From 96ff1984133494bf6a3451ddeb7f14548d3697e1 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 19 Aug 2019 13:50:42 -0400 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 67266331b0..835f7eac06: Adrian Bunk (9): valgrind: Remove dependency on libx11 bluez5: Remove obsolete dependency on dbus-glib python3-dbus: Remove obsolete dependency on dbus-glib cups: Remove unnecessary dependency on dbus-glib libnotify: Remove obsolete dependency on dbus-glib unfs3: Switch to new upstream location i2c-tools: Add alternative for i2ctransfer meta: Remove remnants of bluez4 support e2fsprogs: Remove patch that disabled 64bit for ext4 by default Adrian Freihofer (1): yocto-bsp: runqemu runs beaglebone-yocto Adrian Ratiu (1): opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR Alejandro del Castillo (1): opkg: upgrade to version 0.4.1 Alexander Kanavin (3): rt-tests: exclude 1.4 version from upstream check as well gtk-doc: correct the style.css permissions mobile-broadband-provider-info: upgrade 20190116 -> 20190618 Alistair Francis (7): mesa: Add support for the lima PACKAGECONFIG u-boot: Update to 2019.07 packagegroup-core-sdk: Set blank sanitiser for RISC-V 32 opensbi: Update from 0.3 to 0.4 opensbi: Fix installed-vs-shipped warning qemurunner.py: Be more verbose about problems package_manager: Ensure the base-feed directory exists Andrej Valek (2): busybox: 1.30.1 -> 1.31.0 oe/copy_buildsystem: move layer into layers directory Anuj Mittal (25): gstreamer1.0-plugins-bad: depend on vulkan-loader now vulkan-demos: depend on vulkan-loader vulkan: remove binutils: fix CVE-2019-12972 CVE-2019-9071 gnupg: upgrade 2.2.16 -> 2.2.17 libxslt: fix CVE-2019-13117 CVE-2019-13118 libva: upgrade 2.4.1 -> 2.5.0 libva-utils: upgrade 2.4.0 -> 2.5.0 nasm: fix CVE-2018-19755 python: fix CVE-2019-9740 python3: upgrade 3.7.3 -> 3.7.4 binutils: CVE-2019-9070 is same as CVE-2019-9071 qemu: fix CVE-2019-12155 bzip2: upgrade 1.0.7 -> 1.0.8 glib-2.0: upgrade 2.60.4 -> 2.60.5 vte: upgrade 0.56.1 -> 0.56.3 openssl: set CVE vendor to openssl curl: upgrade 7.65.1 -> 7.65.2 rsync: fix CVEs for included zlib glibc: CVE-2018-20796 is same as CVE-2019-9169 unzip: fix CVE-2019-13232 python: include CVE patches for python-native as well gdb: fix CVE-2017-9778 iptables: upgrade 1.8.2 -> 1.8.3 piglit: fix SRC_URI Armin Kuster (1): timezone: update to 2019b Bonnans, Laurent (1): openssl: fix valgrind errors on v1.1.1c Bruce Ashfield (5): linux-yocto/5.0: bsp: add basic xilinx zynqmp support linux-yocto/5.0: make scsi-debug include scsi core configs linux-yocto: bsp/beaglebone: support qemu -machine virt linux-yocto/4.19: update to 4.19.57 and -rt22 package: check PKG_ variables before executing ontarget postinst CHerzig@Gauselmann.de (1): bitbake: fetch2/clearcase: Fix class import errors Changqing Li (5): quilt: run-ptest remove Interactive Input mdadm: fix systemd service start up failure mdam: fix mdmonitor start up failure opkg: make ptest output format align with common style mdadm: make ptest output format align with common style Chee Yang Lee (1): wic: add support for kernel with initramfs bundled Chen Qi (13): target-sdk-provides-dummy: add libperl.so.5 64bit devtool: warn user about multiple layer having the same base name image.bbclass: fix systemd_preset_all devtool.py: track to clean devtool.conf in test_create_workspace grub-efi.bbclass: take into consideration of multilib sysstat: use service file from source codes xmlcatalog: hold libxml2-native dependency oeqa/runtime/rpm: ensure no user process running before deleting user oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest qemurunner.py: fix race condition at qemu startup msmtp: use alternatives to manage /usr/lib/sendmail runtime_test.py: use track_for_cleanup for temp dir devtool: remove temp dir in upgrade Fabio Berton (1): mesa: Update 19.1.0 -> 19.1.1 Haiqing Bai (1): sysstat: Use sysstat.service in source for cron with systemd He Zhe (1): ltp: file01: Fix in was not recognized Hongzhi.Song (3): ltp: fix shmctl01 failure when executed. ltp: diotest4: Let kernel pick an address when calling mmap ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32 Jason Wessel (5): glibc: Fix multilibs + usrmerge builds psmisc: Fix dependency for USE_NLS=no glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1" glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs glibc / glibc-locale: Fix stash_locale determinism problems Joe Slater (1): libtool: remove host information from libtool Jon Mason (1): oe_syslog.py: Handle syslogd/klogd restart race Joshua Watt (5): python3: Fix .pyc file reproduciblility oeqa: Test bitbake --skip-setsecene bitbake: bitbake: Add --skip-setscene option classes/icecc: Disable remote pre-processing by default scripts/buildstats-diff: Add option to filter tasks Joël Esponde (1): package.bbclass: fix directories setuid and setgid bits Jun Nie (1): kernel-fitimage: uboot-sign: fix missing signature Kai Kang (4): rng-tools: fix rngd blocks system shutdown openssl: fix multilib files conflict webkitgtk: set incomptible with tune mips defaultsetup.conf: enable select init manager Khem Raj (10): efibootmgr: Pass correct flags to compiler from pkg-config mpeg2dec: Fix PIE build and avoid relocation in text section on ARM Revert "unzip: fix CVE-2019-13232" musl: Upgrade to 1.1.23+ mdadm: Include sys/sysmacros.h for major/minor definitions sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too pam_systemd: Include missing.h for secure_getenv musl-obstack: Add recipe elfutils: Fix eu-* utils builds for musl maintainers: Account for musl-obstack and libssp-nonshared Li Zhou (2): bc: dc: fix exit code of q command iptables: Security Advisory - iptables - CVE-2019-11360 Luca Boccassi (1): bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone Matthias Schiffer (1): systemd: backport patch to fix sysctl warning on boot Mike Crowe (4): bitbake.conf: Stop exporting TARGET_ flags variables image.bbclass: Only append to IMAGE_LINK_NAME if it was already set rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data Mikko Rapeli (3): busybox: enable unicode support cve-check.bbclass: initialize to_append freetype: add --tag CC to libtool arguments Mingli Yu (2): go.bbclass: separate the ptest logic to go-ptest class mdadm: fix ptest hang Oleksandr Kravchuk (34): mc: update to 4.8.23 encodings: update to 1.0.5 gawk: update to 5.0.1 libinput: update to 1.13.3 libxi: update to 1.7.10 libxt: update to 1.2.0 autoconf-archive: update to 2019.01.06 python3-mako: update to 1.0.12 python3-pbr: update to 5.3.1 python3-pygobject: update to 3.32.2 git: update to 2.22.0 eudev: update to 3.2.8 babeltrace: update to 1.5.7 dpkg: update to 1.19.7 apt: update to 1.2.31 libinput: update to 1.13.4 expat: update to 2.2.7 libsolf: update to 0.7.5 bison: update to 3.4.1 