diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 20:50:14 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 23:22:16 +0300 |
| commit | 6ad2fb6c009c7501865f18d8c14fbe1c06dd829d (patch) | |
| tree | f81caa9afbcb1fd3d12d335fc95cb725672e2148 | |
| parent | f4e5dde7fa70d6927253adf5cf32c31073293b32 (diff) | |
| download | openbmc-6ad2fb6c009c7501865f18d8c14fbe1c06dd829d.tar.xz | |
subtree updates
meta-openembedded: c5668905a6..cbbaa82238:
Alex Kiernan (1):
lldpd: Upgrade 1.0.14 -> 1.0.15
Alexander Stein (1):
dool: Add patch to fix rebuild
Archana Polampalli (1):
Nodejs - Upgrade to 16.18.1
Armin Kuster (2):
meta-oe][PATCH] gst-editing-services: fix typo in LICENSE field.
Revert "waf-samba.bbclass: point PYTHON_CONFIG to target python3-config"
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Changqing Li (3):
redis: 7.0.5 -> 7.0.7
redis: 6.2.7 -> 6.2.8
redis: upgrade 7.0.9 -> 7.0.10
Chee Yang Lee (5):
zsh: Fix CVE-2021-45444
fwupd: Fix CVE-2022-3287
redis: Upgrade to 7.0.8
redis: Upgrade to 6.2.9
tinyproxy: fix CVE-2022-40468
Chen Pei (1):
botan: upgrade 2.19.2 -> 2.19.3
Chen Qi (4):
xfce4-verve-plugin: fix do_configure faiure about missing libpcre
networkmanager: fix dhcpcd PACKAGECONFIG
networkmanager: install config files into correct place
networkmanager: fix /etc/resolv.conf handling
Dmitry Baryshkov (1):
nss: fix cross-compilation error
Geoff Parker (1):
python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES
Hermes Zhang (1):
kernel_add_regdb: Change the task order
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Joe Slater (1):
phoronix-test-suite: fix CVE-2022-40704
Kai Kang (2):
freeradius: fix multilib systemd service start failure
postfix: fix multilib conflict of sample-main.cf
Khem Raj (15):
gnome-text-editor: Add missing libpcre build time depenedency
ettercap: Add missing dependency on libpcre
imapfilter: Upgrade to 2.7.6
aufs-util: Fix build with large file support enabled systems
volume-key: Inherit python3targetconfig
audit: Inherit python3targetconfig
waf-samba.bbclass: point PYTHON_CONFIG to target python3-config
fontforge: Inherit python3targetconfig
sshpass: Use SPDX identified string for GPLv2
perfetto: Do not pass TUNE_CCARGS to native/host compiler
net-snmp: Fix build with clang16
ncmpc: Upgrade to 0.47
mpd: Upgrade to 0.23.12 release
redis: Upgrade 6.x recipe to 6.2.11
redis: Upgrade 7.x to 7.0.9
Leon Anavi (1):
python3-pythonping: Upgrade 1.1.3 -> 1.1.4
Markus Volk (3):
libcamera: upgrade -> 0.0.1
blueman: add RDEPEND on python3-fcntl
perfetto: pass TUNE_CCARGS to use machine tune
Martin Jansa (11):
monkey: use git fetcher
nss: fix SRC_URI
exiv2: fix SRC_URI
mdns: use git fetcher
zsh: fix installed-vs-shipped with multilib
restinio: fix S variable in multilib builds
mongodb: fix chown user for multilib builds
pahole: respect libdir
lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib
lirc: fix do_install with multilib
dleyna-{server,renderer}: fix dev-so QA issue with multilib
Mathieu Dubois-Briand (2):
nss: Add missing CVE product
nss: Whitelist CVEs related to libnssdbm
Mingli Yu (1):
php: Upgrade to 8.1.16
Narpat Mali (1):
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
Omkar Patil (1):
ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3
Peter Kjellerstedt (2):
chrony: Make it possible to enable editline support again
chrony: Remove the libcap and nss PACKAGECONFIGs
Peter Marko (4):
cpputest: remove dev package dependency
ntp: whitelist CVE-2019-11331
c-ares: fix CVE-2022-4904
dnsmasq: fix CVE-2023-28450
Polampalli, Archana (1):
nodejs: Upgrade 16.19.0 -> 16.19.1
Preeti Sachan (1):
fluidsynth: update SRC_URI to remove non-existing 2.2.x branch
Randy MacLeod (2):
python3-pillow: add ptest support
python3-pillow: Add distutils, unixadmin for ptest
Robert Joslyn (1):
fwupd: Fix plugin_gpio PACKAGECONFIG
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Stefan Ghinea (1):
mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393
Tim Orling (1):
nodejs: upgrade 16.18.1 -> 16.19.0
Tom Hochstein (1):
nlohmann-json: Allow empty main package for SDK
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Wang Mingyu (34):
bats: upgrade 1.8.0 -> 1.8.2
ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
fvwm: upgrade 2.6.9 -> 2.7.0
makedumpfile: upgrade 1.7.1 -> 1.7.2
sanlock: upgrade 3.8.4 -> 3.8.5
python3-astroid: upgrade 2.12.11 -> 2.12.12
python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
python3-google-auth: upgrade 2.12.0 -> 2.13.0
python3-huey: upgrade 2.4.3 -> 2.4.4
python3-oauthlib: upgrade 3.2.1 -> 3.2.2
python3-pandas: upgrade 1.5.0 -> 1.5.1
python3-pika: upgrade 1.3.0 -> 1.3.1
python3-protobuf: upgrade 4.21.7 -> 4.21.8
python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
python3-socketio: upgrade 5.7.1 -> 5.7.2
python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
tracker: upgrade 3.4.0 -> 3.4.1
wolfssl: upgrade 5.5.1 -> 5.5.2
cglm: upgrade 0.8.5 -> 0.8.7
ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
function2: upgrade 4.2.1 -> 4.2.2
poco: upgrade 1.12.2 -> 1.12.3
audit: upgrade 3.0.8 -> 3.0.9
colord: upgrade 1.4.5 -> 1.4.6
smcroute: upgrade 2.5.5 -> 2.5.6
openwsman: upgrade 2.7.1 -> 2.7.2
python3-pillow: upgrade 9.2.0 -> 9.3.0
python3-pillow: upgrade 9.3.0 -> 9.4.0
apache2: upgrade 2.4.54 -> 2.4.55
python3-django: upgrade 4.1 -> 4.1.3
python3-django: upgrade 4.1.3 -> 4.1.6
apache2: upgrade 2.4.55 -> 2.4.56
openwsman: Change download branch from master to main.
Xiangyu Chen (1):
ipmitool: fix typo in .bb file's comments, using = instead of =?
Yi Zhao (4):
ostree: fix selinux policy rebuild error on first deployment
strongswan: upgrade 5.9.8 -> 5.9.9
freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861
apache2: use /run instead of /var/run for systemd volatile config
Yogita Urade (1):
multipath-tools: fix CVE-2022-41974
zhengruoqin (2):
tcpslice: upgrade 1.5 -> 1.6
tio: upgrade 2.1 -> 2.2
meta-arm: 4ee457693e..58952aa7ba:
Abdellatif El Khlifi (1):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the user guide
Adam Johnston (2):
arm/trusted-services: Fix 'no such file' when building libts
CI: Remove ts-smm-gateway from N1SDP
Adrian Herrera (2):
atp: decouple m5readfile from m5ops
atp: move m5readfile to meta-gem5
Adrián Herrera Arcila (5):
atp: fix failing test_readme
gem5: support for EXTRAS
atp: separate recipe for gem5 models
atp: fix machine overrides in recipes
ci: add meta-atp to check-layers
Anton Antonov (1):
arm-bsp/fvp-base: Enable virtio-rng support and unset preferred 5.15 kernel
Daniel Díaz (1):
arm-bsp/firmware-image-juno: Fix deployment of compressed Image
Diego Sueiro (2):
arm/classes: Introduce apply_local_src_patches bbclass
arm/trusted-firmware-m: Fix local source patches application
Emekcan (3):
arm-bsp/trusted-services: add checks for null attributes in smm gateway
arm-bsp/trusted-services: Fix GetNextVariable max_name_len in smm gateway
arm/fvp: Upgrade Corstone1000 FVP
Emekcan Aras (3):
arm-bsp/documentation: corstone1000: update the user guide
kas/corstone1000-base.yml: set refspec for Corstone1000 release
arm/trusted-firmware-m: Do not use release branches
Gowtham Suresh Kumar (6):
arm/edk2-basetools: Add edk2 base tool native recipe
arm-bsp/uefi_capsule: Add UEFI capsule generation class
arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform
arm/edk2-basetools: Convert edk2 basetools recipes to native only
arm-bsp/uefi_capsule: Use json file to pass capsule config
arm-bsp/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR
Jon Mason (4):
CI: define DEFAULT_TAG and CPU_REQUEST
arm-bsp/juno: move to compressed initramfs image
arm-bsp/juno: Update kernel patches to the latest
CI: dev kernel allow failure
Luca Fancellu (1):
arm,arm-bsp/recipes-kernel: don't use PN in arm-ffa-transport.inc
Peter Hoyes (15):
arm/fvp: Join cli arguments in verbose logging
arm/lib: Factor out asyncio in FVPRunner
arm/lib: Decouple console parsing from the FVPRunner
arm/oeqa: Log the FVP output in OEFVPSSHTarget
runfvp: Fix verbose output when using --console
arm/fvp: Backport shlex.join from Python 3.8
arm/fvpboot: Disable timing annotation by default
arm/classes: Ensure patch files are sorted in apply_local_src_patches
arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
arm/scp-firmware: Disable cppcheck
arm/lib: Add XAUTHORITY to runfvp environment
classes: Define FVP_ENV_PASSTHROUGH variable dependencies
classes: Prevent passing None to the runfvp environment
classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds
Qi Feng (1):
kas/fvp-baser-aemv8r64: Use langdale as kas default refspec
Robbie Cao (1):
arm/fvp-base-r-aem: upgrade to version 11.20.15
Ross Burton (9):
arm/linux-arm64-ack: fix buildpaths in the perf Python module
CI: revert a meta-clang change which breaks pixman (thus, xserver)
CI: add variables needed for k8s runners
CI: add tags to all jobs
CI: no need to install telnet
CI: use the .setup fragment in machine-coverage
CI: fix builds with clang
CI: pin to kas 3.2 as 3.2.1 fails
arm-bsp/external-system: fix the gen_module race, again
Rui Miguel Silva (4):
arm/trusted-services: check before applying patches
arm-bsp/trusted-services: psa test setup corstone1000
arm-bsp/trusted-firmware-m: adjust ps assets for corstone1000
kas/corstone500.yml: pin repos to langdale
Vishnu Banavath (3):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the release notes
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the change log
arm-bsp/optee: register DRAM1 for N1SDP target
poky: 6b9db5a99b..3e95f268ce:
Adrian Freihofer (2):
buildconf: compare abspath
bblayers/setupwriters/oe-setup-layers: create dir if not exists
Alejandro Hernandez Samaniego (2):
baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
testimage: Fix error message to reflect new syntax
Alex Kiernan (2):
cargo_common.bbclass: Fix typos
classes: image: Set empty weak default IMAGE_LINGUAS
Alex Stewart (2):
lsof: add update-alternatives logic
opkg: upgrade to version 0.6.1
Alexander Kanavin (69):
rust-target-config: match riscv target names with what rust expects
rust: install rustfmt for riscv32 as well
shadow: update 4.12.1 -> 4.12.3
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
go: submit patch upstream
go: update 1.19 -> 1.19.2
groff: submit patches upstream
tcl: correct patch status
lttng-tools: submit determinism.patch upstream
kea: submit patch upstream
ovmf: correct patches status
libffi: submit patch upstream
rust: submit a rewritten version of crossbeam_atomic.patch upstream
ffmpeg: upgrade 5.1.1 -> 5.1.2
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
selftest: add a copy of previous mtd-utils version to meta-selftest
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
pango: upgrade 1.50.10 -> 1.50.11
pango: replace a recipe fix with an upstream submitted patch
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
mesa: do not rely on native llvm-config in target sysroot
systemd: update 251.4 -> 251.8
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
gnomebase.bbclass: return the whole version for tarball directory if it is a number
glibc-tests: correctly pull in the actual tests when installing -ptest package
libnewt: update 0.52.21 -> 0.52.23
ruby: merge .inc into .bb
ruby: update 3.1.2 -> 3.1.3
tzdata: update 2022d -> 2022g
cmake: update 3.24.0 -> 3.24.2
devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
libarchive: upgrade 3.6.1 -> 3.6.2
go: update 1.19.3 -> 1.19.4
devtool: process local files only for the main branch
libksba: update 1.6.2 -> 1.6.3
linux-firmware: upgrade 20221109 -> 20221214
xwayland: upgrade 22.1.5 -> 22.1.7
xserver-xorg: upgrade 21.1.4 -> 21.1.6
selftest/virgl: use pkg-config from the host
vulkan-samples: branch rename master -> main
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
diffutils: update 3.8 -> 3.9
lttng-tools: update 2.13.8 -> 2.13.9
apr: update 1.7.0 -> 1.7.2
apr-util: update 1.6.1 -> 1.6.3
bind: upgrade 9.18.10 -> 9.18.11
libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
pkgconf: upgrade 1.9.3 -> 1.9.4
linux-firmware: upgrade 20221214 -> 20230117
sudo: upgrade 1.9.12p1 -> 1.9.12p2
libgit2: upgrade 1.5.0 -> 1.5.1
vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
dbus: upgrade 1.14.4 -> 1.14.6
linux-firmware: upgrade 20230117 -> 20230210
wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
bblayers/makesetup: skip git repos that are submodules
sudo: update 1.9.12p2 -> 1.9.13p2
libdnf: update 0.69.0 -> 0.70.0
pango: upgrade 1.50.12 -> 1.50.13
apt: re-enable version check
devtool/upgrade: do not delete the workspace/recipes directory
Alexey Smirnov (1):
classes: make TOOLCHAIN more permissive for kernel
Alexis Lothoré (1):
oeqa/selftest/resulttooltests: fix minor typo
Andrew Geissler (1):
filemap.py: enforce maximum of 4kb block size
Anton Antonov (1):
rust: Do not use default compiler flags defined in CC crate
Antonin Godard (2):
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
Armin Kuster (1):
lttng-modules: Fix for 5.10.163 kernel version
Arnout Vandecappelle (1):
python3-pytest: depend on python3-tomli instead of python3-toml
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Benoît Mauduit (1):
lib/oe/reproducible: Use git log without gpg signature
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Bruce Ashfield (35):
linux-yocto/5.15: update to v5.15.72
linux-yocto/5.19: update to v5.19.14
kern-tools: fix relative path processing
linux-yocto/5.15: update to v5.15.74
linux-yocto/5.15: update to v5.15.76
linux-yocto/5.15: update to v5.15.78
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: update to v5.19.16
linux-yocto/5.19: update to v5.19.17
linux-yocto/5.19: cfg: intel and vesa updates
linux-yocto/5.19: security.cfg: remove configs which have been dropped
linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure
kern-tools: integrate ZFS speedup patch
linux-yocto/5.19: fix perf build with clang
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: update to v5.15.84
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: update to v5.15.87
linux-yocto/5.15: update to v5.15.89
linux-yocto/5.15: update to v5.15.91
lttng-modules: fix for kernel 6.2+
linux-yocto/5.15: update to v5.15.94
linux-yocto/5.15: update to v5.15.96
linux-yocto-rt/5.15: update to -rt59
linux-yocto/5.15: update to v5.15.98
linux-yocto/5.15: update to v5.15.103
lttng-modules: update to v2.13.9
kernel-devsrc: fix mismatched compiler warning
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
Carlos Alberto Lopez Perez (3):
xwayland: libxshmfence is needed when dri3 is enabled
mesa-gl: gallium is required when enabling x11
mesa-demos: packageconfig weston should have a dependency on wayland-protocols
Changqing Li (2):
base.bbclass: Fix way to check ccache path
apt: fix do_package_qa failure
Charlie Johnston (1):
opkg: ensure opkg uses private gpg.conf when applying keys.
Chee Yang Lee (5):
git: upgrade to 2.37.5
tiff: fix multiple CVEs
git: ignore CVE-2023-22743
tiff: Fix CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
go: upgrade to 1.19.7
Chen Qi (9):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
dhcpcd: fix to work with systemd
resolvconf: make it work
psplash: consider the situation of psplash not exist for systemd
bc: extend to nativesdk
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
dhcpcd: backport two patches to fix runtime error
libseccomp: fix typo in DESCRIPTION
ffmpeg: fix configure failure on noexec /tmp host
Chris Elledge (1):
busybox: move hwclock init earlier in startup
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Christoph Lauer (1):
populate_sdk_base: add zip options
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Diego Sueiro (1):
kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
Dmitry Baryshkov (5):
linux-firmware: upgrade 20221012 -> 20221109
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
ffmpeg: fix build failure when vulkan is enabled
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Enguerrand de Ribaucourt (1):
bitbake-layers: fix a typo
Enrico Jörns (8):
sstatesig: emit more helpful error message when not finding sstate manifest
oeqa/selftest/cases/runqemu: update imports
oeqa/targetcontrol: fix misspelled RuntimeError
oeqa/targetcontrol: do not set dump_host_cmds redundantly
oeqa/targetcontrol: remove unused imports
oeqa/utils/commands: fix usage of undefined EPIPE
oeqa/utils/commands: remove unused imports
oeqa/utils/qemurunner: replace hard-coded user 'root' in debug output
Etienne Cordonnier (2):
mirrors.bbclass: use shallow tarball for binutils-native
bitbake: siggen: Fix inefficient string concatenation
Fawzi KHABER (3):
ref-manual: update DEV_PKG_DEPENDENCY in variables
package.bbclass: check packages name conflict in do_package
oeqa/selftest/cases/package.py: adding unittest for package rename conflicts
Federico Pellegrin (1):
curl: fix dependencies when building with ldap/ldaps
Frank de Brabander (2):
bitbake: process: log odd unlink events with bitbake.sock
bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system
Frederic Martinsons (1):
cargo.bbclass: use offline mode for building
Geoffrey GIRY (2):
cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
cve-check: Fix false negative version issue
Harald Seiler (2):
opkg: Set correct info_dir and status_file in opkg.conf
bootchart2: Fix usrmerge support
He Zhe (1):
lttng-modules: update 2.13.7 -> 2.13.8
Hitendra Prajapati (3):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Jagadeesh Krishnanjanappa (1):
qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
Jan Kircher (1):
toolchain-scripts: compatibility with unbound variable protection
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Jermain Horsman (1):
cve-check: write the cve manifest to IMGDEPLOYDIR
Jose Quaresma (10):
kernel-yocto: improve fatal error messages of symbol_why.py
archiver: avoid using machine variable as it breaks multiconfig
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
gstreamer1.0: Fix race conditions in gstbin tests
oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output
oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided
oeqa/selftest/reproducible: Split different packages from missing packages output
Joshua Watt (6):
runqemu: Do not perturb script environment
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
scripts: convert-overrides: Allow command-line customizations
classes/populate_sdk_base: Append cleandirs
Justin Bronder (1):
bitbake: asyncrpc: serv: correct closed client socket detection
Kai Kang (3):
mesa: only apply patch to fix ALWAYS_INLINE for native
libuv: fixup SRC_URI
xserver-xorg: 21.1.6 -> 21.1.7
Keiya Nobuta (1):
create-spdx: Remove ";name=..." for downloadLocation
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (11):
tiff: Add packageconfig knob for webp
createrepo-c: Include missing rpm/rpmstring.h
libtirpc: Check if file exists before operating on it
libusb1: Link with latomic only if compiler has no atomic builtins
libusb1: Strip trailing whitespaces
scons: Pass MAXLINELENGTH to scons invocation
scons.bbclass: Make MAXLINELENGTH overridable
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86"
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Lee Chee Yang (2):
git: Upgrade to 2.37.4
migration-guides: add release-notes for 4.0.7
Leon Anavi (1):
get_module_deps3.py: Check attribute '__file__'
Liam Beguin (1):
meson: make wrapper options sub-command specific
Louis Rannou (1):
oeqa/selftest/locales: Add selftest for locale generation/presence
Luca Boccassi (1):
systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
Luis (1):
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
Marek Vasut (5):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
systemd: Make importd depend on glib-2.0 again
bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
bitbake: fetch2/git: Clarify the meaning of namespace
cpio: Fix wrong CRC with ASCII CRC for large files
Mark Asselstine (1):
bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
Markus Volk (2):
mesa: update 22.2.0 -> 22.2.2
librsvg: enable vapi build
Marta Rybczynska (1):
cve-update-db-native: avoid incomplete updates
Martin Jansa (12):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
libxml2: fix test data checksums
meta: remove True option to getVar and getVarFlag calls (again)
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
bmap-tools: switch to main branch
selftest: runqemu: better check for ROOTFS: in the log
selftest: runqemu: use better error message when asserts fail
runqemu: respect IMAGE_LINK_NAME
Mateusz Marciniec (1):
sstatesig: Improve output hash calculation
Mathieu Dubois-Briand (1):
dbus: Add missing CVE product name
Mauro Queiros (1):
image.bbclass: print all QA functions exceptions
Michael Halstead (3):
uninative: Upgrade to 3.8.1 to include libgcc
selftest/runtime_test/virgl: Disable for all Rocky Linux
uninative: Upgrade to 3.9 to include glibc 2.37
Michael Opdenacker (13):
bitbake: bitbake-user-manual: details about variable flags starting with underscore
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
backport SPDX documentation and vulnerability improvements
Expand create-spdx class documentation
Expand cve-check class documentation
manuals: add 4.0.5 and 4.0.6 release notes
dev-manual: fix old override syntax
ref-manual: variables.rst: fix broken hyperlink
profile-manual: update WireShark hyperlinks
bsp-guide: fix broken git URLs and missing word
manuals: update patchwork instance URL
dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
migration-guides: update release notes
Mikko Rapeli (13):
common-tasks.rst: fix oeqa runtime test path
oeqa context.py: fix --target-ip comment to include ssh port number
oeqa ssh.py: move output prints to new line
oeqa ssh.py: add connection keep alive options to ssh client
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner: read more data at a time from serial
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
oeqa ssh.py: fix hangs in run()
runqemu: kill qemu if it hangs
oeqa rtc.py: skip if read-only-rootfs
oeqa ping.py: avoid busylooping failing ping command
oeqa ping.py: fail test if target IP address has not been set
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (6):
grub: disable build on armv7ve/a with hardfp
glslang: branch rename master -> main
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
report-error: catch Nothing PROVIDES error
Narpat Mali (4):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
libseccomp: fix for the ptest result format
python3-setuptools: fix for CVE-2022-40897
Nathan Rossi (2):
oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
package: Fix handling of minidebuginfo with newer binutils
Niko Mauno (3):
systemd: Consider PACKAGECONFIG in RRECOMMENDS
Fix missing leading whitespace with ':append'
ref-manual: Fix invalid feature name
Ola x Nilsson (1):
kbd: Don't build tests
Ovidiu Panait (1):
kernel.bbclass: remove empty module directories to prevent QA issues
Pavel Zhukov (4):
bitbake: gitsm: Fix regression in gitsm submodule path parsing
oeqa/rpm.py: Increase timeout and add debug output
wic: Fix usage of fstype=none in wic
u-boot: Map arm64 into map for u-boot dts installation
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Peter Bergin (1):
gptfdisk: remove warning message from target system
Peter Kjellerstedt (4):
externalsrc.bbclass: Remove a trailing slash from ${B}
pango: Make it build with ptest disabled
librsvg: Only enable the Vala bindings if GObject Introspection is enabled
devshell: Do not add scripts/git-intercept to PATH
Peter Marko (6):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
externalsrc: fix lookup for .gitmodules
oeqa/selftest/externalsrc: add test for srctree_hash_files
systemd: add group sgx to udev package
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
Petr Kubizňák (1):
harfbuzz: remove bindir only if it exists
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Polampalli, Archana (1):
libpam: fix CVE-2022-28321
Qiu, Zheng (3):
tiff: fix a typo for CVE-2022-2953.patch
tiff: Security fix for CVE-2022-3970
vim: upgrade 9.0.0820 -> 9.0.0947
Quentin Schulz (4):
cairo: update patch for CVE-2019-6461 with upstream solution
docs: kernel-dev: faq: update tip on how to not include kernel in image
docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
cairo: fix CVE patches assigned wrong CVE number
Randy MacLeod (3):
valgrind: skip the boost_thread test on arm
vim: upgrade 9.0.0947 -> 9.0.1211
vim: upgrade 9.0.1403 -> 9.0.1429
Ranjitsinh Rathod (1):
curl: Correct LICENSE from MIT-open-group to curl
Ravula Adhitya Siddartha (2):
linux-yocto/5.15: update genericx86* machines to v5.15.72
linux-yocto/5.19: update genericx86* machines to v5.19.14
Richard Purdie (37):
build-appliance-image: Update to langdale head revision
bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
lttng-modules: upgrade 2.13.5 -> 2.13.7
bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
gcc-shared-source: Fix source date epoch handling
gcc-source: Fix gengtypes race
gcc-source: Drop gengtype manipulation
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
sanity: Drop data finalize call
oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
qemu: Ensure libpng dependency is deterministic
yocto-check-layer: Allow OE-Core to be tested
oeqa/concurrencytest: Add number of failures to summary output
build-appliance-image: Update to langdale head revision
bitbake: server/process: Add bitbake.sock race handling
native: Drop special variable handling
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
make-mod-scripts: Ensure kernel build output is deterministic
perf: Enable debug/source packaging
libc-locale: Fix on target locale generation
libssh2: Clean up ptest patch/coverage
build-appliance-image: Update to langdale head revision
bitbake: utils: Allow to_boolean to support int values
bitbake: cookerdata: Remove incorrect SystemExit usage
bitbake: cookerdata: Improve early exception handling
bitbake: cookerdata: Drop dubious exception handling code
binutils: Fix nativesdk ld.so search
oeqa/selftest/prservice: Improve debug output for failure
staging: Separate out different multiconfig manifests
staging/multilib: Fix manifest corruption
glibc: Add missing binutils dependency
selftest/recipetool: Stop test corrupting tinfoil class
base-files: Drop localhost.localdomain from hosts file
pybootchartui: Fix python syntax issue
pybootchart: Fix extents handling to account for cpu/io/mem pressure changes
xdg-utils: Add a patch for CVE-2020-27748
xdg-utils: Fix CVE number
Robert Andersson (1):
go-crosssdk: avoid host contamination by GOCACHE
Robert Joslyn (2):
curl: Backport CVE fixes
curl: Fix CVE-2022-43551 and CVE-2022-43552
Robert Yang (1):
bitbake: fetch/git: Fix local clone url to make it work with repo
Rodolfo Quesada Zumbado (1):
tar: CVE-2022-48303
Romuald JEANNE (1):
image_types: fix vname var init in multiubi_mkfs() function
Romuald Jeanne (1):
image_types: fix multiubi var init
Ross Burton (48):
libx11: apply the fix for CVE-2022-3554
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
tiff: fix a number of CVEs
qemu: backport the fix for CVE-2022-3165
pango: upgrade 1.50.9 -> 1.50.10
zlib: do out-of-tree builds
zlib: upgrade 1.2.12 -> 1.2.13
bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
pixman: backport fix for CVE-2022-44638
sudo: backport fix for CVE-2022-43995
sanity: check for GNU tar specifically
expat: upgrade to 2.5.0
oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
insane: add codeload.github.com to src-uri-bad check
linux-firmware: don't put the firmware into the sysroot
lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
combo-layer: remove unused import
combo-layer: dont use bb.utils.rename
combo-layer: add sync-revs command
libepoxy: remove upstreamed patch
cve-update-db-native: show IP on failure
pango: upgrade 1.50.11 -> 1.50.12
oeqa/selftest/debuginfod: improve testcase
curl: don't enable debug builds
bitbake: bb/utils: include SSL certificate paths in export_proxies
ppp: backport fix for CVE-2022-4603
quilt: fix intermittent failure in faildiff.test
spirv-headers/spirv-tools: set correct branch name
quilt: use upstreamed faildiff.test fix
git: ignore CVE-2022-41953
buildtools-tarball: set pkg-config search path
sdkext/cases/devtool: pass a logger to HTTPService
httpserver: add error handler that write to the logger
less: backport the fix for CVE-2022-46663
lib/buildstats: handle tasks that never finished
cml1: remove redundant addtask
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
vim: upgrade to 9.0.1403
vim: set modified-by to the recipe MAINTAINER
meson: remove obsolete RPATH stripping patch
lib/resulttool: fix typo breaking resulttool log --ptest
scripts/lib/buildstats: handle top-level build_stats not being complete
tzdata: upgrade to 2023c
oeqa/runtime: clean up deprecated backslash expansion
xserver-xorg: backport fix for CVE-2023-1393
screen: backport fix for CVE-2023-24626
Ryan Eatmon (1):
go: Update reproducibility patch to fix panic errors
Sakib Sajal (2):
go: update 1.19.2 -> 1.19.3
git: upgrade 2.37.5 -> 2.37.6
Sandeep Gundlupet Raju (3):
libdrm: Remove libdrm-kms package
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
Saul Wold (2):
at: Change when files are copied
busybox: Fix depmod patch
Sean Anderson (3):
uboot-sign: Fix using wrong KEY_REQ_ARGS
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
Sergei Zhmylev (2):
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
wic: make ext2/3/4 images reproducible
Siddharth (1):
harfbuzz: Security fix for CVE-2023-25193
Siddharth Doshi (3):
openssl: Upgrade 3.0.7 -> 3.0.8
epiphany: Security fix for CVE-2023-26081
openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
Soumya (1):
shadow: Fix can not print full login timeout message
Steve Sakoman (8):
poky.conf: bump version for 4.1.1
Revert "sudo: backport fix for CVE-2022-43995"
poky.conf: bump version for 4.1.2
poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
poky.conf: bump version for 4.1.3
poky.conf: bump version for 4.1.4
build-appliance-image: Update to langdale head revision
Sudip Mukherjee (1):
libgit2: update license information
Teoh Jay Shen (1):
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (1):
xserver-xorg: move some recommended dependencies in required
Thomas Roos (1):
devtool: fix devtool finish when gitmodules file is empty
Tim Orling (7):
vim: upgrade 9.0.0614 -> 9.0.0820
python3-mako: upgrade 1.2.2 -> 1.2.3
mirrors.bbclass: update CPAN_MIRROR
bitbake: toaster: fixtures/README: django 1.8 -> 3.2
bitbake: toaster: fixtures/gen_fixtures.py: update branches
bitbake: toaster: Add refreshed oe-core and poky fixtures
cracklib: update github branch to 'main'
Tobias Hagelborn (2):
sstate.bbclass: Fetch non-existing local .sig files if needed
lib/oe/gpg_sign.py: Avoid race when creating .sig files in detach_sign
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (4):
recipe_sanity: fix old override syntax
lsof: fix old override syntax
update-alternatives: fix typos
kernel-yocto: fix kernel-meta data detection
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Vivek Kumbhar (1):
openssl: fix CVE-2022-3996 double locking leads to denial of service
Vyacheslav Yurkov (1):
overlayfs: Allow not used mount points
Wang Mingyu (26):
bind: upgrade 9.18.7 -> 9.18.8
inetutils: upgrade 2.3 -> 2.4
socat: upgrade 1.7.4.3 -> 1.7.4.4
libxcrypt: upgrade 4.4.28 -> 4.4.30
xwayland: upgrade 22.1.4 -> 22.1.5
sysstat: upgrade 12.6.0 -> 12.6.1
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
libsdl2: upgrade 2.24.1 -> 2.24.2
mesa: upgrade 22.2.2 -> 22.2.3
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
bind: upgrade 9.18.8 -> 9.18.9
libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
mpfr: upgrade 4.1.0 -> 4.1.1
libpng: upgrade 1.6.38 -> 1.6.39
help2man: upgrade 1.49.2 -> 1.49.3
gstreamer1.0: upgrade 1.20.4 -> 1.20.5
bind: upgrade 9.18.9 -> 9.18.10
libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1
xwayland: upgrade 22.1.7 -> 22.1.8
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
xcb-proto: Fix install conflict when enable multilib.
