += "openssl-native util-linux-native" - -PV = "${LINUX_VERSION}+git" - -KMETA = "kernel-meta" -KCONF_BSP_AUDIT_LEVEL = "1" - -LINUX_KERNEL_TYPE = "preempt-rt" - -COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" - -KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" - -# Functionality flags -KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc" -KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" -KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" -KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" -KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" -KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 90e5ead1f4..d30389124b 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "7e43b4538ce1a9084c4a5f1b22372c98aa888958" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine ?= "59ee8cb752a7e280cfe2d480964aa5b6c74e4203" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.12" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb deleted file mode 100644 index 01641a8462..0000000000 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ /dev/null @@ -1,33 +0,0 @@ -KBRANCH ?= "v6.1/standard/tiny/base" - -LINUX_KERNEL_TYPE = "tiny" -KCONFIG_MODE = "--allnoconfig" - -require recipes-kernel/linux/linux-yocto.inc - -# CVE exclusions -include recipes-kernel/linux/cve-exclusion_6.1.inc - -LINUX_VERSION ?= "6.1.70" -LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" - -DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" -DEPENDS += "openssl-native util-linux-native" - -KMETA = "kernel-meta" -KCONF_BSP_AUDIT_LEVEL = "2" - -SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" - -PV = "${LINUX_VERSION}+git" - -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" - -COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$" - -# Functionality flags -KERNEL_FEATURES = "" - -KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 5d87855a27..628a7cbd82 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.12" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb deleted file mode 100644 index fc7bed9fcd..0000000000 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ /dev/null @@ -1,73 +0,0 @@ -KBRANCH ?= "v6.1/standard/base" - -require recipes-kernel/linux/linux-yocto.inc - -# CVE exclusions -include recipes-kernel/linux/cve-exclusion.inc -include recipes-kernel/linux/cve-exclusion_6.1.inc - -# board specific branches -KBRANCH:qemuarm ?= "v6.1/standard/arm-versatile-926ejs" -KBRANCH:qemuarm64 ?= "v6.1/standard/qemuarm64" -KBRANCH:qemumips ?= "v6.1/standard/mti-malta32" -KBRANCH:qemuppc ?= "v6.1/standard/qemuppc" -KBRANCH:qemuriscv64 ?= "v6.1/standard/base" -KBRANCH:qemuriscv32 ?= "v6.1/standard/base" -KBRANCH:qemux86 ?= "v6.1/standard/base" -KBRANCH:qemux86-64 ?= "v6.1/standard/base" -KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" -KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" - -SRCREV_machine:qemuarm ?= "b763843c7f0f71c1488daf5d7453656360bfd217" -SRCREV_machine:qemuarm64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuloongarch64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemumips ?= "f72c516f5594f4eef9c26d380abf60768695c7da" -SRCREV_machine:qemuppc ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuriscv64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuriscv32 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemux86 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemux86-64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemumips64 ?= "951e24cce7143380de09baa2d1d59062a969d021" -SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" - -# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll -# get the <version>/base branch, which is pure upstream -stable, and the same -# meta SRCREV as the linux-yocto-standard builds. Select your version using the -# normal PREFERRED_VERSION settings. -BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "a507f147e6f06e86b7649b46bc1d3caa34b196d6" -PN:class-devupstream = "linux-yocto-upstream" -KBRANCH:class-devupstream = "v6.1/base" - -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" - -LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.70" - -PV = "${LINUX_VERSION}+git" - -KMETA = "kernel-meta" -KCONF_BSP_AUDIT_LEVEL = "1" - -KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" - -COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$" - -# Functionality flags -KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" -KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc" -KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" -KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" -KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" -KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" -KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" -KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc" -KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc" -KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc" - -INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel" - diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb index dbe4db9514..ab72df5c61 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "b0567ccb83b03434efe6bc00d7d672a59d50b82a" -SRCREV_machine:qemuarm64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuloongarch64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemumips ?= "df19050d1276ce9418652a39c31b77925b18fb17" -SRCREV_machine:qemuppc ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuriscv64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuriscv32 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemux86 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemux86-64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemumips64 ?= "2cab83c3f46765b9390918a91c4fc64a873a3443" -SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine:qemuarm ?= "f50c6da5bec6481c9fd5618176c768d4ff7afcdd" +SRCREV_machine:qemuarm64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuloongarch64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemumips ?= "0175e713ae72f9b4ed10d1702ab9386d294fe96c" +SRCREV_machine:qemuppc ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuriscv64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuriscv32 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemux86 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemux86-64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemumips64 ?= "d41c8b84fcfcb4c2dd8eb856172cdc2b6a1bd342" +SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "5e9df83a705290c4d974693097df1da9cbe25854" +SRCREV_machine:class-devupstream ?= "47345b4264bc394a8d16bb16e8e7744965fa3934" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.12" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch new file mode 100644 index 0000000000..2020508fdf --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch @@ -0,0 +1,31 @@ +From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Wed, 17 Jan 2024 06:57:08 +0000 +Subject: [PATCH] codec of input image is available, independently from codec + check of output image and return with error if not. + +Fixes #606. + +CVE: CVE-2023-6228 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + tools/tiffcp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index aff0626..a4f7f6b 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out) + if (!TIFFIsCODECConfigured(compression)) + return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); ++ if (!TIFFIsCODECConfigured(input_compression)) ++ return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); + if (input_compression == COMPRESSION_JPEG) + { +-- +2.40.0 diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index 4c472f8ef6..eb8a096f19 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb @@ -12,6 +12,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch \ file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch \ file://CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch \ + file://CVE-2023-6228.patch \ " SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc index 2245a73392..ae16056d24 100644 --- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc +++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc @@ -187,6 +187,7 @@ FILES:${PN}-dev += "${libdir}/pulse-${PV}/modules/*.la ${datadir}/vala" FILES:${PN}-bin += "${sysconfdir}/default/volatiles/04_pulse" FILES:${PN}-pa-info = "${bindir}/pa-info" FILES:${PN}-server = "${bindir}/pulseaudio ${bindir}/start-* ${sysconfdir} ${bindir}/pactl */udev/rules.d/*.rules */*/udev/rules.d/*.rules ${systemd_user_unitdir}/*" +FILES:${PN}-server += "${datadir}/dbus-1/system.d/pulseaudio-system.conf" #SYSTEMD_PACKAGES = "${PN}-server" SYSTEMD_SERVICE:${PN}-server = "pulseaudio.service" diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_16.1.bb b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb index 64002cd1cc..54c79b4097 100644 --- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_16.1.bb +++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb @@ -6,5 +6,5 @@ SRC_URI = "http://freedesktop.org/software/pulseaudio/releases/${BP}.tar.xz \ file://volatiles.04_pulse \ file://0001-doxygen-meson.build-remove-dependency-on-doxygen-bin.patch \ " -SRC_URI[sha256sum] = "8eef32ce91d47979f95fd9a935e738cd7eb7463430dabc72863251751e504ae4" +SRC_URI[sha256sum] = "053794d6671a3e397d849e478a80b82a63cb9d8ca296bd35b73317bb5ceb87b5" UPSTREAM_CHECK_REGEX = "pulseaudio-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.15.bb b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb index b1368a3b2e..ec629d8b73 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_5.15.