diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-05-27 09:23:47 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-05-27 09:29:33 +0300 |
| commit | eee7d70a4dbbd89645098df2397aa3f4e5d8baa0 (patch) | |
| tree | 6d5e9c8499e6106fd31b902694ad519941460ed8 | |
| parent | 776d5d2fd95e177490624f4f2f1b2f91a20a3e77 (diff) | |
| download | openbmc-eee7d70a4dbbd89645098df2397aa3f4e5d8baa0.tar.xz | |
subtree updates
meta-openembedded: 346681e7bf..11eae11452:
Aditya.Tayade (1):
neon: Add ptest
Andrei Gherzan (1):
nss: Fix warnings generated by getcwd
Andrej Kozemcak (1):
libupnp: Fix CVE-2020-13848
Armin Kuster (3):
wireguard: fix build issue with updated 5.4 kernel
nostromo: Blacklist and exclude from world builds
packagegroup-meta-webserver: remove nostromo from pkg grp
Clément Péron (1):
nodejs: 12.20.2 -> 12.21.0
Khem Raj (1):
linuxptp: Fix cross build
Marek Vasut (1):
freerdp: Add missing libxkbcommon WL dependency
Martin Jansa (9):
opencv: refresh patches with devtool to apply cleanly
ceres-solver: prevent fetching git hook during do_configure
packagegroup-meta-oe: include nodejs without meta-python2 conditional
packagegroup-meta-oe: move the packages depending on meta-python2 to separate packages
packagegroup-meta-oe: add guider
uml-utilities: fix installed-vs-shipped with usrmerge
telepathy-glib: respect GI_DATA_ENABLED when enabling vala-bindings
libyui: switch to libyui-old repo which still has this SRCREV
ostree: switch from default master branch to main to fix do_fetch failure
Mingli Yu (2):
hostapd: fix CVE-2019-5061
hostapd: fix CVE-2021-0326 and CVE-2021-27803
Neetika Singh (1):
opencv: Security fixes
Peace Lee (2):
guider: Upgrade to 3.9.7
Update commit for version 3.9.7
Rahul Taya (1):
nghttp2: Add fix for CVE-2020-11080
Saloni Jain (1):
fuse: Whitelisted CVE-2019-14860
Sana Kazi (1):
mdns: Whitelisted CVE-2007-0613 for mdns
Sean Nyekjaer (1):
nodejs: 12.20.1 -> 12.20.2
Stefan Ghinea (1):
hostapd: fix CVE-2021-30004
changqing.li@windriver.com (1):
thin-provisioning-tools: switch branch from master to main
poky: d20ef1f5a5..6ebb33bdac:
Alejandro Hernandez Samaniego (1):
devtool: Fix do_kernel_configme task
Alexander Kanavin (11):
selftest/reproducible: enable world reproducibility test
selftest/reproducible: add an exclusion list for items that are not yet reproducible
selftest/reproducible: track unusued entries in the exclusion list
oeqa: tear down oeqa decorators if one of them raises an exception in setup
meta/lib/oeqa/core/tests/cases/timeout.py: add a testcase for the previous fix
diffoscope: add native libraries to LD_LIBRARY_PATH
Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
ovmf: update to 202002
ovmf: update to 202005
ovmf: update edk2-stable202005 -> edk2-stable202008
linux-firmware: upgrade 20210208 -> 20210315
Anatol Belski (2):
glibc: Pull latest 2.31 HEAD
tar: Fix CVE-2021-20193
Anton D. Kachalov (1):
run-postinsts: do not remove postinsts directory.
Anuj Mittal (1):
lsb-release: fix reproducibility failure
Bruce Ashfield (14):
linux-yocto/5.4: update to v5.4.99
linux-yocto/5.4: update to v5.4.101
linux-yocto/5.4: update to v5.4.103
linux-yocto/5.4: update to v5.4.105
linux-yocto/5.4: update to v5.4.107
linux-yocto/5.4: update to v5.4.109
linux-yocto/5.4: update to v5.4.111
linux-yocto/5.4: update to v5.4.112
linux-yocto/5.4: fix arm defconfig warnings
linux-yocto/5.4: update to v5.4.114
linux-yocto/5.4: update to v5.4.116
perf: fix python-audit RDEPENDS
make-mod-scripts: add HOSTCXX definitions and gmp-native dependency
linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
Catalin Enache (1):
connman: fix CVE-2021-26675, CVE-2021-26676
Charlie Davies (1):
bitbake-bblayers/create: Fix incorrect priority help message
Chee Yang Lee (1):
initrdscripts: init-install-efi.sh install extra files for ESP
Chen Qi (4):
python3-jinja2: set CVE_PRODUCT
cups: use /run instead /var/run in systemd's unit file
populate_sdk_ext: record METADATA_REVISION
db: update CVE_PRODUCT
Christophe Chapuis (1):
rootfs.py: find .ko.gz and .ko.xz kernel modules as well
Christopher Larson (2):
buildhistory: add missing vardepsexcludes
image,populate_sdk_base: move 'func' flag setting for sdk command vars
Denys Dmytriyenko (1):
maintainers: update own email address
Diego Santa Cruz (1):
iputils: fix various arping regressions
Diego Sueiro (1):
oeqa/selftest/bblayers: Add test case for bitbake-layers layerindex-show-depends
Dorinda (7):
meta/recipes-rt: Add HOMEPAGE / DESCRIPTION
meta-skeleton: Add HOMEPAGE / DESCRIPTION
meta/recipes-extended: Add HOMEPAGE / DESCRIPTION
meta/recipes-support: Add HOMEPAGE / DESCRIPTION
meta/recipes-kernel: Add HOMEPAGE / DESCRIPTION
meta/recipes-multimedia: Add HOMEPAGE / DESCRIPTION
meta/recipes-graphics: Add HOMEPAGE / DESCRIPTION
Dorinda Bassey (3):
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
meta-selftest: Add HOMEPAGE / DESCRIPTION
devshell.bbclass: Exceptions displayed within devpyshell
Douglas Royds (4):
cmake: Fully-qualified path to ar
externalsrc: Detect code changes in submodules
Revert "externalsrc: Detect code changes in submodules"
externalsrc: Detect code changes in submodules
Florian Bezdeka (1):
wic: Warn if an ext filesystem affected by the Y2038 problem is used
Gavin Li (1):
kmod: do not symlink config.guess/config.sub during autoreconf
Guillaume Champagne (1):
image-live.bbclass: optional depends when ROOTFS empty
He Zhe (1):
cryptodev-module: Backport a patch to fix build failure with kernel v5.8
Jan Brzezanski (1):
bitbake: Force parser shutdown after catching an exception
Jon Mason (1):
runqemu: use "raw" instead of "bin" for ovmf
Jose Quaresma (1):
ptest-runner: libgcc must be installed for pthread_cancel to work
Joshua Watt (1):
classes/image: Use xargs to set file timestamps
Kai Uwe Broulik (1):
gstreamer1.0-plugins-good: on wayland qt5 needs qtwayland
Khem Raj (6):
oeqa/pam: Need shadow installed for the tests
rxvt-unicode: Do not use throw specifications
dtc: Fix array-bounds error
documentation-audit.sh: Fix typo in specifying LICENSE_FLAGS_WHITELIST
ca-certificates: Fix openssl runtime cert dependencies
cml1.bbclass: Return sorted list of cfg files
Konrad Weihmann (1):
cve-update-db-native: skip on empty cpe23Uri
Lee Chee Yang (7):
cve-update-db-native: consider version suffix when update CVE db
cve-check: CVE_VERSION_SUFFIX to work with patched release
binutils: fix CVE-2021-3487
subversion: fix CVE-2020-17525
qemu: fix CVE-2021-3392
tiff: fix CVE-2020-35523 CVE-2020-35524
python3-jinja2: 2.11.2 -> 2.11.3
Li Wang (1):
linux-dummy: add empty dependent packages
Marek Vasut (1):
linux-firmware: Package RSI 911x WiFi firmware
Mark Hatle (2):
populate_sdk_ext: Avoid copying and producing .pyc files
kernel.bbclass: Remove do_install[prefunc] no longer needed
Martin Jansa (2):
iso-codes: fix protocol in SRC_URI
wpa-supplicant: update CVE-2021-27803.patch
Meh Mbeh Ida Delphine (6):
recipes-gnome: Add missing HOMEPAGE and DESCRIPTION for recipes
recipes-graphics: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-kernel: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-sato: Add missing HOMEPAGE and DESCRIPTION for recipes
recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipes
Michael Opdenacker (1):
sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure message
Michael Trensch (1):
linux-firmware: Fix packaging
Mike Crowe (1):
curl: Patch CVE-2021-22876 & CVE-2021-22890
Mikko Rapeli (3):
openssl: update to 1.1.1k to fix CVE-2021-3450 and CVE-2021-3449
bitbake: bitbake: tests/fetch: fix test execution without .gitconfig
bitbake: bitbake: tests/fetch: remove write protected files too
Mingli Yu (3):
libtool: make sure autoheader run before autoconf
libtool: make sure autoheader run before automake
groff: not ship /usr/bin/grap2graph
Minjae Kim (3):
wpa-supplicant: fix CVE-2021-27803
qemu: fix CVE-2021-20203
git: fix CVE-2021-21300
Naveen Saini (1):
cryptodev-module: fix build failure with kernel v5.10
Niels Avonds (1):
bitbake: fetch/gitsm: Fix crash when using git LFS and submodules
Peter Budny (1):
lib/oe/terminal: Fix tmux new-session on older tmux versions (<1.9)
Peter Morrow (2):
goarch: map target os to windows for mingw* TARGET_OS
go_1.14: don't set -buildmode=pie when building for windows targets
Petr Vorel (1):
scripts/verify-bashisms: Update checkbashisms.pl URL
Purushottam Choudhary (1):
shadow: whitelist CVE-2013-4235
Reto Schneider (2):
license_image.bbclass: Detect broken symlinks
license_image.bbclass: Fix symlink to generic license files
Richard Purdie (44):
libid3tag: Fix reproducibility issue
syslinux: Fix reproducibility issues
swig: Fix reproducibility issue
efivar: Fix reproducibility issue
selftest/reproducible: Add ability to pull some objects from sstate
build-appliance-image: Drop kernel module handling
bitbake: runqueue: Fix task execution corruption issue
bitbake: runqueue: Add setscene task overlap sanity check
selftest/wic: Fix dependency issue in rawcopy test
build-appliance-image: Update to dunfell head revision
selftest/reproducible: Sort the unused exclusion list
diffoscope: Upgrade 136 -> 168
diffoscope: Upgrade 168 -> 172
oeqa/selftest: Hardcode test assumptions about heartbeat event timings
oeqa/selftest: Ensure packages classes are set correctly for maintainers test
sanity: Add error check for '%' in build path
sanity: Further improve directory sanity tests
pseudo: Upgrade to add trailing slashes ignore path fix
yocto-check-layer: Avoid bug when iterating and autoadding dependencies
bitbake: runqueue: Fix deferred task issues
yocto-uninative: Update to 3.1 which includes a patchelf fix
pybootchart/draw: Avoid divide by zero error
glibc: Document and whitelist CVE-2019-1010022-25
qemu: Exclude CVE-2017-5957 from cve-check
qemu: Exclude CVE-2007-0998 from cve-check
qemu: Exclude CVE-2018-18438 from cve-check
jquery: Exclude CVE-2007-2379 from cve-check
logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
openssh: Exclude CVE-2007-2768 from cve-check
openssh: Exclude CVE-2008-3844 from cve-check
unzip: Exclude CVE-2008-0888 from cve-check
cpio: Exclude CVE-2010-4226 from cve-check
ghostscript: Exclude CVE-2013-6629 from cve-check
bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check
tiff: Exclude CVE-2015-7313 from cve-check
coreutils: Exclude CVE-2016-2781 from cve-check
librsvg: Exclude CVE-2018-1000041 from cve-check
avahi: Exclude CVE-2021-26720 from cve-check
oeqa/qemurunner: Improve logging thread exit handling for qemu shutdown test
oeqa/qemurunner: Fix binary vs str issue
oeqa/qemurunner: Improve handling of run_serial for shutdown commands
Revert "cml1.bbclass: Return sorted list of cfg files"
sstate: Handle manifest 'corruption' issue
build-appliance-image: Update to dunfell head revision
Robert P. J. Day (4):
bitbake-whatchanged: change ending quote to proper period
bitbake.conf: correct description of HOSTTOOLS_DIR
image.bbclass: fix comment "pacackages" -> "packages"
meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring"
Romain Naour (1):
dejagnu: needs expect at runtime
Ross Burton (7):
ptest-packagelists: remove libinput-ptest
insane: don't check for a warning string that is never output
insane: clean up some more warning messages
cairo: backport patch for CVE-2020-35492
libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
builder: whitelist CVE-2008-4178 (a different builder)
bitbake: providers: selected version not available should be a warning
Stefan Ghinea (2):
wpa-supplicant: fix CVE-2021-30004
boost: fix do_fetch failure
Stefan Schmidt (1):
systemd-conf: do not ask for DHCP if configured on kernel command line
Steve Sakoman (11):
Revert "sstatesig.py: show an error instead of warning when sstate manifest isn't found"
documentation: prepare for 3.1.7 release
poky.conf: Bump version for 3.1.7 release
selftest/reproducible: adjust exclusion list for dunfell
lib/package_manager: Use shutil.copy instead of bb.utils.copyfile for intercepts
reproducible.py: add quilt-ptest and valgrind-ptest
poky-tiny.conf: set PREFERRED_VERSION_linux-yocto-tiny to 5.4%
ref-system-requirements.rst: Add Fedora 33 to list of supported distros
documentation: prepare for 3.1.8 release
poky.conf: Add fedora33 as a supported distro
poky.conf: Bump version for 3.1.8 release
Vinay Kumar (1):
Binutils: Fix CVE-2021-20197
Yanfei Xu (1):
parselogs: ignore floppy error on qemu-system-x86 at boot stage
Yann Dirson (1):
linux-firmware: include all relevant files in -bcm4356
Yi Fan Yu (2):
valgrind: Increase timeout duration 30 -> 90 s
libevent: Increase ptest timing tolerance 50 ms -> 100 ms
Zhang Qiang (1):
kernel.bbclass: Configuration for environment with HOSTCXX
zhengruoqin (1):
wireless-regdb: upgrade 2020.11.20 -> 2021.04.21
meta-security: c74cc97641..93232ae6d5:
Armin Kuster (1):
kas-security-base: drop DL_DIR
Ming Liu (12):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
ima-evm-keys: add file-checksums to IMA_EVM_X509
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Omer Akram (4):
Update apparmor to 2.13.6
backport cross-compile python binding fix
Use C preprocessor from the yocto build environment
tests: correctly escape # in Makefile
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ibb369f72ca2601f5582a5608d6bdd516d90bea2a
383 files changed, 6822 insertions, 910 deletions
diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb index 95e870691c..49682b3cd4 100644 --- a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb @@ -19,6 +19,11 @@ SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar. SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" +# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. +# REDHAT has also released the fix and updated their security advisories after significant releases. +CVE_PRODUCT = "fuse" +CVE_CHECK_WHITELIST += "CVE-2019-14860" + UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases" UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch b/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch new file mode 100644 index 0000000000..695a2c94f0 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch @@ -0,0 +1,75 @@ +From c805c1de1141cb22f74c0d94dd5664bda37398e0 Mon Sep 17 00:00:00 2001 +From: Marcelo Roberto Jimenez <marcelo.jimenez@gmail.com> +Date: Thu, 4 Jun 2020 12:03:03 -0300 +Subject: [PATCH] Fixes #177: NULL pointer dereference in + FindServiceControlURLPath + +Also fixes its dual bug in FindServiceEventURLPath. + +Reference: +https://nvd.nist.gov/vuln/detail/CVE-2020-13848 + +Upstream-Status: Accepted [https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0] +CVE: CVE-2020-13848 +Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> + +--- + ChangeLog | 6 ++++++ + upnp/src/genlib/service_table/service_table.c | 16 ++++++++++------ + 2 files changed, 16 insertions(+), 6 deletions(-) +diff --git a/ChangeLog b/ChangeLog +index 4a956fc..265d268 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -2,6 +2,12 @@ + Version 1.8.4 + ******************************************************************************* + ++2020-06-04 Patrik Lantz pjlantz(at)github ++ ++ Fixes #177 ++ ++ NULL pointer dereference in FindServiceControlURLPath ++ + 2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net> + + GitHub #57 - 1.8.3 broke ABI without changing SONAME +diff --git a/upnp/src/genlib/service_table/service_table.c b/upnp/src/genlib/service_table/service_table.c +index 98c2c0f..f3ee4e5 100644 +--- a/upnp/src/genlib/service_table/service_table.c ++++ b/upnp/src/genlib/service_table/service_table.c +@@ -300,12 +300,11 @@ FindServiceEventURLPath( service_table * table, + uri_type parsed_url; + uri_type parsed_url_in; + +- if( ( table ) +- && +- ( parse_uri( eventURLPath, +- strlen( eventURLPath ), +- &parsed_url_in ) == HTTP_SUCCESS ) ) { +- ++ if (!table || !eventURLPath) { ++ return NULL; ++ } ++ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) == ++ HTTP_SUCCESS) { + finger = table->serviceList; + while( finger ) { + if( finger->eventURL ) +@@ -352,11 +351,11 @@ FindServiceControlURLPath( service_table * table, + uri_type parsed_url; + uri_type parsed_url_in; + +- if( ( table ) +- && +- ( parse_uri +- ( controlURLPath, strlen( controlURLPath ), +- &parsed_url_in ) == HTTP_SUCCESS ) ) { ++ if (!table || !controlURLPath) { ++ return NULL; ++ } ++ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) == ++ HTTP_SUCCESS) { + finger = table->serviceList; + while( finger ) { + if( finger->controlURL ) diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb index 339c07cd96..828e351be6 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb @@ -12,7 +12,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=394a0f17b97f33426275571e15920434" PV = "1.8.4+git${SRCPV}" # release-1.8.4 SRCREV = "d5a01fc9895daae98a0c5a8c7d3afce46add529d" -SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https" +SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https \ + file://CVE-2020-13848.patch" S="${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-icmp_ndo_send-functions-were-backported-exten.patch b/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-icmp_ndo_send-functions-were-backported-exten.patch new file mode 100644 index 0000000000..f01cfe4e1c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-icmp_ndo_send-functions-were-backported-exten.patch @@ -0,0 +1,32 @@ +From 122f06bfd8fc7b06a0899fa9adc4ce8e06900d98 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Sun, 7 Mar 2021 08:14:33 -0700 +Subject: [PATCH] compat: icmp_ndo_send functions were backported extensively + +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> + +Upstream-Status: Backport + +Fixes build with 5.4.103 update. +/include/linux/icmpv6.h:56:6: note: previous declaration of 'icmpv6_ndo_send' was here +| 56 | void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info); + +Signed-of-by: Armin Kuster <akuster808@gmail.com> + +--- + src/compat/compat.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: src/compat/compat.h +=================================================================== +--- src.orig/compat/compat.h ++++ src/compat/compat.h +@@ -946,7 +946,7 @@ static inline int skb_ensure_writable(st + } + #endif + +-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 102) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 178) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 223) && LINUX_VERSION_CODE > KERNEL_VERSION(4, 10, 0)) || LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 259) || defined(ISRHEL8) || defined(ISUBUNTU1804) + #if IS_ENABLED(CONFIG_NF_NAT) + #include <linux/ip.h> + #include <linux/icmpv6.h> diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb index e8891c4428..6ed988bafa 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb @@ -3,7 +3,8 @@ require wireguard.inc SRCREV = "43f57dac7b8305024f83addc533c9eede6509129" SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat \ - file://0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch" + file://0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch \ + file://0001-compat-icmp_ndo_send-functions-were-backported-exten.patch " inherit module kernel-module-split diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb index 0f8dc92df3..ce31233264 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb @@ -26,6 +26,19 @@ SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${P SRC_URI[md5sum] = "4e139a8e1133349006b0436291c9e29b" SRC_URI[sha256sum] = "2cef0ee9900504c5277fb81de0a28e6c0835fe482ebecf1067c6864f5c4eda74" +# CVE-2007-0613 is not applicable as it only affects Apple products +# i.e. ichat,mdnsresponder, instant message framework and MacOS. +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code +# affected by CVE-2007-0613 which is not preset in upstream source code. +# Hence, CVE-2007-0613 does not affect other Yocto implementations and +# is not reported for other distros can be marked whitelisted. +# Links: +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 +# https://security-tracker.debian.org/tracker/CVE-2007-0613 +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +CVE_CHECK_WHITELIST += "CVE-2007-0613" + PARALLEL_MAKE = "" S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" diff --git a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch new file mode 100644 index 0000000000..ca181bb4b2 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch @@ -0,0 +1,31 @@ +From f8da73bd042f810f34d19f9eae02b46d870af394 Mon Sep 17 00:00:00 2001 +From: James M Snell <jasnell@gmail.com> +Date: Sun, 19 Apr 2020 09:12:24 -0700 +Subject: [PATCH] Earlier check for settings flood + +CVE: CVE-2020-11080 +Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394.patch] +Comment: No hunk refreshed +Affects-version: < v1.41.0 +Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com> +--- + lib/nghttp2_session.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: nghttp2-1.40.0/lib/nghttp2_session.c +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_session.c ++++ nghttp2-1.40.0/lib/nghttp2_session.c +@@ -5678,6 +5678,12 @@ ssize_t nghttp2_session_mem_recv(nghttp2 + break; + } + ++ /* Check the settings flood counter early to be safe */ ++ if (session->obq_flood_counter_ >= session->max_outbound_ack && ++ !(iframe->frame.hd.flags & NGHTTP2_FLAG_ACK)) { ++ return NGHTTP2_ERR_FLOODED; ++ } ++ + iframe->state = NGHTTP2_IB_READ_SETTINGS; + + if (iframe->payloadleft) { diff --git a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-2.patch b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-2.patch new file mode 100644 index 0000000000..d3c57e9a80 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-2.patch @@ -0,0 +1,308 @@ +From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001 +From: James M Snell <jasnell@gmail.com> +Date: Fri, 17 Apr 2020 16:53:51 -0700 +Subject: [PATCH] Implement max settings option + +CVE: CVE-2020-11080 +Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090.patch] +Comment: No hunks refreshed +Affects-version: < v1.41.0 +Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com> +--- + doc/CMakeLists.txt | 1 + + doc/Makefile.am | 1 + + lib/includes/nghttp2/nghttp2.h | 23 +++++++++++++ + lib/nghttp2_helper.c | 2 ++ + lib/nghttp2_option.c | 5 +++ + lib/nghttp2_option.h | 5 +++ + lib/nghttp2_session.c | 21 ++++++++++++ + lib/nghttp2_session.h | 2 ++ + tests/main.c | 2 ++ + tests/nghttp2_session_test.c | 61 ++++++++++++++++++++++++++++++++++ + tests/nghttp2_session_test.h | 1 + + 11 files changed, 124 insertions(+) + +Index: nghttp2-1.40.0/doc/CMakeLists.txt +=================================================================== +--- nghttp2-1.40.0.orig/doc/CMakeLists.txt ++++ nghttp2-1.40.0/doc/CMakeLists.txt +@@ -42,6 +42,7 @@ set(APIDOCS + nghttp2_option_set_no_recv_client_magic.rst + nghttp2_option_set_peer_max_concurrent_streams.rst + nghttp2_option_set_user_recv_extension_type.rst ++ nghttp2_option_set_max_settings.rst + nghttp2_pack_settings_payload.rst + nghttp2_priority_spec_check_default.rst + nghttp2_priority_spec_default_init.rst +Index: nghttp2-1.40.0/lib/includes/nghttp2/nghttp2.h +=================================================================== +--- nghttp2-1.40.0.orig/lib/includes/nghttp2/nghttp2.h ++++ nghttp2-1.40.0/lib/includes/nghttp2/nghttp2.h +@@ -229,6 +229,13 @@ typedef struct { + #define NGHTTP2_CLIENT_MAGIC_LEN 24 + + /** ++ * @macro ++ * ++ * The default max number of settings per SETTINGS frame ++ */ ++#define NGHTTP2_DEFAULT_MAX_SETTINGS 32 ++ ++/** + * @enum + * + * Error codes used in this library. The code range is [-999, -500], +@@ -399,6 +406,11 @@ typedef enum { + */ + NGHTTP2_ERR_SETTINGS_EXPECTED = -536, + /** ++ * When a local endpoint receives too many settings entries ++ * in a single SETTINGS frame. ++ */ ++ NGHTTP2_ERR_TOO_MANY_SETTINGS = -537, ++ /** + * The errors < :enum:`NGHTTP2_ERR_FATAL` mean that the library is + * under unexpected condition and processing was terminated (e.g., + * out of memory). If application receives this error code, it must +@@ -2661,6 +2673,17 @@ NGHTTP2_EXTERN void nghttp2_option_set_m + + /** + * @function ++ * ++ * This function sets the maximum number of SETTINGS entries per ++ * SETTINGS frame that will be accepted. If more than those entries ++ * are received, the peer is considered to be misbehaving and session ++ * will be closed. The default value is 32. ++ */ ++NGHTTP2_EXTERN void nghttp2_option_set_max_settings(nghttp2_option *option, ++ size_t val); ++ ++/** ++ * @function + * + * Initializes |*session_ptr| for client use. The all members of + * |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr| +Index: nghttp2-1.40.0/lib/nghttp2_helper.c +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_helper.c ++++ nghttp2-1.40.0/lib/nghttp2_helper.c +@@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_c + case NGHTTP2_ERR_FLOODED: + return "Flooding was detected in this HTTP/2 session, and it must be " + "closed"; ++ case NGHTTP2_ERR_TOO_MANY_SETTINGS: ++ return "SETTINGS frame contained more than the maximum allowed entries"; + default: + return "Unknown error code"; + } +Index: nghttp2-1.40.0/lib/nghttp2_option.c +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_option.c ++++ nghttp2-1.40.0/lib/nghttp2_option.c +@@ -121,3 +121,8 @@ void nghttp2_option_set_max_outbound_ack + option->opt_set_mask |= NGHTTP2_OPT_MAX_OUTBOUND_ACK; + option->max_outbound_ack = val; + } ++ ++void nghttp2_option_set_max_settings(nghttp2_option *option, size_t val) { ++ option->opt_set_mask |= NGHTTP2_OPT_MAX_SETTINGS; ++ option->max_settings = val; ++} +Index: nghttp2-1.40.0/lib/nghttp2_option.h +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_option.h ++++ nghttp2-1.40.0/lib/nghttp2_option.h +@@ -67,6 +67,7 @@ typedef enum { + NGHTTP2_OPT_MAX_DEFLATE_DYNAMIC_TABLE_SIZE = 1 << 9, + NGHTTP2_OPT_NO_CLOSED_STREAMS = 1 << 10, + NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11, ++ NGHTTP2_OPT_MAX_SETTINGS = 1 << 12, + } nghttp2_option_flag; + + /** +@@ -86,6 +87,10 @@ struct nghttp2_option { + */ + size_t max_outbound_ack; + /** ++ * NGHTTP2_OPT_MAX_SETTINGS ++ */ ++ size_t max_settings; ++ /** + * Bitwise OR of nghttp2_option_flag to determine that which fields + * are specified. + */ +Index: nghttp2-1.40.0/lib/nghttp2_session.c +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_session.c ++++ nghttp2-1.40.0/lib/nghttp2_session.c +@@ -458,6 +458,7 @@ static int session_new(nghttp2_session * + + (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; + (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; ++ (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; + + if (option) { + if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && +@@ -521,6 +522,11 @@ static int session_new(nghttp2_session * + if (option->opt_set_mask & NGHTTP2_OPT_MAX_OUTBOUND_ACK) { + (*session_ptr)->max_outbound_ack = option->max_outbound_ack; + } ++ ++ if ((option->opt_set_mask & NGHTTP2_OPT_MAX_SETTINGS) && ++ option->max_settings) { ++ (*session_ptr)->max_settings = option->max_settings; ++ } + } + + rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, +@@ -5694,6 +5700,16 @@ ssize_t nghttp2_session_mem_recv(nghttp2 + iframe->max_niv = + iframe->frame.hd.length / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH + 1; + ++ if (iframe->max_niv - 1 > session->max_settings) { ++ rv = nghttp2_session_terminate_session_with_reason( ++ session, NGHTTP2_ENHANCE_YOUR_CALM, ++ "SETTINGS: too many setting entries"); ++ if (nghttp2_is_fatal(rv)) { ++ return rv; ++ } ++ return (ssize_t)inlen; ++ } ++ + iframe->iv = nghttp2_mem_malloc(mem, sizeof(nghttp2_settings_entry) * + iframe->max_niv); + +@@ -7460,6 +7476,11 @@ static int nghttp2_session_upgrade_inter + if (settings_payloadlen % NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH) { + return NGHTTP2_ERR_INVALID_ARGUMENT; + } ++ /* SETTINGS frame contains too many settings */ ++ if (settings_payloadlen / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH ++ > session->max_settings) { ++ return NGHTTP2_ERR_TOO_MANY_SETTINGS; ++ } + rv = nghttp2_frame_unpack_settings_payload2(&iv, &niv, settings_payload, + settings_payloadlen, mem); + if (rv != 0) { +Index: nghttp2-1.40.0/lib/nghttp2_session.h +=================================================================== +--- nghttp2-1.40.0.orig/lib/nghttp2_session.h ++++ nghttp2-1.40.0/lib/nghttp2_session.h +@@ -267,6 +267,8 @@ struct nghttp2_session { + /* The maximum length of header block to send. Calculated by the + same way as nghttp2_hd_deflate_bound() does. */ + size_t max_send_header_block_length; ++ /* The maximum number of settings accepted per SETTINGS frame. */ ++ size_t max_settings; + /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ + uint32_t next_stream_id; + /* The last stream ID this session initiated. For client session, +Index: nghttp2-1.40.0/tests/main.c +=================================================================== +--- nghttp2-1.40.0.orig/tests/main.c ++++ nghttp2-1.40.0/tests/main.c +@@ -315,6 +315,8 @@ int main() { + test_nghttp2_session_set_local_window_size) || + !CU_add_test(pSuite, "session_cancel_from_before_frame_send", + test_nghttp2_session_cancel_from_before_frame_send) || ++ !CU_add_test(pSuite, "session_too_many_settings", ++ test_nghttp2_session_too_many_settings) || + !CU_add_test(pSuite, "session_removed_closed_stream", + test_nghttp2_session_removed_closed_stream) || + !CU_add_test(pSuite, "session_pause_data", +Index: nghttp2-1.40.0/tests/nghttp2_session_test.c +=================================================================== +--- nghttp2-1.40.0.orig/tests/nghttp2_session_test.c ++++ nghttp2-1.40.0/tests/nghttp2_session_test.c +@@ -10558,6 +10558,67 @@ void test_nghttp2_session_cancel_from_be + nghttp2_session_del(session); + } + ++void test_nghttp2_session_too_many_settings(void) { ++ nghttp2_session *session; ++ nghttp2_option *option; ++ nghttp2_session_callbacks callbacks; ++ nghttp2_frame frame; ++ nghttp2_bufs bufs; ++ nghttp2_buf *buf; ++ ssize_t rv; ++ my_user_data ud; ++ nghttp2_settings_entry iv[3]; ++ nghttp2_mem *mem; ++ nghttp2_outbound_item *item; ++ ++ mem = nghttp2_mem_default(); ++ frame_pack_bufs_init(&bufs); ++ ++ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); ++ callbacks.on_frame_recv_callback = on_frame_recv_callback; ++ callbacks.send_callback = null_send_callback; ++ ++ nghttp2_option_new(&option); ++ nghttp2_option_set_max_settings(option, 1); ++ ++ nghttp2_session_client_new2(&session, &callbacks, &ud, option); ++ ++ CU_ASSERT(1 == session->max_settings); ++ ++ nghttp2_option_del(option); ++ ++ iv[0].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE; ++ iv[0].value = 3000; ++ ++ iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; ++ iv[1].value = 16384; ++ ++ nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, dup_iv(iv, 2), ++ 2); ++ ++ rv = nghttp2_frame_pack_settings(&bufs, &frame.settings); ++ ++ CU_ASSERT(0 == rv); ++ CU_ASSERT(nghttp2_bufs_len(&bufs) > 0); ++ ++ nghttp2_frame_settings_free(&frame.settings, mem); ++ ++ buf = &bufs.head->buf; ++ assert(nghttp2_bufs_len(&bufs) == nghttp2_buf_len(buf)); ++ ++ ud.frame_recv_cb_called = 0; ++ ++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); ++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); ++ ++ item = nghttp2_session_get_next_ob_item(session); ++ CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type); ++ ++ nghttp2_bufs_reset(&bufs); ++ nghttp2_bufs_free(&bufs); ++ nghttp2_session_del(session); ++} ++ + static void + prepare_session_removed_closed_stream(nghttp2_session *session, + nghttp2_hd_deflater *deflater) { +Index: nghttp2-1.40.0/tests/nghttp2_session_test.h +=================================================================== +--- nghttp2-1.40.0.orig/tests/nghttp2_session_test.h ++++ nghttp2-1.40.0/tests/nghttp2_session_test.h +@@ -156,6 +156,7 @@ void test_nghttp2_session_repeated_prior + void test_nghttp2_session_repeated_priority_submission(void); + void test_nghttp2_session_set_local_window_size(void); + void test_nghttp2_session_cancel_from_before_frame_send(void); ++void test_nghttp2_session_too_many_settings(void); + void test_nghttp2_session_removed_closed_stream(void); + void test_nghttp2_session_pause_data(void); + void test_nghttp2_session_no_closed_streams(void); +Index: nghttp2-1.40.0/doc/Makefile.am +=================================================================== +--- nghttp2-1.40.0.orig/doc/Makefile.am ++++ nghttp2-1.40.0/doc/Makefile.am +@@ -69,6 +69,7 @@ APIDOCS= \ + nghttp2_option_set_peer_max_concurrent_streams.rst \ + nghttp2_option_set_user_recv_extension_type.rst \ + nghttp2_option_set_max_outbound_ack.rst \ ++ nghttp2_option_set_max_settings.rst \ + nghttp2_pack_settings_payload.rst \ + nghttp2_priority_spec_check_default.rst \ + nghttp2_priority_spec_default_init.rst \ diff --git a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.40.0.bb b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.40.0.bb index 9ed8c56420..b497058ca6 100644 --- a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.40.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.40.0.bb @@ -10,6 +10,8 @@ UPSTREAM_CHECK_URI = "https://github.com/nghttp2/nghttp2/releases" SRC_URI = "\ https://github.com/nghttp2/nghttp2/releases/download/v${PV}/nghttp2-${PV}.tar.xz \ file://0001-fetch-ocsp-response-use-python3.patch \ + file://CVE-2020-11080-1.patch \ + file://CVE-2020-11080-2.patch \ " SRC_URI[md5sum] = "8d1a6b96760254e4dd142d7176e8fb7c" SRC_URI[sha256sum] = "09fc43d428ff237138733c737b29fb1a7e49d49de06d2edbed3bc4cdcee69073" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch new file mode 100644 index 0000000000..9214615d12 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch @@ -0,0 +1,854 @@ +From 018edec9b2bd3db20605117c32ff79c1e625c432 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Wed, 11 Sep 2019 12:34:28 +0300 +Subject: [PATCH] Remove IAPP functionality from hostapd + +IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been +maintained nor is there any expectation of the withdrawn trial-use +recommended practice to be maintained in the future. Furthermore, +implementation of IAPP in hostapd was not complete, i.e., only parts of +the recommended practice were included. The main item of some real use +long time ago was the Layer 2 Update frame to update bridges when a STA +roams within an ESS, but that functionality has, in practice, been moved +to kernel drivers to provide better integration with the networking +stack. + +CVE: CVE-2019-5061 + +Upstream-Status: Backport + +Signed-off-by: Jouni Malinen <j@w1.fi> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + hostapd/Android.mk | 5 - + hostapd/Makefile | 5 - + hostapd/android.config | 3 - + hostapd/config_file.c | 3 +- + hostapd/defconfig | 3 - + hostapd/hostapd.conf | 6 - + hostapd/main.c | 3 - + src/ap/Makefile | 2 - + src/ap/ap_config.h | 4 - + src/ap/hostapd.c | 14 - + src/ap/hostapd.h | 2 - + src/ap/iapp.c | 542 ---------------------- + src/ap/iapp.h | 39 -- + src/utils/wpa_debug.h | 1 - + 14 files changed, 1 insertion(+), 633 deletions(-) + delete mode 100644 src/ap/iapp.c + delete mode 100644 src/ap/iapp.h + +diff --git a/hostapd/Android.mk b/hostapd/Android.mk +index 3183323ef..a87ac8144 100644 +--- a/hostapd/Android.mk ++++ b/hostapd/Android.mk +@@ -205,11 +205,6 @@ endif + + L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX + +-ifdef CONFIG_IAPP +-L_CFLAGS += -DCONFIG_IAPP +-OBJS += src/ap/iapp.c +-endif +- + ifdef CONFIG_RSN_PREAUTH + L_CFLAGS += -DCONFIG_RSN_PREAUTH + CONFIG_L2_PACKET=y +diff --git a/hostapd/Makefile b/hostapd/Makefile +index f7f4c785b..42bb9e4c8 100644 +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -248,11 +248,6 @@ ifndef CONFIG_NO_CTRL_IFACE + CFLAGS += -DCONFIG_CTRL_IFACE + endif + +-ifdef CONFIG_IAPP +-CFLAGS += -DCONFIG_IAPP +-OBJS += ../src/ap/iapp.o +-endif +- + ifdef CONFIG_RSN_PREAUTH + CFLAGS += -DCONFIG_RSN_PREAUTH + CONFIG_L2_PACKET=y +diff --git a/hostapd/android.config b/hostapd/android.config +index efe252332..e2e6c7821 100644 +--- a/hostapd/android.config ++++ b/hostapd/android.config +@@ -38,9 +38,6 @@ CONFIG_DRIVER_NL80211_QCA=y + # Driver interface for no driver (e.g., RADIUS server only) + #CONFIG_DRIVER_NONE=y + +-# IEEE 802.11F/IAPP +-#CONFIG_IAPP=y +- + # WPA2/IEEE 802.11i RSN pre-authentication + #CONFIG_RSN_PREAUTH=y + +diff --git a/hostapd/config_file.c b/hostapd/config_file.c +index 680f17ee0..0d340d252 100644 +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -2712,8 +2712,7 @@ static int hostapd_config_fill(struct hostapd_config *conf, + bss->eapol_key_index_workaround = atoi(pos); + #ifdef CONFIG_IAPP + } else if (os_strcmp(buf, "iapp_interface") == 0) { +- bss->ieee802_11f = 1; +- os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface)); ++ wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used"); + #endif /* CONFIG_IAPP */ + } else if (os_strcmp(buf, "own_ip_addr") == 0) { + if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) { +diff --git a/hostapd/defconfig b/hostapd/defconfig +index b1fb56c3b..1a3d9f9ba 100644 +--- a/hostapd/defconfig ++++ b/hostapd/defconfig +@@ -44,9 +44,6 @@ CONFIG_LIBNL32=y + # Driver interface for no driver (e.g., RADIUS server only) + #CONFIG_DRIVER_NONE=y + +-# IEEE 802.11F/IAPP +-CONFIG_IAPP=y +- + # WPA2/IEEE 802.11i RSN pre-authentication + CONFIG_RSN_PREAUTH=y + +diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf +index 6c96a760a..a3c698480 100644 +--- a/hostapd/hostapd.conf ++++ b/hostapd/hostapd.conf +@@ -41,7 +41,6 @@ interface=wlan0 + # bit 2 (4) = RADIUS + # bit 3 (8) = WPA + # bit 4 (16) = driver interface +-# bit 5 (32) = IAPP + # bit 6 (64) = MLME + # + # Levels (minimum value for logged events): +@@ -1243,11 +1242,6 @@ eap_server=0 + # Whether to enable ERP on the EAP server. + #eap_server_erp=1 + +-##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### +- +-# Interface to be used for IAPP broadcast packets +-#iapp_interface=eth0 +- + + ##### RADIUS client configuration ############################################# + # for IEEE 802.1X with external Authentication Server, IEEE 802.11 +diff --git a/hostapd/main.c b/hostapd/main.c +index 08896ffe2..8bfe24281 100644 +--- a/hostapd/main.c ++++ b/hostapd/main.c +@@ -81,9 +81,6 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, + case HOSTAPD_MODULE_DRIVER: + module_str = "DRIVER"; + break; +- case HOSTAPD_MODULE_IAPP: +- module_str = "IAPP"; +- break; + case HOSTAPD_MODULE_MLME: + module_str = "MLME"; + break; +diff --git a/src/ap/Makefile b/src/ap/Makefile +index bd3f33b77..54e48a0dd 100644 +--- a/src/ap/Makefile ++++ b/src/ap/Makefile +@@ -18,7 +18,6 @@ CFLAGS += -DCONFIG_IEEE80211R_AP + CFLAGS += -DCONFIG_WPS + CFLAGS += -DCONFIG_PROXYARP + CFLAGS += -DCONFIG_IPV6 +-CFLAGS += -DCONFIG_IAPP + CFLAGS += -DCONFIG_AIRTIME_POLICY + + LIB_OBJS= \ +@@ -41,7 +40,6 @@ LIB_OBJS= \ + hostapd.o \ + hs20.o \ + hw_features.o \ +- iapp.o \ + ieee802_11_auth.o \ + ieee802_11.o \ + ieee802_11_ht.o \ +diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h +index e219160b0..17eb0682b 100644 +--- a/src/ap/ap_config.h ++++ b/src/ap/ap_config.h +@@ -325,10 +325,6 @@ struct hostapd_bss_config { + int erp_send_reauth_start; + char *erp_domain; + +- int ieee802_11f; /* use IEEE 802.11f (IAPP) */ +- char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast +- * frames */ +- + enum macaddr_acl { + ACCEPT_UNLESS_DENIED = 0, + DENY_UNLESS_ACCEPTED = 1, +diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c +index ef988b634..bf7b1f89e 100644 +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -28,7 +28,6 @@ + #include "accounting.h" + #include "ap_list.h" + #include "beacon.h" +-#include "iapp.h" + #include "ieee802_1x.h" + #include "ieee802_11_auth.h" + #include "vlan_init.h" +@@ -361,8 +360,6 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd) + hapd->beacon_set_done = 0; + + wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); +- iapp_deinit(hapd->iapp); +- hapd->iapp = NULL; + accounting_deinit(hapd); + hostapd_deinit_wpa(hapd); + vlan_deinit(hapd); +@@ -1296,13 +1293,6 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first) + return -1; + } + +- if (conf->ieee802_11f && +- (hapd->iapp = iapp_init(hapd, conf->iapp_iface)) == NULL) { +- wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization " +- "failed."); +- return -1; +- } +- + #ifdef CONFIG_INTERWORKING + if (gas_serv_init(hapd)) { + wpa_printf(MSG_ERROR, "GAS server initialization failed"); +@@ -3056,10 +3046,6 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + hostapd_prune_associations(hapd, sta->addr); + ap_sta_clear_disconnect_timeouts(hapd, sta); + +- /* IEEE 802.11F (IAPP) */ +- if (hapd->conf->ieee802_11f) +- iapp_new_station(hapd->iapp, sta); +- + #ifdef CONFIG_P2P + if (sta->p2p_ie == NULL && !sta->no_p2p_set) { + sta->no_p2p_set = 1; +diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h +index 5b859b8a9..2358d1664 100644 +--- a/src/ap/hostapd.h ++++ b/src/ap/hostapd.h +@@ -179,8 +179,6 @@ struct hostapd_data { + u64 acct_session_id; + struct radius_das_data *radius_das; + +- struct iapp_data *iapp; +- + struct hostapd_cached_radius_acl *acl_cache; + struct hostapd_acl_query_data *acl_queries; + +diff --git a/src/ap/iapp.c b/src/ap/iapp.c +deleted file mode 100644 +index 2556da30c..000000000 +--- a/src/ap/iapp.c ++++ /dev/null +@@ -1,542 +0,0 @@ +-/* +- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) +- * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> +- * +- * This software may be distributed under the terms of the BSD license. +- * See README for more details. +- * +- * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired +- * and IEEE has withdrawn it. In other words, it is likely better to look at +- * using some other mechanism for AP-to-AP communication than extending the +- * implementation here. +- */ +- +-/* TODO: +- * Level 1: no administrative or security support +- * (e.g., static BSSID to IP address mapping in each AP) +- * Level 2: support for dynamic mapping of BSSID to IP address +- * Level 3: support for encryption and authentication of IAPP messages +- * - add support for MOVE-notify and MOVE-response (this requires support for +- * finding out IP address for previous AP using RADIUS) +- * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during +- * reassociation to another AP +- * - implement counters etc. for IAPP MIB +- * - verify endianness of fields in IAPP messages; are they big-endian as +- * used here? +- * - RADIUS connection for AP registration and BSSID to IP address mapping +- * - TCP connection for IAPP MOVE, CACHE +- * - broadcast ESP for IAPP ADD-notify +- * - ESP for IAPP MOVE messages +- * - security block sending/processing +- * - IEEE 802.11 context transfer +- */ +- +-#include "utils/includes.h" +-#include <net/if.h> +-#include <sys/ioctl.h> +-#include <netpacket/packet.h> +- +-#include "utils/common.h" +-#include "utils/eloop.h" +-#include "common/ieee802_11_defs.h" +-#include "hostapd.h" +-#include "ap_config.h" +-#include "ieee802_11.h" +-#include "sta_info.h" +-#include "iapp.h" +- +- +-#define IAPP_MULTICAST "224.0.1.178" +-#define IAPP_UDP_PORT 3517 +-#define IAPP_TCP_PORT 3517 +- +-struct iapp_hdr { +- u8 version; +- u8 command; +- be16 identifier; +- be16 length; +- /* followed by length-6 octets of data */ +-} __attribute__ ((packed)); +- +-#define IAPP_VERSION 0 +- +-enum IAPP_COMMAND { +- IAPP_CMD_ADD_notify = 0, +- IAPP_CMD_MOVE_notify = 1, +- IAPP_CMD_MOVE_response = 2, +- IAPP_CMD_Send_Security_Block = 3, +- IAPP_CMD_ACK_Security_Block = 4, +- IAPP_CMD_CACHE_notify = 5, +- IAPP_CMD_CACHE_response = 6, +-}; +- +- +-/* ADD-notify - multicast UDP on the local LAN */ +-struct iapp_add_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- be16 seq_num; +-} __attribute__ ((packed)); +- +- +-/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ +-struct iapp_layer2_update { +- u8 da[ETH_ALEN]; /* broadcast */ +- u8 sa[ETH_ALEN]; /* STA addr */ +- be16 len; /* 6 */ +- u8 dsap; /* null DSAP address */ +- u8 ssap; /* null SSAP address, CR=Response */ +- u8 control; +- u8 xid_info[3]; +-} __attribute__ ((packed)); +- +- +-/* MOVE-notify - unicast TCP */ +-struct iapp_move_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u16 ctx_block_len; +- /* followed by ctx_block_len bytes */ +-} __attribute__ ((packed)); +- +- +-/* MOVE-response - unicast TCP */ +-struct iapp_move_response { +- u8 addr_len; /* ETH_ALEN */ +- u8 status; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u16 ctx_block_len; +- /* followed by ctx_block_len bytes */ +-} __attribute__ ((packed)); +- +-enum { +- IAPP_MOVE_SUCCESSFUL = 0, +- IAPP_MOVE_DENIED = 1, +- IAPP_MOVE_STALE_MOVE = 2, +-}; +- +- +-/* CACHE-notify */ +-struct iapp_cache_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u8 current_ap[ETH_ALEN]; +- u16 ctx_block_len; +- /* ctx_block_len bytes of context block followed by 16-bit context +- * timeout */ +-} __attribute__ ((packed)); +- +- +-/* CACHE-response - unicast TCP */ +-struct iapp_cache_response { +- u8 addr_len; /* ETH_ALEN */ +- u8 status; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +-} __attribute__ ((packed)); +- +-enum { +- IAPP_CACHE_SUCCESSFUL = 0, +- IAPP_CACHE_STALE_CACHE = 1, +-}; +- +- +-/* Send-Security-Block - unicast TCP */ +-struct iapp_send_security_block { +- u8 iv[8]; +- u16 sec_block_len; +- /* followed by sec_block_len bytes of security block */ +-} __attribute__ ((packed)); +- +- +-/* ACK-Security-Block - unicast TCP */ +-struct iapp_ack_security_block { +- u8 iv[8]; +- u8 new_ap_ack_authenticator[48]; +-} __attribute__ ((packed)); +- +- +-struct iapp_data { +- struct hostapd_data *hapd; +- u16 identifier; /* next IAPP identifier */ +- struct in_addr own, multicast; +- int udp_sock; +- int packet_sock; +-}; +- +- +-static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) +-{ +- char buf[128]; +- struct iapp_hdr *hdr; +- struct iapp_add_notify *add; +- struct sockaddr_in addr; +- +- /* Send IAPP ADD-notify to remove possible association from other APs +- */ +- +- hdr = (struct iapp_hdr *) buf; +- hdr->version = IAPP_VERSION; +- hdr->command = IAPP_CMD_ADD_notify; +- hdr->identifier = host_to_be16(iapp->identifier++); +- hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); +- +- add = (struct iapp_add_notify *) (hdr + 1); +- add->addr_len = ETH_ALEN; +- add->reserved = 0; +- os_memcpy(add->mac_addr, mac_addr, ETH_ALEN); +- +- add->seq_num = host_to_be16(seq_num); +- +- os_memset(&addr, 0, sizeof(addr)); +- addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = iapp->multicast.s_addr; +- addr.sin_port = htons(IAPP_UDP_PORT); +- if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, +- (struct sockaddr *) &addr, sizeof(addr)) < 0) +- wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno)); +-} +- +- +-static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) +-{ +- struct iapp_layer2_update msg; +- +- /* Send Level 2 Update Frame to update forwarding tables in layer 2 +- * bridge devices */ +- +- /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) +- * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ +- +- os_memset(msg.da, 0xff, ETH_ALEN); +- os_memcpy(msg.sa, addr, ETH_ALEN); +- msg.len = host_to_be16(6); +- msg.dsap = 0; /* NULL DSAP address */ +- msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ +- msg.control = 0xaf; /* XID response lsb.1111F101. +- * F=0 (no poll command; unsolicited frame) */ +- msg.xid_info[0] = 0x81; /* XID format identifier */ +- msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ +- msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) +- * FIX: what is correct RW with 802.11? */ +- +- if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) +- wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno)); +-} +- +- +-/** +- * iapp_new_station - IAPP processing for a new STA +- * @iapp: IAPP data +- * @sta: The associated station +- */ +-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) +-{ +- u16 seq = 0; /* TODO */ +- +- if (iapp == NULL) +- return; +- +- /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ +- hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); +- iapp_send_layer2_update(iapp, sta->addr); +- iapp_send_add(iapp, sta->addr, seq); +- +- /* TODO: If this was reassociation: +- * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, +- * Context Block, Timeout) +- * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to +- * IP address */ +-} +- +- +-static void iapp_process_add_notify(struct iapp_data *iapp, +- struct sockaddr_in *from, +- struct iapp_hdr *hdr, int len) +-{ +- struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); +- struct sta_info *sta; +- +- if (len != sizeof(*add)) { +- wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)", +- len, (unsigned long) sizeof(*add)); +- return; +- } +- +- sta = ap_get_sta(iapp->hapd, add->mac_addr); +- +- /* IAPP-ADD.indication(MAC Address, Sequence Number) */ +- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_INFO, +- "Received IAPP ADD-notify (seq# %d) from %s:%d%s", +- be_to_host16(add->seq_num), +- inet_ntoa(from->sin_addr), ntohs(from->sin_port), +- sta ? "" : " (STA not found)"); +- +- if (!sta) +- return; +- +- /* TODO: could use seq_num to try to determine whether last association +- * to this AP is newer than the one advertised in IAPP-ADD. Although, +- * this is not really a reliable verification. */ +- +- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "Removing STA due to IAPP ADD-notify"); +- ap_sta_disconnect(iapp->hapd, sta, NULL, 0); +-} +- +- +-/** +- * iapp_receive_udp - Process IAPP UDP frames +- * @sock: File descriptor for the socket +- * @eloop_ctx: IAPP data (struct iapp_data *) +- * @sock_ctx: Not used +- */ +-static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) +-{ +- struct iapp_data *iapp = eloop_ctx; +- int len, hlen; +- unsigned char buf[128]; +- struct sockaddr_in from; +- socklen_t fromlen; +- struct iapp_hdr *hdr; +- +- /* Handle incoming IAPP frames (over UDP/IP) */ +- +- fromlen = sizeof(from); +- len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, +- (struct sockaddr *) &from, &fromlen); +- if (len < 0) { +- wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s", +- strerror(errno)); +- return; +- } +- +- if (from.sin_addr.s_addr == iapp->own.s_addr) +- return; /* ignore own IAPP messages */ +- +- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "Received %d byte IAPP frame from %s%s\n", +- len, inet_ntoa(from.sin_addr), +- len < (int) sizeof(*hdr) ? " (too short)" : ""); +- +- if (len < (int) sizeof(*hdr)) +- return; +- +- hdr = (struct iapp_hdr *) buf; +- hlen = be_to_host16(hdr->length); +- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "RX: version=%d command=%d id=%d len=%d\n", +- hdr->version, hdr->command, +- be_to_host16(hdr->identifier), hlen); +- if (hdr->version != IAPP_VERSION) { +- wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d", +- hdr->version); +- return; +- } +- if (hlen > len) { +- wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)", +- hlen, len); +- return; +- } +- if (hlen < len) { +- wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame", +- len - hlen); +- len = hlen; +- } +- +- switch (hdr->command) { +- case IAPP_CMD_ADD_notify: +- iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr)); +- break; +- case IAPP_CMD_MOVE_notify: +- /* TODO: MOVE is using TCP; so move this to TCP handler once it +- * is implemented.. */ +- /* IAPP-MOVE.indication(MAC Address, New BSSID, +- * Sequence Number, AP Address, Context Block) */ +- /* TODO: process */ +- break; +- default: +- wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command); +- break; +- } +-} +- +- +-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) +-{ +- struct ifreq ifr; +- struct sockaddr_ll addr; +- int ifindex; +- struct sockaddr_in *paddr, uaddr; +- struct iapp_data *iapp; +- struct ip_mreqn mreq; +- int reuseaddr = 1; +- +- iapp = os_zalloc(sizeof(*iapp)); +- if (iapp == NULL) +- return NULL; +- iapp->hapd = hapd; +- iapp->udp_sock = iapp->packet_sock = -1; +- +- /* TODO: +- * open socket for sending and receiving IAPP frames over TCP +- */ +- +- iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); +- if (iapp->udp_sock < 0) { +- wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&ifr, 0, sizeof(ifr)); +- os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); +- if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- ifindex = ifr.ifr_ifindex; +- +- if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- paddr = (struct sockaddr_in *) &ifr.ifr_addr; +- if (paddr->sin_family != AF_INET) { +- wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)", +- paddr->sin_family); +- iapp_deinit(iapp); +- return NULL; +- } +- iapp->own.s_addr = paddr->sin_addr.s_addr; +- +- if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- paddr = (struct sockaddr_in *) &ifr.ifr_addr; +- if (paddr->sin_family != AF_INET) { +- wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)", +- paddr->sin_family); +- iapp_deinit(iapp); +- return NULL; +- } +- inet_aton(IAPP_MULTICAST, &iapp->multicast); +- +- os_memset(&uaddr, 0, sizeof(uaddr)); +- uaddr.sin_family = AF_INET; +- uaddr.sin_port = htons(IAPP_UDP_PORT); +- +- if (setsockopt(iapp->udp_sock, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, +- sizeof(reuseaddr)) < 0) { +- wpa_printf(MSG_INFO, +- "iapp_init - setsockopt[UDP,SO_REUSEADDR]: %s", +- strerror(errno)); +- /* +- * Ignore this and try to continue. This is fine for single +- * BSS cases, but may fail if multiple BSSes enable IAPP. +- */ +- } +- +- if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, +- sizeof(uaddr)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&mreq, 0, sizeof(mreq)); +- mreq.imr_multiaddr = iapp->multicast; +- mreq.imr_address.s_addr = INADDR_ANY; +- mreq.imr_ifindex = 0; +- if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, +- sizeof(mreq)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); +- if (iapp->packet_sock < 0) { +- wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&addr, 0, sizeof(addr)); +- addr.sll_family = AF_PACKET; +- addr.sll_ifindex = ifindex; +- if (bind(iapp->packet_sock, (struct sockaddr *) &addr, +- sizeof(addr)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, +- iapp, NULL)) { +- wpa_printf(MSG_INFO, "Could not register read socket for IAPP"); +- iapp_deinit(iapp); +- return NULL; +- } +- +- wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface); +- +- /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive +- * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually +- * be openned only after receiving Initiate-Accept. If Initiate-Reject +- * is received, IAPP is not started. */ +- +- return iapp; +-} +- +- +-void iapp_deinit(struct iapp_data *iapp) +-{ +- struct ip_mreqn mreq; +- +- if (iapp == NULL) +- return; +- +- if (iapp->udp_sock >= 0) { +- os_memset(&mreq, 0, sizeof(mreq)); +- mreq.imr_multiaddr = iapp->multicast; +- mreq.imr_address.s_addr = INADDR_ANY; +- mreq.imr_ifindex = 0; +- if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, +- &mreq, sizeof(mreq)) < 0) { +- wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s", +- strerror(errno)); +- } +- +- eloop_unregister_read_sock(iapp->udp_sock); +- close(iapp->udp_sock); +- } +- if (iapp->packet_sock >= 0) { +- eloop_unregister_read_sock(iapp->packet_sock); +- close(iapp->packet_sock); +- } +- os_free(iapp); +-} +diff --git a/src/ap/iapp.h b/src/ap/iapp.h +deleted file mode 100644 +index c22118342..000000000 +--- a/src/ap/iapp.h ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) +- * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> +- * +- * This software may be distributed under the terms of the BSD license. +- * See README for more details. +- */ +- +-#ifndef IAPP_H +-#define IAPP_H +- +-struct iapp_data; +- +-#ifdef CONFIG_IAPP +- +-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta); +-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface); +-void iapp_deinit(struct iapp_data *iapp); +- +-#else /* CONFIG_IAPP */ +- +-static inline void iapp_new_station(struct iapp_data *iapp, +- struct sta_info *sta) +-{ +-} +- +-static inline struct iapp_data * iapp_init(struct hostapd_data *hapd, +- const char *iface) +-{ +- return NULL; +-} +- +-static inline void iapp_deinit(struct iapp_data *iapp) +-{ +-} +- +-#endif /* CONFIG_IAPP */ +- +-#endif /* IAPP_H */ +diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h +index 1fe0b7db7..c94c4391f 100644 +--- a/src/utils/wpa_debug.h ++++ b/src/utils/wpa_debug.h +@@ -305,7 +305,6 @@ void hostapd_logger_register_cb(hostapd_logger_cb_func func); + #define HOSTAPD_MODULE_RADIUS 0x00000004 + #define HOSTAPD_MODULE_WPA 0x00000008 + #define HOSTAPD_MODULE_DRIVER 0x00000010 +-#define HOSTAPD_MODULE_IAPP 0x00000020 + #define HOSTAPD_MODULE_MLME 0x00000040 + + enum hostapd_logger_level { +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch new file mode 100644 index 0000000000..54c405b539 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch @@ -0,0 +1,43 @@ +From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Mon, 9 Nov 2020 11:43:12 +0200 +Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group + client + +Parsing and copying of WPS secondary device types list was verifying +that the contents is not too long for the internal maximum in the case +of WPS messages, but similar validation was missing from the case of P2P +group information which encodes this information in a different +attribute. This could result in writing beyond the memory area assigned +for these entries and corrupting memory within an instance of struct +p2p_device. This could result in invalid operations and unexpected +behavior when trying to free pointers from that corrupted memory. + +CVE: CVE-2021-0326 + +Upstream-Status: Backport + +Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 +Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/p2p/p2p.