Xiangyu Chen (7):
sudo: upgrade 1.9.11p3 -> 1.9.12p1
grub: backport patches to fix CVE-2022-28736
openssh: remove RRECOMMENDS to rng-tools for sshd package
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
numactl: skip test case when target platform doesn't have 2 CPU node
dhcpcd: fix dhcpcd start failure on qemuppc64
sudo: update 1.9.13p2 -> 1.9.13p3
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
ciarancourtney (1):
wic: swap partitions are not added to fstab
leimaohui (1):
libpng: Enable NEON for aarch64 to enensure consistency with arm32.
pgowda (1):
binutils: Add patch to fix CVE-2022-4285
wangmy (13):
meson: upgrade 0.63.2 -> 0.63.3
mtools: upgrade 4.0.40 -> 4.0.41
ifupdown: upgrade 0.8.37 -> 0.8.39
gnutls: upgrade 3.7.7 -> 3.7.8
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
numactl: upgrade 2.0.15 -> 2.0.16
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
libksba: upgrade 1.6.0 -> 1.6.2
libsdl2: upgrade 2.24.0 -> 2.24.1
lttng-ust: upgrade 2.13.4 -> 2.13.5
lighttpd: upgrade 1.4.66 -> 1.4.67
dbus: upgrade 1.14.0 -> 1.14.4
meta-security: 2aa48e6f4e..a4562b1912:
Anton Antonov (2):
Flush caches after OEQA tests
Fix PACKAGECONFIG check in Parsec OEQA tests
Armin Kuster (2):
packagegroup-security-tpm2: restore pkgs removed earlier
Revert "meta-parsec/layer.conf: Insert addpylib declaration"
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
meta-raspberrypi: 722c51647c..8e3cbfa598:
Andrei Gherzan (2):
ci: Bump actions/checkout to v3
ci: Fix dco-check job with newer git versions
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
Martin Jansa (1):
raspberrypi4-64: drop DEFAULTTUNE assignment
Sung Gon Kim (1):
libcamera: rename bbappend to match any version
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I394eff2a339089121317b9dfb1a2ff4dfcae3339
738 files changed, 15638 insertions, 4288 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 7d050a551b..0ba2280249 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -1,4 +1,12 @@ -image: ghcr.io/siemens/kas/kas:latest-release +image: ghcr.io/siemens/kas/kas:3.2 + +variables: + CPU_REQUEST: "" + DEFAULT_TAG: "" + # These are needed as the k8s executor doesn't respect the container entrypoint + # by default + FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0 + FF_KUBERNETES_HONOR_ENTRYPOINT: 1 stages: - prep @@ -6,6 +14,8 @@ stages: # Common job fragment to get a worker ready .setup: + tags: + - $DEFAULT_TAG stage: build interruptible: true variables: @@ -25,11 +35,29 @@ stages: - mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR # Must do this here, as it's the only way to make sure the toolchain is installed on the same builder - ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR - - sudo apt-get update && sudo apt-get install --yes telnet python3-subunit + # This can be removed with Kas 3.2 + - sudo apt-get update && sudo apt-get install --yes python3-subunit # Generalised fragment to do a Kas build .build: extends: .setup + variables: + KUBERNETES_CPU_REQUEST: $CPU_REQUEST + rules: + # Don't run MR pipelines + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + when: never + # Don't run pipelines for tags + - if: $CI_COMMIT_TAG + when: never + # Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex + - if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX' + when: never + # Allow the dev kernels to fail and not fail the overall build + - if: '$KERNEL == "linux-yocto-dev"' + allow_failure: true + # Catch all for everything else + - if: '$KERNEL != "linux-yocto-dev"' script: - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME") - kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf' @@ -210,7 +238,7 @@ check-layers: "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency" parallel: matrix: - - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain, meta-gem5] + - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain, meta-gem5, meta-atp] pending-updates: extends: .setup @@ -228,8 +256,7 @@ pending-updates: # What percentage of machines in the layer do we build machine-coverage: - stage: build - interruptible: true + extends: .setup script: - ./ci/check-machine-coverage coverage: '/Coverage: \d+/' diff --git a/meta-arm/README.md b/meta-arm/README.md index 221633e05d..e82f55322d 100644 --- a/meta-arm/README.md +++ b/meta-arm/README.md @@ -20,7 +20,7 @@ This repository contains the Arm layers for OpenEmbedded. * meta-atp - This layer contains recipes for the Adaptive Traffic Generation integration into meta-gem5. + This layer contains recipes for the [AMBA Adaptive Traffic Profiles (ATP)](https://developer.arm.com/documentation/ihi0082/latest) generation integration into meta-gem5. * meta-gem5 diff --git a/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch b/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch new file mode 100644 index 0000000000..4ad6607842 --- /dev/null +++ b/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch @@ -0,0 +1,26 @@ +This causes illegal instruction faults in pixman, so xserver crashes. +https://github.com/kraj/meta-clang/issues/696 + +From 8659c5c5bec39dd43a1988b19d4cf30507a44679 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Mon, 28 Nov 2022 16:52:50 +0000 +Subject: [PATCH] Revert "pixman: Do not use clang assembler for now" + +This reverts commit 84dbafa42d8141b00da75d6664aef07c252a52ee. +--- + conf/nonclangable.conf | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/conf/nonclangable.conf b/conf/nonclangable.conf +index 04112f4..b5db848 100644 +--- a/conf/nonclangable.conf ++++ b/conf/nonclangable.conf +@@ -347,5 +347,4 @@ DEPENDS:append:pn-pixman:mips:toolchain-clang = " openmp" + #| .endfunc + #| ^ + CFLAGS:append:pn-pixman:arm:toolchain-clang = " -no-integrated-as" +-CFLAGS:append:pn-pixman:aarch64:toolchain-clang = " -no-integrated-as" + +-- +2.34.1 + diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml index e5e7dd5f3f..6c909023c7 100644 --- a/meta-arm/ci/clang.yml +++ b/meta-arm/ci/clang.yml @@ -4,8 +4,16 @@ header: repos: meta-clang: url: https://github.com/kraj/meta-clang - refspec: master + patches: + pixman: + repo: meta-arm + path: ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch local_conf_header: clang: | TOOLCHAIN = "clang" + # Backport d89e06ad94a46f6810d0a8787004b71b8ecaf87d to langdale + OBJCOPY:pn-linux-yocto:toolchain-clang = "${HOST_PREFIX}objcopy" + # Perf needs fixes backported, use GCC for now + # https://lore.kernel.org/linux-perf-users/Y5d4k7fDxfRP7hcN@kernel.org/T/#t + TOOLCHAIN:pn-perf = "gcc" diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml index 797a52255c..f6883079c9 100644 --- a/meta-arm/ci/n1sdp.yml +++ b/meta-arm/ci/n1sdp.yml @@ -4,3 +4,7 @@ header: - ci/base.yml machine: n1sdp + +local_conf_header: + unsupported_trusted_services: | + MACHINE_FEATURES:remove = "ts-smm-gateway" diff --git a/meta-arm/documentation/oeqa-fvp.md b/meta-arm/documentation/oeqa-fvp.md index 582dd38bd6..e146885197 100644 --- a/meta-arm/documentation/oeqa-fvp.md +++ b/meta-arm/documentation/oeqa-fvp.md @@ -4,7 +4,7 @@ OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests o Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf. -There are two main methods of testing, using different test "targets". +There are two main methods of testing, using different test "targets". Both test targets generate an additional log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout. ## OEFVPTarget diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml index 5fe7f4da58..19aeaa071e 100644 --- a/meta-arm/kas/corstone1000-base.yml +++ b/meta-arm/kas/corstone1000-base.yml @@ -16,6 +16,7 @@ repos: poky: url: https://git.yoctoproject.org/git/poky + refspec: 79434a17eb4835e85fcd477baec08c8ce49a4c14 layers: meta: meta-poky: @@ -23,6 +24,7 @@ repos: meta-openembedded: url: https://git.openembedded.org/meta-openembedded + refspec: c5668905a6d8a78fb72c2cbf8b20e91e686ceb86 layers: meta-oe: meta-python: diff --git a/meta-arm/kas/corstone500.yml b/meta-arm/kas/corstone500.yml index a454a469b7..5e1b9e64f6 100644 --- a/meta-arm/kas/corstone500.yml +++ b/meta-arm/kas/corstone500.yml @@ -5,7 +5,7 @@ distro: poky-tiny defaults: repos: - refspec: master + refspec: langdale repos: meta-arm: @@ -16,7 +16,6 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - refspec: master layers: meta: meta-poky: @@ -24,7 +23,6 @@ repos: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - refspec: master layers: meta-oe: meta-python: diff --git a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml index dd175d03da..70a58beded 100644 --- a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml +++ b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml @@ -6,7 +6,7 @@ machine: fvp-baser-aemv8r64 defaults: repos: - refspec: master + refspec: langdale repos: meta-arm: diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 320e22ce89..1ba070824e 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -10,10 +10,10 @@ require conf/machine/include/arm/arch-armv8a.inc TUNE_FEATURES = "aarch64" PREFERRED_VERSION_u-boot ?= "2022.04" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" # FVP u-boot configuration UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig" KERNEL_IMAGETYPE = "Image" + +FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf index 8119cb6818..06bef291f3 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf @@ -9,8 +9,6 @@ require conf/machine/include/arm/armv8r/arch-armv8r64.inc EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" PREFERRED_VERSION_u-boot ?= "2022.07" KERNEL_IMAGETYPE = "Image" diff --git a/meta-arm/meta-arm-bsp/conf/machine/juno.conf b/meta-arm/meta-arm-bsp/conf/machine/juno.conf index c002ed638f..4a86d4e267 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/juno.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/juno.conf @@ -10,10 +10,10 @@ require conf/machine/include/arm/arch-armv8a.inc MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci" -KERNEL_IMAGETYPE = "Image" +KERNEL_IMAGETYPE = "Image.gz" KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb" -IMAGE_FSTYPES += "tar.bz2 ext4" +IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz" SERIAL_CONSOLES = "115200;ttyAMA0" @@ -25,3 +25,6 @@ EXTRA_IMAGEDEPENDS += "trusted-firmware-a virtual/bootloader firmware-image-juno # Juno u-boot configuration UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig" + +INITRAMFS_IMAGE_BUNDLE ?= "1" +INITRAMFS_IMAGE = "core-image-minimal" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 5d6493a490..64e82aac98 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -8,7 +8,73 @@ Change Log ########## This document contains a summary of the new features, changes and -fixes in each release of corstone1000 software stack. +fixes in each release of Corstone-1000 software stack. + +****************** +Version 2022.11.23 +****************** + +Changes +======= + +- Booting the External System (Cortex-M3) with RTX RTOS +- Adding MHU communication between the HOST (Cortex-A35) and the External System +- Adding a Linux application to test the External System +- Adding ESRT (EFI System Resource Table) support +- Upgrading the SW stack recipes +- Upgrades for the U-Boot FF-A driver and MM communication + +Corstone-1000 components versions +======================================= + ++-------------------------------------------+------------+ +| arm-ffa-tee | 1.1.1 | ++-------------------------------------------+------------+ +| arm-ffa-user | 5.0.0 | ++-------------------------------------------+------------+ +| corstone1000-external-sys-tests | 1.0 | ++-------------------------------------------+------------+ +| external-system | 0.1.0 | ++-------------------------------------------+------------+ +| linux-yocto | 5.19 | ++-------------------------------------------+------------+ +| u-boot | 2022.07 | ++-------------------------------------------+------------+ +| optee-client | 3.18.0 | ++-------------------------------------------+------------+ +| optee-os | 3.18.0 | ++-------------------------------------------+------------+ +| trusted-firmware-a | 2.7.0 | ++-------------------------------------------+------------+ +| trusted-firmware-m | 1.6.0 | ++-------------------------------------------+------------+ +| ts-newlib | 4.1.0 | ++-------------------------------------------+------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 | ++-------------------------------------------+------------+ +| ts-sp-{se-proxy, smm-gateway} | 3d4956770f | ++-------------------------------------------+------------+ + +Yocto distribution components versions +======================================= + ++-------------------------------------------+---------------------+ +| meta-arm | langdale | ++-------------------------------------------+---------------------+ +| poky | langdale | ++-------------------------------------------+---------------------+ +| meta-openembedded | langdale | ++-------------------------------------------+---------------------+ +| busybox | 1.35.0 | ++-------------------------------------------+---------------------+ +| musl | 1.2.3+git37e18b7bf3 | ++-------------------------------------------+---------------------+ +| gcc-arm-none-eabi-native | 11.2-2022.02 | ++-------------------------------------------+---------------------+ +| gcc-cross-aarch64 | 12.2 | ++-------------------------------------------+---------------------+ +| openssl | 3.0.5 | ++-------------------------------------------+---------------------+ ****************** Version 2022.04.04 @@ -26,10 +92,10 @@ Version 2022.02.25 Changes ======= -- Building and running psa-arch-tests on corstone1000 FVP -- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP -- Enabled MHU driver in Trusted Service on corstone1000 FVP -- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP +- Building and running psa-arch-tests on Corstone-1000 FVP +- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP +- Enabled MHU driver in Trusted Service on Corstone-1000 FVP +- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP ****************** Version 2022.02.21 @@ -48,7 +114,7 @@ Changes ======= - psa-arch-tests: change master to main for psa-arch-tests - U-Boot: fix null pointer exception for get_image_info -- TF-M: fix capsule instability issue for corstone1000 +- TF-M: fix capsule instability issue for Corstone-1000 ****************** Version 2022.01.07 @@ -56,9 +122,9 @@ Version 2022.01.07 Changes ======= -- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. +- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. - U-Boot: send bootcomplete event to secure enclave. -- U-Boot: support populating corstone1000 image_info to ESRT table. +- U-Boot: support populating Corstone-1000 image_info to ESRT table. - U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT. ****************** @@ -67,7 +133,7 @@ Version 2021.12.15 Changes ======= -- Enabling corstone1000 FPGA support on: +- Enabling Corstone-1000 FPGA support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -83,7 +149,7 @@ Version 2021.10.29 Changes ======= -- Enabling corstone1000 FVP support on: +- Enabling Corstone-1000 FVP support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -95,4 +161,4 @@ Changes -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 385331bd23..89a4fa9ab2 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -7,23 +7,61 @@ Release notes ############# + +************************* +Disclaimer +************************* + +You expressly assume all liabilities and risks relating to your use or operation +of Your Software and Your Hardware designed or modified using the Arm Tools, +including without limitation, Your software or Your Hardware designed or +intended for safety-critical applications. Should Your Software or Your Hardware +prove defective, you assume the entire cost of all necessary servicing, repair +or correction. + + +************************** +Release notes - 2022.11.23 +************************** + +Known Issues or Limitations +--------------------------- + - The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system. + - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - Below SCT FAILURE is a known issues in the FVP: + UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + - Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode: + EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE + - Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid; + The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests. + In both cases, the system executes the entire test suite and writes the results as stated in the user guide. + + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + ************************** Release notes - 2022.04.04 ************************** Known Issues or Limitations --------------------------- - - FGPA support Linux distro install and boot through installer. However, + - FPGA support Linux distro install and boot through installer. However, FVP only support openSUSE raw image installation and boot. - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide - cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang). + cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). - Below SCT FAILURE is a known issues in the FVP: UEFI Compliant - Boot from network protocols must be implemented -- FAILURE Platform Support ----------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ************************** @@ -32,13 +70,13 @@ Release notes - 2022.02.25 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.02.21 @@ -46,13 +84,13 @@ Release notes - 2022.02.21 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, psa-arch-test. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.01.18 @@ -85,13 +123,13 @@ The following components are present in the release: Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, and psa-arch-tests. - Only the manual capsule update from UEFI shell is supported on FPGA. @@ -107,7 +145,7 @@ Release notes - 2021.10.29 Software Features ----------------- -This initial release of corstone1000 supports booting Linux on the Cortex-A35 +This initial release of Corstone-1000 supports booting Linux on the Cortex-A35 and TF-M/MCUBOOT in the Secure Enclave. The following components are present in the release: @@ -119,7 +157,7 @@ the release: Platform Support ---------------- - - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations @@ -130,8 +168,10 @@ Known Issues or Limitations Support ------- -For support email: support-subsystem-iot@arm.com +For technical support email: support-subsystem-iot@arm.com + +For all security issues, contact Arm by email at arm-security@arm.com. -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index d5930fc8e5..e173f244b4 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -9,18 +9,16 @@ User Guide Notice ------ -The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build -a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the -`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ +The Corstone-1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build +a tiny Linux distribution suitable for the Corstone-1000 platform (kernel and initramfs filesystem less than 5 MB on the flash). +The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. Prerequisites ------------- -These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with -at least 32GB of free disk space and 16GB of RAM as minimum requirement. The -following instructions expect that you are using a bash shell. +These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths. The following prerequisites must be available on the host system. To resolve these dependencies, run: @@ -35,12 +33,12 @@ The following prerequisites must be available on the host system. To resolve the Provided components ------------------- -Within the Yocto Project, each component included in the corstone1000 software stack is specified as -a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__. -The recipes specific to the corstone1000 BSP are located at: +Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as +a `bitbake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__. +The recipes specific to the Corstone-1000 BSP are located at: ``<_workspace>/meta-arm/meta-arm-bsp/``. -The Yocto machine config files for the corstone1000 FVP and FPGA are: +The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` @@ -86,7 +84,7 @@ The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-T distribution which is a Linux distribution stripped down to a minimal configuration. The provided distribution is based on busybox and built using muslibc. The -recipe responsible for building a tiny version of linux is listed below. +recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | @@ -96,6 +94,16 @@ recipe responsible for building a tiny version of linux is listed below. | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ +External System Tests +======================= +Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ + ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb | ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +The recipe provides the systems-comms-tests command run in Linux and used for testing the External System. + ************************************************** Software for Boot Processor (a.k.a Secure Enclave) ************************************************** @@ -107,6 +115,18 @@ Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmw | Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | +----------+-------------------------------------------------------------------------------------------------+ +************************************************** +Software for the External System +************************************************** + +RTX +==== +Based on `RTX RTOS <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__ + ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb | ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ + Building the software stack --------------------------- Create a new folder that will be your workspace and will henceforth be referred @@ -117,26 +137,28 @@ to as ``<_workspace>`` in these instructions. To create the folder, run: mkdir <_workspace> cd <_workspace> -corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake +Corstone-1000 software is based on the Yocto Project which uses kas and bitbake commands to build the stack. To install kas tool, run: :: pip3 install kas +If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'. + In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 -To build corstone1000 image for MPS3 FPGA, run: +To build a Corstone-1000 image for MPS3 FPGA, run: :: kas build meta-arm/kas/corstone1000-mps3.yml -Alternatively, to build corstone1000 image for FVP, run: +Alternatively, to build a Corstone-1000 image for FVP, run: :: @@ -150,22 +172,19 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. -Everything apart from the ROM firmware is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the -``bl1.bin`` file. - -The output binaries used by FVP are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt`` +Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the +``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. -The output binaries used by FPGA are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt`` +The output binaries run in the Corstone-1000 platform are the following: + - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` + - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ +The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1`` +from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ and under the section ``Arm® Corstone™-1000 for MPS3``. The directory structure of the FPGA bundle is shown below. @@ -196,9 +215,10 @@ The directory structure of the FPGA bundle is shown below. └── config.txt Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file -(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory. +(in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory. -Here is an example +The images.txt file that is compatible with the latest version of the software +stack can be seen below; :: @@ -214,24 +234,32 @@ Here is an example ;************************************************ [IMAGES] - TOTALIMAGES: 2 ;Number of Images (Max: 32) - + TOTALIMAGES: 3 ;Number of Images (Max: 32) + IMAGE0PORT: 1 IMAGE0ADDRESS: 0x00_0000_0000 IMAGE0UPDATE: RAM IMAGE0FILE: \SOFTWARE\bl1.bin - + IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_00010_0000 + IMAGE1ADDRESS: 0x00_0010_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin + + IMAGE2PORT: 2 + IMAGE2ADDRESS: 0x00_0000_0000 + IMAGE2UPDATE: RAM + IMAGE2FILE: \SOFTWARE\es0.bin OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. -2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. +2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle + and rename the binary to ``es0.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. + **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -240,41 +268,60 @@ Now, copy the entire folder to board's SDCard and reboot the board. Running the software on FPGA ---------------------------- -On the host machine, open 3 minicom sessions. In case of Linux machine it will -be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine. +On the host machine, open 4 serial port terminals. In case of Linux machine it will +be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machines. - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) + - ttyUSB3 for External System Processor (Cortex-M3) -Run following commands to open minicom sessions on Linux: +Run following commands to open serial port terminals on Linux: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. + sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. Once the system boot is completed, you should see console -logs on the minicom sessions. Once the HOST(Cortex-A35) is +logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. +If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case. + + Running the software on FVP --------------------------- -An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the -included run script. -The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the -`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" -section to download the Corstone1000 platform FVP installer. Follow the +An FVP (Fixed Virtual Platform) model of the Corstone-1000 platform must be available to run the +Corstone-1000 FVP software image. + +A Yocto recipe is provided and allows to download the latest supported FVP version. + +The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb + +The latest supported Fixed Virtual Platform (FVP) version is 11.19_21 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command: + +:: + +<_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- --version + +The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate +to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the instructions of the installer and setup the FVP. +To run the FVP using the runfvp command, please run the following command: + +:: + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -282,13 +329,20 @@ The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and presen (FVP host_terminal_0): :: + corstone1000-fvp login: Login using the username root. -Running test applications +The External System can be released out of reset on demand using the systems-comms-tests command. + +SystemReady-IR tests ------------------------- +********************* +Testing steps +********************* + **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with MPS3 FPGA. Here are the USB sticks models that are stable in our test @@ -305,7 +359,8 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) ------------------------------------------------------------ +================================================================== + To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during boot. Run following commands to build such image. @@ -313,8 +368,8 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23 cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm cd meta-arm git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch @@ -325,8 +380,9 @@ Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt -Now reboot the board. This step erases the Corstone1000 SecureEnclave flash -completely, the user should expect following message from TF-M log: +Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash +completely, the user should expect following message from TF-M log (can be seen +in ttyUSB1): :: @@ -338,9 +394,9 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests ------------------------------ +============================= -ACS image contains two partitions. BOOT partition and RESULTS partition. +ACS image contains two partitions. BOOT partition and RESULT partition. Following packages are under BOOT partition * SCT @@ -350,15 +406,15 @@ Following packages are under BOOT partition * grub * uefi manual capsule application -RESULTS partition is used to store the test results. -PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +RESULT partition is used to store the test results. +PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image -------------------------------- +================================ This section describes how the user can build and run Architecture Compliance -Suite (ACS) tests on Corstone1000. +Suite (ACS) tests on Corstone-1000. First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__. This repository contains the infrastructure to build the Architecture @@ -374,8 +430,8 @@ Once the repository is successfully downloaded, the prebuilt ACS live image can - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz`` **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide -USB driver support for Corstone1000. The ACS image with newer kernel version -and with full USB support for Corstone1000 will be available in the next +USB driver support for Corstone-1000. The ACS image with newer kernel version +and with full USB support for Corstone-1000 will be available in the next SystemReady release in this repository. Then, the user should prepare a USB stick with ACS image. In the given example here, @@ -385,7 +441,7 @@ USB drive. Run the following commands to prepare the ACS image in USB stick: :: - cd <_workspace>/arm-systemready/IR/scripts/output/ + cd <_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA unxz ir_acs_live_image.img.xz sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync @@ -393,20 +449,24 @@ Once the USB stick with ACS image is prepared, the user should make sure that ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. +The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions. + FVP instructions for ACS image and run ---------------------------------------- +============================================ -Download acs image from: +Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` -Use the below command to run the FVP with acs image support in the +Use the below command to run the FVP with ACS image support in the SD card. :: unxz ${<path-to-img>/ir_acs_live_image.img.xz} -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" + tmux + + <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" The test results can be fetched using following commands: @@ -416,8 +476,8 @@ The test results can be fetched using following commands: sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ fdisk -lu <path-to-img>/ir_acs_live_image.img -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data -> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488 @@ -427,7 +487,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA ------------------------ +=========================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -438,83 +498,228 @@ automatically in the following sequence: - FWTS - BSA Linux -The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP). +The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). + +##################################################### + +Manual capsule update and ESRT checks +--------------------------------------------------------------------- -Manual capsule update test --------------------------- +The following section describes running manual capsule update with the ``direct`` method. -The following steps describe running manual capsule update with the ``direct`` -method. +The steps described in this section perform manual capsule update and show how to use the ESRT feature +to retrieve the installed capsule details. -Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file +For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update. + +A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an +incorrect capsule (corrupted or outdated) which fails to boot to the host software. + +Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 and generate capsule file: +Download edk2 under <_workspace> : :: git clone https://github.com/tianocore/edk2.git - edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap --fw-version 1 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <binary_file> -The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and -corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file -(capsule) should be less than 15 MB. +********************* +Generating Capsules +********************* + +The capsule binary size (wic.nopt file) should be less than 15 MB. Based on the user's requirement, the user can change the firmware version number given to ``--fw-version`` option (the version number needs to be >= 1). -Capsule Copy instructions for FPGA ------------------------------------ +Generating FPGA Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +Generating FVP Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +********************* +Copying Capsules +********************* + +Copying the FPGA capsules +========================= The user should prepare a USB stick as explained in ACS image section (see above). -Place the generated ``cs1k_cap`` file in the root directory of the boot partition +Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger the on disk method. -Capsule Copy instructions for FVP ---------------------------------- +:: + + sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/ + sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/ + sync + +Copying the FVP capsules +======================== -Run below commands to copy capsule into the -image file and run FVP software. +First, mount the IR image: :: - sudo mkdir /mnt/test - sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ - sudo cp cs1k_cap /mnt/test/ - sudo umount /mnt/test - exit + sudo mkdir /mnt/test + sudo mount -o rw,offset=1048576 <path-to-img>/ir_acs_live_image.img /mnt/test + +Then, copy the capsules: + +:: + + sudo cp cs1k_cap_fvp_v6 /mnt/test/ + sudo cp cs1k_cap_fvp_v5 /mnt/test/ + sync + +Then, unmount the IR image: + +:: + + sudo umount /mnt/test -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" +**NOTE:** Size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: - fdisk -lu <path-to-img>/ir_acs_live_image.img - -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + fdisk -lu <path-to-img>/ir_acs_live_image.img + -> Device Start End Sectors Size Type + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data - -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 + -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 -Common to FVP and FPGA ------------------------ -Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell. +****************************** +Performing the capsule update +****************************** + +During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario +and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. + +Running the FVP with the IR prebuilt image +============================================== + +Run the FVP with the IR prebuilt image: + +:: + + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + +Running the FPGA with the IR prebuilt image +============================================== + +Insert the prepared USB stick then Power cycle the MPS3 board. + +Executing capsule update for FVP and FPGA +============================================== + +Reach u-boot then interrupt the boot to reach the EFI shell. + +:: + + Press ESC in 4 seconds to skip startup.nsh or any other key to continue. + +Then, type FS0: as shown below: :: FS0: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap -For this test, the user can provide two capsules for testing: a positive test -case capsule which boots the board correctly, and a negative test case with an -incorrect capsule which fails to boot the host software. +In case of the positive scenario run the update with the higher version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6 + +After successfully updating the capsule the system will reset. + +In case of the negative scenario run the update with the lower version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5 + +The command above should fail and in the TF-M logs the following message should appear: + +:: + + ERROR: flash_full_capsule: version error + +Then, reboot manually: + +:: + + Shell> reset + +FPGA: Select Corstone-1000 Linux kernel boot +============================================== + +Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +FVP: Select Corstone-1000 Linux kernel boot +============================================== + +Interrupt the u-boot shell. + +:: + + Hit any key to stop autoboot: + +Run the following commands in order to run the Corstone-1000 Linux kernel and being able to check the ESRT table. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +:: + + $ run retrieve_kernel_load_addr + $ unzip $kernel_addr 0x90000000 + $ loadm 0x90000000 $kernel_addr_r 0xf00000 + $ bootefi $kernel_addr_r $fdtcontroladdr + + +*********************** +Capsule update status +*********************** + +Positive scenario +================= In the positive case scenario, the user should see following log in TF-M log, indicating the new capsule image is successfully applied, and the board boots @@ -532,11 +737,59 @@ correctly. ... -In the negative case scenario, the user should see appropriate logs in -the secure enclave terminal. If capsule pass initial verification, but fails -verifications performed during boot time, secure enclave will try new images -predetermined number of times (defined in the code), before reverting back to -the previous good bank. +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: + + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 0 + 6 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 0 + last_attempt_version: 6 + lowest_supported_fw_ver: 0 + + +Negative scenario +================= + +In the negative case scenario (rollback the capsule version), the user should +see appropriate logs in the secure enclave terminal. + +:: + + ... + uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 + uefi_capsule_retrieve_images: exit + flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10 + ERROR: flash_full_capsule: version error + private_metadata_write: enter: boot_index = 1 + private_metadata_write: success + fmp_set_image_info:133 Enter + FMP image update: image id = 0 + FMP image update: status = 1version=11 last_attempt_version=10. + fmp_set_image_info:157 Exit. + corstone1000_fwu_flash_image: exit: ret = -1 + ... + + +If capsule pass initial verification, but fails verifications performed during +boot time, secure enclave will try new images predetermined number of times +(defined in the code), before reverting back to the previous good bank. :: @@ -545,16 +798,45 @@ the previous good bank. fwu_select_previous: in regular state by choosing previous active bank ... -******************************************************* -Linux distro install and boot (applicable to FPGA only) -******************************************************* +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: -To test Linux distro install and boot, the user should prepare two empty USB sticks. + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 1 + 5 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 1 + last_attempt_version: 5 + lowest_supported_fw_ver: 0 + +Linux distros tests +---------------------------------- + +*************************************************************************************** +Debian/OpenSUSE install and boot (applicable to FPGA only) +*************************************************************************************** + +To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). Download one of following Linux distro images: - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso + - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. @@ -565,7 +847,7 @@ file into the first USB stick, run: :: - sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; + sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: @@ -574,11 +856,9 @@ Boot the MSP3 board with the first USB stick connected. Open following minicom s sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. -Press <Ctrl+x>. - -Now plug in the second USB stick, the distro installation process will start. +Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process. -**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the +**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. Once installation is complete, unplug the first USB stick and reboot the board. @@ -591,46 +871,98 @@ a login prompt: Login with the username root. -Run psa-arch-test (applicable to both FPGA and FVP) ---------------------------------------------------- +**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to +follow on the subsequent popups to solve the issue during the installation: -When running psa-arch-test on MPS3 FPGA, the user should make sure there is no -USB stick connected to the board. Power on the board and boot the board to -Linux. Then, the user should follow the steps below to run the psa_arch_tests. +1. Select "Continue", then "Continue" again on the next popup +2. Scroll down and select "Execute a shell" +3. Select "Continue" +4. Enter the following command: -When running psa-arch-test on Corstone1000 FVP, the user should follow the -instructions in `Running the software on FVP`_ section to boot Linux in FVP -host_terminal_0, and login using the username ``root``. +:: -As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. + in-target grub-install --no-nvram --force-extra-removable -First, create a file containing SE_PROXY_SP UUID. Run: +5. Enter the following command: :: - echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt + in-target update-grub -Then, load FFA driver module into Linux kernel. Run: +6. Enter the following command: :: - load_ffa_debugfs.sh . + exit -Then, check whether the FFA driver loaded correctly by using the following command: +7. Select "Continue without boot loader", then select "Continue" on the next popup +8. At this stage, the installation should proceed as normal. + +*************************************************************************************** +OpenSUSE Raw image install and boot (applicable to FVP only) +*************************************************************************************** + +Steps to download openSUSE Tumbleweed raw image: + - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` + +Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - cat /proc/modules | grep arm_ffa_user + unxz <file-name.raw.xz> + + +The above command will generate a file ending with extension .raw image. Now, use the following command +to run FVP with raw image installation process. + +:: + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + +After successfully installing and booting the Linux distro, the user should see +a openSUSE login prompt. + +:: + + localhost login: + +Login with the username 'root' and password 'linux'. + +PSA API tests +---------------------- + +*************************************************************************************** +Run PSA API test commands (applicable to both FPGA and FVP) +*************************************************************************************** + +When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no +USB stick connected to the board. Power on the board and boot the board to +Linux. Then, the user should follow the steps below to run the tests. + +When running the tests on the Corstone-1000 FVP, the user should follow the +instructions in `Running the software on FVP`_ section to boot Linux in FVP +host_terminal_0, and login using the username ``root``. + +First, load FF-A TEE kernel module: + +:: + + insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko + +Then, check whether the FF-A TEE driver is loaded correctly by using the following command: + +:: + + cat /proc/modules | grep arm_ffa_tee The output should be: :: - arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) -Now, run the PSA arch tests with following commands. The user should run the -tests in following order: +Now, run the PSA API tests in the following order: :: @@ -639,47 +971,108 @@ tests in following order: psa-its-api-test psa-ps-api-test -******************************************************** -Linux distro: OpenSUSE Raw image installation (FVP Only) -******************************************************** +External System tests +----------------------------------- + +*************************************************************************************** +Running the External System test command (systems-comms-tests) +*************************************************************************************** -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz`` +Test 1: Releasing the External System out of reset +=================================================== -Once the .raw.xz file is downloaded, the raw image file needs to be extracted: +Run this command in the Linux command-line: :: - unxz <file-name.raw.xz> + systems-comms-tests 1 +The output on the External System terminal should be: -The above command will generate a file ending with extension .raw image. Now, use the following command -to run FVP with raw image installation process. +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + +Test 2: Communication +============================================= + +Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. + +After running Test 1, run this command in the Linux command-line: :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + systems-comms-tests 2 -After successfully installing and booting the Linux distro, the user should see -a openSUSE login prompt. +Additional output on the External System terminal will be printed: :: - localhost login: + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... -Login with the username 'root' and password 'linux'. +When running Test 2 the first, Test 1 will be run in the background. + +The output on the External System terminal should be: + +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... + +The output on the Host terminal should be: + +:: + + Received abcdf00 from es0mhu0 + Received abcdf00 from es0mhu1 + + +Tests results +----------------------------------- + +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__ +can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. -************************************** Running the software on FVP on Windows -************************************** -If the user needs to run the Corstone1000 software on FVP on Windows. The user +--------------------------------------------------------------- + +If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host PC, and copy the output binaries to the Windows PC where the FVP is located, and launch the FVP binary. -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md index 9127a6ce72..e29aad34d6 100644 --- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md +++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md @@ -27,9 +27,9 @@ The fvp-baser-aemv8r64 Yocto MACHINE supports the following BSP components, where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built and run: - - FVP_Base_AEMv8R: v11.19.14 + - FVP_Base_AEMv8R: v11.20.15 - boot-wrapper-aarch64: provides PSCI support - - U-Boot: v2022.04 - provides UEFI services + - U-Boot: v2022.07 - provides UEFI services - Linux kernel: linux-yocto-5.15 - Linux kernel with PREEMPT\_RT support: linux-yocto-rt-5.15 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb index 5bb8c37c56..dce29a93cd 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb @@ -8,7 +8,8 @@ LICENSE = "BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \ file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" -SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master" +SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \ + file://race.patch" SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080" PV .= "+git${SRCPV}" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch new file mode 100644 index 0000000000..c6bc4f2234 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch @@ -0,0 +1,66 @@ +Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 8 Sep 2020 11:49:08 +0100 +Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files + +The gen_module rule in rules.mk is marked as .PHONY, so make will +execute it whenever it is mentioned. This results in gen_module_code +being executed 64 times for a Juno build. + +However in heavily parallel builds there's a good chance that +gen_module_code is writing a file whilst the compiler is reading it +because make also doesn't know what files are generated by +gen_module_code. + +The correct fix is to adjust the Makefiles so that the dependencies are +correct but this isn't trivial, so band-aid the problem by atomically +writing the generated files. + +Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630 +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tools/gen_module_code.py | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py +index 7b3953845..ee099b713 100755 +--- a/tools/gen_module_code.py ++++ b/tools/gen_module_code.py +@@ -17,6 +17,7 @@ + import argparse + import os + import sys ++import tempfile + + DEFAULT_PATH = 'build/' + +@@ -53,13 +54,21 @@ + + def generate_file(path, filename, content): + full_filename = os.path.join(path, filename) +- with open(full_filename, 'a+') as f: +- f.seek(0) +- if f.read() != content: ++ ++ try: ++ with open(full_filename) as f: ++ rewrite = f.read() != content ++ except FileNotFoundError: ++ rewrite = True ++ ++ if rewrite: ++ with tempfile.NamedTemporaryFile(prefix="gen-module-code", ++ dir=path, ++ delete=False, ++ mode="wt") as f: + print("[GEN] {}...".format(full_filename)) +- f.seek(0) +- f.truncate() + f.write(content) ++ os.replace(f.name, full_filename) + + + def generate_header(path, modules): diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb index 76a7126b29..932b161959 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb @@ -7,10 +7,15 @@ COMPATIBLE_MACHINE = "corstone1000" inherit image inherit wic_nopt tfm_sign_image +inherit uefi_capsule PACKAGE_INSTALL = "" -IMAGE_FSTYPES += "wic wic.nopt" +IMAGE_FSTYPES += "wic wic.nopt uefi_capsule" + +UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}" +UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" +CAPSULE_IMGTYPE = "wic.nopt" do_sign_images() { # Sign TF-A BL2 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json new file mode 100644 index 0000000000..0f011ff740 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json @@ -0,0 +1,11 @@ +{ + "Payloads": [ + { + "FwVersion": "5", + "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", + "LowestSupportedVersion": "1", + "Payload": "$UEFI_FIRMWARE_BINARY", + "UpdateImageIndex": "0" + } + ] +} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb index 80565af633..45f2ec726a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb @@ -63,10 +63,10 @@ do_deploy() { done if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then - cp -L -f ${DEPLOY_DIR_IMAGE}/Image-initramfs-juno.bin \ + cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \ ${D}/${UNPACK_DIR}/SOFTWARE/Image else - cp -L -f ${DEPLOY_DIR_IMAGE}/Image ${D}/${UNPACK_DIR}/SOFTWARE/ + cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/ fi # Compress the files diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch new file mode 100644 index 0000000000..7fae7b69b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch @@ -0,0 +1,27 @@ +From 5be42e1c05205209fc3988f0df30a02da95c2448 Mon Sep 17 00:00:00 2001 +From: Rui Miguel Silva <rui.silva@linaro.org> +Date: Wed, 2 Nov 2022 00:12:35 +0000 +Subject: [PATCH] corstone1000: adjust PS asset configuration + +Adjust protected storage asset configuration to be more inline +with the one in trusted service side, that would make thinks +work when testing and using more than the default variables. + +Upstream-Status: Pending +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + platform/ext/target/arm/corstone1000/config.cmake | 1 ++ + 1 file changed, 1 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index ab0fe17ba886..c2b4b646e6b0 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -56,3 +56,4 @@ set(PS_ENCRYPTION OFF CACHE BOOL "Enable + set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") + + set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") ++set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area") +-- +2.38.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 341a5942e0..58ad103262 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -34,6 +34,7 @@ SRC_URI:append:corstone1000 = " \ file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ file://0006-corstone1000-remove-two-partition-configuration.patch \ + file://0007-corstone1000-adjust-PS-asset-configuration.patch \ " do_install() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch new file mode 100644 index 0000000000..2bf68fe6dc --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch @@ -0,0 +1,41 @@ +From 097a43223da4fa42335944295903ede2755e2dfd Mon Sep 17 00:00:00 2001 +From: Jon Mason <jdmason@kudzu.us> +Date: Mon, 19 Dec 2022 11:36:04 -0500 +Subject: [PATCH] configs: vexpress: modify to boot compressed initramfs + +Signed-off-by: Jon Mason <jdmason@kudzu.us> +Upstream-Status: Inappropriate + +--- + configs/vexpress_aemv8a_juno_defconfig | 1 + + include/configs/vexpress_aemv8.h | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/configs/vexpress_aemv8a_juno_defconfig b/configs/vexpress_aemv8a_juno_defconfig +index e02124cc7f54..6ffe8f5fe67e 100644 +--- a/configs/vexpress_aemv8a_juno_defconfig ++++ b/configs/vexpress_aemv8a_juno_defconfig +@@ -16,6 +16,7 @@ CONFIG_SYS_LOAD_ADDR=0x90000000 + CONFIG_BOOTDELAY=1 + CONFIG_USE_BOOTARGS=y + CONFIG_BOOTARGS="console=ttyAMA0,115200n8 root=/dev/sda2 rw rootwait earlycon=pl011,0x7ff80000 debug user_debug=31 androidboot.hardware=juno loglevel=9" ++CONFIG_BOOTCOMMAND="echo running default boot command; afs load ${kernel_name} ${kernel_addr_r} ; if test $? -eq 1; then echo Loading ${kernel_alt_name} instead of ${kernel_name}; afs load ${kernel_alt_name} ${kernel_addr_r};fi ; afs load ${fdtfile} ${fdt_addr_r} ; if test $? -eq 1; then echo Loading ${fdt_alt_name} instead of ${fdtfile}; afs load ${fdt_alt_name} ${fdt_addr_r}; fi ; fdt addr ${fdt_addr_r}; fdt resize; if afs load ${initrd_name} ${initrd_addr_r} ; then setenv initrd_param ${initrd_addr_r}; else setenv initrd_param -; fi ; booti ${kernel_addr_r} ${initrd_param} ${fdt_addr_r}" + # CONFIG_DISPLAY_CPUINFO is not set + # CONFIG_DISPLAY_BOARDINFO is not set + CONFIG_SYS_PROMPT="VExpress64# " +diff --git a/include/configs/vexpress_aemv8.h b/include/configs/vexpress_aemv8.h +index cd7f6c1b9ba0..c2f5eb302076 100644 +--- a/include/configs/vexpress_aemv8.h ++++ b/include/configs/vexpress_aemv8.h +@@ -164,6 +164,8 @@ + "kernel_name=norkern\0" \ + "kernel_alt_name=Image\0" \ + "kernel_addr_r=0x80080000\0" \ ++ "kernel_comp_addr_r=0x90000000\0" \ ++ "kernel_comp_size=0x3000000\0" \ + "initrd_name=ramdisk.img\0" \ + "initrd_addr_r=0x88000000\0" \ + "fdtfile=board.dtb\0" \ +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend index 6144e97ac6..e01c850199 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend @@ -82,7 +82,9 @@ SRC_URI:append:fvp-baser-aemv8r64 = " \ # # Juno Machines # -SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch" +SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch \ + file://0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch \ + " # diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch new file mode 100644 index 0000000000..1cbdc9afe1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch @@ -0,0 +1,29 @@ +From b443c8efd563dc372c60e7ad9f52aeddf7c13706 Mon Sep 17 00:00:00 2001 +From: Anton Antonov <Anton.Antonov@arm.com> +Date: Mon, 7 Nov 2022 11:37:51 +0000 +Subject: [PATCH] arm64: dts: fvp: Enable virtio-rng support + +The virtio-rng is available from FVP_Base_RevC-2xAEMvA version 11.17. +Enable it since Yocto includes a recipe for a newer FVP version. + +Upstream-Status: Inappropriate [Yocto specific] +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +--- + arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +index ec2d5280a30b..acafdcbf1063 100644 +--- a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi ++++ b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +@@ -26,7 +26,6 @@ virtio@200000 { + compatible = "virtio,mmio"; + reg = <0x200000 0x200>; + interrupts = <46>; +- status = "disabled"; + }; + }; + }; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch new file mode 100644 index 0000000000..1c0f25eba1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch @@ -0,0 +1,60 @@ +From c4a7b9b587ca1bb4678d48d8be7132492b23a81c Mon Sep 17 00:00:00 2001 +From: Cristian Marussi <cristian.marussi@arm.com> +Date: Fri, 28 Oct 2022 15:08:33 +0100 +Subject: [PATCH] arm64: dts: juno: Add thermal critical trip points + +When thermnal zones are defined, trip points definitions are mandatory. +Define a couple of critical trip points for monitoring of existing +PMIC and SOC thermal zones. + +This was lost between txt to yaml conversion and was re-enforced recently +via the commit 8c596324232d ("dt-bindings: thermal: Fix missing required property") + +Cc: Rob Herring <robh+dt@kernel.org> +Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org> +Cc: devicetree@vger.kernel.org +Signed-off-by: Cristian Marussi <cristian.marussi@arm.com> +Fixes: f7b636a8d83c ("arm64: dts: juno: add thermal zones for scpi sensors") +Link: https://lore.kernel.org/r/20221028140833.280091-8-cristian.marussi@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/juno-base.dtsi | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/juno-base.dtsi b/arch/arm64/boot/dts/arm/juno-base.dtsi +index 2f27619d8abd..8b4d280b1e7e 100644 +--- a/arch/arm64/boot/dts/arm/juno-base.dtsi ++++ b/arch/arm64/boot/dts/arm/juno-base.dtsi +@@ -751,12 +751,26 @@ pmic { + polling-delay = <1000>; + polling-delay-passive = <100>; + thermal-sensors = <&scpi_sensors0 0>; ++ trips { ++ pmic_crit0: trip0 { ++ temperature = <90000>; ++ hysteresis = <2000>; ++ type = "critical"; ++ }; ++ }; + }; + + soc { + polling-delay = <1000>; + polling-delay-passive = <100>; + thermal-sensors = <&scpi_sensors0 3>; ++ trips { ++ soc_crit0: trip0 { ++ temperature = <80000>; ++ hysteresis = <2000>; ++ type = "critical"; ++ }; ++ }; + }; + + big_cluster_thermal_zone: big-cluster { +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch new file mode 100644 index 0000000000..f19fb8b9e2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch @@ -0,0 +1,141 @@ +From 59fb813f9742b349f48250bd7793279cafe2752c Mon Sep 17 00:00:00 2001 +From: Pierre Gondois <pierre.gondois@arm.com> +Date: Mon, 7 Nov 2022 16:56:58 +0100 +Subject: [PATCH] arm64: dts: Update cache properties for Arm Ltd platforms + +The DeviceTree Specification v0.3 specifies that the cache node +"compatible" and "cache-level" properties are required. + +Cf. s3.8 Multi-level and Shared Cache Nodes +The 'cache-unified' property should be present if one of the properties +for unified cache is present ('cache-size', ...). + +Update the relevant device trees nodes accordingly. + +Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> +Link: https://lore.kernel.org/r/20221107155825.1644604-6-pierre.gondois@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/corstone1000.dtsi | 1 + + arch/arm64/boot/dts/arm/foundation-v8.dtsi | 1 + + arch/arm64/boot/dts/arm/juno-r1.dts | 2 ++ + arch/arm64/boot/dts/arm/juno-r2.dts | 2 ++ + arch/arm64/boot/dts/arm/juno.dts | 2 ++ + arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 1 + + arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts | 1 + + 7 files changed, 10 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/corstone1000.dtsi b/arch/arm64/boot/dts/arm/corstone1000.dtsi +index 4e46826f883a..21f1f952e985 100644 +--- a/arch/arm64/boot/dts/arm/corstone1000.dtsi ++++ b/arch/arm64/boot/dts/arm/corstone1000.dtsi +@@ -53,6 +53,7 @@ gic: interrupt-controller@1c000000 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-level = <2>; + cache-size = <0x80000>; + cache-line-size = <64>; +diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +index 83e3e7e3984f..c8bd23b1a7ba 100644 +--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi ++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +@@ -58,6 +58,7 @@ cpu3: cpu@3 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +diff --git a/arch/arm64/boot/dts/arm/juno-r1.dts b/arch/arm64/boot/dts/arm/juno-r1.dts +index 6451c62146fd..1d90eeebb37d 100644 +--- a/arch/arm64/boot/dts/arm/juno-r1.dts ++++ b/arch/arm64/boot/dts/arm/juno-r1.dts +@@ -189,6 +189,7 @@ A53_3: cpu@103 { + + A57_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -197,6 +198,7 @@ A57_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/juno-r2.dts b/arch/arm64/boot/dts/arm/juno-r2.dts +index 438cd1ff4bd0..d2ada69b0a43 100644 +--- a/arch/arm64/boot/dts/arm/juno-r2.dts ++++ b/arch/arm64/boot/dts/arm/juno-r2.dts +@@ -195,6 +195,7 @@ A53_3: cpu@103 { + + A72_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -203,6 +204,7 @@ A72_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/juno.dts b/arch/arm64/boot/dts/arm/juno.dts +index cf4a58211399..5e48a01a5b9f 100644 +--- a/arch/arm64/boot/dts/arm/juno.dts ++++ b/arch/arm64/boot/dts/arm/juno.dts +@@ -194,6 +194,7 @@ A53_3: cpu@103 { + + A57_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -202,6 +203,7 @@ A57_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts +index 258991ad7cc0..ef68f5aae7dd 100644 +--- a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts ++++ b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts +@@ -71,6 +71,7 @@ cpu@3 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +diff --git a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts +index 5b6d9d8e934d..796cd7d02eb5 100644 +--- a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts ++++ b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts +@@ -57,6 +57,7 @@ cpu@1 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch new file mode 100644 index 0000000000..34dd025189 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch @@ -0,0 +1,38 @@ +From 3bd7a0219082c2c91570b81afc35f2aec57cade2 Mon Sep 17 00:00:00 2001 +From: James Clark <james.clark@arm.com> +Date: Thu, 17 Nov 2022 10:25:36 +0000 +Subject: [PATCH] arm64: dts: fvp: Add SPE to Foundation FVP + +Add SPE DT node to FVP model. If the model doesn't support SPE (e.g., +turned off via parameter), the driver will skip the initialisation +accordingly and thus is safe. + +Signed-off-by: James Clark <james.clark@arm.com> +Link: https://lore.kernel.org/r/20221117102536.237515-1-james.clark@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/foundation-v8.dtsi | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +index c8bd23b1a7ba..029578072d8f 100644 +--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi ++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +@@ -85,6 +85,11 @@ pmu { + <GIC_SPI 63 IRQ_TYPE_LEVEL_HIGH>; + }; + ++ spe-pmu { ++ compatible = "arm,statistical-profiling-extension-v1"; ++ interrupts = <GIC_PPI 5 IRQ_TYPE_LEVEL_HIGH>; ++ }; ++ + watchdog@2a440000 { + compatible = "arm,sbsa-gwdt"; + reg = <0x0 0x2a440000 0 0x1000>, +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch new file mode 100644 index 0000000000..72f7161fee --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch @@ -0,0 +1,149 @@ +From b2d5025e129289d9b914c696646e64495a7453c0 Mon Sep 17 00:00:00 2001 +From: Sudeep Holla <sudeep.holla@arm.com> +Date: Fri, 18 Nov 2022 15:10:17 +0000 +Subject: [PATCH] arm64: dts: fvp: Add information about L1 and L2 caches + +Add the information about L1 and L2 caches on FVP RevC platform. +Though the cache size is configurable through the model parameters, +having default values in the device tree helps to exercise and debug +any code utilising the cache information without the need of real +hardware. + +Link: https://lore.kernel.org/r/20221118151017.704716-1-sudeep.holla@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/fvp-base-revc.dts | 73 +++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/fvp-base-revc.dts b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +index 5f6f30c801a7..60472d65a355 100644 +--- a/arch/arm64/boot/dts/arm/fvp-base-revc.dts ++++ b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +@@ -47,48 +47,121 @@ cpu0: cpu@0 { + compatible = "arm,armv8"; + reg = <0x0 0x000>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu1: cpu@100 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x100>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu2: cpu@200 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x200>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu3: cpu@300 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x300>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu4: cpu@10000 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10000>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu5: cpu@10100 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10100>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu6: cpu@10200 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10200>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu7: cpu@10300 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10300>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; ++ }; ++ C0_L2: l2-cache0 { ++ compatible = "cache"; ++ cache-size = <0x80000>; ++ cache-line-size = <64>; ++ cache-sets = <512>; ++ cache-level = <2>; ++ cache-unified; ++ }; ++ ++ C1_L2: l2-cache1 { ++ compatible = "cache"; ++ cache-size = <0x80000>; ++ cache-line-size = <64>; ++ cache-sets = <512>; ++ cache-level = <2>; ++ cache-unified; + }; + }; + +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch new file mode 100644 index 0000000000..c551250869 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch @@ -0,0 +1,84 @@ +From e15031539490733279c41ba87f4ef2b440a685f5 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> +Date: Fri, 25 Nov 2022 15:41:12 +0100 +Subject: [PATCH] ARM: dts: vexpress: align LED node names with dtschema + +The node names should be generic and DT schema expects certain pattern. + + vexpress-v2p-ca9.dtb: leds: 'user1', 'user2', 'user3', 'user4', 'user5', 'user6', 'user7', 'user8' do not match any of the regexes: '(^led-[0-9a-f]$|led)', 'pinctrl-[0-9]+' + +Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> +Link: https://lore.kernel.org/r/20221125144112.476817-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm/boot/dts/vexpress-v2m.dtsi | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/arm/boot/dts/vexpress-v2m.dtsi b/arch/arm/boot/dts/vexpress-v2m.dtsi +index f434fe5cf4a1..def538ce8769 100644 +--- a/arch/arm/boot/dts/vexpress-v2m.dtsi ++++ b/arch/arm/boot/dts/vexpress-v2m.dtsi +@@ -383,49 +383,49 @@ v2m_refclk32khz: refclk32khz { + leds { + compatible = "gpio-leds"; + +- user1 { ++ led-user1 { + label = "v2m:green:user1"; + gpios = <&v2m_led_gpios 0 0>; + linux,default-trigger = "heartbeat"; + }; + +- user2 { ++ led-user2 { + label = "v2m:green:user2"; + gpios = <&v2m_led_gpios 1 0>; + linux,default-trigger = "mmc0"; + }; + +- user3 { ++ led-user3 { + label = "v2m:green:user3"; + gpios = <&v2m_led_gpios 2 0>; + linux,default-trigger = "cpu0"; + }; + +- user4 { ++ led-user4 { + label = "v2m:green:user4"; + gpios = <&v2m_led_gpios 3 0>; + linux,default-trigger = "cpu1"; + }; + +- user5 { ++ led-user5 { + label = "v2m:green:user5"; + gpios = <&v2m_led_gpios 4 0>; + linux,default-trigger = "cpu2"; + }; + +- user6 { ++ led-user6 { + label = "v2m:green:user6"; + gpios = <&v2m_led_gpios 5 0>; + linux,default-trigger = "cpu3"; + }; + +- user7 { ++ led-user7 { + label = "v2m:green:user7"; + gpios = <&v2m_led_gpios 6 0>; + linux,default-trigger = "cpu4"; + }; + +- user8 { ++ led-user8 { + label = "v2m:green:user8"; + gpios = <&v2m_led_gpios 7 0>; + linux,default-trigger = "cpu5"; +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 99a40e7777..4f9bcfdf57 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -36,7 +36,6 @@ SRC_URI:append:corstone500 = " \ # Corstone1000 KMACHINE # FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}" COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}" KCONFIG_MODE:corstone1000 = "--alldefconfig" KMACHINE:corstone1000 = "corstone1000" @@ -70,6 +69,7 @@ KERNEL_FEATURES:corstone1000 = "" COMPATIBLE_MACHINE:fvp-base = "fvp-base" KMACHINE:fvp-base = "fvp" FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}" +SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch" # # FVP BASE ARM32 KMACHINE @@ -100,6 +100,13 @@ COMPATIBLE_MACHINE:juno = "juno" KBUILD_DEFCONFIG:juno = "defconfig" KCONFIG_MODE:juno = "--alldefconfig" FILESEXTRAPATHS:prepend:juno := "${ARMBSPFILESPATHS}" +SRC_URI:append:juno = " \ + file://0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch \ + file://0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch \ + file://0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch \ + file://0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch \ + file://0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch \ + " # # Musca B1/S2 can't run Linux @@ -115,7 +122,6 @@ COMPATIBLE_MACHINE:n1sdp = "n1sdp" KBUILD_DEFCONFIG:n1sdp = "defconfig" KCONFIG_MODE:n1sdp = "--alldefconfig" FILESEXTRAPATHS:prepend:n1sdp := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:n1sdp := "${ARMFILESPATHS}" SRC_URI:append:n1sdp = " \ file://0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch \ file://0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch \ diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch new file mode 100644 index 0000000000..d9e20f8c76 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch @@ -0,0 +1,52 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Tue, 25 Oct 2022 19:08:49 +0100 +Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os + +N1SDP supports two DRAM's. This change is to add 2nd DRAM +starting at 0x8080000000 address. + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk +index 06b4975a..5374e406 100644 +--- a/core/arch/arm/plat-n1sdp/conf.mk ++++ b/core/arch/arm/plat-n1sdp/conf.mk +@@ -38,4 +38,4 @@ CFG_SHMEM_START ?= 0x83000000 + CFG_SHMEM_SIZE ?= 0x00210000 + # DRAM1 is defined above 4G + $(call force,CFG_CORE_LARGE_PHYS_ADDR,y) +-$(call force,CFG_CORE_ARM64_PA_BITS,36) ++$(call force,CFG_CORE_ARM64_PA_BITS,42) +diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c +index cfb7f19b..bb951ce6 100644 +--- a/core/arch/arm/plat-n1sdp/main.c ++++ b/core/arch/arm/plat-n1sdp/main.c +@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss; + register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); + + register_ddr(DRAM0_BASE, DRAM0_SIZE); ++register_ddr(DRAM1_BASE, DRAM1_SIZE); + + register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); + register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); +diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h +index 81b99409..bf0a3c83 100644 +--- a/core/arch/arm/plat-n1sdp/platform_config.h ++++ b/core/arch/arm/plat-n1sdp/platform_config.h +@@ -35,6 +35,9 @@ + #define DRAM0_BASE 0x80000000 + #define DRAM0_SIZE 0x80000000 + ++#define DRAM1_BASE 0x8080000000ULL ++#define DRAM1_SIZE 0x80000000ULL ++ + #define GICD_BASE 0x30000000 + #define GICC_BASE 0x2C000000 + #define GICR_BASE 0x300C0000 +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc index 219f08bfd7..5e6e150710 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc @@ -11,6 +11,7 @@ SRC_URI:append = " \ file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \ file://0003-HACK-disable-instruction-cache-and-data-cache.patch \ file://0004-Handle-logging-syscall.patch \ + file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \ " EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch index 801905d97a..c44885cf04 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch @@ -1,7 +1,7 @@ -From 7c9589c4bb056db5e1696f2a777891ab235b1b63 Mon Sep 17 00:00:00 2001 +From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH 01/19] Add openamp to SE proxy deployment +Subject: [PATCH 01/20] Add openamp to SE proxy deployment Openamp is required to communicate between secure partitions(running on Cortex-A) and trusted-firmware-m(running on Cortex-M). @@ -283,5 +283,5 @@ index 000000000000..449f35f4fda4 +set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") +set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include") -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch index 39edc9d1e3..0371a7a418 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch @@ -1,7 +1,7 @@ -From e4ccb92f8de94a82edd3548d62c853790ae36bd1 Mon Sep 17 00:00:00 2001 +From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH 02/19] Implement mhu driver and the OpenAmp conversion layer. +Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer. This commit adds an mhu driver (v2.1 and v2) to the secure partition se_proxy and a conversion layer to communicate with @@ -1087,5 +1087,5 @@ index 000000000000..bb778bb9719b +# include MHU driver +include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch index bf52a2382b..5686face15 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch @@ -1,7 +1,7 @@ -From e187510a814b48b7b2e477a9913ee35b68522d06 Mon Sep 17 00:00:00 2001 +From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH 03/19] Add openamp rpc caller +Subject: [PATCH 03/20] Add openamp rpc caller Upstream-Status: Pending Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> @@ -1192,5 +1192,5 @@ index d39873a0fe81..34fe5ff1b925 100644 # Stub service provider backends "components/rpc/dummy" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch index 3246224560..84d418c131 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch @@ -1,7 +1,7 @@ -From 8c1bc5a7ae525d64802e2a06746f698f54cf07ca Mon Sep 17 00:00:00 2001 +From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH 04/19] add psa client definitions for ff-m +Subject: [PATCH 04/20] add psa client definitions for ff-m Add PSA client definitions in common include to add future ff-m support. @@ -294,5 +294,5 @@ index 000000000000..aaa973c6e987 + +#endif /* __PSA_MANIFEST_SID_H__ */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch index e179fb035a..df3cb2f4c2 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch @@ -1,7 +1,7 @@ -From e9778f726ed582360152f150301995b10d268aae Mon Sep 17 00:00:00 2001 +From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH 05/19] Add common service component to ipc support +Subject: [PATCH 05/20] Add common service component to ipc support Add support for inter processor communication for PSA including, the openamp client side structures lib. @@ -291,5 +291,5 @@ index 34fe5ff1b925..dd0c5d00c21e 100644 "components/service/discovery/provider" "components/service/discovery/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch index cac43ec4bc..74a83777df 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch @@ -1,7 +1,7 @@ -From 0df82487a7a253c601ca20ca1bd64fbb9ed64230 Mon Sep 17 00:00:00 2001 +From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH 06/19] Add secure storage ipc backend +Subject: [PATCH 06/20] Add secure storage ipc backend Add secure storage ipc ff-m implementation which may use openamp as rpc to communicate with other processor. @@ -519,5 +519,5 @@ index dd0c5d00c21e..cd51460406ca 100644 "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch index 192e9768bd..ad33295d41 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch @@ -1,7 +1,7 @@ -From 9c7f1e6a5eb9ab887e568cfa3c2003583d387bc9 Mon Sep 17 00:00:00 2001 +From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH 07/19] Use secure storage ipc and openamp for se_proxy +Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy Remove mock up backend for secure storage in se proxy deployment and use instead the secure storage ipc backend with @@ -59,5 +59,5 @@ index acfb6e8873fa..57290056d614 100644 return secure_storage_provider_init(&ps_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch index ce7aacf3cd..ab57688276 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch @@ -1,7 +1,7 @@ -From d9169d380366afc63af5d4bf02791aeb41f47897 Mon Sep 17 00:00:00 2001 +From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH 08/19] Run psa-arch-test +Subject: [PATCH 08/20] Run psa-arch-test Fixes needed to run psa-arch-test @@ -68,5 +68,5 @@ index 4f6ba2a7d822..1fd6b40dc803 100644 }; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch index ca0c9d9575..3295fa9bd9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch @@ -1,7 +1,7 @@ -From ee767c1ae857cfcc8b4bb520b2558091e253cf94 Mon Sep 17 00:00:00 2001 +From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH 09/19] Use address instead of pointers +Subject: [PATCH 09/20] Use address instead of pointers Since secure enclave is 32bit and we 64bit there is an issue in the protocol communication design that force us to handle @@ -164,5 +164,5 @@ index a1f369db253e..bda442a61d5c 100644 (void)client_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch index d47b0decf5..2d0725cb24 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch @@ -1,7 +1,7 @@ -From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001 +From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH 10/19] Add psa ipc attestation to se proxy +Subject: [PATCH 10/20] Add psa ipc attestation to se proxy Implement attestation client API as psa ipc and include it to se proxy deployment. @@ -16,12 +16,15 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ components/service/common/include/psa/sid.h | 4 + .../se-proxy/common/service_proxy_factory.c | 6 ++ - deployments/se-proxy/se-proxy.cmake | 3 +- - 7 files changed, 169 insertions(+), 1 deletion(-) + deployments/se-proxy/se-proxy.cmake | 7 +- + ...ble-using-hard-coded-attestation-key.patch | 29 ------- + external/psa_arch_tests/psa_arch_tests.cmake | 4 - + 9 files changed, 171 insertions(+), 36 deletions(-) create mode 100644 components/service/attestation/client/psa_ipc/component.cmake create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c + delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake new file mode 100644 @@ -243,10 +246,10 @@ index 57290056d614..4b8cceccbe4d 100644 attest_provider_register_serializer(&attest_provider, TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index cd51460406ca..38d26821d44d 100644 +index cd51460406ca..3dbbc36c968d 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake -@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy" +@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy" "components/service/attestation/include" "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" @@ -258,9 +261,63 @@ index cd51460406ca..38d26821d44d 100644 "components/rpc/dummy" "components/rpc/common/caller" - "components/service/attestation/reporter/stub" - "components/service/attestation/key_mngr/stub" - "components/service/crypto/backend/stub" +- "components/service/attestation/key_mngr/stub" +- "components/service/crypto/backend/stub" ++ "components/service/attestation/key_mngr/local" ++ "components/service/crypto/backend/psa_ipc" "components/service/crypto/client/psa" + "components/service/secure_storage/backend/mock_store" + ) +diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch +deleted file mode 100644 +index 6664961ab662..000000000000 +--- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch ++++ /dev/null +@@ -1,29 +0,0 @@ +-From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001 +-From: Gyorgy Szing <Gyorgy.Szing@arm.com> +-Date: Tue, 8 Feb 2022 17:06:37 +0000 +-Subject: [PATCH 1/1] Disable using hard-coded attestation key +- +-Modify platform config to disable using a hard-coded attestation +-key. +- +-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +---- +- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +- +- 1 file changed, 1 insertion(+), 1 deletion(-) +- +-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-index 6112ba7..1cdf581 100755 +---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t; +- #define CRYPTO_VERSION_BETA3 +- +- /* Use hardcoded public key */ +--#define PLATFORM_OVERRIDE_ATTEST_PK +-+//#define PLATFORM_OVERRIDE_ATTEST_PK +- +- /* +- * Include of PSA defined Header files +--- +-2.17.1 +- +diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake +index a8b77a1fc05e..1995df3e0b49 100644 +--- a/external/psa_arch_tests/psa_arch_tests.cmake ++++ b/external/psa_arch_tests/psa_arch_tests.cmake +@@ -15,10 +15,6 @@ set(GIT_OPTIONS + GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} + GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} + GIT_SHALLOW FALSE +- PATCH_COMMAND git stash +- COMMAND git tag -f ts-before-am +- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch +- COMMAND git reset ts-before-am + ) + + # Ensure list of defines is separated correctly -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch index 988fbbecdd..5803cc17dc 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch @@ -1,7 +1,7 @@ -From 94770f9660154bb1157e19c11fb706889a81ae73 Mon Sep 17 00:00:00 2001 +From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH 11/19] Setup its backend as openamp rpc using secure storage +Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage ipc implementation. Upstream-Status: Pending @@ -159,5 +159,5 @@ index 4b8cceccbe4d..1110ac46bf8b 100644 + return secure_storage_provider_init(&its_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch index fdc39b0d3c..67ea7b8c56 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch @@ -1,7 +1,7 @@ -From 896b5009bb07c4b53541290e1712856063411107 Mon Sep 17 00:00:00 2001 +From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH 12/19] add psa ipc crypto backend +Subject: [PATCH 12/20] add psa ipc crypto backend Add psa ipc crypto backend and attach it to se proxy deployment. @@ -36,9 +36,8 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../crypto/include/psa/crypto_client_struct.h | 8 +- .../service/crypto/include/psa/crypto_sizes.h | 2 +- .../se-proxy/common/service_proxy_factory.c | 15 +- - deployments/se-proxy/se-proxy.cmake | 2 +- .../providers/arm/corstone1000/platform.cmake | 2 + - 29 files changed, 2293 insertions(+), 11 deletions(-) + 28 files changed, 2292 insertions(+), 10 deletions(-) create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h @@ -2556,19 +2555,6 @@ index 1110ac46bf8b..7edeef8b434a 100644 return crypto_iface; } -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 38d26821d44d..f647190d9559 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -57,7 +57,7 @@ add_components(TARGET "se-proxy" - "components/rpc/dummy" - "components/rpc/common/caller" - "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake index bb778bb9719b..51e5faa3e4d8 100644 --- a/platform/providers/arm/corstone1000/platform.cmake @@ -2580,5 +2566,5 @@ index bb778bb9719b..51e5faa3e4d8 100644 + +add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch index 1a6e8f50f1..0040e12727 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 6b8ebdeb8caa6326ae2a4befaf4410a7a54d4e02 Mon Sep 17 00:00:00 2001 +From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 13/19] Add stub capsule update service components +Subject: [PATCH 13/20] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -338,7 +338,7 @@ index 298d407a2371..02aa7fe2550d 100644 #ifdef __cplusplus } diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index f647190d9559..e35b0d0f610d 100644 +index 3dbbc36c968d..f0db2d43f443 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake @@ -51,6 +51,7 @@ add_components(TARGET "se-proxy" @@ -432,5 +432,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch index 52c793cc12..22b1da6906 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch @@ -1,7 +1,7 @@ -From a71b26f867f1b4a08285d6da82528de6a54321f2 Mon Sep 17 00:00:00 2001 +From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH 14/19] Configure storage size +Subject: [PATCH 14/20] Configure storage size Upstream-Status: Pending Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> @@ -10,7 +10,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 715ccc3cb546..aeb8a22062b7 100644 +index 611e2e225c6b..6c3b9ed81c25 100644 --- a/components/service/smm_variable/backend/uefi_variable_store.c +++ b/components/service/smm_variable/backend/uefi_variable_store.c @@ -88,6 +88,7 @@ static efi_status_t check_name_terminator( @@ -38,5 +38,5 @@ index 715ccc3cb546..aeb8a22062b7 100644 context->owner_id = owner_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch index a8f5559d10..426f2ca5c4 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch @@ -1,7 +1,7 @@ -From 3cc9c417f12f005244530d8d706a6b7f3be35627 Mon Sep 17 00:00:00 2001 +From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH 15/19] Fix: Crypto interface structure aligned with tf-m +Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m change. NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. @@ -27,5 +27,5 @@ index c13c20e84131..ec25eaf868c7 100644 * AEAD until the API is * restructured -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch index a0911970e6..a59d140023 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch @@ -1,7 +1,7 @@ -From c54afe45c1be25c4819b0f762cf03a24e6343ce5 Mon Sep 17 00:00:00 2001 +From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH 16/19] Integrate remaining psa-ipc client APIs. +Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs. Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> @@ -490,5 +490,5 @@ index e16f6e5450af..cc9279ee79f2 100644 } #endif -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch index e7c1dc33f8..4adcd90a5f 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch @@ -1,7 +1,7 @@ -From b1ff44c650ae82f364a2f74059eeb280996dc4f8 Mon Sep 17 00:00:00 2001 +From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH 17/19] Fix : update psa_set_key_usage_flags definition to the +Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the latest from the tf-m Upstream-Status: Pending @@ -36,5 +36,5 @@ index 1bc55e375eea..b4a7ed4b39d3 100644 } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 9ab1157ead..c1598a9e11 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,11 +1,10 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - -From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 +From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58. +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- @@ -118,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch index 984e2977d2..02c89d895e 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch @@ -1,7 +1,7 @@ -From 07ad7e1f7ba06045bf331d5b73a6adf38a098fb7 Mon Sep 17 00:00:00 2001 +From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 11 Oct 2022 10:46:10 +0100 -Subject: [PATCH 19/19] plat: corstone1000: change default smm values +Subject: [PATCH 19/20] plat: corstone1000: change default smm values Smm gateway uses SE proxy to route the calls for any NV storage so set the NV_STORE_SN. @@ -33,5 +33,5 @@ index 51e5faa3e4d8..04b629a81906 100644 + SMM_GATEWAY_MAX_UEFI_VARIABLES=100 +) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch index 79429c7747..ce40df0fd8 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH] FMP Support in Corstone1000. +Subject: [PATCH 20/20] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -11,6 +11,7 @@ The solution is platform specific and needs to be revisted. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- .../provider/capsule_update_provider.c | 5 + .../capsule_update/provider/component.cmake | 1 + @@ -21,7 +22,7 @@ Upstream-Status: Inappropriate [The solution is platform specific and needs to b create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -index 9bbd7abc..871d6bcf 100644 +index e133753f8560..991a2235cd73 100644 --- a/components/service/capsule_update/provider/capsule_update_provider.c +++ b/components/service/capsule_update/provider/capsule_update_provider.c @@ -11,6 +11,7 @@ @@ -58,7 +59,7 @@ index 9bbd7abc..871d6bcf 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -index 1d412eb2..6b060149 100644 +index 1d412eb234d9..6b0601494938 100644 --- a/components/service/capsule_update/provider/component.cmake +++ b/components/service/capsule_update/provider/component.cmake @@ -10,4 +10,5 @@ endif() @@ -69,7 +70,7 @@ index 1d412eb2..6b060149 100644 ) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c new file mode 100644 -index 00000000..6a7a47a7 +index 000000000000..6a7a47a7ed99 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -0,0 +1,307 @@ @@ -382,7 +383,7 @@ index 00000000..6a7a47a7 +} diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h new file mode 100644 -index 00000000..95fba2a0 +index 000000000000..95fba2a04d5c --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h @@ -0,0 +1,26 @@ @@ -413,5 +414,5 @@ index 00000000..95fba2a0 + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.17.1 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch new file mode 100644 index 0000000000..87c053fcc6 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch @@ -0,0 +1,35 @@ +From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Wed, 2 Nov 2022 09:58:27 +0000 +Subject: [PATCH] smm_gateway: add checks for null attributes + +As par EDK-2 and EDK-2 test code, setVariable() with 0 +attributes means a delete variable request. Currently, +smm gatway doesn't handle this scenario. This commit adds +that support. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + components/service/smm_variable/backend/uefi_variable_store.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c +index 6c3b9ed8..a691dc5d 100644 +--- a/components/service/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/smm_variable/backend/uefi_variable_store.c +@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable( + if (info->is_variable_set) { + + /* It's a request to update to an existing variable */ +- if (!(var->Attributes & ++ if (!(var->Attributes) || (!(var->Attributes & + (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && +- !var->DataSize) { ++ !var->DataSize)) { + + /* It's a remove operation - for a remove, the variable + * data must be removed from the storage backend before +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch new file mode 100644 index 0000000000..ed4e6e27a3 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch @@ -0,0 +1,33 @@ +From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Thu, 3 Nov 2022 17:43:40 +0000 +Subject: [PATCH] smm_gateway: GetNextVariableName Fix + +GetNextVariableName() should return EFI_BUFFER_TOO_SMALL +when NameSize is smaller than the actual NameSize. It +currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting +max_name_len incorrectly. This fixes max_name_len error by +replacing it with actual NameSize request by u-boot. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + .../service/smm_variable/provider/smm_variable_provider.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c +index a9679b7e..6a4b6fa7 100644 +--- a/components/service/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/smm_variable/provider/smm_variable_provider.c +@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re + efi_status = uefi_variable_store_get_next_variable_name( + &this_instance->variable_store, + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data, +- max_name_len, ++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, + &resp_buf->data_len); + } + else { +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch index c7289562bd..c7289562bd 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend new file mode 100644 index 0000000000..a885d38797 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend @@ -0,0 +1,10 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} + + +EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \ + -DMM_COMM_BUFFER_PAGE_COUNT=1 \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 03f7dff2ef..e97fb5937a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -1,29 +1,26 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -SRC_URI:append = " \ - file://0001-Add-openamp-to-SE-proxy-deployment.patch \ - file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \ - file://0003-Add-openamp-rpc-caller.patch \ - file://0004-add-psa-client-definitions-for-ff-m.patch \ - file://0005-Add-common-service-component-to-ipc-support.patch \ - file://0006-Add-secure-storage-ipc-backend.patch \ - file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \ - file://0008-Run-psa-arch-test.patch \ - file://0009-Use-address-instead-of-pointers.patch \ - file://0010-Add-psa-ipc-attestation-to-se-proxy.patch \ - file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \ - file://0012-add-psa-ipc-crypto-backend.patch \ - file://0013-Add-stub-capsule-update-service-components.patch \ - file://0014-Configure-storage-size.patch \ - file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \ - file://0016-Integrate-remaining-psa-ipc-client-APIs.patch \ - file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ - file://0019-plat-corstone1000-change-default-smm-values.patch \ - file://0020-FMP-Support-in-Corstone1000.patch \ - " - - -EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ - -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +SRC_URI:append:corstone1000 = " \ + file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \ + file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \ + file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \ + file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \ + file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \ + file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \ + file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \ + file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \ + file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \ + file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \ + file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \ + file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ + file://0014-Configure-storage-size.patch;patchdir=../trusted-services \ + file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \ + file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \ + file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ + file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ + file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc new file mode 100644 index 0000000000..50ff960df5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/psa-apitest:" + +include ts-corstone1000.inc + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend index 6595c92a28..ea49213e89 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -1,7 +1 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" - -SRC_URI:append:corstone1000 = " \ - file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ - " +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + diff --git a/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass b/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass new file mode 100644 index 0000000000..e193935383 --- /dev/null +++ b/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass @@ -0,0 +1,48 @@ +# This class is to be inherited by recipes where there are patches located inside +# the fetched source code which need to be applied. + +# The following variables need to be set: +# LOCAL_SRC_PATCHES_INPUT_DIR is the directory from where the patches are located +# LOCAL_SRC_PATCHES_DEST_DIR is the directory where the patches will be applied + +do_patch[depends] += "quilt-native:do_populate_sysroot" + +LOCAL_SRC_PATCHES_INPUT_DIR ??= "" +LOCAL_SRC_PATCHES_DEST_DIR ??= "${LOCAL_SRC_PATCHES_INPUT_DIR}" + +python() { + if not d.getVar('LOCAL_SRC_PATCHES_INPUT_DIR'): + bb.warn("LOCAL_SRC_PATCHES_INPUT_DIR variable needs to be set.") +} + +apply_local_src_patches() { + + input_dir="${LOCAL_SRC_PATCHES_INPUT_DIR}" + dest_dir="${LOCAL_SRC_PATCHES_DEST_DIR}" + + if [ ! -d "$input_dir" ] ; then + bbfatal "LOCAL_SRC_PATCHES_INPUT_DIR=$input_dir not found." + fi + + if [ ! -d "$dest_dir" ] ; then + bbfatal "LOCAL_SRC_PATCHES_DEST_DIR=$dest_dir not found." + fi + + cd $dest_dir + export QUILT_PATCHES=./patches-extra + mkdir -p patches-extra + + for patch in $(find $input_dir -type f -name *.patch -or -name *.diff | sort) + do + patch_basename=`basename $patch` + if ! quilt applied $patch_basename >/dev/null ; then + bbdebug 1 "Applying $patch_basename in $dest_dir." + echo $patch_basename >> patches-extra/series + cp $patch patches-extra + quilt push $patch_basename + else + bbdebug 1 "$patch_basename already applied." + fi + done +} +do_patch[postfuncs] += "apply_local_src_patches" diff --git a/meta-arm/meta-arm/classes/fvpboot.bbclass b/meta-arm/meta-arm/classes/fvpboot.bbclass index 78dabd7369..3159cd43db 100644 --- a/meta-arm/meta-arm/classes/fvpboot.bbclass +++ b/meta-arm/meta-arm/classes/fvpboot.bbclass @@ -24,7 +24,10 @@ FVP_CONSOLES[default] ?= "${FVP_CONSOLE}" # Arbitrary extra arguments FVP_EXTRA_ARGS ?= "" # Bitbake variables to pass to the FVP environment -FVP_ENV_PASSTHROUGH ?= "" +FVP_ENV_PASSTHROUGH ?= "FASTSIM_DISABLE_TA ARMLMD_LICENSE_FILE" +FVP_ENV_PASSTHROUGH[vardeps] = "${FVP_ENV_PASSTHROUGH}" +# Disable timing annotation by default +FASTSIM_DISABLE_TA ?= "1" EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}" @@ -70,7 +73,8 @@ python do_write_fvpboot_conf() { data["env"] = {} for var in d.getVar("FVP_ENV_PASSTHROUGH").split(): - data["env"][var] = d.getVar(var) + if d.getVar(var) is not None: + data["env"][var] = d.getVar(var) os.makedirs(os.path.dirname(conffile), exist_ok=True) with open(conffile, "wt") as f: diff --git a/meta-arm/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/meta-arm/classes/uefi_capsule.bbclass new file mode 100644 index 0000000000..690e7af4c3 --- /dev/null +++ b/meta-arm/meta-arm/classes/uefi_capsule.bbclass @@ -0,0 +1,55 @@ +# This class generates UEFI capsules +# The current class supports generating a capsule with single firmware binary + +DEPENDS += "gettext-native" +inherit python3native + +IMAGE_TYPES += "uefi_capsule" + +# edk2 base tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot" + +# By default the wic image is used to create a capsule +CAPSULE_IMGTYPE ?= "wic" + +# IMGDEPLOYDIR is used as the default location of firmware binary for which the capsule needs to be created +CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" + +# The generated capsule by default has uefi.capsule extension +CAPSULE_EXTENSION ?= "uefi.capsule" + +# The following variables must be set to be able to generate a capsule update +UEFI_FIRMWARE_BINARY ?= "" +UEFI_CAPSULE_CONFIG ?= "" + +# Check if the required variables are set +python() { + for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]: + if not d.getVar(var): + raise bb.parse.SkipRecipe(f"{var} not set") +} + +IMAGE_CMD:uefi_capsule(){ + + # Force the GenerateCapsule script to use python3 + export PYTHON_COMMAND=${PYTHON} + + # Copy the firmware and the capsule config json to current directory + if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then + cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ; + fi + + export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY} + envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json + + ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \ + -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \ + ${MACHINE}-capsule-update-image.json + + # Remove the firmware to avoid contamination of IMGDEPLOYDIR + rm ${UEFI_FIRMWARE_BINARY} + +} + +# The firmware binary should be created before generating the capsule +IMAGE_TYPEDEP:uefi_capsule:append = "${CAPSULE_IMGTYPE}" diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py index 28351a39ed..c52cdc1c14 100644 --- a/meta-arm/meta-arm/lib/fvp/runner.py +++ b/meta-arm/meta-arm/lib/fvp/runner.py @@ -1,7 +1,7 @@ -import asyncio import re import subprocess import os +import shlex import shutil import sys @@ -44,50 +44,70 @@ def check_telnet(): if not bool(shutil.which("telnet")): raise RuntimeError("Cannot find telnet, this is needed to connect to the FVP.") + +class ConsolePortParser: + def __init__(self, lines): + self._lines = lines + self._console_ports = {} + + def parse_port(self, console): + if console in self._console_ports: + return self._console_ports[console] + + while True: + try: + line = next(self._lines).strip().decode(errors='ignore') + m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line) + if m: + matched_console = m.group(1) + matched_port = int(m.group(2)) + if matched_console == console: + return matched_port + else: + self._console_ports[matched_console] = matched_port + except StopIteration: + # self._lines might be a growing log file + pass + + +# This function is backported from Python 3.8. Remove it and replace call sites +# with shlex.join once OE-core support for earlier Python versions is dropped. +def shlex_join(split_command): + """Return a shell-escaped string from *split_command*.""" + return ' '.join(shlex.quote(arg) for arg in split_command) + + class FVPRunner: def __init__(self, logger): - self._terminal_ports = {} - self._line_callbacks = [] self._logger = logger self._fvp_process = None self._telnets = [] self._pexpects = [] - def add_line_callback(self, callback): - self._line_callbacks.append(callback) - - async def start(self, config, extra_args=[], terminal_choice="none"): + def start(self, config, extra_args=[], terminal_choice="none", stdout=subprocess.PIPE): cli = cli_from_config(config, terminal_choice) cli += extra_args # Pass through environment variables needed for GUI applications, such # as xterm, to work. env = config['env'] - for name in ('DISPLAY', 'WAYLAND_DISPLAY'): + for name in ('DISPLAY', 'WAYLAND_DISPLAY', 'XAUTHORITY'): if name in os.environ: env[name] = os.environ[name] - self._logger.debug(f"Constructed FVP call: {cli}") - self._fvp_process = await asyncio.create_subprocess_exec( - *cli, - stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, + self._logger.debug(f"Constructed FVP call: {shlex_join(cli)}") + self._fvp_process = subprocess.Popen( + cli, + stdin=subprocess.DEVNULL, stdout=stdout, stderr=subprocess.STDOUT, env=env) - def detect_terminals(line): - m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line) - if m: - terminal = m.group(1) - port = int(m.group(2)) - self._terminal_ports[terminal] = port - self.add_line_callback(detect_terminals) - - async def stop(self): + def stop(self): if self._fvp_process: self._logger.debug(f"Terminating FVP PID {self._fvp_process.pid}") try: self._fvp_process.terminate() - await asyncio.wait_for(self._fvp_process.wait(), 10.0) - except asyncio.TimeoutError: + self._fvp_process.wait(10.0) + except subprocess.TimeoutExpired: self._logger.debug(f"Killing FVP PID {self._fvp_process.pid}") self._fvp_process.kill() except ProcessLookupError: @@ -96,8 +116,8 @@ class FVPRunner: for telnet in self._telnets: try: telnet.terminate() - await asyncio.wait_for(telnet.wait(), 10.0) - except asyncio.TimeoutError: + telnet.wait(10.0) + except subprocess.TimeoutExpired: telnet.kill() except ProcessLookupError: pass @@ -117,34 +137,21 @@ class FVPRunner: else: return 0 - async def run(self, until=None): - if until and until(): - return - - async for line in self._fvp_process.stdout: - line = line.strip().decode("utf-8", errors="replace") - for callback in self._line_callbacks: - callback(line) - if until and until(): - return + def wait(self, timeout): + self._fvp_process.wait(timeout) - async def _get_terminal_port(self, terminal, timeout): - def terminal_exists(): - return terminal in self._terminal_ports - await asyncio.wait_for(self.run(terminal_exists), timeout) - return self._terminal_ports[terminal] + @property + def stdout(self): + return self._fvp_process.stdout - async def create_telnet(self, terminal, timeout=15.0): + def create_telnet(self, port): check_telnet() - port = await self._get_terminal_port(terminal, timeout) - telnet = await asyncio.create_subprocess_exec("telnet", "localhost", str(port), stdin=sys.stdin, stdout=sys.stdout) + telnet = subprocess.Popen(["telnet", "localhost", str(port)], stdin=sys.stdin, stdout=sys.stdout) self._telnets.append(telnet) return telnet - async def create_pexpect(self, terminal, timeout=15.0, **kwargs): - check_telnet() + def create_pexpect(self, port, **kwargs): import pexpect - port = await self._get_terminal_port(terminal, timeout) instance = pexpect.spawn(f"telnet localhost {port}", **kwargs) self._pexpects.append(instance) return instance diff --git a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py index c8dcf2982d..e8a094f1df 100644 --- a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py +++ b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py @@ -1,4 +1,3 @@ -import asyncio import pathlib import pexpect import os @@ -13,7 +12,7 @@ class OEFVPSSHTarget(OESSHTarget): Contains common logic to start and stop an FVP. """ def __init__(self, logger, target_ip, server_ip, timeout=300, user='root', - port=None, dir_image=None, rootfs=None, **kwargs): + port=None, dir_image=None, rootfs=None, bootlog=None, **kwargs): super().__init__(logger, target_ip, server_ip, timeout, user, port) image_dir = pathlib.Path(dir_image) # rootfs may have multiple extensions so we need to strip *all* suffixes @@ -21,36 +20,40 @@ class OEFVPSSHTarget(OESSHTarget): basename = basename.name.replace("".join(basename.suffixes), "") self.fvpconf = image_dir / (basename + ".fvpconf") self.config = conffile.load(self.fvpconf) + self.bootlog = bootlog if not self.fvpconf.exists(): raise FileNotFoundError(f"Cannot find {self.fvpconf}") - async def boot_fvp(self): - self.fvp = runner.FVPRunner(self.logger) - await self.fvp.start(self.config) - self.logger.debug(f"Started FVP PID {self.fvp.pid()}") - await self._after_start() - - async def _after_start(self): + def _after_start(self): pass - async def _after_stop(self): - pass - - async def stop_fvp(self): - returncode = await self.fvp.stop() - await self._after_stop() - - self.logger.debug(f"Stopped FVP with return code {returncode}") - def start(self, **kwargs): - # When we can assume Py3.7+, this can simply be asyncio.run() - loop = asyncio.get_event_loop() - loop.run_until_complete(asyncio.gather(self.boot_fvp())) + self.fvp_log = self._create_logfile("fvp") + self.fvp = runner.FVPRunner(self.logger) + self.fvp.start(self.config, stdout=self.fvp_log) + self.logger.debug(f"Started FVP PID {self.fvp.pid()}") + self._after_start() def stop(self, **kwargs): - loop = asyncio.get_event_loop() - loop.run_until_complete(asyncio.gather(self.stop_fvp())) + returncode = self.fvp.stop() + self.logger.debug(f"Stopped FVP with return code {returncode}") + + def _create_logfile(self, name): + if not self.bootlog: + return None + + test_log_path = pathlib.Path(self.bootlog).parent + test_log_suffix = pathlib.Path(self.bootlog).suffix + fvp_log_file = f"{name}_log{test_log_suffix}" + fvp_log_path = pathlib.Path(test_log_path, fvp_log_file) + fvp_log_symlink = pathlib.Path(test_log_path, f"{name}_log") + try: + os.remove(fvp_log_symlink) + except: + pass + os.symlink(fvp_log_file, fvp_log_symlink) + return open(fvp_log_path, 'wb') class OEFVPTarget(OEFVPSSHTarget): @@ -59,31 +62,34 @@ class OEFVPTarget(OEFVPSSHTarget): waits for a Linux shell before returning to ensure that SSH commands work with the default test dependencies. """ - def __init__(self, logger, target_ip, server_ip, bootlog=None, **kwargs): + def __init__(self, logger, target_ip, server_ip, **kwargs): super().__init__(logger, target_ip, server_ip, **kwargs) - self.logfile = bootlog and open(bootlog, "wb") or None + self.logfile = self.bootlog and open(self.bootlog, "wb") or None # FVPs boot slowly, so allow ten minutes self.boot_timeout = 10 * 60 - async def _after_start(self): - self.logger.debug(f"Awaiting console on terminal {self.config['consoles']['default']}") - console = await self.fvp.create_pexpect(self.config['consoles']['default']) - try: - console.expect("login\\:", timeout=self.boot_timeout) - self.logger.debug("Found login prompt") - except pexpect.TIMEOUT: - self.logger.info("Timed out waiting for login prompt.") - self.logger.info("Boot log follows:") - self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace")) - raise RuntimeError("Failed to start FVP.") + def _after_start(self): + with open(self.fvp_log.name, 'rb') as logfile: + parser = runner.ConsolePortParser(logfile) + self.logger.debug(f"Awaiting console on terminal {self.config['consoles']['default']}") + port = parser.parse_port(self.config['consoles']['default']) + console = self.fvp.create_pexpect(port) + try: + console.expect("login\\:", timeout=self.boot_timeout) + self.logger.debug("Found login prompt") + except pexpect.TIMEOUT: + self.logger.info("Timed out waiting for login prompt.") + self.logger.info("Boot log follows:") + self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace")) + raise RuntimeError("Failed to start FVP.") class OEFVPSerialTarget(OEFVPSSHTarget): """ This target is intended for interaction with the target over one or more telnet consoles using pexpect. - + This still depends on OEFVPSSHTarget so SSH commands can still be run on the target, but note that this class does not inherently guarantee that the SSH server is running prior to running test cases. Test cases that use @@ -92,40 +98,25 @@ class OEFVPSerialTarget(OEFVPSSHTarget): """ DEFAULT_CONSOLE = "default" - def __init__(self, logger, target_ip, server_ip, bootlog=None, **kwargs): + def __init__(self, logger, target_ip, server_ip, **kwargs): super().__init__(logger, target_ip, server_ip, **kwargs) self.terminals = {} - self.test_log_path = pathlib.Path(bootlog).parent - self.test_log_suffix = pathlib.Path(bootlog).suffix - self.bootlog = bootlog - - async def _add_terminal(self, name, fvp_name): - logfile = self._create_logfile(name) - self.logger.info(f'Creating terminal {name} on {fvp_name}') - self.terminals[name] = \ - await self.fvp.create_pexpect(fvp_name, logfile=logfile) - - def _create_logfile(self, name): - fvp_log_file = f"{name}_log{self.test_log_suffix}" - fvp_log_path = pathlib.Path(self.test_log_path, fvp_log_file) - fvp_log_symlink = pathlib.Path(self.test_log_path, f"{name}_log") - try: - os.remove(fvp_log_symlink) - except: - pass - os.symlink(fvp_log_file, fvp_log_symlink) - return open(fvp_log_path, 'wb') - - async def _after_start(self): - for name, console in self.config["consoles"].items(): - await self._add_terminal(name, console) - - # testimage.bbclass expects to see a log file at `bootlog`, - # so make a symlink to the 'default' log file - if name == 'default': - default_test_file = f"{name}_log{self.test_log_suffix}" - os.symlink(default_test_file, self.bootlog) + def _after_start(self): + with open(self.fvp_log.name, 'rb') as logfile: + parser = runner.ConsolePortParser(logfile) + for name, console in self.config["consoles"].items(): + logfile = self._create_logfile(name) + self.logger.info(f'Creating terminal {name} on {console}') + port = parser.parse_port(console) + self.terminals[name] = \ + self.fvp.create_pexpect(port, logfile=logfile) + + # testimage.bbclass expects to see a log file at `bootlog`, + # so make a symlink to the 'default' log file + if name == 'default': + default_test_file = f"{name}_log{self.test_log_suffix}" + os.symlink(default_test_file, self.bootlog) def _get_terminal(self, name): return self.terminals[name] diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py index cf8a3c53f4..5cc8660f2b 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py @@ -81,13 +81,13 @@ class ConfFileTests(OESelftestTestCase): class RunnerTests(OESelftestTestCase): def create_mock(self): - return unittest.mock.patch("asyncio.create_subprocess_exec") + return unittest.mock.patch("subprocess.Popen") def test_start(self): from fvp import runner with self.create_mock() as m: fvp = runner.FVPRunner(self.logger) - asyncio.run(fvp.start({ + fvp.start({ "fvp-bindir": "/usr/bin", "exe": "FVP_Binary", "parameters": {'foo': 'bar'}, @@ -96,13 +96,13 @@ class RunnerTests(OESelftestTestCase): "terminals": {}, "args": ['--extra-arg'], "env": {"FOO": "BAR"} - })) + }) - m.assert_called_once_with('/usr/bin/FVP_Binary', + m.assert_called_once_with(['/usr/bin/FVP_Binary', '--parameter', 'foo=bar', '--data', 'data1', '--application', 'a1=file', - '--extra-arg', + '--extra-arg'], stdin=unittest.mock.ANY, stdout=unittest.mock.ANY, stderr=unittest.mock.ANY, @@ -113,7 +113,7 @@ class RunnerTests(OESelftestTestCase): from fvp import runner with self.create_mock() as m: fvp = runner.FVPRunner(self.logger) - asyncio.run(fvp.start({ + fvp.start({ "fvp-bindir": "/usr/bin", "exe": "FVP_Binary", "parameters": {}, @@ -122,9 +122,9 @@ class RunnerTests(OESelftestTestCase): "terminals": {}, "args": [], "env": {"FOO": "BAR"} - })) + }) - m.assert_called_once_with('/usr/bin/FVP_Binary', + m.assert_called_once_with(['/usr/bin/FVP_Binary'], stdin=unittest.mock.ANY, stdout=unittest.mock.ANY, stderr=unittest.mock.ANY, diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb index 4828fb552e..055e0c1b0c 100644 --- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb @@ -27,7 +27,7 @@ DEPENDS = "virtual/arm-none-eabi-gcc-native \ # For now we only build with GCC, so stop meta-clang trying to get involved TOOLCHAIN = "gcc" -SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'release', 'debug', d)}" +SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'Release', 'Debug', d)}" inherit deploy @@ -46,6 +46,7 @@ CFLAGS[unexport] = "1" EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${SCP_BUILD_STR} \ -D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \ -D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \ + -D DISABLE_CPPCHECK=1 \ " do_configure() { diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb index c10efd5a62..6b06c8a968 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb @@ -16,20 +16,19 @@ LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;nobranch=1;name=tfm-tests;destsuffix=git/tf-m-tests \ git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ " # The required dependencies are documented in tf-m/config/config_default.cmake # TF-Mv1.6.0 -SRCBRANCH_tfm ?= "release/1.6.x" +SRCBRANCH_tfm ?= "master" SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8" # mbedtls-3.1.0 SRCBRANCH_mbedtls ?= "master" SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" # TF-Mv1.6.0 -SRCBRANCH_tfm-tests ?= "release/1.6.x" SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213" # v1.9.0 SRCBRANCH_mcuboot ?= "main" @@ -108,10 +107,9 @@ export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" # TF-M ships patches that it needs applied to mbedcrypto, so apply them # as part of do_patch. -apply_local_patches() { - cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls -} -do_patch[postfuncs] += "apply_local_patches" +LOCAL_SRC_PATCHES_INPUT_DIR = "${S}/lib/ext/mbedcrypto" +LOCAL_SRC_PATCHES_DEST_DIR = "${S}/../mbedtls" +inherit apply_local_src_patches do_configure[cleandirs] = "${B}" do_configure() { diff --git a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb new file mode 100644 index 0000000000..6a59c22cab --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb @@ -0,0 +1,24 @@ +# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not +# built, they are just copied to native sysroot. This is sufficient for +# generating UEFI capsules as it only depends on some python scripts. Other +# tools need to be built first before adding to sysroot. + +SUMMARY = "EDK2 Base Tools" +LICENSE = "BSD-2-Clause-Patent" + +# EDK2 +SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https" +LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" + +SRCREV = "fff6d81270b57ee786ea18ad74f43149b9f03494" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} += "python3-core" + +do_install () { + mkdir -p ${D}${bindir}/edk2-BaseTools + cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/ +} diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.20.15.bb index 3ef089121e..f5175b2c38 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.20.15.bb @@ -5,6 +5,6 @@ LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \ file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=2e53bda6ff2db4c35d69944b93926c9f" -SRC_URI[sha256sum] = "788ede659414af36a2d09489e400c4d822c859b726565f1f171bc3102a9413d0" +SRC_URI[sha256sum] = "c252616489b79fffa3bb721255b1c99ff4ee8c38e4beebce4fa05862a3195fe9" MODEL_CODE = "FVP_Base_AEMv8R" diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb index 35ffe0b797..7d556616f0 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb @@ -2,10 +2,10 @@ require fvp-ecosystem.inc MODEL = "Corstone-1000-23" MODEL_CODE = "FVP_Corstone_1000" -PV = "11.17_23" +PV = "11.19_21" -SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/Linux/${MODEL_CODE}_${PV}.tgz;subdir=${BP}" -SRC_URI[sha256sum] = "00ccb72d02c90e2424d24a625d275cabf8ea8dc024713985208f618bb88d1934" +SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/Linux/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP}" +SRC_URI[sha256sum] = "dbdcb8b0c206fd56fd2296fe338a62902eb978883ba07f4da28440e180383b24" LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ - file://license_terms/third_party_licenses.txt;md5=41029e71051b1c786bae3112a29905a7" + file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb index 453d456abf..06c0316170 100644 --- a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb +++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb @@ -1,7 +1,7 @@ SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH}" # Use the wrapper script from TF-Mv1.6.0 -SRCBRANCH ?= "release/1.6.x" +SRCBRANCH ?= "master" SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8" LICENSE = "BSD-3-Clause" diff --git a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc b/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc index dec31dd44d..b3d377b4bf 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc +++ b/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc @@ -1,4 +1,4 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${ARMFILESPATHS}" # Enable ARM-FFA transport SRC_URI:append = " \ diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/arm-ffa-transport.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg index 34de78e895..34de78e895 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/arm-ffa-transport.cfg +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/efi.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/efi.cfg index 00be1bc60c..00be1bc60c 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/efi.cfg +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/efi.cfg diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/generic-arm64-kmeta/generic-arm64-standard.scc b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc index 7036476902..7036476902 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/generic-arm64-kmeta/generic-arm64-standard.scc +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/no-strict-devmem.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg index d372acaec2..d372acaec2 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/no-strict-devmem.cfg +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/tee.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/tee.cfg index 53c452d4a1..53c452d4a1 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/tee.cfg +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/tee.cfg diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch new file mode 100644 index 0000000000..637d90aeb8 --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch @@ -0,0 +1,34 @@ +Take a patch from linux-yocto to fix buildpaths in perf's python module. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b8cd0e429bf75b673c438a8277d4bc74327df992 Mon Sep 17 00:00:00 2001 +From: Tom Zanussi <tom.zanussi@intel.com> +Date: Tue, 3 Jul 2012 13:07:23 -0500 +Subject: [PATCH] perf: change --root to --prefix for python install + +Otherwise we get the sysroot path appended to the build path, not what +we want. + +Signed-off-by: Tom Zanussi <tom.zanussi@intel.com> +--- + tools/perf/Makefile.perf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf +index 8f738e11356d..ee945d8e3996 100644 +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -1022,7 +1022,7 @@ install-bin: install-tools install-tests install-traceevent-plugins + install: install-bin try-install-man + + install-python_ext: +- $(PYTHON_WORD) util/setup.py --quiet install --root='/$(DESTDIR_SQ)' ++ $(PYTHON_WORD) util/setup.py --quiet install --prefix='$(DESTDIR_SQ)/usr' + + # 'make install-doc' should call 'make -C Documentation install' + $(INSTALL_DOC_TARGETS): +-- +2.34.1 + diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb index c3c9b4dc36..804c068f41 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb @@ -8,6 +8,7 @@ SRC_URI = " \ git://android.googlesource.com/kernel/common.git;protocol=https;branch=android13-5.15-lts \ file://0001-lib-build_OID_registry-fix-reproducibility-issues.patch \ file://0002-vt-conmakehash-improve-reproducibility.patch \ + file://0001-perf-change-root-to-prefix-for-python-install.patch \ " # tag: ASB-2022-05-05_13-5.15-93-ge8b3f31d7a60 diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend index 896add8d0a..a641ec2da2 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend @@ -1,4 +1,4 @@ -ARMFILESPATHS := "${THISDIR}/${PN}:" +ARMFILESPATHS := "${THISDIR}/files:" COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64" FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb index 598b281bac..aafe85160c 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb +++ b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb @@ -24,11 +24,14 @@ do_install:append () { fi # Move the dynamic libraries into the standard place. - # Update a cmake file to use correct paths. install -d ${D}${libdir} mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir} - sed -i -e "s#/${TS_ENV}##g" ${D}${TS_INSTALL}/lib/cmake/libts/libtsTargets-noconfig.cmake + # Update generated cmake file to use correct paths. + target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libts -type f -iname "libtsTargets-*.cmake") + if [ ! -z "$target_cmake" ]; then + sed -i -e "s#/${TS_ENV}##g" $target_cmake + fi } inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)} diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc index dfd471635e..41cb0c08bc 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc @@ -18,11 +18,9 @@ EXTRA_OECMAKE += "\ -DPSA_ARCH_TESTS_SOURCE_DIR=${WORKDIR}/git/psatest \ " -# TS ships patches that need to be applied to psa-arch-tests +# TS check if there are patches to apply to psa-arch-tests, if so apply them apply_ts_patch() { - for p in ${S}/external/psa_arch_tests/*.patch; do - patch -p1 -d ${WORKDIR}/git/psatest < ${p} - done + find ${S}/external/psa_arch_tests -type f -name '*.patch' -exec patch -p1 -d ${WORKDIR}/git/psatest -i {} \; } do_patch[postfuncs] += "apply_ts_patch" diff --git a/meta-arm/meta-atp/README.md b/meta-arm/meta-atp/README.md index 15d0e29b81..490ddca97e 100644 --- a/meta-arm/meta-atp/README.md +++ b/meta-arm/meta-atp/README.md @@ -1,76 +1 @@ -# meta-atp layer - -The meta-atp layer supports building environments with traffic generation capabilities based on [AMBA Adaptive Traffic Profiles (ATP)](https://developer.arm.com/documentation/ihi0082/latest). - -## Recipes - -The meta-atp layer supports building the following software components: - -- Arm's implementation of the AMBA ATP specification, namely the [AMBA ATP Engine](https://github.com/ARM-software/ATP-Engine). -- Linux kernel modules and user API (UAPI) for programming ATP devices. -- Integration test suite for verification of kernel modules and UAPI. - -It is also possible to build the AMBA ATP Engine as part of the final [gem5](https://www.gem5.org/) executable. For this, meta-atp extends the `gem5-aarch64-native` recipe to add the AMBA ATP engine code as extra sources. - -## Machines - -The `gem5-atp-arm64` machine extends the `gem5-arm64` machine to instantiate a simulated platform with support for programmable AMBA ATP traffic generation. The platform includes the following models: - -- `ProfileGen` model. This is the adapter layer between gem5 and the AMBA ATP Engine. It is the source of traffic into the gem5 host platform. -- `ATPDevice` model. Software can program it using the Linux kernel modules and UAPI to control traffic generation. - -## Usage - -Users should add the meta-atp layer and layer dependencies to `conf/bblayers.conf`. See `conf/layer.conf` for dependencies. - -### Standalone Engine executable - -Users can build the AMBA ATP Engine as a standalone native executable as follows: - -```bash -bitbake atp-native -``` - -Users can run the executable through standard build scripts: - -```bash -oe-run-native atp-native atpeng [--help | args...] -``` - -## Integration of the Engine in gem5 - -Users should select the `gem5-atp-arm64` platform in their `conf/local.conf` file. - -Users can build the target image of preference, for example: - -```bash -bitbake core-image-minimal -``` - -The resulting gem5 native executable contains the AMBA ATP Engine. The resulting target image contains the kernel modules, UAPI and test suite. - -Users should run the environment as follows: - -```bash -./tmp/deploy/tools/start-gem5-atp.sh -``` - -This script launches a fast simulation to fast-forward Linux boot. Once Linux boot is completed, the fast simulation switches into a detailed simulation for the final usable environment. Users can connect and interact with the environment as follows: - -```bash -oe-run-native gem5-m5term-native m5term <PORT> -``` - -The connection PORT is announced by the deploy script as: - -```bash -system.terminal: Listening for connections on port <PORT> -``` - -This is usually port 3456. - -Users can verify access to the ATP device by running the integration test suite from within the simulated environment as follows: - -```bash -test_atp.out -``` +See ../README.md diff --git a/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf b/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf index d5fe22a7c0..6e6d49a9b3 100644 --- a/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf +++ b/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf @@ -5,7 +5,11 @@ MACHINEOVERRIDES =. "gem5-arm64:" GEM5_RUN_PROFILE = "configs/baremetal_atp.py" # Require m5term EXTRA_IMAGEDEPENDS += "gem5-m5term-native" -# Require ATP kernel modules, user API and gem5 m5ops -MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-module-atp atp-uapi gem5-m5ops" +# Require ATP kernel modules, user API and gem5 m5readfile +MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-module-atp atp-uapi gem5-m5readfile" # Optionally provide ATP kernel tests MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += "atp-test" + +# Use ATP Engine gem5 models in gem5 build +DEPENDS:append:pn-gem5-aarch64-native = " atp-gem5-native" +GEM5_EXTRAS:pn-gem5-aarch64-native = "${STAGING_DATADIR_NATIVE}/atp" diff --git a/meta-arm/meta-atp/documentation/atp-standalone.md b/meta-arm/meta-atp/documentation/atp-standalone.md new file mode 100644 index 0000000000..1ab4528a5c --- /dev/null +++ b/meta-arm/meta-atp/documentation/atp-standalone.md @@ -0,0 +1,13 @@ +# Standalone ATP Engine executable + +Users can build the AMBA ATP Engine