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=4b667f30411d21bc8fd7db85d502a8e9 SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \ " -SRCREV = "d886c15810b58e57411048f57d7fb941a6819987" +SRCREV = "9e0facf19b17b6d090a5dcc8cacb0c16e5ad9f72" inherit autotools update-alternatives diff --git a/poky/meta/recipes-support/enchant/enchant2_2.6.4.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.5.bb index 431d02ea25..1d5c716bab 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.6.4.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.6.5.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 groff-native" inherit autotools pkgconfig github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz" -SRC_URI[sha256sum] = "833b4d5600dbe9ac867e543aac6a7a40ad145351495ca41223d4499d3ddbbd2c" +SRC_URI[sha256sum] = "9e8fd28cb65a7b6da3545878a5c2f52a15f03c04933a5ff48db89fe86845728e" GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases" diff --git a/poky/meta/recipes-support/libpsl/libpsl_0.21.2.bb b/poky/meta/recipes-support/libpsl/libpsl_0.21.5.bb index 3bbbc0e521..b9341a986e 100644 --- a/poky/meta/recipes-support/libpsl/libpsl_0.21.2.bb +++ b/poky/meta/recipes-support/libpsl/libpsl_0.21.5.bb @@ -7,13 +7,13 @@ HOMEPAGE = "https://rockdaboot.github.io/libpsl/" BUGTRACKER = "https://github.com/rockdaboot/libpsl/issues" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6f40ab7fcf5ff18f3ff7f4b0860493fa \ - file://COPYING;md5=6f40ab7fcf5ff18f3ff7f4b0860493fa \ +LIC_FILES_CHKSUM = "file://LICENSE;md5=9f9e317096db2a598fc44237c5b8a4f7 \ + file://COPYING;md5=9f9e317096db2a598fc44237c5b8a4f7 \ " SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ " -SRC_URI[sha256sum] = "e35991b6e17001afa2c0ca3b10c357650602b92596209b7492802f3768a6285f" +SRC_URI[sha256sum] = "1dcc9ceae8b128f3c0b3f654decd0e1e891afc6ff81098f227ef260449dae208" GITHUB_BASE_URI = "https://github.com/rockdaboot/libpsl/releases" diff --git a/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch b/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch new file mode 100644 index 0000000000..ab0f419ac5 --- /dev/null +++ b/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch @@ -0,0 +1,466 @@ +From d4634630432594b139b3af6b9f254b890c0f275d Mon Sep 17 00:00:00 2001 +From: Michael Buckley <michael@buckleyisms.com> +Date: Thu, 30 Nov 2023 15:08:02 -0800 +Subject: [PATCH] src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" + +Refs: +https://terrapin-attack.com/ +https://seclists.org/oss-sec/2023/q4/292 +https://osv.dev/list?ecosystem=&q=CVE-2023-48795 +https://github.com/advisories/GHSA-45x7-px36-x8w8 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 + +Fixes #1290 +Closes #1291 + +CVE: CVE-2023-48795 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/kex.c | 63 +++++++++++++++++++++++------------ + src/libssh2_priv.h | 18 +++++++--- + src/packet.c | 83 +++++++++++++++++++++++++++++++++++++++++++--- + src/packet.h | 2 +- + src/session.c | 3 ++ + src/transport.c | 12 ++++++- + 6 files changed, 149 insertions(+), 32 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index d4034a0a..b4b748ca 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -3037,6 +3037,13 @@ kex_method_extension_negotiation = { + 0, + }; + ++static const LIBSSH2_KEX_METHOD ++kex_method_strict_client_extension = { ++ "kex-strict-c-v00@openssh.com", ++ NULL, ++ 0, ++}; ++ + static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + #if LIBSSH2_ED25519 + &kex_method_ssh_curve25519_sha256, +@@ -3055,6 +3062,7 @@ static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + &kex_method_diffie_helman_group1_sha1, + &kex_method_diffie_helman_group_exchange_sha1, + &kex_method_extension_negotiation, ++ &kex_method_strict_client_extension, + NULL + }; + +@@ -3307,13 +3315,13 @@ static int kexinit(LIBSSH2_SESSION * session) + return 0; + } + +-/* kex_agree_instr ++/* _libssh2_kex_agree_instr + * Kex specific variant of strstr() + * Needle must be preceded by BOL or ',', and followed by ',' or EOL + */ +-static unsigned char * +-kex_agree_instr(unsigned char *haystack, size_t haystack_len, +- const unsigned char *needle, size_t needle_len) ++unsigned char * ++_libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len, ++ const unsigned char *needle, size_t needle_len) + { + unsigned char *s; + unsigned char *end_haystack; +@@ -3398,7 +3406,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + while(s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- if(kex_agree_instr(hostkey, hostkey_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(hostkey, hostkey_len, s, method_len)) { + const LIBSSH2_HOSTKEY_METHOD *method = + (const LIBSSH2_HOSTKEY_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3432,9 +3440,9 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + } + + while(hostkeyp && (*hostkeyp) && (*hostkeyp)->name) { +- s = kex_agree_instr(hostkey, hostkey_len, +- (unsigned char *) (*hostkeyp)->name, +- strlen((*hostkeyp)->name)); ++ s = _libssh2_kex_agree_instr(hostkey, hostkey_len, ++ (unsigned char *) (*hostkeyp)->name, ++ strlen((*hostkeyp)->name)); + if(s) { + /* So far so good, but does it suit our purposes? (Encrypting vs + Signing) */ +@@ -3468,6 +3476,12 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + { + const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods; + unsigned char *s; ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ ++ if(_libssh2_kex_agree_instr(kex, kex_len, strict, 28)) { ++ session->kex_strict = 1; ++ } + + if(session->kex_prefs) { + s = (unsigned char *) session->kex_prefs; +@@ -3475,7 +3489,7 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + while(s && *s) { + unsigned char *q, *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- q = kex_agree_instr(kex, kex_len, s, method_len); ++ q = _libssh2_kex_agree_instr(kex, kex_len, s, method_len); + if(q) { + const LIBSSH2_KEX_METHOD *method = (const LIBSSH2_KEX_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3509,9 +3523,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + } + + while(*kexp && (*kexp)->name) { +- s = kex_agree_instr(kex, kex_len, +- (unsigned char *) (*kexp)->name, +- strlen((*kexp)->name)); ++ s = _libssh2_kex_agree_instr(kex, kex_len, ++ (unsigned char *) (*kexp)->name, ++ strlen((*kexp)->name)); + if(s) { + /* We've agreed on a key exchange method, + * Can we agree on a hostkey that works with this kex? +@@ -3555,7 +3569,7 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(crypt, crypt_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) { + const LIBSSH2_CRYPT_METHOD *method = + (const LIBSSH2_CRYPT_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3577,9 +3591,9 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + } + + while(*cryptp && (*cryptp)->name) { +- s = kex_agree_instr(crypt, crypt_len, +- (unsigned char *) (*cryptp)->name, +- strlen((*cryptp)->name)); ++ s = _libssh2_kex_agree_instr(crypt, crypt_len, ++ (unsigned char *) (*cryptp)->name, ++ strlen((*cryptp)->name)); + if(s) { + endpoint->crypt = *cryptp; + return 0; +@@ -3619,7 +3633,7 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(mac, mac_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(mac, mac_len, s, method_len)) { + const LIBSSH2_MAC_METHOD *method = (const LIBSSH2_MAC_METHOD *) + kex_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) +@@ -3640,8 +3654,9 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + } + + while(*macp && (*macp)->name) { +- s = kex_agree_instr(mac, mac_len, (unsigned char *) (*macp)->name, +- strlen((*macp)->name)); ++ s = _libssh2_kex_agree_instr(mac, mac_len, ++ (unsigned char *) (*macp)->name, ++ strlen((*macp)->name)); + if(s) { + endpoint->mac = *macp; + return 0; +@@ -3672,7 +3687,7 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(comp, comp_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(comp, comp_len, s, method_len)) { + const LIBSSH2_COMP_METHOD *method = + (const LIBSSH2_COMP_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3694,8 +3709,9 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + } + + while(*compp && (*compp)->name) { +- s = kex_agree_instr(comp, comp_len, (unsigned char *) (*compp)->name, +- strlen((*compp)->name)); ++ s = _libssh2_kex_agree_instr(comp, comp_len, ++ (unsigned char *) (*compp)->name, ++ strlen((*compp)->name)); + if(s) { + endpoint->comp = *compp; + return 0; +@@ -3876,6 +3892,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3901,6 +3918,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3949,6 +3967,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->remote.kexinit = NULL; + } + ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + +diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h +index 82c3afe2..ee1d8b5c 100644 +--- a/src/libssh2_priv.h ++++ b/src/libssh2_priv.h +@@ -699,6 +699,9 @@ struct _LIBSSH2_SESSION + /* key signing algorithm preferences -- NULL yields server order */ + char *sign_algo_prefs; + ++ /* Whether to use the OpenSSH Strict KEX extension */ ++ int kex_strict; ++ + /* (remote as source of data -- packet_read ) */ + libssh2_endpoint_data remote; + +@@ -870,6 +873,7 @@ struct _LIBSSH2_SESSION + int fullpacket_macstate; + size_t fullpacket_payload_len; + int fullpacket_packet_type; ++ uint32_t fullpacket_required_type; + + /* State variables used in libssh2_sftp_init() */ + libssh2_nonblocking_states sftpInit_state; +@@ -910,10 +914,11 @@ struct _LIBSSH2_SESSION + }; + + /* session.state bits */ +-#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000001 +-#define LIBSSH2_STATE_NEWKEYS 0x00000002 +-#define LIBSSH2_STATE_AUTHENTICATED 0x00000004 +-#define LIBSSH2_STATE_KEX_ACTIVE 0x00000008 ++#define LIBSSH2_STATE_INITIAL_KEX 0x00000001 ++#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000002 ++#define LIBSSH2_STATE_NEWKEYS 0x00000004 ++#define LIBSSH2_STATE_AUTHENTICATED 0x00000008 ++#define LIBSSH2_STATE_KEX_ACTIVE 0x00000010 + + /* session.flag helpers */ + #ifdef MSG_NOSIGNAL +@@ -1144,6 +1149,11 @@ ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer, + int _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + key_exchange_state_t * state); + ++unsigned char *_libssh2_kex_agree_instr(unsigned char *haystack, ++ size_t haystack_len, ++ const unsigned char *needle, ++ size_t needle_len); ++ + /* Let crypt.c/hostkey.c expose their method structs */ + const LIBSSH2_CRYPT_METHOD **libssh2_crypt_methods(void); + const LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void); +diff --git a/src/packet.c b/src/packet.c +index b5b41981..35d4d39e 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -605,14 +605,13 @@ authagent_exit: + * layer when it has received a packet. + * + * The input pointer 'data' is pointing to allocated data that this function +- * is asked to deal with so on failure OR success, it must be freed fine. +- * The only exception is when the return code is LIBSSH2_ERROR_EAGAIN. ++ * will be freed unless return the code is LIBSSH2_ERROR_EAGAIN. + * + * This function will always be called with 'datalen' greater than zero. + */ + int + _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate) ++ size_t datalen, int macstate, uint32_t seq) + { + int rc = 0; + unsigned char *message = NULL; +@@ -657,6 +656,70 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + break; + } + ++ if(session->state & LIBSSH2_STATE_INITIAL_KEX) { ++ if(msg == SSH_MSG_KEXINIT) { ++ if(!session->kex_strict) { ++ if(datalen < 17) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Data too short extracting kex"); ++ } ++ else { ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ struct string_buf buf; ++ unsigned char *algs = NULL; ++ size_t algs_len = 0; ++ ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 17; /* advance past type and cookie */ ++ ++ if(_libssh2_get_string(&buf, &algs, &algs_len)) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Algs too short"); ++ } ++ ++ if(algs_len == 0 || ++ _libssh2_kex_agree_instr(algs, algs_len, strict, 28)) { ++ session->kex_strict = 1; ++ } ++ } ++ } ++ ++ if(session->kex_strict && seq) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ } ++ } ++ ++ if(session->kex_strict && session->fullpacket_required_type && ++ session->fullpacket_required_type != msg) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } ++ } ++ + if(session->packAdd_state == libssh2_NB_state_allocated) { + /* A couple exceptions to the packet adding rule: */ + switch(msg) { +@@ -1341,6 +1404,15 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type, + + return 0; + } ++ else if(session->kex_strict && ++ (session->state & LIBSSH2_STATE_INITIAL_KEX)) { ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } + packet = _libssh2_list_next(&packet->node); + } + return -1; +@@ -1402,7 +1474,10 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type, + } + + while(session->socket_state == LIBSSH2_SOCKET_CONNECTED) { +- int ret = _libssh2_transport_read(session); ++ int ret; ++ session->fullpacket_required_type = packet_type; ++ ret = _libssh2_transport_read(session); ++ session->fullpacket_required_type = 0; + if(ret == LIBSSH2_ERROR_EAGAIN) + return ret; + else if(ret < 0) { +diff --git a/src/packet.h b/src/packet.h +index 79018bcf..6ea100a5 100644 +--- a/src/packet.h ++++ b/src/packet.h +@@ -71,6 +71,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session, + int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len); + int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate); ++ size_t datalen, int macstate, uint32_t seq); + + #endif /* __LIBSSH2_PACKET_H */ +diff --git a/src/session.c b/src/session.c +index a4d602ba..f4bafb57 100644 +--- a/src/session.c ++++ b/src/session.c +@@ -464,6 +464,8 @@ libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), + session->abstract = abstract; + session->api_timeout = 0; /* timeout-free API by default */ + session->api_block_mode = 1; /* blocking API by default */ ++ session->state = LIBSSH2_STATE_INITIAL_KEX; ++ session->fullpacket_required_type = 0; + session->packet_read_timeout = LIBSSH2_DEFAULT_READ_TIMEOUT; + session->flag.quote_paths = 1; /* default behavior is to quote paths + for the scp subsystem */ +@@ -1186,6 +1188,7 @@ libssh2_session_disconnect_ex(LIBSSH2_SESSION *session, int reason, + const char *desc, const char *lang) + { + int rc; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + BLOCK_ADJUST(rc, session, + session_disconnect(session, reason, desc, lang)); +diff --git a/src/transport.c b/src/transport.c +index 6d902d33..3b30ff84 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -187,6 +187,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + struct transportpacket *p = &session->packet; + int rc; + int compressed; ++ uint32_t seq = session->remote.seqno; + + if(session->fullpacket_state == libssh2_NB_state_idle) { + session->fullpacket_macstate = LIBSSH2_MAC_CONFIRMED; +@@ -318,7 +319,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + if(session->fullpacket_state == libssh2_NB_state_created) { + rc = _libssh2_packet_add(session, p->payload, + session->fullpacket_payload_len, +- session->fullpacket_macstate); ++ session->fullpacket_macstate, seq); + if(rc == LIBSSH2_ERROR_EAGAIN) + return rc; + if(rc) { +@@ -329,6 +330,11 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + + session->fullpacket_state = libssh2_NB_state_idle; + ++ if(session->kex_strict && ++ session->fullpacket_packet_type == SSH_MSG_NEWKEYS) { ++ session->remote.seqno = 0; ++ } ++ + return session->fullpacket_packet_type; + } + +@@ -1091,6 +1097,10 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session, + + session->local.seqno++; + ++ if(session->kex_strict && data[0] == SSH_MSG_NEWKEYS) { ++ session->local.seqno = 0; ++ } ++ + ret = LIBSSH2_SEND(session, p->outbuf, total_length, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + if(ret < 0) +-- +2.34.1 + diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb index edc25db1b1..5100e6f7f9 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=24a33237426720395ebb1dd1349ca225" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://run-ptest \ + file://CVE-2023-48795.patch \ " SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461" diff --git a/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch b/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch new file mode 100644 index 0000000000..47df027106 --- /dev/null +++ b/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch @@ -0,0 +1,33 @@ +It fails occasionally with missing generated header files: + +| ../git/common/asn1.c:42:10: fatal error: openssl.asn.h: No such file or directory +| 42 | #include "openssl.asn.h" +| | ^~~~~~~~~~~~~~~ +| compilation terminated. + +According to meson manual page: + +https://mesonbuild.com/Wrap-best-practices-and-tips.html#declare-generated-headers-explicitly + +'asn_h_dep' should be a dependency of static_library target 'libp11_asn1' to +make sure that required header files generated before compile common/asn1.c. + +Upstream-Status: Submitted [https://github.com/p11-glue/p11-kit/pull/619] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + common/meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/common/meson.build b/common/meson.build +index dc86d7b..cc3ec48 100644 +--- a/common/meson.build ++++ b/common/meson.build +@@ -113,6 +113,7 @@ if with_asn1 + 'p11-asn1', libp11_asn1_sources, + gnu_symbol_visibility: 'hidden', + include_directories: configinc, ++ dependencies: asn_h_dep, + ) + + libp11_asn1_dep = declare_dependency( diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb index 9e959425f7..b7ebd44abc 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb @@ -10,7 +10,9 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "gitsm://github.com/p11-glue/p11-kit;branch=master;protocol=https" +SRC_URI = "gitsm://github.com/p11-glue/p11-kit;branch=master;protocol=https \ + file://fix-parallel-build-failures.patch \ + " SRCREV = "917e02a3211dabbdea4b079cb598581dce84fda1" S = "${WORKDIR}/git" diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py index 13612d64c4..8fb4b934d4 100644 --- a/poky/scripts/lib/devtool/standard.py +++ b/poky/scripts/lib/devtool/standard.py @@ -956,6 +956,26 @@ def modify(args, config, basepath, workspace): bb.utils.mkdirhier(os.path.dirname(appendfile)) with open(appendfile, 'w') as f: + # if not present, add type=git-dependency to the secondary sources + # (non local files) so they can be extracted correctly when building a recipe after + # doing a devtool modify on it + src_uri = rd.getVar('SRC_URI').split() + src_uri_append = [] + src_uri_remove = [] + + # Assume first entry is main source extracted in ${S} so skip it + src_uri = src_uri[1::] + + #Add "type=git-dependency" to all non local sources + for url in src_uri: + if not url.startswith('file://') and not 'type=' in url: + src_uri_remove.append(url) + src_uri_append.append('%s;type=git-dependency' % url) + + if src_uri_remove: + f.write('SRC_URI:remove = "%s"\n' % ' '.join(src_uri_remove)) + f.write('SRC_URI:append = "%s"\n\n' % ' '.join(src_uri_append)) + f.write('FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"\n') # Local files can be modified/tracked in separate subdir under srctree # Mostly useful for packages with S != WORKDIR |