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index 74b7b52ae..5cbfc217f 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, + dev->info.config_methods = cli->config_methods; + os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); + dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; ++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) ++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; + os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, + dev->info.wps_sec_dev_type_list_len); + } +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch new file mode 100644 index 0000000000..fedff76b18 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch @@ -0,0 +1,54 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +CVE: CVE-2021-27803 + +Upstream-Status: Backport + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec03f..05fd59349 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch new file mode 100644 index 0000000000..e2540fc26b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch @@ -0,0 +1,123 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +CVE: CVE-2021-30004 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index 141ac50..e09db07 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index 1bd5aa0..bf2289f 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb index 68dc123702..e586018685 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb @@ -12,6 +12,10 @@ SRC_URI = " \ file://init \ file://hostapd.service \ file://CVE-2019-16275.patch \ + file://CVE-2019-5061.patch \ + file://CVE-2021-0326.patch \ + file://CVE-2021-27803.patch \ + file://CVE-2021-30004.patch \ " SRC_URI[md5sum] = "f188fc53a495fe7af3b6d77d3c31dee8" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/Use-cross-cpp-in-incdefs.patch b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/Use-cross-cpp-in-incdefs.patch new file mode 100644 index 0000000000..876088649e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/Use-cross-cpp-in-incdefs.patch @@ -0,0 +1,26 @@ +From 8a4cad5e2f2cbb6a34bdc6e877fe499502b8c4c8 Mon Sep 17 00:00:00 2001 +From: Marcel Ziswiler <marcel.ziswiler@toradex.com> +Date: Fri, 23 Dec 2016 18:12:29 +0100 +Subject: [PATCH] linuxptp: Use cross cpp in incdefs + +Use cross cpp incdefs.sh shell script since we are doing cross compiling +we need to ensure we use correct setttings from toolchain + +Upstream-Status: Inappropriate [OE-Specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + + makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/incdefs.sh ++++ b/incdefs.sh +@@ -27,7 +27,7 @@ user_flags() + printf " -D_GNU_SOURCE" + + # Get list of directories searched for header files. +- dirs=$(echo "" | ${CROSS_COMPILE}cpp -Wp,-v 2>&1 >/dev/null | grep ^" /") ++ dirs=$(${CPP} -Wp,-v -xc /dev/null 2>&1 >/dev/null | grep ^" /") + + # Look for clock_adjtime(). + for d in $dirs; do diff --git a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/no-incdefs-using-host-headers.patch b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/no-incdefs-using-host-headers.patch deleted file mode 100644 index 02dbb23465..0000000000 --- a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp/no-incdefs-using-host-headers.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8a4cad5e2f2cbb6a34bdc6e877fe499502b8c4c8 Mon Sep 17 00:00:00 2001 -From: Marcel Ziswiler <marcel.ziswiler@toradex.com> -Date: Fri, 23 Dec 2016 18:12:29 +0100 -Subject: [PATCH] linuxptp: no incdefs using host headers - -Avoid using host headers via incdefs.sh shell script. - -Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com> ---- - - makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/makefile b/makefile -index 8cdbd15..85174b8 100644 ---- a/makefile -+++ b/makefile -@@ -33,7 +33,7 @@ OBJECTS = $(OBJ) hwstamp_ctl.o phc2sys.o phc_ctl.o pmc.o pmc_common.o \ - SRC = $(OBJECTS:.o=.c) - DEPEND = $(OBJECTS:.o=.d) - srcdir := $(dir $(lastword $(MAKEFILE_LIST))) --incdefs := $(shell $(srcdir)/incdefs.sh) -+#incdefs := $(shell $(srcdir)/incdefs.sh) - version := $(shell $(srcdir)/version.sh $(srcdir)) - VPATH = $(srcdir) - --- -2.9.3 - diff --git a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb index 930c6673dc..c989767790 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb @@ -4,15 +4,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v${PV}/linuxptp-${PV}.tgz \ file://build-Allow-CC-and-prefix-to-be-overriden.patch \ - file://no-incdefs-using-host-headers.patch \ + file://Use-cross-cpp-in-incdefs.patch \ file://time_t_maybe_long_long.patch \ " SRC_URI[md5sum] = "d8bb7374943bb747db7786ac26f17f11" SRC_URI[sha256sum] = "0a24d9401e87d4af023d201e234d91127d82c350daad93432106284aa9459c7d" -EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} \ - EXTRA_CFLAGS='-D_GNU_SOURCE -DHAVE_CLOCK_ADJTIME -DHAVE_POSIX_SPAWN -DHAVE_ONESTEP_SYNC ${CFLAGS}'" +EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} EXTRA_CFLAGS='${CFLAGS}'" + +export KBUILD_OUTPUT="${RECIPE_SYSROOT}" do_install () { install -d ${D}/${bindir} diff --git a/meta-openembedded/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb b/meta-openembedded/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb index 2b05c61a0d..4d4e841f62 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb @@ -12,7 +12,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e413d83db6ee8f2c8e6055719096a48e" inherit autotools pkgconfig gettext gobject-introspection vala -EXTRA_OECONF = "--enable-vala-bindings" +# Respect GI_DATA_ENABLED value when enabling vala-bindings: +# configure: error: GObject-Introspection must be enabled for Vala bindings +EXTRA_OECONF = "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '--enable-vala-bindings', '--disable-vala-bindings', d)}" FILES_${PN} += "${datadir}/telepathy \ ${datadir}/dbus-1" diff --git a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb index 8358e933d7..505d4efc1a 100644 --- a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb +++ b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb @@ -8,17 +8,21 @@ PACKAGES = ' \ packagegroup-meta-oe \ packagegroup-meta-oe-benchmarks \ packagegroup-meta-oe-connectivity \ + packagegroup-meta-oe-connectivity-python2 \ packagegroup-meta-oe-core \ packagegroup-meta-oe-crypto \ packagegroup-meta-oe-bsp \ packagegroup-meta-oe-dbs \ + packagegroup-meta-oe-dbs-python2 \ packagegroup-meta-oe-devtools \ packagegroup-meta-oe-extended \ + packagegroup-meta-oe-extended-python2 \ packagegroup-meta-oe-kernel \ packagegroup-meta-oe-multimedia \ packagegroup-meta-oe-navigation \ packagegroup-meta-oe-security \ packagegroup-meta-oe-support \ + packagegroup-meta-oe-support-python2 \ packagegroup-meta-oe-test \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-gnome", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-graphics", "", d)} \ @@ -28,17 +32,21 @@ PACKAGES = ' \ RDEPENDS_packagegroup-meta-oe = "\ packagegroup-meta-oe-benchmarks \ packagegroup-meta-oe-connectivity \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-connectivity-python2", "", d)} \ packagegroup-meta-oe-core \ packagegroup-meta-oe-crypto \ packagegroup-meta-oe-bsp \ packagegroup-meta-oe-dbs \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-dbs-python2", "", d)} \ packagegroup-meta-oe-devtools \ packagegroup-meta-oe-extended \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-extended-python2", "", d)} \ packagegroup-meta-oe-kernel \ packagegroup-meta-oe-multimedia \ packagegroup-meta-oe-navigation \ packagegroup-meta-oe-security \ packagegroup-meta-oe-support \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-support-python2", "", d)} \ packagegroup-meta-oe-test \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-gnome", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-graphics", "", d)} \ @@ -70,10 +78,13 @@ RDEPENDS_packagegroup-meta-oe-connectivity ="\ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "obex-data-server", "", d)} \ libmikmod \ obexftp openobex libnet \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "telepathy-idle", "", d)} \ " RDEPENDS_packagegroup-meta-oe-connectivity_append_libc-glibc = " wvstreams wvdial" +RDEPENDS_packagegroup-meta-oe-connectivity-python2 = "\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "telepathy-idle", "", d)} \ +" + # dracut needs dracut RDEPENDS_packagegroup-meta-oe-core ="\ dbus-daemon-proxy libdbus-c++ \ @@ -103,24 +114,26 @@ RDEPENDS_packagegroup-meta-oe-dbs ="\ leveldb libdbi mariadb mariadb-native \ postgresql psqlodbc rocksdb soci \ sqlite \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "mysql-python", "", d)} \ " +RDEPENDS_packagegroup-meta-oe-dbs-python2 ="\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "mysql-python", "", d)} \ +" + RDEPENDS_packagegroup-meta-oe-devtools ="\ android-tools android-tools-conf bootchart breakpad \ capnproto cgdb cscope ctags \ debootstrap dmalloc flatbuffers \ - giflib grpc icon-slicer iptraf-ng jq jsoncpp jsonrpc json-spirit \ + giflib grpc guider icon-slicer iptraf-ng jq jsoncpp jsonrpc json-spirit \ kconfig-frontends lemon libedit libgee libsombok3 \ libubox log4cplus lshw ltrace lua mcpp memstat mercurial \ - mpich msgpack-c nlohmann-json openocd pax-utils \ + mpich msgpack-c nlohmann-json nodejs openocd pax-utils \ ipc-run libdbd-mysql-perl libdbi-perl libio-pty-perl php \ protobuf protobuf-c \ rapidjson serialcheck sip3 tclap uftrace uw-imap valijson \ xmlrpc-c yajl yasm \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "geany geany-plugins glade tk", "", d)} \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "nodejs", "", d)} \ - " +" RDEPENDS_packagegroup-meta-oe-devtools_remove_armv5 = "uftrace nodejs" RDEPENDS_packagegroup-meta-oe-devtools_remove_mipsarch = "uftrace lshw" @@ -155,8 +168,7 @@ RDEPENDS_packagegroup-meta-oe-extended ="\ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "pam-ssh-agent-auth openwsman sblim-sfcb ", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "polkit", "polkit polkit-group-rule-datetime ", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "polkit", "polkit-group-rule-network ", "", d)} \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "openlmi-tools", "", d)} \ - " +" RDEPENDS_packagegroup-meta-oe-extended_remove_mipsarch = "upm mraa tiptop" RDEPENDS_packagegroup-meta-oe-extended_remove_powerpc = "upm mraa" RDEPENDS_packagegroup-meta-oe-extended_remove_powerpc64 = "upm mraa" @@ -164,6 +176,10 @@ RDEPENDS_packagegroup-meta-oe-extended_remove_powerpc64le = "upm mraa" RDEPENDS_packagegroup-meta-oe-extended_remove_riscv64 = "upm mraa tiptop" RDEPENDS_packagegroup-meta-oe-extended_remove_riscv32 = "upm mraa tiptop" +RDEPENDS_packagegroup-meta-oe-extended-python2 ="\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "openlmi-tools", "", d)} \ +" + RDEPENDS_packagegroup-meta-oe-gnome ="\ atkmm gnome-common gnome-doc-utils-stub gtkmm \ gtkmm3 pyxdg vte9 \ @@ -270,8 +286,11 @@ RDEPENDS_packagegroup-meta-oe-support ="\ procmail \ ${@bb.utils.contains("DISTRO_FEATURES", "polkit", "udisks2 upower", "", d)} \ ${NE10} \ +" + +RDEPENDS_packagegroup-meta-oe-support-python2 ="\ ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "lio-utils", "", d)} \ - " +" RDEPENDS_packagegroup-meta-oe-support_remove_arm ="numactl" RDEPENDS_packagegroup-meta-oe-support_remove_mipsarch = "gperftools" diff --git a/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.6.bb b/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.6.bb deleted file mode 100644 index f059002161..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.6.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "runtime performance analyzer" -HOMEPAGE = "https://github.com/iipeace/guider" -BUGTRACKER = "https://github.com/iipeace/guider/issues" -AUTHOR = "Peace Lee <ipeace5@gmail.com>" - -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2c1c00f9d3ed9e24fa69b932b7e7aff2" - -PV = "3.9.6+git${SRCPV}" -PR = "r0" - -SRC_URI = "git://github.com/iipeace/${BPN}" -#SRCREV = "${AUTOREV}" -SRCREV = "fef25c41efb9bde0614ea477d0b90bd9565ae0b4" - -S = "${WORKDIR}/git" -R = "${RECIPE_SYSROOT}" - -inherit ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "distutils", "", d)} - -GUIDER_OBJ = "guider.pyc" -GUIDER_SCRIPT = "guider" - -do_install() { - python ${S}/setup.py install - - install -d ${D}${bindir} - install -v -m 0755 ${STAGING_BINDIR_NATIVE}/${GUIDER_SCRIPT} ${D}${bindir}/${GUIDER_SCRIPT} - - install -d ${D}${datadir}/${BPN} - install -v -m 0755 ${STAGING_LIBDIR_NATIVE}/python${PYTHON_BASEVERSION}/site-packages/${BPN}/${GUIDER_OBJ} ${D}${datadir}/${BPN}/${GUIDER_OBJ} -} - -RDEPENDS_${PN} = "python-ctypes python-shell \ - python-json python-subprocess" -python() { - if 'meta-python2' not in d.getVar('BBFILE_COLLECTIONS').split(): - raise bb.parse.SkipRecipe('Requires meta-python2 to be present.') -} diff --git a/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.7.bb b/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.7.bb new file mode 100644 index 0000000000..88fad936ba --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.7.bb @@ -0,0 +1,19 @@ +SUMMARY = "runtime performance analyzer" +HOMEPAGE = "https://github.com/iipeace/guider" +BUGTRACKER = "https://github.com/iipeace/guider/issues" +AUTHOR = "Peace Lee <ipeace5@gmail.com>" + +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2c1c00f9d3ed9e24fa69b932b7e7aff2" + +PV = "3.9.7+git${SRCPV}" + +SRC_URI = "git://github.com/iipeace/${BPN}" +SRCREV = "459b5189a46023fc98e19888b196bdc2674022fd" + +S = "${WORKDIR}/git" + +inherit setuptools3 + +RDEPENDS_${PN} = "python3 python3-core \ + python3-ctypes python3-shell python3-json" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb index 0673a3202d..b9e3821776 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb @@ -26,7 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ " -SRC_URI[sha256sum] = "e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853" +SRC_URI[sha256sum] = "052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2020.3.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2020.3.bb index 43021c5342..86407459bf 100644 --- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2020.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2020.3.bb @@ -22,7 +22,7 @@ DEPENDS = " \ PREMIRRORS = "" SRC_URI = " \ - gitsm://github.com/ostreedev/ostree \ + gitsm://github.com/ostreedev/ostree;branch=main \ file://run-ptest \ " SRCREV = "6ed48234ba579ff73eb128af237212b0a00f2057" diff --git a/meta-openembedded/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb b/meta-openembedded/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb index ed19d1e41a..de1fc3a1fe 100644 --- a/meta-openembedded/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb +++ b/meta-openembedded/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb @@ -16,12 +16,11 @@ PR = "r1" S = "${WORKDIR}/tools" do_compile() { - oe_runmake + oe_runmake LIB_DIR=${libdir}/uml } do_install() { oe_runmake install DESTDIR=${D} } -FILES_${PN} += "${exec_prefix}${nonarch_base_libdir}" -FILES_${PN}-dbg += "${exec_prefix}${nonarch_base_libdir}/uml/.debug" +FILES_${PN} += "${libdir}/uml" diff --git a/meta-openembedded/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb b/meta-openembedded/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb index 7c6f4c13d2..f3c112c3b8 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.gpl-3;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.lgpl-3;md5=e6a600fd5e1d9cbde2d983680233ad02 \ " -SRC_URI = "git://github.com/libyui/libyui.git \ +SRC_URI = "git://github.com/libyui/libyui-old.git \ file://0001-Fix-build-with-clang.patch \ file://0001-Use-relative-install-paths-for-CMake.patch \ " diff --git a/meta-openembedded/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb b/meta-openembedded/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb index ac463038aa..105610be5a 100644 --- a/meta-openembedded/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb @@ -13,6 +13,14 @@ S = "${WORKDIR}/git" inherit cmake +do_configure_prepend() { + # otherwise https://github.com/ceres-solver/ceres-solver/blob/0b748597889f460764f6c980a00c6f502caa3875/cmake/AddGerritCommitHook.cmake#L68 + # will try to fetch https://ceres-solver-review.googlesource.com/tools/hooks/commit-msg durind do_configure + # which sometimes gets stuck (as there is no TIMEOUT set in DOWNLOAD) + # and we really don't need Gerrit's Change-Id tags when just building this + touch ${S}/.git/hooks/commit-msg +} + # We don't want path to eigen3 in ceres-solver RSS to be # used by components which use CeresConfig.cmake from their # own RSS diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_git.bb b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_git.bb index 7cafbb7993..82ef561fbe 100644 --- a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_git.bb +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_git.bb @@ -40,7 +40,7 @@ PACKAGECONFIG ??= " \ X11_DEPS = "virtual/libx11 libxinerama libxext libxcursor libxv libxi libxrender libxfixes libxdamage libxrandr libxkbfile" PACKAGECONFIG[x11] = "-DWITH_X11=ON -DWITH_XINERAMA=ON -DWITH_XEXT=ON -DWITH_XCURSOR=ON -DWITH_XV=ON -DWITH_XI=ON -DWITH_XRENDER=ON -DWITH_XFIXES=ON -DWITH_XDAMAGE=ON -DWITH_XRANDR=ON -DWITH_XKBFILE=ON,-DWITH_X11=OFF,${X11_DEPS}" -PACKAGECONFIG[wayland] = "-DWITH_WAYLAND=ON,-DWITH_WAYLAND=OFF,wayland wayland-native" +PACKAGECONFIG[wayland] = "-DWITH_WAYLAND=ON,-DWITH_WAYLAND=OFF,wayland wayland-native libxkbcommon" PACKAGECONFIG[directfb] = "-DWITH_DIRECTFB=ON,-DWITH_DIRECTFB=OFF,directfb" PACKAGECONFIG[pam] = "-DWITH_PAM=ON,-DWITH_PAM=OFF,libpam" PACKAGECONFIG[pulseaudio] = "-DWITH_PULSEAUDIO=ON,-DWITH_PULSEAUDIO=OFF,pulseaudio" diff --git a/meta-openembedded/meta-oe/recipes-support/neon/neon/run-ptest b/meta-openembedded/meta-oe/recipes-support/neon/neon/run-ptest new file mode 100644 index 0000000000..602084a52c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/neon/neon/run-ptest @@ -0,0 +1,25 @@ +#!/bin/sh + +set -eux + +rm -f debug.log child.log + +ulimit -c unlimited +ulimit -t 120 + +cd test +echo foobar > foobar.txt + +BASIC_TESTS="auth basic redirect request session socket string-tests \ + stubs uri-tests util-tests" +DAV_TESTS="acl3744 lock oldacl props xml xmlreq" +for t in $BASIC_TESTS $DAV_TESTS +do + echo "Running $t..." + if "./$t" + then + echo "PASS:$t" + else + echo "FAIL:$t" + fi +done diff --git a/meta-openembedded/meta-oe/recipes-support/neon/neon_0.30.2.bb b/meta-openembedded/meta-oe/recipes-support/neon/neon_0.30.2.bb index 00b79f6330..7feec41d62 100644 --- a/meta-openembedded/meta-oe/recipes-support/neon/neon_0.30.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/neon/neon_0.30.2.bb @@ -7,12 +7,13 @@ LIC_FILES_CHKSUM = "file://src/COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a SRC_URI = "${DEBIAN_MIRROR}/main/n/neon27/neon27_${PV}.orig.tar.gz \ file://pkgconfig.patch \ + file://run-ptest \ " SRC_URI[md5sum] = "e28d77bf14032d7f5046b3930704ef41" SRC_URI[sha256sum] = "db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca" -inherit autotools binconfig-disabled lib_package pkgconfig +inherit autotools binconfig-disabled lib_package pkgconfig ptest # Enable gnutls or openssl, not both PACKAGECONFIG ?= "expat gnutls libproxy webdav zlib" @@ -33,6 +34,18 @@ do_compile_append() { oe_runmake -C test } +do_install_ptest(){ + BASIC_TESTS="auth basic redirect request session socket string-tests \ + stubs uri-tests util-tests" + DAV_TESTS="acl3744 lock oldacl props xml xmlreq" + mkdir "${D}${PTEST_PATH}/test" + for i in ${BASIC_TESTS} ${DAV_TESTS} + do + install -m 0755 "${B}/test/${i}" \ + "${D}${PTEST_PATH}/test" + done +} + BINCONFIG = "${bindir}/neon-config" BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb index 3e3c3a3fdf..0e127975b4 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -62,7 +62,6 @@ do_configure_prepend_libc-musl () { do_compile_prepend_class-native() { export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} - export NSS_ENABLE_WERROR=0 } do_compile_prepend_class-nativesdk() { @@ -81,6 +80,11 @@ do_compile() { export NATIVE_CC="${BUILD_CC}" # Additional defines needed on Centos 7 export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + + # POSIX.1-2001 states that the behaviour of getcwd() when passing a null + # pointer as the buf argument, is unspecified. + export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC" + export BUILD_OPT=1 export FREEBL_NO_DEPEND=1 diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch index 5f909c1a8f..896d6ce9dc 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch @@ -1,4 +1,4 @@ -From 85b882b4ceb57fe6538f47af58d0a970923fde0e Mon Sep 17 00:00:00 2001 +From 806de12b95a69572fffea8eb49b4ec3fb722b65f Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> Date: Thu, 31 Mar 2016 00:20:15 +0200 Subject: [PATCH] 3rdparty/ippicv: Use pre-downloaded ipp @@ -11,7 +11,7 @@ Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com> 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/3rdparty/ippicv/ippicv.cmake b/3rdparty/ippicv/ippicv.cmake -index ae8748c..305abdb 100644 +index ae8748c283..305abdb58d 100644 --- a/3rdparty/ippicv/ippicv.cmake +++ b/3rdparty/ippicv/ippicv.cmake @@ -39,18 +39,5 @@ function(download_ippicv root_var) diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Dont-use-isystem.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Dont-use-isystem.patch index 40d3f53e1a..a899b7e9a4 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Dont-use-isystem.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Dont-use-isystem.patch @@ -1,4 +1,4 @@ -From 9659f5a1e75fc29c9879c301767bba72ecf9042a Mon Sep 17 00:00:00 2001 +From b34a6e8d4582aa13ad4cd58547d8e0f0a0f1c6a6 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 11 Sep 2018 00:21:18 -0700 Subject: [PATCH] Dont use isystem @@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 2 insertions(+) diff --git a/cmake/OpenCVPCHSupport.cmake b/cmake/OpenCVPCHSupport.cmake -index 59bc826..055dfce 100644 +index 59bc826ed0..055dfce251 100644 --- a/cmake/OpenCVPCHSupport.cmake +++ b/cmake/OpenCVPCHSupport.cmake @@ -18,6 +18,8 @@ IF(CV_GCC) diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch index f8ccd1d558..26041e09fb 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch @@ -1,4 +1,4 @@ -From fe27d0e2341683606704115949d16250e4cacbfa Mon Sep 17 00:00:00 2001 +From 23425e45f6e26f2b1e387b88e104872b3a1ea5d1 Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> Date: Wed, 9 May 2018 13:33:59 -0700 Subject: [PATCH] Temporarliy work around deprecated ffmpeg RAW function @@ -11,7 +11,7 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com> 1 file changed, 8 insertions(+) diff --git a/modules/videoio/src/cap_ffmpeg_impl.hpp b/modules/videoio/src/cap_ffmpeg_impl.hpp -index 0d360ad..566df66 100644 +index 0d360ad5d9..566df6664b 100644 --- a/modules/videoio/src/cap_ffmpeg_impl.hpp +++ b/modules/videoio/src/cap_ffmpeg_impl.hpp @@ -736,6 +736,14 @@ struct ImplMutex::Impl diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-carotene-Replace-ipcp-unit-growth-with-ipa-cp-unit-g.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-carotene-Replace-ipcp-unit-growth-with-ipa-cp-unit-g.patch index 43d32fbc75..df5bd67460 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-carotene-Replace-ipcp-unit-growth-with-ipa-cp-unit-g.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0001-carotene-Replace-ipcp-unit-growth-with-ipa-cp-unit-g.patch @@ -1,13 +1,15 @@ -From 1edc925ecd7fb54d2dc78452069084475fbe2a70 Mon Sep 17 00:00:00 2001 +From d9bdafa95f329f33d829d89a2e51adaf833768cc Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 16 Jan 2020 08:52:00 -0800 -Subject: [PATCH] carotene: Replace ipcp-unit-growth with ipa-cp-unit-growth on gcc >= 10 +Subject: [PATCH] carotene: Replace ipcp-unit-growth with ipa-cp-unit-growth on + gcc >= 10 gcc 10+ has renamed this option, therefore check for gcc version before deciding which name to use for opt parameter Upstream-Status: Submitted [https://github.com/opencv/opencv/pull/16369] Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- 3rdparty/carotene/CMakeLists.txt | 8 ++++++-- 3rdparty/carotene/hal/CMakeLists.txt | 7 ++++++- @@ -50,6 +52,3 @@ index c4b9acaedd..bbc5b11a80 100644 # set_source_files_properties(impl.cpp $<TARGET_OBJECTS:carotene_objs> COMPILE_FLAGS "--param ipcp-unit-growth=100000 --param inline-unit-growth=100000 --param large-stack-frame-growth=5000") endif() --- -2.25.0 - diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0002-Make-opencv-ts-create-share-library-intead-of-static.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0002-Make-opencv-ts-create-share-library-intead-of-static.patch index 46198fb7be..3dd63829e5 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0002-Make-opencv-ts-create-share-library-intead-of-static.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0002-Make-opencv-ts-create-share-library-intead-of-static.patch @@ -1,4 +1,4 @@ -From 46ffa1f8f443b71673774fcb864eb741bbc26200 Mon Sep 17 00:00:00 2001 +From 6a490df70aadc43ed4f503452c278e334716826d Mon Sep 17 00:00:00 2001 From: Bian Naimeng <biannm@cn.fujitsu.com> Date: Wed, 19 Apr 2017 03:11:37 +0900 Subject: [PATCH] Make opencv-ts create share library intead of static. @@ -10,7 +10,7 @@ Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ts/CMakeLists.txt b/modules/ts/CMakeLists.txt -index f95bed0..ee67858 100644 +index f95bed0793..ee67858df8 100644 --- a/modules/ts/CMakeLists.txt +++ b/modules/ts/CMakeLists.txt @@ -4,7 +4,7 @@ if(NOT BUILD_opencv_ts AND NOT BUILD_TESTS AND NOT BUILD_PERF_TESTS) diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0003-To-fix-errors-as-following.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0003-To-fix-errors-as-following.patch index 336c2e08e6..77571ead98 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0003-To-fix-errors-as-following.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/0003-To-fix-errors-as-following.patch @@ -1,4 +1,4 @@ -From 867caccc358266f7021f076fc8c8e41bf048782c Mon Sep 17 00:00:00 2001 +From b3dc5478cb0d2d2b617dc6c5e28d59559edadf36 Mon Sep 17 00:00:00 2001 From: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Date: Fri, 19 May 2017 04:27:50 +0900 Subject: [PATCH] To fix errors as following: @@ -21,7 +21,7 @@ Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com> 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ts/include/opencv2/ts.hpp b/modules/ts/include/opencv2/ts.hpp -index b9d6b74..f1ee7ee 100644 +index b9d6b74ffc..f1ee7ee429 100644 --- a/modules/ts/include/opencv2/ts.hpp +++ b/modules/ts/include/opencv2/ts.hpp @@ -622,7 +622,7 @@ protected: @@ -43,7 +43,7 @@ index b9d6b74..f1ee7ee 100644 #define CV_TEST_INIT0_NOOP (void)0 diff --git a/modules/ts/include/opencv2/ts/ocl_test.hpp b/modules/ts/include/opencv2/ts/ocl_test.hpp -index 11572e9..438112e 100644 +index 11572e9f48..438112e2aa 100644 --- a/modules/ts/include/opencv2/ts/ocl_test.hpp +++ b/modules/ts/include/opencv2/ts/ocl_test.hpp @@ -82,7 +82,7 @@ inline UMat ToUMat(InputArray src) @@ -56,7 +56,7 @@ index 11572e9..438112e 100644 #define MAX_VALUE 357 diff --git a/modules/ts/include/opencv2/ts/ts_ext.hpp b/modules/ts/include/opencv2/ts/ts_ext.hpp -index b5cea3e..e5b0b4b 100644 +index b5cea3e46d..e5b0b4ba8c 100644 --- a/modules/ts/include/opencv2/ts/ts_ext.hpp +++ b/modules/ts/include/opencv2/ts/ts_ext.hpp @@ -9,7 +9,7 @@ diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14491.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14491.patch new file mode 100644 index 0000000000..54a553fb38 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14491.patch @@ -0,0 +1,148 @@ +From 5a9628c134a7314e10ea0bcc4e789c935251a7f5 Mon Sep 17 00:00:00 2001 +From: Alexander Alekhin <alexander.alekhin@intel.com> +Date: Thu, 25 Jul 2019 17:15:59 +0300 +Subject: [PATCH] objdetect: validate feature rectangle on reading + +CVE: CVE-2019-14491 +CVE: CVE-2019-14492 +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed.patch] +Comment: No changes in any hunk + +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> + +--- + modules/objdetect/src/cascadedetect.cpp | 43 +++++++++++++++++++++---- + modules/objdetect/src/cascadedetect.hpp | 6 ++-- + 2 files changed, 40 insertions(+), 9 deletions(-) + +diff --git a/modules/objdetect/src/cascadedetect.cpp b/modules/objdetect/src/cascadedetect.cpp +index a1865e9062..b7ef04ea7b 100644 +--- a/modules/objdetect/src/cascadedetect.cpp ++++ b/modules/objdetect/src/cascadedetect.cpp +@@ -46,6 +46,10 @@ + #include "cascadedetect.hpp" + #include "opencl_kernels_objdetect.hpp" + ++#if defined(_MSC_VER) ++# pragma warning(disable:4458) // declaration of 'origWinSize' hides class member ++#endif ++ + namespace cv + { + +@@ -536,7 +540,7 @@ bool FeatureEvaluator::setImage( InputArray _image, const std::vector<float>& _s + + //---------------------------------------------- HaarEvaluator --------------------------------------- + +-bool HaarEvaluator::Feature :: read( const FileNode& node ) ++bool HaarEvaluator::Feature::read(const FileNode& node, const Size& origWinSize) + { + FileNode rnode = node[CC_RECTS]; + FileNodeIterator it = rnode.begin(), it_end = rnode.end(); +@@ -548,11 +552,23 @@ bool HaarEvaluator::Feature :: read( const FileNode& node ) + rect[ri].weight = 0.f; + } + ++ const int W = origWinSize.width; ++ const int H = origWinSize.height; ++ + for(ri = 0; it != it_end; ++it, ri++) + { + FileNodeIterator it2 = (*it).begin(); +- it2 >> rect[ri].r.x >> rect[ri].r.y >> +- rect[ri].r.width >> rect[ri].r.height >> rect[ri].weight; ++ Feature::RectWeigth& rw = rect[ri]; ++ it2 >> rw.r.x >> rw.r.y >> rw.r.width >> rw.r.height >> rw.weight; ++ // input validation ++ { ++ CV_CheckGE(rw.r.x, 0, "Invalid HAAR feature"); ++ CV_CheckGE(rw.r.y, 0, "Invalid HAAR feature"); ++ CV_CheckLT(rw.r.x, W, "Invalid HAAR feature"); // necessary for overflow checks ++ CV_CheckLT(rw.r.y, H, "Invalid HAAR feature"); // necessary for overflow checks ++ CV_CheckLE(rw.r.x + rw.r.width, W, "Invalid HAAR feature"); ++ CV_CheckLE(rw.r.y + rw.r.height, H, "Invalid HAAR feature"); ++ } + } + + tilted = (int)node[CC_TILTED] != 0; +@@ -597,7 +613,7 @@ bool HaarEvaluator::read(const FileNode& node, Size _origWinSize) + + for(i = 0; i < n; i++, ++it) + { +- if(!ff[i].read(*it)) ++ if(!ff[i].read(*it, _origWinSize)) + return false; + if( ff[i].tilted ) + hasTiltedFeatures = true; +@@ -758,11 +774,24 @@ int HaarEvaluator::getSquaresOffset() const + } + + //---------------------------------------------- LBPEvaluator ------------------------------------- +-bool LBPEvaluator::Feature :: read(const FileNode& node ) ++bool LBPEvaluator::Feature::read(const FileNode& node, const Size& origWinSize) + { + FileNode rnode = node[CC_RECT]; + FileNodeIterator it = rnode.begin(); + it >> rect.x >> rect.y >> rect.width >> rect.height; ++ ++ const int W = origWinSize.width; ++ const int H = origWinSize.height; ++ // input validation ++ { ++ CV_CheckGE(rect.x, 0, "Invalid LBP feature"); ++ CV_CheckGE(rect.y, 0, "Invalid LBP feature"); ++ CV_CheckLT(rect.x, W, "Invalid LBP feature"); ++ CV_CheckLT(rect.y, H, "Invalid LBP feature"); ++ CV_CheckLE(rect.x + rect.width, W, "Invalid LBP feature"); ++ CV_CheckLE(rect.y + rect.height, H, "Invalid LBP feature"); ++ } ++ + return true; + } + +@@ -796,7 +825,7 @@ bool LBPEvaluator::read( const FileNode& node, Size _origWinSize ) + std::vector<Feature>& ff = *features; + for(int i = 0; it != it_end; ++it, i++) + { +- if(!ff[i].read(*it)) ++ if(!ff[i].read(*it, _origWinSize)) + return false; + } + nchannels = 1; +@@ -1441,6 +1470,8 @@ bool CascadeClassifierImpl::Data::read(const FileNode &root) + origWinSize.width = (int)root[CC_WIDTH]; + origWinSize.height = (int)root[CC_HEIGHT]; + CV_Assert( origWinSize.height > 0 && origWinSize.width > 0 ); ++ CV_CheckLE(origWinSize.width, 1000000, "Invalid window size (too large)"); ++ CV_CheckLE(origWinSize.height, 1000000, "Invalid window size (too large)"); + + // load feature params + FileNode fn = root[CC_FEATURE_PARAMS]; +diff --git a/modules/objdetect/src/cascadedetect.hpp b/modules/objdetect/src/cascadedetect.hpp +index a011ed4804..ffc03af841 100644 +--- a/modules/objdetect/src/cascadedetect.hpp ++++ b/modules/objdetect/src/cascadedetect.hpp +@@ -317,12 +317,12 @@ public: + struct Feature + { + Feature(); +- bool read( const FileNode& node ); ++ bool read(const FileNode& node, const Size& origWinSize); + + bool tilted; + + enum { RECT_NUM = 3 }; +- struct ++ struct RectWeigth + { + Rect r; + float weight; +@@ -412,7 +412,7 @@ public: + Feature( int x, int y, int _block_w, int _block_h ) : + rect(x, y, _block_w, _block_h) {} + +- bool read(const FileNode& node ); ++ bool read(const FileNode& node, const Size& origWinSize); + + Rect rect; // weight and height for block + }; diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14493.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14493.patch new file mode 100644 index 0000000000..37be12b500 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-14493.patch @@ -0,0 +1,237 @@ +From 0d88c87ed94e89af490c3d882597e034422aa4a5 Mon Sep 17 00:00:00 2001 +From: Alexander Alekhin <alexander.alekhin@intel.com> +Date: Thu, 25 Jul 2019 15:14:22 +0300 +Subject: [PATCH] core(persistence): added null ptr checks + +CVE: CVE-2019-14493 +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023.patch] +Comment: No changes in any hunk + +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> + +--- + modules/core/src/persistence_json.cpp | 12 ++++++++++++ + modules/core/src/persistence_xml.cpp | 21 +++++++++++++++++++++ + modules/core/src/persistence_yml.cpp | 21 +++++++++++++++++++++ + 3 files changed, 54 insertions(+) + +diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp +index ae678e1b8b..89914e6534 100644 +--- a/modules/core/src/persistence_json.cpp ++++ b/modules/core/src/persistence_json.cpp +@@ -296,6 +296,8 @@ public: + + while ( is_eof == false && is_completed == false ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + switch ( *ptr ) + { + /* comment */ +@@ -381,6 +383,7 @@ public: + if ( is_eof || !is_completed ) + { + ptr = fs->bufferStart(); ++ CV_Assert(ptr); + *ptr = '\0'; + fs->setEof(); + if( !is_completed ) +@@ -392,6 +395,9 @@ public: + + char* parseKey( char* ptr, FileNode& collection, FileNode& value_placeholder ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + if( *ptr != '"' ) + CV_PARSE_ERROR_CPP( "Key must start with \'\"\'" ); + +@@ -430,6 +436,9 @@ public: + + char* parseValue( char* ptr, FileNode& node ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid value input"); ++ + ptr = skipSpaces( ptr ); + if( !ptr || !*ptr ) + CV_PARSE_ERROR_CPP( "Unexpected End-Of-File" ); +@@ -817,6 +826,9 @@ public: + + bool parse( char* ptr ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + ptr = skipSpaces( ptr ); + if ( !ptr || !*ptr ) + return false; +diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp +index fb30d90896..89876dd3da 100644 +--- a/modules/core/src/persistence_xml.cpp ++++ b/modules/core/src/persistence_xml.cpp +@@ -360,6 +360,9 @@ public: + + char* skipSpaces( char* ptr, int mode ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + int level = 0; + + for(;;) +@@ -441,6 +444,9 @@ public: + + char* parseValue( char* ptr, FileNode& node ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + FileNode new_elem; + bool have_space = true; + int value_type = node.type(); +@@ -456,6 +462,8 @@ public: + (c == '<' && ptr[1] == '!' && ptr[2] == '-') ) + { + ptr = skipSpaces( ptr, 0 ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + have_space = true; + c = *ptr; + } +@@ -502,6 +510,8 @@ public: + { + ptr = fs->parseBase64( ptr, 0, new_elem); + ptr = skipSpaces( ptr, 0 ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + } + + ptr = parseTag( ptr, key2, type_name, tag_type ); +@@ -645,6 +655,9 @@ public: + char* parseTag( char* ptr, std::string& tag_name, + std::string& type_name, int& tag_type ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid tag input"); ++ + if( *ptr == '\0' ) + CV_PARSE_ERROR_CPP( "Unexpected end of the stream" ); + +@@ -702,6 +715,8 @@ public: + if( *ptr != '=' ) + { + ptr = skipSpaces( ptr, CV_XML_INSIDE_TAG ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid attribute"); + if( *ptr != '=' ) + CV_PARSE_ERROR_CPP( "Attribute name should be followed by \'=\'" ); + } +@@ -740,6 +755,8 @@ public: + if( c != '>' ) + { + ptr = skipSpaces( ptr, CV_XML_INSIDE_TAG ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + c = *ptr; + } + +@@ -781,6 +798,8 @@ public: + + // CV_XML_INSIDE_TAG is used to prohibit leading comments + ptr = skipSpaces( ptr, CV_XML_INSIDE_TAG ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + + if( memcmp( ptr, "<?xml", 5 ) != 0 ) // FIXIT ptr[1..] - out of bounds read without check + CV_PARSE_ERROR_CPP( "Valid XML should start with \'<?xml ...?>\'" ); +@@ -791,6 +810,8 @@ public: + while( ptr && *ptr != '\0' ) + { + ptr = skipSpaces( ptr, 0 ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + + if( *ptr != '\0' ) + { +diff --git a/modules/core/src/persistence_yml.cpp b/modules/core/src/persistence_yml.cpp +index 4129ca1dc5..7742e82770 100644 +--- a/modules/core/src/persistence_yml.cpp ++++ b/modules/core/src/persistence_yml.cpp +@@ -330,6 +330,9 @@ public: + + char* skipSpaces( char* ptr, int min_indent, int max_comment_indent ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + for(;;) + { + while( *ptr == ' ' ) +@@ -374,6 +377,9 @@ public: + + bool getBase64Row(char* ptr, int indent, char* &beg, char* &end) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + beg = end = ptr = skipSpaces(ptr, 0, INT_MAX); + if (!ptr || !*ptr) + return false; // end of file +@@ -394,6 +400,9 @@ public: + + char* parseKey( char* ptr, FileNode& map_node, FileNode& value_placeholder ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + char c; + char *endptr = ptr - 1, *saveptr; + +@@ -422,6 +431,9 @@ public: + + char* parseValue( char* ptr, FileNode& node, int min_indent, bool is_parent_flow ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + char* endptr = 0; + char c = ptr[0], d = ptr[1]; + int value_type = FileNode::NONE; +@@ -508,6 +520,8 @@ public: + + *endptr = d; + ptr = skipSpaces( endptr, min_indent, INT_MAX ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + + c = *ptr; + +@@ -634,6 +648,8 @@ public: + FileNode elem; + + ptr = skipSpaces( ptr, new_min_indent, INT_MAX ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + if( *ptr == '}' || *ptr == ']' ) + { + if( *ptr != d ) +@@ -647,6 +663,8 @@ public: + if( *ptr != ',' ) + CV_PARSE_ERROR_CPP( "Missing , between the elements" ); + ptr = skipSpaces( ptr + 1, new_min_indent, INT_MAX ); ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); + } + + if( struct_type == FileNode::MAP ) +@@ -746,6 +764,9 @@ public: + + bool parse( char* ptr ) + { ++ if (!ptr) ++ CV_PARSE_ERROR_CPP("Invalid input"); ++ + bool first = true; + bool ok = true; + FileNode root_collection(fs->getFS(), 0, 0); diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-15939.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-15939.patch new file mode 100644 index 0000000000..ad61d7c231 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-15939.patch @@ -0,0 +1,73 @@ +From 384c5fa5f09aec5512343340fe65ccaaf83dfc48 Mon Sep 17 00:00:00 2001 +From: Alexander Alekhin <alexander.alekhin@intel.com> +Date: Fri, 23 Aug 2019 16:14:53 +0300 +Subject: [PATCH] objdetect: add input check in HOG detector + +CVE: CVE-2019-15939 +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/5a497077f109d543ab86dfdf8add1c76c0e47d29.patch] +Comment: No changes in any hunk + +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> + +--- + modules/objdetect/src/hog.cpp | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/modules/objdetect/src/hog.cpp b/modules/objdetect/src/hog.cpp +index e3e43bb86e..af814658fe 100644 +--- a/modules/objdetect/src/hog.cpp ++++ b/modules/objdetect/src/hog.cpp +@@ -65,6 +65,7 @@ namespace cv + + static int numPartsWithin(int size, int part_size, int stride) + { ++ CV_Assert(stride != 0); + return (size - part_size + stride) / stride; + } + +@@ -77,13 +78,17 @@ static Size numPartsWithin(cv::Size size, cv::Size part_size, + + static size_t getBlockHistogramSize(Size block_size, Size cell_size, int nbins) + { ++ CV_Assert(!cell_size.empty()); + Size cells_per_block = Size(block_size.width / cell_size.width, +- block_size.height / cell_size.height); ++ block_size.height / cell_size.height); + return (size_t)(nbins * cells_per_block.area()); + } + + size_t HOGDescriptor::getDescriptorSize() const + { ++ CV_Assert(!cellSize.empty()); ++ CV_Assert(!blockStride.empty()); ++ + CV_Assert(blockSize.width % cellSize.width == 0 && + blockSize.height % cellSize.height == 0); + CV_Assert((winSize.width - blockSize.width) % blockStride.width == 0 && +@@ -141,20 +146,20 @@ bool HOGDescriptor::read(FileNode& obj) + if( !obj.isMap() ) + return false; + FileNodeIterator it = obj["winSize"].begin(); +- it >> winSize.width >> winSize.height; ++ it >> winSize.width >> winSize.height; CV_Assert(!winSize.empty()); + it = obj["blockSize"].begin(); +- it >> blockSize.width >> blockSize.height; ++ it >> blockSize.width >> blockSize.height; CV_Assert(!blockSize.empty()); + it = obj["blockStride"].begin(); +- it >> blockStride.width >> blockStride.height; ++ it >> blockStride.width >> blockStride.height; CV_Assert(!blockStride.empty()); + it = obj["cellSize"].begin(); +- it >> cellSize.width >> cellSize.height; +- obj["nbins"] >> nbins; ++ it >> cellSize.width >> cellSize.height; CV_Assert(!cellSize.empty()); ++ obj["nbins"] >> nbins; CV_Assert(nbins > 0); + obj["derivAperture"] >> derivAperture; + obj["winSigma"] >> winSigma; + obj["histogramNormType"] >> histogramNormType; + obj["L2HysThreshold"] >> L2HysThreshold; + obj["gammaCorrection"] >> gammaCorrection; +- obj["nlevels"] >> nlevels; ++ obj["nlevels"] >> nlevels; CV_Assert(nlevels > 0); + if (obj["signedGradient"].empty()) + signedGradient = false; + else diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-19624.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-19624.patch new file mode 100644 index 0000000000..3510e1eb98 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2019-19624.patch @@ -0,0 +1,157 @@ +From 34195a57528a3f2c807bc3eeb8c934b8ea8289bd Mon Sep 17 00:00:00 2001 +From: Thang Tran <TranKimThang279@gmail.com> +Date: Mon, 27 May 2019 08:18:26 +0200 +Subject: [PATCH] video:fixed DISOpticalFlow segfault from small img + +CVE: CVE-2019-19624 +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418.patch] +Comment: No changes in any hunk + +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> + +--- + modules/video/src/dis_flow.cpp | 67 ++++++++++++++++++++++++- + modules/video/test/test_OF_accuracy.cpp | 28 +++++++++++ + 2 files changed, 93 insertions(+), 2 deletions(-) + +diff --git a/modules/video/src/dis_flow.cpp b/modules/video/src/dis_flow.cpp +index b86df1564b..adafcc92d8 100644 +--- a/modules/video/src/dis_flow.cpp ++++ b/modules/video/src/dis_flow.cpp +@@ -140,6 +140,8 @@ class DISOpticalFlowImpl CV_FINAL : public DISOpticalFlow + void prepareBuffers(Mat &I0, Mat &I1, Mat &flow, bool use_flow); + void precomputeStructureTensor(Mat &dst_I0xx, Mat &dst_I0yy, Mat &dst_I0xy, Mat &dst_I0x, Mat &dst_I0y, Mat &I0x, + Mat &I0y); ++ int autoSelectCoarsestScale(int img_width); ++ void autoSelectPatchSizeAndScales(int img_width); + + struct PatchInverseSearch_ParBody : public ParallelLoopBody + { +@@ -435,6 +437,44 @@ void DISOpticalFlowImpl::precomputeStructureTensor(Mat &dst_I0xx, Mat &dst_I0yy, + } + } + ++int DISOpticalFlowImpl::autoSelectCoarsestScale(int img_width) ++{ ++ const int fratio = 5; ++ return std::max(0, (int)std::floor(log2((2.0f*(float)img_width) / ((float)fratio * (float)patch_size)))); ++} ++ ++void DISOpticalFlowImpl::autoSelectPatchSizeAndScales(int img_width) ++{ ++ switch (finest_scale) ++ { ++ case 1: ++ patch_size = 8; ++ coarsest_scale = autoSelectCoarsestScale(img_width); ++ finest_scale = std::max(coarsest_scale-2, 0); ++ break; ++ ++ case 3: ++ patch_size = 12; ++ coarsest_scale = autoSelectCoarsestScale(img_width); ++ finest_scale = std::max(coarsest_scale-4, 0); ++ break; ++ ++ case 4: ++ patch_size = 12; ++ coarsest_scale = autoSelectCoarsestScale(img_width); ++ finest_scale = std::max(coarsest_scale-5, 0); ++ break; ++ ++ // default case, fall-through. ++ case 2: ++ default: ++ patch_size = 8; ++ coarsest_scale = autoSelectCoarsestScale(img_width); ++ finest_scale = std::max(coarsest_scale-2, 0); ++ break; ++ } ++} ++ + DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOpticalFlowImpl &_dis, int _nstripes, + int _hs, Mat &dst_Sx, Mat &dst_Sy, + Mat &src_Ux, Mat &src_Uy, Mat &_I0, Mat &_I1, +@@ -1313,9 +1353,20 @@ bool DISOpticalFlowImpl::ocl_calc(InputArray I0, InputArray I1, InputOutputArray + else + flow.create(I1Mat.size(), CV_32FC2); + UMat &u_flowMat = flow.getUMatRef(); +- coarsest_scale = min((int)(log(max(I0Mat.cols, I0Mat.rows) / (4.0 * patch_size)) / log(2.0) + 0.5), /* Original code serach for maximal movement of width/4 */ ++ coarsest_scale = min((int)(log(max(I0Mat.cols, I0Mat.rows) / (4.0 * patch_size)) / log(2.0) + 0.5), /* Original code search for maximal movement of width/4 */ + (int)(log(min(I0Mat.cols, I0Mat.rows) / patch_size) / log(2.0))); /* Deepest pyramid level greater or equal than patch*/ + ++ if (coarsest_scale<0) ++ CV_Error(cv::Error::StsBadSize, "The input image must have either width or height >= 12"); ++ ++ if (coarsest_scale<finest_scale) ++ { ++ // choose the finest level based on coarsest level. ++ // Refs: https://github.com/tikroeger/OF_DIS/blob/2c9f2a674f3128d3a41c10e41cc9f3a35bb1b523/run_dense.cpp#L239 ++ int original_img_width = I0.size().width; ++ autoSelectPatchSizeAndScales(original_img_width); ++ } ++ + ocl_prepareBuffers(I0Mat, I1Mat, u_flowMat, use_input_flow); + u_Ux[coarsest_scale].setTo(0.0f); + u_Uy[coarsest_scale].setTo(0.0f); +@@ -1380,8 +1431,20 @@ void DISOpticalFlowImpl::calc(InputArray I0, InputArray I1, InputOutputArray flo + else + flow.create(I1Mat.size(), CV_32FC2); + Mat flowMat = flow.getMat(); +- coarsest_scale = min((int)(log(max(I0Mat.cols, I0Mat.rows) / (4.0 * patch_size)) / log(2.0) + 0.5), /* Original code serach for maximal movement of width/4 */ ++ coarsest_scale = min((int)(log(max(I0Mat.cols, I0Mat.rows) / (4.0 * patch_size)) / log(2.0) + 0.5), /* Original code search for maximal movement of width/4 */ + (int)(log(min(I0Mat.cols, I0Mat.rows) / patch_size) / log(2.0))); /* Deepest pyramid level greater or equal than patch*/ ++ ++ if (coarsest_scale<0) ++ CV_Error(cv::Error::StsBadSize, "The input image must have either width or height >= 12"); ++ ++ if (coarsest_scale<finest_scale) ++ { ++ // choose the finest level based on coarsest level. ++ // Refs: https://github.com/tikroeger/OF_DIS/blob/2c9f2a674f3128d3a41c10e41cc9f3a35bb1b523/run_dense.cpp#L239 ++ int original_img_width = I0.size().width; ++ autoSelectPatchSizeAndScales(original_img_width); ++ } ++ + int num_stripes = getNumThreads(); + + prepareBuffers(I0Mat, I1Mat, flowMat, use_input_flow); +diff --git a/modules/video/test/test_OF_accuracy.cpp b/modules/video/test/test_OF_accuracy.cpp +index affbab6586..b99ffce2a8 100644 +--- a/modules/video/test/test_OF_accuracy.cpp ++++ b/modules/video/test/test_OF_accuracy.cpp +@@ -121,6 +121,34 @@ TEST(DenseOpticalFlow_DIS, ReferenceAccuracy) + } + } + ++TEST(DenseOpticalFlow_DIS, InvalidImgSize_CoarsestLevelLessThanZero) ++{ ++ cv::Ptr<cv::DISOpticalFlow> of = cv::DISOpticalFlow::create(); ++ const int mat_size = 10; ++ ++ cv::Mat x(mat_size, mat_size, CV_8UC1, 42); ++ cv::Mat y(mat_size, mat_size, CV_8UC1, 42); ++ cv::Mat flow; ++ ++ ASSERT_THROW(of->calc(x, y, flow), cv::Exception); ++} ++ ++// make sure that autoSelectPatchSizeAndScales() works properly. ++TEST(DenseOpticalFlow_DIS, InvalidImgSize_CoarsestLevelLessThanFinestLevel) ++{ ++ cv::Ptr<cv::DISOpticalFlow> of = cv::DISOpticalFlow::create(); ++ const int mat_size = 80; ++ ++ cv::Mat x(mat_size, mat_size, CV_8UC1, 42); ++ cv::Mat y(mat_size, mat_size, CV_8UC1, 42); ++ cv::Mat flow; ++ ++ of->calc(x, y, flow); ++ ++ ASSERT_EQ(flow.rows, mat_size); ++ ASSERT_EQ(flow.cols, mat_size); ++} ++ + TEST(DenseOpticalFlow_VariationalRefinement, ReferenceAccuracy) + { + Mat frame1, frame2, GT; diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/download.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/download.patch index fa8db88078..ae01a5edcd 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/download.patch +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/download.patch @@ -1,3 +1,8 @@ +From 3b1a69503dea2075d51655a0cea5369c88a67632 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Thu, 9 Jan 2020 16:24:24 +0000 +Subject: [PATCH] opencv: abort configure if we need to download + This CMake module will download files during do_configure. This is bad as it means we can't do offline builds. @@ -6,6 +11,10 @@ Add an option to disallow downloads by emitting a fatal error. Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> +--- + cmake/OpenCVDownload.cmake | 6 ++++++ + 1 file changed, 6 insertions(+) + diff --git a/cmake/OpenCVDownload.cmake b/cmake/OpenCVDownload.cmake index cdc47ad2cb..74573f45a2 100644 --- a/cmake/OpenCVDownload.cmake diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.1.0.bb index d781da6005..de708fd06d 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.1.0.bb @@ -50,6 +50,10 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ file://0001-Dont-use-isystem.patch \ file://0001-carotene-Replace-ipcp-unit-growth-with-ipa-cp-unit-g.patch \ file://download.patch \ + file://CVE-2019-14491.patch \ + file://CVE-2019-14493.patch \ + file://CVE-2019-15939.patch \ + file://CVE-2019-19624.patch \ " PV = "4.1.0" diff --git a/meta-openembedded/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb b/meta-openembedded/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb index 9f89bac22a..3f82734acd 100644 --- a/meta-openembedded/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb +++ b/meta-openembedded/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb @@ -7,7 +7,7 @@ SECTION = "devel" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/jthornber/thin-provisioning-tools \ +SRC_URI = "git://github.com/jthornber/thin-provisioning-tools;branch=main \ file://0001-do-not-strip-pdata_tools-at-do_install.patch \ file://use-sh-on-path.patch \ " diff --git a/meta-openembedded/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb b/meta-openembedded/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb index f5d5debe11..d83a4a20b1 100644 --- a/meta-openembedded/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb +++ b/meta-openembedded/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb @@ -19,7 +19,7 @@ RDEPENDS_packagegroup-meta-webserver = "\ " RDEPENDS_packagegroup-meta-webserver-http = "\ - nginx monkey hiawatha nostromo apache-websocket \ + nginx monkey hiawatha apache-websocket \ apache2 sthttpd \ ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "cherokee", "", d)} \ " diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb b/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb index d13ef74feb..deb76ac95c 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb @@ -62,3 +62,6 @@ pkg_postinst_${PN} () { fi fi } + +PNBLACKLIST[nostromo] ?= "Host site for URI is dead" +EXCLUDE_FROM_WORLD = "1" diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml index c9ca76fcd9..4bb2037076 100644 --- a/meta-security/kas/kas-security-base.yml +++ b/meta-security/kas/kas-security-base.yml @@ -33,8 +33,6 @@ local_conf_header: CONF_VERSION = "1" SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/" SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n" - SSTATE_DIR = "/home/srv/sstate/dunfell" - DL_DIR = "/home/srv/downloads/dunfell" BB_HASHSERVE = "auto" BB_SIGNATURE_HANDLER = "OEEquivHash" INHERIT += "buildstats buildstats-summary buildhistory" diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md index f08a1646c4..8f525a6860 100644 --- a/meta-security/meta-integrity/README.md +++ b/meta-security/meta-integrity/README.md @@ -69,8 +69,10 @@ Adding the layer only enables IMA (see below regarding EVM) during compilation of the Linux kernel. To also activate it when building the image, enable image signing in the local.conf like this: - INHERIT += "ima-evm-rootfs" + IMAGE_CLASSES += "ima-evm-rootfs" IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" + IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" + IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" This uses the default keys provided in the "data" directory of the layer. Because everyone has access to these private keys, such an image diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass index d6ade3bf91..0acd6e7aa0 100644 --- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass +++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass @@ -28,6 +28,9 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false" # the iversion flags (needed by IMA when allowing writing). IMA_EVM_ROOTFS_IVERSION ?= "" +# Avoid re-generating fstab when ima is enabled. +WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}" + ima_evm_sign_rootfs () { cd ${IMAGE_ROOTFS} @@ -37,15 +40,6 @@ ima_evm_sign_rootfs () { # reasons (including a change of the signing keys) without also # re-running do_rootfs. - # Copy file(s) which must be on the device. Note that - # evmctl uses x509_evm.der also for "ima_verify", which is probably - # a bug (should default to x509_ima.der). Does not matter for us - # because we use the same key for both. - install -d ./${sysconfdir}/keys - rm -f ./${sysconfdir}/keys/x509_evm.der - install "${IMA_EVM_X509}" ./${sysconfdir}/keys/x509_evm.der - ln -sf x509_evm.der ./${sysconfdir}/keys/x509_ima.der - # Fix /etc/fstab: it must include the "i_version" mount option for # those file systems where writing files is allowed, otherwise # these changes will not get detected at runtime. @@ -80,13 +74,16 @@ ima_evm_sign_rootfs () { } # Signing must run as late as possible in the do_rootfs task. -# IMAGE_PREPROCESS_COMMAND runs after ROOTFS_POSTPROCESS_COMMAND, so -# append (not prepend!) to IMAGE_PREPROCESS_COMMAND, and do it with -# _append instead of += because _append gets evaluated later. In -# particular, we must run after prelink_image in -# IMAGE_PREPROCESS_COMMAND, because prelinking changes executables. +# To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in +# RecipePreFinalise event handler, this ensures it's the last +# function in IMAGE_PREPROCESS_COMMAND. +python ima_evm_sign_handler () { + if not e.data or 'ima' not in e.data.getVar('DISTRO_FEATURES').split(): + return -IMAGE_PREPROCESS_COMMAND_append = " ima_evm_sign_rootfs ; " - -# evmctl must have been installed first. -do_rootfs[depends] += "ima-evm-utils-native:do_populate_sysroot" + e.data.appendVar('IMAGE_PREPROCESS_COMMAND', ' ima_evm_sign_rootfs; ') + e.data.appendVar('IMAGE_INSTALL', ' ima-evm-keys') + e.data.appendVarFlag('do_rootfs', 'depends', ' ima-evm-utils-native:do_populate_sysroot') +} +addhandler ima_evm_sign_handler +ima_evm_sign_handler[eventmask] = "bb.event.RecipePreFinalise" diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb index dacdc8bf06..6471c532c7 100644 --- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb +++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb @@ -14,6 +14,9 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 # to this recipe can just point towards one of its own files. IMA_POLICY ?= "ima-policy-hashed" +# Force proceed IMA procedure even 'no_ima' boot parameter is available. +IMA_FORCE ?= "false" + SRC_URI = " file://ima" inherit features_check @@ -23,9 +26,11 @@ do_install () { install -d ${D}/${sysconfdir}/ima install -d ${D}/init.d install ${WORKDIR}/ima ${D}/init.d/20-ima + + sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima } FILES_${PN} = "/init.d ${sysconfdir}" -RDEPENDS_${PN} = "keyutils ${IMA_POLICY}" +RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}" RDEPENDS_${PN} += "initramfs-framework-base" diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima index 8616f9924a..897149494e 100644 --- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima +++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima @@ -2,9 +2,15 @@ # # Loads IMA policy into the kernel. +force_ima=@@FORCE_IMA@@ + ima_enabled() { - if [ "$bootparam_no_ima" = "true" ]; then + if [ "$force_ima" = "true" ]; then + return 0 + elif [ "$bootparam_no_ima" = "true" ]; then return 1 + else + return 0 fi } @@ -46,7 +52,7 @@ ima_run() { # ("[Linux-ima-user] IMA policy loading via cat") and we get better error reporting when # checking the write of each line. To minimize the risk of policy loading going wrong we # also remove comments and blank lines ourselves. - if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima-policy >/sys/kernel/security/ima/policy; then + if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima/ima-policy >/sys/kernel/security/ima/policy; then fatal "Could not load IMA policy." fi } diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb new file mode 100644 index 0000000000..7708aef2ce --- /dev/null +++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb @@ -0,0 +1,17 @@ +SUMMARY = "IMA/EMV public keys" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +inherit features_check +REQUIRED_DISTRO_FEATURES = "ima" + +ALLOW_EMPTY_${PN} = "1" + +do_install () { + if [ -e "${IMA_EVM_X509}" ]; then + install -d ${D}/${sysconfdir}/keys + install "${IMA_EVM_X509}" ${D}${sysconfdir}/keys/x509_evm.der + lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der + fi +} +do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}" diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb index 7f649c2d6a..bd85583030 100644 --- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb @@ -26,6 +26,7 @@ S = "${WORKDIR}/git" inherit pkgconfig autotools features_check REQUIRED_DISTRO_FEATURES = "ima" +REQUIRED_DISTRO_FEATURES_class-native = "" EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}" diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index da62a4cf8c..84ea16120e 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb @@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple appraise policy " LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -# This policy file will get installed as /etc/ima/ima-policy. -# It is located via the normal file search path, so a .bbappend -# to this recipe can just point towards one of its own files. -IMA_POLICY ?