as a standalone native executable as follows: + +```bash +bitbake atp-native +``` + +Users can run the executable through standard build scripts: + +```bash +oe-run-native atp-native atpeng [--help | args...] +``` diff --git a/meta-arm/meta-atp/documentation/gem5-atp-arm64.md b/meta-arm/meta-atp/documentation/gem5-atp-arm64.md new file mode 100644 index 0000000000..018f374cdc --- /dev/null +++ b/meta-arm/meta-atp/documentation/gem5-atp-arm64.md @@ -0,0 +1,37 @@ +## ATP Engine integration in gem5, and the gem5-atp-arm64 machine + +Users should select the `gem5-atp-arm64` machine in their `conf/local.conf` file. + +Users can build the target image of preference, for example: + +```bash +bitbake core-image-minimal +``` + +The resulting gem5 native executable contains the AMBA ATP Engine. The resulting target image contains the kernel modules, UAPI and test suite. + +Users should run the environment as follows: + +```bash +oe-run-native atp-gem5-native start-gem5-atp.sh +``` + +This script launches a fast simulation to fast-forward Linux boot. Once Linux boot is completed, the fast simulation switches into a detailed simulation for the final usable environment. Users can connect and interact with the environment as follows: + +```bash +oe-run-native gem5-m5term-native m5term <PORT> +``` + +The connection PORT is announced by the deploy script as: + +```bash +system.terminal: Listening for connections on port <PORT> +``` + +This is usually port 3456. + +Users can verify access to the ATP device by running the integration test suite from within the simulated environment as follows: + +```bash +test_atp.out +``` diff --git a/meta-arm/meta-atp/documentation/summary.md b/meta-arm/meta-atp/documentation/summary.md new file mode 100644 index 0000000000..7ac6c3f51a --- /dev/null +++ b/meta-arm/meta-atp/documentation/summary.md @@ -0,0 +1,11 @@ +# meta-atp summary + +The meta-atp layer supports building the following software components: + +- Arm's implementation of the AMBA ATP specification, namely the [AMBA ATP Engine](https://github.com/ARM-software/ATP-Engine). +- Linux kernel modules and user API (UAPI) for programming ATP devices. +- Integration test suite for verification of kernel modules and UAPI. + +It is also possible to build the AMBA ATP Engine as part of the final [gem5](https://www.gem5.org/) executable. For this, meta-atp extends the `gem5-aarch64-native` recipe to add the AMBA ATP engine code as extra sources. + +Users should add the meta-atp layer and layer dependencies to `conf/bblayers.conf`. See `conf/layer.conf` for dependencies. diff --git a/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb new file mode 100644 index 0000000000..634c9b11ac --- /dev/null +++ b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb @@ -0,0 +1,24 @@ +require atp-source_3.1.inc +inherit native + +SUMMARY = "AMBA ATP Engine gem5 models" + +S = "${WORKDIR}/git" +SRC_URI = "${ATP_SRC} file://start-gem5-atp.sh" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}${datadir}/gem5/configs ${D}${datadir}/atp ${D}${bindir} + + # baremetal_atp.py machine configuration and sample stream.atp file + install ${S}/gem5/baremetal_atp.py ${S}/configs/stream.atp ${D}${datadir}/gem5/configs + # ATP Engine sources for gem5 to use + install ${S}/SConscript ${S}/*.hh ${S}/*.cc ${D}${datadir}/atp + cp -RL ${S}/gem5 ${S}/proto ${D}${datadir}/atp + + install ${WORKDIR}/start-gem5-atp.sh ${D}${bindir} +} + +addtask addto_recipe_sysroot after do_populate_sysroot before do_build diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native/start-gem5-atp.sh b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5/start-gem5-atp.sh index 16dac47714..16dac47714 100755 --- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native/start-gem5-atp.sh +++ b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5/start-gem5-atp.sh diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend index 2b55b8928a..c96f2cdc2d 100644 --- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend +++ b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend @@ -1,3 +1,5 @@ -# Export datadir paths for baremetal_atp.py script -export GEM5_DATADIR = "${STAGING_DATADIR_NATIVE}/gem5" -export ATP_DATADIR = "${STAGING_DATADIR_NATIVE}/gem5" +do_compile:prepend:gem5-atp-arm64() { + # Export datadir paths for baremetal_atp.py script + export GEM5_DATADIR="${STAGING_DATADIR_NATIVE}/gem5" + export ATP_DATADIR="${STAGING_DATADIR_NATIVE}/gem5" +} diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend deleted file mode 100644 index 6607f0f8b7..0000000000 --- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend +++ /dev/null @@ -1,24 +0,0 @@ -require recipes-devtools/atp/atp-source_3.1.inc - -FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" - -SRC_URI += "${ATP_SRC};destsuffix=git/atp;name=atp \ - file://start-gem5-atp.sh" -SRCREV_FORMAT = "gem5_atp" -SRCREV_atp = "${ATP_REV}" -LICENSE += "& ${ATP_LIC}" -LIC_FILES_CHKSUM += "file://atp/LICENSE;md5=${ATP_LIC_MD5}" - -EXTRA_OESCONS += "EXTRAS=${S}/atp" - -do_install:append() { - # baremetal_atp.py machine configuration and sample stream.atp file - install -m 644 ${B}/atp/gem5/baremetal_atp.py \ - ${B}/atp/configs/stream.atp \ - ${D}${datadir}/gem5/configs -} - -do_deploy:append() { - # start-gem5-atp.sh launch script - install -m 755 ${WORKDIR}/start-gem5-atp.sh ${DEPLOYDIR} -} diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend deleted file mode 100644 index 3ba0c3cacd..0000000000 --- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend +++ /dev/null @@ -1,14 +0,0 @@ -inherit update-rc.d - -FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" - -# Add startup script calling m5 readfile for automatic checkpoint and restore -SRC_URI += "file://m5-readfile.sh" - -INITSCRIPT_NAME = "m5-readfile.sh" -INITSCRIPT_PARAMS = "defaults 99" - -do_install:append() { - install -d ${D}/${INIT_D_DIR} - install -m 755 ${WORKDIR}/m5-readfile.sh ${D}/${INIT_D_DIR} -} diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb index 0bf4949b6f..9b54e1c833 100644 --- a/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb +++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb @@ -1,3 +1,4 @@ +COMPATIBLE_MACHINE = "gem5-atp-arm64" require recipes-devtools/atp/atp-source_3.1.inc inherit module diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb index e98e13cd17..3c88e08db3 100644 --- a/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb +++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb @@ -1,3 +1,4 @@ +COMPATIBLE_MACHINE = "gem5-atp-arm64" require recipes-devtools/atp/atp-source_3.1.inc SUMMARY = "End-to-end tests evaluating ATP kernel modules service correctness" diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb index 140105f817..a8b14796f0 100644 --- a/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb +++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb @@ -1,3 +1,4 @@ +COMPATIBLE_MACHINE = "gem5-atp-arm64" require recipes-devtools/atp/atp-source_3.1.inc SUMMARY = "User API for accessing services from ATP kernel modules" diff --git a/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend index f59f8d44b6..8cb86a97e7 100644 --- a/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend +++ b/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend @@ -1,2 +1,2 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/files:" -SRC_URI += "file://no_ftrace.cfg file://smmuv3.cfg" +FILESEXTRAPATHS:prepend:gem5-atp-arm64 := "${THISDIR}/files:" +SRC_URI:append:gem5-atp-arm64 = " file://no_ftrace.cfg file://smmuv3.cfg" diff --git a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb new file mode 100644 index 0000000000..9cddc270d4 --- /dev/null +++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb @@ -0,0 +1,17 @@ +inherit update-rc.d + +SUMMARY = "Enables reading any script at simulation launch time" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9" + +SRC_URI = "file://m5-readfile.sh" + +INITSCRIPT_NAME = "m5-readfile.sh" +INITSCRIPT_PARAMS = "defaults 99" + +do_install() { + install -d ${D}/${INIT_D_DIR} + install -m 755 ${WORKDIR}/m5-readfile.sh ${D}/${INIT_D_DIR} +} + +RDEPENDS:${PN} = "gem5-m5ops" diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops/m5-readfile.sh b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile/m5-readfile.sh index 44477e9640..edf79b8430 100755 --- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops/m5-readfile.sh +++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile/m5-readfile.sh @@ -3,7 +3,7 @@ # Provides: m5-readfile # Required-Start: $all # Default-Start: 5 -# Description: Enables reading any script at simulation launch time. +# Description: Enables reading any script at simulation launch time. ### END INIT INFO m5 readfile | sh diff --git a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc index 91a554bbbc..0f794b3fc9 100644 --- a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc +++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc @@ -12,10 +12,15 @@ GEM5_BUILD_VARIANT ?= "opt" # What gem5 binary are we building GEM5_BUILD_CONFIGS ?= "build/X86/gem5.{GEM5_BUILD_VARIANT}" +# Extra directories with sources for gem5 build. Intended to be used from +# machine configuration files, to add out-of-tree gem5 models of their +# hardware components. +GEM5_EXTRAS ?= "" + # Scons build arguments GEM5_SCONS_ARGS ?= "CC=${BUILD_CC} CXX=${BUILD_CXX} \ AS=${BUILD_AS} AR=${BUILD_AR} ${GEM5_BUILD_CONFIGS} \ - PYTHON_CONFIG=python3-config" + PYTHON_CONFIG=python3-config EXTRAS=${GEM5_EXTRAS}" # Default profile to run GEM5_RUN_PROFILE ?= "configs/example/fs.py" diff --git a/meta-arm/scripts/runfvp b/meta-arm/scripts/runfvp index c5a74b2ffa..939352b539 100755 --- a/meta-arm/scripts/runfvp +++ b/meta-arm/scripts/runfvp @@ -1,10 +1,11 @@ #! /usr/bin/env python3 -import asyncio +import itertools import os import pathlib import signal import sys +import threading import logging logger = logging.getLogger("RunFVP") @@ -37,7 +38,8 @@ def parse_args(arguments): fvp_args = [] args = parser.parse_args(args=arguments) - logging.basicConfig(level=args.verbose and logging.DEBUG or logging.WARNING) + logging.basicConfig(level=args.verbose and logging.DEBUG or logging.WARNING, + format='\033[G%(levelname)s: %(message)s') # If we're hooking up the console, don't start any terminals if args.console: @@ -47,27 +49,37 @@ def parse_args(arguments): logger.debug(f"FVP arguments: {fvp_args}") return args, fvp_args - -async def start_fvp(args, config, extra_args): +def start_fvp(args, config, extra_args): fvp = runner.FVPRunner(logger) try: - await fvp.start(config, extra_args, args.terminals) + fvp.start(config, extra_args, args.terminals) if args.console: - fvp.add_line_callback(lambda line: logger.debug(f"FVP output: {line}")) expected_terminal = config["consoles"]["default"] if not expected_terminal: logger.error("--console used but FVP_CONSOLE not set in machine configuration") return 1 - telnet = await fvp.create_telnet(expected_terminal) - await telnet.wait() + port_stdout, log_stdout = itertools.tee(fvp.stdout, 2) + parser = runner.ConsolePortParser(port_stdout) + port = parser.parse_port(expected_terminal) + + def debug_log(): + for line in log_stdout: + line = line.strip().decode(errors='ignore') + logger.debug(f'FVP output: {line}') + log_thread = threading.Thread(None, debug_log) + log_thread.start() + + telnet = fvp.create_telnet(port) + telnet.wait() logger.debug(f"Telnet quit, cancelling tasks") else: - fvp.add_line_callback(lambda line: print(line)) - await fvp.run() + for line in fvp.stdout: + print(line.strip().decode(errors='ignore')) finally: - await fvp.stop() + fvp.stop() + def runfvp(cli_args): args, extra_args = parse_args(cli_args) @@ -77,14 +89,8 @@ def runfvp(cli_args): config_file = conffile.find(args.config) logger.debug(f"Loading {config_file}") config = conffile.load(config_file) + start_fvp(args, config, extra_args) - try: - # When we can assume Py3.7+, this can simply be asyncio.run() - loop = asyncio.get_event_loop() - return loop.run_until_complete(start_fvp(args, config, extra_args)) - except asyncio.CancelledError: - # This means telnet exited, which isn't an error - return 0 if __name__ == "__main__": try: diff --git a/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb b/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb index b29716ad49..37a8106bb0 100644 --- a/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb +++ b/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb @@ -10,7 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \ file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \ " S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}" -SRC_URI[sha256sum] = "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93" +SRC_URI[sha256sum] = "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c" UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/" UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz" diff --git a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch new file mode 100644 index 0000000000..c983733dcb --- /dev/null +++ b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch @@ -0,0 +1,32 @@ +From 12ba95281d0bbea3576350d635b4dee0f953b94a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 29 Nov 2022 18:38:07 -0800 +Subject: [PATCH] libau: Do not build LFS version of readdir + +rdu64 is providing largefile supported version of readdir and readdir_r +however, we enable largefile support unconditionally in OE therefore its +not needed since readdir() and readdir_r() are already LFS capable + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libau/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libau/Makefile b/libau/Makefile +index 9ada831..1fd1ccc 100644 +--- a/libau/Makefile ++++ b/libau/Makefile +@@ -30,7 +30,7 @@ STRIP ?= strip + all: ${LibSo} + + ifeq (${Glibc},yes) +-LibSoObj += rdu64.o ++#LibSoObj += rdu64.o + + # this is unnecessary on 64bit system? + rdu64.c: rdu.c +-- +2.38.1 + diff --git a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb index f565be3f7e..fbf7753b02 100644 --- a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb +++ b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb @@ -12,6 +12,7 @@ SRC_URI = "git://git.code.sf.net/p/aufs/aufs-util;protocol=git;branch=aufs4.9 \ https://raw.githubusercontent.com/sfjro/aufs4-linux/aufs4.9/include/uapi/linux/aufs_type.h;name=aufs_type \ file://aufs-util-don-t-strip-executables.patch \ file://aufs-util-add-tool-concept-to-Makefile-for-cross-com.patch \ + file://0001-libau-Do-not-build-LFS-version-of-readdir.patch \ " SRC_URI[aufs_type.md5sum] = "b37129ef0703de72a852db7e48bdedc6" SRC_URI[aufs_type.sha256sum] = "7ff6566adb9c7a3b6862cdc85a690ab546f1d0bc81ddd595fd663c0a69031683" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb index 1446b151c5..763384b7ea 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb @@ -10,6 +10,7 @@ DEPENDS = " \ gtk4 \ gtksourceview5 \ enchant2 \ + libpcre \ " GTKIC_VERSION = "4" diff --git a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.1.bb index ed0fbb6f01..1428159ce3 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.1.bb @@ -22,7 +22,7 @@ GNOMEBASEBUILDCLASS = "meson" inherit gnomebase gsettings gobject-introspection vala gtk-doc manpages bash-completion features_check python3native -SRC_URI[archive.sha256sum] = "b3b380c9571d7c7423b5f401e4a2f2d78de47143b035eb2c1281e2423c59218b" +SRC_URI[archive.sha256sum] = "ea9d41a9fb9c2b42ad80fc2c82327b5c713d594c969b09e1a49be63fb74f4fae" # gobject-introspection is mandatory and cannot be configured REQUIRED_DISTRO_FEATURES = "gobject-introspection-data" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb index 3e43c0d2a7..e7f918333a 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb @@ -22,4 +22,4 @@ inherit autotools pkgconfig CFLAGS += " -I${S}" FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb index b25e446c41..071379758c 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb @@ -19,4 +19,4 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc index 14d09e5f0b..a4590d61a9 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc @@ -4,7 +4,7 @@ SECTION = "libs/multimedia" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594" -SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https" +SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https" SRCREV = "8b00644751578ba67b709a827cbe5133d849d339" S = "${WORKDIR}/git" PV = "2.2.6" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera_0.0.1.bb index 53cd94cbf0..2b77d99371 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera_0.0.1.bb @@ -12,9 +12,9 @@ SRC_URI = " \ git://git.libcamera.org/libcamera/libcamera.git;protocol=https;branch=master \ " -SRCREV = "ed591e705c451d0ce14988ae96829a31a2ae2f9a" +SRCREV = "a83aed77df1258e469c0eb42d9cb4f1938db53f2" -PV = "202105+git${SRCPV}" +PE = "1" S = "${WORKDIR}/git" @@ -45,8 +45,8 @@ do_configure:prepend() { } do_install:append() { - chrpath -d ${D}${libdir}/libcamera.so.0.0.0 - chrpath -d ${D}${libdir}/libcamera-base.so.0.0.0 + chrpath -d ${D}${libdir}/libcamera.so + chrpath -d ${D}${libdir}/v4l2-compat.so } addtask do_recalculate_ipa_signatures_package after do_package before do_packagedata @@ -62,13 +62,5 @@ do_recalculate_ipa_signatures_package() { ${S}/src/ipa/ipa-sign-install.sh ${B}/src/ipa-priv-key.pem "${modules}" } -FILES:${PN}-dev = "${includedir} ${libdir}/pkgconfig" -FILES:${PN}-dev += " ${libdir}/libcamera.so" -FILES:${PN} += " ${libdir}/libcamera.so.0" -FILES:${PN} += " ${libdir}/libcamera.so.0.0.0" -FILES:${PN}-dev += " ${libdir}/libcamera-base.so" -FILES:${PN} += " ${libdir}/libcamera-base.so.0" -FILES:${PN} += " ${libdir}/libcamera-base.so.0.0.0" FILES:${PN} += " ${libdir}/v4l2-compat.so" -FILES:${PN}-gst = "${libdir}/gstreamer-1.0/libgstlibcamera.so" -FILES:${PN} += " ${bindir}/cam" +FILES:${PN}-gst = "${libdir}/gstreamer-1.0" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.9.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb index e63c1b5e19..13938444c8 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.9.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb @@ -21,7 +21,7 @@ DEPENDS += " \ SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \ file://mpd.conf.in \ " -SRCREV = "12147f6d5822899cc4316799b494c093b4b47f91" +SRCREV = "d91da9679801224847c30147f5914785b6f8f240" S = "${WORKDIR}/git" EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch new file mode 100644 index 0000000000..92094af1f2 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch @@ -0,0 +1,37 @@ +From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001 +From: Max Kellermann <max@musicpd.org> +Date: Wed, 23 Nov 2022 12:25:50 +0100 +Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion + +Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591] +--- + src/SearchPage.cxx | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx +index 2fa5edbc..3f91c4fe 100644 +--- a/src/SearchPage.cxx ++++ b/src/SearchPage.cxx +@@ -81,7 +81,7 @@ search_get_tag_id(const char *name) + } + + struct SearchMode { +- enum mpd_tag_type table; ++ int table; + const char *label; + }; + +@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = { + { MPD_TAG_TITLE, N_("Title") }, + { MPD_TAG_ARTIST, N_("Artist") }, + { MPD_TAG_ALBUM, N_("Album") }, +- { (enum mpd_tag_type)SEARCH_URI, N_("Filename") }, +- { (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") }, ++ { SEARCH_URI, N_("Filename") }, ++ { SEARCH_ARTIST_TITLE, N_("Artist + Title") }, + { MPD_TAG_COUNT, nullptr } + }; + +-- +2.39.0 + diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb index a77d4f9783..44046912ed 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb @@ -34,6 +34,7 @@ PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false" SRC_URI = " \ git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \ + file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \ " -SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4" +SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass index 1238172bd4..9ad566c837 100644 --- a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass +++ b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass @@ -17,4 +17,4 @@ do_kernel_add_regdb() { cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt } do_kernel_add_regdb[dirs] = "${S}" -addtask kernel_add_regdb before do_build after do_configure +addtask kernel_add_regdb before do_compile after do_configure diff --git a/meta-openembedded/meta-networking/licenses/netperf b/meta-openembedded/meta-networking/licenses/netperf deleted file mode 100644 index 3f3ceb2fc2..0000000000 --- a/meta-openembedded/meta-networking/licenses/netperf +++ /dev/null @@ -1,43 +0,0 @@ - - - Copyright (C) 1993 Hewlett-Packard Company - ALL RIGHTS RESERVED. - - The enclosed software and documentation includes copyrighted works - of Hewlett-Packard Co. For as long as you comply with the following - limitations, you are hereby authorized to (i) use, reproduce, and - modify the software and documentation, and to (ii) distribute the - software and documentation, including modifications, for - non-commercial purposes only. - - 1. The enclosed software and documentation is made available at no - charge in order to advance the general development of - high-performance networking products. - - 2. You may not delete any copyright notices contained in the - software or documentation. All hard copies, and copies in - source code or object code form, of the software or - documentation (including modifications) must contain at least - one of the copyright notices. - - 3. The enclosed software and documentation has not been subjected - to testing and quality control and is not a Hewlett-Packard Co. - product. At a future time, Hewlett-Packard Co. may or may not - offer a version of the software and documentation as a product. - - 4. THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS". - HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE, - REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR - DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL - PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR - DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES, - EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE - DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - 5. HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY - DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES - (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION, - MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION. - - diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb index c3cde1f27a..2822e8713a 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb @@ -26,6 +26,7 @@ RDEPENDS:${PN} += " \ python3-dbus \ python3-pygobject \ python3-terminal \ + python3-fcntl \ packagegroup-tools-bluetooth \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch new file mode 100644 index 0000000000..4ea519c752 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch @@ -0,0 +1,118 @@ +From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 7 Feb 2022 22:26:05 -0500 +Subject: [PATCH] it's probably wrong to be completely retarded. Let's fix + that. + +CVE: CVE-2022-41860 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++------- + 1 file changed, 52 insertions(+), 17 deletions(-) + +diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c +index cf1e8a7dd9..e438a844ea 100644 +--- a/src/modules/rlm_eap/libeap/eapsimlib.c ++++ b/src/modules/rlm_eap/libeap/eapsimlib.c +@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, + newvp->vp_length = 1; + fr_pair_add(&(r->vps), newvp); + ++ /* ++ * EAP-SIM has a 1 octet of subtype, and 2 octets ++ * reserved. ++ */ + attr += 3; + attrlen -= 3; + +- /* now, loop processing each attribute that we find */ +- while(attrlen > 0) { ++ /* ++ * Loop over each attribute. The format is: ++ * ++ * 1 octet of type ++ * 1 octet of length (value 1..255) ++ * ((4 * length) - 2) octets of data. ++ */ ++ while (attrlen > 0) { + uint8_t *p; + +- if(attrlen < 2) { ++ if (attrlen < 2) { + fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); + return 0; + } + ++ if (!attr[1]) { ++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute, ++ es_attribute_count); ++ return 0; ++ } ++ + eapsim_attribute = attr[0]; + eapsim_len = attr[1] * 4; + ++ /* ++ * The length includes the 2-byte header. ++ */ + if (eapsim_len > attrlen) { + fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)", + eapsim_attribute, es_attribute_count, eapsim_len, attrlen); + return 0; + } + +- if(eapsim_len > MAX_STRING_LEN) { +- eapsim_len = MAX_STRING_LEN; +- } +- if (eapsim_len < 2) { +- fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute, +- es_attribute_count); +- return 0; +- } ++ newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0); ++ if (!newvp) { ++ /* ++ * RFC 4186 Section 8.1 says 0..127 are ++ * "non-skippable". If one such ++ * attribute is found and we don't ++ * understand it, the server has to send: ++ * ++ * EAP-Request/SIM/Notification packet with an ++ * (AT_NOTIFICATION code, which implies general failure ("General ++ * failure after authentication" (0), or "General failure" (16384), ++ * depending on the phase of the exchange), which terminates the ++ * authentication exchange. ++ */ ++ if (eapsim_attribute <= 127) { ++ fr_strerror_printf("Unknown mandatory attribute %d, failing", ++ eapsim_attribute); ++ return 0; ++ } + +- newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0); +- newvp->vp_length = eapsim_len-2; +- newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); +- memcpy(p, &attr[2], eapsim_len-2); +- fr_pair_add(&(r->vps), newvp); +- newvp = NULL; ++ } else { ++ /* ++ * It's known, ccount for header, and ++ * copy the value over. ++ */ ++ newvp->vp_length = eapsim_len - 2; ++ ++ newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); ++ memcpy(p, &attr[2], newvp->vp_length); ++ fr_pair_add(&(r->vps), newvp); ++ } + + /* advance pointers, decrement length */ + attr += eapsim_len; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 0000000000..352c02137a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch @@ -0,0 +1,53 @@ +From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 28 Feb 2022 10:34:15 -0500 +Subject: [PATCH] manual port of commit 5906bfa1 + +CVE: CVE-2022-41861 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/lib/filters.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/lib/filters.c b/src/lib/filters.c +index 4868cd385d..3f3b63daee 100644 +--- a/src/lib/filters.c ++++ b/src/lib/filters.c +@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + } + } + } else if (filter->type == RAD_FILTER_GENERIC) { +- int count; ++ size_t count, masklen; ++ ++ masklen = ntohs(filter->u.generic.len); ++ if (masklen >= sizeof(filter->u.generic.mask)) { ++ *p = '\0'; ++ return; ++ } + + i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset)); + p += i; + + /* show the mask */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]); + p += i; + outlen -= i; +@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + outlen--; + + /* show the value */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]); + p += i; + outlen -= i; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service index 37a2eb3d7d..7969bfb690 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service @@ -4,10 +4,11 @@ After=syslog.target network.target [Service] Type=forking +EnvironmentFile=-/etc/sysconfig/radiusd PIDFile=/run/radiusd/radiusd.pid ExecStartPre=-@BASE_BINDIR@/chown -R radiusd:radiusd /run/radiusd ExecStartPre=@SBINDIR@/radiusd -C -ExecStart=@SBINDIR@/radiusd -d @SYSCONFDIR@/raddb +ExecStart=@SBINDIR@/radiusd -d @SYSCONFDIR@/${MLPREFIX}raddb ExecReload=@SBINDIR@/radiusd -C ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index 1407b798b5..d18c387798 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -33,6 +33,8 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://radiusd-volatiles.conf \ file://check-openssl-cmds-in-script-bootstrap.patch \ file://0001-version.c-don-t-print-build-flags.patch \ + file://CVE-2022-41860.patch \ + file://CVE-2022-41861.patch \ " raddbdir="${sysconfdir}/${MLPREFIX}raddb" @@ -199,7 +201,37 @@ pkg_postinst:${PN} () { # Fix ownership for /etc/raddb/*, /var/lib/radiusd chown -R radiusd:radiusd ${raddbdir} chown -R radiusd:radiusd ${localstatedir}/lib/radiusd + + # for radiusd.service with multilib + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${sysconfdir}/sysconfig + echo "MLPREFIX=${MLPREFIX}" > ${sysconfdir}/sysconfig/radiusd + fi + else + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d $D${sysconfdir}/sysconfig + echo "MLPREFIX=${MLPREFIX}" > $D${sysconfdir}/sysconfig/radiusd + fi + fi +} + +pkg_postrm:${PN} () { + # only try to remove ${sysconfdir}/sysconfig/radiusd for systemd + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then + exit 0 + fi + + if [ -d ${sysconfdir}/raddb ]; then + exit 0 fi + for variant in ${MULTILIB_GLOBAL_VARIANTS}; do + if [ -d ${sysconfdir}/${variant}-raddb ]; then + exit 0 + fi + done + + rm -f ${sysconfdir}/sysconfig/radiusd + rmdir --ignore-fail-on-non-empty ${sysconfdir}/sysconfig } # We really need the symlink :( diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb index 742414dd8a..15bd7cf43d 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb @@ -23,7 +23,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "dd79db10014d85b26d11fe57218431f2e5ede6f2" +SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb index 10241e12a6..801739170b 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb @@ -104,9 +104,11 @@ PACKAGECONFIG[ovs] = "-Dovs=true,-Dovs=false,jansson" PACKAGECONFIG[audit] = "-Dlibaudit=yes,-Dlibaudit=no" PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux" PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false" -PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=yes,-Ddhcpcd=no,,dhcpcd" +PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=${base_sbindir}/dhcpcd,-Ddhcpcd=no,,dhcpcd" PACKAGECONFIG[dhclient] = "-Ddhclient=yes,-Ddhclient=no,,dhcp" PACKAGECONFIG[concheck] = "-Dconcheck=true,-Dconcheck=false" +# The following PACKAGECONFIG is used to determine whether NM is managing /etc/resolv.conf itself or not +PACKAGECONFIG[man-resolv-conf] = ",," PACKAGES =+ " \ @@ -258,9 +260,9 @@ SYSTEMD_SERVICE:${PN}-daemon = "\ " RCONFLICTS:${PN}-daemon += "connman" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE:${PN}-daemon = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" -ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}" -ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" +ALTERNATIVE:${PN}-daemon = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','resolv-conf','',d)}" +ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv-conf.NetworkManager','',d)}" +ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv.conf','',d)}" # The networkmanager package is an empty meta package which weakly depends on all the compiled features. @@ -285,7 +287,7 @@ do_install:append() { rm -rf ${D}/run ${D}${localstatedir}/run - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if ${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','true','false',d)}; then # For read-only filesystem, do not create links during bootup ln -sf ../run/NetworkManager/resolv.conf ${D}${sysconfdir}/resolv-conf.NetworkManager @@ -295,11 +297,11 @@ do_install:append() { # Enable iwd if compiled if ${@bb.utils.contains('PACKAGECONFIG','iwd','true','false',d)}; then - install -Dm 0644 ${WORKDIR}/enable-iwd.conf ${D}${libdir}/NetworkManager/conf.d/enable-iwd.conf + install -Dm 0644 ${WORKDIR}/enable-iwd.conf ${D}${nonarch_libdir}/NetworkManager/conf.d/enable-iwd.conf fi # Enable dhcpd if compiled if ${@bb.utils.contains('PACKAGECONFIG','dhcpcd','true','false',d)}; then - install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf ${D}${libdir}/NetworkManager/conf.d/enable-dhcpcd.conf + install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf ${D}${nonarch_libdir}/NetworkManager/conf.d/enable-dhcpcd.conf fi } diff --git a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb index e715135dc3..03eff43dd2 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb @@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6" DEPENDS = "asio fmt http-parser" -SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2" +SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2" SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c" SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7" -S = "${WORKDIR}/${PN}-${PV}/dev" +S = "${WORKDIR}/${BP}/dev" inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb b/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb index 5c52437af8..ad7b083100 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb @@ -1,7 +1,7 @@ DESCRIPTION = "Non-interactive ssh password auth" HOMEPAGE = "http://sshpass.sourceforge.net/" SECTION = "console/network" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.2.bb index 790fa68b33..aafb6d370f 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.2.bb @@ -13,7 +13,7 @@ PROVIDES += "cyassl" RPROVIDES:${PN} = "cyassl" SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master" -SRCREV = "f1e2165c591f074feb47872a8ff712713ec411e1" +SRCREV = "0ea0b887a51771cc1668d71b9113bbc286dd4f8a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.15.bb index eda0129feb..6a3687cf72 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.15.bb @@ -11,9 +11,9 @@ SRC_URI = "\ file://lldpd.default \ " -SRC_URI[sha256sum] = "a74819214f116a5dbc407a3d490caa01ba401a249517ac826a374059c12d12e8" +SRC_URI[sha256sum] = "f7fe3a130be98a19c491479ef60f36b8ee41a9e6bc4d7f2c41033f63956a3126" -inherit autotools update-rc.d useradd systemd pkgconfig bash-completion +inherit autotools update-rc.d useradd systemd pkgconfig bash-completion github-releases USERADD_PACKAGES = "${PN}" USERADD_PARAM:${PN} = "--system -g lldpd --shell /bin/false lldpd" diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc index 8a4428c504..5133caaa46 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc @@ -115,7 +115,7 @@ do_install () { 'data_directory=${localstatedir}/lib/postfix' \ -non-interactive rm -rf ${D}${localstatedir}/spool/postfix - mv ${D}${sysconfdir}/postfix/main.cf ${D}${sysconfdir}/postfix/sample-main.cf + mv ${D}${sysconfdir}/postfix/main.cf ${D}${sysconfdir}/postfix/${MLPREFIX}sample-main.cf install -m 755 ${S}/bin/smtp-sink ${D}/${sbindir}/ install -d ${D}${sysconfdir}/init.d install -m 644 ${WORKDIR}/main.cf ${D}${sysconfdir}/postfix/main.cf diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch index f8efc10448..f8efc10448 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch index c743b3eddb..c743b3eddb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch index c57ce8fa53..c57ce8fa53 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch index 21ba318499..21ba318499 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch index 33590ffc57..33590ffc57 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch index 8c0e6bf397..8c0e6bf397 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch index db3a63ea48..db3a63ea48 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch index b461a60df7..b461a60df7 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch new file mode 100644 index 0000000000..b7d9ad5bba --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch @@ -0,0 +1,175 @@ +From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Tue, 6 Dec 2022 13:28:31 +0000 +Subject: [PATCH] make: Add top-level Makefile + +Simple top level Makefile that just delegates to mDNSPosix. + +Upstream-Status: Inappropriate [oe-specific] +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + Makefile | 154 +------------------------------------------------------ + 1 file changed, 2 insertions(+), 152 deletions(-) + +diff --git a/Makefile b/Makefile +index 8b6fa77..feb6ac6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,152 +1,2 @@ +-# +-# Copyright (c) 2003-2018 Apple Inc. All rights reserved. +-# +-# Top level makefile for Build & Integration (B&I). +-# +-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple. +-# +-# The various platform directories contain makefiles or projects specific to that platform. +-# +-# B&I builds must respect the following target: +-# install: +-# installsrc: +-# installhdrs: +-# installapi: +-# clean: +-# +- +-include $(MAKEFILEPATH)/pb_makefiles/platform.make +- +-MVERS = "mDNSResponder-1310.140.1" +- +-VER = +-ifneq ($(strip $(GCC_VERSION)),) +- VER = -- GCC_VERSION=$(GCC_VERSION) +-endif +-echo "VER = $(VER)" +- +-projectdir := $(SRCROOT)/mDNSMacOSX +-buildsettings := OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT) +- +-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean +- +-# Sanitizer support +-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210. +-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim +-PROJECT_SUPPORTS_SANITIZERS := 1 +-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0) +- PROJECT_SUPPORTS_SANITIZERS := 0 +-endif +-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Address Sanitizer) +- buildsettings += -enableAddressSanitizer YES +- else +- $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Thread Sanitizer) +- buildsettings += -enableThreadSanitizer YES +- else +- $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Undefined Behavior Sanitizer) +- buildsettings += -enableUndefinedBehaviorSanitizer YES +- else +- $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +- +-# B&I install build targets +-# +-# For the mDNSResponder build alias, the make target used by B&I depends on the platform: +-# +-# Platform Make Target +-# -------- ----------- +-# osx install +-# ios installSome +-# atv installSome +-# watch installSome +-# +-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries +-# target for all platforms. +- +-install: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +-endif +- +-installSome: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +- +-installEmpty: +- mkdir -p $(DSTROOT)/AppleInternal +- +-installExtras: +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER) +-endif +- +-SystemLibraries: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER) +- +-# B&I installhdrs build targets +- +-installhdrs:: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER) +-endif +- +-# B&I installapi build targets +- +-installapi: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER) +-endif +- +-# Misc. targets +- +-installsrc: +- ditto . '$(SRCROOT)' +- rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension' +- +-java: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER) +- +-clean:: +- echo clean ++all clean: ++ cd mDNSPosix && $(MAKE) $@ +-- +2.38.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch index fdc5105cb9..fdc5105cb9 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch index 362d69768e..362d69768e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch index b9b0157276..b9b0157276 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch index d9adde04c2..d9adde04c2 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service index 531d142dcd..531d142dcd 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb index 205dc929be..65f4847d8f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb @@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." HOMEPAGE = "http://developer.apple.com/networking/bonjour/" LICENSE = "Apache-2.0 & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf" +LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" DEPENDS:append:libc-musl = " musl-nscd" RPROVIDES:${PN} += "libdns_sd.so" -SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \ +# matches annotated tag mDNSResponder-1310.140.1 +SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77" +BRANCH = "rel/mDNSResponder-1310" +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \ file://mdns.service \ - file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \ - file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \ - file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \ - file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \ - file://0003-Track-interface-socket-family.patch;patchdir=.. \ - file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \ - file://0006-Remove-unneeded-function.patch;patchdir=.. \ - file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \ - file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \ - file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \ - file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \ - file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \ + file://0001-mdns-include-stddef.h-for-NULL.patch \ + file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \ + file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \ + file://0002-Create-subroutine-for-tearing-down-an-interface.patch \ + file://0003-Track-interface-socket-family.patch \ + file://0004-Use-list-for-changed-interfaces.patch \ + file://0006-Remove-unneeded-function.patch \ + file://0008-Mark-deleted-interfaces-as-being-changed.patch \ + file://0009-Fix-possible-NULL-dereference.patch \ + file://0010-Handle-errors-from-socket-calls.patch \ + file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \ + file://0001-dns-sd-Include-missing-headers.patch \ + file://0006-make-Add-top-level-Makefile.patch \ " -SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f" CVE_PRODUCT = "apple:mdnsresponder" @@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613" PARALLEL_MAKE = "" -S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" +# We install a stub Makefile in the top directory so that the various checks +# in base.bbclass pass their tests for a Makefile, this ensures (that amongst +# other things) the sstate checks will clean the build directory when the +# task hashes changes. +# +# We can't use the approach of setting ${S} to mDNSPosix as we need +# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. +S = "${WORKDIR}/git" EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'" TARGET_CC_ARCH += "${LDFLAGS}" do_install () { + cd mDNSPosix + install -d ${D}${sbindir} install -m 0755 build/prod/mdnsd ${D}${sbindir} diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch new file mode 100644 index 0000000000..6fbace75a5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch @@ -0,0 +1,32 @@ +From 5719f40db65a72624a0b0f08e546d12bf823bd1e Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 18 Jan 2023 14:38:44 -0800 +Subject: [PATCH] Add noreturn attribute to netsnmp_pci_error() + +Fixes build with clang16 +| mibgroup/if-mib/data_access/interface_linux.c:152:23: error: incompatible function pointer types assigning to 'void (*)(char *, ...) __attribute__((noreturn))' from 'void (char *, ...)' [-Wincompatible-function-pointer-types] +| pci_access->error = netsnmp_pci_error; +| ^ ~~~~~~~~~~~~~~~~~ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c +index c6cc54e..12eb865 100644 +--- a/agent/mibgroup/if-mib/data_access/interface_linux.c ++++ b/agent/mibgroup/if-mib/data_access/interface_linux.c +@@ -31,7 +31,7 @@ static struct pci_access *pci_access; + /* Avoid letting libpci call exit(1) when no PCI bus is available. */ + static int do_longjmp =0; + static jmp_buf err_buf; +-static void ++__attribute__((noreturn)) static void + netsnmp_pci_error(char *msg, ...) + { + va_list args; +-- +2.39.