ruby: update to 2.5.5 quilt: update to 0.66 bzip2: update to 1.0.7 python3-mako: update to 1.0.13 ifupdown: update to 0.8.22 libdrm: update to 2.4.99 python3-pbr: update to 5.4.0 linux-firmware: bump to 20190618 iproute2: update to 5.2.0 udev-extraconf: do not mount swap partitions python3-pbr: update to 5.4.1 xinput: update to 1.6.3 python3-scons: update to 3.1.0 python3-docutils: update to 0.15 python3-mako: update to 1.0.14 Pascal Bach (1): cmake: 3.14.1 -> 3.14.5 Paul Eggleton (7): libcap-ng: do not use symlink to share files with libcap-ng-python scripts/contrib/ddimage: fix typo scripts/contrib/ddimage: replace blacklist with mount check scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable list-packageconfig-flags: print PN instead of P recipetool: ignore zero-length setup.py files devtool: upgrade: fix handling of errors parsing upgraded recipe Peter Kjellerstedt (4): glib-2.0: Update to 2.60.4 glibc-package.inc: Do not use bitbake variable syntax for shell variables meson.bbclass: Remove the MESON_*_ARGS variables nativesdk-meson: Remove some unused variables Pierre Le Magourou (10): cve-update-db: Use std library instead of urllib3 cve-update-db: Manage proxy if needed. cve-update-db: do_populate_cve_db depends on do_fetch cve-update-db: Catch request.urlopen errors. cve-check: Depends on cve-update-db-native cve-update-db: Use NVD CPE data to populate PRODUCTS table cve-check: Update unpatched CVE matching cve-update-db-native: Skip recipe when cve-check class is not loaded. cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST cve-update-db-native: Remove hash column from database. Ricardo Ribalda Delgado (4): nfs-mountd: Add missing dependency on systemd service systemd: Fix interface bring-up on kernels >= 5.2 wic: Fix (again) partition files UIDs on multi rootfs images systemd-bootconf: Mark as machine specific Ricardo Salveti (1): gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes Richard Purdie (58): multilib_global: Fix multilib rebuild issue multilib_global: Fix KERNEL_VERSION expansion problems sysklogd: Fix init script races busybox: Improve syslog restart handling oeqa/runtime/syslog: Improve test debug messages oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid oeqa/runtime/syslog: Add delay to test to avoid failures busybox: Fix typo in syslog initscript pigz: Add debug for autobuilder errors staging: Code cleanup package: Build pkgdata specific to the current recipe Revert "pigz: Add debug for autobuilder errors" grub2: Drop unneeded code bitbake: event: Clear ui_queue after handling it bitbake: main: Ensure log messages are printed when no UI starts bitbake: main: Alter EOFError handling core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit oeqa/bbtests: Tweak test bitbake output pattern matching sstate: Add tweak to avoid multiple sstate stats messages bitbake: siggen: Fix default handler bitbake: siggen: Use unique hashes for tasks bitbake: runqueue: Tweak buildable variable handling in scheduler bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2 bitbake: runqueue: Remove now uneeded code bitbake: runqueue: Move scenequeue data generation to a separate function bitbake: runqueue: Remove unused function parameter bitbake: runqueue: Factor out the process_setscene_whitelist checks bitbake: runqueue: Uniquely namespace the scenequeue functions bitbake: runqueue: Merge stats handling together for setscene/real tasks bitbake: runqueue: Merge scenequeue and real task queue code together bitbake: runqueue: Fix counter/task updating glitch bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks bitbake: runqueue: Simplify _execute_runqueue logic bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data bitbake: runqueue: Simplify scenequeue unskippable calculation bitbake: runqueue: Tweak comments and debug code bitbake: runqueue: Code simplification bitbake: runqueue: Remove pointless variable bitbake: runqueue: Further scheduler buildable tasks cleanup bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel bitbake: runqueue: Alter setscenewhitelist handling bitbake: runqueue: Complete the merge of scenequeue and normal task execution bitbake: tests: Add initial scenario based test for runqueue bitbake: uihelper: No longer listen to scenequeue task started bitbake: runqueue: Simplify some convoluted logic bitbake: runqueue: Whitespace fix bitbake: runqueue: Abstract hash verification function bitbake: runqueue: Optimise multiconfig with overlapping setscene bitbake: tests/runqueue: Allow common sstate tasks to become valid bitbake: runqueue: Fix non setscene tasks targets being lost staging: Drop clean_recipe_sysroot poky-lsb: Drop features already in poky poky-lsb: Drop libx11 PREFERRED_PROVIDER distro/include: Add poky-distro-alt-test-config.inc bitbake: siggen: Fix handling of tainted sig files Robert Yang (13): update-alternatives.bbclass: run update-alternatives firstly in postinst script busybox: make postinst run firstly before update-alternatives multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes bitbake: bitbake: lib: Cleanup /usr/bin/env python bitbake: bitbake: toaster:tests: python -> python3 ksum.py: python -> python3 wic: python2 -> python3 ext-sdk-prepare.py: python2 -> python3 oeqa: Cleanup /usr/bin/env python package_rpm.bbclass: python2 -> python3 bitbake: cache: Remove duplicated lines for provides and rprovides bitbake: cache: Set packages for skipped recipes bitbake: cache: Create a symlink for current cachefile Ross Burton (56): cve-check: be idiomatic gtk-icon-cache: rename intercept to update_gtk_icon_cache fortran-helloworld: add a very dumb Fortran Hello World for testing oeqa/buildoptions: check that Fortran code actually cross-compiles buildhistory: write the contents of the sysroot buildhistory: report sysroot changes perl: fix Upstream-Status tags efivar: ensure that target security flags are not used to build native code multilib_script: fix whitespace buildhistory_analysis: ignore ownership for sysroot diffs insane: use clean_path for the host contamination warnings libsndfile1: disable use of sqlite3 by default libsndfile1: remove redundant autoconf seeding buildhistory: don't output ownership for the sysroot buildhistory: filter out the unexpected prefix for native/cross sysroots alsa-utils: disable tools using GTK+2 packagegroup-core-lsb: remove GTK+ recipetool: add MD5 hash for the line-wrapped MPL-1.1 license oeqa/recipetool: change the CMake test to use taglib gtk+: remove GTK+ 2 gnome-themes-standard: remove Revert "sysstat: use service file from source codes" libpsl: update Upstream-Status grub: build with python 3 qemu: use Python 3 to build ninja: use Python 3 conf/poky: add debian-10 to the supported distribution list tiff: remove redundant patch tiff: fix CVE-2019-6128 tiff: fix CVE-2019-7663 