= "ima_policy_appraise_all" - -SRC_URI = " file://${IMA_POLICY}" +SRC_URI = " file://ima_policy_appraise_all" inherit features_check REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima - install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy + install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy } FILES_${PN} = "${sysconfdir}/ima" diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed index 7f89c8d989..4d9e4ca50f 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed +++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed @@ -53,6 +53,9 @@ dont_measure fsmagic=0x43415d53 # CGROUP_SUPER_MAGIC dont_appraise fsmagic=0x27e0eb dont_measure fsmagic=0x27e0eb +# CGROUP2_SUPER_MAGIC +dont_appraise fsmagic=0x63677270 +dont_measure fsmagic=0x63677270 # EFIVARFS_MAGIC dont_appraise fsmagic=0xde5e81e4 dont_measure fsmagic=0xde5e81e4 diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb index ebb0426467..ff7169ef57 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb @@ -2,13 +2,8 @@ SUMMARY = "IMA sample hash policy" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -# This policy file will get installed as /etc/ima/ima-policy. -# It is located via the normal file search path, so a .bbappend -# to this recipe can just point towards one of its own files. -IMA_POLICY ?= "ima_policy_hashed" - SRC_URI = " \ - file://${IMA_POLICY} \ + file://ima_policy_hashed \ " inherit features_check @@ -16,7 +11,7 @@ REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima - install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy + install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy } FILES_${PN} = "${sysconfdir}/ima" diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index cb4b6b8abc..0e56aec515 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb @@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple policy" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -# This policy file will get installed as /etc/ima/ima-policy. -# It is located via the normal file search path, so a .bbappend -# to this recipe can just point towards one of its own files. -IMA_POLICY ?= "ima_policy_simple" - -SRC_URI = " file://${IMA_POLICY}" +SRC_URI = " file://ima_policy_simple" inherit features_check REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima - install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy + install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy } FILES_${PN} = "${sysconfdir}/ima" diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.6.bb index ba58fc5c6c..bc1454578f 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.6.bb @@ -22,19 +22,19 @@ SRC_URI = " \ file://apparmor \ file://apparmor.service \ file://0001-Makefile.am-suppress-perllocal.pod.patch \ + file://0001-Use-build-environment-C-preprocessor.patch \ + file://0002-Correctly-escape-in-Makefile.patch \ file://run-ptest \ - file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \ - file://0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch \ " -SRCREV = "df0ac742f7a1146181d8734d03334494f2015134" +SRCREV = "c16fff8cb487cf150e3e5ad536b7ff2d4cb4f784" S = "${WORKDIR}/git" PARALLEL_MAKE = "" COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" -inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd features_check +inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative ptest cpan manpages systemd features_check REQUIRED_DISTRO_FEATURES = "apparmor" PACKAGECONFIG ??= "python perl aa-decode" diff --git a/meta-security/recipes-mac/AppArmor/files/0001-Use-build-environment-C-preprocessor.patch b/meta-security/recipes-mac/AppArmor/files/0001-Use-build-environment-C-preprocessor.patch new file mode 100644 index 0000000000..76e334ac74 --- /dev/null +++ b/meta-security/recipes-mac/AppArmor/files/0001-Use-build-environment-C-preprocessor.patch @@ -0,0 +1,39 @@ +From b19d65886263cee40c7283d329ff05f43cbb2047 Mon Sep 17 00:00:00 2001 +From: Omer Akram <omer@thing.com> +Date: Mon, 12 Apr 2021 22:24:13 +0500 +Subject: [PATCH] Use build environment C preprocessor + +--- + common/list_af_names.sh | 2 +- + common/list_capabilities.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/list_af_names.sh b/common/list_af_names.sh +index d7987537..23d9ba7f 100755 +--- a/common/list_af_names.sh ++++ b/common/list_af_names.sh +@@ -11,7 +11,7 @@ + # rewrite as "AF_". + + echo "#include <sys/socket.h>" | \ +- cpp -dM | \ ++ ${CPP} -dM - | \ + LC_ALL=C sed -n \ + -e '/PF_UNIX/d' \ + -e 's/PF_LOCAL/PF_UNIX/' \ +diff --git a/common/list_capabilities.sh b/common/list_capabilities.sh +index 4e37cda7..d07111de 100755 +--- a/common/list_capabilities.sh ++++ b/common/list_capabilities.sh +@@ -7,7 +7,7 @@ + # ===================== + + echo "#include <linux/capability.h>" | \ +- cpp -dM | \ ++ ${CPP} -dM - | \ + LC_ALL=C sed -n \ + -e '/CAP_EMPTY_SET/d' \ + -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \ +-- +2.25.1 + diff --git a/meta-security/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch b/meta-security/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch deleted file mode 100644 index 3cd1e88ae3..0000000000 --- a/meta-security/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 7a7c7fb346ded6f017c8df44486778a5f032d41a Mon Sep 17 00:00:00 2001 -From: John Johansen <john.johansen@canonical.com> -Date: Tue, 29 Sep 2020 03:05:22 -0700 -Subject: [PATCH] regression tests: Don't build syscall_sysctl if missing - kernel headers - -sys/sysctl.h is not guaranteed to exist anymore since -https://sourceware.org/pipermail/glibc-cvs/2020q2/069366.html - -which is a follow on to the kernel commit -61a47c1ad3a4 sysctl: Remove the sysctl system call - -While the syscall_sysctl currently checks if the kernel supports -sysctrs before running the tests. The tests can't even build if the -kernel headers don't have the sysctl defines. - -Fixes: https://gitlab.com/apparmor/apparmor/-/issues/119 -Fixes: https://bugs.launchpad.net/apparmor/+bug/1897288 -MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/637 -Signed-off-by: John Johansen <john.johansen@canonical.com> -Acked-by: Steve Beattie <steve.beattie@canonical.com> -(cherry picked from commit 2e5a266eb715fc7e526520235a6450444775791f) - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster808@gmail.com> - ---- - tests/regression/apparmor/Makefile | 10 +++++++++- - tests/regression/apparmor/syscall_sysctl.sh | 15 +++++++++++---- - 2 files changed, 20 insertions(+), 5 deletions(-) - -diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile -index 198ca421..c3d0cfb7 100644 ---- a/tests/regression/apparmor/Makefile -+++ b/tests/regression/apparmor/Makefile -@@ -69,6 +69,9 @@ endif # USE_SYSTEM - - CFLAGS += -g -O0 -Wall -Wstrict-prototypes - -+USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) -+ -+ - SRC=access.c \ - at_secure.c \ - introspect.c \ -@@ -130,7 +133,6 @@ SRC=access.c \ - syscall_sethostname.c \ - syscall_setdomainname.c \ - syscall_setscheduler.c \ -- syscall_sysctl.c \ - sysctl_proc.c \ - tcp.c \ - transition.c \ -@@ -146,6 +148,12 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64)) - SRC+=syscall_ioperm.c syscall_iopl.c - endif - -+#only do sysctl syscall test if defines installed and OR supported by the -+# kernel -+ifeq ($(USE_SYSCTL),true) -+SRC+=syscall_sysctl.c -+endif -+ - #only do dbus if proper libs are installl - ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE)) - SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c -diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh -index f93946f3..5f856984 100644 ---- a/tests/regression/apparmor/syscall_sysctl.sh -+++ b/tests/regression/apparmor/syscall_sysctl.sh -@@ -148,11 +148,18 @@ test_sysctl_proc() - # check if the kernel supports CONFIG_SYSCTL_SYSCALL - # generally we want to encourage kernels to disable it, but if it's - # enabled we want to test against it --settest syscall_sysctl --if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then -- echo " WARNING: syscall sysctl not implemented, skipping tests ..." -+# In addition test that sysctl exists in the kernel headers, if it does't -+# then we can't even built the syscall_sysctl test -+if echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null ; then -+ settest syscall_sysctl -+ -+ if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then -+ echo " WARNING: syscall sysctl not implemented, skipping tests ..." -+ else -+ test_syscall_sysctl -+ fi - else -- test_syscall_sysctl -+ echo " WARNING: syscall sysctl not supported by kernel headers, skipping tests ..." - fi - - # now test /proc/sys/ paths --- -2.17.1 - diff --git a/meta-security/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch b/meta-security/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch deleted file mode 100644 index a23d889630..0000000000 --- a/meta-security/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch +++ /dev/null @@ -1,40 +0,0 @@ -From bf8c4ca570c27cf58e882e03680b40357223e6e7 Mon Sep 17 00:00:00 2001 -From: John Johansen <john.johansen@canonical.com> -Date: Wed, 30 Sep 2020 13:36:23 -0700 -Subject: [PATCH] tests regression: fix failure on older versions of Make - -Older versions of Make will choke on the # character in the $(shell -expression, treating it as the beginning of a comment. Resulting in -the following error - -make unterminated call to function 'shell': missing ')'. Stop. - -MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/639 -Signed-off-by: John Johansen <john.johansen@canonical.com> -Acked-by: Steve Beattie <steve.beattie@canonical.com> -(cherry picked from commit 8cf3534a5b11643c5913e5eb74e491f2f014d792) - -Upstream-Status: Backport -[Minor fixup] -Signed-off-by: Armin Kuster <akuster808@gmail.com> ---- - tests/regression/apparmor/Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile -index c3d0cfb7..1d55547c 100644 ---- a/tests/regression/apparmor/Makefile -+++ b/tests/regression/apparmor/Makefile -@@ -69,7 +69,8 @@ endif # USE_SYSTEM - - CFLAGS += -g -O0 -Wall -Wstrict-prototypes - --USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) -+SYSCTL_INCLUDE="\#include <sys/sysctl.h>" -+USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) - - - SRC=access.c \ --- -2.17.1 - diff --git a/meta-security/recipes-mac/AppArmor/files/0002-Correctly-escape-in-Makefile.patch b/meta-security/recipes-mac/AppArmor/files/0002-Correctly-escape-in-Makefile.patch new file mode 100644 index 0000000000..f3cae7d9bf --- /dev/null +++ b/meta-security/recipes-mac/AppArmor/files/0002-Correctly-escape-in-Makefile.patch @@ -0,0 +1,25 @@ +From 4ffd666a2cedeabc8eef42371c03be52fc2a3d66 Mon Sep 17 00:00:00 2001 +From: Omer Akram <omer@thing.com> +Date: Mon, 12 Apr 2021 22:54:52 +0500 +Subject: [PATCH] Correctly escape # in Makefile + +--- + tests/regression/apparmor/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile +index c3d0cfb7..b41dbe47 100644 +--- a/tests/regression/apparmor/Makefile ++++ b/tests/regression/apparmor/Makefile +@@ -69,7 +69,7 @@ endif # USE_SYSTEM + + CFLAGS += -g -O0 -Wall -Wstrict-prototypes + +-USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) ++USE_SYSCTL:=$(shell echo "\#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) + + + SRC=access.c \ +-- +2.25.1 + diff --git a/meta-security/recipes-mac/AppArmor/files/disable_pdf.patch b/meta-security/recipes-mac/AppArmor/files/disable_pdf.patch deleted file mode 100644 index c6b4bddc25..0000000000 --- a/meta-security/recipes-mac/AppArmor/files/disable_pdf.patch +++ /dev/null @@ -1,33 +0,0 @@ -Index: apparmor-2.10.95/parser/Makefile -=================================================================== ---- apparmor-2.10.95.orig/parser/Makefile -+++ apparmor-2.10.95/parser/Makefile -@@ -139,17 +139,6 @@ export Q VERBOSE BUILD_OUTPUT - po/${NAME}.pot: ${SRCS} ${HDRS} - $(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}" - --techdoc.pdf: techdoc.tex -- timestamp=$(shell date --utc "+%Y%m%d%H%M%S%z" -r $< );\ -- while pdflatex "\def\fixedpdfdate{$$timestamp}\input $<" ${BUILD_OUTPUT} || exit 1 ; \ -- grep -q "Label(s) may have changed" techdoc.log; \ -- do :; done -- --techdoc/index.html: techdoc.pdf -- latex2html -show_section_numbers -split 0 -noinfo -nonavigation -noaddress techdoc.tex ${BUILD_OUTPUT} -- --techdoc.txt: techdoc/index.html -- w3m -dump $< > $@ - - # targets arranged this way so that people who don't want full docs can - # pick specific targets they want. -@@ -159,9 +148,7 @@ manpages: $(MANPAGES) - - htmlmanpages: $(HTMLMANPAGES) - --pdf: techdoc.pdf -- --docs: manpages htmlmanpages pdf -+docs: manpages htmlmanpages - - indep: docs - $(Q)$(MAKE) -C po all diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py index d90bd3945f..11cc2b9546 100644 --- a/poky/bitbake/lib/bb/cooker.py +++ b/poky/bitbake/lib/bb/cooker.py @@ -2126,18 +2126,18 @@ class CookerParser(object): except bb.BBHandledException as exc: self.error += 1 logger.error('Failed to parse recipe: %s' % exc.recipe) - self.shutdown(clean=False) + self.shutdown(clean=False, force=True) return False except ParsingFailure as exc: self.error += 1 logger.error('Unable to parse %s: %s' % (exc.recipe, bb.exceptions.to_string(exc.realexception))) - self.shutdown(clean=False) + self.shutdown(clean=False, force=True) return False except bb.parse.ParseError as exc: self.error += 1 logger.error(str(exc)) - self.shutdown(clean=False) + self.shutdown(clean=False, force=True) return False except bb.data_smart.ExpansionError as exc: self.error += 1 @@ -2146,7 +2146,7 @@ class CookerParser(object): tb = list(itertools.dropwhile(lambda e: e.filename.startswith(bbdir), exc.traceback)) logger.error('ExpansionError during parsing %s', value.recipe, exc_info=(etype, value, tb)) - self.shutdown(clean=False) + self.shutdown(clean=False, force=True) return False except Exception as exc: self.error += 1 @@ -2158,7 +2158,7 @@ class CookerParser(object): # Most likely, an exception occurred during raising an exception import traceback logger.error('Exception during parse: %s' % traceback.format_exc()) - self.shutdown(clean=False) + self.shutdown(clean=False, force=True) return False self.current += 1 diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py index 8740e9c05f..112b833f87 100644 --- a/poky/bitbake/lib/bb/fetch2/git.py +++ b/poky/bitbake/lib/bb/fetch2/git.py @@ -388,7 +388,7 @@ class Git(FetchMethod): tmpdir = tempfile.mkdtemp(dir=d.getVar('DL_DIR')) try: # Do the checkout. This implicitly involves a Git LFS fetch. - self.unpack(ud, tmpdir, d) + Git.unpack(self, ud, tmpdir, d) # Scoop up a copy of any stuff that Git LFS downloaded. Merge them into # the bare clonedir. diff --git a/poky/bitbake/lib/bb/providers.py b/poky/bitbake/lib/bb/providers.py index 81459c36d5..3f66a3d99f 100644 --- a/poky/bitbake/lib/bb/providers.py +++ b/poky/bitbake/lib/bb/providers.py @@ -151,7 +151,7 @@ def findPreferredProvider(pn, cfgData, dataCache, pkg_pn = None, item = None): if item: itemstr = " (for item %s)" % item if preferred_file is None: - logger.info("preferred version %s of %s not available%s", pv_str, pn, itemstr) + logger.warn("preferred version %s of %s not available%s", pv_str, pn, itemstr) available_vers = [] for file_set in pkg_pn: for f in file_set: @@ -163,7 +163,7 @@ def findPreferredProvider(pn, cfgData, dataCache, pkg_pn = None, item = None): available_vers.append(ver_str) if available_vers: available_vers.sort() - logger.info("versions of %s available: %s", pn, ' '.join(available_vers)) + logger.warn("versions of %s available: %s", pn, ' '.join(available_vers)) else: logger.debug(1, "selecting %s as PREFERRED_VERSION %s of package %s%s", preferred_file, pv_str, pn, itemstr) diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index 30cab5379e..2d35d478a4 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -1934,6 +1934,10 @@ class RunQueueExecute: logger.error("Scenequeue had holdoff tasks: %s" % pprint.pformat(self.holdoff_tasks)) err = True + for tid in self.scenequeue_covered.intersection(self.scenequeue_notcovered): + # No task should end up in both covered and uncovered, that is a bug. + logger.error("Setscene task %s in both covered and notcovered." % tid) + for tid in self.rqdata.runq_setscene_tids: if tid not in self.scenequeue_covered and tid not in self.scenequeue_notcovered: err = True @@ -2421,6 +2425,9 @@ class RunQueueExecute: for dep in sorted(self.sqdata.sq_deps[task]): if fail and task in self.sqdata.sq_harddeps and dep in self.sqdata.sq_harddeps[task]: + if dep in self.scenequeue_covered or dep in self.scenequeue_notcovered: + # dependency could be already processed, e.g. noexec setscene task + continue logger.debug(2, "%s was unavailable and is a hard dependency of %s so skipping" % (task, dep)) self.sq_task_failoutright(dep) continue @@ -2782,6 +2789,7 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s sqdata.valid |= rq.validate_hashes(tocheck, cooker.data, len(sqdata.stamppresent), False, summary=summary) sqdata.hashes = {} + sqrq.sq_deferred = {} for mc in sorted(sqdata.multiconfigs): for tid in sorted(sqdata.sq_revdeps): if mc_from_tid(tid) != mc: @@ -2794,6 +2802,9 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s continue if tid in sqrq.scenequeue_notcovered: continue + if tid in sqrq.scenequeue_covered: + continue + sqdata.outrightfail.add(tid) h = pending_hash_index(tid, rqdata) diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index 9453c90d2b..6300f563f2 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -371,6 +371,7 @@ class FetcherTest(unittest.TestCase): if os.environ.get("BB_TMPDIR_NOCLEAN") == "yes": print("Not cleaning up %s. Please remove manually." % self.tempdir) else: + bb.process.run('chmod u+rw -R %s' % self.tempdir) bb.utils.prunedir(self.tempdir) class MirrorUriTest(FetcherTest): @@ -845,6 +846,8 @@ class FetcherNetworkTest(FetcherTest): prefix='gitfetch_localusehead_') src_dir = os.path.abspath(src_dir) bb.process.run("git init", cwd=src_dir) + bb.process.run("git config user.email 'you@example.com'", cwd=src_dir) + bb.process.run("git config user.name 'Your Name'", cwd=src_dir) bb.process.run("git commit --allow-empty -m'Dummy commit'", cwd=src_dir) # Use other branch than master @@ -1328,6 +1331,8 @@ class GitMakeShallowTest(FetcherTest): self.gitdir = os.path.join(self.tempdir, 'gitshallow') bb.utils.mkdirhier(self.gitdir) bb.process.run('git init', cwd=self.gitdir) + bb.process.run('git config user.email "you@example.com"', cwd=self.gitdir) + bb.process.run('git config user.name "Your Name"', cwd=self.gitdir) def assertRefs(self, expected_refs): actual_refs = self.git(['for-each-ref', '--format=%(refname)']).splitlines() @@ -1451,6 +1456,8 @@ class GitShallowTest(FetcherTest): bb.utils.mkdirhier(self.srcdir) self.git('init', cwd=self.srcdir) + self.git('config user.email "you@example.com"', cwd=self.srcdir) + self.git('config user.name "Your Name"', cwd=self.srcdir) self.d.setVar('WORKDIR', self.tempdir) self.d.setVar('S', self.gitdir) self.d.delVar('PREMIRRORS') @@ -1532,6 +1539,7 @@ class GitShallowTest(FetcherTest): # fetch and unpack, from the shallow tarball bb.utils.remove(self.gitdir, recurse=True) + bb.process.run('chmod u+w -R "%s"' % ud.clonedir) bb.utils.remove(ud.clonedir, recurse=True) bb.utils.remove(ud.clonedir.replace('gitsource', 'gitsubmodule'), recurse=True) @@ -1684,6 +1692,8 @@ class GitShallowTest(FetcherTest): smdir = os.path.join(self.tempdir, 'gitsubmodule') bb.utils.mkdirhier(smdir) self.git('init', cwd=smdir) + self.git('config user.email "you@example.com"', cwd=smdir) + self.git('config user.name "Your Name"', cwd=smdir) # Make this look like it was cloned from a remote... self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) @@ -1714,6 +1724,8 @@ class GitShallowTest(FetcherTest): smdir = os.path.join(self.tempdir, 'gitsubmodule') bb.utils.mkdirhier(smdir) self.git('init', cwd=smdir) + self.git('config user.email "you@example.com"', cwd=smdir) + self.git('config user.name "Your Name"', cwd=smdir) # Make this look like it was cloned from a remote... self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) @@ -1756,8 +1768,8 @@ class GitShallowTest(FetcherTest): self.git('annex init', cwd=self.srcdir) open(os.path.join(self.srcdir, 'c'), 'w').close() self.git('annex add c', cwd=self.srcdir) - self.git('commit -m annex-c -a', cwd=self.srcdir) - bb.process.run('chmod u+w -R %s' % os.path.join(self.srcdir, '.git', 'annex')) + self.git('commit --author "Foo Bar <foo@bar>" -m annex-c -a', cwd=self.srcdir) + bb.process.run('chmod u+w -R %s' % self.srcdir) uri = 'gitannex://%s;protocol=file;subdir=${S}' % self.srcdir fetcher, ud = self.fetch_shallow(uri) @@ -2032,6 +2044,8 @@ class GitLfsTest(FetcherTest): bb.utils.mkdirhier(self.srcdir) self.git('init', cwd=self.srcdir) + self.git('config user.email "you@example.com"', cwd=self.srcdir) + self.git('config user.name "Your Name"', cwd=self.srcdir) with open(os.path.join(self.srcdir, '.gitattributes'), 'wt') as attrs: attrs.write('*.mp3 filter=lfs -text') self.git(['add', '.gitattributes'], cwd=self.srcdir) diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index c2e9801fd9..7a57b30652 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -16,7 +16,7 @@ import os import sys import datetime -current_version = "3.1.6" +current_version = "3.1.8" # String used in sidebar version = 'Version: ' + current_version diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index ee9b2acbeb..8d42c44964 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,11 +1,11 @@ -DISTRO : "3.1.6" +DISTRO : "3.1.8" DISTRO_NAME_NO_CAP : "dunfell" DISTRO_NAME : "Dunfell" DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus" -YOCTO_DOC_VERSION : "3.1.6" +YOCTO_DOC_VERSION : "3.1.8" YOCTO_DOC_VERSION_MINUS_ONE : "3.0.2" -DISTRO_REL_TAG : "yocto-3.1.6" -POKYVERSION : "23.0.6" +DISTRO_REL_TAG : "yocto-3.1.8" +POKYVERSION : "23.0.8" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" diff --git a/poky/documentation/ref-manual/ref-system-requirements.rst b/poky/documentation/ref-manual/ref-system-requirements.rst index 65234d0722..bb688772f9 100644 --- a/poky/documentation/ref-manual/ref-system-requirements.rst +++ b/poky/documentation/ref-manual/ref-system-requirements.rst @@ -55,6 +55,8 @@ distributions: - Fedora 32 +- Fedora 33 + - CentOS 7.x - Debian GNU/Linux 8.x (Jessie) diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index 536c3a6d2c..88740a63fd 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -11,6 +11,12 @@ - :yocto_docs:`3.1 Documentation </3.1>` - :yocto_docs:`3.1.1 Documentation </3.1.1>` - :yocto_docs:`3.1.2 Documentation </3.1.2>` +- :yocto_docs:`3.1.3 Documentation </3.1.3>` +- :yocto_docs:`3.1.4 Documentation </3.1.4>` +- :yocto_docs:`3.1.5 Documentation </3.1.5>` +- :yocto_docs:`3.1.6 Documentation </3.1.6>` +- :yocto_docs:`3.1.7 Documentation </3.1.7>` +- :yocto_docs:`3.1.7 Documentation </3.1.8>` ========================== Previous Release Manuals @@ -24,6 +30,7 @@ - :yocto_docs:`3.0.1 Documentation </3.0.1>` - :yocto_docs:`3.0.2 Documentation </3.0.2>` - :yocto_docs:`3.0.3 Documentation </3.0.3>` +- :yocto_docs:`3.0.4 Documentation </3.0.4>` **************************** 2.7 'warrior' Release Series diff --git a/poky/documentation/sphinx-static/switchers.js b/poky/documentation/sphinx-static/switchers.js index b28d91c080..21a495f605 100644 --- a/poky/documentation/sphinx-static/switchers.js +++ b/poky/documentation/sphinx-static/switchers.js @@ -2,8 +2,8 @@ 'use strict'; var all_versions = { - 'dev': 'dev (3.2)', - '3.1.3': '3.1.3', + 'dev': 'dev (3.3)', + '3.1.8': '3.1.8', '3.0.4': '3.0.4', '2.7.4': '2.7.4', }; diff --git a/poky/meta-poky/conf/distro/poky-tiny.conf b/poky/meta-poky/conf/distro/poky-tiny.conf index c6d4b88f83..f20cd4ced2 100644 --- a/poky/meta-poky/conf/distro/poky-tiny.conf +++ b/poky/meta-poky/conf/distro/poky-tiny.conf @@ -38,7 +38,7 @@ TCLIBC = "musl" # Distro config is evaluated after the machine config, so we have to explicitly # set the kernel provider to override a machine config. PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-tiny" -PREFERRED_VERSION_linux-yocto-tiny ?= "5.0%" +PREFERRED_VERSION_linux-yocto-tiny ?= "5.4%" # We can use packagegroup-core-boot, but in the future we may need a new packagegroup-core-tiny #POKY_DEFAULT_EXTRA_RDEPENDS += "packagegroup-core-boot" diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 521109bd05..a6df552bae 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.1.6" +DISTRO_VERSION = "3.1.8" DISTRO_CODENAME = "dunfell" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}" @@ -60,6 +60,7 @@ SANITY_TESTED_DISTROS ?= " \ fedora-30 \n \ fedora-31 \n \ fedora-32 \n \ + fedora-33 \n \ centos-7 \n \ centos-8 \n \ debian-8 \n \ diff --git a/poky/meta-selftest/recipes-test/aspell/aspell_0.0.0.1.bb b/poky/meta-selftest/recipes-test/aspell/aspell_0.0.0.1.bb index 9f905a5198..dcf6c8ba63 100644 --- a/poky/meta-selftest/recipes-test/aspell/aspell_0.0.0.1.bb +++ b/poky/meta-selftest/recipes-test/aspell/aspell_0.0.0.1.bb @@ -4,6 +4,7 @@ SUMMARY = "GNU Aspell spell-checker" SECTION = "console/utils" +HOMEPAGE = "https://ftp.gnu.org/gnu/aspell/" LICENSE = "LGPLv2 | LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34" diff --git a/poky/meta-skeleton/recipes-baremetal/baremetal-examples/baremetal-helloworld_git.bb b/poky/meta-skeleton/recipes-baremetal/baremetal-examples/baremetal-helloworld_git.bb index d8633702fc..8db57f202e 100644 --- a/poky/meta-skeleton/recipes-baremetal/baremetal-examples/baremetal-helloworld_git.bb +++ b/poky/meta-skeleton/recipes-baremetal/baremetal-examples/baremetal-helloworld_git.bb @@ -1,5 +1,6 @@ SUMMARY = "Baremetal examples to work with the several QEMU architectures supported on OpenEmbedded" HOMEPAGE = "https://github.com/aehs29/baremetal-helloqemu" +DESCRIPTION = "These are introductory examples to showcase the use of QEMU to run baremetal applications." LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449" diff --git a/poky/meta-skeleton/recipes-kernel/hello-mod/hello-mod_0.1.bb b/poky/meta-skeleton/recipes-kernel/hello-mod/hello-mod_0.1.bb index 3d33446500..bc9acccd5f 100644 --- a/poky/meta-skeleton/recipes-kernel/hello-mod/hello-mod_0.1.bb +++ b/poky/meta-skeleton/recipes-kernel/hello-mod/hello-mod_0.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Example of how to build an external Linux kernel module" +DESCRIPTION = "${SUMMARY}" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" diff --git a/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb b/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb index 6194d4f8da..d53f9c7a40 100644 --- a/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb +++ b/poky/meta-skeleton/recipes-kernel/linux/linux-yocto-custom.bb @@ -1,6 +1,6 @@ +SUMMARY = "An example kernel recipe that uses the linux-yocto and oe-core" # linux-yocto-custom.bb: # -# An example kernel recipe that uses the linux-yocto and oe-core # kernel classes to apply a subset of yocto kernel management to git # managed kernel repositories. # diff --git a/poky/meta-skeleton/recipes-multilib/images/core-image-multilib-example.bb b/poky/meta-skeleton/recipes-multilib/images/core-image-multilib-example.bb index f13186f933..e7d50aefda 100644 --- a/poky/meta-skeleton/recipes-multilib/images/core-image-multilib-example.bb +++ b/poky/meta-skeleton/recipes-multilib/images/core-image-multilib-example.bb @@ -1,5 +1,4 @@ -# -# An example of a multilib image +SUMMARY = "An example of a multilib image" # # This example includes a lib32 version of bash into an otherwise standard # sato image. It assumes a "lib32" multilib has been enabled in the user's diff --git a/poky/meta-skeleton/recipes-skeleton/service/service_0.1.bb b/poky/meta-skeleton/recipes-skeleton/service/service_0.1.bb index 6416618dcb..669d173ad1 100644 --- a/poky/meta-skeleton/recipes-skeleton/service/service_0.1.bb +++ b/poky/meta-skeleton/recipes-skeleton/service/service_0.1.bb @@ -1,5 +1,6 @@ SUMMARY = "The canonical example of init scripts" SECTION = "base" +DESCRIPTION = "This recipe is a canonical example of init scripts" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${WORKDIR}/COPYRIGHT;md5=349c872e0066155e1818b786938876a4" diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass index 8a1359acbe..44a66df962 100644 --- a/poky/meta/classes/buildhistory.bbclass +++ b/poky/meta/classes/buildhistory.bbclass @@ -671,13 +671,16 @@ IMAGE_POSTPROCESS_COMMAND[vardepsexclude] += "buildhistory_get_imageinfo" POPULATE_SDK_POST_TARGET_COMMAND_append = " buildhistory_list_installed_sdk_target;" POPULATE_SDK_POST_TARGET_COMMAND_append = " buildhistory_get_sdk_installed_target;" POPULATE_SDK_POST_TARGET_COMMAND[vardepvalueexclude] .= "| buildhistory_list_installed_sdk_target;| buildhistory_get_sdk_installed_target;" +POPULATE_SDK_POST_TARGET_COMMAND[vardepsexclude] += "buildhistory_list_installed_sdk_target buildhistory_get_sdk_installed_target" POPULATE_SDK_POST_HOST_COMMAND_append = " buildhistory_list_installed_sdk_host;" POPULATE_SDK_POST_HOST_COMMAND_append = " buildhistory_get_sdk_installed_host;" POPULATE_SDK_POST_HOST_COMMAND[vardepvalueexclude] .= "| buildhistory_list_installed_sdk_host;| buildhistory_get_sdk_installed_host;" +POPULATE_SDK_POST_HOST_COMMAND[vardepsexclude] += "buildhistory_list_installed_sdk_host buildhistory_get_sdk_installed_host" SDK_POSTPROCESS_COMMAND_append = " buildhistory_get_sdkinfo ; buildhistory_get_extra_sdkinfo; " SDK_POSTPROCESS_COMMAND[vardepvalueexclude] .= "| buildhistory_get_sdkinfo ; buildhistory_get_extra_sdkinfo; " +SDK_POSTPROCESS_COMMAND[vardepsexclude] += "buildhistory_get_sdkinfo buildhistory_get_extra_sdkinfo" python buildhistory_write_sigs() { if not "task" in (d.getVar('BUILDHISTORY_FEATURES') or "").split(): diff --git a/poky/meta/classes/cmake.bbclass b/poky/meta/classes/cmake.bbclass index 8243f7ce8c..af6a8c4395 100644 --- a/poky/meta/classes/cmake.bbclass +++ b/poky/meta/classes/cmake.bbclass @@ -102,7 +102,8 @@ set( CMAKE_CXX_COMPILER ${OECMAKE_CXX_COMPILER} ) set( CMAKE_C_COMPILER_LAUNCHER ${OECMAKE_C_COMPILER_LAUNCHER} ) set( CMAKE_CXX_COMPILER_LAUNCHER ${OECMAKE_CXX_COMPILER_LAUNCHER} ) set( CMAKE_ASM_COMPILER ${OECMAKE_C_COMPILER} ) -set( CMAKE_AR ${OECMAKE_AR} CACHE FILEPATH "Archiver" ) +find_program( CMAKE_AR ${OECMAKE_AR} DOC "Archiver" REQUIRED ) + set( CMAKE_C_FLAGS "${OECMAKE_C_FLAGS}" CACHE STRING "CFLAGS" ) set( CMAKE_CXX_FLAGS "${OECMAKE_CXX_FLAGS}" CACHE STRING "CXXFLAGS" ) set( CMAKE_ASM_FLAGS "${OECMAKE_C_FLAGS}" CACHE STRING "ASM FLAGS" ) diff --git a/poky/meta/classes/devshell.bbclass b/poky/meta/classes/devshell.bbclass index fdf7dc100f..76dd0b42ee 100644 --- a/poky/meta/classes/devshell.bbclass +++ b/poky/meta/classes/devshell.bbclass @@ -128,6 +128,7 @@ def devpyshell(d): more = i.runsource(source, "<pyshell>") if not more: buf = [] + sys.stderr.flush() prompt(more) except KeyboardInterrupt: i.write("\nKeyboardInterrupt\n") diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 1d7300d65b..c7fcdca6ef 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -219,11 +219,12 @@ def srctree_hash_files(d, srcdir=None): submodule_helper = subprocess.check_output(['git', 'submodule--helper', 'list'], cwd=s_dir, env=env).decode("utf-8") for line in submodule_helper.splitlines(): module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1]) - proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) - proc.communicate() - proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL) - stdout, _ = proc.communicate() - git_sha1 += stdout.decode("utf-8") + if os.path.isdir(module_dir): + proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + proc.communicate() + proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL) + stdout, _ = proc.communicate() + git_sha1 += stdout.decode("utf-8") sha1 = hashlib.sha1(git_sha1.encode("utf-8")).hexdigest() with open(oe_hash_file, 'w') as fobj: fobj.write(sha1) diff --git a/poky/meta/classes/go.bbclass b/poky/meta/classes/go.bbclass index e6c3591479..16e46398b1 100644 --- a/poky/meta/classes/go.bbclass +++ b/poky/meta/classes/go.bbclass @@ -145,11 +145,11 @@ FILES_${PN}-staticdev = "${libdir}/go/pkg" INSANE_SKIP_${PN} += "ldflags" -# Add -buildmode=pie to GOBUILDFLAGS to satisfy "textrel" QA checking, but mips -# doesn't support -buildmode=pie, so skip the QA checking for mips and its -# variants. +# Add -buildmode=pie to GOBUILDFLAGS to satisfy "textrel" QA checking, but +# windows/mips/riscv doesn't support -buildmode=pie, so skip the QA checking +# for windows/mips/riscv and their variants. python() { - if 'mips' in d.getVar('TARGET_ARCH') or 'riscv' in d.getVar('TARGET_ARCH'): + if 'mips' in d.getVar('TARGET_ARCH') or 'riscv' in d.getVar('TARGET_ARCH') or 'windows' in d.getVar('TARGET_GOOS'): d.appendVar('INSANE_SKIP_%s' % d.getVar('PN'), " textrel") else: d.appendVar('GOBUILDFLAGS', ' -buildmode=pie') diff --git a/poky/meta/classes/goarch.bbclass b/poky/meta/classes/goarch.bbclass index 1099b95769..ecd3044edd 100644 --- a/poky/meta/classes/goarch.bbclass +++ b/poky/meta/classes/goarch.bbclass @@ -114,6 +114,8 @@ def go_map_mips(a, f, d): def go_map_os(o, d): if o.startswith('linux'): return 'linux' + elif o.startswith('mingw'): + return 'windows' return o diff --git a/poky/meta/classes/image-live.bbclass b/poky/meta/classes/image-live.bbclass index 54058b350d..e9eba1fc4b 100644 --- a/poky/meta/classes/image-live.bbclass +++ b/poky/meta/classes/image-live.bbclass @@ -30,7 +30,7 @@ do_bootimg[depends] += "dosfstools-native:do_populate_sysroot \ virtual/kernel:do_deploy \ ${MLPREFIX}syslinux:do_populate_sysroot \ syslinux-native:do_populate_sysroot \ - ${PN}:do_image_${@d.getVar('LIVE_ROOTFS_TYPE').replace('-', '_')} \ + ${@'%s:do_image_%s' % (d.getVar('PN'), d.getVar('LIVE_ROOTFS_TYPE').replace('-', '_')) if d.getVar('ROOTFS') else ''} \ " diff --git a/poky/meta/classes/image.bbclass b/poky/meta/classes/image.bbclass index 42d2886505..1900eff412 100644 --- a/poky/meta/classes/image.bbclass +++ b/poky/meta/classes/image.bbclass @@ -38,7 +38,7 @@ IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs stateless-rootfs em # Generate companion debugfs? IMAGE_GEN_DEBUGFS ?= "0" -# These pacackages will be installed as additional into debug rootfs +# These packages will be installed as additional into debug rootfs IMAGE_INSTALL_DEBUGFS ?= "" # These packages will be removed from a read-only rootfs after all other @@ -115,7 +115,7 @@ def rootfs_command_variables(d): 'IMAGE_PREPROCESS_COMMAND','RPM_PREPROCESS_COMMANDS','RPM_POSTPROCESS_COMMANDS','DEB_PREPROCESS_COMMANDS','DEB_POSTPROCESS_COMMANDS'] python () { - variables = rootfs_command_variables(d) + sdk_command_variables(d) + variables = rootfs_command_variables(d) for var in variables: if d.getVar(var, False): d.setVarFlag(var, 'func', '1') @@ -662,7 +662,7 @@ reproducible_final_image_task () { fi # Set mtime of all files to a reproducible value bbnote "reproducible_final_image_task: mtime set to $REPRODUCIBLE_TIMESTAMP_ROOTFS" - find ${IMAGE_ROOTFS} -exec touch -h --date=@$REPRODUCIBLE_TIMESTAMP_ROOTFS {} \; + find ${IMAGE_ROOTFS} -print0 | xargs -0 touch -h --date=@$REPRODUCIBLE_TIMESTAMP_ROOTFS fi } diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index b5c6b2186f..eb19425652 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -174,7 +174,7 @@ def package_qa_check_useless_rpaths(file, name, d, elf, messages): if rpath_eq(rpath, libdir) or rpath_eq(rpath, base_libdir): # The dynamic linker searches both these places anyway. There is no point in # looking there again. - package_qa_add_message(messages, "useless-rpaths", "%s: %s contains probably-redundant RPATH %s" % (name, package_qa_clean_path(file, d), rpath)) + package_qa_add_message(messages, "useless-rpaths", "%s: %s contains probably-redundant RPATH %s" % (name, package_qa_clean_path(file, d, name), rpath)) QAPATHTEST[dev-so] = "package_qa_check_dev" def package_qa_check_dev(path, name, d, elf, messages): @@ -183,8 +183,8 @@ def package_qa_check_dev(path, name, d, elf, messages): """ if not name.endswith("-dev") and not name.endswith("-dbg") and not name.endswith("-ptest") and not name.startswith("nativesdk-") and path.endswith(".so") and os.path.islink(path): - package_qa_add_message(messages, "dev-so", "non -dev/-dbg/nativesdk- package contains symlink .so: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + package_qa_add_message(messages, "dev-so", "non -dev/-dbg/nativesdk- package %s contains symlink .so '%s'" % \ + (name, package_qa_clean_path(path, d, name))) QAPATHTEST[dev-elf] = "package_qa_check_dev_elf" def package_qa_check_dev_elf(path, name, d, elf, messages): @@ -194,8 +194,8 @@ def package_qa_check_dev_elf(path, name, d, elf, messages): install link-time .so files that are linker scripts. """ if name.endswith("-dev") and path.endswith(".so") and not os.path.islink(path) and elf: - package_qa_add_message(messages, "dev-elf", "-dev package contains non-symlink .so: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + package_qa_add_message(messages, "dev-elf", "-dev package %s contains non-symlink .so '%s'" % \ + (name, package_qa_clean_path(path, d, name))) QAPATHTEST[staticdev] = "package_qa_check_staticdev" def package_qa_check_staticdev(path, name, d, elf, messages): @@ -208,7 +208,7 @@ def package_qa_check_staticdev(path, name, d, elf, messages): if not name.endswith("-pic") and not name.endswith("-staticdev") and not name.endswith("-ptest") and path.endswith(".a") and not path.endswith("_nonshared.a") and not '/usr/lib/debug-static/' in path and not '/.debug-static/' in path: package_qa_add_message(messages, "staticdev", "non -staticdev package contains static .a library: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + (name, package_qa_clean_path(path,d, name))) QAPATHTEST[mime] = "package_qa_check_mime" def package_qa_check_mime(path, name, d, elf, messages): @@ -1012,26 +1012,6 @@ python do_package_qa () { logdir = d.getVar('T') pn = d.getVar('PN') - # Check the compile log for host contamination - compilelog = os.path.join(logdir,"log.do_compile") - - if os.path.exists(compilelog): - statement = "grep -e 'CROSS COMPILE Badness:' -e 'is unsafe for cross-compilation' %s > /dev/null" % compilelog - if subprocess.call(statement, shell=True) == 0: - msg = "%s: The compile log indicates that host include and/or library paths were used.\n \ - Please check the log '%s' for more information." % (pn, compilelog) - package_qa_handle_error("compile-host-path", msg, d) - - # Check the install log for host contamination - installlog = os.path.join(logdir,"log.do_install") - - if os.path.exists(installlog): - statement = "grep -e 'CROSS COMPILE Badness:' -e 'is unsafe for cross-compilation' %s > /dev/null" % installlog - if subprocess.call(statement, shell=True) == 0: - msg = "%s: The install log indicates that host include and/or library paths were used.\n \ - Please check the log '%s' for more information." % (pn, installlog) - package_qa_handle_error("install-host-path", msg, d) - # Scan the packages... pkgdest = d.getVar('PKGDEST') packages = set((d.getVar('PACKAGES') or '').split()) @@ -1210,7 +1190,7 @@ python do_qa_configure() { if bb.data.inherits_class('autotools', d) and not skip_configure_unsafe: bb.note("Checking autotools environment for common misconfiguration") for root, dirs, files in os.walk(workdir): - statement = "grep -q -F -e 'CROSS COMPILE Badness:' -e 'is unsafe for cross-compilation' %s" % \ + statement = "grep -q -F -e 'is unsafe for cross-compilation' %s" % \ os.path.join(root,"config.log") if "config.log" in files: if subprocess.call(statement, shell=True) == 0: diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass index 83a574efcd..518aaef724 100644 --- a/poky/meta/classes/kernel.bbclass +++ b/poky/meta/classes/kernel.bbclass @@ -194,6 +194,8 @@ UBOOT_LOADADDRESS ?= "${UBOOT_ENTRYPOINT}" KERNEL_EXTRA_ARGS ?= "" EXTRA_OEMAKE = " HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"" +EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS}"" + KERNEL_ALT_IMAGETYPE ??= "" copy_initramfs() { @@ -403,7 +405,6 @@ kernel_do_install() { install -d ${D}${sysconfdir}/modules-load.d install -d ${D}${sysconfdir}/modprobe.d } -do_install[prefuncs] += "package_get_auto_pr" # Must be ran no earlier than after do_kernel_checkout or else Makefile won't be in ${S}/Makefile do_kernel_version_sanity_check() { diff --git a/poky/meta/classes/license_image.bbclass b/poky/meta/classes/license_image.bbclass index a69cc5f065..1396a95f47 100644 --- a/poky/meta/classes/license_image.bbclass +++ b/poky/meta/classes/license_image.bbclass @@ -1,3 +1,5 @@ +ROOTFS_LICENSE_DIR = "${IMAGE_ROOTFS}/usr/share/common-licenses" + python write_package_manifest() { # Get list of installed packages license_image_dir = d.expand('${LICENSE_DIRECTORY}/${IMAGE_NAME}') @@ -105,8 +107,7 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): copy_lic_manifest = d.getVar('COPY_LIC_MANIFEST') copy_lic_dirs = d.getVar('COPY_LIC_DIRS') if rootfs and copy_lic_manifest == "1": - rootfs_license_dir = os.path.join(d.getVar('IMAGE_ROOTFS'), - 'usr', 'share', 'common-licenses') + rootfs_license_dir = d.getVar('ROOTFS_LICENSE_DIR') bb.utils.mkdirhier(rootfs_license_dir) rootfs_license_manifest = os.path.join(rootfs_license_dir, os.path.split(license_manifest)[1]) @@ -144,12 +145,13 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): continue # Make sure we use only canonical name for the license file - rootfs_license = os.path.join(rootfs_license_dir, "generic_%s" % generic_lic) + generic_lic_file = "generic_%s" % generic_lic + rootfs_license = os.path.join(rootfs_license_dir, generic_lic_file) if not os.path.exists(rootfs_license): oe.path.copyhardlink(pkg_license, rootfs_license) if not os.path.exists(pkg_rootfs_license): - os.symlink(os.path.join('..', lic), pkg_rootfs_license) + os.symlink(os.path.join('..', generic_lic_file), pkg_rootfs_license) else: if (oe.license.license_ok(canonical_license(d, lic), bad_licenses) == False or @@ -256,3 +258,13 @@ python do_populate_lic_deploy() { addtask populate_lic_deploy before do_build after do_image_complete do_populate_lic_deploy[recrdeptask] += "do_populate_lic do_deploy" +python license_qa_dead_symlink() { + import os + + for root, dirs, files in os.walk(d.getVar('ROOTFS_LICENSE_DIR')): + for file in files: + full_path = root + "/" + file + if os.path.islink(full_path) and not os.path.exists(full_path): + bb.error("broken symlink: " + full_path) +} +IMAGE_QA_COMMANDS += "license_qa_dead_symlink" diff --git a/poky/meta/classes/linux-dummy.bbclass b/poky/meta/classes/linux-dummy.bbclass new file mode 100644 index 0000000000..cd8791557d --- /dev/null +++ b/poky/meta/classes/linux-dummy.bbclass @@ -0,0 +1,26 @@ + +python __anonymous () { + if d.getVar('PREFERRED_PROVIDER_virtual/kernel') == 'linux-dummy': + # copy part codes from kernel.bbclass + kname = d.getVar('KERNEL_PACKAGE_NAME') or "kernel" + + # set an empty package of kernel-devicetree + d.appendVar('PACKAGES', ' %s-devicetree' % kname) + d.setVar('ALLOW_EMPTY_%s-devicetree' % kname, '1') + + # Merge KERNEL_IMAGETYPE and KERNEL_ALT_IMAGETYPE into KERNEL_IMAGETYPES + type = d.getVar('KERNEL_IMAGETYPE') or "" + alttype = d.getVar('KERNEL_ALT_IMAGETYPE') or "" + types = d.getVar('KERNEL_IMAGETYPES') or "" + if type not in types.split(): + types = (type + ' ' + types).strip() + if alttype not in types.split(): + types = (alttype + ' ' + types).strip() + + # set empty packages of kernel-image-* + for type in types.split(): + typelower = type.lower() + d.appendVar('PACKAGES', ' %s-image-%s' % (kname, typelower)) + d.setVar('ALLOW_EMPTY_%s-image-%s' % (kname, typelower), '1') +} + diff --git a/poky/meta/classes/populate_sdk_base.bbclass b/poky/meta/classes/populate_sdk_base.bbclass index 6954237596..ca56d803cb 100644 --- a/poky/meta/classes/populate_sdk_base.bbclass +++ b/poky/meta/classes/populate_sdk_base.bbclass @@ -324,6 +324,13 @@ def sdk_variables(d): do_populate_sdk[vardeps] += "${@sdk_variables(d)}" +python () { + variables = sdk_command_variables(d) + for var in variables: + if d.getVar(var, False): + d.setVarFlag(var, 'func', '1') +} + do_populate_sdk[file-checksums] += "${TOOLCHAIN_SHAR_REL_TMPL}:True \ ${TOOLCHAIN_SHAR_EXT_TMPL}:True" diff --git a/poky/meta/classes/populate_sdk_ext.bbclass b/poky/meta/classes/populate_sdk_ext.bbclass index 71686bc993..aa00d5397c 100644 --- a/poky/meta/classes/populate_sdk_ext.bbclass +++ b/poky/meta/classes/populate_sdk_ext.bbclass @@ -247,7 +247,9 @@ python copy_buildsystem () { # Create a layer for new recipes / appends bbpath = d.getVar('BBPATH') - bb.process.run(['devtool', '--bbpath', bbpath, '--basepath', baseoutpath, 'create-workspace', '--create-only', os.path.join(baseoutpath, 'workspace')]) + env = os.environ.copy() + env['PYTHONDONTWRITEBYTECODE'] = '1' + bb.process.run(['devtool', '--bbpath', bbpath, '--basepath', baseoutpath, 'create-workspace', '--create-only', os.path.join(baseoutpath, 'workspace')], env=env) # Create bblayers.conf bb.utils.mkdirhier(baseoutpath + '/conf') @@ -360,6 +362,9 @@ python copy_buildsystem () { # Hide the config information from bitbake output (since it's fixed within the SDK) f.write('BUILDCFG_HEADER = ""\n\n') + # Write METADATA_REVISION + f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION')) + f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n') f.write('WITHIN_EXT_SDK = "1"\n\n') diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index 866d066288..2325ee2747 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -392,9 +392,12 @@ def check_connectivity(d): msg = data.getVar('CONNECTIVITY_CHECK_MSG') or "" if len(msg) == 0: msg = "%s.\n" % err - msg += " Please ensure your host's network is configured correctly,\n" - msg += " or set BB_NO_NETWORK = \"1\" to disable network access if\n" - msg += " all required sources are on local disk.\n" + msg += " Please ensure your host's network is configured correctly.\n" + msg += " If your ISP or network is blocking the above URL,\n" + msg += " try with another domain name, for example by setting:\n" + msg += " CONNECTIVITY_CHECK_URIS = \"https://www.yoctoproject.org/\"" + msg += " You could also set BB_NO_NETWORK = \"1\" to disable network\n" + msg += " access if all required sources are on local disk.\n" retval = msg return retval @@ -882,13 +885,18 @@ def check_sanity_everybuild(status, d): except: pass - oeroot = d.getVar('COREBASE') - if oeroot.find('+') != -1: - status.addresult("Error, you have an invalid character (+) in your COREBASE directory path. Please move the installation to a directory which doesn't include any + characters.") - if oeroot.find('@') != -1: - status.addresult("Error, you have an invalid character (@) in your COREBASE directory path. Please move the installation to a directory which doesn't include any @ characters.") - if oeroot.find(' ') != -1: - status.addresult("Error, you have a space in your COREBASE directory path. Please move the installation to a directory which doesn't include a space since autotools doesn't support this.") + for checkdir in ['COREBASE', 'TMPDIR']: + val = d.getVar(checkdir) + if val.find('..') != -1: + status.addresult("Error, you have '..' in your %s directory path. Please ensure the variable contains an absolute path as this can break some recipe builds in obtuse ways." % checkdir) + if val.find('+') != -1: + status.addresult("Error, you have an invalid character (+) in your %s directory path. Please move the installation to a directory which doesn't include any + characters." % checkdir) + if val.find('@') != -1: + status.addresult("Error, you have an invalid character (@) in your %s directory path. Please move the installation to a directory which doesn't include any @ characters." % checkdir) + if val.find(' ') != -1: + status.addresult("Error, you have a space in your %s directory path. Please move the installation to a directory which doesn't include a space since autotools doesn't support this." % checkdir) + if val.find('%') != -1: + status.addresult("Error, you have an invalid character (%) in your %s directory path which causes problems with python string formatting. Please move the installation to a directory which doesn't include any % characters." % checkdir) # Check the format of MIRRORS, PREMIRRORS and SSTATE_MIRRORS import re diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index a8e169a10b..3c89c35ecf 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -319,6 +319,8 @@ def sstate_install(ss, d): if os.path.exists(i): with open(i, "r") as f: manifests = f.readlines() + # We append new entries, we don't remove older entries which may have the same + # manifest name but different versions from stamp/workdir. See below. if filedata not in manifests: with open(i, "a+") as f: f.write(filedata) @@ -1175,11 +1177,21 @@ python sstate_eventhandler2() { i = d.expand("${SSTATE_MANIFESTS}/index-" + a) if not os.path.exists(i): continue + manseen = set() + ignore = [] with open(i, "r") as f: lines = f.readlines() - for l in lines: + for l in reversed(lines): try: (stamp, manifest, workdir) = l.split() + # The index may have multiple entries for the same manifest as the code above only appends + # new entries and there may be an entry with matching manifest but differing version in stamp/workdir. + # The last entry in the list is the valid one, any earlier entries with matching manifests + # should be ignored. + if manifest in manseen: + ignore.append(l) + continue + manseen.add(manifest) if stamp not in stamps and stamp not in preservestamps and stamp in machineindex: toremove.append(l) if stamp not in seen: @@ -1210,6 +1222,8 @@ python sstate_eventhandler2() { with open(i, "w") as f: for l in lines: + if l in ignore: + continue f.write(l) machineindex |= set(stamps) with open(mi, "w") as f: diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 697956eb49..76942d923b 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -480,7 +480,7 @@ export PATH # Build utility info. ################################################################## -# Directory where host tools are copied +# Directory with symlinks to host tools used by build HOSTTOOLS_DIR = "${TMPDIR}/hosttools" # Tools needed to run builds with OE-Core diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 3fb925cc2d..ef1e7fe2f4 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -88,8 +88,8 @@ RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.o RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>" -RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-bzip2 = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-bzip2 = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-ca-certificates = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-cairo = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-cantarell-fonts = "Alexander Kanavin <alex.kanavin@gmail.com>" @@ -125,7 +125,7 @@ RECIPE_MAINTAINER_pn-core-image-sato-dev = "Richard Purdie <richard.purdie@linux RECIPE_MAINTAINER_pn-core-image-sato-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato-sdk-ptest = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-coreutils = "Chen Qi <Qi.Chen@windriver.com>" -RECIPE_MAINTAINER_pn-cpio = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-cpio = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-cracklib = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-createrepo-c = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-cronie = "Anuj Mittal <anuj.mittal@intel.com>" @@ -233,7 +233,7 @@ RECIPE_MAINTAINER_pn-gobject-introspection = "Alexander Kanavin <alex.kanavin@gm RECIPE_MAINTAINER_pn-gperf = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-gpgme = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER_pn-gptfdisk = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER_pn-grep = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-grep = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-groff = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER_pn-grub = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-grub-bootconf = "Anuj Mittal <anuj.mittal@intel.com>" @@ -254,9 +254,9 @@ RECIPE_MAINTAINER_pn-gstreamer1.0-rtsp-server = "Anuj Mittal <anuj.mittal@intel. RECIPE_MAINTAINER_pn-gstreamer1.0-vaapi = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-gtk+3 = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-gtk-doc = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER_pn-gzip = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-gzip = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-harfbuzz = "Anuj Mittal <anuj.mittal@intel.com>" -RECIPE_MAINTAINER_pn-hdparm = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-hdparm = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-help2man-native = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER_pn-hicolor-icon-theme = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-hwlatdetect = "Alexander Kanavin <alex.kanavin@gmail.com>" @@ -454,10 +454,10 @@ RECIPE_MAINTAINER_pn-ltp = "Yi Zhao <yi.zhao@windriver.com>" RECIPE_MAINTAINER_pn-lttng-modules = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-lttng-tools = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-lttng-ust = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-lz4 = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-lzo = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-lzip = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-lzop = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-lz4 = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-lzo = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-lzip = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-lzop = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-m4 = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-m4-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-make = "Robert Yang <liezhi.yang@windriver.com>" @@ -501,7 +501,7 @@ RECIPE_MAINTAINER_pn-mpeg2dec = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-mpfr = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER_pn-mpg123 = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-msmtp = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER_pn-mtd-utils = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-mtd-utils = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-mtdev = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-mtools = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-musl = "Khem Raj <raj.khem@gmail.com>" @@ -545,7 +545,7 @@ RECIPE_MAINTAINER_pn-pango = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-parted = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER_pn-patch = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER_pn-patchelf = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-pbzip2 = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-pbzip2 = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-pciutils = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER_pn-pcmanfm = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-perf = "Bruce Ashfield <bruce.ashfield@gmail.com>" @@ -685,7 +685,7 @@ RECIPE_MAINTAINER_pn-udev-extraconf = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-unfs3 = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-unifdef = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-uninative-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-unzip = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-unzip = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-update-rc.d = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-usbinit = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-usbutils = "Alexander Kanavin <alex.kanavin@gmail.com>" @@ -706,11 +706,11 @@ RECIPE_MAINTAINER_pn-vulkan-tools = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-waffle = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-watchdog = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-watchdog-config = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER_pn-wayland = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-wayland-protocols = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-wayland = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-wayland-protocols = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-webkitgtk = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER_pn-weston = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-weston-init = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-weston = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-weston-init = "Denys Dmytriyenko <denys@denix.org>" RECIPE_MAINTAINER_pn-wget = "Yi Zhao <yi.zhao@windriver.com>" RECIPE_MAINTAINER_pn-which = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-wic-tools = "Anuj Mittal <anuj.mittal@intel.com>" @@ -764,6 +764,6 @@ RECIPE_MAINTAINER_pn-xtrans = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-xuser-account = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-xvinfo = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-xwininfo = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-xz = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-zip = "Denys Dmytriyenko <denys@ti.com>" -RECIPE_MAINTAINER_pn-zlib = "Denys Dmytriyenko <denys@ti.com>" +RECIPE_MAINTAINER_pn-xz = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-zip = "Denys Dmytriyenko <denys@denix.org>" +RECIPE_MAINTAINER_pn-zlib = "Denys Dmytriyenko <denys@denix.org>" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index c13ff724b1..badfd69325 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -60,6 +60,7 @@ PTESTS_FAST = "\ # bash-ptest \ # Test outcomes are non-deterministic by design # ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py # mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts +# libinput-ptest \ # Tests need an unloaded system to be reliable #" PTESTS_SLOW = "\ diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index a2a2dd18ec..05b79d14c3 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -8,7 +8,7 @@ UNINATIVE_MAXGLIBCVERSION = "2.33" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.0/" -UNINATIVE_CHECKSUM[aarch64] ?