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000000..b18d4dc292 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,121 @@ +From d13302656d9ff0807c5defe18623adc947f43a2b Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Wed, 8 Feb 2023 13:15:39 +0000 +Subject: [PATCH] agent: Disallow SET requests with any NULL varbind Merge pull + request #490 from fenner/set-null + +fixes: #474 and #475 + +CVE: CVE-2022-44792, CVE-2022-44793 + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 867d0c1..3f678fe 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 48e14bd..d542713 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.34.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 7af5147566..f40fb8bbd6 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -26,6 +26,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ " SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb index d0e2c4b540..870c9d8d6a 100644 --- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb @@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', ' USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,14 +62,17 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--disable-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" + +# These are left for backwards compatibility, to avoid breaking existing +# configurations. +PACKAGECONFIG[libcap] = "" +PACKAGECONFIG[nss] = "" +PACKAGECONFIG[readline] = "" # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index a8ff21a125..9e0f529ec1 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -14,6 +14,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolvconf.service \ file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ + file://CVE-2023-28450.patch \ " inherit pkgconfig update-rc.d systemd diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch new file mode 100644 index 0000000000..129c9043e8 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch @@ -0,0 +1,48 @@ +From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Tue, 7 Mar 2023 22:07:46 +0000 +Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232. + +http://www.dnsflagday.net/2020/ refers. + +Thanks to Xiang Li for the prompt. + +CVE: CVE-2023-28450 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + man/dnsmasq.8 | 3 ++- + src/config.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 41e2e04..5acb935 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP. + .TP + .B \-P, --edns-packet-max=<size> + Specify the largest EDNS.0 UDP packet which is supported by the DNS +-forwarder. Defaults to 4096, which is the RFC5625-recommended size. ++forwarder. Defaults to 1232, which is the recommended size following the ++DNS flag day in 2020. Only increase if you know what you are doing. + .TP + .B \-Q, --query-port=<query_port> + Send outbound DNS queries from, and listen for their replies on, the +diff --git a/src/config.h b/src/config.h +index 1e7b30f..37b374e 100644 +--- a/src/config.h ++++ b/src/config.h +@@ -19,7 +19,7 @@ + #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ + #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ + #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */ +-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ ++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */ + #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */ + #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */ + #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb b/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb index 7d37f41096..b0958e6975 100644 --- a/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb @@ -10,6 +10,7 @@ DEPENDS += "ethtool \ librepo \ libnet \ libpcap \ + libpcre \ ncurses \ openssl \ zlib \ diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb index 2ae53dc640..c4589c20f5 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb @@ -30,6 +30,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" # CVE-2016-9312 is only for windows. +# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility # The other CVEs are not correctly identified because cve-check # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) CVE_CHECK_IGNORE += "\ @@ -53,6 +54,7 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ + CVE-2019-11331 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.5.bb b/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.6.bb index b0b96bed8f..09752825c2 100644 --- a/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.6.bb @@ -5,7 +5,7 @@ SECTION = "net" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -SRCREV = "9ca7441add4427a91fe90c34ae4a178ed9a50553" +SRCREV = "999bdd724a1f963ac8bfd0598ffdd2a3d651646e" SRC_URI = "git://github.com/troglobit/smcroute.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.8.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.9.bb index 266d43aa6f..a11cd5a6cc 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.8.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.9.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "d3303a43c0bd7b75a12b64855e8edcb53696f06190364f26d1533bde1f2e453c" +SRC_URI[sha256sum] = "5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.5.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.6.bb index 4909acdee9..7128a23cd2 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.6.bb @@ -8,8 +8,7 @@ LIC_FILES_CHKSUM = "file://tcpslice.c;endline=20;md5=99519e2e5234d1662a4ce16baa6 SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz \ " -SRC_URI[md5sum] = "8907e60376e629f6e6ce2255988aaf47" -SRC_URI[sha256sum] = "f6935e3e7ca00ef50c515d062fddd410868467ec5b6d8f2eca12066f8d91dda2" +SRC_URI[sha256sum] = "60d23f00d4c485fef2dda9b12c2018af958df3a511238c45374733bbc1231920" UPSTREAM_CHECK_REGEX = "tcpslice-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch new file mode 100644 index 0000000000..4e2157ca75 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch @@ -0,0 +1,33 @@ +From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001 +From: rofl0r <rofl0r@users.noreply.github.com> +Date: Thu, 8 Sep 2022 15:18:04 +0000 +Subject: [PATCH] prevent junk from showing up in error page in invalid + requests + +fixes #457 + +https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 +Upstream-Status: Backport +CVE: CVE-2022-40468 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + src/reqs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/reqs.c b/src/reqs.c +index bce69819..45db118d 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr, + goto fail; + } + ++ /* zero-terminate the strings so they don't contain junk in error page */ ++ request->method[0] = url[0] = request->protocol[0] = 0; ++ + ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]", + request->method, url, request->protocol); ++ + if (ret == 2 && !strcasecmp (request->method, "GET")) { + request->protocol[0] = 0; + diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb index 86f57d88ff..999deff4de 100644 --- a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb @@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz file://disable-documentation.patch \ file://tinyproxy.service \ file://tinyproxy.conf \ + file://CVE-2022-40468.patch \ " SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047" diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb index 234d347af7..7e975d2c6d 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb @@ -49,9 +49,9 @@ do_configure:append() { # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA do_install:prepend() { - rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S} + rm -rf ${S}/python-pkg/dist/ + mkdir ${S}/python-pkg/dist/ + tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S} } # In code, path to python is a variable that is replaced with path to native version of it diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index d040ab160b..ff0938d583 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -118,7 +118,7 @@ scons_do_install() { # install mongo data folder install -m 755 -d ${D}${localstatedir}/lib/${BPN} - chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN} + chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN} # Create /var/log/mongodb in runtime. if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch new file mode 100644 index 0000000000..8b6405b4ad --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch @@ -0,0 +1,46 @@ +From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 +From: Michael Larabel <michael@phoronix.com> +Date: Sat, 23 Jul 2022 07:32:43 -0500 +Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in + phoromatic_quit_if_invalid_input_found() + +Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 + +Upstream-Status: Backport +CVE: CVE-2022-40704 + +Reference to upstream patch: +https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php +index 74ccc5444c..c2313dcdea 100644 +--- a/pts-core/phoromatic/phoromatic_functions.php ++++ b/pts-core/phoromatic/phoromatic_functions.php +@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) + { + foreach($input_keys as $key) + { +- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) ++ if(isset($_GET[$key]) && !empty($_GET[$key])) + { +- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) ++ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) ++ { ++ if(stripos($val_to_check, $invalid_string) !== false) ++ { ++ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check); ++ exit; ++ } ++ } ++ } ++ if(isset($_POST[$key]) && !empty($_POST[$key])) ++ { ++ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) + { + if(stripos($val_to_check, $invalid_string) !== false) + { diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb index be9756d9a7..8de3314b3c 100644 --- a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb @@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "console/tests" -SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz" +SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \ + file://CVE-2022-40704.patch \ + " + SRC_URI[sha256sum] = "1f2092d536c0a3193efc53e4a50f3cee65c0ef1a78d31e5404f1c663fff7b7f4" S = "${WORKDIR}/phoronix-test-suite" diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch new file mode 100644 index 0000000000..5360e981ce --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch @@ -0,0 +1,218 @@ +From ea676855f2119e36d433fbd2ed604039f53b2091 Mon Sep 17 00:00:00 2001 +From: Richard Hughes <richard@hughsie.com> +Date: Wed, 21 Sep 2022 14:56:10 +0100 +Subject: [PATCH] Never save the Redfish passwords to a file readable by users + +When the redfish plugin automatically creates an OPERATOR user account on the +BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it +is chmod'ed to 0660 before writing the file with g_key_file_save_to_file(). + +Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with +the keyfile string data. +I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being +used to copy permissions, but alas not. + +GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666, +which undoes the previous chmod(). + +Use g_file_set_contents_full() with the correct mode for newer GLib versions, +and provide a fallback with the same semantics for older versions. + +https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 +Upstream-Status: Backport +CVE: CVE-2022-3287 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + contrib/fwupd.spec.in | 3 ++ + libfwupdplugin/fu-plugin.c | 65 +++++++++++++++++++++++++++++------ + libfwupdplugin/fu-self-test.c | 57 ++++++++++++++++++++++++++++++ + 3 files changed, 114 insertions(+), 11 deletions(-) + +diff --git a/contrib/fwupd.spec.in b/contrib/fwupd.spec.in +index b011292b1b..42ea2024a8 100644 +--- a/contrib/fwupd.spec.in ++++ b/contrib/fwupd.spec.in +@@ -326,6 +326,9 @@ for fn in /etc/fwupd/remotes.d/*.conf; do + fi + done + ++# ensure this is private ++chmod 0660 /etc/fwupd/redfish.conf ++ + %preun + %systemd_preun fwupd.service + +diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c +index 9744af9d60..b431f6d418 100644 +--- a/libfwupdplugin/fu-plugin.c ++++ b/libfwupdplugin/fu-plugin.c +@@ -9,6 +9,7 @@ + #include "config.h" + + #include <errno.h> ++#include <fcntl.h> + #include <fwupd.h> + #include <glib/gstdio.h> + #include <gmodule.h> +@@ -2417,6 +2418,46 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, + return g_key_file_save_to_file(keyfile, conf_path, error); + } + ++#if !GLIB_CHECK_VERSION(2, 66, 0) ++ ++#define G_FILE_SET_CONTENTS_CONSISTENT 0 ++typedef guint GFileSetContentsFlags; ++static gboolean ++g_file_set_contents_full(const gchar *filename, ++ const gchar *contents, ++ gssize length, ++ GFileSetContentsFlags flags, ++ int mode, ++ GError **error) ++{ ++ gint fd; ++ gssize wrote; ++ ++ if (length < 0) ++ length = strlen(contents); ++ fd = g_open(filename, O_CREAT, mode); ++ if (fd <= 0) { ++ g_set_error(error, ++ G_IO_ERROR, ++ G_IO_ERROR_FAILED, ++ "could not open %s file", ++ filename); ++ return FALSE; ++ } ++ wrote = write(fd, contents, length); ++ if (wrote != length) { ++ g_set_error(error, ++ G_IO_ERROR, ++ G_IO_ERROR_FAILED, ++ "did not write %s file", ++ filename); ++ g_close(fd, NULL); ++ return FALSE; ++ } ++ return g_close(fd, error); ++} ++#endif ++ + /** + * fu_plugin_set_secure_config_value: + * @self: a #FuPlugin +@@ -2438,7 +2479,8 @@ fu_plugin_set_secure_config_value(FuPlugin *self, + GError **error) + { + g_autofree gchar *conf_path = fu_plugin_get_config_filename(self); +- gint ret; ++ g_autofree gchar *data = NULL; ++ g_autoptr(GKeyFile) keyfile = g_key_file_new(); + + g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE); + g_return_val_if_fail(error == NULL || *error == NULL, FALSE); +@@ -2447,17 +2489,18 @@ fu_plugin_set_secure_config_value(FuPlugin *self, + g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path); + return FALSE; + } +- ret = g_chmod(conf_path, 0660); +- if (ret == -1) { +- g_set_error(error, +- FWUPD_ERROR, +- FWUPD_ERROR_INTERNAL, +- "failed to set permissions on %s", +- conf_path); ++ if (!g_key_file_load_from_file(keyfile, conf_path, G_KEY_FILE_KEEP_COMMENTS, error)) + return FALSE; +- } +- +- return fu_plugin_set_config_value(self, key, value, error); ++ g_key_file_set_string(keyfile, fu_plugin_get_name(self), key, value); ++ data = g_key_file_to_data(keyfile, NULL, error); ++ if (data == NULL) ++ return FALSE; ++ return g_file_set_contents_full(conf_path, ++ data, ++ -1, ++ G_FILE_SET_CONTENTS_CONSISTENT, ++ 0660, ++ error); + } + + /** +diff --git a/libfwupdplugin/fu-self-test.c b/libfwupdplugin/fu-self-test.c +index 2dbc9c94ff..aaf49c172b 100644 +--- a/libfwupdplugin/fu-self-test.c ++++ b/libfwupdplugin/fu-self-test.c +@@ -674,6 +674,62 @@ _plugin_device_added_cb(FuPlugin *plugin, FuDevice *device, gpointer user_data) + fu_test_loop_quit(); + } + ++static void ++fu_plugin_config_func(void) ++{ ++ GStatBuf statbuf = {0}; ++ gboolean ret; ++ gint rc; ++ g_autofree gchar *conf_dir = NULL; ++ g_autofree gchar *conf_file = NULL; ++ g_autofree gchar *fn = NULL; ++ g_autofree gchar *testdatadir = NULL; ++ g_autofree gchar *value = NULL; ++ g_autoptr(FuPlugin) plugin = fu_plugin_new(NULL); ++ g_autoptr(GError) error = NULL; ++ ++ /* this is a build file */ ++ testdatadir = g_test_build_filename(G_TEST_BUILT, "tests", NULL); ++ (void)g_setenv("FWUPD_SYSCONFDIR", testdatadir, TRUE); ++ conf_dir = fu_path_from_kind(FU_PATH_KIND_SYSCONFDIR_PKG); ++ ++ /* remove existing file */ ++ fu_plugin_set_name(plugin, "test"); ++ conf_file = g_strdup_printf("%s.conf", fu_plugin_get_name(plugin)); ++ fn = g_build_filename(conf_dir, conf_file, NULL); ++ ret = fu_path_mkdir_parent(fn, &error); ++ g_assert_no_error(error); ++ g_assert_true(ret); ++ g_remove(fn); ++ ret = g_file_set_contents(fn, "", -1, &error); ++ g_assert_no_error(error); ++ g_assert_true(ret); ++ ++ /* set a value */ ++ ret = fu_plugin_set_config_value(plugin, "Key", "True", &error); ++ g_assert_no_error(error); ++ g_assert_true(ret); ++ g_assert_true(g_file_test(fn, G_FILE_TEST_EXISTS)); ++ ++ /* check it is world readable */ ++ rc = g_stat(fn, &statbuf); ++ g_assert_cmpint(rc, ==, 0); ++ g_assert_cmpint(statbuf.st_mode & 0777, ==, 0644); ++ ++ /* read back the value */ ++ value = fu_plugin_get_config_value(plugin, "Key"); ++ g_assert_cmpstr(value, ==, "True"); ++ g_assert_true(fu_plugin_get_config_value_boolean(plugin, "Key")); ++ ++ /* check it is private, i.e. only readable by the user/group */ ++ ret = fu_plugin_set_secure_config_value(plugin, "Key", "False", &error); ++ g_assert_no_error(error); ++ g_assert_true(ret); ++ rc = g_stat(fn, &statbuf); ++ g_assert_cmpint(rc, ==, 0); ++ g_assert_cmpint(statbuf.st_mode & 0777, ==, 0640); ++} ++ + static void + fu_plugin_devices_func(void) + { +@@ -3598,6 +3654,7 @@ main(int argc, char **argv) + g_test_add_func("/fwupd/progress{finish}", fu_progress_finish_func); + g_test_add_func("/fwupd/bios-attrs{load}", fu_bios_settings_load_func); + g_test_add_func("/fwupd/security-attrs{hsi}", fu_security_attrs_hsi_func); ++ g_test_add_func("/fwupd/plugin{config}", fu_plugin_config_func); + g_test_add_func("/fwupd/plugin{devices}", fu_plugin_devices_func); + g_test_add_func("/fwupd/plugin{device-inhibit-children}", + fu_plugin_device_inhibit_children_func); diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb index 72f37aea85..794a678833 100644 --- a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb @@ -6,7 +6,9 @@ DEPENDS = "glib-2.0 libxmlb json-glib libjcat gcab vala-native" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \ file://c54ae9c524998e449b822feb465a0c90317cd735.patch \ - file://run-ptest" + file://run-ptest \ + file://CVE-2022-3287.patch \ + " SRC_URI[sha256sum] = "adfa07434cdc29ec41c40fef460e8d970963fe0c7e849dec7f3932adb161f886" UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" @@ -83,7 +85,7 @@ PACKAGECONFIG[plugin_emmc] = "-Dplugin_emmc=true,-Dplugin_emmc=false" PACKAGECONFIG[plugin_ep963x] = "-Dplugin_ep963x=true,-Dplugin_ep963x=false" PACKAGECONFIG[plugin_fastboot] = "-Dplugin_fastboot=true,-Dplugin_fastboot=false" PACKAGECONFIG[plugin_flashrom] = "-Dplugin_flashrom=true,-Dplugin_flashrom=false,flashrom" -PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=true,-Dplugin_gpio" +PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=true,-Dplugin_gpio=false" PACKAGECONFIG[plugin_intel_spi] = "-Dplugin_intel_spi=true -Dlzma=true,-Dplugin_intel_spi=false -Dlzma=false,xz" PACKAGECONFIG[plugin_logitech_bulkcontroller] = "-Dplugin_logitech_bulkcontroller=true,-Dplugin_logitech_bulkcontroller=false,protobuf-c-native protobuf-c" PACKAGECONFIG[plugin_modem_manager] = "-Dplugin_modem_manager=true,-Dplugin_modem_manager=false,libqmi modemmanager" diff --git a/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.2.bb b/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.3.bb index 5261367db2..8d9d423ce7 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.2.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.3.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://license.txt;md5=f4ce98476c07c34e1793daa036960fad" SECTION = "libs" SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz" -SRC_URI[sha256sum] = "3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75" +SRC_URI[sha256sum] = "dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55" S = "${WORKDIR}/Botan-${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221023.0.bb index 5564a9b853..b7703cef96 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221023.0.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" inherit autotools-brokensep pkgconfig manpages -SRCREV = "5d506a1a3b6850f05de5e785c5d14cfd6f9b1620" +SRCREV = "d8f5c062ea6ff484f4f1f5095a7d3c364f3019ea" SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb index 37f7746846..6f76013dbd 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb @@ -4,7 +4,7 @@ SUMMARY = "Gstreamer editing services" HOMEPAGE = "http://cgit.freedesktop.org/gstreamer/gst-editing-services/" -LICENSE = "GPL-2.0-on-later & LGPL-2.1-or-later" +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \ file://COPYING.LIB;md5=6762ed442b3822387a51c92d928ead0d" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb index 502262820a..6cf27755e8 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb @@ -18,7 +18,7 @@ inherit cmake EXTRA_OECMAKE += "-DJSON_BuildTests=OFF" # nlohmann-json is a header only C++ library, so the main package will be empty. - +ALLOW_EMPTY:${PN} = "1" RDEPENDS:${PN}-dev = "" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache index f596207648..f596207648 100755 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb index a61dd5018f..a61dd5018f 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch index 8db1f1dd54..445aaf8398 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch @@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu> Date: Fri, 3 Jan 2020 11:25:54 +0100 Subject: [PATCH] Using native binaries +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- - node.gyp | 4 ++-- - tools/v8_gypfiles/v8.gyp | 11 ++++------- - 2 files changed, 6 insertions(+), 9 deletions(-) + node.gyp | 2 ++ + tools/v8_gypfiles/v8.gyp | 5 +++++ + 2 files changed, 7 insertions(+) +diff --git a/node.gyp b/node.gyp +index 24505da7ba..7d41bd52db 100644 --- a/node.gyp +++ b/node.gyp -@@ -294,6 +294,7 @@ +@@ -319,6 +319,7 @@ 'action_name': 'run_mkcodecache', 'process_outputs_as_sources': 1, 'inputs': [ @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries '<(mkcodecache_exec)', ], 'outputs': [ -@@ -319,6 +320,7 @@ - 'action_name': 'node_mksnapshot', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(node_mksnapshot_exec)', - ], - 'outputs': [ +@@ -366,6 +367,7 @@ + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(node_mksnapshot_exec)', + ], + 'outputs': [ +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp +index ed042f8829..371b8e02c2 100644 --- a/tools/v8_gypfiles/v8.gyp +++ b/tools/v8_gypfiles/v8.gyp @@ -68,6 +68,7 @@ @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries '<@(torque_outputs_inc)', ], 'action': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', '-v8-root', '<(V8_ROOT)', -@@ -225,6 +227,7 @@ +@@ -211,6 +213,7 @@ { 'action_name': 'generate_bytecode_builtins_list_action', 'inputs': [ @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', ], 'outputs': [ -@@ -415,6 +418,7 @@ +@@ -395,6 +398,7 @@ ], }, 'inputs': [ @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries '<(mksnapshot_exec)', ], 'outputs': [ -@@ -1548,6 +1552,7 @@ +@@ -1513,6 +1517,7 @@ { 'action_name': 'run_gen-regexp-special-case_action', 'inputs': [ @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', ], 'outputs': [ +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 5cb2e97015..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Date: Tue, 19 Mar 2019 23:22:40 -0400 -Subject: [PATCH 2/2] Install both binaries and use libdir. - -This allows us to build with a shared library for other users while -still providing the normal executable. - -Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch - -Upstream-Status: Pending - -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.py | 7 +++++++ - tools/install.py | 21 +++++++++------------ - 2 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/configure.py b/configure.py -index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755 ---- a/configure.py -+++ b/configure.py -@@ -721,10 +721,16 @@ parser.add_argument('--shared', - dest='shared', - default=None, - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', - default=False, - help='do not initialize v8 platform during node.js startup. ' + -@@ -1305,10 +1311,11 @@ def configure_node(o): - o['variables']['debug_nghttp2'] = 'false' - - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': - shlib_suffix = 'so' - elif sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): - for subdir, files_in_path in ret.items(): - action(files_in_path, subdir + '/') - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') - - # behave similarly for systemtap --- -2.33.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch deleted file mode 100644 index 4d238c03f4..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 -From: Daniel Bevenius <daniel.bevenius@gmail.com> -Date: Sat, 16 Oct 2021 08:50:16 +0200 -Subject: [PATCH] src: add --openssl-legacy-provider option - -This commit adds an option to Node.js named --openssl-legacy-provider -and if specified will load OpenSSL 3.0 Legacy provider. - -$ ./node --help -... ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider - -Example usage: - -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' -Hash { - _options: undefined, - [Symbol(kHandle)]: Hash {}, - [Symbol(kState)]: { [Symbol(kFinalized)]: false } -} - -Co-authored-by: Richard Lau <rlau@redhat.com> -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] ---- - doc/api/cli.md | 10 ++++++++++ - src/crypto/crypto_util.cc | 10 ++++++++++ - src/node_options.cc | 10 ++++++++++ - src/node_options.h | 7 +++++++ - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ - 5 files changed, 42 insertions(+) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index 74057706bf8d..608b9cdeddf1 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be - used to enable FIPS-compliant crypto if Node.js is built - against FIPS-enabled OpenSSL. - -+### `--openssl-legacy-provider` -+<!-- YAML -+added: REPLACEME -+--> -+ -+Enable OpenSSL 3.0 legacy provider. For more information please see -+[providers readme][]. -+ - ### `--pending-deprecation` - - <!-- YAML -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: - * `--no-warnings` - * `--node-memory-debug` - * `--openssl-config` -+* `--openssl-legacy-provider` - * `--pending-deprecation` - * `--policy-integrity` - * `--preserve-symlinks-main` -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js - [emit_warning]: process.md#processemitwarningwarning-options - [jitless]: https://v8.dev/blog/jitless - [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html -+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md - [remote code execution]: https://www.owasp.org/index.php/Code_Injection - [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure - [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc -index 7e0c8ba3eb60..796ea3025e41 100644 ---- a/src/crypto/crypto_util.cc -+++ b/src/crypto/crypto_util.cc -@@ -148,6 +148,16 @@ void InitCryptoOnce() { - } - #endif - -+#if OPENSSL_VERSION_MAJOR >= 3 -+ // --openssl-legacy-provider -+ if (per_process::cli_options->openssl_legacy_provider) { -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); -+ if (legacy_provider == nullptr) { -+ fprintf(stderr, "Unable to load legacy provider.\n"); -+ } -+ } -+#endif -+ - OPENSSL_init_ssl(0, settings); - OPENSSL_INIT_free(settings); - settings = nullptr; -diff --git a/src/node_options.cc b/src/node_options.cc -index 00bdc6688a4c..3363860919a9 100644 ---- a/src/node_options.cc -+++ b/src/node_options.cc -@@ -4,6 +4,9 @@ - #include "env-inl.h" - #include "node_binding.h" - #include "node_internals.h" -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif - - #include <errno.h> - #include <sstream> -diff --git a/src/node_options.h b/src/node_options.h -index fd772478d04d..1c0e018ab16f 100644 ---- a/src/node_options.h -+++ b/src/node_options.h -@@ -11,6 +11,10 @@ - #include "node_mutex.h" - #include "util.h" - -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif -+ - namespace node { - - class HostPort { -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { - bool enable_fips_crypto = false; - bool force_fips_crypto = false; - #endif -+#if OPENSSL_VERSION_MAJOR >= 3 -+ bool openssl_legacy_provider = false; -+#endif - - // Per-process because reports can be triggered outside a known V8 context. - bool report_on_fatalerror = false; -diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js -index 64626b71f019..8a4e35997907 100644 ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { - } - } - -+if (!common.hasOpenSSL3) { -+ documented.delete('--openssl-legacy-provider'); -+} -+ - // Filter out options that are conditionally present. - const conditionalOpts = [ - { -@@ -50,6 +54,7 @@ const conditionalOpts = [ - filter: (opt) => { - return [ - '--openssl-config', -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', - '--tls-cipher-list', - '--use-bundled-ca', - '--use-openssl-ca', - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb index 62188f94a7..e4ed2f204d 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" +LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515" DEPENDS = "openssl" DEPENDS:append:class-target = " qemu-native" @@ -19,9 +19,7 @@ COMPATIBLE_HOST:powerpc = "null" SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \ @@ -29,7 +27,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ " SRC_URI:append:class-target = " \ - file://0002-Using-native-binaries.patch \ + file://0001-Using-native-binaries.patch \ " SRC_URI:append:toolchain-clang:x86 = " \ file://libatomic.patch \ @@ -37,7 +35,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" +SRC_URI[sha256sum] = "17fb716406198125b30c94dd3d1756207b297705626afe16d8dc479a65a1d8b5" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb index 449508a5d5..ec642ec3b2 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb @@ -21,7 +21,7 @@ inherit cmake pkgconfig PACKAGECONFIG[python3] = ",,python3-core,python3-core" -EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" +EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" FILES:${PN} = "${bindir}/pahole \ ${libdir}/libdwarves.so* \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb index 98e39f068d..d1980a0097 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb @@ -70,24 +70,14 @@ do_configure () { elif [ $arch = "aarch64" ]; then arch="arm64" fi - - # For ARM32 with hardware floating point using clang and musl, we need to - # specify -mfloat-abi=hard to make the ABI settings of the linker and the - # compiler match. The linker would use hardware float ABI. The compiler does - # not. As a result we need to force the compiler to do so by adding - # -mfloat-abi=hard to compilation flags. - FLOAT_ABI="" - if [[ "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'true', 'false', d)}" == "true" ]]; then - FLOAT_ABI="-mfloat-abi=hard" - fi ARGS=$ARGS" target_os=\"linux\"" ARGS=$ARGS" target_cpu=\"$arch\"" - ARGS=$ARGS" target_cc=\"$CC_BIN ${FLOAT_ABI}\"" - ARGS=$ARGS" target_cxx=\"$CXX_BIN -std=c++11 ${FLOAT_ABI}\"" + ARGS=$ARGS" target_cc=\"$CC_BIN ${TUNE_CCARGS}\"" + ARGS=$ARGS" target_cxx=\"$CXX_BIN -std=c++11 ${TUNE_CCARGS}\"" ARGS=$ARGS" target_strip=\"$STRIP_BIN\"" # ARGS=$ARGS" target_sysroot=\"${RECIPE_SYSROOT}\"" - ARGS=$ARGS" target_linker=\"$CC_BIN ${FLOAT_ABI} ${LDFLAGS}\"" + ARGS=$ARGS" target_linker=\"$CC_BIN ${TUNE_CCARGS} ${LDFLAGS}\"" ARGS=$ARGS" target_ar=\"$AR\"" ARGS="'$ARGS'" cmd="tools/gn gen --args=$ARGS ${B}" @@ -100,7 +90,6 @@ do_configure () { # Eliminate a few incompatible build flags REPLACES="s/-Wl,--icf=all//g" REPLACES=$REPLACES";s/-Werror//g" - REPLACES=$REPLACES";s/-mfpu=neon//g" REPLACES=$REPLACES";s/-fcolor-diagnostics//g" REPLACES=$REPLACES";s/=format-security//g" REPLACES=$REPLACES";s/-fdiagnostics-show-template-tree//g" @@ -111,12 +100,12 @@ do_configure () { # If using the clang toolchain: use the clang host-side binaries built by Bitbake if [ "${TOOLCHAIN}" = "clang" ]; then - BB_CLANGXX="${BUILD_CXX} ${BUILD_LDFLAGS} ${FLOAT_ABI}" - BB_CLANG="${BUILD_CC} ${FLOAT_ABI}" + BB_CLANGXX="${BUILD_CXX} ${BUILD_LDFLAGS}" + BB_CLANG="${BUILD_CC}" BB_LLVM_OBJCOPY="${RECIPE_SYSROOT_NATIVE}/usr/bin/llvm-objcopy" - HOST_CLANGXX="${STAGING_DIR_NATIVE}/usr/bin/clang++ -stdlib=libc++ -rtlib=libgcc -unwindlib=libgcc ${FLOAT_ABI}" - HOST_CLANG="${STAGING_DIR_NATIVE}/usr/bin/clang ${FLOAT_ABI}" + HOST_CLANGXX="${STAGING_DIR_NATIVE}/usr/bin/clang++ -stdlib=libc++ -rtlib=libgcc -unwindlib=libgcc" + HOST_CLANG="${STAGING_DIR_NATIVE}/usr/bin/clang" HOST_LLVM_OBJCOPY="${STAGING_DIR_NATIVE}/usr/bin/llvm-objcopy" cd gcc_like_host diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.11.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb index fefabf72d8..8a898cb955 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.11.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "af6250b18b4403b6eeff9b4a02786ac86a12a208141f6f65478f79256f47f246" +SRC_URI[sha256sum] = "cd9f0ea14d82d9455587a49a0b6c802a7b8d8ff79703f9f48b17db010fb633ce" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb index c8b9158e6c..201908f3c9 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb @@ -92,6 +92,8 @@ PACKAGE_BEFORE_PN = "${PN}-compiler ${PN}-lite" FILES:${PN}-compiler = "${bindir} ${libdir}/libprotoc${SOLIBS}" FILES:${PN}-lite = "${libdir}/libprotobuf-lite${SOLIBS}" +SYSROOT_DIRS += "${bindir}" + RDEPENDS:${PN}-compiler = "${PN}" RDEPENDS:${PN}-dev += "${PN}-compiler" RDEPENDS:${PN}-ptest = "bash ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-protobuf', '', d)}" diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.1.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.2.bb index 7fc5d4218f..39a9c52a47 100644 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.2.bb @@ -15,9 +15,9 @@ DEPENDS = "curl libxml2 openssl libpam" inherit features_check REQUIRED_DISTRO_FEATURES = "pam" -SRCREV = "6cdf3bee50388d8e5f70850322a4df57fd685a5e" +SRCREV = "0120e256faa255d997d9a49d5207662c0b73d430" -SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch new file mode 100644 index 0000000000..248dcf49b8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch @@ -0,0 +1,44 @@ +From bd325061dc9585886f7e60e58d9fc0c8b37e71db Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@verbum.org> +Date: Wed, 9 Nov 2022 11:18:36 -0500 +Subject: [PATCH] deploy: Don't rebuild selinux policy on first deployment + +Basically, it should not be necessary - the policy should be +up-to-date. We don't want to force on continual policy rebuilds. + +Even trying to run bwrap when we're *not* in a booted +root can cause failures in nested containerization scenarios. + +Closes: https://github.com/ostreedev/ostree/issues/2758 + +Upstream-Status: Backport +[https://github.com/ostreedev/ostree/commit/bd325061dc9585886f7e60e58d9fc0c8b37e71db] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/libostree/ostree-sysroot-deploy.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c +index f27ae0e1..26b07080 100644 +--- a/src/libostree/ostree-sysroot-deploy.c ++++ b/src/libostree/ostree-sysroot-deploy.c +@@ -2987,12 +2987,12 @@ sysroot_finalize_deployment (OstreeSysroot *self, + if (!merge_configuration_from (self, merge_deployment, deployment, deployment_dfd, + cancellable, error)) + return FALSE; +- } + + #ifdef HAVE_SELINUX +- if (!sysroot_finalize_selinux_policy(deployment_dfd, error)) +- return FALSE; ++ if (!sysroot_finalize_selinux_policy (deployment_dfd, error)) ++ return FALSE; + #endif /* HAVE_SELINUX */ ++ } + + const char *osdeploypath = glnx_strjoina ("ostree/deploy/", ostree_deployment_get_osname (deployment)); + glnx_autofd int os_deploy_dfd = -1; +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb index a21c473f0a..7838537a42 100644 --- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb +++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb @@ -22,6 +22,7 @@ SRC_URI = " \ file://0001-Remove-unused-linux-fs.h-includes.patch \ file://0001-libostree-Remove-including-sys-mount.h.patch \ file://0001-s390x-se-luks-gencpio-There-is-no-bashism.patch \ + file://0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch \ file://run-ptest \ " SRCREV = "15740d042c9c5258a1c082b5e228cf6f115edbb0" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch index 01f8421811..385b0aeed0 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001 +From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32 Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> -Updated patch for 6.2.1 -Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> - +Updated patch for 6.2.8 +Signed-off-by: Changqing Li <changqing.li@windriver.com> --- src/debug.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index 2da2c5d..1d778fa 100644 +index ebda858..90bc450 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch index b2d1a32eda..9d7e502717 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001 +From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index e7fec29..5abb404 100644 +index 5318c14..8c21b47 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -24,10 +24,10 @@ index e7fec29..5abb404 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -57,3 +57,6 @@ index e7fec29..5abb404 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.11.bb index 7f922a4e0f..5a410bf4cd 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.11.bb @@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319" +SRC_URI[sha256sum] = "8c75fb9cdd01849e92c23f30cb7fe205ea0032a38d11d46af191014e9acc3098" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.10.bb index 7ed1519224..5d21f7e877 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.10.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE-7.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3" +SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch deleted file mode 100644 index c375e10f75..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch +++ /dev/null @@ -1,18 +0,0 @@ -Switch to setuptools as distutils is deprecated. - -Upstream-Status: Backport [https://pagure.io/sanlock/c/75758fc10db2354dda397d3aba63c7b72a420982] -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/python/setup.py b/python/setup.py -index b3bfaf1..dfbaf21 100644 ---- a/python/setup.py -+++ b/python/setup.py -@@ -4,7 +4,7 @@ - # modify, copy, or redistribute it subject to the terms and conditions - # of the GNU General Public License v.2. - --from distutils.core import setup, Extension -+from setuptools import setup, Extension - - sanlocklib = ['sanlock'] - sanlock = Extension(name='sanlock', diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.5.bb index 3b4ae318c6..c2a17d06b9 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.5.bb @@ -15,10 +15,9 @@ PV .= "+git${SRCPV}" SRC_URI = "git://pagure.io/sanlock.git;protocol=http;branch=master \ file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch \ - file://setuptools.patch \ file://0001-add-missing-system-header-string.h.patch \ " -SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823" +SRCREV = "b820c63093c4ae85d7da4f719cf3026d7fca5d09" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb index faf8dd362d..aff555ad54 100644 --- a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb +++ b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb @@ -16,7 +16,7 @@ SRC_URI[sha256sum] = "6ca3748fc1dad22c450bbf6601d4e706cb11c5e662d11bb4aeb473a9cd SRCNAME = "volume_key" S = "${WORKDIR}/${SRCNAME}-${PV}" -inherit autotools python3native gettext pkgconfig +inherit autotools python3native python3targetconfig gettext pkgconfig DEPENDS += " \ util-linux \ diff --git a/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.5.bb b/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.7.bb index 5a437c102f..95a651dd03 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.5.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.7.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8dc95c4110ba741c43832734b51b7de7" SRC_URI = "git://github.com/recp/cglm;branch=master;protocol=https" # Tag v0.8.5 -SRCREV = "7e5d1f435f628b873347eb052b7d6605b0b997f2" +SRCREV = "8cfc98d2835a8cd1a9041f257c7ba0bfe4fbc1f3" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb b/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb index c53f2db01b..ddb4443baa 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "python3 glib-2.0 pango giflib tiff libxml2 jpeg libtool uthash gettext-native libspiro" DEPENDS:append:class-target = " libxi" -inherit cmake pkgconfig python3native features_check gettext gtk-icon-cache mime mime-xdg +inherit cmake pkgconfig python3native python3targetconfig features_check gettext gtk-icon-cache mime mime-xdg REQUIRED_DISTRO_FEATURES:append:class-target = " x11" diff --git a/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb b/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.7.0.bb index 123af4d3aa..8daf38a0ba 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.7.0.bb @@ -36,7 +36,7 @@ SRC_URI = " \ file://0001-Fix-compilation-for-disabled-gnome.patch \ " -SRCREV = "88eab6dc16da6e5dd25fe97fbb56b96ef0d58657" +SRCREV = "7baf540e56fb1a3e91752acba872a88543529d46" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb index 1a94215839..cf33c69048 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" # TODO: Pin upstream release (current v7.11.0-80-g419a757) -SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;nobranch=1" SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254" DEPENDS = "libxkbcommon lvgl wayland" @@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -S = "${WORKDIR}/${PN}-${PV}" +S = "${WORKDIR}/git" LVGL_CONFIG_WAYLAND_HOR_RES ?= "480" LVGL_CONFIG_WAYLAND_VER_RES ?= "320" -EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}" TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" # Upstream does not support a default configuration # but propose a default "disabled" template, which is used as reference diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb index 032e85f522..22b4826403 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb @@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" -SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;nobranch=1" SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a" +S = "${WORKDIR}/git" + # because of lvgl dependency REQUIRED_DISTRO_FEATURES = "wayland" DEPENDS += "lvgl" -EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}" inherit cmake inherit features_check TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" FILES:${PN}-dev = "\ ${includedir}/lvgl/lv_lib_png/ \ diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb index 2005afa2fd..ea74c59185 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb @@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a" -SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;nobranch=1" SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0" REQUIRED_DISTRO_FEATURES = "wayland" @@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}" -S = "${WORKDIR}/${PN}-${PV}" +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}" +S = "${WORKDIR}/git" LVGL_CONFIG_LV_MEM_CUSTOM ?