cve-check: remove redundant readline CVE whitelisting cve-check-tool: remove glibc: exclude child recipes from CVE scanning libid3tag: CVE-2017-11551 is the same as CVE-2004-2779 libid3tag: handle unknown encodings (CVE-2017-11550) subversion: set CVE vendor to Apache boost: set CVE vendor to Boost git: set CVE vendor to git-scm ed: set CVE vendor to avoid false positives cve-check: allow comparison of Vendor as well as Product flex: set CVE_PRODUCT to include vendor cve-update-db-native: use SQL placeholders instead of format strings xkeyboard-config: remove redundant intltool dependency piglit: upgrade to latest revision pkgconf: upgrade 1.6.1 -> 1.6.3 conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions cve-update-db-native: use os.path.join instead of + cve-update-db: actually inherit native cve-update-db-native: use executemany() to optimise CPE insertion cve-update-db-native: improve metadata parsing cve-update-db-native: clean up JSON fetching freetype: upgrade to 2.10.1 unfs3: set upstream tag regex to avoid false-positives meson.bbclass: export STRIP=${BUILD_STRIP} ffmpeg: don't use hardcoded lookup tables ffmpeg: upgrade to 4.1.4 Sai Hari Chandana Kalluri (3): devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded devtool/standard.py: Create a copy of kernel source within work-shared if not present devtool: provide support for devtool menuconfig command Scott Rifenbark (5): overview-manual: Fixed manual history table sdk-manual: Updated devtool to talk about oe-local-files. dev-manual: Provided proper link title ref-manual: Fixed typo for BBMULTICONFIG variable. ref-manual: Removed "python2" mention in example. Stefan Agner (1): psplash: create psplash tmpfs mount directory in psplash-init Tim Orling (3): vulkan-headers: add recipe vulkan-loader: add recipe vulkan-tools: add recipe Ulrich Ölmann (1): squashfs-tools: upgrade to commit f95864afe883 William Bourque (2): wic/plugins: Source that support both EFI and BIOS meta/lib/oeqa: Test for bootimg-biosplusefi Source Yi Zhao (2): debianutils: upgrade 4.8.6.1 -> 4.8.6.3 ltp: upgrade 20190115 -> 20190517 Zang Ruochen (9): nss: upgrade 3.44 -> 3.44.1 util-linux:upgrade 2.33.2 -> 2.34 librepo:upgrade 1.10.3 -> 1.10.4 sqlite3: Upgrade 3.28.0 -> 3.29.0 nss: Upgrade 3.44.1 -> 3.45 xauth:upgrade 1.0.10 -> 1.1 libice:upgrade 1.0.9 -> 1.0.10 xwininfo:upgrade 1.1.4 -> 1.1.5 libpciaccess:upgrade 0.14 -> 0.16 meta-phosphor: fe8cee7488..601f253a66: Brad Bishop (1): meta-phosphor: systemd: remove upstreamed patches Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de Signed-off-by: Brad Bishop --- poky/meta/recipes-support/boost/boost.inc | 2 + poky/meta/recipes-support/curl/curl_7.65.1.bb | 80 ------ poky/meta/recipes-support/curl/curl_7.65.2.bb | 80 ++++++ .../debianutils/debianutils_4.8.6.1.bb | 57 ----- .../debianutils/debianutils_4.8.6.3.bb | 55 +++++ poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb | 56 ----- poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb | 55 +++++ poky/meta/recipes-support/libcap-ng/libcap-ng | 1 - .../libcap-ng/libcap-ng-python/python.patch | 62 ----- .../libcap-ng/libcap-ng-python_0.7.9.bb | 2 + .../libcap-ng/libcap-ng/python.patch | 62 +++++ ...01-gtk-doc-do-not-include-tree_index.sgml.patch | 2 +- .../libxslt/files/CVE-2019-13117.patch | 33 +++ .../libxslt/files/CVE-2019-13118.patch | 76 ++++++ .../meta/recipes-support/libxslt/libxslt_1.1.33.bb | 2 + poky/meta/recipes-support/nss/nss_3.44.bb | 267 --------------------- poky/meta/recipes-support/nss/nss_3.45.bb | 267 +++++++++++++++++++++ .../rng-tools/fix-rngd-fail-to-stop.patch | 25 -- .../rng-tools/rng-tools/rngd.service | 3 - .../recipes-support/rng-tools/rng-tools_6.7.bb | 5 +- poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb | 8 - poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb | 8 + poky/meta/recipes-support/vte/vte_0.56.1.bb | 57 ----- poky/meta/recipes-support/vte/vte_0.56.3.bb | 57 +++++ 24 files changed, 702 insertions(+), 620 deletions(-) delete mode 100644 poky/meta/recipes-support/curl/curl_7.65.1.bb create mode 100644 poky/meta/recipes-support/curl/curl_7.65.2.bb delete mode 100644 poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb create mode 100644 poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb delete mode 100644 poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb create mode 100644 poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb delete mode 120000 poky/meta/recipes-support/libcap-ng/libcap-ng delete mode 100644 poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch create mode 100644 poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch create mode 100644 poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch create mode 100644 poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch delete mode 100644 poky/meta/recipes-support/nss/nss_3.44.bb create mode 100644 poky/meta/recipes-support/nss/nss_3.45.bb delete mode 100644 poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch delete mode 100644 poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb create mode 100644 poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb delete mode 100644 poky/meta/recipes-support/vte/vte_0.56.1.bb create mode 100644 poky/meta/recipes-support/vte/vte_0.56.3.bb (limited to 'poky/meta/recipes-support') diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc index 9be3717fd..033020258 100644 --- a/poky/meta/recipes-support/boost/boost.inc +++ b/poky/meta/recipes-support/boost/boost.inc @@ -2,6 +2,8 @@ SUMMARY = "Free peer-reviewed portable C++ source libraries" SECTION = "libs" DEPENDS = "bjam-native zlib bzip2" +CVE_PRODUCT = "boost:boost" + ARM_INSTRUCTION_SET_armv4 = "arm" ARM_INSTRUCTION_SET_armv5 = "arm" diff --git a/poky/meta/recipes-support/curl/curl_7.65.1.bb b/poky/meta/recipes-support/curl/curl_7.65.1.bb deleted file mode 100644 index e7bfe6cc0..000000000 --- a/poky/meta/recipes-support/curl/curl_7.65.1.bb +++ /dev/null @@ -1,80 +0,0 @@ -SUMMARY = "Command line tool and library for client-side URL transfers" -HOMEPAGE = "http://curl.haxx.se/" -BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" -SECTION = "console/network" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" - -SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ - file://0001-replace-krb5-config-with-pkg-config.patch \ -" - -SRC_URI[md5sum] = "03ca3fa53ac4d791be66e30ba75b56ea" -SRC_URI[sha256sum] = "cbd36df60c49e461011b4f3064cff1184bdc9969a55e9608bf5cadec4686e3f7" - -CVE_PRODUCT = "curl libcurl" -inherit autotools pkgconfig binconfig multilib_header - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" -PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" -PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" - -# 'ares' and 'threaded-resolver' are mutually exclusive -PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares" -PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" -PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" -PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" -PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," -PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" -PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" -PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" -PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," -PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" -PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," -PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," -PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," -PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver" -PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" - -EXTRA_OECONF = " \ - --disable-libcurl-option \ - --disable-ntlm-wb \ - --enable-crypto-auth \ - --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libmetalink \ - --without-libpsl \ -" - -do_install_append_class-target() { - # cleanup buildpaths from curl-config - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - ${D}${bindir}/curl-config -} - -PACKAGES =+ "lib${BPN}" - -FILES_lib${BPN} = "${libdir}/lib*.so.*" -RRECOMMENDS_lib${BPN} += "ca-certificates" - -FILES_${PN} += "${datadir}/zsh" - -inherit multilib_script -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/curl/curl_7.65.2.bb b/poky/meta/recipes-support/curl/curl_7.65.2.bb new file mode 100644 index 000000000..2fff04434 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl_7.65.2.bb @@ -0,0 +1,80 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" + +SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ + file://0001-replace-krb5-config-with-pkg-config.patch \ +" + +SRC_URI[md5sum] = "88910bdda3752a98083b6dbe85bafcaa" +SRC_URI[sha256sum] = "8093398b51e7d8337dac6f8fa6f1f77d562bdd9eca679dff9d9c3b8160ebfd28" + +CVE_PRODUCT = "curl libcurl" +inherit autotools pkgconfig binconfig multilib_header + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" +PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libmetalink \ + --without-libpsl \ +" + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb deleted file mode 100644 index 7cc78a685..000000000 --- a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "Miscellaneous utilities specific to Debian" -SECTION = "base" -LICENSE = "GPLv2 & SMAIL_GPL" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=f01a5203d50512fc4830b4332b696a9f" - -SRC_URI = "http://snapshot.debian.org/archive/debian/20190217T160716Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz" -# the package is taken from snapshots.debian.org; that source is static and goes stale -# so we check the latest upstream from a directory that does get updated -UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/${BPN}/" - -SRC_URI[md5sum] = "80e2e670d8f6c0036770e971237f1f5c" -SRC_URI[sha256sum] = "099f1e8a7278b26145a2ba2dda84c4118403bfab38c8d7070a6235a7ffcb55ed" - -S = "${WORKDIR}/${BPN}" - -inherit autotools update-alternatives - -do_configure_prepend() { - sed -i -e 's:tempfile.1 which.1:which.1:g' ${S}/Makefile.am -} - -do_install_append() { - if [ "${base_bindir}" != "${bindir}" ]; then - # Debian places some utils into ${base_bindir} as does busybox - install -d ${D}${base_bindir} - for app in run-parts tempfile; do - mv ${D}${bindir}/$app ${D}${base_bindir}/$app - done - fi -} - -# Note that we package the update-alternatives name. -# -PACKAGES =+ "${PN}-run-parts" -FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils" - -RDEPENDS_${PN} += "${PN}-run-parts" -RDEPENDS_${PN}_class-native = "" - -ALTERNATIVE_PRIORITY="30" -ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which" - -ALTERNATIVE_PRIORITY_${PN}-run-parts = "60" -ALTERNATIVE_${PN}-run-parts = "run-parts" - -ALTERNATIVE_${PN}-doc = "which.1" -ALTERNATIVE_LINK_NAME[which.1] = "${mandir}/man1/which.1" - -ALTERNATIVE_LINK_NAME[add-shell]="${sbindir}/add-shell" -ALTERNATIVE_LINK_NAME[installkernel]="${sbindir}/installkernel" -ALTERNATIVE_LINK_NAME[remove-shell]="${sbindir}/remove-shell" -ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts" -ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog" -ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile" -ALTERNATIVE_LINK_NAME[which]="${bindir}/which" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb new file mode 100644 index 000000000..a69d01e0f --- /dev/null +++ b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb @@ -0,0 +1,55 @@ +SUMMARY = "Miscellaneous utilities specific to Debian" +SECTION = "base" +LICENSE = "GPLv2 & SMAIL_GPL" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=f01a5203d50512fc4830b4332b696a9f" + +SRC_URI = "http://snapshot.debian.org/archive/debian/20190717T213444Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz" +# the package is taken from snapshots.debian.org; that source is static and goes stale +# so we check the latest upstream from a directory that does get updated +UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/${BPN}/" + +SRC_URI[md5sum] = "ca57cc6621275346d7d516ab0b5fa1f5" +SRC_URI[sha256sum] = "2cc7de3afc6df1cf6d00af9938efac7ee8f739228e548e512ddc186b6a7be221" + +inherit autotools update-alternatives + +do_configure_prepend() { + sed -i -e 's:tempfile.1 which.1:which.1:g' ${S}/Makefile.am +} + +do_install_append() { + if [ "${base_bindir}" != "${bindir}" ]; then + # Debian places some utils into ${base_bindir} as does busybox + install -d ${D}${base_bindir} + for app in run-parts tempfile; do + mv ${D}${bindir}/$app ${D}${base_bindir}/$app + done + fi +} + +# Note that we package the update-alternatives name. +# +PACKAGES =+ "${PN}-run-parts" +FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils" + +RDEPENDS_${PN} += "${PN}-run-parts" +RDEPENDS_${PN}_class-native = "" + +ALTERNATIVE_PRIORITY="30" +ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which" + +ALTERNATIVE_PRIORITY_${PN}-run-parts = "60" +ALTERNATIVE_${PN}-run-parts = "run-parts" + +ALTERNATIVE_${PN}-doc = "which.1" +ALTERNATIVE_LINK_NAME[which.1] = "${mandir}/man1/which.1" + +ALTERNATIVE_LINK_NAME[add-shell]="${sbindir}/add-shell" +ALTERNATIVE_LINK_NAME[installkernel]="${sbindir}/installkernel" +ALTERNATIVE_LINK_NAME[remove-shell]="${sbindir}/remove-shell" +ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts" +ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog" +ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile" +ALTERNATIVE_LINK_NAME[which]="${bindir}/which" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb deleted file mode 100644 index cb7c6c5c6..000000000 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb +++ /dev/null @@ -1,56 +0,0 @@ -SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" -HOMEPAGE = "http://www.gnupg.org/" -LICENSE = "GPLv3 & LGPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \ - file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257" - -DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt" - -inherit autotools gettext texinfo pkgconfig - -UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" -SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://0001-Use-pkg-config-to-find-pth-instead-of-pth-config.patch \ - file://0002-use-pkgconfig-instead-of-npth-config.patch \ - file://0003-dirmngr-uses-libgpg-error.patch \ - file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ - file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ - " -SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ - file://relocate.patch" - - -SRC_URI[md5sum] = "d90e186df1c06845880ea58a318f070b" -SRC_URI[sha256sum] = "6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb" - -EXTRA_OECONF = "--disable-ldap \ - --disable-ccid-driver \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-bzip2=${STAGING_LIBDIR}/.. \ - --with-readline=${STAGING_LIBDIR}/.. \ - --enable-gpg-is-gpg2 \ - " -RRECOMMENDS_${PN} = "pinentry" - -do_configure_prepend () { - # Else these could be used in prefernce to those in aclocal-copy - rm -f ${S}/m4/gpg-error.m4 - rm -f ${S}/m4/libassuan.m4 - rm -f ${S}/m4/ksba.m4 - rm -f ${S}/m4/libgcrypt.m4 -} - -do_install_append() { - ln -sf gpg2 ${D}${bindir}/gpg - ln -sf gpgv2 ${D}${bindir}/gpgv -} - -do_install_append_class-native() { - create_wrapper ${D}${bindir}/gpg2 GNUPG_BINDIR=${STAGING_BINDIR_NATIVE} -} - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls" -PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb new file mode 100644 index 000000000..e5456dd9b --- /dev/null +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb @@ -0,0 +1,55 @@ +SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" +HOMEPAGE = "http://www.gnupg.org/" +LICENSE = "GPLv3 & LGPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \ + file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257" + +DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt" + +inherit autotools gettext texinfo pkgconfig + +UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" +SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ + file://0001-Use-pkg-config-to-find-pth-instead-of-pth-config.patch \ + file://0002-use-pkgconfig-instead-of-npth-config.patch \ + file://0003-dirmngr-uses-libgpg-error.patch \ + file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ + file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + " +SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ + file://relocate.patch" + +SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c" +SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514" + +EXTRA_OECONF = "--disable-ldap \ + --disable-ccid-driver \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-bzip2=${STAGING_LIBDIR}/.. \ + --with-readline=${STAGING_LIBDIR}/.. \ + --enable-gpg-is-gpg2 \ + " +RRECOMMENDS_${PN} = "pinentry" + +do_configure_prepend () { + # Else these could be used in prefernce to those in aclocal-copy + rm -f ${S}/m4/gpg-error.m4 + rm -f ${S}/m4/libassuan.m4 + rm -f ${S}/m4/ksba.m4 + rm -f ${S}/m4/libgcrypt.m4 +} + +do_install_append() { + ln -sf gpg2 ${D}${bindir}/gpg + ln -sf gpgv2 ${D}${bindir}/gpgv +} + +do_install_append_class-native() { + create_wrapper ${D}${bindir}/gpg2 GNUPG_BINDIR=${STAGING_BINDIR_NATIVE} +} + +PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls" +PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng b/poky/meta/recipes-support/libcap-ng/libcap-ng deleted file mode 120000 index fb7744d29..000000000 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng +++ /dev/null @@ -1 +0,0 @@ -libcap-ng-python \ No newline at end of file diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch b/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch deleted file mode 100644 index d60a0a39b..000000000 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch +++ /dev/null @@ -1,62 +0,0 @@ -From b4a354ae8d4f7c2ec3ec421c7d8a790cc57e77a9 Mon Sep 17 00:00:00 2001 -From: Li xin -Date: Sat, 18 Jul 2015 23:03:30 +0900 -Subject: [PATCH] configure.ac - Avoid an incorrect check for python. - Makefile.am - avoid hard coded host include paths. - -Upstream-Status: pending - -Signed-off-by: Mark Hatle -Signed-off-by: Li Xin -Signed-off-by: Yi Zhao ---- - bindings/python/Makefile.am | 4 +++- - configure.ac | 17 ++--------------- - 2 files changed, 5 insertions(+), 16 deletions(-) - -diff --git a/bindings/python/Makefile.am b/bindings/python/Makefile.am -index 999b184..c8e49db 100644 ---- a/bindings/python/Makefile.am -+++ b/bindings/python/Makefile.am -@@ -23,7 +23,9 @@ - SUBDIRS = test - CONFIG_CLEAN_FILES = *.loT *.rej *.orig - AM_CFLAGS = -fPIC -DPIC --AM_CPPFLAGS = -I. -I$(top_builddir) -I@PYINCLUDEDIR@ -+PYLIBVER ?= python$(PYTHON_VERSION) -+PYINC ?= /usr/include/$(PYLIBVER) -+AM_CPPFLAGS = -I. -I$(top_builddir) -I$(PYINC) - SWIG_FLAGS = -python - SWIG_INCLUDES = ${AM_CPPFLAGS} - pyexec_PYTHON = capng.py -diff --git a/configure.ac b/configure.ac -index 7f66179..079d026 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -123,21 +123,8 @@ if test x$use_python = xno ; then - else - AC_MSG_RESULT(testing) - AM_PATH_PYTHON --PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"` --if test -f ${PYINCLUDEDIR}/Python.h ; then -- python_found="yes" -- AC_SUBST(PYINCLUDEDIR) -- pybind_dir="python" -- AC_SUBST(pybind_dir) -- AC_MSG_NOTICE(Python bindings will be built) --else -- python_found="no" -- if test x$use_python = xyes ; then -- AC_MSG_ERROR([Python explicitly requested and python headers were not found]) -- else -- AC_MSG_WARN("Python headers not found - python bindings will not be made") -- fi --fi -+python_found="yes" -+AC_MSG_NOTICE(Python bindings will be built) - fi - AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes") - --- -2.7.4 - diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb index e49b445f5..43f76dc56 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb @@ -1,5 +1,7 @@ require libcap-ng.inc +FILESEXTRAPATHS_prepend := "${THISDIR}/libcap-ng:" + SUMMARY .= " - python" inherit lib_package autotools python3native diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch b/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch new file mode 100644 index 000000000..d60a0a39b --- /dev/null +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch @@ -0,0 +1,62 @@ +From b4a354ae8d4f7c2ec3ec421c7d8a790cc57e77a9 Mon Sep 17 00:00:00 2001 +From: Li xin +Date: Sat, 18 Jul 2015 23:03:30 +0900 +Subject: [PATCH] configure.ac - Avoid an incorrect check for python. + Makefile.am - avoid hard coded host include paths. + +Upstream-Status: pending + +Signed-off-by: Mark Hatle +Signed-off-by: Li Xin +Signed-off-by: Yi Zhao +--- + bindings/python/Makefile.am | 4 +++- + configure.ac | 17 ++--------------- + 2 files changed, 5 insertions(+), 16 deletions(-) + +diff --git a/bindings/python/Makefile.am b/bindings/python/Makefile.am +index 999b184..c8e49db 100644 +--- a/bindings/python/Makefile.am ++++ b/bindings/python/Makefile.am +@@ -23,7 +23,9 @@ + SUBDIRS = test + CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC +-AM_CPPFLAGS = -I. -I$(top_builddir) -I@PYINCLUDEDIR@ ++PYLIBVER ?