= "1c668909098c5b56132067adc69a249cb771f4560428e5822de903a12d97bf33" -UNINATIVE_CHECKSUM[i686] ?= "e6cc2fc056234cffa6a2ff084cce27d544ea3f487a62b5e253351cefd4421900" -UNINATIVE_CHECKSUM[x86_64] ?= "5ec5a9276046e7eceeac749a18b175667384e1f445cd4526300a41404d985a5b" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.1/" +UNINATIVE_CHECKSUM[aarch64] ?= "7fa12b9fe7a95934cc09beb0e8a25ff97179ef3105116015d32548eadd27b024" +UNINATIVE_CHECKSUM[i686] ?= "bbfcdd48336800b5af97e294918c6586a0a8fa903f127f813b0bd5110de8c55c" +UNINATIVE_CHECKSUM[x86_64] ?= "5d0611df544edff6428cef7d871257a91aa6ba1bd92f5365a2df8deb54b6b31e" diff --git a/poky/meta/lib/bblayers/create.py b/poky/meta/lib/bblayers/create.py index 542f31fc81..f49b48d1b4 100644 --- a/poky/meta/lib/bblayers/create.py +++ b/poky/meta/lib/bblayers/create.py @@ -71,7 +71,7 @@ class CreatePlugin(LayerPlugin): def register_commands(self, sp): parser_create_layer = self.add_command(sp, 'create-layer', self.do_create_layer, parserecipes=False) parser_create_layer.add_argument('layerdir', help='Layer directory to create') - parser_create_layer.add_argument('--priority', '-p', default=6, help='Layer directory to create') + parser_create_layer.add_argument('--priority', '-p', default=6, help='Priority of recipes in layer') parser_create_layer.add_argument('--example-recipe-name', '-e', dest='examplerecipe', default='example', help='Filename of the example recipe') parser_create_layer.add_argument('--example-recipe-version', '-v', dest='version', default='0.1', help='Version number for the example recipe') diff --git a/poky/meta/lib/oe/copy_buildsystem.py b/poky/meta/lib/oe/copy_buildsystem.py index 31a84f5b06..d97bf9d1b9 100644 --- a/poky/meta/lib/oe/copy_buildsystem.py +++ b/poky/meta/lib/oe/copy_buildsystem.py @@ -20,7 +20,7 @@ def _smart_copy(src, dest): mode = os.stat(src).st_mode if stat.S_ISDIR(mode): bb.utils.mkdirhier(dest) - cmd = "tar --exclude='.git' --xattrs --xattrs-include='*' -chf - -C %s -p . \ + cmd = "tar --exclude='.git' --exclude='__pycache__' --xattrs --xattrs-include='*' -chf - -C %s -p . \ | tar --xattrs --xattrs-include='*' -xf - -C %s" % (src, dest) subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) else: @@ -259,7 +259,7 @@ def create_locked_sstate_cache(lockedsigs, input_sstate_cache, output_sstate_cac bb.note('Generating sstate-cache...') nativelsbstring = d.getVar('NATIVELSBSTRING') - bb.process.run("gen-lockedsig-cache %s %s %s %s %s" % (lockedsigs, input_sstate_cache, output_sstate_cache, nativelsbstring, filterfile or '')) + bb.process.run("PYTHONDONTWRITEBYTECODE=1 gen-lockedsig-cache %s %s %s %s %s" % (lockedsigs, input_sstate_cache, output_sstate_cache, nativelsbstring, filterfile or '')) if fixedlsbstring and nativelsbstring != fixedlsbstring: nativedir = output_sstate_cache + '/' + nativelsbstring if os.path.isdir(nativedir): @@ -286,7 +286,7 @@ def check_sstate_task_list(d, targets, filteroutfile, cmdprefix='', cwd=None, lo logparam = '-l %s' % logfile else: logparam = '' - cmd = "%sBB_SETSCENE_ENFORCE=1 PSEUDO_DISABLED=1 oe-check-sstate %s -s -o %s %s" % (cmdprefix, targets, filteroutfile, logparam) + cmd = "%sPYTHONDONTWRITEBYTECODE=1 BB_SETSCENE_ENFORCE=1 PSEUDO_DISABLED=1 oe-check-sstate %s -s -o %s %s" % (cmdprefix, targets, filteroutfile, logparam) env = dict(d.getVar('BB_ORIGENV', False)) env.pop('BUILDDIR', '') env.pop('BBPATH', '') diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index ce755f940a..a1d7c292af 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -11,8 +11,13 @@ _Version = collections.namedtuple( class Version(): def __init__(self, version, suffix=None): + + suffixes = ["alphabetical", "patch"] + if str(suffix) == "alphabetical": version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" + elif str(suffix) == "patch": + version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(p|patch)(?P<patch_l>[0-9]+))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" else: version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE) @@ -23,7 +28,7 @@ class Version(): self._version = _Version( release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")), - patch_l=match.group("patch_l") if str(suffix) == "alphabetical" and match.group("patch_l") else "", + patch_l=match.group("patch_l") if str(suffix) in suffixes and match.group("patch_l") else "", pre_l=match.group("pre_l"), pre_v=match.group("pre_v") ) diff --git a/poky/meta/lib/oe/package_manager.py b/poky/meta/lib/oe/package_manager.py index b0660411ea..db988d9247 100644 --- a/poky/meta/lib/oe/package_manager.py +++ b/poky/meta/lib/oe/package_manager.py @@ -403,7 +403,7 @@ class PackageManager(object, metaclass=ABCMeta): bb.utils.remove(self.intercepts_dir, True) bb.utils.mkdirhier(self.intercepts_dir) for intercept in postinst_intercepts: - bb.utils.copyfile(intercept, os.path.join(self.intercepts_dir, os.path.basename(intercept))) + shutil.copy(intercept, os.path.join(self.intercepts_dir, os.path.basename(intercept))) @abstractmethod def _handle_intercept_failure(self, failed_script): diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py index cd65e62030..9e9f7f1f08 100644 --- a/poky/meta/lib/oe/rootfs.py +++ b/poky/meta/lib/oe/rootfs.py @@ -167,7 +167,7 @@ class Rootfs(object, metaclass=ABCMeta): pass os.rename(self.image_rootfs, self.image_rootfs + '-dbg') - bb.note(" Restoreing original rootfs...") + bb.note(" Restoring original rootfs...") os.rename(self.image_rootfs + '-orig', self.image_rootfs) def _exec_shell_cmd(self, cmd): @@ -304,7 +304,7 @@ class Rootfs(object, metaclass=ABCMeta): def _check_for_kernel_modules(self, modules_dir): for root, dirs, files in os.walk(modules_dir, topdown=True): for name in files: - found_ko = name.endswith(".ko") + found_ko = name.endswith((".ko", ".ko.gz", ".ko.xz")) if found_ko: return found_ko return False diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py index 51e1d492c3..aeceb100d7 100644 --- a/poky/meta/lib/oe/sstatesig.py +++ b/poky/meta/lib/oe/sstatesig.py @@ -453,7 +453,7 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, multilibcache): manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname)) if os.path.exists(manifest): return manifest, d2 - bb.error("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant)) + bb.warn("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant)) return None, d2 def OEOuthashBasic(path, sigfile, task, d): diff --git a/poky/meta/lib/oe/terminal.py b/poky/meta/lib/oe/terminal.py index eb10a6e33e..2ac39df9e1 100644 --- a/poky/meta/lib/oe/terminal.py +++ b/poky/meta/lib/oe/terminal.py @@ -163,7 +163,12 @@ class Tmux(Terminal): # devshells, if it's already there, add a new window to it. window_name = 'devshell-%i' % os.getpid() - self.command = 'tmux new -c "{{cwd}}" -d -s {0} -n {0} "{{command}}"'.format(window_name) + self.command = 'tmux new -c "{{cwd}}" -d -s {0} -n {0} "{{command}}"' + if not check_tmux_version('1.9'): + # `tmux new-session -c` was added in 1.9; + # older versions fail with that flag + self.command = 'tmux new -d -s {0} -n {0} "{{command}}"' + self.command = self.command.format(window_name) Terminal.__init__(self, sh_cmd, title, env, d) attach_cmd = 'tmux att -t {0}'.format(window_name) @@ -253,13 +258,18 @@ def spawn(name, sh_cmd, title=None, env=None, d=None): except OSError: return +def check_tmux_version(desired): + vernum = check_terminal_version("tmux") + if vernum and LooseVersion(vernum) < desired: + return False + return vernum + def check_tmux_pane_size(tmux): import subprocess as sub # On older tmux versions (<1.9), return false. The reason # is that there is no easy way to get the height of the active panel # on current window without nested formats (available from version 1.9) - vernum = check_terminal_version("tmux") - if vernum and LooseVersion(vernum) < '1.9': + if not check_tmux_version('1.9'): return False try: p = sub.Popen('%s list-panes -F "#{?pane_active,#{pane_height},}"' % tmux, diff --git a/poky/meta/lib/oeqa/core/case.py b/poky/meta/lib/oeqa/core/case.py index aae451fef2..bc4446a938 100644 --- a/poky/meta/lib/oeqa/core/case.py +++ b/poky/meta/lib/oeqa/core/case.py @@ -43,8 +43,13 @@ class OETestCase(unittest.TestCase): clss.tearDownClassMethod() def _oeSetUp(self): - for d in self.decorators: - d.setUpDecorator() + try: + for d in self.decorators: + d.setUpDecorator() + except: + for d in self.decorators: + d.tearDownDecorator() + raise self.setUpMethod() def _oeTearDown(self): diff --git a/poky/meta/lib/oeqa/core/decorator/oetimeout.py b/poky/meta/lib/oeqa/core/decorator/oetimeout.py index df90d1c798..5e6873ad48 100644 --- a/poky/meta/lib/oeqa/core/decorator/oetimeout.py +++ b/poky/meta/lib/oeqa/core/decorator/oetimeout.py @@ -24,5 +24,6 @@ class OETimeout(OETestDecorator): def tearDownDecorator(self): signal.alarm(0) - signal.signal(signal.SIGALRM, self.alarmSignal) - self.logger.debug("Removed SIGALRM handler") + if hasattr(self, 'alarmSignal'): + signal.signal(signal.SIGALRM, self.alarmSignal) + self.logger.debug("Removed SIGALRM handler") diff --git a/poky/meta/lib/oeqa/core/tests/cases/timeout.py b/poky/meta/lib/oeqa/core/tests/cases/timeout.py index 5dfecc7b7c..69cf969a67 100644 --- a/poky/meta/lib/oeqa/core/tests/cases/timeout.py +++ b/poky/meta/lib/oeqa/core/tests/cases/timeout.py @@ -8,6 +8,7 @@ from time import sleep from oeqa.core.case import OETestCase from oeqa.core.decorator.oetimeout import OETimeout +from oeqa.core.decorator.depends import OETestDepends class TimeoutTest(OETestCase): @@ -19,3 +20,15 @@ class TimeoutTest(OETestCase): def testTimeoutFail(self): sleep(2) self.assertTrue(True, msg='How is this possible?') + + + def testTimeoutSkip(self): + self.skipTest("This test needs to be skipped, so that testTimeoutDepends()'s OETestDepends kicks in") + + @OETestDepends(["timeout.TimeoutTest.testTimeoutSkip"]) + @OETimeout(3) + def testTimeoutDepends(self): + self.assertTrue(False, msg='How is this possible?') + + def testTimeoutUnrelated(self): + sleep(6) diff --git a/poky/meta/lib/oeqa/core/tests/test_decorators.py b/poky/meta/lib/oeqa/core/tests/test_decorators.py index b798bf7d33..5095f39948 100755 --- a/poky/meta/lib/oeqa/core/tests/test_decorators.py +++ b/poky/meta/lib/oeqa/core/tests/test_decorators.py @@ -133,5 +133,11 @@ class TestTimeoutDecorator(TestBase): msg = "OETestTimeout didn't restore SIGALRM" self.assertIs(alarm_signal, signal.getsignal(signal.SIGALRM), msg=msg) + def test_timeout_cancel(self): + tests = ['timeout.TimeoutTest.testTimeoutSkip', 'timeout.TimeoutTest.testTimeoutDepends', 'timeout.TimeoutTest.testTimeoutUnrelated'] + msg = 'Unrelated test failed to complete' + tc = self._testLoader(modules=self.modules, tests=tests) + self.assertTrue(tc.runTests().wasSuccessful(), msg=msg) + if __name__ == '__main__': unittest.main() diff --git a/poky/meta/lib/oeqa/runtime/cases/pam.py b/poky/meta/lib/oeqa/runtime/cases/pam.py index 271a1943e3..a482ded945 100644 --- a/poky/meta/lib/oeqa/runtime/cases/pam.py +++ b/poky/meta/lib/oeqa/runtime/cases/pam.py @@ -8,11 +8,14 @@ from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends from oeqa.core.decorator.data import skipIfNotFeature +from oeqa.runtime.decorator.package import OEHasPackage class PamBasicTest(OERuntimeTestCase): @skipIfNotFeature('pam', 'Test requires pam to be in DISTRO_FEATURES') @OETestDepends(['ssh.SSHTest.test_ssh']) + @OEHasPackage(['shadow']) + @OEHasPackage(['shadow-base']) def test_pam(self): status, output = self.target.run('login --help') msg = ('login command does not work as expected. ' diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py index a1791b5cca..f703927660 100644 --- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py @@ -88,6 +88,8 @@ qemux86_common = [ 'tsc: HPET/PMTIMER calibration failed', "modeset(0): Failed to initialize the DRI2 extension", "glamor initialization failed", + "blk_update_request: I/O error, dev fd0, sector 0 op 0x0:(READ)", + "floppy: error", ] + common_errors ignore_errors = { diff --git a/poky/meta/lib/oeqa/selftest/cases/bblayers.py b/poky/meta/lib/oeqa/selftest/cases/bblayers.py index f131d9856c..7d74833f61 100644 --- a/poky/meta/lib/oeqa/selftest/cases/bblayers.py +++ b/poky/meta/lib/oeqa/selftest/cases/bblayers.py @@ -12,6 +12,11 @@ from oeqa.selftest.case import OESelftestTestCase class BitbakeLayers(OESelftestTestCase): + def test_bitbakelayers_layerindexshowdepends(self): + result = runCmd('bitbake-layers layerindex-show-depends meta-poky') + find_in_contents = re.search("openembedded-core", result.output) + self.assertTrue(find_in_contents, msg = "openembedded-core should have been listed at this step. bitbake-layers layerindex-show-depends meta-poky output: %s" % result.output) + def test_bitbakelayers_showcrossdepends(self): result = runCmd('bitbake-layers show-cross-depends') self.assertIn('aspell', result.output) diff --git a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py index e91f0bd18f..b1b9ea7e55 100644 --- a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py +++ b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py @@ -57,15 +57,15 @@ class ImageOptionsTests(OESelftestTestCase): class DiskMonTest(OESelftestTestCase): def test_stoptask_behavior(self): - self.write_config('BB_DISKMON_DIRS = "STOPTASKS,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "STOPTASKS,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay", ignore_status = True) self.assertTrue('ERROR: No new tasks can be executed since the disk space monitor action is "STOPTASKS"!' in res.output, msg = "Tasks should have stopped. Disk monitor is set to STOPTASK: %s" % res.output) self.assertEqual(res.status, 1, msg = "bitbake reported exit code %s. It should have been 1. Bitbake output: %s" % (str(res.status), res.output)) - self.write_config('BB_DISKMON_DIRS = "ABORT,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "ABORT,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay", ignore_status = True) self.assertTrue('ERROR: Immediately abort since the disk space monitor action is "ABORT"!' in res.output, "Tasks should have been aborted immediatelly. Disk monitor is set to ABORT: %s" % res.output) self.assertEqual(res.status, 1, msg = "bitbake reported exit code %s. It should have been 1. Bitbake output: %s" % (str(res.status), res.output)) - self.write_config('BB_DISKMON_DIRS = "WARN,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "WARN,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay") self.assertTrue('WARNING: The free space' in res.output, msg = "A warning should have been displayed for disk monitor is set to WARN: %s" %res.output) diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py index 3f343a2841..d1947baffc 100644 --- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py @@ -34,3 +34,11 @@ class CVECheck(OESelftestTestCase): self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' < '1.0r'") result = Version("1.0b","alphabetical") > Version("1.0","alphabetical") self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' > '1.0'") + + # consider the trailing "p" and "patch" as patched released when comparing + result = Version("1.0","patch") < Version("1.0p1","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0' < '1.0p1'") + result = Version("1.0p2","patch") > Version("1.0p1","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'") + result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") diff --git a/poky/meta/lib/oeqa/selftest/cases/distrodata.py b/poky/meta/lib/oeqa/selftest/cases/distrodata.py index e1cfc3b621..8e5e24db3d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/distrodata.py +++ b/poky/meta/lib/oeqa/selftest/cases/distrodata.py @@ -63,7 +63,7 @@ but their recipes claim otherwise by setting UPSTREAM_VERSION_UNKNOWN. Please re return True return False - feature = 'require conf/distro/include/maintainers.inc\nLICENSE_FLAGS_WHITELIST += " commercial"\nPARSE_ALL_RECIPES = "1"\n' + feature = 'require conf/distro/include/maintainers.inc\nLICENSE_FLAGS_WHITELIST += " commercial"\nPARSE_ALL_RECIPES = "1"\nPACKAGE_CLASSES = "package_ipk package_deb package_rpm"\n' self.write_config(feature) with bb.tinfoil.Tinfoil() as tinfoil: diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py index 7f74cec28f..0e44ce4dbf 100644 --- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py @@ -17,6 +17,62 @@ import stat import os import datetime +# For sample packages, see: +# https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20201127-0t7wr_oo/ +# https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20201127-4s9ejwyp/ +# https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20201127-haiwdlbr/ +# https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20201127-hwds3mcl/ +# https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20201203-sua0pzvc/ +# (both packages/ and packages-excluded/) +exclude_packages = [ + 'acpica-src', + 'babeltrace2-ptest', + 'bind', + 'bootchart2-doc', + 'epiphany', + 'gcr', + 'git', + 'glide', + 'go-dep', + 'go-helloworld', + 'go-runtime', + 'go_', + 'gstreamer1.0-python', + 'hwlatdetect', + 'kernel-devsrc', + 'libaprutil', + 'libcap-ng', + 'libjson', + 'libproxy', + 'lsb-release', + 'lttng-tools-dbg', + 'lttng-tools-ptest', + 'ltp', + 'ovmf-shell-efi', + 'parted-ptest', + 'perf', + 'piglit', + 'pybootchartgui', + 'qemu', + 'quilt-ptest', + "rpm", + 'rsync', + 'ruby', + 'stress-ng', + 'systemd-bootchart', + 'systemtap', + 'valgrind-ptest', + 'vim', + 'webkitgtk', + ] + +def is_excluded(package): + package_name = os.path.basename(package) + for i in exclude_packages: + if package_name.startswith(i): + return i + return None + MISSING = 'MISSING' DIFFERENT = 'DIFFERENT' SAME = 'SAME' @@ -39,14 +95,21 @@ class PackageCompareResults(object): self.total = [] self.missing = [] self.different = [] + self.different_excluded = [] self.same = [] + self.active_exclusions = set() def add_result(self, r): self.total.append(r) if r.status == MISSING: self.missing.append(r) elif r.status == DIFFERENT: - self.different.append(r) + exclusion = is_excluded(r.reference) + if exclusion: + self.different_excluded.append(r) + self.active_exclusions.add(exclusion) + else: + self.different.append(r) else: self.same.append(r) @@ -54,10 +117,14 @@ class PackageCompareResults(object): self.total.sort() self.missing.sort() self.different.sort() + self.different_excluded.sort() self.same.sort() def __str__(self): - return 'same=%i different=%i missing=%i total=%i' % (len(self.same), len(self.different), len(self.missing), len(self.total)) + return 'same=%i different=%i different_excluded=%i missing=%i total=%i\nunused_exclusions=%s' % (len(self.same), len(self.different), len(self.different_excluded), len(self.missing), len(self.total), self.unused_exclusions()) + + def unused_exclusions(self): + return sorted(set(exclude_packages) - self.active_exclusions) def compare_file(reference, test, diffutils_sysroot): result = CompareResult() @@ -78,8 +145,14 @@ def compare_file(reference, test, diffutils_sysroot): return result class ReproducibleTests(OESelftestTestCase): + # Test the reproducibility of whatever is built between sstate_targets and targets + package_classes = ['deb', 'ipk'] - images = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline'] + + # targets are the things we want to test the reproducibility of + targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'world'] + # sstate targets are things to pull from sstate to potentially cut build/debugging time + sstate_targets = [] save_results = False if 'OEQA_DEBUGGING_SAVED_OUTPUT' in os.environ: save_results = os.environ['OEQA_DEBUGGING_SAVED_OUTPUT'] @@ -150,10 +223,17 @@ class ReproducibleTests(OESelftestTestCase): PACKAGE_CLASSES = "{package_classes}" INHIBIT_PACKAGE_STRIP = "1" TMPDIR = "{tmpdir}" + LICENSE_FLAGS_WHITELIST = "commercial" + DISTRO_FEATURES_append = ' systemd pam' ''').format(package_classes=' '.join('package_%s' % c for c in self.package_classes), tmpdir=tmpdir) if not use_sstate: + if self.sstate_targets: + self.logger.info("Building prebuild for %s (sstate allowed)..." % (name)) + self.write_config(config) + bitbake(' '.join(self.sstate_targets)) + # This config fragment will disable using shared and the sstate # mirror, forcing a complete build from scratch config += textwrap.dedent('''\ @@ -164,7 +244,8 @@ class ReproducibleTests(OESelftestTestCase): self.logger.info("Building %s (sstate%s allowed)..." % (name, '' if use_sstate else ' NOT')) self.write_config(config) d = get_bb_vars(capture_vars) - bitbake(' '.join(self.images)) + # targets used to be called images + bitbake(' '.join(getattr(self, 'images', self.targets))) return d def test_reproducible_builds(self): @@ -212,6 +293,7 @@ class ReproducibleTests(OESelftestTestCase): self.write_package_list(package_class, 'missing', result.missing) self.write_package_list(package_class, 'different', result.different) + self.write_package_list(package_class, 'different_excluded', result.different_excluded) self.write_package_list(package_class, 'same', result.same) if self.save_results: @@ -219,8 +301,12 @@ class ReproducibleTests(OESelftestTestCase): self.copy_file(d.reference, '/'.join([save_dir, 'packages', strip_topdir(d.reference)])) self.copy_file(d.test, '/'.join([save_dir, 'packages', strip_topdir(d.test)])) + for d in result.different_excluded: + self.copy_file(d.reference, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.reference)])) + self.copy_file(d.test, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.test)])) + if result.missing or result.different: - fails.append("The following %s packages are missing or different: %s" % + fails.append("The following %s packages are missing or different and not in exclusion list: %s" % (c, '\n'.join(r.test for r in (result.missing + result.different)))) # Clean up empty directories diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py index 7e676bcb41..da22f77b27 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py +++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py @@ -163,12 +163,11 @@ class QemuTest(OESelftestTestCase): bitbake(cls.recipe) def _start_qemu_shutdown_check_if_shutdown_succeeded(self, qemu, timeout): + # Allow the runner's LoggingThread instance to exit without errors + # (such as the exception "Console connection closed unexpectedly") + # as qemu will disappear when we shut it down + qemu.runner.allowexit() qemu.run_serial("shutdown -h now") - # Stop thread will stop the LoggingThread instance used for logging - # qemu through serial console, stop thread will prevent this code - # from facing exception (Console connection closed unexpectedly) - # when qemu was shutdown by the above shutdown command - qemu.runner.stop_thread() time_track = 0 try: while True: diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py index 0435aa29c9..f7abdba015 100644 --- a/poky/meta/lib/oeqa/selftest/cases/wic.py +++ b/poky/meta/lib/oeqa/selftest/cases/wic.py @@ -905,14 +905,18 @@ class Wic2(WicTestCase): @only_for_arch(['i586', 'i686', 'x86_64']) def test_rawcopy_plugin_qemu(self): """Test rawcopy plugin in qemu""" - # build ext4 and wic images - for fstype in ("ext4", "wic"): - config = 'IMAGE_FSTYPES = "%s"\nWKS_FILE = "test_rawcopy_plugin.wks.in"\n' % fstype - self.append_config(config) - self.assertEqual(0, bitbake('core-image-minimal').status) - self.remove_config(config) + # build ext4 and then use it for a wic image + config = 'IMAGE_FSTYPES = "ext4"\n' + self.append_config(config) + self.assertEqual(0, bitbake('core-image-minimal').status) + self.remove_config(config) - with runqemu('core-image-minimal', ssh=False, image_fstype='wic') as qemu: + config = 'IMAGE_FSTYPES = "wic"\nWKS_FILE = "test_rawcopy_plugin.wks.in"\n' + self.append_config(config) + self.assertEqual(0, bitbake('core-image-minimal-mtdutils').status) + self.remove_config(config) + + with runqemu('core-image-minimal-mtdutils', ssh=False, image_fstype='wic') as qemu: cmd = "grep sda. /proc/partitions |wc -l" status, output = qemu.run_serial(cmd) self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output)) diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py index a71c16ab14..024261410e 100644 --- a/poky/meta/lib/oeqa/utils/commands.py +++ b/poky/meta/lib/oeqa/utils/commands.py @@ -174,11 +174,8 @@ def runCmd(command, ignore_status=False, timeout=None, assert_error=True, sync=T if native_sysroot: extra_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin" % \ (native_sysroot, native_sysroot, native_sysroot) - extra_libpaths = "%s/lib:%s/usr/lib" % \ - (native_sysroot, native_sysroot) nenv = dict(options.get('env', os.environ)) nenv['PATH'] = extra_paths + ':' + nenv.get('PATH', '') - nenv['LD_LIBRARY_PATH'] = extra_libpaths + ':' + nenv.get('LD_LIBRARY_PATH', '') options['env'] = nenv cmd = Command(command, timeout=timeout, output_log=output_log, **options) diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 77ec939ad7..79db2cc247 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -70,6 +70,8 @@ class QemuRunner: self.monitorpipe = None self.logger = logger + # Whether we're expecting an exit and should show related errors + self.canexit = False # Enable testing other OS's # Set commands for target communication, and default to Linux ALWAYS @@ -467,6 +469,11 @@ class QemuRunner: self.thread.stop() self.thread.join() + def allowexit(self): + self.canexit = True + if self.thread: + self.thread.allowexit() + def restart(self, qemuparams = None): self.logger.warning("Restarting qemu process") if self.runqemu.poll() is None: @@ -522,7 +529,9 @@ class QemuRunner: if re.search(self.boot_patterns['search_cmd_finished'], data): break else: - raise Exception("No data on serial console socket") + if self.canexit: + return (1, "") + raise Exception("No data on serial console socket, connection closed?") if data: if raw: @@ -560,6 +569,7 @@ class LoggingThread(threading.Thread): self.logger = logger self.readsock = None self.running = False + self.canexit = False self.errorevents = select.POLLERR | select.POLLHUP | select.POLLNVAL self.readevents = select.POLLIN | select.POLLPRI @@ -593,6 +603,9 @@ class LoggingThread(threading.Thread): self.close_ignore_error(self.writepipe) self.running = False + def allowexit(self): + self.canexit = True + def eventloop(self): poll = select.poll() event_read_mask = self.errorevents | self.readevents @@ -638,7 +651,7 @@ class LoggingThread(threading.Thread): data = self.readsock.recv(count) except socket.error as e: if e.errno == errno.EAGAIN or e.errno == errno.EWOULDBLOCK: - return '' + return b'' else: raise @@ -649,7 +662,9 @@ class LoggingThread(threading.Thread): # happened. But for this code it counts as an # error since the connection shouldn't go away # until qemu exits. - raise Exception("Console connection closed unexpectedly") + if not self.canexit: + raise Exception("Console connection closed unexpectedly") + return b'' return data diff --git a/poky/meta/recipes-bsp/efivar/efivar/determinism.patch b/poky/meta/recipes-bsp/efivar/efivar/determinism.patch new file mode 100644 index 0000000000..bdf6bfc4a8 --- /dev/null +++ b/poky/meta/recipes-bsp/efivar/efivar/determinism.patch @@ -0,0 +1,18 @@ +Fix reproducibility issue caused by unsorted wildcard expansion. + +Upstream-Status: Pending +RP 2021/3/1 + +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -15,7 +15,7 @@ TARGETS=$(LIBTARGETS) $(BINTARGETS) $(PC + STATICTARGETS=$(STATICLIBTARGETS) $(STATICBINTARGETS) + + LIBEFIBOOT_SOURCES = crc32.c creator.c disk.c gpt.c loadopt.c path-helpers.c \ +- linux.c $(wildcard linux-*.c) ++ linux.c $(sort $(wildcard linux-*.c)) + LIBEFIBOOT_OBJECTS = $(patsubst %.c,%.o,$(LIBEFIBOOT_SOURCES)) + LIBEFIVAR_SOURCES = dp.c dp-acpi.c dp-hw.c dp-media.c dp-message.c \ + efivarfs.c error.c export.c guid.c guids.S guid-symbols.c \ diff --git a/poky/meta/recipes-bsp/efivar/efivar_37.bb b/poky/meta/recipes-bsp/efivar/efivar_37.bb index 9b95721a4e..5bf121ff6e 100644 --- a/poky/meta/recipes-bsp/efivar/efivar_37.bb +++ b/poky/meta/recipes-bsp/efivar/efivar_37.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" SRC_URI = "git://github.com/rhinstaller/efivar.git \ + file://determinism.patch \ file://no-werror.patch" SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10" diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb index f6e3afb24e..0df44bffbe 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb @@ -8,6 +8,9 @@ SRC_URI += "file://00avahi-autoipd \ inherit update-rc.d systemd useradd +# Issue only affects Debian/SUSE, not us +CVE_CHECK_WHITELIST += "CVE-2021-26720" + PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils" LICENSE_libavahi-gobject = "LGPLv2.1+" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb index 8190924562..e5353bd815 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb @@ -3,6 +3,9 @@ require bluez5.inc SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a" SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88" +# These issues have kernel fixes rather than bluez fixes so exclude here +CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" + # noinst programs in Makefile.tools that are conditional on READLINE # support NOINST_TOOLS_READLINE ?= " \ diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch new file mode 100644 index 0000000000..2648a832ca --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch @@ -0,0 +1,62 @@ +From e4079a20f617a4b076af503f6e4e8b0304c9f2cb Mon Sep 17 00:00:00 2001 +From: Colin Wee <cwee@tesla.com> +Date: Thu, 28 Jan 2021 19:41:53 +0100 +Subject: [PATCH] dnsproxy: Add length checks to prevent buffer overflow + +Fixes: CVE-2021-26675 + +Upstream-Status: Backport +CVE: CVE-2021-26675 + +Reference to upstream patch: +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + src/dnsproxy.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index a7bf87a1..4f5c897f 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -1767,6 +1767,7 @@ static char *uncompress(int16_t field_count, char *start, char *end, + char **uncompressed_ptr) + { + char *uptr = *uncompressed_ptr; /* position in result buffer */ ++ char * const uncomp_end = uncompressed + uncomp_len - 1; + + debug("count %d ptr %p end %p uptr %p", field_count, ptr, end, uptr); + +@@ -1787,12 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * tmp buffer. + */ + +- ulen = strlen(name); +- strncpy(uptr, name, uncomp_len - (uptr - uncompressed)); +- + debug("pos %d ulen %d left %d name %s", pos, ulen, + (int)(uncomp_len - (uptr - uncompressed)), uptr); + ++ ulen = strlen(name); ++ if ((uptr + ulen + 1) > uncomp_end) { ++ goto out; ++ } ++ strncpy(uptr, name, uncomp_len - (uptr - uncompressed)); ++ + uptr += ulen; + *uptr++ = '\0'; + +@@ -1802,6 +1806,10 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * We copy also the fixed portion of the result (type, class, + * ttl, address length and the address) + */ ++ if ((uptr + NS_RRFIXEDSZ) > uncomp_end) { ++ debug("uncompressed data too large for buffer"); ++ goto out; ++ } + memcpy(uptr, ptr, NS_RRFIXEDSZ); + + dns_type = uptr[0] << 8 | uptr[1]; +-- +2.17.1 diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch new file mode 100644 index 0000000000..4104e4bfc6 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch @@ -0,0 +1,231 @@ +From 58d397ba74873384aee449690a9070bacd5676fa Mon Sep 17 00:00:00 2001 +From: Colin Wee <cwee@tesla.com> +Date: Thu, 28 Jan 2021 19:39:14 +0100 +Subject: [PATCH] gdhcp: Avoid reading invalid data in dhcp_get_option + +Upstream-Status: Backport +CVE: CVE-2021-26676 + +Reference to upstream patch: +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + gdhcp/client.c | 20 +++++++++++--------- + gdhcp/common.c | 24 +++++++++++++++++++----- + gdhcp/common.h | 2 +- + gdhcp/server.c | 12 +++++++----- + 4 files changed, 38 insertions(+), 20 deletions(-) + +diff --git a/gdhcp/client.c b/gdhcp/client.c +index 09dfe5ec..6a5613e7 100644 +--- a/gdhcp/client.c ++++ b/gdhcp/client.c +@@ -1629,12 +1629,12 @@ static void start_request(GDHCPClient *dhcp_client) + NULL); + } + +-static uint32_t get_lease(struct dhcp_packet *packet) ++static uint32_t get_lease(struct dhcp_packet *packet, uint16_t packet_len) + { + uint8_t *option; + uint32_t lease_seconds; + +- option = dhcp_get_option(packet, DHCP_LEASE_TIME); ++ option = dhcp_get_option(packet, packet_len, DHCP_LEASE_TIME); + if (!option) + return 3600; + +@@ -2226,7 +2226,8 @@ static void get_dhcpv6_request(GDHCPClient *dhcp_client, + } + } + +-static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet) ++static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet, ++ uint16_t packet_len) + { + GDHCPOptionType type; + GList *list, *value_list; +@@ -2237,7 +2238,7 @@ static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet) + for (list = dhcp_client->request_list; list; list = list->next) { + code = (uint8_t) GPOINTER_TO_INT(list->data); + +- option = dhcp_get_option(packet, code); ++ option = dhcp_get_option(packet, packet_len, code); + if (!option) { + g_hash_table_remove(dhcp_client->code_value_hash, + GINT_TO_POINTER((int) code)); +@@ -2297,6 +2298,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + re = dhcp_recv_l2_packet(&packet, + dhcp_client->listener_sockfd, + &dst_addr); ++ pkt_len = (uint16_t)(unsigned int)re; + xid = packet.xid; + } else if (dhcp_client->listen_mode == L3) { + if (dhcp_client->type == G_DHCP_IPV6) { +@@ -2361,7 +2363,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + dhcp_client->status_code = status; + } + } else { +- message_type = dhcp_get_option(&packet, DHCP_MESSAGE_TYPE); ++ message_type = dhcp_get_option(&packet, pkt_len, DHCP_MESSAGE_TYPE); + if (!message_type) + return TRUE; + } +@@ -2378,7 +2380,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + dhcp_client->timeout = 0; + dhcp_client->retry_times = 0; + +- option = dhcp_get_option(&packet, DHCP_SERVER_ID); ++ option = dhcp_get_option(&packet, pkt_len, DHCP_SERVER_ID); + dhcp_client->server_ip = get_be32(option); + dhcp_client->requested_ip = ntohl(packet.yiaddr); + +@@ -2428,9 +2430,9 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + + remove_timeouts(dhcp_client); + +- dhcp_client->lease_seconds = get_lease(&packet); ++ dhcp_client->lease_seconds = get_lease(&packet, pkt_len); + +- get_request(dhcp_client, &packet); ++ get_request(dhcp_client, &packet, pkt_len); + + switch_listening_mode(dhcp_client, L_NONE); + +@@ -2438,7 +2440,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + dhcp_client->assigned_ip = get_ip(packet.yiaddr); + + if (dhcp_client->state == REBOOTING) { +- option = dhcp_get_option(&packet, ++ option = dhcp_get_option(&packet, pkt_len, + DHCP_SERVER_ID); + dhcp_client->server_ip = get_be32(option); + } +diff --git a/gdhcp/common.c b/gdhcp/common.c +index 1d667d17..c8916aa8 100644 +--- a/gdhcp/common.c ++++ b/gdhcp/common.c +@@ -73,18 +73,21 @@ GDHCPOptionType dhcp_get_code_type(uint8_t code) + return OPTION_UNKNOWN; + } + +-uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code) ++uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code) + { + int len, rem; +- uint8_t *optionptr; ++ uint8_t *optionptr, *options_end; ++ size_t options_len; + uint8_t overload = 0; + + /* option bytes: [code][len][data1][data2]..[dataLEN] */ + optionptr = packet->options; + rem = sizeof(packet->options); ++ options_len = packet_len - (sizeof(*packet) - sizeof(packet->options)); ++ options_end = optionptr + options_len - 1; + + while (1) { +- if (rem <= 0) ++ if ((rem <= 0) && (optionptr + OPT_CODE > options_end)) + /* Bad packet, malformed option field */ + return NULL; + +@@ -115,14 +118,25 @@ uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code) + break; + } + ++ if (optionptr + OPT_LEN > options_end) { ++ /* bad packet, would read length field from OOB */ ++ return NULL; ++ } ++ + len = 2 + optionptr[OPT_LEN]; + + rem -= len; + if (rem < 0) + continue; /* complain and return NULL */ + +- if (optionptr[OPT_CODE] == code) +- return optionptr + OPT_DATA; ++ if (optionptr[OPT_CODE] == code) { ++ if (optionptr + len > options_end) { ++ /* bad packet, option length points OOB */ ++ return NULL; ++ } else { ++ return optionptr + OPT_DATA; ++ } ++ } + + if (optionptr[OPT_CODE] == DHCP_OPTION_OVERLOAD) + overload |= optionptr[OPT_DATA]; +diff --git a/gdhcp/common.h b/gdhcp/common.h +index 9660231c..8f63fd75 100644 +--- a/gdhcp/common.h ++++ b/gdhcp/common.h +@@ -179,7 +179,7 @@ struct in6_pktinfo { + }; + #endif + +-uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code); ++uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code); + uint8_t *dhcpv6_get_option(struct dhcpv6_packet *packet, uint16_t pkt_len, + int code, uint16_t *option_len, int *option_count); + uint8_t *dhcpv6_get_sub_option(unsigned char *option, uint16_t max_len, +diff --git a/gdhcp/server.c b/gdhcp/server.c +index 85405f19..52ea2a55 100644 +--- a/gdhcp/server.c ++++ b/gdhcp/server.c +@@ -413,7 +413,7 @@ error: + } + + +-static uint8_t check_packet_type(struct dhcp_packet *packet) ++static uint8_t check_packet_type(struct dhcp_packet *packet, uint16_t packet_len) + { + uint8_t *type; + +@@ -423,7 +423,7 @@ static uint8_t check_packet_type(struct dhcp_packet *packet) + if (packet->op != BOOTREQUEST) + return 0; + +- type = dhcp_get_option(packet, DHCP_MESSAGE_TYPE); ++ type = dhcp_get_option(packet, packet_len, DHCP_MESSAGE_TYPE); + + if (!type) + return 0; +@@ -651,6 +651,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + struct dhcp_lease *lease; + uint32_t requested_nip = 0; + uint8_t type, *server_id_option, *request_ip_option; ++ uint16_t packet_len; + int re; + + if (condition & (G_IO_NVAL | G_IO_ERR | G_IO_HUP)) { +@@ -661,12 +662,13 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + re = dhcp_recv_l3_packet(&packet, dhcp_server->listener_sockfd); + if (re < 0) + return TRUE; ++ packet_len = (uint16_t)(unsigned int)re; + +- type = check_packet_type(&packet); ++ type = check_packet_type(&packet, packet_len); + if (type == 0) + return TRUE; + +- server_id_option = dhcp_get_option(&packet, DHCP_SERVER_ID); ++ server_id_option = dhcp_get_option(&packet, packet_len, DHCP_SERVER_ID); + if (server_id_option) { + uint32_t server_nid = + get_unaligned((const uint32_t *) server_id_option); +@@ -675,7 +677,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + return TRUE; + } + +- request_ip_option = dhcp_get_option(&packet, DHCP_REQUESTED_IP); ++ request_ip_option = dhcp_get_option(&packet, packet_len, DHCP_REQUESTED_IP); + if (request_ip_option) + requested_nip = get_be32(request_ip_option); + +-- +2.17.1 diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch new file mode 100644 index 0000000000..ce909ec293 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch @@ -0,0 +1,33 @@ +From a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 Mon Sep 17 00:00:00 2001 +From: Colin Wee <cwee@tesla.com> +Date: Thu, 28 Jan 2021 19:41:09 +0100 +Subject: [PATCH] gdhcp: Avoid leaking stack data via unitiialized variable + +Fixes: CVE-2021-26676 + +Upstream-Status: Backport +CVE: CVE-2021-26676 + +Reference to upstream patch: +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + gdhcp/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdhcp/client.c b/gdhcp/client.c +index 6a5613e7..c7b85e58 100644 +--- a/gdhcp/client.c ++++ b/gdhcp/client.c +@@ -2270,7 +2270,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition, + { + GDHCPClient *dhcp_client = user_data; + struct sockaddr_in dst_addr = { 0 }; +- struct dhcp_packet packet; ++ struct dhcp_packet packet = { 0 }; + struct dhcpv6_packet *packet6 = NULL; + uint8_t *message_type = NULL, *client_id = NULL, *option, + *server_id = NULL; +-- +2.17.1 diff --git a/poky/meta/recipes-connectivity/connman/connman_1.37.bb b/poky/meta/recipes-connectivity/connman/connman_1.37.bb index 00852bf0d6..bdab4c4f18 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.37.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.37.bb @@ -6,6 +6,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \ file://connman \ file://no-version-scripts.patch \ + file://CVE-2021-26675.patch \ + file://CVE-2021-26676-0001.patch \ + file://CVE-2021-26676-0002.patch \ " SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index fe94f30503..6ed54a8139 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -28,10 +28,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here +CVE_CHECK_WHITELIST += "CVE-2007-2768" + # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded CVE_CHECK_WHITELIST += "CVE-2014-9278" +# CVE only applies to some distributed RHEL binaries +CVE_CHECK_WHITELIST += "CVE-2008-3844" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb index f054d2fdba..5f281197c9 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb @@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf" +SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch new file mode 100644 index 0000000000..004b1dbd19 --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch @@ -0,0 +1,58 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> + +Upstream-Status: Backport +CVE: CVE-2021-27803 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec0..05fd593 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch new file mode 100644 index 0000000000..e2540fc26b --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch @@ -0,0 +1,123 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +CVE: CVE-2021-30004 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index 141ac50..e09db07 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index 1bd5aa0..bf2289f 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index caa6018ce8..cddcfb6811 100644 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -31,6 +31,8 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ file://CVE-2021-0326.patch \ + file://CVE-2021-27803.patch \ + file://CVE-2021-30004.patch \ " SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb index 7dd9e41def..aabeee882c 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb @@ -26,6 +26,10 @@ SRC_URI_append_libc-musl = "file://strtod_fix_clash_with_strtold.patch" SRC_URI[md5sum] = "0009a224d8e288e8ec406ef0161f9293" SRC_URI[sha256sum] = "ff7a9c918edce6b4f4b2725e3f9b37b0c4d193531cac49a48b56c4d0d3a9e9fd" +# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 +# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. +CVE_CHECK_WHITELIST += "CVE-2016-2781" + EXTRA_OECONF_class-native = "--without-gmp" EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 5f726537ff..7ae64a190f 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.31/master" PV = "2.31+git${SRCPV}" -SRCREV_glibc ?= "df31c7ca927242d5d4eee97f93a01e23ff47e332" +SRCREV_glibc ?= "f84949f1c4bbf20e6a1d9a5859cf012cde060ede" SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch deleted file mode 100644 index 73df1da868..0000000000 --- a/poky/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch +++ /dev/null @@ -1,135 +0,0 @@ -From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@suse.de> -Date: Mon, 21 Dec 2020 08:56:43 +0530 -Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973) - -The byte 0xfe as input to the EUC-KR conversion denotes a user-defined -area and is not allowed. The from_euc_kr function used to skip two bytes -when told to skip over the unknown designation, potentially running over -the buffer end. - -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] -CVE: CVE-2019-25013 -Signed-off-by: Scott Murray <scott.murray@konsulko.com> -[Refreshed for Dundell context; Makefile changes] -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - iconvdata/Makefile | 3 ++- - iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++ - iconvdata/euc-kr.c | 6 +---- - iconvdata/ksc5601.h | 6 ++--- - 4 files changed, 59 insertions(+), 9 deletions(-) - create mode 100644 iconvdata/bug-iconv13.c - -Index: git/iconvdata/Makefile -=================================================================== ---- git.orig/iconvdata/Makefile -+++ git/iconvdata/Makefile -@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules - ifeq (yes,$(build-shared)) - tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ - tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ -- bug-iconv10 bug-iconv11 bug-iconv12 -+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 - ifeq ($(have-thread-library),yes) - tests += bug-iconv3 - endif -Index: git/iconvdata/bug-iconv13.c -=================================================================== ---- /dev/null -+++ git/iconvdata/bug-iconv13.c -@@ -0,0 +1,53 @@ -+/* bug 24973: Test EUC-KR module -+ Copyright (C) 2020 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <https://www.gnu.org/licenses/>. */ -+ -+#include <errno.h> -+#include <iconv.h> -+#include <stdio.h> -+#include <support/check.h> -+ -+static int -+do_test (void) -+{ -+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR"); -+ TEST_VERIFY_EXIT (cd != (iconv_t) -1); -+ -+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined -+ areas, which are not allowed and should be skipped over due to -+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which -+ should be checked first. */ -+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' }; -+ char *inptr = input; -+ size_t insize = sizeof (input); -+ char output[4]; -+ char *outptr = output; -+ size_t outsize = sizeof (output); -+ -+ /* This used to crash due to buffer overrun. */ -+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1); -+ TEST_VERIFY (errno == EINVAL); -+ /* The conversion should produce one character, the converted null -+ character. */ -+ TEST_VERIFY (sizeof (output) - outsize == 1); -+ -+ TEST_VERIFY_EXIT (iconv_close (cd) != -1); -+ -+ return 0; -+} -+ -+#include <support/test-driver.c> -Index: git/iconvdata/euc-kr.c -=================================================================== ---- git.orig/iconvdata/euc-kr.c -+++ git/iconvdata/euc-kr.c -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c - \ - if (ch <= 0x9f) \ - ++inptr; \ -- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ -- user-defined areas. */ \ -- else if (__builtin_expect (ch == 0xa0, 0) \ -- || __builtin_expect (ch > 0xfe, 0) \ -- || __builtin_expect (ch == 0xc9, 0)) \ -+ else if (__glibc_unlikely (ch == 0xa0)) \ - { \ - /* This is illegal. */ \ - STANDARD_FROM_LOOP_ERR_HANDLER (1); \ -Index: git/iconvdata/ksc5601.h -=================================================================== ---- git.orig/iconvdata/ksc5601.h -+++ git/iconvdata/ksc5601.h -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s - unsigned char ch2; - int idx; - -+ if (avail < 2) -+ return 0; -+ - /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ - - if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e - || (ch - offset) == 0x49) - return __UNKNOWN_10646_CHAR; - -- if (avail < 2) -- return 0; -- - ch2 = (*s)[1]; - if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) - return __UNKNOWN_10646_CHAR; diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch deleted file mode 100644 index c51fb3223a..0000000000 --- a/poky/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001 -From: Michael Colavita <mcolavita@fb.com> -Date: Thu, 19 Nov 2020 11:44:40 -0500 -Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - -Previously, in UCS4 conversion routines we limit the number of -characters we examine to the minimum of the number of characters in the -input and the number of characters in the output. This is not the -correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume -an output character when we skip a code unit. Instead, track the input -and output pointers and terminate the loop when either reaches its -limit. - -This resolves assertion failures when resetting the input buffer in a step of -iconv, which assumes that the input will be fully consumed given sufficient -output space. - -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=228edd356f03bf62dcf2b1335f25d43c602ee68d] -CVE: CVE-2020-29562 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> - ---- - iconv/Makefile | 2 +- - iconv/gconv_simple.c | 16 ++++---------- - iconv/tst-iconv8.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 55 insertions(+), 13 deletions(-) - create mode 100644 iconv/tst-iconv8.c - -diff --git a/iconv/Makefile b/iconv/Makefile -index 30bf996d3a..f9b51e23ec 100644 ---- a/iconv/Makefile -+++ b/iconv/Makefile -@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION - CFLAGS-simple-hash.c += -I../locale - - tests = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \ -- tst-iconv7 tst-iconv-mt tst-iconv-opt -+ tst-iconv7 tst-iconv8 tst-iconv-mt tst-iconv-opt - - others = iconv_prog iconvconfig - install-others-programs = $(inst_bindir)/iconv -diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c -index d4797fba17..963b29f246 100644 ---- a/iconv/gconv_simple.c -+++ b/iconv/gconv_simple.c -@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - uint32_t inval; - -@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - if (__glibc_unlikely (inptr[0] > 0x80)) - { -@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - uint32_t inval; - -@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - if (__glibc_unlikely (inptr[3] > 0x80)) - { -diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c -new file mode 100644 -index 0000000000..0b92b19f66 ---- /dev/null -+++ b/iconv/tst-iconv8.c -@@ -0,0 +1,50 @@ -+/* Test iconv behavior on UCS4 conversions with //IGNORE. -+ Copyright (C) 2020 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ -+/* Derived from BZ #26923 */ -+#include <errno.h> -+#include <iconv.h> -+#include <stdio.h> -+#include <support/check.h> -+ -+static int -+do_test (void) -+{ -+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/"); -+ TEST_VERIFY_EXIT (cd != (iconv_t) -1); -+ -+ /* -+ * Convert sequence beginning with an irreversible character into buffer that -+ * is too small. -+ */ -+ char input[12] = "\xe1\x80\xa1" "AAAAAAAAA"; -+ char *inptr = input; -+ size_t insize = sizeof (input); -+ char output[6]; -+ char *outptr = output; -+ size_t outsize = sizeof (output); -+ -+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1); -+ TEST_VERIFY (errno == E2BIG); -+ -+ TEST_VERIFY_EXIT (iconv_close (cd) != -1); -+ -+ return 0; -+} -+ -+#include <support/test-driver.c> --- -2.27.0 - diff --git a/poky/meta/recipes-core/glibc/glibc_2.31.bb b/poky/meta/recipes-core/glibc/glibc_2.31.bb index b75bbb4196..23242fff76 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.31.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.31.bb @@ -1,7 +1,22 @@ require glibc.inc require glibc-version.inc -CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752" +CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \ + CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \ +" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 +# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. +# "this is being treated as a non-security bug and no real threat." +CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 +# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow +# easier access for another. "ASLR bypass itself is not a vulnerability." +# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 +CVE_CHECK_WHITELIST += "CVE-2019-1010025" DEPENDS += "gperf-native bison-native make-native" @@ -41,9 +56,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \ file://0028-inject-file-assembly-directives.patch \ file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ - file://CVE-2020-29562.patch \ file://CVE-2020-29573.patch \ - file://CVE-2019-25013.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index f5cc20fa6d..96c47bd2af 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,9 +22,9 @@ APPEND += "rootfstype=ext4 quiet" DEPENDS = "zip-native python3-pip-native" IMAGE_FSTYPES = "wic.vmdk" -inherit core-image module-base setuptools3 +inherit core-image setuptools3 -SRCREV ?= "fadf7d3343305337c38a5243797723c68e88276a" +SRCREV ?= "f22c2d6670d3b6f0d6eaa201fb2f9307a8d503d5" SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ @@ -61,12 +61,6 @@ fakeroot do_populate_poky_src () { # Place the README_VirtualBox_Toaster file in builders home folder. cp ${WORKDIR}/README_VirtualBox_Toaster.txt ${IMAGE_ROOTFS}/home/builder/ - # Create a symlink, needed for out-of-tree kernel modules build - if [ ! -e ${IMAGE_ROOTFS}/lib/modules/${KERNEL_VERSION}/build ]; then - rm -f ${IMAGE_ROOTFS}/lib/modules/${KERNEL_VERSION}/build - lnr ${IMAGE_ROOTFS}${KERNEL_SRC_PATH} ${IMAGE_ROOTFS}/lib/modules/${KERNEL_VERSION}/build - fi - echo "INHERIT += \"rm_work\"" >> ${IMAGE_ROOTFS}/home/builder/poky/build/conf/auto.conf echo "export LC_ALL=en_US.utf8" >> ${IMAGE_ROOTFS}/home/builder/.bashrc diff --git a/poky/meta/recipes-core/initrdscripts/files/init-install-efi.sh b/poky/meta/recipes-core/initrdscripts/files/init-install-efi.sh index b6855b5aac..f667518b89 100644 --- a/poky/meta/recipes-core/initrdscripts/files/init-install-efi.sh +++ b/poky/meta/recipes-core/initrdscripts/files/init-install-efi.sh @@ -279,6 +279,11 @@ fi umount /tgt_root +# copy any extra files needed for ESP +if [ -d /run/media/$1/esp ]; then + cp -r /run/media/$1/esp/* /boot +fi + # Copy kernel artifacts. To add more artifacts just add to types # For now just support kernel types already being used by something in OE-core for types in bzImage zImage vmlinux vmlinuz fitImage; do diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 9e8e006a32..e86c69803f 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -132,14 +132,24 @@ def parse_node_and_insert(c, node, cveId): for cpe in node.get('cpe_match', ()): if not cpe['vulnerable']: return - cpe23 = cpe['cpe23Uri'].split(':') + cpe23 = cpe.get('cpe23Uri') + if not cpe23: + return + cpe23 = cpe23.split(':') + if len(cpe23) < 6: + return vendor = cpe23[3] product = cpe23[4] version = cpe23[5] + if cpe23[6] == '*' or cpe23[6] == '-': + version_suffix = "" + else: + version_suffix = "_" + cpe23[6] + if version != '*' and version != '-': # Version is defined, this is a '=' match - yield [cveId, vendor, product, version, '=', '', ''] + yield [cveId, vendor, product, version + version_suffix, '=', '', ''] elif version == '-': # no version information is available yield [cveId, vendor, product, version, '', '', ''] diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 6ecb23b29f..c32963a807 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -1,7 +1,7 @@ -From 0a8362cfb9f00870d70687475665b131dd82c947 Mon Sep 17 00:00:00 2001 +From 200ff35c6545b4ab85f5ea7a6096fbaec3d82f6d Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Thu, 9 Jun 2016 02:23:01 -0700 -Subject: [PATCH 1/5] ovmf: update path to native BaseTools +Subject: [PATCH 1/4] ovmf: update path to native BaseTools BaseTools is a set of utilities to build EDK-based firmware. These utilities are used during the build process. Thus, they need to be built natively. @@ -30,5 +30,5 @@ index 91b1442ade..1858dae31a 100755 source edksetup.sh BaseTools else -- -2.17.1 +2.28.0 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index f37ed018ab..c61a08f022 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -1,7 +1,7 @@ -From a8bceaec1b16fffbf6810df05503d8ae9092b735 Mon Sep 17 00:00:00 2001 +From 667c0cf97dadc4f5994d26ec3984f559a05ec406 Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Fri, 26 Jul 2019 17:34:26 -0400 -Subject: [PATCH 2/5] BaseTools: makefile: adjust to build in under bitbake +Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build using the bitbake native sysroot include and library directories. @@ -10,14 +10,14 @@ Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> Upstream-Status: Pending --- - BaseTools/Source/C/Makefiles/header.makefile | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) + BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 4e9b36d98b..eb03ee33fa 100644 +index 1c105ee7d4..d5eea3864e 100644 --- a/BaseTools/Source/C/Makefiles/header.makefile +++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -62,23 +62,23 @@ $(error Bad HOST_ARCH) +@@ -69,35 +69,36 @@ $(error Bad HOST_ARCH) endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
@@ -33,19 +33,35 @@ index 4e9b36d98b..eb03ee33fa 100644 +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
+ ifeq ($(CXX), llvm)
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ -fno-delete-null-pointer-checks -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-self-assign \
+ -Wno-unused-result -nostdlib -g
+ else
-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif
+ endif
+ ifeq ($(CXX), llvm)
+-BUILD_LFLAGS =
+-BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result
++BUILD_LFLAGS = $(LDFLAGS)
++BUILD_CXXFLAGS += -Wno-deprecated-register -Wno-unused-result
+ else
-BUILD_LFLAGS =
-BUILD_CXXFLAGS = -Wno-unused-result
+BUILD_LFLAGS = $(LDFLAGS)
+BUILD_CXXFLAGS += -Wno-unused-result
-
+ endif
++
ifeq ($(HOST_ARCH), IA32)
#
+ # Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