= "0" diff --git a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb index 0a600e23bb..a8d203e599 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb @@ -30,7 +30,7 @@ SRC_URI = "git://github.com/ipmitool/ipmitool;protocol=https;branch=master \ IANA_ENTERPRISE_NUMBERS ?= "" # Add these via bbappend if this database is needed by the system -#IANA_ENTERPRISE_NUMBERS ?= "http://www.iana.org/assignments/enterprise-numbers;name=iana-enterprise-numbers;downloadfilename=iana-enterprise-numbers" +#IANA_ENTERPRISE_NUMBERS = "http://www.iana.org/assignments/enterprise-numbers;name=iana-enterprise-numbers;downloadfilename=iana-enterprise-numbers" #SRC_URI[iana-enterprise-numbers.sha256sum] = "cdd97fc08325667434b805eb589104ae63f7a9eb720ecea73cb55110b383934c" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.1.bb b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.2.bb index eb004c2ed5..1c3538a3da 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.2.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" LICENSE = "GPL-2.0-only" SRCBRANCH ?= "master" -SRCREV = "74bbdd14ec861552ace1ca63953eb2ef73e1f965" +SRCREV = "9fefc6848d0b3765760e709cfe92fb9d76d5d452" DEPENDS = "bzip2 zlib elfutils xz" RDEPENDS:${PN}-tools = "perl ${PN}" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb index 78439f66fe..9621d9e335 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb @@ -16,9 +16,9 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;proto " S = "${WORKDIR}/git" -SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc" +SRCREV = "81fa28e0e8b4be83ddba03de8b816a3df510c17e" -inherit autotools python3native update-rc.d systemd +inherit autotools python3native python3targetconfig update-rc.d systemd UPDATERCPN = "auditd" INITSCRIPT_NAME = "auditd" diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch new file mode 100644 index 0000000000..fb8fa3427f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch @@ -0,0 +1,60 @@ +Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1 +From: Oliver Kiddle <opk@zsh.org> +Date: Wed, 15 Dec 2021 01:56:40 +0100 +Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on + %F/%K arguments + +Mitigates CVE-2021-45444 + +https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 +++++ + Src/prompt.c | 10 ++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 8d7dfc169..eb248ec06 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2022-01-27 dana <dana@dana.is> ++ ++ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive ++ PROMPT_SUBST ++ + 2020-02-14 dana <dana@dana.is> + + * unposted: Config/version.mk: Update for 5.8 +diff --git a/Src/prompt.c b/Src/prompt.c +index b65bfb86b..91e21c8e9 100644 +--- a/Src/prompt.c ++++ b/Src/prompt.c +@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg) + bv->fm += 2; /* skip over F{ */ + if ((ep = strchr(bv->fm, '}'))) { + char oc = *ep, *col, *coll; ++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; ++ int opp = opts[PROMPTPERCENT]; ++ ++ opts[PROMPTPERCENT] = 1; ++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; ++ + *ep = '\0'; + /* expand the contents of the argument so you can use + * %v for example */ +@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg) + arg = match_colour((const char **)&coll, is_fg, 0); + free(col); + bv->fm = ep; ++ ++ opts[PROMPTSUBST] = ops; ++ opts[PROMPTBANG] = opb; ++ opts[PROMPTPERCENT] = opp; + } else { + arg = match_colour((const char **)&bv->fm, is_fg, 0); + if (*bv->fm != '}') +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch new file mode 100644 index 0000000000..e5b6d7cdc9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch @@ -0,0 +1,140 @@ +From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001 +From: Marc Cornellà <hello@mcornella.com> +Date: Mon, 24 Jan 2022 09:43:28 +0100 +Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to + work around CVE-2021-45444 in VCS_Info +Comment: Updated to use the same file name without blanks as actually + used in the final 5.8.1 release. + + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 + + Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++ + 2 files changed, 103 insertions(+) + create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch + +diff --git a/ChangeLog b/ChangeLog +index eb248ec06..9a05a09e1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,10 @@ + 2022-01-27 dana <dana@dana.is> + ++ * Marc Cornellà: security/89: ++ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which ++ can optionally be used to work around recursive PROMPT_SUBST ++ issue in VCS_Info ++ + * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive + PROMPT_SUBST + +diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +new file mode 100644 +index 000000000..13e54be77 +--- /dev/null ++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +@@ -0,0 +1,98 @@ ++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001 ++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com> ++Date: Mon, 24 Jan 2022 09:43:28 +0100 ++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444, ++which is mitigated in the shell itself in 5.8.1 and later versions. It is ++offered for users who are concerned about an exploit but are unable to update ++their binaries to receive the complete fix. ++ ++The patch works around the vulnerability by pre-escaping values substituted ++into format strings in VCS_Info. Please note that this may break some user ++configurations that rely on those values being un-escaped (which is why it was ++not included directly in 5.8.1). It may be possible to limit this breakage by ++adjusting exactly which ones are pre-escaped, but of course this may leave ++them vulnerable again. ++ ++If applying the patch to the file system is inconvenient or not possible, the ++following script can be used to idempotently patch the relevant function ++running in memory (and thus must be re-run when the shell is restarted): ++ ++ ++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version) ++autoload -Uz is-at-least ++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then ++ return ++fi ++ ++# Quote necessary $hook_com[<field>] items just before they are used ++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats ++# function, where <field> is: ++# ++# base: the full path of the repository's root directory. ++# base-name: the name of the repository's root directory. ++# branch: the name of the currently checked out branch. ++# revision: an identifier of the currently checked out revision. ++# subdir: the path of the current directory relative to the ++# repository's root directory. ++# misc: a string that may contain anything the vcs_info backend wants. ++# ++# This patch %-quotes these fields previous to their use in vcs_info hooks and ++# the zformat call and, eventually, when they get expanded in the prompt. ++# It's important to quote these here, and not later after hooks have modified the ++# fields, because then we could be quoting % characters from valid prompt sequences, ++# like %F{color}, %B, etc. ++# ++# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}" ++# 34 │ ++# 35 + │ for tmp in base base-name branch misc revision subdir; do ++# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" ++# 37 + │ done ++# 38 + │ ++# 39 │ VCS_INFO_hook 'post-backend' ++# ++# This is especially important so that no command substitution is performed ++# due to malicious input as a consequence of CVE-2021-45444, which affects ++# zsh versions from 5.0.3 to 5.8. ++# ++autoload -Uz +X regexp-replace VCS_INFO_formats ++ ++# We use $tmp here because it's already a local variable in VCS_INFO_formats ++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"' ++# Unique string to avoid reapplying the patch if this code gets called twice ++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b ++# Only patch the VCS_INFO_formats function if not already patched ++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then ++ regexp-replace 'functions[VCS_INFO_formats]' \ ++ "VCS_INFO_hook 'post-backend'" \ ++ ': ${PATCH_ID}; ${PATCH}; ${MATCH}' ++fi ++unset PATCH PATCH_ID ++ ++ ++--- ++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++ ++ 1 file changed, 4 insertions(+) ++ ++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats ++index e0e1dc738..4d88e28b6 100644 ++--- a/Functions/VCS_Info/VCS_INFO_formats +++++ b/Functions/VCS_Info/VCS_INFO_formats ++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}" ++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++ hook_com[subdir_orig]="${hook_com[subdir]}" ++ +++for tmp in base base-name branch misc revision subdir; do +++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" +++done +++ ++ VCS_INFO_hook 'post-backend' ++ ++ ## description (for backend authors): ++-- ++2.34.1 +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch new file mode 100644 index 0000000000..adfc00ae57 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch @@ -0,0 +1,77 @@ +From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 +From: dana <dana@dana.is> +Date: Tue, 21 Dec 2021 13:13:33 -0600 +Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 2 ++ + NEWS | 20 ++++++++++++++++++++ + README | 6 ++++++ + 3 files changed, 28 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 9a05a09e1..93b0bc337 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,7 @@ + 2022-01-27 dana <dana@dana.is> + ++ * CVE-2021-45444: NEWS, README: Document preceding two changes ++ + * Marc Cornellà: security/89: + Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which + can optionally be used to work around recursive PROMPT_SUBST +diff --git a/NEWS b/NEWS +index 964e1633f..d34b3f79e 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH + + Note also the list of incompatibilities in the README file. + ++Changes since 5.8 ++----------------- ++ ++CVE-2021-45444: Some prompt expansion sequences, such as %F, support ++'arguments' which are themselves expanded in case they contain colour ++values, etc. This additional expansion would trigger PROMPT_SUBST ++evaluation, if enabled. This could be abused to execute code the user ++didn't expect. e.g., given a certain prompt configuration, an attacker ++could trick a user into executing arbitrary code by having them check ++out a Git branch with a specially crafted name. ++ ++This is fixed in the shell itself by no longer performing PROMPT_SUBST ++evaluation on these prompt-expansion arguments. ++ ++Users who are concerned about an exploit but unable to update their ++binaries may apply the partial work-around described in the file ++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell ++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to ++Marc Cornellà <hello@mcornella.com>. ] ++ + Changes since 5.7.1-test-3 + -------------------------- + +diff --git a/README b/README +index 7f1dd5f92..c9e994ab3 100644 +--- a/README ++++ b/README +@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the + file FEATURES, and for the latest changes see NEWS. For more + details, see the documentation. + ++Incompatibilities since 5.8 ++--------------------------- ++ ++PROMPT_SUBST expansion is no longer performed on arguments to prompt- ++expansion sequences such as %F. ++ + Incompatibilities since 5.7.1 + ----------------------------- + +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb index 0429cb9cc7..7602ff9f64 100644 --- a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb @@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec" DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \ + file://CVE-2021-45444_1.patch \ + file://CVE-2021-45444_2.patch \ + file://CVE-2021-45444_3.patch \ + " SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27" inherit autotools-brokensep gettext update-alternatives manpages @@ -18,8 +22,8 @@ inherit autotools-brokensep gettext update-alternatives manpages EXTRA_OECONF = " \ --bindir=${base_bindir} \ --enable-etcdir=${sysconfdir} \ - --enable-fndir=${datadir}/${PN}/${PV}/functions \ - --enable-site-fndir=${datadir}/${PN}/site-functions \ + --enable-fndir=${datadir}/${BPN}/${PV}/functions \ + --enable-site-fndir=${datadir}/${BPN}/site-functions \ --with-term-lib='ncursesw ncurses' \ --with-tcsetpgrp \ --enable-cap \ diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch new file mode 100644 index 0000000000..0a0e8f0b61 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch @@ -0,0 +1,66 @@ +From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001 +From: hopper-vul <118949689+hopper-vul@users.noreply.github.com> +Date: Wed, 18 Jan 2023 22:14:26 +0800 +Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow + (#497) + +In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse +the input str and initialize a sortlist configuration. + +However, ares_set_sortlist has not any checks about the validity of the input str. +It is very easy to create an arbitrary length stack overflow with the unchecked +`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` +statements in the config_sortlist call, which could potentially cause severe +security impact in practical programs. + +This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the +potential stack overflows. + +fixes #496 + +Fix By: @hopper-vul + +CVE: CVE-2022-4415 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + src/lib/ares_init.c | 4 ++++ + test/ares-test-init.cc | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c +index 51668a5c..3f9cec65 100644 +--- a/src/lib/ares_init.c ++++ b/src/lib/ares_init.c +@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + q = str; + while (*q && *q != '/' && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 16) ++ return ARES_EBADSTR; + memcpy(ipbuf, str, q-str); + ipbuf[q-str] = '\0'; + /* Find the prefix */ +@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + const char *str2 = q+1; + while (*q && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 32) ++ return ARES_EBADSTR; + memcpy(ipbufpfx, str, q-str); + ipbufpfx[q-str] = '\0'; + str = str2; +diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc +index 63c6a228..ee845181 100644 +--- a/test/ares-test-init.cc ++++ b/test/ares-test-init.cc +@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) { + + TEST_F(DefaultChannelTest, SetSortlistFailures) { + EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123")); + } diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 2cd00cb578..5614d1310f 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -5,7 +5,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https" +SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ + file://CVE-2022-4904.patch \ + " SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)" diff --git a/meta-openembedded/meta-oe/recipes-support/colord/colord.inc b/meta-openembedded/meta-oe/recipes-support/colord/colord.inc index 41962cd63c..0ae1a30fe6 100644 --- a/meta-openembedded/meta-oe/recipes-support/colord/colord.inc +++ b/meta-openembedded/meta-oe/recipes-support/colord/colord.inc @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = " \ file://meson.build;beginline=3;endline=3;md5=f42198707d793be58b274d34fd5238c3 \ " -PV = "1.4.5" +PV = "1.4.6" SRC_URI = "https://www.freedesktop.org/software/colord/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "b774ea443d239f4a2ee1853bd678426e669ddeda413dcb71cea1638c4d6c5e17" +SRC_URI[sha256sum] = "7407631a27bfe5d1b672e7ae42777001c105d860b7b7392283c8c6300de88e6f" diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch new file mode 100644 index 0000000000..8d576f5d58 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch @@ -0,0 +1,261 @@ +From 689c65fb050976d5a548a5b9a0f5d2c14eaa3301 Mon Sep 17 00:00:00 2001 +From: Alexander Stein <alexander.stein@tq-group.com> +Date: Thu, 8 Dec 2022 14:11:46 +0100 +Subject: [PATCH 1/1] Fix rename in docs + +The content of dool.1.adoc is completly unchanged from dstat.1.adoc. +Unfortunately the 'NAME' specifies the created file name. So +building/cleaning docs is currently broken + +Upstream-Status: Pending +https://github.com/scottchiefbaker/dool/pull/30 + +Signed-off-by: Alexander Stein <alexander.stein@tq-group.com> +--- + docs/dool.1.adoc | 108 +++++++++++++++++++++++------------------------ + 1 file changed, 54 insertions(+), 54 deletions(-) + +diff --git a/docs/dool.1.adoc b/docs/dool.1.adoc +index 24c4a54..921df1f 100644 +--- a/docs/dool.1.adoc ++++ b/docs/dool.1.adoc +@@ -1,35 +1,35 @@ +-= dstat(1) ++= dool(1) + Dag Wieers <dag@wieers.com> + v0.7.3, August 2014 + + + == NAME +-dstat - versatile tool for generating system resource statistics ++dool - versatile tool for generating system resource statistics + + + == SYNOPSIS +-dstat [-afv] [options..] [delay [count]] ++dool [-afv] [options..] [delay [count]] + + + == DESCRIPTION +-Dstat is a versatile replacement for vmstat, iostat and ifstat. Dstat ++Dool is a versatile replacement for vmstat, iostat and ifstat. Dool + overcomes some of the limitations and adds some extra features. + +-Dstat allows you to view all of your system resources instantly, you ++Dool allows you to view all of your system resources instantly, you + can eg. compare disk usage in combination with interrupts from your + IDE controller, or compare the network bandwidth numbers directly with + the disk throughput (in the same interval). + +-Dstat also cleverly gives you the most detailed information in columns ++Dool also cleverly gives you the most detailed information in columns + and clearly indicates in what magnitude and unit the output is displayed. + Less confusion, less mistakes, more efficient. + +-Dstat is unique in letting you aggregate block device throughput for a ++Dool is unique in letting you aggregate block device throughput for a + certain diskset or network bandwidth for a group of interfaces, ie. + you can see the throughput for all the block devices that make up a + single filesystem or storage system. + +-Dstat allows its data to be directly written to a CSV file to be ++Dool allows its data to be directly written to a CSV file to be + imported and used by OpenOffice, Gnumeric or Excel to create graphs. + + [NOTE] +@@ -187,13 +187,13 @@ Possible internal stats are:: + write CSV output to file + + --profile:: +- show profiling statistics when exiting dstat ++ show profiling statistics when exiting dool + + + == PLUGINS +-While anyone can create their own dstat plugins (and contribute them) dstat ++While anyone can create their own dool plugins (and contribute them) dool + ships with a number of plugins already that extend its capabilities greatly. +-Here is an overview of the plugins dstat ships with: ++Here is an overview of the plugins dool ships with: + + --battery:: + battery in percentage (needs ACPI) +@@ -225,17 +225,17 @@ Here is an overview of the plugins dstat ships with: + --disk-wait:: + average time (in milliseconds) for I/O requests issued to the device to be served + +---dstat:: +- show dstat cputime consumption and latency ++--dool:: ++ show dool cputime consumption and latency + +---dstat-cpu:: +- show dstat advanced cpu usage ++--dool-cpu:: ++ show dool advanced cpu usage + +---dstat-ctxt:: +- show dstat context switches ++--dool-ctxt:: ++ show dool context switches + +---dstat-mem:: +- show dstat advanced memory usage ++--dool-mem:: ++ show dool advanced memory usage + + --fan:: + fan speed (needs ACPI) +@@ -250,7 +250,7 @@ Here is an overview of the plugins dstat ships with: + GPFS filesystem operations (needs mmpmon) + + --helloworld:: +- Hello world example dstat plugin ++ Hello world example dool plugin + + --innodb-buffer:: + show innodb buffer stats +@@ -340,22 +340,22 @@ Here is an overview of the plugins dstat ships with: + show sendmail queue size (needs sendmail) + + --snmp-cpu:: +- show CPU stats using SNMP from DSTAT_SNMPSERVER ++ show CPU stats using SNMP from DOOL_SNMPSERVER + + --snmp-load:: +- show load stats using SNMP from DSTAT_SNMPSERVER ++ show load stats using SNMP from DOOL_SNMPSERVER + + --snmp-mem:: +- show memory stats using SNMP from DSTAT_SNMPSERVER ++ show memory stats using SNMP from DOOL_SNMPSERVER + + --snmp-net:: +- show network stats using SNMP from DSTAT_SNMPSERVER ++ show network stats using SNMP from DOOL_SNMPSERVER + + --snmp-net-err: +- show network errors using SNMP from DSTAT_SNMPSERVER ++ show network errors using SNMP from DOOL_SNMPSERVER + + --snmp-sys:: +- show system stats (interrupts and context switches) using SNMP from DSTAT_SNMPSERVER ++ show system stats (interrupts and context switches) using SNMP from DOOL_SNMPSERVER + + --snooze:: + show number of ticks per second +@@ -463,7 +463,7 @@ The default delay is 1 and count is unspecified (unlimited) + + + == INTERMEDIATE UPDATES +-When invoking dstat with a *delay* greater than 1 and without the ++When invoking dool with a *delay* greater than 1 and without the + *--noupdate* option, it will show intermediate updates, ie. the first + time a 1 sec average, the second update a 2 second average, etc. until + the delay has been reached. +@@ -475,34 +475,34 @@ average on a new line, just like with vmstat. + + + == EXAMPLES +-Using dstat to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: ++Using dool to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: + ---- +-dstat -dnyc -N eth0 -C total -f 5 ++dool -dnyc -N eth0 -C total -f 5 + ---- + +-Checking dstat's behaviour and the system impact of dstat: ++Checking dool's behaviour and the system impact of dool: + ---- +-dstat -taf --debug ++dool -taf --debug + ---- + + Using the time plugin together with cpu, net, disk, system, load, proc and + top_cpu plugins: + ---- +-dstat -tcndylp --top-cpu ++dool -tcndylp --top-cpu + ---- + this is identical to + ---- +-dstat --time --cpu --net --disk --sys --load --proc --top-cpu ++dool --time --cpu --net --disk --sys --load --proc --top-cpu + ---- + +-Using dstat to relate advanced cpu stats with interrupts per device: ++Using dool to relate advanced cpu stats with interrupts per device: + ---- +-dstat -t --cpu-adv -yif ++dool -t --cpu-adv -yif + ---- + + + == BUGS +-Since it is practically impossible to test dstat on every possible ++Since it is practically impossible to test dool on every possible + permutation of kernel, python or distribution version, I need your + help and your feedback to fix the remaining problems. If you have + improvements or bugreports, please send them to: +@@ -513,40 +513,40 @@ Please see the TODO file for known bugs and future plans. + + + == FILES +-Paths that may contain external dstat_*.py plugins: ++Paths that may contain external dool_*.py plugins: + +- ~/.dstat/ ++ ~/.dool/ + (path of binary)/plugins/ +- /usr/share/dstat/ +- /usr/local/share/dstat/ ++ /usr/share/dool/ ++ /usr/local/share/dool/ + + == ENVIRONMENT VARIABLES + +-Dstat will read additional command line arguments from the environment +-variable *DSTAT_OPTS*. You can use this to configure Dstat's default ++Dool will read additional command line arguments from the environment ++variable *DOOL_OPTS*. You can use this to configure Dool's default + behavior, e.g. if you have a black-on-white terminal: + +- export DSTAT_OPTS="--bw --noupdate" ++ export DOOL_OPTS="--bw --noupdate" + + Other internal or external plugins have their own environment variables + to influence their behavior, e.g. + + +- DSTAT_NTPSERVER ++ DOOL_NTPSERVER + +- DSTAT_MYSQL +- DSTAT_MYSQL_HOST +- DSTAT_MYSQL_PORT +- DSTAT_MYSQL_SOCKET +- DSTAT_MYSQL_USER +- DSTAT_MYSQL_PWD ++ DOOL_MYSQL ++ DOOL_MYSQL_HOST ++ DOOL_MYSQL_PORT ++ DOOL_MYSQL_SOCKET ++ DOOL_MYSQL_USER ++ DOOL_MYSQL_PWD + +- DSTAT_SNMPSERVER +- DSTAT_SNMPCOMMUNITY ++ DOOL_SNMPSERVER ++ DOOL_SNMPCOMMUNITY + +- DSTAT_SQUID_OPTS ++ DOOL_SQUID_OPTS + +- DSTAT_TIMEFMT ++ DOOL_TIMEFMT + + == SEE ALSO + +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb index dcb66c7fd4..211f3a2b11 100644 --- a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb @@ -11,6 +11,7 @@ DEPENDS += "asciidoc-native xmlto-native" SRC_URI = "git://github.com/scottchiefbaker/dool.git;branch=master;protocol=https \ file://0001-Fix-build-error-as-following.patch \ + file://0001-Fix-rename-in-docs.patch \ " SRCREV = "41ec7b392b358dae29f0b587711d5c8f7f462805" diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 1380638ba7..64b132e006 100644 --- a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" DEPENDS = "zlib expat" -SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz" +SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz" SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778" # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either diff --git a/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.1.bb b/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.2.bb index 8e3718102e..31cd077d91 100644 --- a/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.2.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Provides improved implementations of std::function." HOMEPAGE = "https://naios.github.io/function2" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRCREV = "f569a63cfe369df867a1a4d17aaa12269156536c" +SRCREV = "2d3a878ef19dd5d2fb188898513610fac0a48621" PV .= "+git${SRCPV}" SRC_URI += "gitsm://github.com/Naios/function2;branch=master;protocol=https" diff --git a/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.5.bb b/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.6.bb index 111a8208a9..eb23816e8a 100644 --- a/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.5.bb +++ b/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.6.bb @@ -1,11 +1,13 @@ SUMMARY = "IMAPFilter is a mail filtering utility that processes mailboxes based on IMAP queries" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=db3b99f230f9758fd77e4a0654e2266d" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c11d4fd926d3ce7aac13b0ed1e9b3a63" -SRC_URI = "https://codeload.github.com/lefcha/${BPN}/tar.gz/v${PV};downloadfilename=${BP}.tar.gz \ +# v2.7.6 +SRCREV = "b39d0430f29d7c953581186955c11b461e6c824f" +SRC_URI = "git://github.com/lefcha/imapfilter;protocol=https;branch=master \ file://ldflags.patch \ " -SRC_URI[sha256sum] = "ab19f840712e6951e51c29e44c43b3b2fa42e93693f98f8969cc763a4fad56bf" +S = "${WORKDIR}/git" DEPENDS= "openssl lua libpcre2" diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch new file mode 100644 index 0000000000..7cdb5f9bda --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch @@ -0,0 +1,164 @@ +From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski <bmarzins@redhat.com> +Date: Tue, 27 Sep 2022 12:36:37 +0200 +Subject: [PATCH] multipathd: ignore duplicated multipathd command keys + +multipath adds rather than or-s the values of command keys. Fix this. +Also, return an invalid fingerprint if a key is used more than once. + +CVE: CVE-2022-41974 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2022-41974 +https://github.com/opensvc/multipath-tools/issues/59 + +Upstream-Status: Backport +[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c] + +Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + multipathd/cli.c | 8 ++-- + multipathd/main.c | 104 +++++++++++++++++++++++----------------------- + 2 files changed, 57 insertions(+), 55 deletions(-) + +diff --git a/multipathd/cli.c b/multipathd/cli.c +index 800c0fbe..0a266761 100644 +--- a/multipathd/cli.c ++++ b/multipathd/cli.c +@@ -336,9 +336,11 @@ fingerprint(vector vec) + if (!vec) + return 0; + +- vector_foreach_slot(vec, kw, i) +- fp += kw->code; +- ++ vector_foreach_slot(vec, kw, i) { ++ if (fp & kw->code) ++ return (uint64_t)-1; ++ fp |= kw->code; ++ } + return fp; + } + +diff --git a/multipathd/main.c b/multipathd/main.c +index 8baf9abe..975287d2 100644 +--- a/multipathd/main.c ++++ b/multipathd/main.c +@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap) + /* Tell main thread that thread has started */ + post_config_state(DAEMON_CONFIGURE); + +- set_handler_callback(LIST+PATHS, cli_list_paths); +- set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt); +- set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw); +- set_handler_callback(LIST+PATH, cli_list_path); +- set_handler_callback(LIST+MAPS, cli_list_maps); +- set_handler_callback(LIST+STATUS, cli_list_status); +- set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon); +- set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status); +- set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats); +- set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt); +- set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw); +- set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json); +- set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology); +- set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+JSON, cli_list_map_json); +- set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local); +- set_handler_callback(LIST+CONFIG, cli_list_config); +- set_handler_callback(LIST+BLACKLIST, cli_list_blacklist); +- set_handler_callback(LIST+DEVICES, cli_list_devices); +- set_handler_callback(LIST+WILDCARDS, cli_list_wildcards); +- set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats); +- set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats); +- set_handler_callback(ADD+PATH, cli_add_path); +- set_handler_callback(DEL+PATH, cli_del_path); +- set_handler_callback(ADD+MAP, cli_add_map); +- set_handler_callback(DEL+MAP, cli_del_map); +- set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group); ++ set_handler_callback(LIST|PATHS, cli_list_paths); ++ set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt); ++ set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw); ++ set_handler_callback(LIST|PATH, cli_list_path); ++ set_handler_callback(LIST|MAPS, cli_list_maps); ++ set_handler_callback(LIST|STATUS, cli_list_status); ++ set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon); ++ set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status); ++ set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats); ++ set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt); ++ set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw); ++ set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json); ++ set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology); ++ set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|JSON, cli_list_map_json); ++ set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local); ++ set_handler_callback(LIST|CONFIG, cli_list_config); ++ set_handler_callback(LIST|BLACKLIST, cli_list_blacklist); ++ set_handler_callback(LIST|DEVICES, cli_list_devices); ++ set_handler_callback(LIST|WILDCARDS, cli_list_wildcards); ++ set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats); ++ set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats); ++ set_handler_callback(ADD|PATH, cli_add_path); ++ set_handler_callback(DEL|PATH, cli_del_path); ++ set_handler_callback(ADD|MAP, cli_add_map); ++ set_handler_callback(DEL|MAP, cli_del_map); ++ set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group); + set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure); +- set_handler_callback(SUSPEND+MAP, cli_suspend); +- set_handler_callback(RESUME+MAP, cli_resume); +- set_handler_callback(RESIZE+MAP, cli_resize); +- set_handler_callback(RELOAD+MAP, cli_reload); +- set_handler_callback(RESET+MAP, cli_reassign); +- set_handler_callback(REINSTATE+PATH, cli_reinstate); +- set_handler_callback(FAIL+PATH, cli_fail); +- set_handler_callback(DISABLEQ+MAP, cli_disable_queueing); +- set_handler_callback(RESTOREQ+MAP, cli_restore_queueing); +- set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing); +- set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing); ++ set_handler_callback(SUSPEND|MAP, cli_suspend); ++ set_handler_callback(RESUME|MAP, cli_resume); ++ set_handler_callback(RESIZE|MAP, cli_resize); ++ set_handler_callback(RELOAD|MAP, cli_reload); ++ set_handler_callback(RESET|MAP, cli_reassign); ++ set_handler_callback(REINSTATE|PATH, cli_reinstate); ++ set_handler_callback(FAIL|PATH, cli_fail); ++ set_handler_callback(DISABLEQ|MAP, cli_disable_queueing); ++ set_handler_callback(RESTOREQ|MAP, cli_restore_queueing); ++ set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing); ++ set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing); + set_unlocked_handler_callback(QUIT, cli_quit); + set_unlocked_handler_callback(SHUTDOWN, cli_shutdown); +- set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus); +- set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus); +- set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus); +- set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q); +- set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q); +- set_handler_callback(GETPRKEY+MAP, cli_getprkey); +- set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey); +- set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey); +- set_handler_callback(SETMARGINAL+PATH, cli_set_marginal); +- set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal); +- set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal); ++ set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus); ++ set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus); ++ set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus); ++ set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q); ++ set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q); ++ set_handler_callback(GETPRKEY|MAP, cli_getprkey); ++ set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey); ++ set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey); ++ set_handler_callback(SETMARGINAL|PATH, cli_set_marginal); ++ set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal); ++ set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal); + + umask(077); + uxsock_listen(&uxsock_trigger, ux_sock, ap); +-- +2.31.1 diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb index 5a8db08771..feb8a069db 100644 --- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb @@ -48,6 +48,7 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas file://0001-add-explicit-dependency-on-libraries.patch \ file://0001-fix-boolean-value-with-json-c-0.14.patch \ file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \ + file://CVE-2022-41974.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch index eb6174a7b0..950fae667a 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -18,7 +18,12 @@ diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk index 2012d18..78fca62 100644 --- a/nss/coreconf/arch.mk +++ b/nss/coreconf/arch.mk -@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) +@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s) + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) ifeq ($(OS_TEST),i86pc) OS_RELEASE := $(shell uname -r)_$(OS_TEST) else diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb index 333bbdfef0..4a9482fca4 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb @@ -20,7 +20,7 @@ LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ +SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ file://nss.pc.in \ file://0001-nss-fix-support-cross-compiling.patch \ file://nss-no-rpath-for-cross-compiling.patch \ @@ -280,5 +280,11 @@ RDEPENDS:${PN}-smime = "perl" BBCLASSEXTEND = "native nativesdk" +CVE_PRODUCT += "network_security_services" + # CVE-2006-5201 affects only Sun Solaris CVE_CHECK_IGNORE += "CVE-2006-5201" + +# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect +# the legacy db (libnssdbm), only compiled with --enable-legacy-db. +CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698" diff --git a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.2.bb b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.3.bb index 5ecc5b8dee..32c57ce978 100644 --- a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.3.bb @@ -11,7 +11,7 @@ DEPENDS = "libpcre2 zlib" SRC_URI = "git://github.com/pocoproject/poco.git;branch=master;protocol=https \ file://run-ptest \ " -SRCREV = "be19dc4a2f30eb97cc9bdd7551460db11cc27353" +SRCREV = "f1aefe34a46891b09230422bbc37465bc6d0a0d1" UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.2.bb index 1c36bd522c..8bfebc7776 100644 --- a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.2.bb @@ -7,7 +7,7 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=0e1a95b7892d3015ecd6d0016f601f2c" SRC_URI = "git://github.com/tio/tio;protocol=https;nobranch=1" -SRCREV = "14fc77ffc13a4c60a98f0bb7e0f431e9ed7cf1fd" +SRCREV = "eaab692d4d6be1ef41c0f6950977cf9054520cb7" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.0.bb b/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.2.bb index 4b90dcc579..74e683e589 100644 --- a/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.0.bb +++ b/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.2.bb @@ -11,7 +11,7 @@ SRC_URI = "\ " # v1.7.0 -SRCREV = "e9b286bb39ad7b0cb7b7d2e819d44d1aff387522" +SRCREV = "e8c840b58f0833e23461c682655fe540aa923f85" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb b/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb index 921143a74c..d923e7ac9b 100644 --- a/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb +++ b/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb @@ -18,4 +18,6 @@ EXTRA_OECMAKE = "-DLONGLONG=ON \ -DEXTENSIONS=OFF \ " +DEV_PKG_DEPENDENCY = "" + FILES:${PN}-dev += "${libdir}/CppUTest/cmake/*" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.11.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.12.bb index b9dc58082a..aa0ce44baa 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.11.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.12.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=a70cf540abf41acb644ac3b621b2fad1" -SRC_URI[sha256sum] = "2df4f9980c4511474687895cbfdb8558293c1a826d9118bb09233d7c2bff1c83" +SRC_URI[sha256sum] = "1c00a14f5a3ed0339d38d2e2e5b74ea2591df5861c0936bb292b84ccf3a78d83" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_2.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_3.0.0.bb index 1ab72e53d1..895f88a62e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_2.1.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_3.0.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/ousret/charset_normalizer" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=0974a390827087287db39928f7c524b5" -SRC_URI[sha256sum] = "5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845" +SRC_URI[sha256sum] = "b27d10ad15740b45fd55f76e6901a4391e6dca3917ef48ecdcf17edf6e00d770" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.6.bb index 44ea5394da..e54398c456 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.6.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "032f8a6fc7cf05ccd1214e4a2e21dfcd6a23b9d575c6573cacc8c67828dbe642" +SRC_URI[sha256sum] = "bceb0fe1a386781af0788cae4108622756cd05e7775448deec04a71ddf87685d" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb index 03231f926a..8d66545fe2 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb @@ -12,6 +12,6 @@ S = "${WORKDIR}/git" inherit setuptools3 PIP_INSTALL_PACKAGE = "gcovr" -RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments" +RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.65.0.bb index af83c1704c..4246d461e9 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.65.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/googleapis/google-api-python-client" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "0dc4c967a5c795e981af01340f1bd22173a986534de968b5456cb208ed6775a6" +SRC_URI[sha256sum] = "b8a0ca8454ad57bc65199044717d3d214197ae1e2d666426bbcd4021b36762e0" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.13.0.bb index 53c1d00ccb..9e4129b6b6 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.13.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" inherit pypi setuptools3 -SRC_URI[sha256sum] = "f12d86502ce0f2c0174e2e70ecc8d36c69593817e67e1d9c5e34489120422e4b" +SRC_URI[sha256sum] = "9352dd6394093169157e6971526bab9a2799244d68a94a4a609f0dd751ef6f5e" RDEPENDS:${PN} += "\ ${PYTHON_PN}-asyncio \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.4.bb index f8f4062a64..2f433814ee 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.4.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5cac039fcc82f01141cc170b48f315d4" PYPI_PACKAGE = "huey" -SRC_URI[sha256sum] = "4fa2f6055d581778c3bcf93fc8c9ce87aecc2a345d5ff35bd955da152c02ef37" +SRC_URI[sha256sum] = "6a27a7862a7a982c0508ad4e548d95765e3b0d97093a51106f07540837a09c86" RDEPENDS:${PN} += " \ python3-datetime \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb index 8cc30489bf..566279d71c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" -SRC_URI[sha256sum] = "1565237372795bf6ee3e5aba5e2a85bd5a65d0e2aa5c628b9a97b7d7a0da3721" +SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.1.bb index 998aa123cd..65cd29d9b4 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.1.bb @@ -6,7 +6,7 @@ HOMEPAGE = "http://pandas.pydata.org/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c1cc9ab35a8b2aabf933cd6d245b5db3" -SRC_URI[sha256sum] = "3ee61b881d2f64dd90c356eb4a4a4de75376586cd3c9341c6c0fcaae18d52977" +SRC_URI[sha256sum] = "249cec5f2a5b22096440bd85c33106b6102e0672204abd2d5c014106459804ee" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.1.bb index 7ffec26e55..075f3bb577 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.1.bb @@ -8,7 +8,7 @@ HOMEPAGE = "https://pika.readthedocs.io" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=678ec81495ba50edf81e84e4f1aa69f3" -SRC_URI[sha256sum] = "15357ddc47a5c28f0b07d80e93d504cbbf7a1ad5e1cd129ecd27afe76472c529" +SRC_URI[sha256sum] = "beb19ff6dd1547f99a29acc2c6987ebb2ba7c44bf44a3f8e305877c5ef7d2fdc" inherit pypi python_setuptools_build_meta diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest new file mode 100644 index 0000000000..3385d68939 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}' diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.2.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb index 454d61a48e..86705d2d8e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.2.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb @@ -3,15 +3,16 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ Contributors." HOMEPAGE = "https://pillow.readthedocs.io" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1" -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.2.x;protocol=https \ +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \ file://0001-support-cross-compiling.patch \ file://0001-explicitly-set-compile-options.patch \ + file://run-ptest \ " SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" -inherit setuptools3 +inherit setuptools3 ptest PIP_INSTALL_PACKAGE = "Pillow" PIP_INSTALL_DIST_PATH = "${S}/dist" @@ -31,12 +32,33 @@ RDEPENDS:${PN} += " \ ${PYTHON_PN}-numbers \ " +RDEPENDS:${PN}-ptest += " \ + bash \ + ghostscript \ + jpeg-tools \ + libwebp \ + ${PYTHON_PN}-core \ + ${PYTHON_PN}-distutils \ + ${PYTHON_PN}-image \ + ${PYTHON_PN}-mmap \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytest-timeout \ + ${PYTHON_PN}-resource \ + ${PYTHON_PN}-unixadmin\ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \ +" + CVE_PRODUCT = "pillow" S = "${WORKDIR}/git" RPROVIDES:${PN} += "python3-imaging" +do_install_ptest() { + install -d ${D}${PTEST_PATH}/Tests + cp -rf ${S}/Tests ${D}${PTEST_PATH}/ +} + BBCLASSEXTEND = "native" -SRCREV = "58acec3312fb8671c9d84829197e1c8150085589" +SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.7.