= python$(PYTHON_VERSION) ++PYINC ?= /usr/include/$(PYLIBVER) ++AM_CPPFLAGS = -I. -I$(top_builddir) -I$(PYINC) + SWIG_FLAGS = -python + SWIG_INCLUDES = ${AM_CPPFLAGS} + pyexec_PYTHON = capng.py +diff --git a/configure.ac b/configure.ac +index 7f66179..079d026 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,21 +123,8 @@ if test x$use_python = xno ; then + else + AC_MSG_RESULT(testing) + AM_PATH_PYTHON +-PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"` +-if test -f ${PYINCLUDEDIR}/Python.h ; then +- python_found="yes" +- AC_SUBST(PYINCLUDEDIR) +- pybind_dir="python" +- AC_SUBST(pybind_dir) +- AC_MSG_NOTICE(Python bindings will be built) +-else +- python_found="no" +- if test x$use_python = xyes ; then +- AC_MSG_ERROR([Python explicitly requested and python headers were not found]) +- else +- AC_MSG_WARN("Python headers not found - python bindings will not be made") +- fi +-fi ++python_found="yes" ++AC_MSG_NOTICE(Python bindings will be built) + fi + AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes") + +-- +2.7.4 + diff --git a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch index 2331a766a..c78d6fd98 100644 --- a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch +++ b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch @@ -5,7 +5,7 @@ Subject: [PATCH] gtk-doc: do not include tree_index.sgml gtk-doc 1.30 no longer generates the file if the object tree is empty -Upstream-Status: Submitted [https://github.com/rockdaboot/libpsl/pull/137] +Upstream-Status: Backport [87d1add318b5e5d09977f7f374e923577b6ff3be] Signed-off-by: Alexander Kanavin --- docs/libpsl/libpsl-docs.sgml | 4 ---- diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 000000000..ef3f2709f --- /dev/null +++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch @@ -0,0 +1,33 @@ +From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 27 Apr 2019 11:19:48 +0200 +Subject: [PATCH] Fix uninitialized read of xsl:number token + +Found by OSS-Fuzz. + +CVE: CVE-2019-13117 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] +Signed-off-by: Anuj Mittal +--- + libxslt/numbers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index 89e1f668..75c31eba 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, + tokens->tokens[tokens->nTokens].token = val - 1; + ix += len; + val = xmlStringCurrentChar(NULL, format+ix, &len); +- } ++ } else { ++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; ++ tokens->tokens[tokens->nTokens].width = 1; ++ } + } else if ( (val == (xmlChar)'A') || + (val == (xmlChar)'a') || + (val == (xmlChar)'I') || +-- +2.21.0 + diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch new file mode 100644 index 000000000..595e6c2f3 --- /dev/null +++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch @@ -0,0 +1,76 @@ +From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Mon, 3 Jun 2019 13:14:45 +0200 +Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars + +The character type in xsltFormatNumberConversion was too narrow and +an invalid character/length combination could be passed to +xsltNumberFormatDecimal, resulting in an uninitialized read. + +Found by OSS-Fuzz. + +CVE: CVE-2019-13118 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b] +Signed-off-by: Anuj Mittal + +--- + libxslt/numbers.c | 5 +++-- + tests/docs/bug-222.xml | 1 + + tests/general/bug-222.out | 2 ++ + tests/general/bug-222.xsl | 6 ++++++ + 4 files changed, 12 insertions(+), 2 deletions(-) + create mode 100644 tests/docs/bug-222.xml + create mode 100644 tests/general/bug-222.out + create mode 100644 tests/general/bug-222.xsl + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index f1ed8846..20b99d5a 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: + number = floor((scale * number + 0.5)) / scale; + if ((self->grouping != NULL) && + (self->grouping[0] != 0)) { ++ int gchar; + + len = xmlStrlen(self->grouping); +- pchar = xsltGetUTF8Char(self->grouping, &len); ++ gchar = xsltGetUTF8Char(self->grouping, &len); + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, + format_info.group, +- pchar, len); ++ gchar, len); + } else + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, +diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml +new file mode 100644 +index 00000000..69d62f2c +--- /dev/null ++++ b/tests/docs/bug-222.xml +@@ -0,0 +1 @@ ++ +diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out +new file mode 100644 +index 00000000..e3139698 +--- /dev/null ++++ b/tests/general/bug-222.out +@@ -0,0 +1,2 @@ ++ ++1⠢0 +diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl +new file mode 100644 +index 00000000..e32dc473 +--- /dev/null ++++ b/tests/general/bug-222.xsl +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +-- +2.21.0 + diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb index 6320a821d..abc00a09e 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb @@ -10,6 +10,8 @@ DEPENDS = "libxml2" SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ file://0001-Fix-security-framework-bypass.patch \ + file://CVE-2019-13117.patch \ + file://CVE-2019-13118.patch \ " SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" diff --git a/poky/meta/recipes-support/nss/nss_3.44.bb b/poky/meta/recipes-support/nss/nss_3.44.bb deleted file mode 100644 index 4205d7948..000000000 --- a/poky/meta/recipes-support/nss/nss_3.44.bb +++ /dev/null @@ -1,267 +0,0 @@ -SUMMARY = "Mozilla's SSL and TLS implementation" -DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ -designed to support cross-platform development of \ -security-enabled client and server applications. \ -Applications built with NSS can support SSL v2 and v3, \ -TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ -v3 certificates, and other security standards." -HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" -SECTION = "libs" - -DEPENDS = "sqlite3 nspr zlib nss-native" -DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" - -LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" - -LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ - file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ - file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" - -VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" - -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ - file://nss.pc.in \ - file://signlibs.sh \ - file://0001-nss-fix-support-cross-compiling.patch \ - file://nss-no-rpath-for-cross-compiling.patch \ - file://nss-fix-incorrect-shebang-of-perl.patch \ - file://nss-fix-nsinstall-build.patch \ - file://disable-Wvarargs-with-clang.patch \ - file://pqg.c-ULL_addend.patch \ - file://blank-cert9.db \ - file://blank-key4.db \ - file://system-pkcs11.txt \ - " - -SRC_URI[md5sum] = "e9222b9573452b9f4e6ff4915d6407c2" -SRC_URI[sha256sum] = "a5620e59b6eeedfd5a12c9298b50ad92e9898b223e214eb675e36f4ffb5b6aff" - -UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" -UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" - -inherit siteinfo - -TD = "${S}/tentative-dist" -TDS = "${S}/tentative-dist-staging" - -TARGET_CC_ARCH += "${LDFLAGS}" - -do_configure_prepend_libc-musl () { - sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk -} - -do_compile_prepend_class-native() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} - export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} - export NSS_ENABLE_WERROR=0 -} - -do_compile_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_compile_prepend_class-native() { - # Need to set RPATH so that chrpath will do its job correctly - RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" -} - -do_compile() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export NATIVE_FLAGS="${BUILD_CFLAGS}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - # We can modify CC in the environment, but if we set it via an - # argument to make, nsinstall, a host program, will also build with it! - # - # nss pretty much does its own thing with CFLAGS, so we put them into CC. - # Optimization will get clobbered, but most of the stuff will survive. - # The motivation for this is to point to the correct place for debug - # source files and CFLAGS does that. Nothing uses CCC. - # - export CC="${CC} ${CFLAGS}" - make -C ./nss CCC="${CXX} -g" \ - OS_TEST=${OS_TEST} \ - RPATH="${RPATH}" -} - -do_compile[vardepsexclude] += "SITEINFO_BITS" - -do_install_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_install() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - CPU_ARCH=aarch64 - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - make -C ./nss \ - CCC="${CXX}" \ - OS_TEST=${OS_TEST} \ - SOURCE_LIB_DIR="${TD}/${libdir}" \ - SOURCE_BIN_DIR="${TD}/${bindir}" \ - install - - install -d ${D}/${libdir}/ - for file in ${S}/dist/*.OBJ/lib/*.so; do - echo "Installing `basename $file`..." - cp $file ${D}/${libdir}/ - done - - for shared_lib in ${TD}/${libdir}/*.so.*; do - if [ -f $shared_lib ]; then - cp $shared_lib ${D}/${libdir} - ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) - fi - done - for shared_lib in ${TD}/${libdir}/*.so; do - if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then - cp $shared_lib ${D}/${libdir} - fi - done - - install -d ${D}/${includedir}/nss3 - install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* - - install -d ${D}/${bindir} - for binary in ${TD}/${bindir}/*; do - install -m 755 -t ${D}/${bindir} $binary - done -} - -do_install[vardepsexclude] += "SITEINFO_BITS" - -do_install_append() { - # Create empty .chk files for the NSS libraries at build time. They could - # be regenerated at target's boot time. - for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do - touch ${D}/${libdir}/$file - chmod 755 ${D}/${libdir}/$file - done - install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh - - install -d ${D}${libdir}/pkgconfig/ - sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc -} - -do_install_append_class-target() { - # It used to call certutil to create a blank certificate with empty password at - # build time, but the checksum of key4.db changes every time when certutil is called. - # It causes non-determinism issue, so provide databases with a blank certificate - # which are originally from output of nss in qemux86-64 build. You can get these - # databases by: - # certutil -N -d sql:/database/path/ --empty-password - install -d ${D}${sysconfdir}/pki/nssdb/ - install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db - install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db - install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt -} - -PACKAGE_WRITE_DEPS += "nss-native" -pkg_postinst_${PN} () { - if [ -n "$D" ]; then - for I in $D${libdir}/lib*.chk; do - DN=`dirname $I` - BN=`basename $I .chk` - FN=$DN/$BN.so - shlibsign -i $FN - if [ $? -ne 0 ]; then - exit 1 - fi - done - else - signlibs.sh - fi -} - -PACKAGES =+ "${PN}-smime" -FILES_${PN}-smime = "\ - ${bindir}/smime \ -" - -FILES_${PN} = "\ - ${sysconfdir} \ - ${bindir} \ - ${libdir}/lib*.chk \ - ${libdir}/lib*.so \ - " - -FILES_${PN}-dev = "\ - ${libdir}/nss \ - ${libdir}/pkgconfig/* \ - ${includedir}/* \ - " - -RDEPENDS_${PN}-smime = "perl" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/nss/nss_3.45.bb b/poky/meta/recipes-support/nss/nss_3.45.bb new file mode 100644 index 000000000..e89e7d69d --- /dev/null +++ b/poky/meta/recipes-support/nss/nss_3.45.bb @@ -0,0 +1,267 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://signlibs.sh \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://nss-fix-nsinstall-build.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + " + +SRC_URI[md5sum] = "f1752d7223ee9d910d551e57264bafa8" +SRC_URI[sha256sum] = "112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} + export NSS_ENABLE_WERROR=0 +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export NATIVE_FLAGS="${BUILD_CFLAGS}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + exit 1 + fi + done + else + signlibs.sh + fi +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch b/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch deleted file mode 100644 index 58cf3f9d5..000000000 --- a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch +++ /dev/null @@ -1,25 +0,0 @@ -It fails to stop rngd. It just shows warnings when stop rngd such as by: - -$ systemctl stop rngd.service - -but stalls shutdown untill daemon rngd is killed. - -Backport patch to fix the issue. - -Upstream-Status: Backport [https://bugzilla.redhat.com/show_bug.cgi?id=1690364#c8] - -Signed-off-by: Kai Kang ---- -diff --git a/rngd_jitter.c b/rngd_jitter.c -index 54070ae..7a69bf9 100644 ---- a/rngd_jitter.c -+++ b/rngd_jitter.c -@@ -280,7 +280,7 @@ static void *thread_entropy_task(void *data) - - /* Write to pipe */ - written = 0; -- while(written != me->buf_sz) { -+ while(me->active && written != me->buf_sz) { - message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n"); - ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written); - message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret); diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service index b1a78527b..49d5de294 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service @@ -1,8 +1,5 @@ [Unit] Description=Hardware RNG Entropy Gatherer Daemon -DefaultDependencies=no -After=systemd-udev-settle.service -Before=sysinit.target [Service] EnvironmentFile=-@SYSCONFDIR@/default/rng-tools diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb index aeb558b2b..b4e453f67 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb @@ -10,7 +10,6 @@ DEPENDS = "sysfsutils" SRC_URI = "\ git://github.com/nhorman/rng-tools.git \ - file://fix-rngd-fail-to-stop.patch \ file://init \ file://default \ file://rngd.service \ @@ -46,8 +45,8 @@ do_install_append() { install -Dm 0644 ${WORKDIR}/rngd.service \ ${D}${systemd_system_unitdir}/rngd.service sed -i \ - -e 's,@SYSCONFDIR@,${sysconfdir},' \ - -e 's,@SBINDIR@,${sbindir},' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ ${D}${sysconfdir}/init.d/rng-tools \ ${D}${systemd_system_unitdir}/rngd.service } diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb deleted file mode 100644 index 438a4ea47..000000000 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb +++ /dev/null @@ -1,8 +0,0 @@ -require sqlite3.inc - -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" - -SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz" -SRC_URI[md5sum] = "3c68eb400f8354605736cd55400e1572" -SRC_URI[sha256sum] = "d61b5286f062adfce5125eaf544d495300656908e61fca143517afcc0a89b7c3" diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb new file mode 100644 index 000000000..07e36bede --- /dev/null +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb @@ -0,0 +1,8 @@ +require sqlite3.inc + +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" + +SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" +SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b" diff --git a/poky/meta/recipes-support/vte/vte_0.56.1.bb b/poky/meta/recipes-support/vte/vte_0.56.1.bb deleted file mode 100644 index 702436b36..000000000 --- a/poky/meta/recipes-support/vte/vte_0.56.1.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "Virtual terminal emulator GTK+ widget library" -BUGTRACKER = "https://bugzilla.gnome.org/buglist.cgi?product=vte" -LICENSE = "GPLv3 & LGPLv3+ & LGPLv2.1+" -LICENSE_libvte = "LGPLv3+" - -LIC_FILES_CHKSUM = " \ - file://COPYING.GPL3;md5=2f31b266d3440dd7ee50f92cf67d8e6c \ - file://COPYING.LGPL2;md5=4fbd65380cdd255951079008b364516c \ - file://COPYING.LGPL3;md5=b52f2d57d10c4f7ee67a7eb9615d5d24 \ -" - -DEPENDS = "glib-2.0 gtk+3 libpcre2 intltool-native libxml2-native gperf-native" - -inherit gnomebase gtk-doc distro_features_check upstream-version-is-even gobject-introspection - -# vapigen.m4 is required when vala is not present (but the one from vala should be used normally) -SRC_URI += "file://0001-Don-t-enable-stack-protection-by-default.patch \ - ${@bb.utils.contains('PACKAGECONFIG', 'vala', '', 'file://0001-Add-m4-vapigen.m4.patch', d) } \ - file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \ - file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ - " -SRC_URI[archive.md5sum] = "a8984cd5a101dbff0b0c875d1de3f692" -SRC_URI[archive.sha256sum] = "02fa8ecc02a9332e47f486795494527b5687b3bd448e73e6b67285f2f326dc7c" - -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" - -# Instead of "inherit vala" we do the relevant settings here so we can -# set DEPENDS based on PACKAGECONFIG. - -# Our patched version of Vala looks in STAGING_DATADIR for .vapi files -export STAGING_DATADIR -# Upstream Vala >= 0.11 looks in XDG_DATA_DIRS for .vapi files -export XDG_DATA_DIRS = "${STAGING_DATADIR}" - -# Help g-ir-scanner find the .so for linking -do_compile_prepend() { - export GIR_EXTRA_LIBS_PATH="${B}/src/.libs" -} - -# Package additional files -FILES_${PN}-dev += "${datadir}/vala/vapi/*" - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[vala] = "--enable-vala,--disable-vala,vala-native vala" -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" - -CFLAGS += "-D_GNU_SOURCE" - -# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds. -# Use libtool-cross (which has a hack to prevent that) instead. -EXTRA_OEMAKE_class-target = "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool" - -PACKAGES =+ "libvte ${PN}-prompt" -FILES_libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*" -FILES_${PN}-prompt = "${sysconfdir}/profile.d" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/vte/vte_0.56.3.bb b/poky/meta/recipes-support/vte/vte_0.56.3.bb new file mode 100644 index 000000000..0deee175d --- /dev/null +++ b/poky/meta/recipes-support/vte/vte_0.56.3.bb @@ -0,0 +1,57 @@ +SUMMARY = "Virtual terminal emulator GTK+ widget library" +BUGTRACKER = "https://bugzilla.gnome.org/buglist.cgi?product=vte" +LICENSE = "GPLv3 & LGPLv3+ & LGPLv2.1+" +LICENSE_libvte = "LGPLv3+" + +LIC_FILES_CHKSUM = " \ + file://COPYING.GPL3;md5=2f31b266d3440dd7ee50f92cf67d8e6c \ + file://COPYING.LGPL2;md5=4fbd65380cdd255951079008b364516c \ + file://COPYING.LGPL3;md5=b52f2d57d10c4f7ee67a7eb9615d5d24 \ +" + +DEPENDS = "glib-2.0 gtk+3 libpcre2 intltool-native libxml2-native gperf-native" + +inherit gnomebase gtk-doc distro_features_check upstream-version-is-even gobject-introspection + +# vapigen.m4 is required when vala is not present (but the one from vala should be used normally) +SRC_URI += "file://0001-Don-t-enable-stack-protection-by-default.patch \ + ${@bb.utils.contains('PACKAGECONFIG', 'vala', '', 'file://0001-Add-m4-vapigen.m4.patch', d) } \ + file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \ + file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ + " +SRC_URI[archive.md5sum] = "adf341807861a5dad9f98e5c701c0769" +SRC_URI[archive.sha256sum] = "17a1d4bc8848f1d2acfa4c20aaa24b9bac49f057b8909c56d3dafec2e2332648" + +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" + +# Instead of "inherit vala" we do the relevant settings here so we can +# set DEPENDS based on PACKAGECONFIG. + +# Our patched version of Vala looks in STAGING_DATADIR for .vapi files +export STAGING_DATADIR +# Upstream Vala >= 0.11 looks in XDG_DATA_DIRS for .vapi files +export XDG_DATA_DIRS = "${STAGING_DATADIR}" + +# Help g-ir-scanner find the .so for linking +do_compile_prepend() { + export GIR_EXTRA_LIBS_PATH="${B}/src/.libs" +} + +# Package additional files +FILES_${PN}-dev += "${datadir}/vala/vapi/*" + +PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG[vala] = "--enable-vala,--disable-vala,vala-native vala" +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" + +CFLAGS += "-D_GNU_SOURCE" + +# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds. +# Use libtool-cross (which has a hack to prevent that) instead. +EXTRA_OEMAKE_class-target = "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool" + +PACKAGES =+ "libvte ${PN}-prompt" +FILES_libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*" +FILES_${PN}-prompt = "${sysconfdir}/profile.d" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3