-- -2.17.1 +2.28.0 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch index ab1e7db31f..df1d159011 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch @@ -1,7 +1,7 @@ -From 60a5f953f747e1e9e05a40157b651cba8ea57b91 Mon Sep 17 00:00:00 2001 +From e19481e5a64f8915ac118899b10c40d12c0f9daa Mon Sep 17 00:00:00 2001 From: Dengke Du <dengke.du@windriver.com> Date: Mon, 11 Sep 2017 02:21:55 -0400 -Subject: [PATCH 3/5] ovmf: enable long path file +Subject: [PATCH 3/4] ovmf: enable long path file Upstream-Status: Pending Signed-off-by: Dengke Du <dengke.du@windriver.com> @@ -24,5 +24,5 @@ index e1cce985f7..d67d03c70c 100644 #define MAX_UINT64 ((UINT64)0xFFFFFFFFFFFFFFFFULL)
#define MAX_UINT32 ((UINT32)0xFFFFFFFF)
-- -2.17.1 +2.28.0 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch index c10a39d95d..128438b201 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch @@ -1,7 +1,7 @@ -From 94eff316b31b4d0348af28c77be5c00bc09fe8e7 Mon Sep 17 00:00:00 2001 +From ad06fcf1e08736e79221cd6863ff2e3c9254f261 Mon Sep 17 00:00:00 2001 From: Steve Langasek <steve.langasek@ubuntu.com> Date: Sat, 10 Jun 2017 01:39:36 -0700 -Subject: [PATCH 4/5] ovmf: Update to latest +Subject: [PATCH 4/4] ovmf: Update to latest Description: pass -fno-stack-protector to all GCC toolchains The upstream build rules inexplicably pass -fno-stack-protector only @@ -15,15 +15,15 @@ Upstream-Status: Pending 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index ca0b122dbb..b0066c2ab8 100755 +index 933b3160fd..c2fbbf0c38 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -1941,10 +1941,10 @@ DEFINE GCC_X64_RC_FLAGS = -I binary -O elf64-x86-64 -B i386 - DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii
- DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
+@@ -1952,10 +1952,10 @@ DEFINE GCC_RISCV64_RC_FLAGS = -I binary -O elf64-littleriscv -B riscv + # GCC Build Flag for included header file list generation
+ DEFINE GCC_DEPS_FLAGS = -MMD -MF $@.deps
--DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
-+DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
+-DEFINE GCC48_ALL_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
++DEFINE GCC48_ALL_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -fno-stack-protector -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address
-DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address
@@ -32,7 +32,7 @@ index ca0b122dbb..b0066c2ab8 100755 DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
-@@ -1953,7 +1953,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF +@@ -1964,7 +1964,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF DEFINE GCC48_ASM_FLAGS = DEF(GCC_ASM_FLAGS)
DEFINE GCC48_ARM_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
DEFINE GCC48_AARCH64_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
@@ -42,5 +42,5 @@ index ca0b122dbb..b0066c2ab8 100755 DEFINE GCC48_AARCH64_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS)
DEFINE GCC48_AARCH64_CC_XIPFLAGS = DEF(GCC_AARCH64_CC_XIPFLAGS)
-- -2.17.1 +2.28.0 diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb index 9667fa0c86..088e348bdc 100644 --- a/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -12,15 +12,15 @@ LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776 PACKAGECONFIG ??= "" PACKAGECONFIG[secureboot] = ",,," -SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git \ +SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-ovmf-update-path-to-native-BaseTools.patch \ file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ file://0003-ovmf-enable-long-path-file.patch \ file://0004-ovmf-Update-to-latest.patch \ " -PV = "edk2-stable201911" -SRCREV = "bd85bf54c268204c7a698a96f3ccd96cd77952cd" +PV = "edk2-stable202008" +SRCREV = "06dc822d045c2bb42e497487935485302486e151" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" inherit deploy diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network index ff807ba31f..34c20fcb24 100644 --- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network +++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network @@ -1,6 +1,7 @@ [Match] Name=en* eth* KernelCommandLine=!nfsroot +KernelCommandLine=!ip [Network] DHCP=yes diff --git a/poky/meta/recipes-core/systemd/systemd-conf_244.3.bb b/poky/meta/recipes-core/systemd/systemd-conf_244.3.bb index d9ec023bfd..9b797a91f4 100644 --- a/poky/meta/recipes-core/systemd/systemd-conf_244.3.bb +++ b/poky/meta/recipes-core/systemd/systemd-conf_244.3.bb @@ -23,9 +23,6 @@ do_install() { # Based on change from YP bug 8141, OE commit 5196d7bacaef1076c361adaa2867be31759c1b52 do_install_append_qemuall() { install -D -m0644 ${WORKDIR}/system.conf-qemuall ${D}${systemd_unitdir}/system.conf.d/01-${PN}.conf - - # Do not install wired.network for qemu bsps - rm -rf ${D}${systemd_unitdir}/network } PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc index f557fe970c..3e10279b1d 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -46,5 +46,7 @@ SRC_URI = "\ file://0001-gas-improve-reproducibility-for-stabs-debugging-data.patch \ file://CVE-2020-16592.patch \ file://CVE-2020-16598.patch \ + file://CVE-2021-20197.patch \ + file://CVE-2021-3487.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-20197.patch new file mode 100644 index 0000000000..423814f98d --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-20197.patch @@ -0,0 +1,572 @@ +From d3edaa91d4cf7202ec14342410194841e2f67f12 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 26 Feb 2021 11:30:32 +1030 +Subject: [PATCH v2] Reinstate various pieces backed out from smart_rename changes + +In the interests of a stable release various last minute smart_rename +patches were backed out of the 2.36 branch. The main reason to +reinstate some of those backed out changes here is to make necessary +followup fixes to commit 8e03235147a9 simple cherry-picks from +mainline. A secondary reason is that ar -M support isn't fixed for +pr26945 without this patch. + + PR 26945 + * ar.c: Don't include libbfd.h. + (write_archive): Replace xmalloc+strcpy with xstrdup. + * arsup.c (temp_name, real_ofd): New static variables. + (ar_open): Use make_tempname and bfd_fdopenw. + (ar_save): Adjust to suit ar_open changes. + * objcopy.c: Don't include libbfd.h. + * rename.c: Rename and reorder variables. + +(cherry picked from commit 95b91a043aeaeb546d2fea556d84a2de1e917770) + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d3edaa91d4cf7202ec14342410194841e2f67f12] +CVE: CVE-2021-20197 +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + bfd/bfd-in2.h | 2 + + bfd/opncls.c | 33 ++++++++++ + binutils/ar.c | 15 +++-- + binutils/arsup.c | 37 ++++++++---- + binutils/bucomm.c | 4 +- + binutils/bucomm.h | 5 +- + binutils/objcopy.c | 37 +++++++----- + binutils/rename.c | 148 +++++++++++---------------------------------- + 8 files changed, 133 insertions(+), 148 deletions(-) + +diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h +index 2e453c50c18..e53f54a8ab7 100644 +--- a/bfd/bfd-in2.h ++++ b/bfd/bfd-in2.h +@@ -588,6 +588,8 @@ bfd *bfd_openr (const char *filename, const char *target); + + bfd *bfd_fdopenr (const char *filename, const char *target, int fd); + ++bfd *bfd_fdopenw (const char *filename, const char *target, int fd); ++ + bfd *bfd_openstreamr (const char * filename, const char * target, + void * stream); + +diff --git a/bfd/opncls.c b/bfd/opncls.c +index a03ad51c8fa..f9da97ed710 100644 +--- a/bfd/opncls.c ++++ b/bfd/opncls.c +@@ -370,6 +370,39 @@ bfd_fdopenr (const char *filename, const char *target, int fd) + return bfd_fopen (filename, target, mode, fd); + } + ++/* ++FUNCTION ++ bfd_fdopenw ++ ++SYNOPSIS ++ bfd *bfd_fdopenw (const char *filename, const char *target, int fd); ++ ++DESCRIPTION ++ <<bfd_fdopenw>> is exactly like <<bfd_fdopenr>> with the exception that ++ the resulting BFD is suitable for output. ++*/ ++ ++bfd * ++bfd_fdopenw (const char *filename, const char *target, int fd) ++{ ++ bfd *out = bfd_fdopenr (filename, target, fd); ++ ++ if (out != NULL) ++ { ++ if (!bfd_write_p (out)) ++ { ++ close (fd); ++ _bfd_delete_bfd (out); ++ out = NULL; ++ bfd_set_error (bfd_error_invalid_operation); ++ } ++ else ++ out->direction = write_direction; ++ } ++ ++ return out; ++} ++ + /* + FUNCTION + bfd_openstreamr +diff --git a/binutils/ar.c b/binutils/ar.c +index 1057db9980e..c33a11e0d70 100644 +--- a/binutils/ar.c ++++ b/binutils/ar.c +@@ -1195,20 +1195,23 @@ write_archive (bfd *iarch) + bfd *obfd; + char *old_name, *new_name; + bfd *contents_head = iarch->archive_next; ++ int ofd = -1; + +- old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1); +- strcpy (old_name, bfd_get_filename (iarch)); +- new_name = make_tempname (old_name); ++ old_name = xstrdup (bfd_get_filename (iarch)); ++ new_name = make_tempname (old_name, &ofd); + + if (new_name == NULL) + bfd_fatal (_("could not create temporary file whilst writing archive")); + + output_filename = new_name; + +- obfd = bfd_openw (new_name, bfd_get_target (iarch)); ++ obfd = bfd_fdopenw (new_name, bfd_get_target (iarch), ofd); + + if (obfd == NULL) +- bfd_fatal (old_name); ++ { ++ close (ofd); ++ bfd_fatal (old_name); ++ } + + output_bfd = obfd; + +@@ -1246,7 +1249,7 @@ write_archive (bfd *iarch) + /* We don't care if this fails; we might be creating the archive. */ + bfd_close (iarch); + +- if (smart_rename (new_name, old_name, 0) != 0) ++ if (smart_rename (new_name, old_name, NULL) != 0) + xexit (1); + free (old_name); + free (new_name); +diff --git a/binutils/arsup.c b/binutils/arsup.c +index 00967c972cd..b8ae4f7ec1a 100644 +--- a/binutils/arsup.c ++++ b/binutils/arsup.c +@@ -42,6 +42,8 @@ extern int deterministic; + + static bfd *obfd; + static char *real_name; ++static char *temp_name; ++static int real_ofd; + static FILE *outfile; + + static void +@@ -149,27 +151,24 @@ maybequit (void) + void + ar_open (char *name, int t) + { +- char *tname; +- const char *bname = lbasename (name); +- real_name = name; ++ real_name = xstrdup (name); ++ temp_name = make_tempname (real_name, &real_ofd); + +- /* Prepend tmp- to the beginning, to avoid file-name clashes after +- truncation on filesystems with limited namespaces (DOS). */ +- if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1) ++ if (temp_name == NULL) + { +- fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"), ++ fprintf (stderr, _("%s: Can't open temporary file (%s)\n"), + program_name, strerror(errno)); + maybequit (); + return; + } + +- obfd = bfd_openw (tname, NULL); ++ obfd = bfd_fdopenw (temp_name, NULL, real_ofd); + + if (!obfd) + { + fprintf (stderr, + _("%s: Can't open output archive %s\n"), +- program_name, tname); ++ program_name, temp_name); + + maybequit (); + } +@@ -344,16 +343,30 @@ ar_save (void) + } + else + { +- char *ofilename = xstrdup (bfd_get_filename (obfd)); ++ struct stat target_stat; + + if (deterministic > 0) + obfd->flags |= BFD_DETERMINISTIC_OUTPUT; + + bfd_close (obfd); + +- smart_rename (ofilename, real_name, 0); ++ if (stat (real_name, &target_stat) != 0) ++ { ++ /* The temp file created in ar_open has mode 0600 as per mkstemp. ++ Create the real empty output file here so smart_rename will ++ update the mode according to the process umask. */ ++ obfd = bfd_openw (real_name, NULL); ++ if (obfd != NULL) ++ { ++ bfd_set_format (obfd, bfd_archive); ++ bfd_close (obfd); ++ } ++ } ++ ++ smart_rename (temp_name, real_name, NULL); + obfd = 0; +- free (ofilename); ++ free (temp_name); ++ free (real_name); + } + } + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index 9e6a02843e6..53244201f89 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -532,7 +532,7 @@ template_in_dir (const char *path) + as FILENAME. */ + + char * +-make_tempname (const char *filename) ++make_tempname (const char *filename, int *ofd) + { + char *tmpname = template_in_dir (filename); + int fd; +@@ -550,7 +550,7 @@ make_tempname (const char *filename) + free (tmpname); + return NULL; + } +- close (fd); ++ *ofd = fd; + return tmpname; + } + +diff --git a/binutils/bucomm.h b/binutils/bucomm.h +index d8318343f78..2b164e0af68 100644 +--- a/binutils/bucomm.h ++++ b/binutils/bucomm.h +@@ -51,7 +51,7 @@ int display_info (void); + + void print_arelt_descr (FILE *, bfd *, bfd_boolean, bfd_boolean); + +-char *make_tempname (const char *); ++char *make_tempname (const char *, int *); + char *make_tempdir (const char *); + + bfd_vma parse_vma (const char *, const char *); +@@ -71,7 +71,8 @@ extern void print_version (const char *); + /* In rename.c. */ + extern void set_times (const char *, const struct stat *); + +-extern int smart_rename (const char *, const char *, int); ++extern int smart_rename (const char *, const char *, struct stat *); ++ + + /* In libiberty. */ + void *xmalloc (size_t); +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 212e25144e6..5ccbd926610 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -3682,7 +3682,7 @@ set_long_section_mode (bfd *output_bfd, bfd *input_bfd, enum long_section_name_h + /* The top-level control. */ + + static void +-copy_file (const char *input_filename, const char *output_filename, ++copy_file (const char *input_filename, const char *output_filename, int ofd, + const char *input_target, const char *output_target, + const bfd_arch_info_type *input_arch) + { +@@ -3757,9 +3757,14 @@ copy_file (const char *input_filename, const char *output_filename, + else + force_output_target = TRUE; + +- obfd = bfd_openw (output_filename, output_target); ++ if (ofd >= 0) ++ obfd = bfd_fdopenw (output_filename, output_target, ofd); ++ else ++ obfd = bfd_openw (output_filename, output_target); ++ + if (obfd == NULL) + { ++ close (ofd); + bfd_nonfatal_message (output_filename, NULL, NULL, NULL); + status = 1; + return; +@@ -3787,13 +3792,19 @@ copy_file (const char *input_filename, const char *output_filename, + if (output_target == NULL) + output_target = bfd_get_target (ibfd); + +- obfd = bfd_openw (output_filename, output_target); ++ if (ofd >= 0) ++ obfd = bfd_fdopenw (output_filename, output_target, ofd); ++ else ++ obfd = bfd_openw (output_filename, output_target); ++ + if (obfd == NULL) + { ++ close (ofd); + bfd_nonfatal_message (output_filename, NULL, NULL, NULL); + status = 1; + return; + } ++ + /* This is a no-op on non-Coff targets. */ + set_long_section_mode (obfd, ibfd, long_section_names); + +@@ -4746,6 +4757,7 @@ strip_main (int argc, char *argv[]) + int hold_status = status; + struct stat statbuf; + char *tmpname; ++ int tmpfd = -1; + + if (get_file_size (argv[i]) < 1) + { +@@ -4760,7 +4772,7 @@ strip_main (int argc, char *argv[]) + + if (output_file == NULL + || filename_cmp (argv[i], output_file) == 0) +- tmpname = make_tempname (argv[i]); ++ tmpname = make_tempname (argv[i], &tmpfd); + else + tmpname = output_file; + +@@ -4773,15 +4785,13 @@ strip_main (int argc, char *argv[]) + } + + status = 0; +- copy_file (argv[i], tmpname, input_target, output_target, NULL); ++ copy_file (argv[i], tmpname, tmpfd, input_target, output_target, NULL); + if (status == 0) + { +- if (preserve_dates) +- set_times (tmpname, &statbuf); + if (output_file != tmpname) + status = (smart_rename (tmpname, + output_file ? output_file : argv[i], +- preserve_dates) != 0); ++ preserve_dates ? &statbuf : NULL) != 0); + if (status == 0) + status = hold_status; + } +@@ -4993,7 +5003,7 @@ copy_main (int argc, char *argv[]) + bfd_boolean formats_info = FALSE; + bfd_boolean use_globalize = FALSE; + bfd_boolean use_keep_global = FALSE; +- int c; ++ int c, tmpfd = -1; + struct stat statbuf; + const bfd_arch_info_type *input_arch = NULL; + +@@ -5839,7 +5849,7 @@ copy_main (int argc, char *argv[]) + are the same, then create a temp and rename the result into the input. */ + if (output_filename == NULL + || filename_cmp (input_filename, output_filename) == 0) +- tmpname = make_tempname (input_filename); ++ tmpname = make_tempname (input_filename, &tmpfd); + else + tmpname = output_filename; + +@@ -5847,14 +5857,13 @@ copy_main (int argc, char *argv[]) + fatal (_("warning: could not create temporary file whilst copying '%s', (error: %s)"), + input_filename, strerror (errno)); + +- copy_file (input_filename, tmpname, input_target, output_target, input_arch); ++ copy_file (input_filename, tmpname, tmpfd, input_target, output_target, ++ input_arch); + if (status == 0) + { +- if (preserve_dates) +- set_times (tmpname, &statbuf); + if (tmpname != output_filename) + status = (smart_rename (tmpname, input_filename, +- preserve_dates) != 0); ++ preserve_dates ? &statbuf : NULL) != 0); + } + else + unlink_if_ordinary (tmpname); +diff --git a/binutils/rename.c b/binutils/rename.c +index bf3b68d0462..07d44d0f314 100644 +--- a/binutils/rename.c ++++ b/binutils/rename.c +@@ -24,14 +24,9 @@ + + #ifdef HAVE_GOOD_UTIME_H + #include <utime.h> +-#else /* ! HAVE_GOOD_UTIME_H */ +-#ifdef HAVE_UTIMES ++#elif defined HAVE_UTIMES + #include <sys/time.h> +-#endif /* HAVE_UTIMES */ +-#endif /* ! HAVE_GOOD_UTIME_H */ +- +-#if ! defined (_WIN32) || defined (__CYGWIN32__) +-static int simple_copy (const char *, const char *); ++#endif + + /* The number of bytes to copy at once. */ + #define COPY_BUF 8192 +@@ -82,7 +77,6 @@ simple_copy (const char *from, const char *to) + } + return 0; + } +-#endif /* __CYGWIN32__ or not _WIN32 */ + + /* Set the times of the file DESTINATION to be the same as those in + STATBUF. */ +@@ -91,122 +85,52 @@ void + set_times (const char *destination, const struct stat *statbuf) + { + int result; +- +- { + #ifdef HAVE_GOOD_UTIME_H +- struct utimbuf tb; +- +- tb.actime = statbuf->st_atime; +- tb.modtime = statbuf->st_mtime; +- result = utime (destination, &tb); +-#else /* ! HAVE_GOOD_UTIME_H */ +-#ifndef HAVE_UTIMES +- long tb[2]; +- +- tb[0] = statbuf->st_atime; +- tb[1] = statbuf->st_mtime; +- result = utime (destination, tb); +-#else /* HAVE_UTIMES */ +- struct timeval tv[2]; +- +- tv[0].tv_sec = statbuf->st_atime; +- tv[0].tv_usec = 0; +- tv[1].tv_sec = statbuf->st_mtime; +- tv[1].tv_usec = 0; +- result = utimes (destination, tv); +-#endif /* HAVE_UTIMES */ +-#endif /* ! HAVE_GOOD_UTIME_H */ +- } ++ struct utimbuf tb; ++ ++ tb.actime = statbuf->st_atime; ++ tb.modtime = statbuf->st_mtime; ++ result = utime (destination, &tb); ++#elif defined HAVE_UTIMES ++ struct timeval tv[2]; ++ ++ tv[0].tv_sec = statbuf->st_atime; ++ tv[0].tv_usec = 0; ++ tv[1].tv_sec = statbuf->st_mtime; ++ tv[1].tv_usec = 0; ++ result = utimes (destination, tv); ++#else ++ long tb[2]; ++ ++ tb[0] = statbuf->st_atime; ++ tb[1] = statbuf->st_mtime; ++ result = utime (destination, tb); ++#endif + + if (result != 0) + non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno)); + } + +-#ifndef S_ISLNK +-#ifdef S_IFLNK +-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) +-#else +-#define S_ISLNK(m) 0 +-#define lstat stat +-#endif +-#endif +- +-/* Rename FROM to TO, copying if TO is a link. +- Return 0 if ok, -1 if error. */ ++/* Copy FROM to TO. TARGET_STAT has the file status that, if non-NULL, ++ is used to fix up timestamps. Return 0 if ok, -1 if error. ++ At one time this function renamed files, but file permissions are ++ tricky to update given the number of different schemes used by ++ various systems. So now we just copy. */ + + int +-smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNUSED) ++smart_rename (const char *from, const char *to, ++ struct stat *target_stat) + { +- bfd_boolean exists; +- struct stat s; +- int ret = 0; +- +- exists = lstat (to, &s) == 0; +- +-#if defined (_WIN32) && !defined (__CYGWIN32__) +- /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but +- fail instead. Also, chown is not present. */ ++ int ret; + +- if (exists) +- remove (to); +- +- ret = rename (from, to); ++ ret = simple_copy (from, to); + if (ret != 0) +- { +- /* We have to clean up here. */ +- non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno)); +- unlink (from); +- } +-#else +- /* Use rename only if TO is not a symbolic link and has +- only one hard link, and we have permission to write to it. */ +- if (! exists +- || (!S_ISLNK (s.st_mode) +- && S_ISREG (s.st_mode) +- && (s.st_mode & S_IWUSR) +- && s.st_nlink == 1) +- ) +- { +- ret = rename (from, to); +- if (ret == 0) +- { +- if (exists) +- { +- /* Try to preserve the permission bits and ownership of +- TO. First get the mode right except for the setuid +- bit. Then change the ownership. Then fix the setuid +- bit. We do the chmod before the chown because if the +- chown succeeds, and we are a normal user, we won't be +- able to do the chmod afterward. We don't bother to +- fix the setuid bit first because that might introduce +- a fleeting security problem, and because the chown +- will clear the setuid bit anyhow. We only fix the +- setuid bit if the chown succeeds, because we don't +- want to introduce an unexpected setuid file owned by +- the user running objcopy. */ +- chmod (to, s.st_mode & 0777); +- if (chown (to, s.st_uid, s.st_gid) >= 0) +- chmod (to, s.st_mode & 07777); +- } +- } +- else +- { +- /* We have to clean up here. */ +- non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno)); +- unlink (from); +- } +- } +- else +- { +- ret = simple_copy (from, to); +- if (ret != 0) +- non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno)); ++ non_fatal (_("unable to copy file '%s'; reason: %s"), ++ to, strerror (errno)); + +- if (preserve_dates) +- set_times (to, &s); +- unlink (from); +- } +-#endif /* _WIN32 && !__CYGWIN32__ */ ++ if (target_stat != NULL) ++ set_times (to, target_stat); ++ unlink (from); + + return ret; + } +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3487.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3487.patch new file mode 100644 index 0000000000..1502d03f43 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3487.patch @@ -0,0 +1,83 @@ +From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 26 Nov 2020 17:08:33 +0000 +Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt + DWARF debug sections. + + PR 26946 + * dwarf2.c (read_section): Check for debug sections with excessive + sizes. + + +Upstream-Status: Backport [ +https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=647cebce12a6b0a26960220caff96ff38978cf24 +] +CVE: CVE-2021-3487 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + bfd/dwarf2.c | 25 +++++++++++++++++++------ + 1 files changed, 25 insertions(+), 6 deletions(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 977bf43a6a1..8bbfc81d3e7 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -531,22 +531,24 @@ read_section (bfd * abfd, + bfd_byte ** section_buffer, + bfd_size_type * section_size) + { +- asection *msec; + const char *section_name = sec->uncompressed_name; + bfd_byte *contents = *section_buffer; +- bfd_size_type amt; + + /* The section may have already been read. */ + if (contents == NULL) + { ++ bfd_size_type amt; ++ asection *msec; ++ ufile_ptr filesize; ++ + msec = bfd_get_section_by_name (abfd, section_name); +- if (! msec) ++ if (msec == NULL) + { + section_name = sec->compressed_name; + if (section_name != NULL) + msec = bfd_get_section_by_name (abfd, section_name); + } +- if (! msec) ++ if (msec == NULL) + { + _bfd_error_handler (_("DWARF error: can't find %s section."), + sec->uncompressed_name); +@@ -554,12 +556,23 @@ read_section (bfd * abfd, + return FALSE; + } + +- *section_size = msec->rawsize ? msec->rawsize : msec->size; ++ amt = bfd_get_section_limit_octets (abfd, msec); ++ filesize = bfd_get_file_size (abfd); ++ if (amt >= filesize) ++ { ++ /* PR 26946 */ ++ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"), ++ section_name, (long) amt, (long) filesize); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ *section_size = amt; + /* Paranoia - alloc one extra so that we can make sure a string + section is NUL terminated. */ +- amt = *section_size + 1; ++ amt += 1; + if (amt == 0) + { ++ /* Paranoia - this should never happen. */ + bfd_set_error (bfd_error_no_memory); + return FALSE; + } +-- +2.27.0 + diff --git a/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb b/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb index 0a007bb2cd..ce242c3593 100644 --- a/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb +++ b/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "devel" DEPENDS += "expect-native" +RDEPENDS_${PN} = "expect" inherit autotools diff --git a/poky/meta/recipes-devtools/git/files/CVE-2021-21300.patch b/poky/meta/recipes-devtools/git/files/CVE-2021-21300.patch new file mode 100644 index 0000000000..9206f711cf --- /dev/null +++ b/poky/meta/recipes-devtools/git/files/CVE-2021-21300.patch @@ -0,0 +1,305 @@ +From 0e9cef2414f0df3fa5b9b56ff9072aa122bef29c Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowrgom@gmail.com> +Date: Sat, 27 Mar 2021 15:18:46 +0900 +Subject: [PATCH] checkout: fix bug that makes checkout follow symlinks in + leading path + +Before checking out a file, we have to confirm that all of its leading +components are real existing directories. And to reduce the number of +lstat() calls in this process, we cache the last leading path known to +contain only directories. However, when a path collision occurs (e.g. +when checking out case-sensitive files in case-insensitive file +systems), a cached path might have its file type changed on disk, +leaving the cache on an invalid state. Normally, this doesn't bring +any bad consequences as we usually check out files in index order, and +therefore, by the time the cached path becomes outdated, we no longer +need it anyway (because all files in that directory would have already +been written). + +But, there are some users of the checkout machinery that do not always +follow the index order. In particular: checkout-index writes the paths +in the same order that they appear on the CLI (or stdin); and the +delayed checkout feature -- used when a long-running filter process +replies with "status=delayed" -- postpones the checkout of some entries, +thus modifying the checkout order. + +When we have to check out an out-of-order entry and the lstat() cache is +invalid (due to a previous path collision), checkout_entry() may end up +using the invalid data and thrusting that the leading components are +real directories when, in reality, they are not. In the best case +scenario, where the directory was replaced by a regular file, the user +will get an error: "fatal: unable to create file 'foo/bar': Not a +directory". But if the directory was replaced by a symlink, checkout +could actually end up following the symlink and writing the file at a +wrong place, even outside the repository. Since delayed checkout is +affected by this bug, it could be used by an attacker to write +arbitrary files during the clone of a maliciously crafted repository. + +Some candidate solutions considered were to disable the lstat() cache +during unordered checkouts or sort the entries before passing them to +the checkout machinery. But both ideas include some performance penalty +and they don't future-proof the code against new unordered use cases. + +Instead, we now manually reset the lstat cache whenever we successfully +remove a directory. Note: We are not even checking whether the directory +was the same as the lstat cache points to because we might face a +scenario where the paths refer to the same location but differ due to +case folding, precomposed UTF-8 issues, or the presence of `..` +components in the path. Two regression tests, with case-collisions and +utf8-collisions, are also added for both checkout-index and delayed +checkout. + +Note: to make the previously mentioned clone attack unfeasible, it would +be sufficient to reset the lstat cache only after the remove_subtree() +call inside checkout_entry(). This is the place where we would remove a +directory whose path collides with the path of another entry that we are +currently trying to check out (possibly a symlink). However, in the +interest of a thorough fix that does not leave Git open to +similar-but-not-identical attack vectors, we decided to intercept +all `rmdir()` calls in one fell swoop. + +This addresses CVE-2021-21300. + +Co-authored-by: Johannes Schindelin <johannes.schindelin@gmx.de> +Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br> + +Upstream-Status: Acepted [https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592] +CVE: CVE-2021-21300 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + cache.h | 1 + + compat/mingw.c | 2 ++ + git-compat-util.h | 5 +++++ + symlinks.c | 25 +++++++++++++++++++++ + t/t0021-conversion.sh | 39 ++++++++++++++++++++++++++++++++ + t/t0021/rot13-filter.pl | 21 ++++++++++++++--- + t/t2006-checkout-index-basic.sh | 40 +++++++++++++++++++++++++++++++++ + 7 files changed, 130 insertions(+), 3 deletions(-) + +diff --git a/cache.h b/cache.h +index 04cabaa..dda373f 100644 +--- a/cache.h ++++ b/cache.h +@@ -1675,6 +1675,7 @@ int has_symlink_leading_path(const char *name, int len); + int threaded_has_symlink_leading_path(struct cache_def *, const char *, int); + int check_leading_path(const char *name, int len); + int has_dirs_only_path(const char *name, int len, int prefix_len); ++extern void invalidate_lstat_cache(void); + void schedule_dir_for_removal(const char *name, int len); + void remove_scheduled_dirs(void); + +diff --git a/compat/mingw.c b/compat/mingw.c +index bd24d91..cea9c72 100644 +--- a/compat/mingw.c ++++ b/compat/mingw.c +@@ -340,6 +340,8 @@ int mingw_rmdir(const char *pathname) + ask_yes_no_if_possible("Deletion of directory '%s' failed. " + "Should I try again?", pathname)) + ret = _wrmdir(wpathname); ++ if (!ret) ++ invalidate_lstat_cache(); + return ret; + } + +diff --git a/git-compat-util.h b/git-compat-util.h +index d0dd9c0..a1ecfd3 100644 +--- a/git-compat-util.h ++++ b/git-compat-util.h +@@ -365,6 +365,11 @@ static inline int noop_core_config(const char *var, const char *value, void *cb) + #define platform_core_config noop_core_config + #endif + ++int lstat_cache_aware_rmdir(const char *path); ++#if !defined(__MINGW32__) && !defined(_MSC_VER) ++#define rmdir lstat_cache_aware_rmdir ++#endif ++ + #ifndef has_dos_drive_prefix + static inline int git_has_dos_drive_prefix(const char *path) + { +diff --git a/symlinks.c b/symlinks.c +index 69d458a..ae3c665 100644 +--- a/symlinks.c ++++ b/symlinks.c +@@ -267,6 +267,13 @@ int has_dirs_only_path(const char *name, int len, int prefix_len) + */ + static int threaded_has_dirs_only_path(struct cache_def *cache, const char *name, int len, int prefix_len) + { ++ /* ++ * Note: this function is used by the checkout machinery, which also ++ * takes care to properly reset the cache when it performs an operation ++ * that would leave the cache outdated. If this function starts caching ++ * anything else besides FL_DIR, remember to also invalidate the cache ++ * when creating or deleting paths that might be in the cache. ++ */ + return lstat_cache(cache, name, len, + FL_DIR|FL_FULLPATH, prefix_len) & + FL_DIR; +@@ -321,3 +328,21 @@ void remove_scheduled_dirs(void) + { + do_remove_scheduled_dirs(0); + } ++ ++ ++void invalidate_lstat_cache(void) ++{ ++ reset_lstat_cache(&default_cache); ++} ++ ++#undef rmdir ++int lstat_cache_aware_rmdir(const char *path) ++{ ++ /* Any change in this function must be made also in `mingw_rmdir()` */ ++ int ret = rmdir(path); ++ ++ if (!ret) ++ invalidate_lstat_cache(); ++ ++ return ret; ++} +diff --git a/t/t0021-conversion.sh b/t/t0021-conversion.sh +index c954c70..6a1d5f6 100755 +--- a/t/t0021-conversion.sh ++++ b/t/t0021-conversion.sh +@@ -820,4 +820,43 @@ test_expect_success PERL 'invalid file in delayed checkout' ' + grep "error: external filter .* signaled that .unfiltered. is now available although it has not been delayed earlier" git-stderr.log + ' + ++for mode in 'case' 'utf-8' ++do ++ case "$mode" in ++ case) dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;; ++ utf-8) ++ dir=$(printf "\141\314\210") symlink=$(printf "\303\244") ++ mode_prereq='UTF8_NFD_TO_NFC' ;; ++ esac ++ ++ test_expect_success PERL,SYMLINKS,$mode_prereq \ ++ "delayed checkout with $mode-collision don't write to the wrong place" ' ++ test_config_global filter.delay.process \ ++ "\"$TEST_ROOT/rot13-filter.pl\" --always-delay delayed.log clean smudge delay" && ++ test_config_global filter.delay.required true && ++ git init $mode-collision && ++ ( ++ cd $mode-collision && ++ mkdir target-dir && ++ empty_oid=$(printf "" | git hash-object -w --stdin) && ++ symlink_oid=$(printf "%s" "$PWD/target-dir" | git hash-object -w --stdin) && ++ attr_oid=$(echo "$dir/z filter=delay" | git hash-object -w --stdin) && ++ cat >objs <<-EOF && ++ 100644 blob $empty_oid $dir/x ++ 100644 blob $empty_oid $dir/y ++ 100644 blob $empty_oid $dir/z ++ 120000 blob $symlink_oid $symlink ++ 100644 blob $attr_oid .gitattributes ++ EOF ++ git update-index --index-info <objs && ++ git commit -m "test commit" ++ ) && ++ git clone $mode-collision $mode-collision-cloned && ++ # Make sure z was really delayed ++ grep "IN: smudge $dir/z .* \\[DELAYED\\]" $mode-collision-cloned/delayed.log && ++ # Should not create $dir/z at $symlink/z ++ test_path_is_missing $mode-collision/target-dir/z ++ ' ++done ++ + test_done +diff --git a/t/t0021/rot13-filter.pl b/t/t0021/rot13-filter.pl +index 4701072..007f2d7 100644 +--- a/t/t0021/rot13-filter.pl ++++ b/t/t0021/rot13-filter.pl +@@ -2,9 +2,15 @@ + # Example implementation for the Git filter protocol version 2 + # See Documentation/gitattributes.txt, section "Filter Protocol" + # +-# The first argument defines a debug log file that the script write to. +-# All remaining arguments define a list of supported protocol +-# capabilities ("clean", "smudge", etc). ++# Usage: rot13-filter.pl [--always-delay] <log path> <capabilities> ++# ++# Log path defines a debug log file that the script writes to. The ++# subsequent arguments define a list of supported protocol capabilities ++# ("clean", "smudge", etc). ++# ++# When --always-delay is given all pathnames with the "can-delay" flag ++# that don't appear on the list bellow are delayed with a count of 1 ++# (see more below). + # + # This implementation supports special test cases: + # (1) If data with the pathname "clean-write-fail.r" is processed with +@@ -53,6 +59,13 @@ sub gitperllib { + use Git::Packet; + + my $MAX_PACKET_CONTENT_SIZE = 65516; ++ ++my $always_delay = 0; ++if ( $ARGV[0] eq '--always-delay' ) { ++ $always_delay = 1; ++ shift @ARGV; ++} ++ + my $log_file = shift @ARGV; + my @capabilities = @ARGV; + +@@ -134,6 +147,8 @@ sub rot13 { + if ( $buffer eq "can-delay=1" ) { + if ( exists $DELAY{$pathname} and $DELAY{$pathname}{"requested"} == 0 ) { + $DELAY{$pathname}{"requested"} = 1; ++ } elsif ( !exists $DELAY{$pathname} and $always_delay ) { ++ $DELAY{$pathname} = { "requested" => 1, "count" => 1 }; + } + } else { + die "Unknown message '$buffer'"; +diff --git a/t/t2006-checkout-index-basic.sh b/t/t2006-checkout-index-basic.sh +index 57cbdfe..f223a02 100755 +--- a/t/t2006-checkout-index-basic.sh ++++ b/t/t2006-checkout-index-basic.sh +@@ -21,4 +21,44 @@ test_expect_success 'checkout-index -h in broken repository' ' + test_i18ngrep "[Uu]sage" broken/usage + ' + ++for mode in 'case' 'utf-8' ++do ++ case "$mode" in ++ case) dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;; ++ utf-8) ++ dir=$(printf "\141\314\210") symlink=$(printf "\303\244") ++ mode_prereq='UTF8_NFD_TO_NFC' ;; ++ esac ++ ++ test_expect_success SYMLINKS,$mode_prereq \ ++ "checkout-index with $mode-collision don't write to the wrong place" ' ++ git init $mode-collision && ++ ( ++ cd $mode-collision && ++ mkdir target-dir && ++ empty_obj_hex=$(git hash-object -w --stdin </dev/null) && ++ symlink_hex=$(printf "%s" "$PWD/target-dir" | git hash-object -w --stdin) && ++ cat >objs <<-EOF && ++ 100644 blob ${empty_obj_hex} ${dir}/x ++ 100644 blob ${empty_obj_hex} ${dir}/y ++ 100644 blob ${empty_obj_hex} ${dir}/z ++ 120000 blob ${symlink_hex} ${symlink} ++ EOF ++ git update-index --index-info <objs && ++ # Note: the order is important here to exercise the ++ # case where the file at ${dir} has its type changed by ++ # the time Git tries to check out ${dir}/z. ++ # ++ # Also, we use core.precomposeUnicode=false because we ++ # want Git to treat the UTF-8 paths transparently on ++ # Mac OS, matching what is in the index. ++ # ++ git -c core.precomposeUnicode=false checkout-index -f \ ++ ${dir}/x ${dir}/y ${symlink} ${dir}/z && ++ # Should not create ${dir}/z at ${symlink}/z ++ test_path_is_missing target-dir/z ++ ) ++ ' ++done ++ + test_done +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc index ae463061d8..738a429875 100644 --- a/poky/meta/recipes-devtools/git/git.inc +++ b/poky/meta/recipes-devtools/git/git.inc @@ -8,7 +8,9 @@ DEPENDS = "openssl curl zlib expat" PROVIDES_append_class-native = " git-replacement-native" SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ - ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages" + ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ + file://CVE-2021-21300.patch \ +" S = "${WORKDIR}/git-${PV}" diff --git a/poky/meta/recipes-devtools/go/go_1.14.bb b/poky/meta/recipes-devtools/go/go_1.14.bb index bc90a1329e..c17527998b 100644 --- a/poky/meta/recipes-devtools/go/go_1.14.bb +++ b/poky/meta/recipes-devtools/go/go_1.14.bb @@ -3,11 +3,11 @@ require go-target.inc export GOBUILDMODE="" export CGO_ENABLED_riscv64 = "" -# Add pie to GOBUILDMODE to satisfy "textrel" QA checking, but mips/riscv -# doesn't support -buildmode=pie, so skip the QA checking for mips/riscv and its -# variants. +# Add pie to GOBUILDMODE to satisfy "textrel" QA checking, but +# windows/mips/riscv doesn't support -buildmode=pie, so skip the QA checking +# for windows/mips/riscv and their variants. python() { - if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv' in d.getVar('TARGET_ARCH',True): + if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv' in d.getVar('TARGET_ARCH',True) or 'windows' in d.getVar('TARGET_GOOS', True): d.appendVar('INSANE_SKIP_%s' % d.getVar('PN',True), " textrel") else: d.setVar('GOBUILDMODE', 'pie') diff --git a/poky/meta/recipes-devtools/jquery/jquery_3.5.0.bb b/poky/meta/recipes-devtools/jquery/jquery_3.5.0.bb index 35ce14e152..efffe05fd2 100644 --- a/poky/meta/recipes-devtools/jquery/jquery_3.5.0.bb +++ b/poky/meta/recipes-devtools/jquery/jquery_3.5.0.bb @@ -17,6 +17,11 @@ SRC_URI[map.sha256sum] = "3149351c8cbc3fb230bbf6188617c7ffda77d9e14333f4f5f0aa1a UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" +# https://github.com/jquery/jquery/issues/3927 +# There are ways jquery can expose security issues but any issues are in the apps exposing them +# and there is little we can directly do +CVE_CHECK_WHITELIST += "CVE-2007-2379" + inherit allarch do_install() { diff --git a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc index 8e17b56d46..e9225e140c 100644 --- a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc +++ b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc @@ -21,6 +21,8 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \ file://unwind-opt-parsing.patch \ file://0001-libtool-Fix-support-for-NIOS2-processor.patch \ file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \ + file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \ + file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \ " SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e" diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch new file mode 100644 index 0000000000..2e9908725e --- /dev/null +++ b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch @@ -0,0 +1,35 @@ +From dfbbbd359e43e0a55fbea06f2647279ad8761cb9 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 24 Mar 2021 03:04:13 +0000 +Subject: [PATCH] Makefile.am: make sure autoheader run before autoconf + +autoheader will update ../libtool-2.4.6/libltdl/config-h.in which +autoconf needs, so there comes a race sometimes as below: + | configure.ac:45: error: required file 'config-h.in' not found + | touch '../libtool-2.4.6/libltdl/config-h.in' + +So make sure autoheader run before autoconf to avoid this race. + +Upstream-Status: Submitted [libtool-patches@gnu.org maillist] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 4142c90..fe1a9fc 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -365,7 +365,7 @@ lt_configure_deps = $(lt_aclocal_m4) $(lt_aclocal_m4_deps) + $(lt_aclocal_m4): $(lt_aclocal_m4_deps) + $(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(ACLOCAL) -I ../m4 + +-$(lt_configure): $(lt_configure_deps) ++$(lt_configure): $(lt_configure_deps) $(lt_config_h_in) + $(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(AUTOCONF) + + $(lt_config_h_in): $(lt_configure_deps) +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch new file mode 100644 index 0000000000..87f8492346 --- /dev/null +++ b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch @@ -0,0 +1,35 @@ +From e82c06584f02e3e4487aa73aa05981e2a35dc6d1 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Tue, 13 Apr 2021 07:17:29 +0000 +Subject: [PATCH] Makefile.am: make sure autoheader run before automake + +When use automake to generate Makefile.in from Makefile.am, there +comes below race: + | configure.ac:45: error: required file 'config-h.in' not found + +It is because the file config-h.in in updating process by autoheader, +so make automake run after autoheader to avoid the above race. + +Upstream-Status: Submitted [libtool-patches@gnu.org maillist] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 2752ecc..29950db 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -328,7 +328,7 @@ EXTRA_DIST += $(lt_aclocal_m4) \ + $(lt_obsolete_m4) \ + $(stamp_mk) + +-$(lt_Makefile_in): $(lt_Makefile_am) $(lt_aclocal_m4) ++$(lt_Makefile_in): $(lt_Makefile_am) $(lt_aclocal_m4) $(lt_config_h_in) + $(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(AUTOMAKE) Makefile + + # Don't let unused scripts leak into the libltdl Makefile +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index 17bd02c27c..4eab133128 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -6,7 +6,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \ file://fallback-group \ " -SRCREV = "60e25a36558f1f07dcce1a044fe976b475bec42b" +SRCREV = "ee24ebec9e5a11dd5208c9be2870f35eab3b9e20" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb index 89538d2f27..dbdf563f87 100644 --- a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb +++ b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb @@ -1,12 +1,15 @@ DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." +HOMEPAGE = "https://pypi.org/project/Jinja/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0" +SRC_URI[sha256sum] = "a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" PYPI_PACKAGE = "Jinja2" +CVE_PRODUCT = "jinja2 jinja" + CLEANBROKEN = "1" inherit pypi setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb index 6babf0cae8..29825492b9 100644 --- a/poky/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb @@ -1,4 +1,6 @@ SUMMARY = "Python GObject bindings" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/pygobject" +DESCRIPTION = "PyGObject is a Python package which provides bindings for GObject based libraries such as GTK, GStreamer, WebKitGTK, GLib, GIO and many more." SECTION = "devel/python" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" diff --git a/poky/meta/recipes-devtools/python/python3-scons_3.1.2.bb b/poky/meta/recipes-devtools/python/python3-scons_3.1.2.bb index ce117a92d4..12122131a5 100644 --- a/poky/meta/recipes-devtools/python/python3-scons_3.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-scons_3.1.2.bb @@ -1,4 +1,5 @@ SUMMARY = "Software Construction tool (make/autotools replacement)" +HOMEPAGE = "https://github.com/SCons/scons" SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE-python3-scons-${PV};md5=e14e1b33428df24a40a782ae142785d0" diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index a1a418374f..8f927bdf54 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -53,12 +53,25 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2019-20175.patch \ file://CVE-2020-24352.patch \ file://CVE-2020-25723.patch \ + file://CVE-2021-20203.patch \ + file://CVE-2021-3392.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" +# Applies against virglrender < 0.6.0 and not qemu itself +CVE_CHECK_WHITELIST += "CVE-2017-5957" + +# The VNC server can expose host files uder some circumstances. We don't +# enable it by default. +CVE_CHECK_WHITELIST += "CVE-2007-0998" + +# 'The issues identified by this CVE were determined to not constitute a vulnerability.' +# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 +CVE_CHECK_WHITELIST += "CVE-2018-18438" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch new file mode 100644 index 0000000000..31440af0bd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch @@ -0,0 +1,74 @@ +From: Prasad J Pandit <pjp@fedoraproject.org> + +While activating device in vmxnet3_acticate_device(), it does not +validate guest supplied configuration values against predefined +minimum - maximum limits. This may lead to integer overflow or +OOB access issues. Add checks to avoid it. + +Fixes: CVE-2021-20203 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913873 +Reported-by: Gaoning Pan <pgn@zju.edu.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> + +Upstream-Status: Acepted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html] +CVE: CVE-2021-20203 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + hw/net/vmxnet3.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c +index eff299f629..4a910ca971 100644 +--- a/hw/net/vmxnet3.c ++++ b/hw/net/vmxnet3.c +@@ -1420,6 +1420,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) + vmxnet3_setup_rx_filtering(s); + /* Cache fields from shared memory */ + s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu); ++ assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU); + VMW_CFPRN("MTU is %u", s->mtu); + + s->max_rx_frags = +@@ -1473,6 +1474,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* Read rings memory locations for TX queues */ + pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA); + size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize); ++ if (size > VMXNET3_TX_RING_MAX_SIZE) { ++ size = VMXNET3_TX_RING_MAX_SIZE; ++ } + + vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size, + sizeof(struct Vmxnet3_TxDesc), false); +@@ -1483,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* TXC ring */ + pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA); + size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize); ++ if (size > VMXNET3_TC_RING_MAX_SIZE) { ++ size = VMXNET3_TC_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size, + sizeof(struct Vmxnet3_TxCompDesc), true); + VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring); +@@ -1524,6 +1531,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* RX rings */ + pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]); + size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]); ++ if (size > VMXNET3_RX_RING_MAX_SIZE) { ++ size = VMXNET3_RX_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size, + sizeof(struct Vmxnet3_RxDesc), false); + VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d", +@@ -1533,6 +1543,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* RXC ring */ + pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA); + size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize); ++ if (size > VMXNET3_RC_RING_MAX_SIZE) { ++ size = VMXNET3_RC_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size, + sizeof(struct Vmxnet3_RxCompDesc), true); + VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size); +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch new file mode 100644 index 0000000000..45b8a4f1dd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch @@ -0,0 +1,92 @@ +From 3791642c8d60029adf9b00bcb4e34d7d8a1aea4d Mon Sep 17 00:00:00 2001 +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Mon, 19 Apr 2021 15:42:47 +0200 +Subject: [PATCH] mptsas: Remove unused MPTSASState 'pending' field + (CVE-2021-3392) +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +While processing SCSI i/o requests in mptsas_process_scsi_io_request(), +the Megaraid emulator appends new MPTSASRequest object 'req' to +the 's->pending' queue. In case of an error, this same object gets +dequeued in mptsas_free_request() only if SCSIRequest object +'req->sreq' is initialised. This may lead to a use-after-free issue. + +Since s->pending is actually not used, simply remove it from +MPTSASState. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +Message-id: 20210419134247.1467982-1-f4bug@amsat.org +Message-Id: <20210416102243.1293871-1-mjt@msgid.tls.msk.ru> +Suggested-by: Paolo Bonzini <pbonzini@redhat.com> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +BugLink: https://bugs.launchpad.net/qemu/+bug/1914236 (CVE-2021-3392) +Fixes: e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device") +[PMD: Reworded description, added more tags] +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d ] +CVE: CVE-2021-3392 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + hw/scsi/mptsas.c | 6 ------ + hw/scsi/mptsas.h | 1 - + 2 files changed, 7 deletions(-) + +diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c +index 7416e78..db3219e 100644 +--- a/hw/scsi/mptsas.c ++++ b/hw/scsi/mptsas.c +@@ -251,13 +251,10 @@ static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) + + static void mptsas_free_request(MPTSASRequest *req) + { +- MPTSASState *s = req->dev; +- + if (req->sreq != NULL) { + req->sreq->hba_private = NULL; + scsi_req_unref(req->sreq); + req->sreq = NULL; +- QTAILQ_REMOVE(&s->pending, req, next); + } + qemu_sglist_destroy(&req->qsg); + g_free(req); +@@ -303,7 +300,6 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, + } + + req = g_new0(MPTSASRequest, 1); +- QTAILQ_INSERT_TAIL(&s->pending, req, next); + req->scsi_io = *scsi_io; + req->dev = s; + +@@ -1319,8 +1315,6 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) + + s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); + +- QTAILQ_INIT(&s->pending); +- + scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL); + } + +diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h +index b85ac1a..c046497 100644 +--- a/hw/scsi/mptsas.h ++++ b/hw/scsi/mptsas.h +@@ -79,7 +79,6 @@ struct MPTSASState { + uint16_t reply_frame_size; + + SCSIBus bus; +- QTAILQ_HEAD(, MPTSASRequest) pending; + }; + + void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req); +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts index f84a7e18c8..95dccb9cae 100755 --- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts +++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts @@ -72,12 +72,12 @@ exec_postinst_scriptlets() { else echo "ERROR: postinst $i failed." [ "$POSTINST_LOGGING" = "1" ] && eval echo "ERROR: postinst $i failed." $append_log - remove_pi_dir=0 + remove_rcsd_link=0 fi done } -remove_pi_dir=1 +remove_rcsd_link=1 if $pm_installed; then case $pm in "ipk") @@ -92,9 +92,7 @@ else exec_postinst_scriptlets fi -# since all postinstalls executed successfully, remove the postinstalls directory -# and the rcS.d link -if [ $remove_pi_dir = 1 ]; then - rm -rf $pi_dir +# since all postinstalls executed successfully, remove the rcS.d link +if [ $remove_rcsd_link = 1 ]; then remove_rcsd_link fi diff --git a/poky/meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch b/poky/meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch new file mode 100644 index 0000000000..5bebde2a86 --- /dev/null +++ b/poky/meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch @@ -0,0 +1,117 @@ +Upstream-Status: Backport [ https://subversion.apache.org/security/CVE-2020-17525-advisory.txt ] +CVE: CVE-2020-17525 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + + Remote unauthenticated denial-of-service in Subversion mod_authz_svn. + +Summary: +======== + + Subversion's mod_authz_svn module will crash if the server is using + in-repository authz rules with the AuthzSVNReposRelativeAccessFile + option and a client sends a request for a non-existing repository URL. + + This can lead to disruption for users of the service. + +Known vulnerable: +================= + + mod_dav_svn+mod_authz_svn servers 1.9.0 through 1.10.6 (inclusive). + mod_dav_svn+mod_authz_svn servers 1.11.0 through 1.14.0 (inclusive). + +Known fixed: +============ + + mod_dav_svn+mod_authz_svn servers 1.14.1 + mod_dav_svn+mod_authz_svn servers 1.10.7 + +Details: +======== + + A null-pointer-dereference has been found in mod_authz_svn that results in + a remote unauthenticated Denial-of-Service in some server configurations. + + The vulnerability can be triggered by an unauthenticated user if the + Apache HTTPD server is configured to use an in-repository authz file, + with configuration directives such as: + + AuthzSVNAccessFile "^/authz" + AuthzSVNReposRelativeAccessFile "^/authz" + + The problem originates when sending a GET request to a non-existent + repository. The mod_authz_svn module will attempt to find authz rules + at a path within the requested SVN repository. Upon constructing this + path, the function svn_repos_find_root_path will return a NULL pointer + since the requested repository does not exist on-disk. + A check for this legitimate NULL pointer condition is missing, which + results in a segmentation fault when the NULL pointer is used. + + The in-repository authz feature was first introduced in Subversion 1.8: + https://subversion.apache.org/docs/release-notes/1.8.html#in-repo-authz + + The missing NULL check was first introduced during refactoring of the + authz code during development work leading up to Subversion 1.9. + Subversion 1.8 servers are unaffected. + +Severity: +========= + + CVSSv3 Base Score: 7.5 (High) + + CVSSv3 Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + + Exploitation results in denial of service by crashing the HTTPD worker + handling the request. The impact of this differs depending on how the + Apache HTTPD server is configured, including the choice of MPM (Multi- + Processing-Module). If the worker shares its memory address space with + the main thread, as is the case with e.g. the Event MPM, the entire + HTTPD server process will terminate. If the pre-fork MPM is used, the + worker will terminate but the HTTPD server will stay up, and service + availability will depend on how frequently the attacker is able to + send malicious requests which target the vulnerability. + +Recommendations: +================ + + We recommend all users to upgrade to a known fixed release of the + Subversion mod_dav_svn server. + + Users who are unable to upgrade may apply the included patches. + + As a workaround, the use of in-repository authz rules files with + the AuthzSVNReposRelativeAccessFile can be avoided by switching + to an alternative configuration which fetches an authz rules file + from the server's filesystem, rather than from an SVN repository. + +References: +=========== + + CVE-2020-17525 (Subversion) + +Reported by: +============ + + Thomas Åkesson, simonsoft.se + +Patches: +======== + + Patch for Subversion 1.10, 1.14: + +[[[ +Index: subversion/libsvn_repos/config_file.c +=================================================================== +--- a/subversion/libsvn_repos/config_file.c (revision 1883994) ++++ b/subversion/libsvn_repos/config_file.c (working copy) +@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream, + { + /* Search for a repository in the full path. */ + repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool); ++ if (repos_root_dirent == NULL) ++ return svn_error_trace(handle_missing_file(stream, checksum, access, ++ url, must_exist, ++ svn_node_none)); + + /* Attempt to open a repository at repos_root_dirent. */ + SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL, +]]] diff --git a/poky/meta/recipes-devtools/subversion/subversion_1.13.0.bb b/poky/meta/recipes-devtools/subversion/subversion_1.13.0.bb index 37b8ca3602..34c0dbe5b8 100644 --- a/poky/meta/recipes-devtools/subversion/subversion_1.13.0.bb +++ b/poky/meta/recipes-devtools/subversion/subversion_1.13.0.bb @@ -12,6 +12,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://disable_macos.patch \ file://0001-Fix-libtool-name-in-configure.ac.patch \ file://serfmacro.patch \ + file://CVE-2020-17525.patch \ " SRC_URI[md5sum] = "3004b4dae18bf45a0b6ea4ef8820064d" diff --git a/poky/meta/recipes-devtools/swig/swig/determinism.patch b/poky/meta/recipes-devtools/swig/swig/determinism.patch new file mode 100644 index 0000000000..8ffb4bce8e --- /dev/null +++ b/poky/meta/recipes-devtools/swig/swig/determinism.patch @@ -0,0 +1,19 @@ +Remove the compiler commandline/platform from the compiled binary as this +breaks reproducibilty. + +Upstream-Status: Inappropriate [OE reproducibiity fix upstream unlikely to take] +RP 2021/3/1 + + +Index: swig-3.0.12/Source/Modules/main.cxx +=================================================================== +--- swig-3.0.12.orig/Source/Modules/main.cxx ++++ swig-3.0.12/Source/Modules/main.cxx +@@ -636,7 +636,6 @@ void SWIG_getoptions(int argc, char *arg + } + } else if (strcmp(argv[i], "-version") == 0) { + fprintf(stdout, "\nSWIG Version %s\n", Swig_package_version()); +- fprintf(stdout, "\nCompiled with %s [%s]\n", SWIG_CXX, SWIG_PLATFORM); + fprintf(stdout, "\nConfigured options: %cpcre\n", + #ifdef HAVE_PCRE + '+' diff --git a/poky/meta/recipes-devtools/swig/swig_3.0.12.bb b/poky/meta/recipes-devtools/swig/swig_3.0.12.bb index 45026c9700..090aaa8112 100644 --- a/poky/meta/recipes-devtools/swig/swig_3.0.12.bb +++ b/poky/meta/recipes-devtools/swig/swig_3.0.12.bb @@ -6,6 +6,7 @@ SRC_URI += "file://0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.pat file://swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_FixMetho.patch \ file://Python-Fix-new-GCC8-warnings-in-generated-code.patch \ file://0001-Fix-generated-code-for-constant-expressions-containi.patch \ + file://determinism.patch \ " SRC_URI[md5sum] = "82133dfa7bba75ff9ad98a7046be687c" SRC_URI[sha256sum] = "7cf9f447ae7ed1c51722efc45e7f14418d15d7a1e143ac9f09a668999f4fc94d" diff --git a/poky/meta/recipes-devtools/syslinux/syslinux/determinism.patch b/poky/meta/recipes-devtools/syslinux/syslinux/determinism.patch new file mode 100644 index 0000000000..2fb8c64df3 --- /dev/null +++ b/poky/meta/recipes-devtools/syslinux/syslinux/determinism.patch @@ -0,0 +1,22 @@ +In order to build deterministic binaries, we need to sort the wildcard expansion +so the libraries are linked in the same order each time. This fixes reproducibility +issues within syslinux builds. + +Upstream-Status: Pending +RP 2021/3/1 + +Index: syslinux-6.04-pre2/mk/lib.mk +=================================================================== +--- syslinux-6.04-pre2.orig/mk/lib.mk ++++ syslinux-6.04-pre2/mk/lib.mk +@@ -130,8 +130,8 @@ LIBENTRY_OBJS = \ + exit.o + + LIBGCC_OBJS = \ +- $(patsubst $(com32)/lib/%.c,%.o,$(wildcard $(com32)/lib/$(ARCH)/libgcc/*.c)) \ +- $(patsubst $(com32)/lib/%.S,%.o,$(wildcard $(com32)/lib/$(ARCH)/libgcc/*.S)) ++ $(sort $(patsubst $(com32)/lib/%.c,%.o,$(wildcard $(com32)/lib/$(ARCH)/libgcc/*.c))) \ ++ $(sort $(patsubst $(com32)/lib/%.S,%.o,$(wildcard $(com32)/lib/$(ARCH)/libgcc/*.S))) + + LIBCONSOLE_OBJS = \ + \ diff --git a/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb b/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb index 4ac46ed57f..a5618327bf 100644 --- a/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb +++ b/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb @@ -23,11 +23,16 @@ SRC_URI = "https://www.zytor.com/pub/syslinux/Testing/6.04/syslinux-${PV}.tar.xz file://0009-linux-syslinux-implement-install_bootblock.patch \ file://0010-Workaround-multiple-definition-of-symbol-errors.patch \ file://0001-install-don-t-install-obsolete-file-com32.ld.patch \ + file://determinism.patch \ " SRC_URI[md5sum] = "2b31c78f087f99179feb357da312d7ec" SRC_URI[sha256sum] = "4441a5d593f85bb6e8d578cf6653fb4ec30f9e8f4a2315a3d8f2d0a8b3fadf94" +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" + UPSTREAM_CHECK_URI = "https://www.zytor.com/pub/syslinux/" UPSTREAM_CHECK_REGEX = "syslinux-(?P<pver>.+)\.tar" UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch b/poky/meta/recipes-devtools/valgrind/valgrind/0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch index 7985308e41..0c399ef52c 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch +++ b/poky/meta/recipes-devtools/valgrind/valgrind/0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch @@ -19,6 +19,11 @@ Upstream-Status: Pending Signed-off-by: Dave Lerner <dave.lerner@windriver.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +Increase time limit to 90 s. +(double of the expected time of drd/tests/std_list on qemuarm64) + +Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> --- tests/vg_regtest.in | 75 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 20 deletions(-) @@ -66,7 +71,7 @@ index a441f42..cb05b52 100755 # Since most of the program time is spent in system() calls, need this to # propagate a Ctrl-C enabling us to quit. -sub mysystem($) -+# Enforce 30 seconds limit for the test. ++# Enforce 90 seconds limit for the test. +# This resume execution of the remaining tests if valgrind hangs. +sub mysystem($) { @@ -76,7 +81,7 @@ index a441f42..cb05b52 100755 + my $exit_code=0; + eval { + local $SIG{'ALRM'} = sub { die "timed out\n" }; -+ alarm(30); ++ alarm(90); + $exit_code = system($_[0]); + alarm (0); + ($exit_code == 2) and die "SIGINT\n"; # 2 is SIGINT diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc index 1ebb33bdcd..c7cf8cddd3 100644 --- a/poky/meta/recipes-extended/bash/bash.inc +++ b/poky/meta/recipes-extended/bash/bash.inc @@ -1,5 +1,6 @@ SUMMARY = "An sh-compatible command language interpreter" HOMEPAGE = "http://tiswww.case.edu/php/chet/bash/bashtop.html" +DESCRIPTION = "Bash is the GNU Project's Bourne Again SHell, a complete implementation of the IEEE POSIX and Open Group shell specification with interactive command line editing, job control on architectures that support it, csh-like features such as history substitution and brace expansion, and a slew of other features." SECTION = "base/shell" DEPENDS = "ncurses bison-native virtual/libiconv" diff --git a/poky/meta/recipes-extended/bc/bc_1.07.1.bb b/poky/meta/recipes-extended/bc/bc_1.07.1.bb index 4a51302492..ff3e8f4409 100644 --- a/poky/meta/recipes-extended/bc/bc_1.07.1.bb +++ b/poky/meta/recipes-extended/bc/bc_1.07.1.bb @@ -1,5 +1,6 @@ SUMMARY = "Arbitrary precision calculator language" HOMEPAGE = "http://www.gnu.org/software/bc/bc.html" +DESCRIPTION = "bc is an arbitrary precision numeric processing language. Syntax is similar to C, but differs in many substantial areas. It supports interactive execution of statements." LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index 9e35a80f8b..6536257993 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -16,6 +16,9 @@ SRC_URI[sha256sum] = "e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8 inherit autotools gettext texinfo +# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us +CVE_CHECK_WHITELIST += "CVE-2010-4226" + EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" do_install () { diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb index 82995219dc..9cdb71f1a1 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb @@ -1,5 +1,6 @@ SUMMARY = "Password strength checker library" -HOMEPAGE = "http://sourceforge.net/projects/cracklib" +HOMEPAGE = "https://github.com/cracklib/cracklib" +DESCRIPTION = "${SUMMARY}" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index 12780cf702..acad3c98c1 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -54,6 +54,7 @@ EXTRA_OECONF = " \ --enable-libusb \ --with-system-groups=lpadmin \ --with-cups-group=lp \ + --with-domainsocket=/run/cups/cups.sock \ DSOFLAGS='${LDFLAGS}' \ " diff --git a/poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb b/poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb index 02b016fdf1..e726899c52 100644 --- a/poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb +++ b/poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb @@ -1,6 +1,7 @@ SUMMARY = "Collection of autoconf m4 macros" SECTION = "base" HOMEPAGE = "http://sourceforge.net/projects/cwautomacros.berlios/" +DESCRIPTION = "A collection of autoconf macros, plus an autogen.sh script that can be used with them." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a" diff --git a/poky/meta/recipes-extended/ed/ed_1.15.bb b/poky/meta/recipes-extended/ed/ed_1.15.bb index 886c3ddcab..60e6a3d34e 100644 --- a/poky/meta/recipes-extended/ed/ed_1.15.bb +++ b/poky/meta/recipes-extended/ed/ed_1.15.bb @@ -1,5 +1,6 @@ SUMMARY = "Line-oriented text editor" HOMEPAGE = "http://www.gnu.org/software/ed/" +DESCRIPTION = "GNU ed is a line-oriented text editor. It is used to create, display, modify and otherwise manipulate text files, both interactively and via shell scripts. A restricted version of ed, red, can only edit files in the current directory and cannot execute shell commands." LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7 \ diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 65135f5821..32346e6811 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" +# The jpeg issue in the CVE is present in the gs jpeg sources +# however we use an external jpeg which doesn't have the issue. +CVE_CHECK_WHITELIST += "CVE-2013-6629" + def gs_verdir(v): return "".join(v.split(".")) diff --git a/poky/meta/recipes-extended/grep/grep_3.4.bb b/poky/meta/recipes-extended/grep/grep_3.4.bb index e176dd727b..46ac4cfb00 100644 --- a/poky/meta/recipes-extended/grep/grep_3.4.bb +++ b/poky/meta/recipes-extended/grep/grep_3.4.bb @@ -1,5 +1,6 @@ SUMMARY = "GNU grep utility" HOMEPAGE = "http://savannah.gnu.org/projects/grep/" +DESCRIPTION = "Grep searches one or more input files for lines containing a match to a specified pattern. By default, grep prints the matching lines." BUGTRACKER = "http://savannah.gnu.org/bugs/?group=grep" SECTION = "console/utils" LICENSE = "GPLv3" diff --git a/poky/meta/recipes-extended/groff/groff_1.22.4.bb b/poky/meta/recipes-extended/groff/groff_1.22.4.bb index 983cb9aea6..f0e9eb6a8a 100644 --- a/poky/meta/recipes-extended/groff/groff_1.22.4.bb +++ b/poky/meta/recipes-extended/groff/groff_1.22.4.bb @@ -62,6 +62,10 @@ do_install_append() { rm -rf ${D}${bindir}/glilypond rm -rf ${D}${libdir}/groff/glilypond rm -rf ${D}${mandir}/man1/glilypond* + + # not ship /usr/bin/grap2graph and its releated man files + rm -rf ${D}${bindir}/grap2graph + rm -rf ${D}${mandir}/man1/grap2graph* } do_install_append_class-native() { diff --git a/poky/meta/recipes-extended/iputils/iputils/0001-arping-revert-partially-fix-sent-vs-received-package.patch b/poky/meta/recipes-extended/iputils/iputils/0001-arping-revert-partially-fix-sent-vs-received-package.patch new file mode 100644 index 0000000000..8495178879 --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0001-arping-revert-partially-fix-sent-vs-received-package.patch @@ -0,0 +1,39 @@ +From 18f14be80466ddc8fb17a400be82764a779c8dcd Mon Sep 17 00:00:00 2001 +From: Sami Kerola <kerolasa@iki.fi> +Date: Wed, 31 Jul 2019 21:28:12 +0100 +Subject: [PATCH] arping: revert partially - fix sent vs received packages + return value + +Commit 84ca65ca980315c73f929fed8b6f16bbd698c3a0 caused regression. The +arping -D needs return value evaluation that was the earlier default, in +other cases the new return value should be correct. + +Addresses: https://github.com/iputils/iputils/issues/209 +See-also: https://github.com/void-linux/void-packages/issues/13304 +Signed-off-by: Sami Kerola <kerolasa@iki.fi> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/18f14be80466ddc8fb17a400be82764a779c8dcd] +Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +--- + arping.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/arping.c b/arping.c +index 77c9c56..2c87c15 100644 +--- a/arping.c ++++ b/arping.c +@@ -792,7 +792,11 @@ static int event_loop(struct run_state *ctl) + close(tfd); + freeifaddrs(ctl->ifa0); + rc |= finish(ctl); +- rc |= (ctl->sent != ctl->received); ++ if (ctl->dad && ctl->quit_on_reply) ++ /* Duplicate address detection mode return value */ ++ rc |= !(ctl->brd_sent != ctl->received); ++ else ++ rc |= (ctl->sent != ctl->received); + return rc; + } + +-- +2.18.4 + diff --git a/poky/meta/recipes-extended/iputils/iputils/0002-arping-fix-f-quit-on-first-reply-regression.patch b/poky/meta/recipes-extended/iputils/iputils/0002-arping-fix-f-quit-on-first-reply-regression.patch new file mode 100644 index 0000000000..a5f40860dc --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0002-arping-fix-f-quit-on-first-reply-regression.patch @@ -0,0 +1,39 @@ +From 1df5350bdc952b14901fde356b17b78c2bcd4cff Mon Sep 17 00:00:00 2001 +From: Sami Kerola <kerolasa@iki.fi> +Date: Wed, 28 Aug 2019 20:05:22 +0100 +Subject: [PATCH] arping: fix -f quit on first reply regression + +When arping runs together with -f 'quit on first reply' and -w <timeout> +'how long to wait for a reply' the command needs to exit if replies are not +received after wait period. Notice that the exit in case of lost packages +will be 1 signifying failure. Getting a reply results to 0 exit value. + +Addresses: https://bugs.debian.org/935946 +Reported-by: Lucas Nussbaum <lucas@debian.org> +Addresses: https://github.com/iputils/iputils/issues/211 +Reported-by: Noah Meyerhans <noahm@debian.org> +Broken-since: 67e070d08dcbec990e1178360f82b3e2ca4f6d5f +Signed-off-by: Sami Kerola <kerolasa@iki.fi> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/1df5350bdc952b14901fde356b17b78c2bcd4cff] +Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +--- + arping.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arping.c b/arping.c +index 2c87c15..30884f6 100644 +--- a/arping.c ++++ b/arping.c +@@ -764,7 +764,8 @@ static int event_loop(struct run_state *ctl) + continue; + } + total_expires += exp; +- if (0 < ctl->count && (uint64_t)ctl->count < total_expires) { ++ if ((0 < ctl->count && (uint64_t)ctl->count < total_expires) || ++ (ctl->quit_on_reply && ctl->timeout < total_expires)) { + exit_loop = 1; + continue; + } +-- +2.18.4 + diff --git a/poky/meta/recipes-extended/iputils/iputils/0003-arping-Fix-comparison-of-different-signedness-warnin.patch b/poky/meta/recipes-extended/iputils/iputils/0003-arping-Fix-comparison-of-different-signedness-warnin.patch new file mode 100644 index 0000000000..ebd122c157 --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0003-arping-Fix-comparison-of-different-signedness-warnin.patch @@ -0,0 +1,37 @@ +From ec821e572a640bd79aecc3922cb9001f4b6b26f2 Mon Sep 17 00:00:00 2001 +From: Petr Vorel <petr.vorel@gmail.com> +Date: Sat, 7 Sep 2019 06:07:19 +0200 +Subject: [PATCH] arping: Fix comparison of different signedness warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../arping.c:768:45: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uint64_t’ {aka ‘long unsigned int’} [-Wsign-compare] + 768 | (ctl->quit_on_reply && ctl->timeout < total_expires)) { + +Fixes: 1df5350 ("arping: fix -f quit on first reply regression") +Reference: https://github.com/iputils/iputils/pull/212 +Acked-by: Sami Kerola <kerolasa@iki.fi> +Signed-off-by: Petr Vorel <petr.vorel@gmail.com> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/ec821e572a640bd79aecc3922cb9001f4b6b26f2] +Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +--- + arping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arping.c b/arping.c +index 2d05728..88319cd 100644 +--- a/arping.c ++++ b/arping.c +@@ -765,7 +765,7 @@ static int event_loop(struct run_state *ctl) + } + total_expires += exp; + if ((0 < ctl->count && (uint64_t)ctl->count < total_expires) || +- (ctl->quit_on_reply && ctl->timeout < total_expires)) { ++ (ctl->quit_on_reply && ctl->timeout < (long)total_expires)) { + exit_loop = 1; + continue; + } +-- +2.18.4 + diff --git a/poky/meta/recipes-extended/iputils/iputils/0004-arping-return-success-when-unsolicited-ARP-mode-dest.patch b/poky/meta/recipes-extended/iputils/iputils/0004-arping-return-success-when-unsolicited-ARP-mode-dest.patch new file mode 100644 index 0000000000..923e06e30b --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0004-arping-return-success-when-unsolicited-ARP-mode-dest.patch @@ -0,0 +1,45 @@ +From 68f12fc4a0dbef4ae4c404da24040d22c5a14339 Mon Sep 17 00:00:00 2001 +From: Sami Kerola <kerolasa@iki.fi> +Date: Sat, 8 Feb 2020 14:12:18 +0000 +Subject: [PATCH] arping: return success when unsolicited ARP mode destination + does not answer + +Manual page is making promise answers are not expected when -U (or -A) +option is in use. Either I am looking wrong or this has been broken since +at the beginning of git history. + +Addresses: https://github.com/iputils/iputils/issues/247 +Signed-off-by: Sami Kerola <kerolasa@iki.fi> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/68f12fc4a0dbef4ae4c404da24040d22c5a14339] +Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +--- + arping.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arping.c b/arping.c +index 996cf2b..5180ae0 100644 +--- a/arping.c ++++ b/arping.c +@@ -794,7 +794,9 @@ static int event_loop(struct run_state *ctl) + close(tfd); + freeifaddrs(ctl->ifa0); + rc |= finish(ctl); +- if (ctl->dad && ctl->quit_on_reply) ++ if (ctl->unsolicited) ++ /* nothing */; ++ else if (ctl->dad && ctl->quit_on_reply) + /* Duplicate address detection mode return value */ + rc |= !(ctl->brd_sent != ctl->received); + else +@@ -943,7 +945,7 @@ int main(int argc, char **argv) + } + memset(&saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- if (ctl.source || ctl.gsrc.s_addr) { ++ if (!ctl.unsolicited && (ctl.source || ctl.gsrc.s_addr)) { + saddr.sin_addr = ctl.gsrc; + if (bind(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) + error(2, errno, "bind"); +-- +2.18.4 + diff --git a/poky/meta/recipes-extended/iputils/iputils/0005-arping-use-additional-timerfd-to-control-when-timeou.patch b/poky/meta/recipes-extended/iputils/iputils/0005-arping-use-additional-timerfd-to-control-when-timeou.patch new file mode 100644 index 0000000000..3b8a8244da --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0005-arping-use-additional-timerfd-to-control-when-timeou.patch @@ -0,0 +1,94 @@ +From 60a27c76174c0ae23bdafde2bad4fdd18a44a7ea Mon Sep 17 00:00:00 2001 +From: Sami Kerola <kerolasa@iki.fi> +Date: Sat, 7 Mar 2020 22:03:21 +0000 +Subject: [PATCH] arping: use additional timerfd to control when timeout + happens + +Trying to determine timeout by adding up interval values is pointlessly +complicating. With separate timer everything just works. + +Addresses: https://github.com/iputils/iputils/issues/259 +Fixes: 1df5350bdc952b14901fde356b17b78c2bcd4cff +Signed-off-by: Sami Kerola <kerolasa@iki.fi> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/e594ca52afde89746b7d79c875fe9d6aea1850ac] +Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +--- + arping.c | 29 ++++++++++++++++++++++++++--- + 1 file changed, 26 insertions(+), 3 deletions(-) + +diff --git a/arping.c b/arping.c +index 61db3a6..7284351 100644 +--- a/arping.c ++++ b/arping.c +@@ -670,6 +670,7 @@ static int event_loop(struct run_state *ctl) + enum { + POLLFD_SIGNAL = 0, + POLLFD_TIMER, ++ POLLFD_TIMEOUT, + POLLFD_SOCKET, + POLLFD_COUNT + }; +@@ -686,6 +687,13 @@ static int event_loop(struct run_state *ctl) + .it_value.tv_sec = ctl->interval, + .it_value.tv_nsec = 0 + }; ++ int timeoutfd; ++ struct itimerspec timeoutfd_vals = { ++ .it_interval.tv_sec = ctl->timeout, ++ .it_interval.tv_nsec = 0, ++ .it_value.tv_sec = ctl->timeout, ++ .it_value.tv_nsec = 0 ++ }; + uint64_t exp, total_expires = 1; + + unsigned char packet[4096]; +@@ -709,7 +717,7 @@ static int event_loop(struct run_state *ctl) + pfds[POLLFD_SIGNAL].fd = sfd; + pfds[POLLFD_SIGNAL].events = POLLIN | POLLERR | POLLHUP; + +- /* timerfd */ ++ /* interval timerfd */ + tfd = timerfd_create(CLOCK_MONOTONIC, 0); + if (tfd == -1) { + error(0, errno, "timerfd_create failed"); +@@ -722,6 +730,19 @@ static int event_loop(struct run_state *ctl) + pfds[POLLFD_TIMER].fd = tfd; + pfds[POLLFD_TIMER].events = POLLIN | POLLERR | POLLHUP; + ++ /* timeout timerfd */ ++ timeoutfd = timerfd_create(CLOCK_MONOTONIC, 0); ++ if (tfd == -1) { ++ error(0, errno, "timerfd_create failed"); ++ return 1; ++ } ++ if (timerfd_settime(timeoutfd, 0, &timeoutfd_vals, NULL)) { ++ error(0, errno, "timerfd_settime failed"); ++ return 1; ++ } ++ pfds[POLLFD_TIMEOUT].fd = timeoutfd; ++ pfds[POLLFD_TIMEOUT].events = POLLIN | POLLERR | POLLHUP; ++ + /* socket */ + pfds[POLLFD_SOCKET].fd = ctl->socketfd; + pfds[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP; +@@ -764,13 +785,15 @@ static int event_loop(struct run_state *ctl) + continue; + } + total_expires += exp; +- if ((0 < ctl->count && (uint64_t)ctl->count < total_expires) || +- (ctl->quit_on_reply && ctl->timeout < (long)total_expires)) { ++ if (0 < ctl->count && (uint64_t)ctl->count < total_expires) { + exit_loop = 1; + continue; + } + send_pack(ctl); + break; ++ case POLLFD_TIMEOUT: ++ exit_loop = 1; ++ break; + case POLLFD_SOCKET: + if ((s = + recvfrom(ctl->socketfd, packet, sizeof(packet), 0, +-- +2.18.4 + diff --git a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb index 545f3d5e87..d652bfcaad 100644 --- a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb +++ b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb @@ -15,6 +15,11 @@ SRC_URI = "git://github.com/iputils/iputils \ file://0001-ninfod-fix-systemd-Documentation-url-error.patch \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ file://0001-iputils-Initialize-libgcrypt.patch \ + file://0001-arping-revert-partially-fix-sent-vs-received-package.patch \ + file://0002-arping-fix-f-quit-on-first-reply-regression.patch \ + file://0003-arping-Fix-comparison-of-different-signedness-warnin.patch \ + file://0004-arping-return-success-when-unsolicited-ARP-mode-dest.patch \ + file://0005-arping-use-additional-timerfd-to-control-when-timeou.patch \ " SRCREV = "13e00847176aa23683d68fce1d17ffb523510946" diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb index 265a27c00d..1cf5e2eb29 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb @@ -1,4 +1,5 @@ SUMMARY = "Library for solving packages and reading repositories" +DESCRIPTION = "This is libsolv, a free package dependency solver using a satisfiability algorithm for solving packages and reading repositories" HOMEPAGE = "https://github.com/openSUSE/libsolv" BUGTRACKER = "https://github.com/openSUSE/libsolv/issues" SECTION = "devel" diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb index 7a255ce2f2..35a268a03f 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb @@ -1,5 +1,6 @@ SUMMARY = "Lightweight high-performance web server" HOMEPAGE = "http://www.lighttpd.net/" +DESCRIPTION = "Lightweight high-performance web server is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)" BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues" LICENSE = "BSD-3-Clause" diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.15.1.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.15.1.bb index 17f4bf4617..7c1b77add8 100644 --- a/poky/meta/recipes-extended/logrotate/logrotate_3.15.1.bb +++ b/poky/meta/recipes-extended/logrotate/logrotate_3.15.1.bb @@ -1,6 +1,7 @@ SUMMARY = "Rotates, compresses, removes and mails system log files" SECTION = "console/utils" -HOMEPAGE = "https://github.com/logrotate/logrotate/issues" +HOMEPAGE = "https://github.com/logrotate/logrotate/" +DESCRIPTION = "The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files." LICENSE = "GPLv2" # TODO: Document coreutils dependency. Why not RDEPENDS? Why not busybox? @@ -21,6 +22,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz SRC_URI[md5sum] = "afe109afea749c306ff489203fde6beb" SRC_URI[sha256sum] = "491fec9e89f1372f02a0ab66579aa2e9d63cac5178dfa672c204c88e693a908b" +# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used +CVE_CHECK_WHITELIST += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" + PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" PACKAGECONFIG[acl] = ",,acl" diff --git a/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch b/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch new file mode 100644 index 0000000000..f32cd18370 --- /dev/null +++ b/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch @@ -0,0 +1,27 @@ +lsb-release maintains it's own copy of help2man. Include the support +for specifying SOURCE_DATE_EPOCH from upstream. + +Upstream-Status: Pending + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +diff --git a/help2man b/help2man +index 13015c2..63439db 100755 +--- a/help2man ++++ b/help2man +@@ -173,7 +173,14 @@ my ($help_text, $version_text) = map { + or die "$this_program: can't get `--$_' info from $ARGV[0]\n" + } qw(help), $opt_version_key; + +-my $date = strftime "%B %Y", localtime; ++my $epoch_secs = time; ++if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/) ++{ ++ $epoch_secs = $1; ++ $ENV{TZ} = 'UTC0'; ++} ++ ++my $date = strftime "%B %Y", localtime $epoch_secs; + (my $program = $ARGV[0]) =~ s!.*/!!; + my $package = $program; + my $version; diff --git a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb index 3e8f7a13ec..bafc18fcc0 100644 --- a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb +++ b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://README;md5=12da544b1a3a5a1795a21160b49471cf" SRC_URI = "${SOURCEFORGE_MIRROR}/project/lsb/lsb_release/1.4/lsb-release-1.4.tar.gz \ file://0001-fix-lsb_release-to-work-with-busybox-head-and-find.patch \ file://0001-Remove-timestamp-from-manpage.patch \ + file://help2man-reproducibility.patch \ " SRC_URI[md5sum] = "30537ef5a01e0ca94b7b8eb6a36bb1e4" diff --git a/poky/meta/recipes-extended/lzip/lzip_1.21.bb b/poky/meta/recipes-extended/lzip/lzip_1.21.bb index bb3d2a6fe3..bd1c007de6 100644 --- a/poky/meta/recipes-extended/lzip/lzip_1.21.bb +++ b/poky/meta/recipes-extended/lzip/lzip_1.21.bb @@ -1,5 +1,6 @@ SUMMARY = "Lossless data compressor based on the LZMA algorithm" HOMEPAGE = "http://lzip.nongnu.org/lzip.html" +DESCRIPTION = "Lzip is a lossless data compressor with a user interface similar to the one of gzip or bzip2. Lzip uses a simplified form of the Lempel-Ziv-Markov chain-Algorithm (LZMA) stream format, chosen to maximize safety and interoperability." SECTION = "console/utils" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=76d6e300ffd8fb9d18bd9b136a9bba13 \ diff --git a/poky/meta/recipes-extended/man-db/man-db_2.9.0.bb b/poky/meta/recipes-extended/man-db/man-db_2.9.0.bb index 333fbfa76d..7a30f9d722 100644 --- a/poky/meta/recipes-extended/man-db/man-db_2.9.0.bb +++ b/poky/meta/recipes-extended/man-db/man-db_2.9.0.bb @@ -1,5 +1,6 @@ SUMMARY = "An implementation of the standard Unix documentation system accessed using the man command" HOMEPAGE = "http://man-db.nongnu.org/" +DESCRIPTION = "man-db is an implementation of the standard Unix documentation system accessed using the man command. It uses a Berkeley DB database in place of the traditional flat-text whatis databases." LICENSE = "LGPLv2.1 & GPLv2" LIC_FILES_CHKSUM = "file://docs/COPYING.LIB;md5=a6f89e2100d9b6cdffcea4f398e37343 \ file://docs/COPYING;md5=eb723b61539feef013de476e68b5c50a" diff --git a/poky/meta/recipes-extended/mc/mc_4.8.23.bb b/poky/meta/recipes-extended/mc/mc_4.8.23.bb index ead348b92e..8e3b7a65e0 100644 --- a/poky/meta/recipes-extended/mc/mc_4.8.23.bb +++ b/poky/meta/recipes-extended/mc/mc_4.8.23.bb @@ -1,5 +1,6 @@ SUMMARY = "Midnight Commander is an ncurses based file manager" HOMEPAGE = "http://www.midnight-commander.org/" +DESCRIPTION = "GNU Midnight Commander is a visual file manager, licensed under GNU General Public License and therefore qualifies as Free Software. It's a feature rich full-screen text mode application that allows you to copy, move and delete files and whole directory trees, search for files and run commands in the subshell. Internal viewer and editor are included." LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=270bbafe360e73f9840bd7981621f9c2" SECTION = "console/utils" diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb index 001d3331a7..bb77759cf9 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb @@ -1,5 +1,6 @@ SUMMARY = "Tool for managing software RAID under Linux" HOMEPAGE = "http://www.kernel.org/pub/linux/utils/raid/mdadm/" +DESCRIPTION = "mdadm is a Linux utility used to manage and monitor software RAID devices." # Some files are GPLv2+ while others are GPLv2. LICENSE = "GPLv2 & GPLv2+" diff --git a/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb b/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb index 491b892093..9822e86b0e 100644 --- a/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb +++ b/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb @@ -1,6 +1,7 @@ SUMMARY = "Compact getty terminal handler for virtual consoles only" SECTION = "console/utils" HOMEPAGE = "http://sourceforge.net/projects/mingetty/" +DESCRIPTION = "This is a small Linux console getty that is started on the Linux text console, asks for a login name and then tranfers over to login directory. Is extended to allow automatic login and starting any app." LICENSE = "GPLv2" PR = "r3" diff --git a/poky/meta/recipes-extended/parted/parted_3.3.bb b/poky/meta/recipes-extended/parted/parted_3.3.bb index aa4d8042cf..2d688c3700 100644 --- a/poky/meta/recipes-extended/parted/parted_3.3.bb +++ b/poky/meta/recipes-extended/parted/parted_3.3.bb @@ -1,5 +1,6 @@ SUMMARY = "Disk partition editing/resizing utility" HOMEPAGE = "http://www.gnu.org/software/parted/parted.html" +DESCRIPTION = "GNU Parted manipulates partition tables. This is useful for creating space for new operating systems, reorganizing disk usage, copying data on hard disks and disk imaging." LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=2f31b266d3440dd7ee50f92cf67d8e6c" SECTION = "console/tools" diff --git a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb index 9f992d3e83..409a8f3896 100644 --- a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb +++ b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb @@ -1,5 +1,7 @@ SUMMARY = "Convert::ASN1 - Perl ASN.1 Encode/Decode library" SECTION = "libs" +HOMEPAGE = "https://metacpan.org/source/GBARR/Convert-ASN1-0.27" +DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data using ASN.1 definitions." LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f" diff --git a/poky/meta/recipes-extended/perl/libtimedate-perl_2.30.bb b/poky/meta/recipes-extended/perl/libtimedate-perl_2.30.bb index 7219c7d11e..068f0bd3f3 100644 --- a/poky/meta/recipes-extended/perl/libtimedate-perl_2.30.bb +++ b/poky/meta/recipes-extended/perl/libtimedate-perl_2.30.bb @@ -1,5 +1,6 @@ SUMMARY = "Perl modules useful for manipulating date and time information" HOMEPAGE = "https://metacpan.org/release/TimeDate" +DESCRIPTION = "This is the perl5 TimeDate distribution. It requires perl version 5.003 or later." SECTION = "libs" # You can redistribute it and/or modify it under the same terms as Perl itself. LICENSE = "Artistic-1.0 | GPL-1.0+" diff --git a/poky/meta/recipes-extended/quota/quota_4.05.bb b/poky/meta/recipes-extended/quota/quota_4.05.bb index c5da1e71ed..46ad7352d6 100644 --- a/poky/meta/recipes-extended/quota/quota_4.05.bb +++ b/poky/meta/recipes-extended/quota/quota_4.05.bb @@ -1,6 +1,7 @@ SUMMARY = "Tools for monitoring & limiting user disk usage per filesystem" SECTION = "base" HOMEPAGE = "http://sourceforge.net/projects/linuxquota/" +DESCRIPTION = "Tools and patches for the Linux Diskquota system as part of the Linux kernel" BUGTRACKER = "http://sourceforge.net/tracker/?group_id=18136&atid=118136" LICENSE = "BSD & GPLv2+ & LGPLv2.1+" LIC_FILES_CHKSUM = "file://rquota_server.c;beginline=1;endline=20;md5=fe7e0d7e11c6f820f8fa62a5af71230f \ diff --git a/poky/meta/recipes-extended/sed/sed_4.8.bb b/poky/meta/recipes-extended/sed/sed_4.8.bb index 39e3a61df5..089bd11a55 100644 --- a/poky/meta/recipes-extended/sed/sed_4.8.bb +++ b/poky/meta/recipes-extended/sed/sed_4.8.bb @@ -1,5 +1,6 @@ SUMMARY = "Stream EDitor (text filtering utility)" HOMEPAGE = "http://www.gnu.org/software/sed/" +DESCRIPTION = "sed (stream editor) is a non-interactive command-line text editor." LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ file://sed/sed.h;beginline=1;endline=15;md5=fb3c7e6fbca6f66943859153d4be8efe \ diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index f86e5e03c0..7061dc7505 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -1,5 +1,6 @@ SUMMARY = "Tools to change and administer password and group data" HOMEPAGE = "http://github.com/shadow-maint/shadow" +DESCRIPTION = "${SUMMARY}" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" LICENSE = "BSD | Artistic-1.0" diff --git a/poky/meta/recipes-extended/shadow/shadow_4.8.1.bb b/poky/meta/recipes-extended/shadow/shadow_4.8.1.bb index c975395ff8..ff4aad926f 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.8.1.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.8.1.bb @@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" - - +# Severity is low and marked as closed and won't fix. +# https://bugzilla.redhat.com/show_bug.cgi?id=884658 +CVE_CHECK_WHITELIST += "CVE-2013-4235" diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc index aeedfc1a23..153731c807 100644 --- a/poky/meta/recipes-extended/sudo/sudo.inc +++ b/poky/meta/recipes-extended/sudo/sudo.inc @@ -49,3 +49,5 @@ do_compile_prepend () { do_install_prepend (){ mkdir -p ${D}/${localstatedir}/lib } + +CVE_VERSION_SUFFIX = "patch" diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2021-20193.patch b/poky/meta/recipes-extended/tar/tar/CVE-2021-20193.patch new file mode 100644 index 0000000000..89e8e20844 --- /dev/null +++ b/poky/meta/recipes-extended/tar/tar/CVE-2021-20193.patch @@ -0,0 +1,133 @@ +From d9d4435692150fa8ff68e1b1a473d187cc3fd777 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sun, 17 Jan 2021 20:41:11 +0200 +Subject: Fix memory leak in read_header + +Bug reported in https://savannah.gnu.org/bugs/?59897 + +* src/list.c (read_header): Don't return directly from the loop. +Instead set the status and break. Return the status. Free +next_long_name and next_long_link before returning. + +CVE: CVE-2021-20193 +Upstream-Status: Backport +[https://git.savannah.gnu.org/cgit/tar.git/patch/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777] +Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> + +--- + src/list.c | 40 ++++++++++++++++++++++++++++------------ + 1 file changed, 28 insertions(+), 12 deletions(-) + +diff --git a/src/list.c b/src/list.c +index e40a5c8..d7ef441 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -408,26 +408,27 @@ read_header (union block **return_block, struct tar_stat_info *info, + enum read_header_mode mode) + { + union block *header; +- union block *header_copy; + char *bp; + union block *data_block; + size_t size, written; +- union block *next_long_name = 0; +- union block *next_long_link = 0; ++ union block *next_long_name = NULL; ++ union block *next_long_link = NULL; + size_t next_long_name_blocks = 0; + size_t next_long_link_blocks = 0; +- ++ enum read_header status = HEADER_SUCCESS; ++ + while (1) + { +- enum read_header status; +- + header = find_next_block (); + *return_block = header; + if (!header) +- return HEADER_END_OF_FILE; ++ { ++ status = HEADER_END_OF_FILE; ++ break; ++ } + + if ((status = tar_checksum (header, false)) != HEADER_SUCCESS) +- return status; ++ break; + + /* Good block. Decode file size and return. */ + +@@ -437,7 +438,10 @@ read_header (union block **return_block, struct tar_stat_info *info, + { + info->stat.st_size = OFF_FROM_HEADER (header->header.size); + if (info->stat.st_size < 0) +- return HEADER_FAILURE; ++ { ++ status = HEADER_FAILURE; ++ break; ++ } + } + + if (header->header.typeflag == GNUTYPE_LONGNAME +@@ -447,10 +451,14 @@ read_header (union block **return_block, struct tar_stat_info *info, + || header->header.typeflag == SOLARIS_XHDTYPE) + { + if (mode == read_header_x_raw) +- return HEADER_SUCCESS_EXTENDED; ++ { ++ status = HEADER_SUCCESS_EXTENDED; ++ break; ++ } + else if (header->header.typeflag == GNUTYPE_LONGNAME + || header->header.typeflag == GNUTYPE_LONGLINK) + { ++ union block *header_copy; + size_t name_size = info->stat.st_size; + size_t n = name_size % BLOCKSIZE; + size = name_size + BLOCKSIZE; +@@ -517,7 +525,10 @@ read_header (union block **return_block, struct tar_stat_info *info, + xheader_decode_global (&xhdr); + xheader_destroy (&xhdr); + if (mode == read_header_x_global) +- return HEADER_SUCCESS_EXTENDED; ++ { ++ status = HEADER_SUCCESS_EXTENDED; ++ break; ++ } + } + + /* Loop! */ +@@ -536,6 +547,7 @@ read_header (union block **return_block, struct tar_stat_info *info, + name = next_long_name->buffer + BLOCKSIZE; + recent_long_name = next_long_name; + recent_long_name_blocks = next_long_name_blocks; ++ next_long_name = NULL; + } + else + { +@@ -567,6 +579,7 @@ read_header (union block **return_block, struct tar_stat_info *info, + name = next_long_link->buffer + BLOCKSIZE; + recent_long_link = next_long_link; + recent_long_link_blocks = next_long_link_blocks; ++ next_long_link = NULL; + } + else + { +@@ -578,9 +591,12 @@ read_header (union block **return_block, struct tar_stat_info *info, + } + assign_string (&info->link_name, name); + +- return HEADER_SUCCESS; ++ break; + } + } ++ free (next_long_name); ++ free (next_long_link); ++ return status; + } + + #define ISOCTAL(c) ((c)>='0'&&(c)<='7') +-- +cgit v1.2.1 + diff --git a/poky/meta/recipes-extended/tar/tar_1.32.bb b/poky/meta/recipes-extended/tar/tar_1.32.bb index ebe6cb0dbd..3ae6d674a5 100644 --- a/poky/meta/recipes-extended/tar/tar_1.32.bb +++ b/poky/meta/recipes-extended/tar/tar_1.32.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://musl_dirent.patch \ + file://CVE-2021-20193.patch \ " SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" diff --git a/poky/meta/recipes-extended/texinfo-dummy-native/texinfo-dummy-native.bb b/poky/meta/recipes-extended/texinfo-dummy-native/texinfo-dummy-native.bb index ec04bfe390..a942ac2991 100644 --- a/poky/meta/recipes-extended/texinfo-dummy-native/texinfo-dummy-native.bb +++ b/poky/meta/recipes-extended/texinfo-dummy-native/texinfo-dummy-native.bb @@ -1,5 +1,6 @@ SUMMARY = "Fake version of the texinfo utility suite" SECTION = "console/utils" +DESCRIPTION = "${SUMMARY}" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=d6bb62e73ca8b901d3f2e9d71542f4bb" DEPENDS = "" diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index c1ea0a9a2c..af5530ab38 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -1,5 +1,6 @@ SUMMARY = "Utilities for extracting and viewing files in .zip archives" HOMEPAGE = "http://www.info-zip.org" +DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." SECTION = "console/utils" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29" @@ -31,6 +32,9 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" +# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source +CVE_CHECK_WHITELIST += "CVE-2008-0888" + # exclude version 5.5.2 which triggers a false positive UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb index 6e43f5be6f..da81867115 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb @@ -1,5 +1,6 @@ SUMMARY = "Socket-based service activation daemon" HOMEPAGE = "https://github.com/xinetd-org/xinetd" +DESCRIPTION = "xinetd is a powerful replacement for inetd, xinetd has access control mechanisms, extensive logging capabilities, the ability to make services available based on time, can place limits on the number of servers that can be started, and has deployable defence mechanisms to protect against port scanners, among other things." # xinetd is a BSD-like license # Apple and Gentoo say BSD here. diff --git a/poky/meta/recipes-extended/xz/xz_5.2.4.bb b/poky/meta/recipes-extended/xz/xz_5.2.4.bb index 1c4450a9e9..67a6cbd569 100644 --- a/poky/meta/recipes-extended/xz/xz_5.2.4.bb +++ b/poky/meta/recipes-extended/xz/xz_5.2.4.bb @@ -1,5 +1,6 @@ SUMMARY = "Utilities for managing LZMA compressed files" HOMEPAGE = "https://tukaani.org/xz/" +DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." SECTION = "base" # The source includes bits of PD, GPLv2, GPLv3, LGPLv2.1+, but the only file diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb index 97e5e57533..18b5d8648e 100644 --- a/poky/meta/recipes-extended/zip/zip_3.0.bb +++ b/poky/meta/recipes-extended/zip/zip_3.0.bb @@ -1,5 +1,6 @@ SUMMARY = "Compressor/archiver for creating and modifying .zip files" HOMEPAGE = "http://www.info-zip.org" +DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." SECTION = "console/utils" LICENSE = "BSD-3-Clause" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb index ddb4c2794f..e2afb29c12 100644 --- a/poky/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb +++ b/poky/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb @@ -1,4 +1,7 @@ SUMMARY = "WebKit based web browser for GNOME" +DESCRIPTION = "Epiphany is an open source web browser for the Linux desktop environment. \ +It provides a simple and easy-to-use internet browsing experience." +HOMEPAGE = "https://wiki.gnome.org/Apps/Web" BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany" LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb index 3a2727b701..5503f225bb 100644 --- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb +++ b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb @@ -1,4 +1,6 @@ SUMMARY = "GTK+ icon theme" +DESCRIPTION = "The Adwaita icon theme is the default icon theme of the GNOME desktop \ +This package package contains an icon theme for Gtk+ 3 applications." HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme" BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues" SECTION = "x11/gnome" diff --git a/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb b/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb index 0306b04f4e..6b59029255 100644 --- a/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb +++ b/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb @@ -1,4 +1,8 @@ SUMMARY = "Library for sending desktop notifications to a notification daemon" +DESCRIPTION = "It sends desktop notifications to a notification daemon, as defined \ +in the Desktop Notifications spec. These notifications can be used to inform \ +the user about an event or display some form of information without getting \ +in the user's way." HOMEPAGE = "https://gitlab.gnome.org/GNOME/libnotify" BUGTRACKER = "https://gitlab.gnome.org/GNOME/libnotify/issues" SECTION = "libs" @@ -20,3 +24,6 @@ PROVIDES += "libnotify3" RPROVIDES_${PN} += "libnotify3" RCONFLICTS_${PN} += "libnotify3" RREPLACES_${PN} += "libnotify3" + +# -7381 is specific to the NodeJS bindings +CVE_CHECK_WHITELIST += "CVE-2013-7381" diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb index 237aec6062..ef1dae0a69 100644 --- a/poky/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb +++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb @@ -25,6 +25,9 @@ SRC_URI += "file://gtk-option.patch \ SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba" +# Issue only on windows +CVE_CHECK_WHITELIST += "CVE-2018-1000041" + CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" PACKAGECONFIG ??= "gdkpixbuf" diff --git a/poky/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb b/poky/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb index 72511af02d..8b5d301515 100644 --- a/poky/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb +++ b/poky/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb @@ -4,6 +4,7 @@ the freedesktop.org project, a cross-desktop effort to access passwords, \ tokens and other types of secrets. libsecret provides a convenient wrapper \ for these methods so consumers do not have to call the low-level DBus methods." LICENSE = "LGPLv2.1" +HOMEPAGE = "https://github.com/GNOME/libsecret" BUGTRACKER = "https://gitlab.gnome.org/GNOME/libsecret/issues" LIC_FILES_CHKSUM = "file://COPYING;md5=23c2a5e0106b99d75238986559bb5fc6" diff --git a/poky/meta/recipes-graphics/builder/builder_0.1.bb b/poky/meta/recipes-graphics/builder/builder_0.1.bb index 0a64c31ab3..9d5cd8cde6 100644 --- a/poky/meta/recipes-graphics/builder/builder_0.1.bb +++ b/poky/meta/recipes-graphics/builder/builder_0.1.bb @@ -29,3 +29,5 @@ do_install () { chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh } +# -4178 is an unrelated 'builder' +CVE_CHECK_WHITELIST = "CVE-2008-4178" diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch new file mode 100644 index 0000000000..fb6ce5cfdf --- /dev/null +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch @@ -0,0 +1,60 @@ +Fix stack buffer overflow. + +CVE: CVE-2020-35492 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <heiko.lewin@worldiety.de> +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +--- + src/cairo-image-compositor.c | 8 ++-- + test/Makefile.sources | 1 + + test/bug-image-compositor.c | 39 ++++++++++++++++++++ + test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes + 4 files changed, 44 insertions(+), 4 deletions(-) + create mode 100644 test/bug-image-compositor.c + create mode 100644 test/reference/bug-image-compositor.ref.png + +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 79ad69f68..4f8aaed99 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; +-- diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 8663dec404..4827374ffc 100644 --- a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -27,6 +27,7 @@ SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://CVE-2018-19876.patch \ file://CVE-2019-6461.patch \ file://CVE-2019-6462.patch \ + file://CVE-2020-35492.patch \ " SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" diff --git a/poky/meta/recipes-graphics/clutter/clutter-gst-3.0.inc b/poky/meta/recipes-graphics/clutter/clutter-gst-3.0.inc index 7d9db1f38c..73315c97ec 100644 --- a/poky/meta/recipes-graphics/clutter/clutter-gst-3.0.inc +++ b/poky/meta/recipes-graphics/clutter/clutter-gst-3.0.inc @@ -1,5 +1,9 @@ SUMMARY = "GStreamer integration library for Clutter" +DESCRIPTION = "Clutter-Gst is an integration library for using GStreamer with Clutter. \ +It provides a GStreamer sink to upload frames to GL and an actor that \ +implements the ClutterGstPlayer interface using playbin." HOMEPAGE = "http://www.clutter-project.org/" +BUGTRACKER = "https://gitlab.gnome.org/GNOME/clutter-gst/-/issues" LICENSE = "LGPLv2+" inherit clutter features_check upstream-version-is-even gobject-introspection diff --git a/poky/meta/recipes-graphics/clutter/clutter-gtk-1.0.inc b/poky/meta/recipes-graphics/clutter/clutter-gtk-1.0.inc index 7bf2278555..9a28b5219b 100644 --- a/poky/meta/recipes-graphics/clutter/clutter-gtk-1.0.inc +++ b/poky/meta/recipes-graphics/clutter/clutter-gtk-1.0.inc @@ -1,5 +1,10 @@ SUMMARY = "Library for embedding a Clutter canvas in a GTK+ application" +DESCRIPTION = "Clutter-GTK is a library providing facilities to integrate Clutter into GTK+ \ +applications and vice versa. It provides a GTK+ widget, GtkClutterEmbed, for embedding the \ +a Clutter stage into any GtkContainer; and GtkClutterActor, a Clutter \ +actor for embedding any GtkWidget inside a Clutter stage." HOMEPAGE = "http://www.clutter-project.org/" +BUGTRACKER = "https://gitlab.gnome.org/GNOME/clutter/-/issues" LICENSE = "LGPLv2+" CLUTTERBASEBUILDCLASS = "meson" diff --git a/poky/meta/recipes-graphics/kmscube/kmscube_git.bb b/poky/meta/recipes-graphics/kmscube/kmscube_git.bb index a1a295f660..0aae6df357 100644 --- a/poky/meta/recipes-graphics/kmscube/kmscube_git.bb +++ b/poky/meta/recipes-graphics/kmscube/kmscube_git.bb @@ -1,4 +1,8 @@ -DESCRIPTION = "Demo application to showcase 3D graphics using kms and gbm" +SUMMARY = "Demo application to showcase 3D graphics using kms and gbm" +DESCRIPTION = "kmscube is a little demonstration program for how to drive bare metal graphics \ +without a compositor like X11, wayland or similar, using DRM/KMS (kernel mode \ +setting), GBM (graphics buffer manager) and EGL for rendering content using \ +OpenGL or OpenGL ES." HOMEPAGE = "https://cgit.freedesktop.org/mesa/kmscube/" LICENSE = "MIT" SECTION = "graphics" diff --git a/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb b/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb index 4e89d631c3..549b0cbdf7 100644 --- a/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb +++ b/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Very simple session manager for X" +DESCRIPTION = "Simple session manager for X, that provides just the right boilerplate to create a session and launch the browser " HOMEPAGE = "http://www.yoctoproject.org" BUGTRACKER = "http://bugzilla.pokylinux.org" diff --git a/poky/meta/recipes-graphics/mx/mx.inc b/poky/meta/recipes-graphics/mx/mx.inc index 714a06f0af..c977849c96 100644 --- a/poky/meta/recipes-graphics/mx/mx.inc +++ b/poky/meta/recipes-graphics/mx/mx.inc @@ -1,4 +1,10 @@ SUMMARY = "Clutter based UI widget library" +DESCRIPTION = "Mx is a widget toolkit using Clutter that provides a set of standard interface \ +elements, including buttons, progress bars, scroll bars and others. It also \ +implements some standard managers. One other interesting feature is the \ +possibility setting style properties from a CSS format file." +HOMEPAGE = "https://github.com/clutter-project/mx" +BUGTRACKER = "https://github.com/clutter-project/mx/issues" LICENSE = "LGPLv2.1" inherit clutter autotools features_check gobject-introspection gtk-doc diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb index 58d10d6b9b..4229412554 100644 --- a/poky/meta/recipes-graphics/piglit/piglit_git.bb +++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb @@ -1,6 +1,8 @@ SUMMARY = "OpenGL driver testing framework" DESCRIPTION = "Piglit is an open-source test suite for OpenGL and OpenCL \ implementations." +HOMEPAGE = "https://gitlab.freedesktop.org/mesa/piglit" +BUGTRACKER = "https://gitlab.freedesktop.org/mesa/piglit/-/issues" LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0" diff --git a/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb b/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb index d10bddb529..f69e4838f4 100644 --- a/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb +++ b/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb @@ -1,6 +1,9 @@ SUMMARY = "Enables monitoring and display of application startup" +DESCRIPTION = "Contains a reference implementation of the startup notification protocol. \ +The reference implementation is mostly under an X Window System style license, and has \ +no special dependencies. " HOMEPAGE = "http://www.freedesktop.org/wiki/Software/startup-notification/" -BUGTRACKER = "https://bugs.freedesktop.org/enter_bug.cgi?product=Specifications" +BUGTRACKER = "https://gitlab.freedesktop.org/xdg/startup-notification/-/issues" # most files are under MIT, but libsn/sn-util.c is under LGPL, the # effective license is LGPL diff --git a/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb b/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb index 3e1ba196b5..b75bd4c51d 100644 --- a/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb +++ b/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb @@ -1,4 +1,5 @@ SUMMARY = "The Bitstream Vera fonts - TTF Edition" +HOMEPAGE = "https://www.gnome.org/fonts/" DESCRIPTION = "The Bitstream Vera fonts include four monospace and sans \ faces (normal, oblique, bold, bold oblique) and two serif faces (normal \ and bold). In addition Fontconfig/Xft2 can artificially oblique the \ diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb index 72c29a72a2..b9658d3afa 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb @@ -1,4 +1,8 @@ SUMMARY = "Vulkan Header files and API registry" +DESCRIPTION = "Vulkan is a 3D graphics and compute API providing cross-platform access \ +to modern GPUs with low overhead and targeting realtime graphics applications such as \ +games and interactive media. This package contains the development headers \ +for packages wanting to make use of Vulkan." HOMEPAGE = "https://www.khronos.org/vulkan/" BUGTRACKER = "https://github.com/KhronosGroup/Vulkan-Headers" SECTION = "libs" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb index 2fd61c989a..8eef1bca73 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb @@ -1,4 +1,5 @@ SUMMARY = "Vulkan Utilities and Tools" +DESCRIPTION = "Assist development by enabling developers to verify their applications correct use of the Vulkan API." HOMEPAGE = "https://www.khronos.org/vulkan/" BUGTRACKER = "https://github.com/KhronosGroup/Vulkan-Tools" SECTION = "libs" diff --git a/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb b/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb index a620295978..14d6a61525 100644 --- a/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb +++ b/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb @@ -1,4 +1,10 @@ -SUMMARY = "cross-platform C library to defer selection of GL API and of window system" +SUMMARY = "A C library for selecting an OpenGL API and window system at runtime" +DESCRIPTION = "A cross-platform C library that allows one to defer selection \ +of an OpenGL API and window system until runtime. For example, on Linux, Waffle \ +enables an application to select X11/EGL with an OpenGL 3.3 core profile, \ +Wayland with OpenGL ES2, and other window system / API combinations." +HOMEPAGE = "http://www.waffle-gl.org/" +BUGTRACKER = "https://gitlab.freedesktop.org/mesa/waffle" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \ file://include/waffle/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf" diff --git a/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb b/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb index 65348c3762..baaf8fa9ad 100644 --- a/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb +++ b/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb @@ -1,4 +1,7 @@ SUMMARY = "Touchscreen calibration data from xinput-calibrator" +DESCRIPTION = "A generic touchscreen calibration program for X.Org" +HOMEPAGE = "https://www.freedesktop.org/wiki/Software/xinput_calibrator/" +BUGTRACKER = "https://github.com/tias/xinput_calibrator/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" diff --git a/poky/meta/recipes-kernel/blktrace/blktrace_git.bb b/poky/meta/recipes-kernel/blktrace/blktrace_git.bb index 6903053b5b..7ccc022b93 100644 --- a/poky/meta/recipes-kernel/blktrace/blktrace_git.bb +++ b/poky/meta/recipes-kernel/blktrace/blktrace_git.bb @@ -1,4 +1,9 @@ SUMMARY = "Generates traces of I/O traffic on block devices" +DESCRIPTION = "blktrace is a block layer IO tracing mechanism which provides \ +detailed information about request queue operations up to user space. There \ +are three major components: a kernel component, a utility to record the i/o \ +trace information for the kernel to user space, and utilities to analyse and \ +view the trace information." HOMEPAGE = "http://brick.kernel.dk/snaps/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb index 552eb6abaa..e4f7d1e372 100644 --- a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb +++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb @@ -9,6 +9,8 @@ DEPENDS += "cryptodev-linux" SRC_URI += " \ file://0001-Disable-installing-header-file-provided-by-another-p.patch \ +file://0001-Fix-build-for-Linux-5.8-rc1.patch \ +file://0001-Fix-build-for-Linux-5.9-rc1.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev.inc b/poky/meta/recipes-kernel/cryptodev/cryptodev.inc index f99f8bc9f0..cf9b9b7207 100644 --- a/poky/meta/recipes-kernel/cryptodev/cryptodev.inc +++ b/poky/meta/recipes-kernel/cryptodev/cryptodev.inc @@ -1,4 +1,9 @@ HOMEPAGE = "http://cryptodev-linux.org/" +DESCRIPTION = "Cryptodev-linux is a device that allows access to Linux kernel \ +cryptographic drivers; thus allowing of userspace applications to take advantage \ +of hardware accelerators. Cryptodev-linux is implemented as a standalone \ +module that requires no dependencies other than a stock linux kernel. Its \ +API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto)." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch new file mode 100644 index 0000000000..02c721a4f3 --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch @@ -0,0 +1,49 @@ +From 9e765068582aae3696520346a7500322ca6cc2de Mon Sep 17 00:00:00 2001 +From: Joan Bruguera <joanbrugueram@gmail.com> +Date: Sat, 13 Jun 2020 19:46:44 +0200 +Subject: [PATCH] Fix build for Linux 5.8-rc1 + +See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9740ca4e95b43b91a4a848694a20d01ba6818f7b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da1c55f1b272f4bd54671d459b39ea7b54944ef9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d8ed45c5dcd455fc5848d47f86883a1b872ac0d0 + +Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> + +Upstream-Status: Backport [9e765068582aae3696520346a7500322ca6cc2de] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + zc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/zc.c b/zc.c +index ae464ff..2c286bb 100644 +--- a/zc.c ++++ b/zc.c +@@ -58,7 +58,11 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write, + return 0; + } + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)) + down_read(&mm->mmap_sem); ++#else ++ mmap_read_lock(mm); ++#endif + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 6, 0)) + ret = get_user_pages(task, mm, + (unsigned long)addr, pgcount, write, 0, pg, NULL); +@@ -74,7 +78,11 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write, + (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0, + pg, NULL, NULL); + #endif ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)) + up_read(&mm->mmap_sem); ++#else ++ mmap_read_unlock(mm); ++#endif + if (ret != pgcount) + return -EINVAL; + +-- +2.17.1 + diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch new file mode 100644 index 0000000000..cf1c04df9e --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch @@ -0,0 +1,42 @@ +From 2f5e08aebf9229599aae7f25db752f74221cd71d Mon Sep 17 00:00:00 2001 +From: Joan Bruguera <joanbrugueram@gmail.com> +Date: Fri, 14 Aug 2020 00:13:38 +0200 +Subject: [PATCH] Fix build for Linux 5.9-rc1 + +See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64019a2e467a288a16b65ab55ddcbf58c1b00187 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bce617edecada007aee8610fbe2c14d10b8de2f6 + https://lore.kernel.org/lkml/CAHk-=wj_V2Tps2QrMn20_W0OJF9xqNh52XSGA42s-ZJ8Y+GyKw@mail.gmail.com/ + +Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> + +Upstream-Status: Backport [https://github.com/cryptodev-linux/cryptodev-linux/commit/2f5e08aebf9229599aae7f25db752f74221cd71d] + +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> + +--- + zc.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/zc.c b/zc.c +index a560db5..fdf7da1 100644 +--- a/zc.c ++++ b/zc.c +@@ -76,10 +76,14 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write, + ret = get_user_pages_remote(task, mm, + (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0, + pg, NULL); +-#else ++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)) + ret = get_user_pages_remote(task, mm, + (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0, + pg, NULL, NULL); ++#else ++ ret = get_user_pages_remote(mm, ++ (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0, ++ pg, NULL, NULL); + #endif + #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)) + up_read(&mm->mmap_sem); +-- +2.17.1 + diff --git a/poky/meta/recipes-kernel/dtc/dtc/0001-fdtdump-Fix-gcc11-warning.patch b/poky/meta/recipes-kernel/dtc/dtc/0001-fdtdump-Fix-gcc11-warning.patch new file mode 100644 index 0000000000..ec825cbf7b --- /dev/null +++ b/poky/meta/recipes-kernel/dtc/dtc/0001-fdtdump-Fix-gcc11-warning.patch @@ -0,0 +1,35 @@ +From 4827e0db6c4f7dea7f4094f49d3bb48ef6dfdc2d Mon Sep 17 00:00:00 2001 +From: David Gibson <david@gibson.dropbear.id.au> +Date: Wed, 6 Jan 2021 14:52:26 +1100 +Subject: [PATCH] fdtdump: Fix gcc11 warning + +In one place, fdtdump abuses fdt_set_magic(), passing it just a small char +array instead of the full fdt header it expects. That's relying on the +fact that in fact fdt_set_magic() will only actually access the first 4 +bytes of the buffer. + +This trips a new warning in GCC 11 - and it's entirely possible it was +always UB. So, don't do that. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/dtc/dtc.git/patch/?id=ca16a723fa9dde9c5da80dba567f48715000e77c] +Signed-off-by: David Gibson <david@gibson.dropbear.id.au> +--- + fdtdump.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fdtdump.c b/fdtdump.c +index 9613bef..d9fb374 100644 +--- a/fdtdump.c ++++ b/fdtdump.c +@@ -217,7 +217,7 @@ int main(int argc, char *argv[]) + char *p = buf; + char *endp = buf + len; + +- fdt_set_magic(smagic, FDT_MAGIC); ++ fdt32_st(smagic, FDT_MAGIC); + + /* poor man's memmem */ + while ((endp - p) >= FDT_MAGIC_SIZE) { +-- +2.30.1 + diff --git a/poky/meta/recipes-kernel/dtc/dtc_1.6.0.bb b/poky/meta/recipes-kernel/dtc/dtc_1.6.0.bb index 92df70d9fc..a407137859 100644 --- a/poky/meta/recipes-kernel/dtc/dtc_1.6.0.bb +++ b/poky/meta/recipes-kernel/dtc/dtc_1.6.0.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRCREV = "2525da3dba9beceb96651dc2986581871dbeca30" +SRC_URI += "file://0001-fdtdump-Fix-gcc11-warning.patch" + S = "${WORKDIR}/git" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 4f1af731d6..3f76af424b 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -1,4 +1,8 @@ SUMMARY = "Tools for managing Yocto Project style branched kernels" +DESCRIPTION = "Powerful set of tools or managing Yocto Linux kernel sources \ +and configuration data. You can use these tools to make a single configuration \ +change, apply multiple patches, or work with your own kernel sources." +HOMEPAGE = "https://www.yoctoproject.org/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://tools/kgit;beginline=5;endline=9;md5=9c30e971d435e249624278c3e343e501" diff --git a/poky/meta/recipes-kernel/kmod/kmod.inc b/poky/meta/recipes-kernel/kmod/kmod.inc index 5dae30ed88..bb678c6900 100644 --- a/poky/meta/recipes-kernel/kmod/kmod.inc +++ b/poky/meta/recipes-kernel/kmod/kmod.inc @@ -26,7 +26,6 @@ SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git \ S = "${WORKDIR}/git" -EXTRA_AUTORECONF += "--install --symlink" EXTRA_OECONF +=" --enable-tools --with-zlib" PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb index 59ce4d5124..1e32d1c8b6 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb @@ -1,4 +1,8 @@ SUMMARY = "Firmware files for use with Linux kernel" +HOMEPAGE = "https://www.kernel.org/" +DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \ +that contains firmware binary blobs necessary for partial or full functionality \ +of certain hardware devices." SECTION = "kernel" LICENSE = "\ @@ -128,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=ef0565762eac313c409567b59dff00b2 \ + file://WHENCE;md5=e21a8cbddc1612bce56f06fe154a0743 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -201,7 +205,7 @@ PE = "1" SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "1bcb1a3944c361507754a7d26ccff40ffc28d1fb93bce711d67da26b33e785b7" +SRC_URI[sha256sum] = "a2348f03492713dca9aef202496c6e58f5e63ee5bec6a7bdfcf8b18ce7155e70" inherit allarch @@ -225,6 +229,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ ${PN}-vt6656-license ${PN}-vt6656 \ + ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ ${PN}-rtl8168 \ ${PN}-cypress-license \ @@ -492,6 +497,13 @@ FILES_${PN}-netronome = " \ ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \ ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \ ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \ + ${nonarch_base_libdir}/firmware/netronome/bpf \ + ${nonarch_base_libdir}/firmware/netronome/flower \ + ${nonarch_base_libdir}/firmware/netronome/nic \ + ${nonarch_base_libdir}/firmware/netronome/nic-sriov \ " RDEPENDS_${PN}-netronome += "${PN}-netronome-license" @@ -518,6 +530,16 @@ RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license" RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license" RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" +# For RSI RS911x WiFi +LICENSE_${PN}-rs9113 = "WHENCE" +LICENSE_${PN}-rs9116 = "WHENCE" + +FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " +FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " + +RDEPENDS_${PN}-rs9113 += "${PN}-whence-license" +RDEPENDS_${PN}-rs9116 += "${PN}-whence-license" + # For rtl LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" @@ -618,7 +640,9 @@ FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bi FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*" FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin" FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin" -FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin" +FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \ +" FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin" FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin" FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin" @@ -627,12 +651,18 @@ FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \ " FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*" -FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.*" +FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \ +" FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" -FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin" +FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ +" FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" -FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin" +FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \ +" FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin" FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \ @@ -703,13 +733,21 @@ LICENSE_${PN}-cypress-license = "Firmware-cypress" FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress" FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd" -FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.*" -FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.*" -FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.*" -FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin" -FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.*" +FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*" +FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*" +FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*" +FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \ +" +FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \ +" FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ " LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc index 4ad74a27e9..2d4429b6b4 100644 --- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc +++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc @@ -1,4 +1,6 @@ SUMMARY = "Sanitized set of kernel headers for the C library's use" +HOMEPAGE = "https://www.kernel.org/" +DESCRIPTION = "Designed to maintain an Application Programming Interface (API) stable version of the Linux headers" SECTION = "devel" LICENSE = "GPLv2" diff --git a/poky/meta/recipes-kernel/linux/linux-dummy.bb b/poky/meta/recipes-kernel/linux/linux-dummy.bb index 95dc85ff2f..c56f8990de 100644 --- a/poky/meta/recipes-kernel/linux/linux-dummy.bb +++ b/poky/meta/recipes-kernel/linux/linux-dummy.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe" PROVIDES += "virtual/kernel" -inherit deploy +inherit deploy linux-dummy PACKAGES_DYNAMIC += "^kernel-module-.*" PACKAGES_DYNAMIC += "^kernel-image-.*" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index ec134e428c..c2d0458073 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "0406e600800a40015d02b16ee6a4a46c6673c66f" -SRCREV_meta ?= "4f6d6c23cc8ca5d9c39b1efc2619b1dfec1ef2bc" +SRCREV_machine ?= "b62ae8bedb024e67e7c5cda51840454a4170c858" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.98" +LINUX_VERSION ?= "5.4.116" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index ff03fd4197..1c3fe73ae5 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.98" +LINUX_VERSION ?= "5.4.116" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "fc95a485415d22eb772359b8d350c03b85c0cd1b" -SRCREV_machine ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_meta ?= "4f6d6c23cc8ca5d9c39b1efc2619b1dfec1ef2bc" +SRCREV_machine_qemuarm ?= "80bd6016a9bdaed4b66ddffffa8c8e62d7c1f8a6" +SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 91df9c1cd5..0a4d528aab 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -1,6 +1,7 @@ SUMMARY = "Linux kernel" SECTION = "kernel" LICENSE = "GPLv2" +HOMEPAGE = "https://www.yoctoproject.org/" LIC_FILES_CHKSUM ?= "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 76477f254d..094427cb02 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "28bc6b294bb1e49da671b2848234f9011efcad88" -SRCREV_machine_qemuarm64 ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_machine_qemumips ?= "105568d1696f86625cf7bc30d8c5c921732de2f4" -SRCREV_machine_qemuppc ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_machine_qemuriscv64 ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_machine_qemux86 ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_machine_qemux86-64 ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_machine_qemumips64 ?= "c76ba20ee1b1de859736f85f0210459c2104b8df" -SRCREV_machine ?= "2d0a4ea86fe97f13a4bc2a92a097e4edb51d737d" -SRCREV_meta ?= "4f6d6c23cc8ca5d9c39b1efc2619b1dfec1ef2bc" +SRCREV_machine_qemuarm ?= "e71df0530eefcac1b3248329e385bcefbad6336e" +SRCREV_machine_qemuarm64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemumips ?= "07445052fdd15e60b30dc5ae9d162c2e6bba47d1" +SRCREV_machine_qemuppc ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemuriscv64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemux86 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemux86-64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemumips64 ?= "b36d79d6f2aaf9dadec352f611e7b9becf2b9a55" +SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.98" +LINUX_VERSION ?= "5.4.116" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb index 26c247e169..3fdc8094e9 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb @@ -1,6 +1,7 @@ SECTION = "devel" SUMMARY = "Linux Trace Toolkit KERNEL MODULE" DESCRIPTION = "The lttng-modules 2.0 package contains the kernel tracer modules" +HOMEPAGE = "https://lttng.org/" LICENSE = "LGPLv2.1 & GPLv2 & MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=3f882d431dc0f32f1f44c0707aa41128" diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb index a969fffd62..e830475d0d 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb @@ -3,6 +3,7 @@ SUMMARY = "Linux Trace Toolkit Control" DESCRIPTION = "The Linux trace toolkit is a suite of tools designed \ to extract program execution details from the Linux operating system \ and interpret them." +HOMEPAGE = "https://github.com/lttng/lttng-tools" LICENSE = "GPLv2 & LGPLv2.1" LIC_FILES_CHKSUM = "file://LICENSE;md5=01d7fc4496aacf37d90df90b90b0cac1 \ diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb index c7edb20ee4..b58fa9a603 100644 --- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb +++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb @@ -1,4 +1,5 @@ SUMMARY = "Build tools needed by external modules" +HOMEPAGE = "https://www.yoctoproject.org/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" @@ -15,8 +16,10 @@ do_compile[depends] += "virtual/kernel:do_compile_kernelmodules" RDEPENDS_${PN}-dev = "" DEPENDS += "bc-native bison-native" +DEPENDS += "gmp-native" EXTRA_OEMAKE = " HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"" +EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS}"" # Build some host tools under work-shared. CC, LD, and AR are probably # not used, but this is the historical way of invoking "make scripts". diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 578b871e9e..b6f50583f7 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -265,7 +265,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-archive =+ "bash" -RDEPENDS_${PN}-python =+ "bash python3 python3-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python3', '', d)}" +RDEPENDS_${PN}-python =+ "bash python3 python3-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" RDEPENDS_${PN}-tests =+ "python3" diff --git a/poky/meta/recipes-kernel/systemtap/systemtap-uprobes_git.bb b/poky/meta/recipes-kernel/systemtap/systemtap-uprobes_git.bb index 46820ef489..6ee0be5e3e 100644 --- a/poky/meta/recipes-kernel/systemtap/systemtap-uprobes_git.bb +++ b/poky/meta/recipes-kernel/systemtap/systemtap-uprobes_git.bb @@ -1,5 +1,5 @@ SUMMARY = "UProbes kernel module for SystemTap" - +HOMEPAGE = "https://sourceware.org/systemtap/" require systemtap_git.inc DEPENDS = "systemtap virtual/kernel" diff --git a/poky/meta/recipes-kernel/systemtap/systemtap_git.bb b/poky/meta/recipes-kernel/systemtap/systemtap_git.bb index 1c9f2aed16..bdd8fb83b0 100644 --- a/poky/meta/recipes-kernel/systemtap/systemtap_git.bb +++ b/poky/meta/recipes-kernel/systemtap/systemtap_git.bb @@ -1,4 +1,7 @@ SUMMARY = "Script-directed dynamic tracing and performance analysis tool for Linux" +DESCRIPTION = "It provides free software infrastructure to simplify the \ +gathering of information about the running Linux system. This assists \ +diagnosis of a performance or functional problem." HOMEPAGE = "https://sourceware.org/systemtap/" require systemtap_git.inc diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.11.20.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb index b3567bca95..f79c0b29ea 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.11.20.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52" +SRC_URI[sha256sum] = "9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa" inherit bin_package allarch diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.1.2.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.1.2.bb index e2bc61fbe9..4867c798b9 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.1.2.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.1.2.bb @@ -1,4 +1,6 @@ SUMMARY = "ALSA sound library" +DESCRIPTION = "(Occasionally a.k.a. libasound) is a userspace library that \ +provides a level of abstraction over the /dev interfaces provided by the kernel modules." HOMEPAGE = "http://www.alsa-project.org" BUGTRACKER = "http://alsa-project.org/main/index.php/Bug_Tracking" SECTION = "libs/multimedia" diff --git a/poky/meta/recipes-multimedia/alsa/alsa-plugins_1.2.1.bb b/poky/meta/recipes-multimedia/alsa/alsa-plugins_1.2.1.bb index 61d394b0f0..659eea672f 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-plugins_1.2.1.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-plugins_1.2.1.bb @@ -1,4 +1,7 @@ SUMMARY = "ALSA Plugins" +DESCRIPTION = "Used to create virtual devices that can be used like normal \ +hardware devices but cause extra processing of the sound stream to take place. \ +They are used while configuring ALSA in the .asoundrc file." HOMEPAGE = "http://alsa-project.org" BUGTRACKER = "http://alsa-project.org/main/index.php/Bug_Tracking" SECTION = "multimedia" diff --git a/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb b/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb index c1f4acdb03..c979d7642e 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb @@ -1,4 +1,7 @@ SUMMARY = "Advanced tools for certain ALSA sound card drivers" +DESCRIPTION = "Package containing a number of tools ranging from envy24control \ +which provides complete control over all devices with an envy24 chip, to \ +firmware loaders for pcmcia, USB and the hdsp devices." HOMEPAGE = "http://www.alsa-project.org" BUGTRACKER = "http://alsa-project.org/main/index.php/Bug_Tracking" SECTION = "console/utils" diff --git a/poky/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb b/poky/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb index 5101cc7b7a..2ff5494c99 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb @@ -1,4 +1,7 @@ SUMMARY = "ALSA topology configuration files" +DESCRIPTION = "Provides a method for audio drivers to load their mixers, \ +routing, PCMs and capabilities from user space at runtime without changing \ +any driver source code." HOMEPAGE = "https://alsa-project.org" BUGTRACKER = "https://alsa-project.org/wiki/Bug_Tracking" LICENSE = "BSD-3-Clause" diff --git a/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb b/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb index a432d5de07..ee1688b421 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb @@ -1,4 +1,7 @@ SUMMARY = "ALSA Use Case Manager configuration" +DESCRIPTION = "This package contains ALSA Use Case Manager configuration \ +of audio input/output names and routing for specific audio hardware. \ +They can be used with the alsaucm tool. " HOMEPAGE = "https://alsa-project.org" BUGTRACKER = "https://alsa-project.org/wiki/Bug_Tracking" LICENSE = "BSD-3-Clause" diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.1.bb b/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.1.bb index 1dc30f377b..54aa2f9544 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.1.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.1.bb @@ -1,4 +1,6 @@ SUMMARY = "ALSA sound utilities" +DESCRIPTION = "collection of small and often extremely powerful applications \ +designed to allow users to control the various parts of the ALSA system." HOMEPAGE = "http://www.alsa-project.org" BUGTRACKER = "http://alsa-project.org/main/index.php/Bug_Tracking" SECTION = "console/utils" diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb index cc7a7e78e2..af79a6f952 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb @@ -1,4 +1,7 @@ SUMMARY = "GStreamer examples (including gtk-play, gst-play)" +DESCRIPTION = "GStreamer example applications" +HOMEPAGE = "https://gitlab.freedesktop.org/gstreamer/gst-examples" +BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-examples/-/issues" LICENSE = "LGPL-2.0+" LIC_FILES_CHKSUM = "file://playback/player/gtk/gtk-play.c;beginline=1;endline=20;md5=f8c72dae3d36823ec716a9ebcae593b9" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb index 98355a1b75..a8ad777422 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb @@ -1,4 +1,6 @@ SUMMARY = "Libav-based GStreamer 1.x plugin" +DESCRIPTION = "Contains a GStreamer plugin for using the encoders, decoders, \ +muxers, and demuxers provided by FFmpeg." HOMEPAGE = "http://gstreamer.freedesktop.org/" SECTION = "multimedia" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb index 1aa13cf73c..46653e2392 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb @@ -1,4 +1,5 @@ SUMMARY = "OpenMAX IL plugins for GStreamer" +DESCRIPTION = "Wraps available OpenMAX IL components and makes them available as standard GStreamer elements." HOMEPAGE = "http://gstreamer.freedesktop.org/" SECTION = "multimedia" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb index ffbaaf425a..f741db2172 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb @@ -1,5 +1,9 @@ require gstreamer1.0-plugins-common.inc +DESCRIPTION = "'Bad' GStreamer plugins and helper libraries " +HOMEPAGE = "https://gstreamer.freedesktop.org/" +BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/issues" + SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-${PV}.tar.xz \ file://0001-meson-build-gir-even-when-cross-compiling-if-introsp.patch \ diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb index 9daaf7587e..f8f5caa94a 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb @@ -1,5 +1,8 @@ require gstreamer1.0-plugins-common.inc +DESCRIPTION = "'Base' GStreamer plugins and helper libraries" +HOMEPAGE = "https://gstreamer.freedesktop.org/" +BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues" LICENSE = "GPLv2+ & LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \ file://common/coverage/coverage-report.pl;beginline=2;endline=17;md5=a4e1830fce078028c8f0974161272607" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb index 75dd029109..b3f17d4a4a 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb @@ -1,5 +1,9 @@ require gstreamer1.0-plugins-common.inc +DESCRIPTION = "'Good' GStreamer plugins" +HOMEPAGE = "https://gstreamer.freedesktop.org/" +BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues" + SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \ file://0001-qmlgl-ensure-Qt-defines-GLsync-to-fix-compile-on-som.patch \ @@ -30,6 +34,8 @@ X11DEPENDS = "virtual/libx11 libsm libxrender libxfixes libxdamage" X11ENABLEOPTS = "-Dximagesrc=enabled -Dximagesrc-xshm=enabled -Dximagesrc-xfixes=enabled -Dximagesrc-xdamage=enabled" X11DISABLEOPTS = "-Dximagesrc=disabled -Dximagesrc-xshm=disabled -Dximagesrc-xfixes=disabled -Dximagesrc-xdamage=disabled" +QT5WAYLANDDEPENDS = "${@bb.utils.contains("DISTRO_FEATURES", "wayland", "qtwayland", "", d)}" + PACKAGECONFIG[bz2] = "-Dbz2=enabled,-Dbz2=disabled,bzip2" PACKAGECONFIG[cairo] = "-Dcairo=enabled,-Dcairo=disabled,cairo" PACKAGECONFIG[dv1394] = "-Ddv1394=enabled,-Ddv1394=disabled,libiec61883 libavc1394 libraw1394" @@ -44,7 +50,7 @@ PACKAGECONFIG[libpng] = "-Dpng=enabled,-Dpng=disabled,libpng" PACKAGECONFIG[libv4l2] = "-Dv4l2-libv4l2=enabled,-Dv4l2-libv4l2=disabled,v4l-utils" PACKAGECONFIG[mpg123] = "-Dmpg123=enabled,-Dmpg123=disabled,mpg123" PACKAGECONFIG[pulseaudio] = "-Dpulse=enabled,-Dpulse=disabled,pulseaudio" -PACKAGECONFIG[qt5] = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native" +PACKAGECONFIG[qt5] = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native ${QT5WAYLANDDEPENDS}" PACKAGECONFIG[soup] = "-Dsoup=enabled,-Dsoup=disabled,libsoup-2.4" PACKAGECONFIG[speex] = "-Dspeex=enabled,-Dspeex=disabled,speex" PACKAGECONFIG[taglib] = "-Dtaglib=enabled,-Dtaglib=disabled,taglib" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb index d9ec82d887..afde9a013d 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb @@ -1,5 +1,9 @@ require gstreamer1.0-plugins-common.inc +DESCRIPTION = "'Ugly GStreamer plugins" +HOMEPAGE = "https://gstreamer.freedesktop.org/" +BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues" + LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 \ file://tests/check/elements/xingmux.c;beginline=1;endline=21;md5=4c771b8af188724855cb99cadd390068" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb index 14b34a2808..9c7f0e078c 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb @@ -1,4 +1,6 @@ SUMMARY = "Python bindings for GStreamer 1.0" +DESCRIPTION = "GStreamer Python binding overrides (complementing the bindings \ +provided by python-gi) " HOMEPAGE = "http://cgit.freedesktop.org/gstreamer/gst-python/" SECTION = "multimedia" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb index 9d9b1b8757..af9b2c5a97 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb @@ -1,4 +1,5 @@ SUMMARY = "VA-API support to GStreamer" +HOMEPAGE = "https://gstreamer.freedesktop.org/" DESCRIPTION = "gstreamer-vaapi consists of a collection of VA-API \ based plugins for GStreamer and helper libraries: `vaapidecode', \ `vaapiconvert', and `vaapisink'." diff --git a/poky/meta/recipes-multimedia/lame/lame_3.100.bb b/poky/meta/recipes-multimedia/lame/lame_3.100.bb index 7f8996fb52..d007e0a495 100644 --- a/poky/meta/recipes-multimedia/lame/lame_3.100.bb +++ b/poky/meta/recipes-multimedia/lame/lame_3.100.bb @@ -1,5 +1,6 @@ SUMMARY = "High quality MP3 audio encoder" -HOMEPAGE = "http://lame.sourceforge.net/" +DESCRIPTION = "LAME is an educational tool to be used for learning about MP3 encoding." +HOMEPAGE = "https://lame.sourceforge.io/" BUGTRACKER = "http://sourceforge.net/tracker/?group_id=290&atid=100290" SECTION = "console/utils" LICENSE = "LGPLv2+" diff --git a/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb b/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb index 8ff8889b60..0ef5d947c3 100644 --- a/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb +++ b/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb @@ -1,4 +1,7 @@ SUMMARY = "ATSC A/52 surround sound stream decoder" +DESCRIPTION = "Library for decoding ATSC A/52 streams. The A/52 standard \ +is used in a variety of applications, including digital television \ +and DVD. It is also known as AC-3." HOMEPAGE = "http://liba52.sourceforge.net/" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ diff --git a/poky/meta/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch b/poky/meta/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch new file mode 100644 index 0000000000..0d1d0dc381 --- /dev/null +++ b/poky/meta/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch @@ -0,0 +1,21 @@ +configure contains CFLAGS filtering code which was removing our prefix-map +flags. We need those to generate reproducible binaries. Allow them through. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: libid3tag-0.15.1b/configure.ac +=================================================================== +--- libid3tag-0.15.1b.orig/configure.ac ++++ libid3tag-0.15.1b/configure.ac +@@ -99,6 +99,10 @@ do + -mno-cygwin) + shift + ;; ++ -fmacro-prefix-map*|-fdebug-prefix-map*) ++ CFLAGS="$CFLAGS $1" ++ shift ++ ;; + -m*) + arch="$arch $1" + shift diff --git a/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index 0312a610c0..80581765ac 100644 --- a/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \ file://0001-Fix-gperf-3.1-incompatibility.patch \ file://10_utf16.patch \ file://unknown-encoding.patch \ + file://cflags_filter.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$" diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb index 8c53d11642..3c46fa3302 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb @@ -1,4 +1,7 @@ SUMMARY = "PNG image format decoding library" +DESCRIPTION = "An open source project to develop and maintain the reference \ +library for use in applications that read, create, and manipulate PNG \ +(Portable Network Graphics) raster image files. " HOMEPAGE = "http://www.libpng.org/" SECTION = "libs" LICENSE = "Libpng" diff --git a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb index ae08189441..6dfc42b436 100644 --- a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb +++ b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb @@ -1,4 +1,5 @@ SUMMARY = "Audio Sample Rate Conversion library" +DESCRIPTION = "Also known as Secret Rabbit Code - a library for performing sample rate conversion of audio data." HOMEPAGE = "http://www.mega-nerd.com/SRC/" SECTION = "libs" LICENSE = "BSD-2-Clause" diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index b100108766..044881a859 100644 --- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -1,4 +1,7 @@ SUMMARY = "Audio format Conversion library" +DESCRIPTION = "Library for reading and writing files containing sampled \ +sound (such as MS Windows WAV and the Apple/SGI AIFF format) through \ +one standard library interface." HOMEPAGE = "http://www.mega-nerd.com/libsndfile" AUTHOR = "Erik de Castro Lopo" DEPENDS = "flac libogg libvorbis" diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch new file mode 100644 index 0000000000..1f30b32799 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch @@ -0,0 +1,55 @@ +From c8d613ef497058fe653c467fc84c70a62a4a71b2 Mon Sep 17 00:00:00 2001 +From: Thomas Bernard <miniupnp@free.fr> +Date: Tue, 10 Nov 2020 01:54:30 +0100 +Subject: [PATCH] gtTileContig(): check Tile width for overflow + +fixes #211 + +Upstream-Status: Backport [ https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 ] +CVE: CVE-2020-35523 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + libtiff/tif_getimage.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index 4da785d3..96ab1460 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -29,6 +29,7 @@ + */ + #include "tiffiop.h" + #include <stdio.h> ++#include <limits.h> + + static int gtTileContig(TIFFRGBAImage*, uint32*, uint32, uint32); + static int gtTileSeparate(TIFFRGBAImage*, uint32*, uint32, uint32); +@@ -645,12 +646,20 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) + + flip = setorientation(img); + if (flip & FLIP_VERTICALLY) { +- y = h - 1; +- toskew = -(int32)(tw + w); ++ if ((tw + w) > INT_MAX) { ++ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "unsupported tile size (too wide)"); ++ return (0); ++ } ++ y = h - 1; ++ toskew = -(int32)(tw + w); + } + else { +- y = 0; +- toskew = -(int32)(tw - w); ++ if (tw > (INT_MAX + w)) { ++ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "unsupported tile size (too wide)"); ++ return (0); ++ } ++ y = 0; ++ toskew = -(int32)(tw - w); + } + + /* +-- +GitLab + + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch new file mode 100644 index 0000000000..5232eacb50 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch @@ -0,0 +1,42 @@ +From c6a12721b46f1a72974f91177890301730d7b330 Mon Sep 17 00:00:00 2001 +From: Thomas Bernard <miniupnp@free.fr> +Date: Tue, 10 Nov 2020 01:01:59 +0100 +Subject: [PATCH] tiff2pdf.c: properly calculate datasize when saving to JPEG + YCbCr + +fixes #220 +Upstream-Status: Backport +https://gitlab.com/libtiff/libtiff/-/commit/c6a12721b46f1a72974f91177890301730d7b330 +https://gitlab.com/libtiff/libtiff/-/merge_requests/159/commits +CVE: CVE-2021-35524 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + tools/tiff2pdf.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 719811ea..dc69d2f9 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -2087,9 +2087,14 @@ void t2p_read_tiff_size(T2P* t2p, TIFF* input){ + #endif + (void) 0; + } +- k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); +- if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ +- k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); ++ if(t2p->pdf_compression == T2P_COMPRESS_JPEG ++ && t2p->tiff_photometric == PHOTOMETRIC_YCBCR) { ++ k = checkMultiply64(TIFFNumberOfStrips(input), TIFFStripSize(input), t2p); ++ } else { ++ k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); ++ if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ ++ k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); ++ } + } + if (k == 0) { + /* Assume we had overflow inside TIFFScanlineSize */ +-- +GitLab + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch new file mode 100644 index 0000000000..406d467766 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch @@ -0,0 +1,36 @@ +From d74f56e3b7ea55c8a18a03bc247cd5fd0ca288b2 Mon Sep 17 00:00:00 2001 +From: Thomas Bernard <miniupnp@free.fr> +Date: Tue, 10 Nov 2020 02:05:05 +0100 +Subject: [PATCH] Fix for building without JPEG support + +Upstream-Status: Backport +https://gitlab.com/libtiff/libtiff/-/commit/d74f56e3b7ea55c8a18a03bc247cd5fd0ca288b2 +https://gitlab.com/libtiff/libtiff/-/merge_requests/159/commits +CVE: CVE-2021-35524 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiff2pdf.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index dc69d2f9..d0b0ede7 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -2087,10 +2087,13 @@ void t2p_read_tiff_size(T2P* t2p, TIFF* input){ + #endif + (void) 0; + } ++#ifdef JPEG_SUPPORT + if(t2p->pdf_compression == T2P_COMPRESS_JPEG + && t2p->tiff_photometric == PHOTOMETRIC_YCBCR) { + k = checkMultiply64(TIFFNumberOfStrips(input), TIFFStripSize(input), t2p); +- } else { ++ } else ++#endif ++ { + k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); + if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ + k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); +-- +GitLab + diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 1f92c18513..cfea18ed29 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -1,10 +1,17 @@ SUMMARY = "Provides support for the Tag Image File Format (TIFF)" +DESCRIPTION = "Library provides support for the Tag Image File Format \ +(TIFF), a widely used format for storing image data. This library \ +provide means to easily access and create TIFF image files." +HOMEPAGE = "http://www.libtiff.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf" CVE_PRODUCT = "libtiff" SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ + file://CVE-2020-35523.patch \ + file://CVE-2020-35524-1.patch \ + file://CVE-2020-35524-2.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" @@ -12,6 +19,10 @@ SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d677 # exclude betas UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" +# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 +# and 4.1.0 doesn't have the issue +CVE_CHECK_WHITELIST += "CVE-2015-7313" + inherit autotools multilib_header CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no" diff --git a/poky/meta/recipes-multimedia/mpeg2dec/mpeg2dec_0.5.1.bb b/poky/meta/recipes-multimedia/mpeg2dec/mpeg2dec_0.5.1.bb index 00ca3675ca..d603602584 100644 --- a/poky/meta/recipes-multimedia/mpeg2dec/mpeg2dec_0.5.1.bb +++ b/poky/meta/recipes-multimedia/mpeg2dec/mpeg2dec_0.5.1.bb @@ -1,5 +1,9 @@ SUMMARY = "Library and test program for decoding MPEG-2 and MPEG-1 video streams" -HOMEPAGE = "http://libmpeg2.sourceforge.net/" +DESCRIPTION = "mpeg2dec is a test program for libmpeg2. It decodes \ +mpeg-1 and mpeg-2 video streams, and also includes a demultiplexer \ +for mpeg-1 and mpeg-2 program streams. The main purpose of mpeg2dec \ +is to have a simple test bed for libmpeg2." +HOMEPAGE = "https://libmpeg2.sourceforge.io/" SECTION = "libs" LICENSE = "GPLv2+" LICENSE_FLAGS = "commercial" diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc index 417eb1d9d3..317983edb2 100644 --- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc +++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc @@ -1,4 +1,6 @@ SUMMARY = "Sound server for Linux and Unix-like operating systems" +DESCRIPTION = "A general purpose sound server intended to run as a middleware \ +between your applications and your hardware devices, either using ALSA or OSS." HOMEPAGE = "http://www.pulseaudio.org" AUTHOR = "Lennart Poettering" SECTION = "libs/multimedia" diff --git a/poky/meta/recipes-rt/rt-tests/rt-tests_1.1.bb b/poky/meta/recipes-rt/rt-tests/rt-tests_1.1.bb index dad252b4ed..1db86b5067 100644 --- a/poky/meta/recipes-rt/rt-tests/rt-tests_1.1.bb +++ b/poky/meta/recipes-rt/rt-tests/rt-tests_1.1.bb @@ -1,5 +1,6 @@ SUMMARY = "Real-Time preemption testcases" -HOMEPAGE = "https://rt.wiki.kernel.org/index.php/Cyclictest" +HOMEPAGE = "https://wiki.linuxfoundation.org/realtime/documentation/start" +DESCRIPTION = "The main aim of the PREEMPT_RT patch is to minimize the amount of kernel code that is non-preemptible Therefore several substitution mechanisms and new mechanisms are implemented." SECTION = "tests" DEPENDS = "linux-libc-headers virtual/libc" LICENSE = "GPLv2 & GPLv2+" diff --git a/poky/meta/recipes-sato/images/core-image-sato-dev.bb b/poky/meta/recipes-sato/images/core-image-sato-dev.bb index 7fa69d0997..f45a83273c 100644 --- a/poky/meta/recipes-sato/images/core-image-sato-dev.bb +++ b/poky/meta/recipes-sato/images/core-image-sato-dev.bb @@ -3,5 +3,6 @@ require core-image-sato.bb DESCRIPTION = "Image with Sato for development work. It includes everything \ within core-image-sato plus a native toolchain, application development and \ testing libraries, profiling and debug symbols." +HOMEPAGE = "https://www.yoctoproject.org/" IMAGE_FEATURES += "dev-pkgs" diff --git a/poky/meta/recipes-sato/images/core-image-sato-ptest-fast.bb b/poky/meta/recipes-sato/images/core-image-sato-ptest-fast.bb index 4f08d6eb64..d37ad00cf8 100644 --- a/poky/meta/recipes-sato/images/core-image-sato-ptest-fast.bb +++ b/poky/meta/recipes-sato/images/core-image-sato-ptest-fast.bb @@ -7,6 +7,7 @@ require conf/distro/include/ptest-packagelists.inc IMAGE_INSTALL += "${PTESTS_FAST}" DESCRIPTION += "Also includes ptest packages with fast execution times to allow for more automated QA." +HOMEPAGE = "https://www.yoctoproject.org/" # This image is sufficiently large (~1.8GB) that it can't actually fit in a live # image (which has a 4GB limit), so nullify the overhead factor (1.3x out of the diff --git a/poky/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb b/poky/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb index 4d59c9536b..eea89a5d6c 100644 --- a/poky/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb +++ b/poky/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb @@ -5,6 +5,7 @@ require core-image-sato-sdk.bb require conf/distro/include/ptest-packagelists.inc DESCRIPTION += "Also includes ptest packages." +HOMEPAGE = "https://www.yoctoproject.org/" PROVIDES += "core-image-sato-ptest" diff --git a/poky/meta/recipes-sato/images/core-image-sato-sdk.bb b/poky/meta/recipes-sato/images/core-image-sato-sdk.bb index d7cc52b52b..b52de0def0 100644 --- a/poky/meta/recipes-sato/images/core-image-sato-sdk.bb +++ b/poky/meta/recipes-sato/images/core-image-sato-sdk.bb @@ -3,6 +3,7 @@ require core-image-sato.bb DESCRIPTION = "Image with Sato support that includes everything within \ core-image-sato plus meta-toolchain, development headers and libraries to \ form a standalone SDK." +HOMEPAGE = "https://www.yoctoproject.org/" IMAGE_FEATURES += "dev-pkgs tools-sdk \ tools-debug eclipse-debug tools-profile tools-testapps debug-tweaks ssh-server-openssh" diff --git a/poky/meta/recipes-sato/images/core-image-sato.bb b/poky/meta/recipes-sato/images/core-image-sato.bb index 673106eb6d..e50b24a476 100644 --- a/poky/meta/recipes-sato/images/core-image-sato.bb +++ b/poky/meta/recipes-sato/images/core-image-sato.bb @@ -1,6 +1,7 @@ DESCRIPTION = "Image with Sato, a mobile environment and visual style for \ mobile devices. The image supports X11 with a Sato theme, Pimlico \ applications, and contains terminal, editor, and file manager." +HOMEPAGE = "https://www.yoctoproject.org/" IMAGE_FEATURES += "splash package-management x11-base x11-sato ssh-server-dropbear hwcodecs" diff --git a/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb b/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb index 6fdcc3e392..85c2c500ea 100644 --- a/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb +++ b/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb @@ -1,4 +1,8 @@ SUMMARY = "Simple GTK+ Text Editor" +DESCRIPTION = "L3afpad is a simple GTK+ text editor that emphasizes simplicity. As development \ +focuses on keeping weight down to a minimum, only the most essential features \ +are implemented in the editor. L3afpad is simple to use, is easily compiled, \ +requires few libraries, and starts up quickly." HOMEPAGE = "https://github.com/stevenhoneyman/l3afpad" # Note that COPYING seems to mistakenly contain LGPLv2.1. diff --git a/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb b/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb index 5c23e85202..cc51f47b63 100644 --- a/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb +++ b/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb @@ -1,4 +1,5 @@ SUMMARY = "Matchbox Window Manager Desktop" +DESCRIPTION = "A lightweight windows manager for embedded systems. It uses the desktop background to provide an application launcher and allows modules to be loaded for additional functionality." HOMEPAGE = "http://matchbox-project.org/" BUGTRACKER = "http://bugzilla.yoctoproject.org/" diff --git a/poky/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb b/poky/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb index dfc7fbad57..49e37bd77c 100644 --- a/poky/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb +++ b/poky/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Matchbox virtual keyboard for X11" +DESCRIPTION = "An on screen 'virtual' or 'software' keyboard." HOMEPAGE = "http://matchbox-project.org" BUGTRACKER = "http://bugzilla.yoctoproject.org/" SECTION = "x11" diff --git a/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb b/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb index 2e6f5b7085..c659964a2b 100644 --- a/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb +++ b/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb @@ -1,4 +1,6 @@ SUMMARY = "Simple GTK+ based panel for handheld devices" +DESCRIPTION = "A flexible always present 'window bar' for holding application \ +launchers and small 'applet' style applications" HOMEPAGE = "http://matchbox-project.org" BUGTRACKER = "http://bugzilla.yoctoproject.org/" diff --git a/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb b/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb index ed3f1a69a1..25725e078d 100644 --- a/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb +++ b/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb @@ -3,6 +3,8 @@ # SUMMARY = "Sato desktop" +DESCRIPTION = "Packagegroups provide a convenient mechanism of bundling a collection of packages." +HOMEPAGE = "https://www.yoctoproject.org/" PR = "r33" PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.1.bb b/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.1.bb index 7885e0abae..153fbeb0b7 100644 --- a/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.1.bb +++ b/poky/meta/recipes-sato/pcmanfm/pcmanfm_1.3.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Fast lightweight tabbed filemanager" +DESCRIPTION = "A free file manager application and the standard file manager of LXDE." HOMEPAGE = "http://pcmanfm.sourceforge.net/" LICENSE = "GPLv2 & GPLv2+ & LGPLv2.1+" diff --git a/poky/meta/recipes-sato/puzzles/puzzles_git.bb b/poky/meta/recipes-sato/puzzles/puzzles_git.bb index 41b78d6fe1..befe4a53f4 100644 --- a/poky/meta/recipes-sato/puzzles/puzzles_git.bb +++ b/poky/meta/recipes-sato/puzzles/puzzles_git.bb @@ -1,4 +1,5 @@ SUMMARY = "Simon Tatham's Portable Puzzle Collection" +DESCRIPTION = "Collection of small computer programs which implement one-player puzzle games." HOMEPAGE = "http://www.chiark.greenend.org.uk/~sgtatham/puzzles/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=6099f4981f9461d7f411091e69a7f07a" diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc index b568f04580..0e5bcbe480 100644 --- a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc +++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc @@ -5,6 +5,7 @@ terminal emulator rxvt, modified to store text in Unicode \ (either UCS-2 or UCS-4) and to use locale-correct input and \ output. It also supports mixing multiple fonts at the \ same time, including Xft fonts." +HOMEPAGE = "https://rxvt.org/" DEPENDS = "virtual/libx11 libxt libxft gdk-pixbuf libxmu" SRC_URI = "http://dist.schmorp.de/rxvt-unicode/Attic/rxvt-unicode-${PV}.tar.bz2 \ diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/0001-libev-remove-deprecated-throw-specification.patch b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/0001-libev-remove-deprecated-throw-specification.patch new file mode 100644 index 0000000000..f10dca09d6 --- /dev/null +++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/0001-libev-remove-deprecated-throw-specification.patch @@ -0,0 +1,30 @@ +From 9a8f1d73e7b7e183768a8379ef32429a84f0e5c2 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 26 Feb 2021 18:11:56 -0800 +Subject: [PATCH] libev: remove deprecated throw specification + +removes the throw specifications that are deprecated since C++11: +warning: dynamic exception specifications are deprecated in C++11 [-Wdeprecated] + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libev/ev++.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libev/ev++.h b/libev/ev++.h +index 4f0a36a..85ddf44 100644 +--- a/libev/ev++.h ++++ b/libev/ev++.h +@@ -376,7 +376,7 @@ namespace ev { + + struct default_loop : loop_ref + { +- default_loop (unsigned int flags = AUTO) throw (bad_loop) ++ default_loop (unsigned int flags = AUTO) + #if EV_MULTIPLICITY + : loop_ref (ev_default_loop (flags)) + #endif +-- +2.30.1 + diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb index bfa8a614df..283e8d7751 100644 --- a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb +++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb @@ -4,5 +4,7 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6" -SRC_URI[md5sum] = "93782dec27494eb079467dacf6e48185" +SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch" + SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd" + diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb index c9b9bf0f50..432fa3255c 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb @@ -1,8 +1,8 @@ SUMMARY = "Apache Portable Runtime (APR) library" -DESCRIPTION = "The Apache Portable Runtime (APR) is a supporting library for the \ -Apache web server. It provides a set of APIs that map to the underlying \ -operating system (OS). Where the OS does not support a particular function, \ -APR will provide an emulation." + +DESCRIPTION = "Create and maintain software libraries that provide a predictable \ +and consistent interface to underlying platform-specific implementations." + HOMEPAGE = "http://apr.apache.org/" SECTION = "libs" DEPENDS = "util-linux" diff --git a/poky/meta/recipes-support/argp-standalone/argp-standalone_1.3.bb b/poky/meta/recipes-support/argp-standalone/argp-standalone_1.3.bb index 21bbcab3d3..d1db562bb5 100644 --- a/poky/meta/recipes-support/argp-standalone/argp-standalone_1.3.bb +++ b/poky/meta/recipes-support/argp-standalone/argp-standalone_1.3.bb @@ -2,6 +2,7 @@ # Released under the MIT license (see COPYING.MIT for the terms) SUMMARY = "Glibc hierarchical argument parsing standalone library" +DESCRIPTION = "Standalone version of arguments parsing functions from GLIBC" HOMEPAGE = "http://www.lysator.liu.se/~nisse/misc/" LICENSE = "LGPL-2.1" LIC_FILES_CHKSUM = "file://argp.h;beginline=1;endline=20;md5=008b7e53dea6f9e1d9fdef0d9cf3184a" diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb index f1d931b39c..6548c54b64 100644 --- a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb +++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb @@ -1,10 +1,15 @@ SUMMARY = "GNU Aspell spell-checker" -DESCRIPTION = "GNU Aspell is a spell-checker which can be used either as a \ -standalone application or embedded in other programs. Its main feature is that \ -it does a much better job of suggesting possible spellings than just about any \ -other spell-checker available for the English language" + +DESCRIPTION = "Spell checker designed to eventually replace Ispell. \ +It can either be used as a library or as an independent spell checker. \ +Its main feature is that it does a superior job of suggesting possible \ +replacements for a misspelled word than just about any other spell \ +checker out there for the English language." + SECTION = "console/utils" +HOMEPAGE = "http://aspell.net/" + LICENSE = "LGPLv2 | LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34" diff --git a/poky/meta/recipes-support/atk/at-spi2-atk_2.34.1.bb b/poky/meta/recipes-support/atk/at-spi2-atk_2.34.1.bb index c297912588..ad30617e56 100644 --- a/poky/meta/recipes-support/atk/at-spi2-atk_2.34.1.bb +++ b/poky/meta/recipes-support/atk/at-spi2-atk_2.34.1.bb @@ -1,5 +1,7 @@ SUMMARY = "AT-SPI 2 Toolkit Bridge" +DESCRIPTION = "Contains a library that bridges ATK to At-Spi2 D-Bus service. Toolkit widgets use it to provide their content to screen readers such as Orca." HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus" +BUGTRACKER = "http://bugzilla.gnome.org/" LICENSE = "LGPL-2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb index bcef8ef169..2ad09878b7 100644 --- a/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb +++ b/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb @@ -1,7 +1,9 @@ SUMMARY = "Assistive Technology Service Provider Interface (dbus core)" -DESCRIPTION = "At-Spi2 is a protocol over DBus, toolkit widgets use it to \ -provide their content to screen readers such as Orca." + +DESCRIPTION = "It provides a Service Provider Interface for the Assistive Technologies available on the GNOME platform and a library against which applications can be linked." + HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus" +BUGTRACKER = "http://bugzilla.gnome.org/" LICENSE = "LGPL-2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" diff --git a/poky/meta/recipes-support/atk/atk_2.34.1.bb b/poky/meta/recipes-support/atk/atk_2.34.1.bb index 741350ffe5..25ef3c6c52 100644 --- a/poky/meta/recipes-support/atk/atk_2.34.1.bb +++ b/poky/meta/recipes-support/atk/atk_2.34.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Accessibility toolkit for GNOME" +DESCRIPTION = "Provides application programming interfaces (APIs) for implementing accessibility support in software." HOMEPAGE = "https://wiki.gnome.org/Accessibility" BUGTRACKER = "https://gitlab.gnome.org/GNOME/atk/-/issues" SECTION = "x11/libs" diff --git a/poky/meta/recipes-support/attr/acl_2.2.53.bb b/poky/meta/recipes-support/attr/acl_2.2.53.bb index b120c1f16f..7cee45948d 100644 --- a/poky/meta/recipes-support/attr/acl_2.2.53.bb +++ b/poky/meta/recipes-support/attr/acl_2.2.53.bb @@ -1,7 +1,10 @@ SUMMARY = "Utilities for managing POSIX Access Control Lists" -HOMEPAGE = "http://savannah.nongnu.org/projects/acl/" DESCRIPTION = "ACL allows you to provide different levels of access to files \ and folders for different users." + +HOMEPAGE = "http://savannah.nongnu.org/projects/acl/" +BUGTRACKER = "http://savannah.nongnu.org/bugs/?group=acl" + SECTION = "libs" LICENSE = "LGPLv2.1+ & GPLv2+" diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc index 8515f96bf7..30ba0b4445 100644 --- a/poky/meta/recipes-support/attr/attr.inc +++ b/poky/meta/recipes-support/attr/attr.inc @@ -1,8 +1,6 @@ SUMMARY = "Utilities for manipulating filesystem extended attributes" -DESCRIPTION = "A set of tools for manipulating extended attributes on filesystem \ -objects, in particular getfattr(1) and setfattr(1). An attr(1) command \ -is also provided which is largely compatible with the SGI IRIX tool of \ -the same name." +DESCRIPTION = "Implement the ability for a user to attach name:value pairs to objects within the XFS filesystem." + HOMEPAGE = "http://savannah.nongnu.org/projects/attr/" SECTION = "libs" diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.10.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.10.bb index 58e565dee5..1f99bf7386 100644 --- a/poky/meta/recipes-support/bash-completion/bash-completion_2.10.bb +++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.10.bb @@ -1,6 +1,9 @@ SUMMARY = "Programmable Completion for Bash 4" -DESCRIPTION = "bash completion extends bash's standard completion behavior to \ -achieve complex command lines with just a few keystrokes." +DESCRIPTION = "Collection of command line command completions for the Bash shell, \ +collection of helper functions to assist in creating new completions, \ +and set of facilities for loading completions automatically on demand, as well \ +as installing them." + HOMEPAGE = "https://github.com/scop/bash-completion" BUGTRACKER = "https://github.com/scop/bash-completion/issues" diff --git a/poky/meta/recipes-support/boost/boost-1.72.0.inc b/poky/meta/recipes-support/boost/boost-1.72.0.inc index 55a095bf1c..d152895f09 100644 --- a/poky/meta/recipes-support/boost/boost-1.72.0.inc +++ b/poky/meta/recipes-support/boost/boost-1.72.0.inc @@ -11,7 +11,7 @@ BOOST_VER = "${@"_".join(d.getVar("PV").split("."))}" BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}" BOOST_P = "boost_${BOOST_VER}" -SRC_URI = "https://dl.bintray.com/boostorg/release/${PV}/source/${BOOST_P}.tar.bz2" +SRC_URI = "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2" SRC_URI[md5sum] = "cb40943d2a2cb8ce08d42bc48b0f84f0" SRC_URI[sha256sum] = "59c9b274bc451cf91a9ba1dd2c7fdcaf5d60b1b3aa83f2c9fa143417cc660722" diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc index 8eb9494381..829e728b6d 100644 --- a/poky/meta/recipes-support/boost/boost.inc +++ b/poky/meta/recipes-support/boost/boost.inc @@ -1,4 +1,8 @@ SUMMARY = "Free peer-reviewed portable C++ source libraries" +DESCRIPTION = "Provides free peer-reviewed portable C++ source libraries. The emphasis is on libraries which work well with the C++ \ +Standard Library. One goal is to establish 'existing practice' and \ +provide reference implementations so that the Boost libraries are suitable for eventual standardization. Some of the libraries have already been proposed for inclusion in the C++ Standards Committee's \ +upcoming C++ Standard Library Technical Report." SECTION = "libs" DEPENDS = "bjam-native zlib bzip2" diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb index 888a235c1a..7dcc86fdc1 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb @@ -83,8 +83,8 @@ do_install_append_class-native () { SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates } -RDEPENDS_${PN}_class-target = "openssl-bin" -RDEPENDS_${PN}_class-native = "openssl-native" -RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" +RDEPENDS_${PN}_append_class-target = " openssl-bin openssl" +RDEPENDS_${PN}_append_class-native = " openssl-native" +RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb index 89f2d77b66..22e755747b 100644 --- a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb +++ b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb @@ -1,4 +1,6 @@ SUMMARY = "Framework for defining and tracking users, login sessions, and seats" +DESCRIPTION = "It provides a mechanism for software to react to changes \ +of any of these items or of any of the metadata associated with them." HOMEPAGE = "http://www.freedesktop.org/wiki/Software/ConsoleKit" BUGTRACKER = "https://bugs.freedesktop.org/buglist.cgi?query_format=specific&product=ConsoleKit" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22876.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22876.patch new file mode 100644 index 0000000000..fc396aabef --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22876.patch @@ -0,0 +1,59 @@ +transfer: strip credentials from the auto-referer header field + +CVE-2021-22876 + +Patch taken from Ubuntu curl 7.68.0-1ubuntu2.5. + +Bug: https://curl.se/docs/CVE-2021-22876.html +Upstream-Status: backport +--- + lib/transfer.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/lib/transfer.c b/lib/transfer.c +index e76834eb3..744e1c00b 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1570,6 +1570,9 @@ CURLcode Curl_follow(struct Curl_easy *data, + data->set.followlocation++; /* count location-followers */ + + if(data->set.http_auto_referer) { ++ CURLU *u; ++ char *referer; ++ + /* We are asked to automatically set the previous URL as the referer + when we get the next URL. We pick the ->url field, which may or may + not be 100% correct */ +@@ -1579,9 +1582,27 @@ CURLcode Curl_follow(struct Curl_easy *data, + data->change.referer_alloc = FALSE; + } + +- data->change.referer = strdup(data->change.url); +- if(!data->change.referer) ++ /* Make a copy of the URL without crenditals and fragment */ ++ u = curl_url(); ++ if(!u) ++ return CURLE_OUT_OF_MEMORY; ++ ++ uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0); ++ if(!uc) ++ uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0); ++ if(!uc) ++ uc = curl_url_set(u, CURLUPART_USER, NULL, 0); ++ if(!uc) ++ uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0); ++ if(!uc) ++ uc = curl_url_get(u, CURLUPART_URL, &referer, 0); ++ ++ curl_url_cleanup(u); ++ ++ if(uc || referer == NULL) + return CURLE_OUT_OF_MEMORY; ++ ++ data->change.referer = referer; + data->change.referer_alloc = TRUE; /* yes, free this later */ + } + } +-- +2.20.1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22890.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22890.patch new file mode 100644 index 0000000000..8c0ecbfe7f --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22890.patch @@ -0,0 +1,464 @@ +vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid() + +To make sure we set and extract the correct session. + +Patch taken from Ubuntu curl 7.68.0-1ubuntu2.5. + +CVE-2021-22890 + +Reported-by: Mingtao Yang +Bug: https://curl.se/docs/CVE-2021-22890.html +Upstream-Status: backport +--- + lib/vtls/bearssl.c | 9 +++++--- + lib/vtls/gtls.c | 9 +++++--- + lib/vtls/mbedtls.c | 8 ++++--- + lib/vtls/mesalink.c | 9 +++++--- + lib/vtls/openssl.c | 52 ++++++++++++++++++++++++++++++++++---------- + lib/vtls/schannel.c | 10 +++++---- + lib/vtls/sectransp.c | 9 ++++---- + lib/vtls/vtls.c | 9 ++++++-- + lib/vtls/vtls.h | 2 ++ + lib/vtls/wolfssl.c | 8 ++++--- + 10 files changed, 88 insertions(+), 37 deletions(-) + +diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c +index 67f945831..32cb0a4c2 100644 +--- a/lib/vtls/bearssl.c ++++ b/lib/vtls/bearssl.c +@@ -372,7 +372,8 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) + void *session; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &session, NULL, sockindex)) { + br_ssl_engine_set_session_parameters(&BACKEND->ctx.eng, session); + infof(data, "BearSSL: re-using session ID\n"); + } +@@ -560,10 +561,12 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex) + return CURLE_OUT_OF_MEMORY; + br_ssl_engine_get_session_parameters(&BACKEND->ctx.eng, session); + Curl_ssl_sessionid_lock(conn); +- incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex)); ++ incache = !(Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &oldsession, NULL, sockindex)); + if(incache) + Curl_ssl_delsessionid(conn, oldsession); +- ret = Curl_ssl_addsessionid(conn, session, 0, sockindex); ++ ret = Curl_ssl_addsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ session, 0, sockindex); + Curl_ssl_sessionid_unlock(conn); + if(ret) { + free(session); +diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c +index 5f740eeba..46e149c7d 100644 +--- a/lib/vtls/gtls.c ++++ b/lib/vtls/gtls.c +@@ -937,7 +937,8 @@ gtls_connect_step1(struct connectdata *conn, + size_t ssl_idsize; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &ssl_sessionid, &ssl_idsize, sockindex)) { + /* we got a session id, use it! */ + gnutls_session_set_data(session, ssl_sessionid, ssl_idsize); + +@@ -1485,7 +1486,8 @@ gtls_connect_step3(struct connectdata *conn, + gnutls_session_get_data(session, connect_sessionid, &connect_idsize); + + Curl_ssl_sessionid_lock(conn); +- incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, ++ incache = !(Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &ssl_sessionid, NULL, + sockindex)); + if(incache) { + /* there was one before in the cache, so instead of risking that the +@@ -1494,7 +1496,8 @@ gtls_connect_step3(struct connectdata *conn, + } + + /* store this session id */ +- result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize, ++ result = Curl_ssl_addsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ connect_sessionid, connect_idsize, + sockindex); + Curl_ssl_sessionid_unlock(conn); + if(result) { +diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c +index f057315f3..19df8478e 100644 +--- a/lib/vtls/mbedtls.c ++++ b/lib/vtls/mbedtls.c +@@ -453,7 +453,8 @@ mbed_connect_step1(struct connectdata *conn, + void *old_session = NULL; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &old_session, NULL, sockindex)) { + ret = mbedtls_ssl_set_session(&BACKEND->ssl, old_session); + if(ret) { + Curl_ssl_sessionid_unlock(conn); +@@ -709,6 +710,7 @@ mbed_connect_step3(struct connectdata *conn, + int ret; + mbedtls_ssl_session *our_ssl_sessionid; + void *old_ssl_sessionid = NULL; ++ bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; + + our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session)); + if(!our_ssl_sessionid) +@@ -727,10 +729,10 @@ mbed_connect_step3(struct connectdata *conn, + + /* If there's already a matching session in the cache, delete it */ + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex)) ++ if(!Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, NULL, sockindex)) + Curl_ssl_delsessionid(conn, old_ssl_sessionid); + +- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex); ++ retcode = Curl_ssl_addsessionid(conn, isproxy, our_ssl_sessionid, 0, sockindex); + Curl_ssl_sessionid_unlock(conn); + if(retcode) { + mbedtls_ssl_session_free(our_ssl_sessionid); +diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c +index cab1e390b..79d1e3dfa 100644 +--- a/lib/vtls/mesalink.c ++++ b/lib/vtls/mesalink.c +@@ -263,7 +263,8 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex) + void *ssl_sessionid = NULL; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + Curl_ssl_sessionid_unlock(conn); +@@ -347,12 +348,14 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex) + bool incache; + SSL_SESSION *our_ssl_sessionid; + void *old_ssl_sessionid = NULL; ++ bool inproxy = SSL_IS_PROXY() ? TRUE : FALSE; + + our_ssl_sessionid = SSL_get_session(BACKEND->handle); + + Curl_ssl_sessionid_lock(conn); + incache = +- !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex)); ++ !(Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, ++ NULL, sockindex)); + if(incache) { + if(old_ssl_sessionid != our_ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); +@@ -363,7 +366,7 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex) + + if(!incache) { + result = Curl_ssl_addsessionid( +- conn, our_ssl_sessionid, 0 /* unknown size */, sockindex); ++ conn, isproxy, our_ssl_sessionid, 0 /* unknown size */, sockindex); + if(result) { + Curl_ssl_sessionid_unlock(conn); + failf(data, "failed to store ssl session"); +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 1d09cadca..64f43605a 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -422,12 +422,23 @@ static int ossl_get_ssl_conn_index(void) + */ + static int ossl_get_ssl_sockindex_index(void) + { +- static int ssl_ex_data_sockindex_index = -1; +- if(ssl_ex_data_sockindex_index < 0) { +- ssl_ex_data_sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, +- NULL); ++ static int sockindex_index = -1; ++ if(sockindex_index < 0) { ++ sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + } +- return ssl_ex_data_sockindex_index; ++ return sockindex_index; ++} ++ ++/* Return an extra data index for proxy boolean. ++ * This index can be used with SSL_get_ex_data() and SSL_set_ex_data(). ++ */ ++static int ossl_get_proxy_index(void) ++{ ++ static int proxy_index = -1; ++ if(proxy_index < 0) { ++ proxy_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); ++ } ++ return proxy_index; + } + + static int passwd_callback(char *buf, int num, int encrypting, +@@ -1079,7 +1090,8 @@ static int Curl_ossl_init(void) + #endif + + /* Initialize the extra data indexes */ +- if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0) ++ if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0 || ++ ossl_get_proxy_index() < 0) + return 0; + + return 1; +@@ -2341,8 +2353,10 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) + curl_socket_t *sockindex_ptr; + int connectdata_idx = ossl_get_ssl_conn_index(); + int sockindex_idx = ossl_get_ssl_sockindex_index(); ++ int proxy_idx = ossl_get_proxy_index(); ++ bool isproxy; + +- if(connectdata_idx < 0 || sockindex_idx < 0) ++ if(connectdata_idx < 0 || sockindex_idx < 0 || proxy_idx < 0) + return 0; + + conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx); +@@ -2355,13 +2369,18 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) + sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx); + sockindex = (int)(sockindex_ptr - conn->sock); + ++ isproxy = SSL_get_ex_data(ssl, proxy_idx) ? TRUE : FALSE; ++ + if(SSL_SET_OPTION(primary.sessionid)) { + bool incache; + void *old_ssl_sessionid = NULL; + + Curl_ssl_sessionid_lock(conn); +- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, +- sockindex)); ++ if(isproxy) ++ incache = FALSE; ++ else ++ incache = !(Curl_ssl_getsessionid(conn, isproxy, ++ &old_ssl_sessionid, NULL, sockindex)); + if(incache) { + if(old_ssl_sessionid != ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); +@@ -2371,7 +2390,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) + } + + if(!incache) { +- if(!Curl_ssl_addsessionid(conn, ssl_sessionid, ++ if(!Curl_ssl_addsessionid(conn, isproxy, ssl_sessionid, + 0 /* unknown size */, sockindex)) { + /* the session has been put into the session cache */ + res = 1; +@@ -2868,16 +2887,25 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) + void *ssl_sessionid = NULL; + int connectdata_idx = ossl_get_ssl_conn_index(); + int sockindex_idx = ossl_get_ssl_sockindex_index(); ++ int proxy_idx = ossl_get_proxy_index(); + +- if(connectdata_idx >= 0 && sockindex_idx >= 0) { ++ if(connectdata_idx >= 0 && sockindex_idx >= 0 && proxy_idx >= 0) { + /* Store the data needed for the "new session" callback. + * The sockindex is stored as a pointer to an array element. */ + SSL_set_ex_data(BACKEND->handle, connectdata_idx, conn); + SSL_set_ex_data(BACKEND->handle, sockindex_idx, conn->sock + sockindex); ++#ifndef CURL_DISABLE_PROXY ++ SSL_set_ex_data(BACKEND->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: ++ NULL); ++#else ++ SSL_set_ex_data(BACKEND->handle, proxy_idx, NULL); ++#endif ++ + } + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + Curl_ssl_sessionid_unlock(conn); +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c +index f665ee340..a354ce95d 100644 +--- a/lib/vtls/schannel.c ++++ b/lib/vtls/schannel.c +@@ -487,7 +487,8 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) + /* check for an existing re-usable credential handle */ + if(SSL_SET_OPTION(primary.sessionid)) { + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ (void **)&old_cred, NULL, sockindex)) { + BACKEND->cred = old_cred; + DEBUGF(infof(data, "schannel: re-using existing credential handle\n")); + +@@ -1193,8 +1194,9 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + SECURITY_STATUS sspi_status = SEC_E_OK; + CERT_CONTEXT *ccert_context = NULL; ++ bool isproxy = SSL_IS_PROXY(); + #ifdef DEBUGBUILD +- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : ++ const char * const hostname = isproxy ? conn->http_proxy.host.name : + conn->host.name; + #endif + #ifdef HAS_ALPN +@@ -1268,7 +1270,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) + struct curl_schannel_cred *old_cred = NULL; + + Curl_ssl_sessionid_lock(conn); +- incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, ++ incache = !(Curl_ssl_getsessionid(conn, isproxy, (void **)&old_cred, NULL, + sockindex)); + if(incache) { + if(old_cred != BACKEND->cred) { +@@ -1280,7 +1282,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) + } + } + if(!incache) { +- result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred, ++ result = Curl_ssl_addsessionid(conn, isproxy, (void *)BACKEND->cred, + sizeof(struct curl_schannel_cred), + sockindex); + if(result) { +diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c +index 7dd028fb7..9c67d465a 100644 +--- a/lib/vtls/sectransp.c ++++ b/lib/vtls/sectransp.c +@@ -1376,7 +1376,8 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn, + const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); + const bool verifypeer = SSL_CONN_CONFIG(verifypeer); + char * const ssl_cert = SSL_SET_OPTION(cert); +- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : ++ bool isproxy = SSL_IS_PROXY(); ++ const char * const hostname = isproxy ? conn->http_proxy.host.name : + conn->host.name; + const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port; + #ifdef ENABLE_IPV6 +@@ -1584,7 +1585,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn, + + #ifdef USE_NGHTTP2 + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && +- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { ++ (!isproxy || !conn->bits.tunnel_proxy)) { + CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID)); + infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); + } +@@ -1916,7 +1917,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn, + size_t ssl_sessionid_len; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid, ++ if(!Curl_ssl_getsessionid(conn, isproxy, (void **)&ssl_sessionid, + &ssl_sessionid_len, sockindex)) { + /* we got a session id, use it! */ + err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len); +@@ -1944,7 +1945,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn, + return CURLE_SSL_CONNECT_ERROR; + } + +- result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len, ++ result = Curl_ssl_addsessionid(conn, isproxy, ssl_sessionid, ssl_sessionid_len, + sockindex); + Curl_ssl_sessionid_unlock(conn); + if(result) { +diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c +index dfefa1bd5..aaf73ef8f 100644 +--- a/lib/vtls/vtls.c ++++ b/lib/vtls/vtls.c +@@ -305,6 +305,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn) + * there's one suitable, it is provided. Returns TRUE when no entry matched. + */ + bool Curl_ssl_getsessionid(struct connectdata *conn, ++ const bool isProxy, + void **ssl_sessionid, + size_t *idsize, /* set 0 if unknown */ + int sockindex) +@@ -315,7 +316,6 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, + long *general_age; + bool no_match = TRUE; + +- const bool isProxy = CONNECT_PROXY_SSL(); + struct ssl_primary_config * const ssl_config = isProxy ? + &conn->proxy_ssl_config : + &conn->ssl_config; +@@ -324,6 +324,11 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, + int port = isProxy ? (int)conn->port : conn->remote_port; + *ssl_sessionid = NULL; + ++#ifdef CURL_DISABLE_PROXY ++ if(isProxy) ++ return TRUE; ++#endif ++ + DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); + + if(!SSL_SET_OPTION(primary.sessionid)) +@@ -411,6 +416,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid) + * later on. + */ + CURLcode Curl_ssl_addsessionid(struct connectdata *conn, ++ bool isProxy, + void *ssl_sessionid, + size_t idsize, + int sockindex) +@@ -423,7 +429,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, + char *clone_conn_to_host; + int conn_to_port; + long *general_age; +- const bool isProxy = CONNECT_PROXY_SSL(); + struct ssl_primary_config * const ssl_config = isProxy ? + &conn->proxy_ssl_config : + &conn->ssl_config; +diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h +index a81b2f22d..a5e348752 100644 +--- a/lib/vtls/vtls.h ++++ b/lib/vtls/vtls.h +@@ -202,6 +202,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn); + * under sessionid mutex). + */ + bool Curl_ssl_getsessionid(struct connectdata *conn, ++ const bool isproxy, + void **ssl_sessionid, + size_t *idsize, /* set 0 if unknown */ + int sockindex); +@@ -211,6 +212,7 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, + * object with cache (e.g. incrementing refcount on success) + */ + CURLcode Curl_ssl_addsessionid(struct connectdata *conn, ++ const bool isProxy, + void *ssl_sessionid, + size_t idsize, + int sockindex); +diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c +index 8c2d3f4a2..dd9f907ff 100644 +--- a/lib/vtls/wolfssl.c ++++ b/lib/vtls/wolfssl.c +@@ -392,7 +392,8 @@ wolfssl_connect_step1(struct connectdata *conn, + void *ssl_sessionid = NULL; + + Curl_ssl_sessionid_lock(conn); +- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { ++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE, ++ &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; +@@ -618,9 +619,10 @@ wolfssl_connect_step3(struct connectdata *conn, + void *old_ssl_sessionid = NULL; + + our_ssl_sessionid = SSL_get_session(BACKEND->handle); ++ bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; + + Curl_ssl_sessionid_lock(conn); +- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, ++ incache = !(Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, NULL, + sockindex)); + if(incache) { + if(old_ssl_sessionid != our_ssl_sessionid) { +@@ -631,7 +633,7 @@ wolfssl_connect_step3(struct connectdata *conn, + } + + if(!incache) { +- result = Curl_ssl_addsessionid(conn, our_ssl_sessionid, ++ result = Curl_ssl_addsessionid(conn, isproxy, our_ssl_sessionid, + 0 /* unknown size */, sockindex); + if(result) { + Curl_ssl_sessionid_unlock(conn); +-- +2.20.1 + diff --git a/poky/meta/recipes-support/curl/curl_7.69.1.bb b/poky/meta/recipes-support/curl/curl_7.69.1.bb index c3d629108a..13ab29cf69 100644 --- a/poky/meta/recipes-support/curl/curl_7.69.1.bb +++ b/poky/meta/recipes-support/curl/curl_7.69.1.bb @@ -1,4 +1,8 @@ SUMMARY = "Command line tool and library for client-side URL transfers" +DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \ +curl is a widely used because of its ability to be flexible and complete \ +complex tasks. For example, you can use curl for things like user authentication, \ +HTTP post, SSL connections, proxy support, FTP uploads, and more!" HOMEPAGE = "http://curl.haxx.se/" BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" SECTION = "console/network" @@ -13,6 +17,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2020-8284.patch \ file://CVE-2020-8285.patch \ file://CVE-2020-8286.patch \ + file://CVE-2021-22876.patch \ + file://CVE-2021-22890.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" diff --git a/poky/meta/recipes-support/db/db_5.3.28.bb b/poky/meta/recipes-support/db/db_5.3.28.bb index 318efcb61d..b2ae98f05c 100644 --- a/poky/meta/recipes-support/db/db_5.3.28.bb +++ b/poky/meta/recipes-support/db/db_5.3.28.bb @@ -10,11 +10,12 @@ # same system at the same time if really necessary. SECTION = "libs" SUMMARY = "Berkeley Database v5" +DESCRIPTION = "Provides the foundational storage services for your application, no matter how demanding and unique your requirements may seem to be" HOMEPAGE = "https://www.oracle.com/database/technologies/related/berkeleydb.html" LICENSE = "Sleepycat" RCONFLICTS_${PN} = "db3" -CVE_PRODUCT = "oracle_berkeley_db" +CVE_PRODUCT = "oracle_berkeley_db berkeley_db" CVE_VERSION = "11.2.${PV}" PR = "r1" diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb index 904c52780f..8603fecbd0 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb @@ -1,4 +1,9 @@ SUMMARY = "Miscellaneous utilities specific to Debian" +DESCRIPTION = "Provides a number of small utilities which are used \ +primarily by the installation scripts of Debian packages, although \ +you may use them directly. " +HOMEPAGE = "https://packages.debian.org/sid/debianutils" +BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debianutils;dist=unstable" SECTION = "base" LICENSE = "GPLv2 & SMAIL_GPL" LIC_FILES_CHKSUM = "file://debian/copyright;md5=f01a5203d50512fc4830b4332b696a9f" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_136.bb b/poky/meta/recipes-support/diffoscope/diffoscope_172.bb index 3e3e1dfc00..b26713c47f 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_136.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_172.bb @@ -7,12 +7,19 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[md5sum] = "c84d8d308a40176ba2f5dc4abdbf6f73" -SRC_URI[sha256sum] = "0d6486d6eb6e0445ba21fee2e8bdd3a366ce786bfac98e00e5a95038b7815f15" +SRC_URI[sha256sum] = "5ffe7f38555c6409bc7e7edc277ed77dd78641fe1306fc38d153dbbe445ddea4" RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic" # Dependencies don't build for musl COMPATIBLE_HOST_libc-musl = 'null' +do_install_append_class-native() { + create_wrapper ${D}${bindir}/diffoscope \ + MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ + RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + LD_LIBRARY_PATH=${STAGING_LIBDIR_NATIVE} \ + RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} +} + BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/enchant/enchant2_2.2.8.bb b/poky/meta/recipes-support/enchant/enchant2_2.2.8.bb index 4ddbe55da5..7c624efea3 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.2.8.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.2.8.bb @@ -1,6 +1,9 @@ SUMMARY = "Enchant Spell checker API Library" +DESCRIPTION = "A library (and command-line program) that wraps a number of \ +different spelling libraries and programs with a consistent interface." SECTION = "libs" HOMEPAGE = "https://abiword.github.io/enchant/" +BUGTRACKER = "https://github.com/AbiWord/enchant/issues/" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=a916467b91076e631dd8edb7424769c7" diff --git a/poky/meta/recipes-support/fribidi/fribidi_1.0.9.bb b/poky/meta/recipes-support/fribidi/fribidi_1.0.9.bb index 0654b07dc7..ac9ef88e27 100644 --- a/poky/meta/recipes-support/fribidi/fribidi_1.0.9.bb +++ b/poky/meta/recipes-support/fribidi/fribidi_1.0.9.bb @@ -1,5 +1,11 @@ SUMMARY = "Free Implementation of the Unicode Bidirectional Algorithm" +DESCRIPTION = "It provides utility functions to aid in the development \ +of interactive editors and widgets that implement BiDi functionality. \ +The BiDi algorithm is a prerequisite for supporting right-to-left scripts such \ +as Hebrew, Arabic, Syriac, and Thaana. " SECTION = "libs" +HOMEPAGE = "http://fribidi.org/" +BUGTRACKER = "https://github.com/fribidi/fribidi/issues" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" diff --git a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb b/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb index fbb1fe72d7..bfc9ee8f85 100644 --- a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb +++ b/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb @@ -1,4 +1,7 @@ SUMMARY = "Key/value database library with extensible hashing" +DESCRIPTION = "Library of database functions that use extensible hashing \ +and work similar to the standard UNIX dbm. These routines are provided \ +to a programmer needing to create and manipulate a hashed database." HOMEPAGE = "http://www.gnu.org/software/gdbm/" SECTION = "libs" LICENSE = "GPLv3" diff --git a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb index 0defebeb15..e5c69c0c46 100644 --- a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb +++ b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb @@ -1,4 +1,8 @@ SUMMARY = "Test runner for GNOME-style installed tests" +DESCRIPTION = "Runner provides an execution harness for GNOME installed tests. \ +These tests are useful for verifying the functionality of software as \ +installed and packaged, and complement rather than replace build-time \ +('make check') tests." HOMEPAGE = "https://wiki.gnome.org/GnomeGoals/InstalledTests" LICENSE = "LGPLv2+" diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb index f754573c88..6629fc8556 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb @@ -1,4 +1,9 @@ SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" +DESCRIPTION = "A complete and free implementation of the OpenPGP standard \ +as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt \ +and sign your data and communications; it features a versatile key \ +management system, along with access modules for all kinds of public \ +key directories." HOMEPAGE = "http://www.gnupg.org/" LICENSE = "GPLv3 & LGPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \ diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb index 51578b4b3b..903bb5503a 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb @@ -1,5 +1,7 @@ SUMMARY = "GNU Transport Layer Security Library" -HOMEPAGE = "http://www.gnu.org/software/gnutls/" +DESCRIPTION = "a secure communications library implementing the SSL, \ +TLS and DTLS protocols and technologies around them." +HOMEPAGE = "https://gnutls.org/" BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" LICENSE = "GPLv3+ & LGPLv2.1+" diff --git a/poky/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/poky/meta/recipes-support/gnutls/libtasn1_4.16.0.bb index 8337b70241..8d3a14506a 100644 --- a/poky/meta/recipes-support/gnutls/libtasn1_4.16.0.bb +++ b/poky/meta/recipes-support/gnutls/libtasn1_4.16.0.bb @@ -1,4 +1,6 @@ SUMMARY = "Library for ASN.1 and DER manipulation" +DESCRIPTION = "A highly portable C library that encodes and decodes \ +DER/BER data following an ASN.1 schema. " HOMEPAGE = "http://www.gnu.org/software/libtasn1/" LICENSE = "GPLv3+ & LGPLv2.1+" diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.4.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.4.bb index 4767dea84c..e8210eca9b 100644 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.4.bb +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.4.bb @@ -1,11 +1,14 @@ SUMMARY = "ISO language, territory, currency, script codes and their translations" +DESCRIPTION = "Provides lists of various ISO standards (e.g. country, \ +language, language scripts, and currency names) in one place, rather \ +than repeated in many programs throughout the system." HOMEPAGE = "https://salsa.debian.org/iso-codes-team/iso-codes" BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;" +SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" SRCREV = "38edb926592954b87eb527124da0ec68d2a748f3" # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb index 5f358f463d..54105af5f0 100644 --- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb +++ b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb @@ -1,4 +1,8 @@ SUMMARY = "ITS Tool allows you to translate your XML documents with PO files" +DESCRIPTION = "It extracts messages from XML files and outputs PO template \ +files, then merges translations from MO files to create translated \ +XML files. It determines what to translate and how to chunk it into \ +messages using the W3C Internationalization Tag Set (ITS). " HOMEPAGE = "http://itstool.org/" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=59c57b95fd7d0e9e238ebbc7ad47c5a5" diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.3.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.3.bb index 52b4c0f1b9..9ef5074120 100644 --- a/poky/meta/recipes-support/libassuan/libassuan_2.5.3.bb +++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.3.bb @@ -1,4 +1,7 @@ SUMMARY = "IPC library used by GnuPG and GPGME" +DESCRIPTION = "A small library implementing the so-called Assuan protocol. \ +This protocol is used for IPC between most newer GnuPG components. \ +Both, server and client side functions are provided. " HOMEPAGE = "http://www.gnupg.org/related_software/libassuan/" BUGTRACKER = "https://bugs.g10code.com/gnupg/index" diff --git a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb index 7628eedb1b..3089d1f7ff 100644 --- a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb +++ b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb @@ -1,4 +1,5 @@ SUMMARY = "A library for atomic integer operations" +DESCRIPTION = "Package provides semi-portable access to hardware-provided atomic memory update operations on a number of architectures." HOMEPAGE = "https://github.com/ivmai/libatomic_ops/" SECTION = "optional" PROVIDES += "libatomics-ops" diff --git a/poky/meta/recipes-support/libcap/libcap_2.32.bb b/poky/meta/recipes-support/libcap/libcap_2.32.bb index d78a58f7d2..325fa87a1b 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.32.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.32.bb @@ -1,6 +1,8 @@ SUMMARY = "Library for getting/setting POSIX.1e capabilities" +DESCRIPTION = "A library providing the API to access POSIX capabilities. \ +These allow giving various kinds of specific privileges to individual \ +users, without giving them full root permissions." HOMEPAGE = "http://sites.google.com/site/fullycapable/" - # no specific GPL version required LICENSE = "BSD | GPLv2" LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1" diff --git a/poky/meta/recipes-support/libcheck/libcheck_0.14.0.bb b/poky/meta/recipes-support/libcheck/libcheck_0.14.0.bb index a88f009cdb..57963d83d4 100644 --- a/poky/meta/recipes-support/libcheck/libcheck_0.14.0.bb +++ b/poky/meta/recipes-support/libcheck/libcheck_0.14.0.bb @@ -1,4 +1,9 @@ SUMMARY = "Check - unit testing framework for C code" +DESCRIPTION = "It features a simple interface for defining unit tests, \ +putting little in the way of the developer. Tests are run in a separate \ +address space, so both assertion failures and code errors that cause \ +segmentation faults or other signals can be caught. Test results are \ +reportable in the following: Subunit, TAP, XML, and a generic logging format." HOMEPAGE = "https://libcheck.github.io/check/" SECTION = "devel" diff --git a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb index a443ff23fe..66ee647ffa 100644 --- a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb +++ b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb @@ -1,4 +1,7 @@ SUMMARY = "Cascading Style Sheet (CSS) parsing and manipulation toolkit" +DESCRIPTION = "The Libcroco project is an effort to build a generic \ +Cascading Style Sheet (CSS) parsing and manipulation toolkit that can be \ +used by GNOME applications in need of CSS support." HOMEPAGE = "http://www.gnome.org/" BUGTRACKER = "https://bugzilla.gnome.org/" diff --git a/poky/meta/recipes-support/libdaemon/libdaemon_0.14.bb b/poky/meta/recipes-support/libdaemon/libdaemon_0.14.bb index 070ee1890e..85a30bcac3 100644 --- a/poky/meta/recipes-support/libdaemon/libdaemon_0.14.bb +++ b/poky/meta/recipes-support/libdaemon/libdaemon_0.14.bb @@ -1,4 +1,8 @@ SUMMARY = "Lightweight C library which eases the writing of UNIX daemons" +DESCRIPTION = "Lightweight daemon framework for OpenBSD. It provides \ +facilities for logging and a signal handler to enable graceful shutdown, \ +as well as file locking to ensure that only a single copy of a given daemon \ +is running at a time." SECTION = "libs" AUTHOR = "Lennart Poettering <lennart@poettering.net>" HOMEPAGE = "http://0pointer.de/lennart/projects/libdaemon/" diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb index 3523dc0968..fd7dd15c26 100644 --- a/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb +++ b/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb @@ -1,4 +1,7 @@ SUMMARY = "Wrapper library for evdev devices" +DESCRIPTION = "A library for handling evdev kernel devices. It abstracts \ +the evdev ioctls through type-safe interfaces and provides functions \ +to change the appearance of the device." HOMEPAGE = "http://www.freedesktop.org/wiki/Software/libevdev/" SECTION = "libs" diff --git a/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch b/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch new file mode 100644 index 0000000000..0b20eda3c0 --- /dev/null +++ b/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch @@ -0,0 +1,33 @@ +From dff8fd27edb23bc1486809186c6a4fe1f75f2179 Mon Sep 17 00:00:00 2001 +From: Yi Fan Yu <yifan.yu@windriver.com> +Date: Thu, 22 Apr 2021 22:35:59 -0400 +Subject: [PATCH] test/regress.h: Increase default timeval tolerance 50 ms -> + 100 ms + +The default timeout tolerance is 50 ms, +which causes intermittent failure in many the +related tests in arm64 QEMU. + +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14163 +(The root cause seems to be a heavy load) + +Upstream-Status: Submitted [https://github.com/libevent/libevent/pull/1157] + +Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> +--- + test/regress.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/regress.h b/test/regress.h +index f06a7669..829af4a7 100644 +--- a/test/regress.h ++++ b/test/regress.h +@@ -127,7 +127,7 @@ int test_ai_eq_(const struct evutil_addrinfo *ai, const char *sockaddr_port, + tt_int_op(labs(timeval_msec_diff((tv1), (tv2)) - diff), <=, tolerance) + + #define test_timeval_diff_eq(tv1, tv2, diff) \ +- test_timeval_diff_leq((tv1), (tv2), (diff), 50) ++ test_timeval_diff_leq((tv1), (tv2), (diff), 100) + + long timeval_msec_diff(const struct timeval *start, const struct timeval *end); + diff --git a/poky/meta/recipes-support/libevent/libevent_2.1.11.bb b/poky/meta/recipes-support/libevent/libevent_2.1.11.bb index fb186eb89f..75f9979c5b 100644 --- a/poky/meta/recipes-support/libevent/libevent_2.1.11.bb +++ b/poky/meta/recipes-support/libevent/libevent_2.1.11.bb @@ -1,4 +1,9 @@ SUMMARY = "An asynchronous event notification library" +DESCRIPTION = "A software library that provides asynchronous event \ +notification. The libevent API provides a mechanism to execute a callback \ +function when a specific event occurs on a file descriptor or after a \ +timeout has been reached. libevent also supports callbacks triggered \ +by signals and regular timeouts" HOMEPAGE = "http://libevent.org/" BUGTRACKER = "https://github.com/libevent/libevent/issues" SECTION = "libs" @@ -10,6 +15,7 @@ SRC_URI = "https://github.com/libevent/libevent/releases/download/release-${PV}- file://Makefile-missing-test-dir.patch \ file://run-ptest \ file://0001-test-regress_dns.c-patch-out-tests-that-require-a-wo.patch \ + file://0002-test-regress.h-Increase-default-timeval-tolerance-50.patch \ " SRC_URI[md5sum] = "7f35cfe69b82d879111ec0d7b7b1c531" diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb index 3b08dc52be..86d4464253 100644 --- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb +++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb @@ -1,4 +1,7 @@ SUMMARY = "Library for reading extended image information (EXIF) from JPEG files" +DESCRIPTION = "libexif is a library for parsing, editing, and saving EXIF data. It is \ +intended to replace lots of redundant implementations in command-line \ +utilities and programs with GUIs." HOMEPAGE = "https://libexif.github.io/" SECTION = "libs" LICENSE = "LGPLv2.1" diff --git a/poky/meta/recipes-support/libfm/libfm-extra_1.3.1.bb b/poky/meta/recipes-support/libfm/libfm-extra_1.3.1.bb index 85102a1a3d..8971486715 100644 --- a/poky/meta/recipes-support/libfm/libfm-extra_1.3.1.bb +++ b/poky/meta/recipes-support/libfm/libfm-extra_1.3.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Library for file management" +DESCRIPTION = "Contains a library and other files required by menu-cache-gen libexec of menu-cache-1.1.0. " HOMEPAGE = "http://pcmanfm.sourceforge.net/" LICENSE = "LGPLv2+" diff --git a/poky/meta/recipes-support/libfm/libfm_1.3.1.bb b/poky/meta/recipes-support/libfm/libfm_1.3.1.bb index 63ae7874b9..b6f9df0c55 100644 --- a/poky/meta/recipes-support/libfm/libfm_1.3.1.bb +++ b/poky/meta/recipes-support/libfm/libfm_1.3.1.bb @@ -1,4 +1,6 @@ SUMMARY = "Library for file management" +DESCRIPTION = "LibFM provides file management functions built on top of Glib/GIO \ +giving a convenient higher-level API." HOMEPAGE = "http://pcmanfm.sourceforge.net/" LICENSE = "GPLv2+ & LGPLv2+" diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 9fd3b7c8c9..16a58ad9b8 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -1,4 +1,7 @@ SUMMARY = "General purpose cryptographic library based on the code from GnuPG" +DESCRIPTION = "A cryptography library developed as a separated module of GnuPG. \ +It can also be used independently of GnuPG, but depends on its error-reporting \ +library Libgpg-error." HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/" BUGTRACKER = "https://bugs.g10code.com/gnupg/index" SECTION = "libs" diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.37.bb b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.37.bb index b9a2b01c20..7b7404b516 100644 --- a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.37.bb +++ b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.37.bb @@ -1,4 +1,5 @@ SUMMARY = "Small library that defines common error values for all GnuPG components" +DESCRIPTION = "Contains common error codes and error handling functions used by GnuPG, Libgcrypt, GPGME and more packages. " HOMEPAGE = "http://www.gnupg.org/related_software/libgpg-error/" BUGTRACKER = "https://bugs.g10code.com/gnupg/index" diff --git a/poky/meta/recipes-support/libical/libical_3.0.7.bb b/poky/meta/recipes-support/libical/libical_3.0.7.bb index a50473e9ec..170f12b7a9 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.7.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.7.bb @@ -1,4 +1,8 @@ SUMMARY = "iCal and scheduling (RFC 2445, 2446, 2447) library" +DESCRIPTION = "An Open Source implementation of the iCalendar protocols \ +and protocol data units. The iCalendar specification describes how \ +calendar clients can communicate with calendar servers so users can store \ +their calendar data and arrange meetings with other users. " HOMEPAGE = "https://github.com/libical/libical" BUGTRACKER = "https://github.com/libical/libical/issues" LICENSE = "LGPLv2.1 | MPL-2.0" diff --git a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb index 336d7f8177..7f9ab4f5fc 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb @@ -1,4 +1,9 @@ SUMMARY = "Easy API to create and parse X.509 and CMS related objects" +DESCRIPTION = "A library to make the tasks of working with X.509 certificates, \ +CMS data and related objects more easy. It provides a highlevel interface to \ +the implemented protocols and presents the data in a consistent way. The \ +library does not rely on another cryptographic library but provides \ +hooks for easy integration with Libgcrypt. " HOMEPAGE = "http://www.gnupg.org/related_software/libksba/" LICENSE = "GPLv3+ & (GPLv2+ | LGPLv3+)" LICENSE_${PN} = "GPLv2+ | LGPLv3+" diff --git a/poky/meta/recipes-support/libnl/libnl_3.5.0.bb b/poky/meta/recipes-support/libnl/libnl_3.5.0.bb index 9d0e1441a9..f4b5d40bb2 100644 --- a/poky/meta/recipes-support/libnl/libnl_3.5.0.bb +++ b/poky/meta/recipes-support/libnl/libnl_3.5.0.bb @@ -1,4 +1,9 @@ SUMMARY = "A library for applications dealing with netlink sockets" +DESCRIPTION = "The libnl suite is a collection of libraries providing \ +APIs to netlink protocol based Linux kernel interfaces. libnl is the core \ +library implementing the fundamentals required to use the netlink protocol \ +such as socket handling, message construction and parsing, and sending \ +and receiving of data." HOMEPAGE = "http://www.infradead.org/~tgr/libnl/" SECTION = "libs/network" diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb index 6f704d7a91..6c7d5a68a1 100644 --- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb +++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb @@ -1,4 +1,8 @@ SUMMARY = "Library providing automatic proxy configuration management" +DESCRIPTION = "libproxy provides interfaces to get the proxy that will be \ +used to access network resources. It uses various plugins to get proxy \ +configuration via different mechanisms (e.g. environment variables or \ +desktop settings)." HOMEPAGE = "https://github.com/libproxy/libproxy" BUGTRACKER = "https://github.com/libproxy/libproxy/issues" SECTION = "libs" diff --git a/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb b/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb index 9831b4b94f..b2dda191ce 100644 --- a/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb +++ b/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb @@ -1,4 +1,10 @@ SUMMARY = "Public Suffix List library" +DESCRIPTION = "The libpsl package provides a library for accessing and \ +resolving information from the Public Suffix List (PSL). The PSL is a set of \ +domain names beyond the standard suffixes, such as .com." + +HOMEPAGE = "https://rockdaboot.github.io/libpsl/" +BUGTRACKER = "https://github.com/rockdaboot/libpsl/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=5437030d9e4fbe7267ced058ddb8a7f5 \ diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb index f984a06aba..65b32557e7 100644 --- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb +++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb @@ -1,4 +1,6 @@ SUMMARY = "An HTTP library implementation in C" +DESCRIPTION = "libsoup is an HTTP client/server library for GNOME. It uses GObjects \ +and the glib main loop, to integrate well with GNOME applications." HOMEPAGE = "https://wiki.gnome.org/Projects/libsoup" BUGTRACKER = "https://bugzilla.gnome.org/" SECTION = "x11/gnome/libs" diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.11.1.bb b/poky/meta/recipes-support/liburcu/liburcu_0.11.1.bb index 6a517e6f29..1902415c90 100644 --- a/poky/meta/recipes-support/liburcu/liburcu_0.11.1.bb +++ b/poky/meta/recipes-support/liburcu/liburcu_0.11.1.bb @@ -1,4 +1,7 @@ SUMMARY = "Userspace RCU (read-copy-update) library" +DESCRIPTION = "A userspace RCU (read-copy-update) library. This data \ +synchronization library provides read-side access which scales linearly \ +with the number of cores. " HOMEPAGE = "http://lttng.org/urcu" BUGTRACKER = "http://lttng.org/project/issues" diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.22.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.22.bb index 1d9d772575..a4fe4de2cb 100644 --- a/poky/meta/recipes-support/libusb/libusb1_1.0.22.bb +++ b/poky/meta/recipes-support/libusb/libusb1_1.0.22.bb @@ -1,4 +1,6 @@ SUMMARY = "Userspace library to access USB (version 1.0)" +DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ +macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." HOMEPAGE = "http://libusb.sf.net" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.34.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.34.bb index 1961bb5b31..63cce6fe06 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.34.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.34.bb @@ -1,4 +1,9 @@ SUMMARY = "GNOME XSLT library" +DESCRIPTION = "libxslt is the XSLT C parser and toolkit developed for the Gnome project. \ +XSLT itself is a an XML language to define transformation for XML. Libxslt is based on \ +libxml2 the XML C library developed for the GNOME project. It also implements most of \ +the EXSLT set of processor-portable extensions functions and some of Saxon's evaluate \ +and expressions extensions." HOMEPAGE = "http://xmlsoft.org/XSLT/" BUGTRACKER = "https://bugzilla.gnome.org/" diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb index 455d2a5141..20719fcc58 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -1,5 +1,6 @@ SUMMARY = "Extremely Fast Compression algorithm" DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems." +HOMEPAGE = "https://github.com/lz4/lz4" LICENSE = "BSD | BSD-2-Clause | GPL-2.0" LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ diff --git a/poky/meta/recipes-support/lzo/lzo_2.10.bb b/poky/meta/recipes-support/lzo/lzo_2.10.bb index 8eefec3cc9..85b14b3c5c 100644 --- a/poky/meta/recipes-support/lzo/lzo_2.10.bb +++ b/poky/meta/recipes-support/lzo/lzo_2.10.bb @@ -1,4 +1,6 @@ SUMMARY = "Lossless data compression library" +DESCRIPTION = "A portable lossless data compression library written in \ +ANSI C that offers pretty fast compression and *extremely* fast decompression. " HOMEPAGE = "http://www.oberhumer.com/opensource/lzo/" SECTION = "libs" LICENSE = "GPLv2+" diff --git a/poky/meta/recipes-support/lzop/lzop_1.04.bb b/poky/meta/recipes-support/lzop/lzop_1.04.bb index b50c230437..59c2003b74 100644 --- a/poky/meta/recipes-support/lzop/lzop_1.04.bb +++ b/poky/meta/recipes-support/lzop/lzop_1.04.bb @@ -5,6 +5,7 @@ gzip are much higher compression and decompression speed at the cost of some \n\ compression ratio. The lzop compression utility was designed with the goals \n\ of reliability, speed, portability and with reasonable drop-in compatibility \n\ to gzip." +HOMEPAGE = "http://www.lzop.org/" DEPENDS += "lzo" LICENSE = "GPLv2+" diff --git a/poky/meta/recipes-support/mpfr/mpfr_4.0.2.bb b/poky/meta/recipes-support/mpfr/mpfr_4.0.2.bb index 00c2dc2fe9..0ac73f031f 100644 --- a/poky/meta/recipes-support/mpfr/mpfr_4.0.2.bb +++ b/poky/meta/recipes-support/mpfr/mpfr_4.0.2.bb @@ -1,4 +1,5 @@ SUMMARY = "C library for multiple-precision floating-point computations with exact rounding" +DESCRIPTION = "The GNU Multiple Precision Floating-Point Reliable Library (GNU MPFR) is a GNU portable C library for arbitrary-precision binary floating-point computation with correct rounding, based on GNU Multi-Precision Library. MPFR's computation is both efficient and has a well-defined semantics: the functions are completely specified on all the possible operands and the results do not depend on the platform." HOMEPAGE = "https://www.mpfr.org/" LICENSE = "LGPLv3+" SECTION = "devel" diff --git a/poky/meta/recipes-support/nettle/nettle_3.5.1.bb b/poky/meta/recipes-support/nettle/nettle_3.5.1.bb index a9550ed033..b2ec24b36c 100644 --- a/poky/meta/recipes-support/nettle/nettle_3.5.1.bb +++ b/poky/meta/recipes-support/nettle/nettle_3.5.1.bb @@ -1,4 +1,5 @@ SUMMARY = "A low level cryptographic library" +DESCRIPTION = "Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space." HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" DESCRIPTION = "It tries to solve a problem of providing a common set of \ cryptographic algorithms for higher-level applications by implementing a \ diff --git a/poky/meta/recipes-support/npth/npth_1.6.bb b/poky/meta/recipes-support/npth/npth_1.6.bb index 88484acec3..94a3f00eac 100644 --- a/poky/meta/recipes-support/npth/npth_1.6.bb +++ b/poky/meta/recipes-support/npth/npth_1.6.bb @@ -1,4 +1,5 @@ SUMMARY = "New GNU Portable Threads library" +DESCRIPTION = "nPth is a library to provide the GNU Pth API and thus a non-preemptive threads implementation. " HOMEPAGE = "https://www.gnu.org/software/pth/" SECTION = "libs" LICENSE = "LGPLv2+" diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb index c539ecdbc6..623afccb5e 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb @@ -1,4 +1,6 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 modules" +DESCRIPTION = " Provides a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. Also solves problems with coordinating the use of PKCS#11 by different components or libraries living in the same process." +HOMEPAGE = "https://p11-glue.github.io/p11-glue/p11-kit.html" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50" diff --git a/poky/meta/recipes-support/popt/popt_1.16.bb b/poky/meta/recipes-support/popt/popt_1.16.bb index 27e49c2ca2..0c0392d036 100644 --- a/poky/meta/recipes-support/popt/popt_1.16.bb +++ b/poky/meta/recipes-support/popt/popt_1.16.bb @@ -1,4 +1,5 @@ SUMMARY = "Library for parsing command line options" +DESCRIPTION = "Popt is a C library for parsing command line parameters. Popt was heavily influenced by the getopt() and getopt_long() functions, but it improves on them by allowing more powerful argument expansion. Popt can parse arbitrary argv[] style arrays and automatically set variables based on command line arguments." HOMEPAGE = "http://rpm5.org/" SECTION = "libs" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb index 8b9938f572..7290dc90e5 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb @@ -27,3 +27,5 @@ do_compile () { do_install () { install -D -m 0755 ${S}/ptest-runner ${D}${bindir}/ptest-runner } + +RDEPENDS_${PN}_append_libc-glibc = " libgcc" diff --git a/poky/meta/recipes-support/re2c/re2c_1.0.1.bb b/poky/meta/recipes-support/re2c/re2c_1.0.1.bb index 35200ecde8..faeb496a1a 100644 --- a/poky/meta/recipes-support/re2c/re2c_1.0.1.bb +++ b/poky/meta/recipes-support/re2c/re2c_1.0.1.bb @@ -1,5 +1,7 @@ SUMMARY = "Tool for writing very fast and very flexible scanners" -HOMEPAGE = "http://re2c.sourceforge.net/" +DESCRIPTION = "A free and open-source lexer generator for C, C++ and Go. It compiles regular expressions to determinisitic finite automata and encodes the automata in the form of a program in the target language. Unlike any other such tool, re2c focuses on generating high efficient code for regular expression matching. As a result this allows a much broader range of use than any traditional lexer." +HOMEPAGE = "http://re2c.org/" +BUGTRACKER = "https://github.com/skvadrik/re2c/issues" AUTHOR = "Marcus Börger <helly@users.sourceforge.net>" SECTION = "devel" LICENSE = "PD" diff --git a/poky/meta/recipes-support/serf/serf_1.3.9.bb b/poky/meta/recipes-support/serf/serf_1.3.9.bb index 2fbf96f997..3276d40df6 100644 --- a/poky/meta/recipes-support/serf/serf_1.3.9.bb +++ b/poky/meta/recipes-support/serf/serf_1.3.9.bb @@ -1,4 +1,9 @@ SUMMARY = "High-Performance Asynchronous HTTP Client Library" +DESCRIPTION = "The Apache Serf library is a C-based HTTP client library built upon the Apache \ +Portable Runtime (APR) library. It multiplexes connections, running the \ +read/write communication asynchronously. Memory copies and transformations are \ +kept to a minimum to provide high performance operation." +HOMEPAGE = "http://serf.apache.org/" SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://norpath.patch \ file://env.patch \ diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index 7a060b09ad..6b3ebf1cdc 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -1,4 +1,5 @@ SUMMARY = "Shared MIME type database and specification" +DESCRIPTION = "The shared-mime-info package contains the core database of common types and the update-mime-database command used to extend it. It requires glib2 to be installed for building the update command. Additionally, it uses intltool for translations, though this is only a dependency for the maintainers." HOMEPAGE = "http://freedesktop.org/wiki/Software/shared-mime-info" SECTION = "base" diff --git a/poky/meta/recipes-support/sqlite/sqlite3.inc b/poky/meta/recipes-support/sqlite/sqlite3.inc index 07614bdb3e..1adc0eba66 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3.inc +++ b/poky/meta/recipes-support/sqlite/sqlite3.inc @@ -1,4 +1,5 @@ SUMMARY = "Embeddable SQL database engine" +DESCRIPTION = "A library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day" HOMEPAGE = "http://www.sqlite.org" SECTION = "libs" diff --git a/poky/meta/recipes-support/taglib/taglib_1.11.1.bb b/poky/meta/recipes-support/taglib/taglib_1.11.1.bb index f4e288295d..165bccadc1 100644 --- a/poky/meta/recipes-support/taglib/taglib_1.11.1.bb +++ b/poky/meta/recipes-support/taglib/taglib_1.11.1.bb @@ -1,4 +1,5 @@ SUMMARY = "Library for reading and editing the meta-data of popular audio formats" +DESCRIPTION = "Platform-independent library (tested on Windows/Linux) for reading and writing metadata in media files, including video, audio, and photo formats. This is a convenient one-stop-shop to present or tag all your media collection, regardless of which format/container these might use. You can read/write the standard or more common tags/properties of a media, or you can also create and retrieve your own custom tags." SECTION = "libs/multimedia" HOMEPAGE = "http://taglib.github.io/" LICENSE = "LGPLv2.1 | MPL-1.1" diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index d57f784da5..878d0f18ae 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -1,6 +1,10 @@ SUMMARY = "Vi IMproved - enhanced vi editor" +DESCRIPTION = "Vim is a greatly improved version of the good old UNIX editor Vi. Many new features have been added: multi-level undo, syntax highlighting, command line history, on-line help, spell checking, filename completion, block operations, script language, etc. There is also a Graphical User Interface (GUI) available." SECTION = "console/utils" +HOMEPAGE = "https://www.vim.org/" +BUGTRACKER = "https://github.com/vim/vim/issues" + DEPENDS = "ncurses gettext-native" # vimdiff doesn't like busybox diff RSUGGESTS_${PN} = "diffutils" diff --git a/poky/meta/recipes-support/vte/vte_0.58.3.bb b/poky/meta/recipes-support/vte/vte_0.58.3.bb index 41dc2e77c9..50724700e8 100644 --- a/poky/meta/recipes-support/vte/vte_0.58.3.bb +++ b/poky/meta/recipes-support/vte/vte_0.58.3.bb @@ -1,4 +1,6 @@ SUMMARY = "Virtual terminal emulator GTK+ widget library" +DESCRIPTION = "VTE provides a virtual terminal widget for GTK applications." +HOMEPAGE = "https://wiki.gnome.org/Apps/Terminal/VTE" BUGTRACKER = "https://bugzilla.gnome.org/buglist.cgi?product=vte" LICENSE = "GPLv3 & LGPLv3+ & LGPLv2.1+" LICENSE_libvte = "LGPLv3+" diff --git a/poky/scripts/bitbake-whatchanged b/poky/scripts/bitbake-whatchanged index 3095dafa46..6f4b268119 100755 --- a/poky/scripts/bitbake-whatchanged +++ b/poky/scripts/bitbake-whatchanged @@ -217,7 +217,7 @@ print what will be done between the current and last builds, for example: # Edit the recipes $ bitbake-whatchanged core-image-sato -The changes will be printed" +The changes will be printed. Note: The amount of tasks is not accurate when the task is "do_build" since diff --git a/poky/scripts/contrib/documentation-audit.sh b/poky/scripts/contrib/documentation-audit.sh index 1191f57a8e..f436f9bae0 100755 --- a/poky/scripts/contrib/documentation-audit.sh +++ b/poky/scripts/contrib/documentation-audit.sh @@ -27,7 +27,7 @@ fi echo "REMINDER: you need to build for MACHINE=qemux86 or you won't get useful results" echo "REMINDER: you need to set LICENSE_FLAGS_WHITELIST appropriately in local.conf or " -echo " you'll get false positives. For example, LICENSE_FLAGS_WHITELIST = \"Commercial\"" +echo " you'll get false positives. For example, LICENSE_FLAGS_WHITELIST = \"commercial\"" for pkg in `bitbake -s | awk '{ print \$1 }'`; do if [[ "$pkg" == "Loading" || "$pkg" == "Loaded" || diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py index 7b62b7e7b8..f364a45283 100644 --- a/poky/scripts/lib/devtool/standard.py +++ b/poky/scripts/lib/devtool/standard.py @@ -953,12 +953,17 @@ def modify(args, config, basepath, workspace): if bb.data.inherits_class('kernel', rd): f.write('SRCTREECOVEREDTASKS = "do_validate_branches do_kernel_checkout ' - 'do_fetch do_unpack do_kernel_configme do_kernel_configcheck"\n') + 'do_fetch do_unpack do_kernel_configcheck"\n') f.write('\ndo_patch[noexec] = "1"\n') f.write('\ndo_configure_append() {\n' ' cp ${B}/.config ${S}/.config.baseline\n' ' ln -sfT ${B}/.config ${S}/.config.new\n' '}\n') + f.write('\ndo_kernel_configme_prepend() {\n' + ' if [ -e ${S}/.config ]; then\n' + ' mv ${S}/.config ${S}/.config.old\n' + ' fi\n' + '}\n') if rd.getVarFlag('do_menuconfig','task'): f.write('\ndo_configure_append() {\n' ' if [ ! ${DEVTOOL_DISABLE_MENUCONFIG} ]; then\n' diff --git a/poky/scripts/lib/wic/canned-wks/common.wks.inc b/poky/scripts/lib/wic/canned-wks/common.wks.inc index 89880b417b..4fd29fa8c1 100644 --- a/poky/scripts/lib/wic/canned-wks/common.wks.inc +++ b/poky/scripts/lib/wic/canned-wks/common.wks.inc @@ -1,3 +1,3 @@ # This file is included into 3 canned wks files from this directory part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 1024 -part / --source rootfs --use-uuid --fstype=ext4 --label platform --align 1024 +part / --source rootfs --use-uuid --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024 diff --git a/poky/scripts/lib/wic/canned-wks/directdisk-gpt.wks b/poky/scripts/lib/wic/canned-wks/directdisk-gpt.wks index 8d7d8de6ea..cf16c0c30b 100644 --- a/poky/scripts/lib/wic/canned-wks/directdisk-gpt.wks +++ b/poky/scripts/lib/wic/canned-wks/directdisk-gpt.wks @@ -4,7 +4,7 @@ part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 1024 -part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 1024 --use-uuid +part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --use-uuid bootloader --ptable gpt --timeout=0 --append="rootwait rootfstype=ext4 video=vesafb vga=0x318 console=tty0 console=ttyS0,115200n8" diff --git a/poky/scripts/lib/wic/canned-wks/mkefidisk.wks b/poky/scripts/lib/wic/canned-wks/mkefidisk.wks index 9f534fe184..d1878e23e5 100644 --- a/poky/scripts/lib/wic/canned-wks/mkefidisk.wks +++ b/poky/scripts/lib/wic/canned-wks/mkefidisk.wks @@ -4,7 +4,7 @@ part /boot --source bootimg-efi --sourceparams="loader=grub-efi" --ondisk sda --label msdos --active --align 1024 -part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 1024 --use-uuid +part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --use-uuid part swap --ondisk sda --size 44 --label swap1 --fstype=swap diff --git a/poky/scripts/lib/wic/misc.py b/poky/scripts/lib/wic/misc.py index e4b5a0d519..8fb508dd39 100644 --- a/poky/scripts/lib/wic/misc.py +++ b/poky/scripts/lib/wic/misc.py @@ -26,6 +26,7 @@ logger = logging.getLogger('wic') # executable -> recipe pairs for exec_native_cmd NATIVE_RECIPES = {"bmaptool": "bmap-tools", + "dumpe2fs": "e2fsprogs", "grub-mkimage": "grub-efi", "isohybrid": "syslinux", "mcopy": "mtools", diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py index e574f40c47..85f9847047 100644 --- a/poky/scripts/lib/wic/partition.py +++ b/poky/scripts/lib/wic/partition.py @@ -298,6 +298,8 @@ class Partition(): mkfs_cmd = "fsck.%s -pvfD %s" % (self.fstype, rootfs) exec_native_cmd(mkfs_cmd, native_sysroot, pseudo=pseudo) + self.check_for_Y2038_problem(rootfs, native_sysroot) + def prepare_rootfs_btrfs(self, rootfs, cr_workdir, oe_builddir, rootfs_dir, native_sysroot, pseudo): """ @@ -388,6 +390,8 @@ class Partition(): (self.fstype, extraopts, label_str, self.fsuuid, rootfs) exec_native_cmd(mkfs_cmd, native_sysroot) + self.check_for_Y2038_problem(rootfs, native_sysroot) + def prepare_empty_partition_btrfs(self, rootfs, oe_builddir, native_sysroot): """ @@ -449,3 +453,37 @@ class Partition(): mkswap_cmd = "mkswap %s -U %s %s" % (label_str, self.fsuuid, path) exec_native_cmd(mkswap_cmd, native_sysroot) + + def check_for_Y2038_problem(self, rootfs, native_sysroot): + """ + Check if the filesystem is affected by the Y2038 problem + (Y2038 problem = 32 bit time_t overflow in January 2038) + """ + def get_err_str(part): + err = "The {} filesystem {} has no Y2038 support." + if part.mountpoint: + args = [part.fstype, "mounted at %s" % part.mountpoint] + elif part.label: + args = [part.fstype, "labeled '%s'" % part.label] + elif part.part_name: + args = [part.fstype, "in partition '%s'" % part.part_name] + else: + args = [part.fstype, "in partition %s" % part.num] + return err.format(*args) + + # ext2 and ext3 are always affected by the Y2038 problem + if self.fstype in ["ext2", "ext3"]: + logger.warn(get_err_str(self)) + return + + ret, out = exec_native_cmd("dumpe2fs %s" % rootfs, native_sysroot) + + # if ext4 is affected by the Y2038 problem depends on the inode size + for line in out.splitlines(): + if line.startswith("Inode size:"): + size = int(line.split(":")[1].strip()) + if size < 256: + logger.warn("%s Inodes (of size %d) are too small." % + (get_err_str(self), size)) + break + diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py index 53324b9f8b..29eb7505bc 100644 --- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py +++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py @@ -271,7 +271,7 @@ def draw_chart(ctx, color, fill, chart_bounds, data, proc_tree, data_range): # If data_range is given, scale the chart so that the value range in # data_range matches the chart bounds exactly. # Otherwise, scale so that the actual data matches the chart bounds. - if data_range: + if data_range and (data_range[1] - data_range[0]): yscale = float(chart_bounds[3]) / (data_range[1] - data_range[0]) ybase = data_range[0] else: diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index cc87ea871a..63e533a934 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -1328,6 +1328,8 @@ class BaseConfig(object): for ovmf in self.ovmf_bios: format = ovmf.rsplit('.', 1)[-1] + if format == "bin": + format = "raw" self.qemu_opt += ' -drive if=pflash,format=%s,file=%s' % (format, ovmf) self.qemu_opt += ' ' + self.qemu_opt_script diff --git a/poky/scripts/verify-bashisms b/poky/scripts/verify-bashisms index fb0cc719ea..14d8c298e9 100755 --- a/poky/scripts/verify-bashisms +++ b/poky/scripts/verify-bashisms @@ -100,7 +100,7 @@ if __name__=='__main__': args = parser.parse_args() if shutil.which("checkbashisms.pl") is None: - print("Cannot find checkbashisms.pl on $PATH, get it from https://anonscm.debian.org/cgit/collab-maint/devscripts.git/plain/scripts/checkbashisms.pl") + print("Cannot find checkbashisms.pl on $PATH, get it from https://salsa.debian.org/debian/devscripts/raw/master/scripts/checkbashisms.pl") sys.exit(1) # The order of defining the worker function, diff --git a/poky/scripts/yocto-check-layer b/poky/scripts/yocto-check-layer index b7c83c8b54..deba3cb4f8 100755 --- a/poky/scripts/yocto-check-layer +++ b/poky/scripts/yocto-check-layer @@ -138,6 +138,9 @@ def main(): layer['type'] == LayerType.ERROR_BSP_DISTRO: continue + # Reset to a clean backup copy for each run + shutil.copyfile(bblayersconf + '.backup', bblayersconf) + if check_bblayers(bblayersconf, layer['path'], logger): logger.info("%s already in %s. To capture initial signatures, layer under test should not present " "in BBLAYERS. Please remove %s from BBLAYERS." % (layer['name'], bblayersconf, layer['name'])) |