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.8.bb index 24ce61cad7..1eb1832619 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.7.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.8.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=53dbfa56f61b90215a inherit pypi setuptools3 -SRC_URI[sha256sum] = "71d9dba03ed3432c878a801e2ea51e034b0ea01cf3a4344fb60166cb5f6c8757" +SRC_URI[sha256sum] = "427426593b55ff106c84e4a88cac855175330cb6eb7e889e85aaa7b5652b686d" # http://errors.yoctoproject.org/Errors/Details/184715/ # Can't find required file: ../src/google/protobuf/descriptor.proto diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.4.bb index 5e016fb928..62f5c0caad 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.4.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://setup.py;beginline=12;endline=12;md5=2d33c00f47720c7e35e1fdb4b9fab027" -SRC_URI[sha256sum] = "3555a03439eb48d5e0e8c201f7c334c1e13b997d744f93453d4d601c0fc8330f" +SRC_URI[sha256sum] = "acef84640fee6f20b725f2a1d2392771f2845554cfabcef30b1fdea5030161af" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.2.bb index f71d4dad64..bfc5437349 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.2.bb @@ -9,7 +9,7 @@ inherit pypi python_setuptools_build_meta PYPI_PACKAGE = "python-socketio" -SRC_URI[sha256sum] = "5011a0cd2545c954d7df09eef7489ec424c93b001cc146599cd72f1dd20f0d46" +SRC_URI[sha256sum] = "92395062d9db3c13d30e7cdedaa0e1330bba78505645db695415f9a3c628d097" PACKAGECONFIG ?= "asyncio_client client" PACKAGECONFIG[asyncio_client] = ",,,${PYTHON_PN}-aiohttp ${PYTHON_PN}-websockets" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.41.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.42.bb index 5b93458792..6999554b81 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.41.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.42.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sqlalchemy.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=f4001d1ca15b69d096fa1b4fd1bdce79" -SRC_URI[sha256sum] = "0292f70d1797e3c54e862e6f30ae474014648bc9c723e14a2fda730adb0a9791" +SRC_URI[sha256sum] = "177e41914c476ed1e1b77fd05966ea88c094053e17a85303c4ce007f88eff363" PYPI_PACKAGE = "SQLAlchemy" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.1.bb index 3a9f0ad6fd..ea9d6528d4 100644 --- a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb +++ b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.1.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://pywbemtools.readthedocs.io/en/stable/" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa" -SRC_URI[sha256sum] = "0af7e067e0c0ba32cc19c2c2dc67875c591b806c4b49480ebe46e37bfb399684" +SRC_URI[sha256sum] = "3fd2fec6a11992afb8a34c0181b76c8d36c6fae1b79d83fb4542ce08e0fb4127" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch new file mode 100644 index 0000000000..996eabf586 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch @@ -0,0 +1,31 @@ +From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001 +From: Valeria Petrov <valeria.petrov@spinetix.com> +Date: Tue, 18 Apr 2023 15:38:53 +0200 +Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to + include path if mod_rewrite is enabled. + +Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241] + +--- + modules/mappers/config9.m4 | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4 +index 55a97ab993..7120b729b7 100644 +--- a/modules/mappers/config9.m4 ++++ b/modules/mappers/config9.m4 +@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos + APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes) + APACHE_MODULE(rewrite, rule based URL manipulation, , , most) + ++if test "x$enable_rewrite" != "xno"; then ++ # mod_rewrite needs test_char.h ++ APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) ++fi ++ + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) + + APACHE_MODPATH_FINISH +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb index 4f30eca59e..00f8aaa415 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb @@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ file://0001-make_exports.awk-not-expose-the-path.patch \ + file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \ " SRC_URI:append:class-target = " \ @@ -27,7 +28,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340" +SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a" S = "${WORKDIR}/httpd-${PV}" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf index ff2c587046..0852a8859a 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf @@ -1,2 +1,2 @@ -d /var/run/apache2 0755 root root - +d /run/apache2 0755 root root - d /var/log/apache2 0755 root root - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb index 5b7e32733c..d3e22757c4 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb @@ -7,12 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93" SECTION = "net" -SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \ +SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \ file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \ file://monkey.service \ file://monkey.init" -SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb" +SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c" +S = "${WORKDIR}/git" UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases" UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb b/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb index 21bbda331a..eefe3322b3 100644 --- a/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb +++ b/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb @@ -6,3 +6,4 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" inherit xfce-panel-plugin SRC_URI[sha256sum] = "ebda5e5eb62d6e42afdc6f121d2f1cbd4d9d3c2b16a5e3ed8192b1b224b8f825" +DEPENDS += "libpcre" diff --git a/meta-raspberrypi/.github/workflows/compliance.yml b/meta-raspberrypi/.github/workflows/compliance.yml index cfba18533e..ec489f0095 100644 --- a/meta-raspberrypi/.github/workflows/compliance.yml +++ b/meta-raspberrypi/.github/workflows/compliance.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Build a temporary DCO image @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Do reuse check diff --git a/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh b/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh index 135d410c6e..af2c507c54 100755 --- a/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh +++ b/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh @@ -16,6 +16,14 @@ GIT_REPO_PATH="/work" [ -d "$GIT_REPO_PATH/.git" ] || error "Can't find a git checkout under $GIT_REPO_PATH ." cd "$GIT_REPO_PATH" + +# The GitHub runner user and the container user might differ making git error +# out with: +# error: fatal: detected dubious ownership in repository at '/work' +# Avoid this as the security risk is minimum here while guarding the git hooks +# via PRs. +git config --global --add safe.directory /work + dco-check \ --verbose \ --default-branch "origin/$BASE_REF" diff --git a/meta-raspberrypi/.github/workflows/yocto-builds.yml b/meta-raspberrypi/.github/workflows/yocto-builds.yml index d237f0ab39..93f9f46d6a 100644 --- a/meta-raspberrypi/.github/workflows/yocto-builds.yml +++ b/meta-raspberrypi/.github/workflows/yocto-builds.yml @@ -38,7 +38,7 @@ jobs: SSTATE_DIR: /var/lib/ci/yocto/sstate steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Define Yocto build files diff --git a/meta-raspberrypi/.github/workflows/yocto-layer.yml b/meta-raspberrypi/.github/workflows/yocto-layer.yml index 63cb9e90a6..fa11815f1e 100644 --- a/meta-raspberrypi/.github/workflows/yocto-layer.yml +++ b/meta-raspberrypi/.github/workflows/yocto-layer.yml @@ -15,7 +15,7 @@ jobs: runs-on: [self-hosted, Linux] steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Define Yocto build files diff --git a/meta-raspberrypi/conf/machine/raspberrypi4-64.conf b/meta-raspberrypi/conf/machine/raspberrypi4-64.conf index d8b8ec0c14..37217c53ed 100644 --- a/meta-raspberrypi/conf/machine/raspberrypi4-64.conf +++ b/meta-raspberrypi/conf/machine/raspberrypi4-64.conf @@ -12,8 +12,6 @@ MACHINE_EXTRA_RRECOMMENDS += "\ bluez-firmware-rpidistro-bcm4345c5-hcd \ " -DEFAULTTUNE = "cortexa72" - require conf/machine/include/arm/armv8a/tune-cortexa72.inc include conf/machine/include/rpi-base.inc diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera.bbappend b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera_%.bbappend index efa1f80341..efa1f80341 100644 --- a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera.bbappend +++ b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera_%.bbappend diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb index 42cfcdd4d5..3ae43856fe 100644 --- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb +++ b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb @@ -3,16 +3,17 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" SRC_URI = " \ - file://99-com.rules \ + git://github.com/RPi-Distro/raspberrypi-sys-mods;protocol=https;branch=master \ file://can.rules \ " +SRCREV = "5ce3ef2b7f377c23fea440ca9df0e30f3f8447cf" -S = "${WORKDIR}" +S = "${WORKDIR}/git" INHIBIT_DEFAULT_DEPS = "1" do_install () { install -d ${D}${sysconfdir}/udev/rules.d - install -m 0644 ${WORKDIR}/99-com.rules ${D}${sysconfdir}/udev/rules.d/ + install -m 0644 ${S}/etc.armhf/udev/rules.d/99-com.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/can.rules ${D}${sysconfdir}/udev/rules.d/ } diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules deleted file mode 100644 index ddd1e1743e..0000000000 --- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules +++ /dev/null @@ -1,21 +0,0 @@ -KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ - ALIASES=/proc/device-tree/aliases; \ - if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \ - echo 0;\ - elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \ - echo 1; \ - else \ - exit 1; \ - fi\ -'", SYMLINK+="serial%c" - -KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\ - ALIASES=/proc/device-tree/aliases; \ - if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \ - echo 0; \ - elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \ - echo 1; \ - else \ - exit 1; \ - fi \ -'", SYMLINK+="serial%c" diff --git a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py index 6be84bade3..3729863344 100644 --- a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py +++ b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py @@ -24,6 +24,10 @@ class ParsecTest(OERuntimeTestCase): self.parsec_status='pgrep -l parsec' self.parsec_reload='/etc/init.d/parsec reload' + def tearDown(self): + self.target.run('sync') + super(ParsecTest, self).tearDown() + def copy_subconfig(self, cfg, provider): """ Copy a provider configuration to target and append it to Parsec config """ @@ -61,9 +65,18 @@ class ParsecTest(OERuntimeTestCase): def check_packageconfig(self, prov): """ Check that the require provider is included in Parsec """ - if prov not in self.tc.td['PACKAGECONFIG:pn-parsec-service']: + + if 'PACKAGECONFIG:pn-parsec-service' in self.tc.td.keys(): + providers = self.tc.td['PACKAGECONFIG:pn-parsec-service'] + else: + # PACKAGECONFIG is not defined in local.conf + # Let's use the default value + providers = "PKCS11 MBED-CRYPTO" + if 'tpm2' in self.tc.td['DISTRO_FEATURES']: + providers += " TPM" + if prov not in providers: self.skipTest('%s provider is not included in Parsec. Parsec PACKAGECONFIG: "%s"' % \ - (prov, self.tc.td['PACKAGECONFIG:pn-parsec-service'])) + (prov, providers)) def check_packages(self, prov, packages): """ Check for the required packages for Parsec providers software backends """ diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb index fb36fab3a1..fb0105e29d 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb @@ -3,6 +3,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +PACKAGE_ARCH = "${TUNE_PKGARCH}" + inherit packagegroup PACKAGES = "${PN}" @@ -12,6 +14,9 @@ RDEPENDS:packagegroup-security-tpm2 = " \ tpm2-tools \ trousers \ tpm2-tss \ + libtss2-mu \ + libtss2-tcti-device \ + libtss2-tcti-mssim \ libtss2 \ tpm2-abrmd \ tpm2-pkcs11 \ diff --git a/poky/bitbake/bin/bitbake b/poky/bitbake/bin/bitbake index 7cbf88f480..f869eb4854 100755 --- a/poky/bitbake/bin/bitbake +++ b/poky/bitbake/bin/bitbake @@ -25,8 +25,7 @@ except RuntimeError as exc: from bb import cookerdata from bb.main import bitbake_main, BitBakeConfigParameters, BBMainException -if sys.getfilesystemencoding() != "utf-8": - sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.") +bb.utils.check_system_locale() __version__ = "2.2.0" diff --git a/poky/bitbake/bin/bitbake-server b/poky/bitbake/bin/bitbake-server index f53f88b6b0..d00bb068b8 100755 --- a/poky/bitbake/bin/bitbake-server +++ b/poky/bitbake/bin/bitbake-server @@ -12,8 +12,9 @@ warnings.simplefilter("default") import logging sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(sys.argv[0])), 'lib')) -if sys.getfilesystemencoding() != "utf-8": - sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.") +import bb + +bb.utils.check_system_locale() # Users shouldn't be running this code directly if len(sys.argv) != 10 or not sys.argv[1].startswith("decafbad"): diff --git a/poky/bitbake/bin/bitbake-worker b/poky/bitbake/bin/bitbake-worker index 7be39370b3..f3198c54a4 100755 --- a/poky/bitbake/bin/bitbake-worker +++ b/poky/bitbake/bin/bitbake-worker @@ -24,8 +24,7 @@ import subprocess from multiprocessing import Lock from threading import Thread -if sys.getfilesystemencoding() != "utf-8": - sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.") +bb.utils.check_system_locale() # Users shouldn't be running this code directly if len(sys.argv) != 2 or not sys.argv[1].startswith("decafbad"): diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst index 9c269ca837..519aec9a9f 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst @@ -424,8 +424,8 @@ This fetcher supports the following parameters: - *"nobranch":* Tells the fetcher to not check the SHA validation for the branch when set to "1". The default is "0". Set this option for - the recipe that refers to the commit that is valid for a tag instead - of the branch. + the recipe that refers to the commit that is valid for any namespace + (branch, tag, ...) instead of the branch. - *"bareclone":* Tells the fetcher to clone a bare clone into the destination directory without checking out a working tree. Only the diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst index b533d9dc0e..b7c3d8091f 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst @@ -422,6 +422,12 @@ documentation to a BitBake variable as follows:: CACHE[doc] = "The directory holding the cache of the metadata." +.. note:: + + Variable flag names starting with an underscore (``_``) character + are allowed but are ignored by ``d.getVarFlags("VAR")`` + in Python code. Such flag names are used internally by BitBake. + Inline Python Variable Expansion -------------------------------- diff --git a/poky/bitbake/lib/bb/asyncrpc/serv.py b/poky/bitbake/lib/bb/asyncrpc/serv.py index 5cf45f908a..d2de4891b8 100644 --- a/poky/bitbake/lib/bb/asyncrpc/serv.py +++ b/poky/bitbake/lib/bb/asyncrpc/serv.py @@ -42,7 +42,7 @@ class AsyncServerConnection(object): # Read protocol and version client_protocol = await self.reader.readline() - if client_protocol is None: + if not client_protocol: return (client_proto_name, client_proto_version) = client_protocol.decode('utf-8').rstrip().split() @@ -59,7 +59,7 @@ class AsyncServerConnection(object): # an empty line to signal the end of the headers while True: line = await self.reader.readline() - if line is None: + if not line: return line = line.decode('utf-8').rstrip() diff --git a/poky/bitbake/lib/bb/cookerdata.py b/poky/bitbake/lib/bb/cookerdata.py index 8a354fed7c..b4bfba335a 100644 --- a/poky/bitbake/lib/bb/cookerdata.py +++ b/poky/bitbake/lib/bb/cookerdata.py @@ -160,12 +160,7 @@ def catch_parse_error(func): def wrapped(fn, *args): try: return func(fn, *args) - except IOError as exc: - import traceback - parselog.critical(traceback.format_exc()) - parselog.critical("Unable to parse %s: %s" % (fn, exc)) - raise bb.BBHandledException() - except bb.data_smart.ExpansionError as exc: + except Exception as exc: import traceback bbdir = os.path.dirname(__file__) + os.sep @@ -177,9 +172,6 @@ def catch_parse_error(func): break parselog.critical("Unable to parse %s" % fn, exc_info=(exc_class, exc, tb)) raise bb.BBHandledException() - except bb.parse.ParseError as exc: - parselog.critical(str(exc)) - raise bb.BBHandledException() return wrapped @catch_parse_error @@ -302,14 +294,9 @@ class CookerDataBuilder(object): bb.event.fire(bb.event.MultiConfigParsed(self.mcdata), self.data) self.data_hash = data_hash.hexdigest() - except (SyntaxError, bb.BBHandledException): - raise bb.BBHandledException() except bb.data_smart.ExpansionError as e: logger.error(str(e)) raise bb.BBHandledException() - except Exception: - logger.exception("Error parsing configuration files") - raise bb.BBHandledException() # Handle obsolete variable names @@ -436,7 +423,7 @@ class CookerDataBuilder(object): msg += (" and bitbake did not find a conf/bblayers.conf file in" " the expected location.\nMaybe you accidentally" " invoked bitbake from the wrong directory?") - raise SystemExit(msg) + bb.fatal(msg) if not data.getVar("TOPDIR"): data.setVar("TOPDIR", os.path.abspath(os.getcwd())) diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py index 17d4904927..4645a5af0e 100644 --- a/poky/bitbake/lib/bb/fetch2/git.py +++ b/poky/bitbake/lib/bb/fetch2/git.py @@ -44,7 +44,8 @@ Supported SRC_URI options are: - nobranch Don't check the SHA validation for branch. set this option for the recipe - referring to commit which is valid in tag instead of branch. + referring to commit which is valid in any namespace (branch, tag, ...) + instead of branch. The default is "0", set nobranch=1 if needed. - usehead @@ -243,7 +244,7 @@ class Git(FetchMethod): for name in ud.names: ud.unresolvedrev[name] = 'HEAD' - ud.basecmd = d.getVar("FETCHCMD_git") or "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat" + ud.basecmd = d.getVar("FETCHCMD_git") or "git -c gc.autoDetach=false -c core.pager=cat" write_tarballs = d.getVar("BB_GENERATE_MIRROR_TARBALLS") or "0" ud.write_tarballs = write_tarballs != "0" or ud.rebaseable @@ -366,9 +367,13 @@ class Git(FetchMethod): # If the repo still doesn't exist, fallback to cloning it if not os.path.exists(ud.clonedir): - # We do this since git will use a "-l" option automatically for local urls where possible + # We do this since git will use a "-l" option automatically for local urls where possible, + # but it doesn't work when git/objects is a symlink, only works when it is a directory. if repourl.startswith("file://"): - repourl = repourl[7:] + repourl_path = repourl[7:] + objects = os.path.join(repourl_path, 'objects') + if os.path.isdir(objects) and not os.path.islink(objects): + repourl = repourl_path clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, shlex.quote(repourl), ud.clonedir) if ud.proto.lower() != 'file': bb.fetch2.check_network_access(d, clone_cmd, ud.url) @@ -382,7 +387,11 @@ class Git(FetchMethod): runfetchcmd("%s remote rm origin" % ud.basecmd, d, workdir=ud.clonedir) runfetchcmd("%s remote add --mirror=fetch origin %s" % (ud.basecmd, shlex.quote(repourl)), d, workdir=ud.clonedir) - fetch_cmd = "LANG=C %s fetch -f --progress %s refs/*:refs/*" % (ud.basecmd, shlex.quote(repourl)) + + if ud.nobranch: + fetch_cmd = "LANG=C %s fetch -f --progress %s refs/*:refs/*" % (ud.basecmd, shlex.quote(repourl)) + else: + fetch_cmd = "LANG=C %s fetch -f --progress %s refs/heads/*:refs/heads/* refs/tags/*:refs/tags/*" % (ud.basecmd, shlex.quote(repourl)) if ud.proto.lower() != 'file': bb.fetch2.check_network_access(d, fetch_cmd, ud.url) progresshandler = GitProgressHandler(d) diff --git a/poky/bitbake/lib/bb/fetch2/gitsm.py b/poky/bitbake/lib/bb/fetch2/gitsm.py index 25d5db0e5b..c5f7c03c4c 100644 --- a/poky/bitbake/lib/bb/fetch2/gitsm.py +++ b/poky/bitbake/lib/bb/fetch2/gitsm.py @@ -115,7 +115,7 @@ class GitSM(Git): # This has to be a file reference proto = "file" url = "gitsm://" + uris[module] - if "{}{}".format(ud.host, ud.path) in url: + if url.endswith("{}{}".format(ud.host, ud.path)): raise bb.fetch2.FetchError("Submodule refers to the parent repository. This will cause deadlock situation in current version of Bitbake." \ "Consider using git fetcher instead.") diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index 48e25401ba..ba75660555 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -2489,17 +2489,6 @@ class RunQueueExecute: self.sq_buildable.remove(tid) if tid in self.sq_running: self.sq_running.remove(tid) - harddepfail = False - for t in self.sqdata.sq_harddeps: - if tid in self.sqdata.sq_harddeps[t] and t in self.scenequeue_notcovered: - harddepfail = True - break - if not harddepfail and self.sqdata.sq_revdeps[tid].issubset(self.scenequeue_covered | self.scenequeue_notcovered): - if tid not in self.sq_buildable: - self.sq_buildable.add(tid) - if not self.sqdata.sq_revdeps[tid]: - self.sq_buildable.add(tid) - if tid in self.sqdata.outrightfail: self.sqdata.outrightfail.remove(tid) if tid in self.scenequeue_notcovered: @@ -2518,21 +2507,36 @@ class RunQueueExecute: if tid in self.build_stamps: del self.build_stamps[tid] - update_tasks.append((tid, harddepfail, tid in self.sqdata.valid)) + update_tasks.append(tid) + + update_tasks2 = [] + for tid in update_tasks: + harddepfail = False + for t in self.sqdata.sq_harddeps: + if tid in self.sqdata.sq_harddeps[t] and t in self.scenequeue_notcovered: + harddepfail = True + break + if not harddepfail and self.sqdata.sq_revdeps[tid].issubset(self.scenequeue_covered | self.scenequeue_notcovered): + if tid not in self.sq_buildable: + self.sq_buildable.add(tid) + if not self.sqdata.sq_revdeps[tid]: + self.sq_buildable.add(tid) + + update_tasks2.append((tid, harddepfail, tid in self.sqdata.valid)) - if update_tasks: + if update_tasks2: self.sqdone = False for mc in sorted(self.sqdata.multiconfigs): - for tid in sorted([t[0] for t in update_tasks]): + for tid in sorted([t[0] for t in update_tasks2]): if mc_from_tid(tid) != mc: continue h = pending_hash_index(tid, self.rqdata) if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]: self.sq_deferred[tid] = self.sqdata.hashes[h] bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h])) - update_scenequeue_data([t[0] for t in update_tasks], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False) + update_scenequeue_data([t[0] for t in update_tasks2], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False) - for (tid, harddepfail, origvalid) in update_tasks: + for (tid, harddepfail, origvalid) in update_tasks2: if tid in self.sqdata.valid and not origvalid: hashequiv_logger.verbose("Setscene task %s became valid" % tid) if harddepfail: diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py index 5d02c0b9f5..3668a32b71 100644 --- a/poky/bitbake/lib/bb/server/process.py +++ b/poky/bitbake/lib/bb/server/process.py @@ -28,6 +28,7 @@ import datetime import pickle import traceback import gc +import stat import bb.server.xmlrpcserver from bb import daemonize from multiprocessing import queues @@ -64,6 +65,9 @@ class ProcessServer(): self.bitbake_lock_name = lockname self.sock = sock self.sockname = sockname + # It is possible the directory may be renamed. Cache the inode of the socket file + # so we can tell if things changed. + self.sockinode = os.stat(self.sockname)[stat.ST_INO] self.server_timeout = server_timeout self.timeout = self.server_timeout @@ -246,10 +250,16 @@ class ProcessServer(): serverlog("Exiting") # Remove the socket file so we don't get any more connections to avoid races + # The build directory could have been renamed so if the file isn't the one we created + # we shouldn't delete it. try: - os.unlink(self.sockname) - except: - pass + sockinode = os.stat(self.sockname)[stat.ST_INO] + if sockinode == self.sockinode: + os.unlink(self.sockname) + else: + serverlog("bitbake.sock inode mismatch (%s vs %s), not deleting." % (sockinode, self.sockinode)) + except Exception as err: + serverlog("Removing socket file '%s' failed (%s)" % (self.sockname, err)) self.sock.close() try: @@ -532,6 +542,7 @@ def execServer(lockfd, readypipeinfd, lockname, sockname, server_timeout, xmlrpc # Create server control socket if os.path.exists(sockname): + serverlog("WARNING: removing existing socket file '%s'" % sockname) os.unlink(sockname) sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) diff --git a/poky/bitbake/lib/bb/siggen.py b/poky/bitbake/lib/bb/siggen.py index 07bb529452..dd7039e5de 100644 --- a/poky/bitbake/lib/bb/siggen.py +++ b/poky/bitbake/lib/bb/siggen.py @@ -332,19 +332,19 @@ class SignatureGeneratorBasic(SignatureGenerator): data = self.basehash[tid] for dep in self.runtaskdeps[tid]: - data = data + self.get_unihash(dep) + data += self.get_unihash(dep) for (f, cs) in self.file_checksum_values[tid]: if cs: if "/./" in f: - data = data + "./" + f.split("/./")[1] - data = data + cs + data += "./" + f.split("/./")[1] + data += cs if tid in self.taints: if self.taints[tid].startswith("nostamp:"): - data = data + self.taints[tid][8:] + data += self.taints[tid][8:] else: - data = data + self.taints[tid] + data += self.taints[tid] h = hashlib.sha256(data.encode("utf-8")).hexdigest() self.taskhash[tid] = h diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py index 64a004d0d8..d09e178249 100644 --- a/poky/bitbake/lib/bb/utils.py +++ b/poky/bitbake/lib/bb/utils.py @@ -13,6 +13,7 @@ import errno import logging import bb import bb.msg +import locale import multiprocessing import fcntl import importlib @@ -608,6 +609,21 @@ def preserved_envvars(): ] return v + preserved_envvars_exported() +def check_system_locale(): + """Make sure the required system locale are available and configured""" + default_locale = locale.getlocale(locale.LC_CTYPE) + + try: + locale.setlocale(locale.LC_CTYPE, ("en_US", "UTF-8")) + except: + sys.exit("Please make sure locale 'en_US.UTF-8' is available on your system") + else: + locale.setlocale(locale.LC_CTYPE, default_locale) + + if sys.getfilesystemencoding() != "utf-8": + sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\n" + "Python can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.") + def filter_environment(good_vars): """ Create a pristine environment for bitbake. This will remove variables that @@ -992,6 +1008,9 @@ def to_boolean(string, default=None): if not string: return default + if isinstance(string, int): + return string != 0 + normalized = string.lower() if normalized in ("y", "yes", "1", "true"): return True @@ -1680,23 +1699,20 @@ def disable_network(uid=None, gid=None): def export_proxies(d): """ export common proxies variables from datastore to environment """ - import os variables = ['http_proxy', 'HTTP_PROXY', 'https_proxy', 'HTTPS_PROXY', 'ftp_proxy', 'FTP_PROXY', 'no_proxy', 'NO_PROXY', - 'GIT_PROXY_COMMAND'] - exported = False + 'GIT_PROXY_COMMAND', 'SSL_CERT_FILE', 'SSL_CERT_DIR'] - for v in variables: - if v in os.environ.keys(): - exported = True - else: - v_proxy = d.getVar(v) - if v_proxy is not None: - os.environ[v] = v_proxy - exported = True + origenv = d.getVar("BB_ORIGENV") + + for name in variables: + value = d.getVar(name) + if not value and origenv: + value = origenv.getVar(name) + if value: + os.environ[name] = value - return exported def load_plugins(logger, plugins, pluginpath): diff --git a/poky/bitbake/lib/bblayers/layerindex.py b/poky/bitbake/lib/bblayers/layerindex.py index 0ac8fd2ec7..ba91fac669 100644 --- a/poky/bitbake/lib/bblayers/layerindex.py +++ b/poky/bitbake/lib/bblayers/layerindex.py @@ -49,6 +49,31 @@ class LayerIndexPlugin(ActionPlugin): else: logger.plain("Repository %s needs to be fetched" % url) return subdir, layername, layerdir + elif os.path.exists(repodir) and branch: + """ + If the repo is already cloned, ensure it is on the correct branch, + switching branches if necessary and possible. + """ + base_cmd = ['git', '--git-dir=%s/.git' % repodir, '--work-tree=%s' % repodir] + cmd = base_cmd + ['branch'] + completed_proc = subprocess.run(cmd, text=True, capture_output=True) + if completed_proc.returncode: + logger.error("Unable to validate repo %s (%s)" % (repodir, stderr)) + return None, None, None + else: + if branch != completed_proc.stdout[2:-1]: + cmd = base_cmd + ['status', '--short'] + completed_proc = subprocess.run(cmd, text=True, capture_output=True) + if completed_proc.stdout.count('\n') != 0: + logger.warning("There are uncommitted changes in repo %s" % repodir) + cmd = base_cmd + ['checkout', branch] + completed_proc = subprocess.run(cmd, text=True, capture_output=True) + if completed_proc.returncode: + # Could be due to original shallow clone on a different branch for example + logger.error("Unable to automatically switch %s to desired branch '%s' (%s)" + % (repodir, branch, completed_proc.stderr)) + return None, None, None + return subdir, layername, layerdir elif os.path.exists(layerdir): return subdir, layername, layerdir else: diff --git a/poky/bitbake/lib/toaster/orm/fixtures/README b/poky/bitbake/lib/toaster/orm/fixtures/README index 1b1c660aac..7cd745e26b 100644 --- a/poky/bitbake/lib/toaster/orm/fixtures/README +++ b/poky/bitbake/lib/toaster/orm/fixtures/README @@ -27,4 +27,4 @@ Data can be provided in XML, JSON and if installed YAML formats. Use the django management command manage.py loaddata <your fixture file> For further information see the Django command documentation at: -https://docs.djangoproject.com/en/1.8/ref/django-admin/#django-admin-loaddata +https://docs.djangoproject.com/en/3.2/ref/django-admin/#django-admin-loaddata diff --git a/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py b/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py index 0d5f4533bf..f0a09be754 100755 --- a/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py +++ b/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py @@ -35,17 +35,18 @@ verbose = False # [Codename, Yocto Project Version, Release Date, Current Version, Support Level, Poky Version, BitBake branch] current_releases = [ # Release slot #1 - ['Kirkstone','3.5','April 2022','','Future - Long Term Support (until Apr. 2024)','27.0','1.54'], -# ['Dunfell','3.1','April 2021','3.1.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','23.0','1.46'], + ['Kirkstone','4.0','April 2022','4.0.8 (March 2023)','Stable - Long Term Support (until Apr. 2024)','','2.0'], # Release slot #2 'local' ['HEAD','HEAD','','Local Yocto Project','HEAD','','HEAD'], # Release slot #3 'master' ['Master','master','','Yocto Project master','master','','master'], # Release slot #4 - ['Honister','3.4','October 2021','3.4.2 (February 2022)','Support for 7 months (until May 2022)','26.0','1.52'], -# ['Gatesgarth','3.2','Oct 2020','3.2.4 (May 2021)','EOL','24.0','1.48'], + ['Langdale','4.1','October 2022','4.1.3 (March 2023)','Support for 7 months (until May 2023)','','2.2'], +# ['Honister','3.4','October 2021','3.4.2 (February 2022)','Support for 7 months (until May 2022)','26.0','1.52'], +# ['Gatesgarth','3.2','Oct 2020','3.2.4 (May 2021)','EOL','24.0','1.48'], # Optional Release slot #4 - ['Hardknott','3.3','April 2021','3.3.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','25.0','1.50'], + ['Dunfell','3.1','April 2021','3.1.23 (February 2023)','Stable - Long Term Support (until Apr. 2024)','23.0','1.46'], +# ['Hardknott','3.3','April 2021','3.3.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','25.0','1.50'], ] default_poky_layers = [ diff --git a/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml b/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml index 450e7a2f85..615e88aba1 100644 --- a/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml +++ b/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml @@ -10,7 +10,7 @@ <object model="orm.bitbakeversion" pk="1"> <field type="CharField" name="name">kirkstone</field> <field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field> - <field type="CharField" name="branch">1.54</field> + <field type="CharField" name="branch">2.0</field> </object> <object model="orm.bitbakeversion" pk="2"> <field type="CharField" name="name">HEAD</field> @@ -23,14 +23,14 @@ <field type="CharField" name="branch">master</field> </object> <object model="orm.bitbakeversion" pk="4"> - <field type="CharField" name="name">honister</field> + <field type="CharField" name="name">langdale</field> <field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field> - <field type="CharField" name="branch">1.52</field> + <field type="CharField" name="branch">2.2</field> </object> <object model="orm.bitbakeversion" pk="5"> - <field type="CharField" name="name">hardknott</field> + <field type="CharField" name="name">dunfell</field> <field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field> - <field type="CharField" name="branch">1.50</field> + <field type="CharField" name="branch">1.46</field> </object> <!-- Releases available --> @@ -56,18 +56,18 @@ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/\">OpenEmbedded master</a> branch.</field> </object> <object model="orm.release" pk="4"> - <field type="CharField" name="name">honister</field> - <field type="CharField" name="description">Openembedded Honister</field> + <field type="CharField" name="name">langdale</field> + <field type="CharField" name="description">Openembedded Langdale</field> <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field> - <field type="CharField" name="branch_name">honister</field> - <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=honister\">OpenEmbedded Honister</a> branch.</field> + <field type="CharField" name="branch_name">langdale</field> + <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=langdale\">OpenEmbedded Langdale</a> branch.</field> </object> <object model="orm.release" pk="5"> - <field type="CharField" name="name">hardknott</field> - <field type="CharField" name="description">Openembedded Hardknott</field> + <field type="CharField" name="name">dunfell</field> + <field type="CharField" name="description">Openembedded Dunfell</field> <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field> - <field type="CharField" name="branch_name">hardknott</field> - <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=hardknott\">OpenEmbedded Hardknott</a> branch.</field> + <field type="CharField" name="branch_name">dunfell</field> + <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=dunfell\">OpenEmbedded Dunfell</a> branch.</field> </object> <!-- Default layers for each release --> diff --git a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml index 20fcc01767..04e12f96fd 100644 --- a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml +++ b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml @@ -26,15 +26,15 @@ <field type="CharField" name="dirpath">bitbake</field> </object> <object model="orm.bitbakeversion" pk="4"> - <field type="CharField" name="name">honister</field> + <field type="CharField" name="name">langdale</field> <field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field> - <field type="CharField" name="branch">honister</field> + <field type="CharField" name="branch">langdale</field> <field type="CharField" name="dirpath">bitbake</field> </object> <object model="orm.bitbakeversion" pk="5"> - <field type="CharField" name="name">hardknott</field> + <field type="CharField" name="name">dunfell</field> <field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field> - <field type="CharField" name="branch">hardknott</field> + <field type="CharField" name="branch">dunfell</field> <field type="CharField" name="dirpath">bitbake</field> </object> @@ -62,18 +62,18 @@ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/">Yocto Project Master branch</a>.</field> </object> <object model="orm.release" pk="4"> - <field type="CharField" name="name">honister</field> - <field type="CharField" name="description">Yocto Project 3.4 "Honister"</field> + <field type="CharField" name="name">langdale</field> + <field type="CharField" name="description">Yocto Project 4.1 "Langdale"</field> <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field> - <field type="CharField" name="branch_name">honister</field> - <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=honister">Yocto Project Honister branch</a>.</field> + <field type="CharField" name="branch_name">langdale</field> + <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=langdale">Yocto Project Langdale branch</a>.</field> </object> <object model="orm.release" pk="5"> - <field type="CharField" name="name">hardknott</field> - <field type="CharField" name="description">Yocto Project 3.3 "Hardknott"</field> + <field type="CharField" name="name">dunfell</field> + <field type="CharField" name="description">Yocto Project 3.1 "Dunfell"</field> <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field> - <field type="CharField" name="branch_name">hardknott</field> - <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=hardknott">Yocto Project Hardknott branch</a>.</field> + <field type="CharField" name="branch_name">dunfell</field> + <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=dunfell">Yocto Project Dunfell branch</a>.</field> </object> <!-- Default project layers for each release --> @@ -177,14 +177,14 @@ <field rel="ManyToOneRel" to="orm.layer" name="layer">1</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">4</field> - <field type="CharField" name="branch">honister</field> + <field type="CharField" name="branch">langdale</field> <field type="CharField" name="dirpath">meta</field> </object> <object model="orm.layer_version" pk="5"> <field rel="ManyToOneRel" to="orm.layer" name="layer">1</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">5</field> - <field type="CharField" name="branch">hardknott</field> + <field type="CharField" name="branch">dunfell</field> <field type="CharField" name="dirpath">meta</field> </object> @@ -222,14 +222,14 @@ <field rel="ManyToOneRel" to="orm.layer" name="layer">2</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">4</field> - <field type="CharField" name="branch">honister</field> + <field type="CharField" name="branch">langdale</field> <field type="CharField" name="dirpath">meta-poky</field> </object> <object model="orm.layer_version" pk="10"> <field rel="ManyToOneRel" to="orm.layer" name="layer">2</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">5</field> - <field type="CharField" name="branch">hardknott</field> + <field type="CharField" name="branch">dunfell</field> <field type="CharField" name="dirpath">meta-poky</field> </object> @@ -267,14 +267,14 @@ <field rel="ManyToOneRel" to="orm.layer" name="layer">3</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">4</field> - <field type="CharField" name="branch">honister</field> + <field type="CharField" name="branch">langdale</field> <field type="CharField" name="dirpath">meta-yocto-bsp</field> </object> <object model="orm.layer_version" pk="15"> <field rel="ManyToOneRel" to="orm.layer" name="layer">3</field> <field type="IntegerField" name="layer_source">0</field> <field rel="ManyToOneRel" to="orm.release" name="release">5</field> - <field type="CharField" name="branch">hardknott</field> + <field type="CharField" name="branch">dunfell</field> <field type="CharField" name="dirpath">meta-yocto-bsp</field> </object> </django-objects> diff --git a/poky/documentation/bsp-guide/bsp.rst b/poky/documentation/bsp-guide/bsp.rst index 7e17b42886..dbbcf47620 100644 --- a/poky/documentation/bsp-guide/bsp.rst +++ b/poky/documentation/bsp-guide/bsp.rst @@ -1180,14 +1180,14 @@ Use these steps to create a BSP layer: :yocto_git:`Source Repositories <>`. To get examples of what you need in your configuration file, locate a layer (e.g. "meta-ti") and examine the - :yocto_git:`local.conf </meta-ti/tree/conf/layer.conf>` + :yocto_git:`local.conf </meta-ti/tree/meta-ti-bsp/conf/layer.conf>` file. - *Create a Machine Configuration File:* Create a ``conf/machine/bsp_root_name.conf`` file. See :yocto_git:`meta-yocto-bsp/conf/machine </poky/tree/meta-yocto-bsp/conf/machine>` for sample ``bsp_root_name.conf`` files. There are other samples such as - :yocto_git:`meta-ti </meta-ti/tree/conf/machine>` + :yocto_git:`meta-ti </meta-ti/tree/meta-ti-bsp/conf/machine>` and :yocto_git:`meta-freescale </meta-freescale/tree/conf/machine>` from other vendors that have more specific machine and tuning @@ -1210,7 +1210,7 @@ BSP Layer Configuration Example ------------------------------- The layer's ``conf`` directory contains the ``layer.conf`` configuration -file. In this example, the ``conf/layer.conf`` is the following:: +file. In this example, the ``conf/layer.conf`` file is the following:: # We have a conf and classes directory, add to BBPATH BBPATH .= ":${LAYERDIR}" diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 07a15ce7de..bd45a73fa6 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -106,6 +106,7 @@ extlinks = { 'oe_wiki': ('https://www.openembedded.org/wiki%s', None), 'oe_layerindex': ('https://layers.openembedded.org%s', None), 'oe_layer': ('https://layers.openembedded.org/layerindex/branch/master/layer%s', None), + 'wikipedia': ('https://en.wikipedia.org/wiki/%s', None), } # Intersphinx config to use cross reference with BitBake user manual diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst index 53e7686633..afea9ec72e 100644 --- a/poky/documentation/dev-manual/common-tasks.rst +++ b/poky/documentation/dev-manual/common-tasks.rst @@ -5092,9 +5092,9 @@ default :term:`FILES` variables in ``bitbake.conf``:: SOLIBS = ".so.*" SOLIBSDEV = ".so" - FILES_${PN} = "... ${libdir}/lib*${SOLIBS} ..." + FILES:${PN} = "... ${libdir}/lib*${SOLIBS} ..." FILES_SOLIBSDEV ?= "... ${libdir}/lib*${SOLIBSDEV} ..." - FILES_${PN}-dev = "... ${FILES_SOLIBSDEV} ..." + FILES:${PN}-dev = "... ${FILES_SOLIBSDEV} ..." :term:`SOLIBS` defines a pattern that matches real shared object libraries. :term:`SOLIBSDEV` matches the development form (unversioned symlink). These two @@ -8902,21 +8902,21 @@ You can start the tests automatically or manually: bitbake -c testimage image -All test files reside in ``meta/lib/oeqa/runtime`` in the +All test files reside in ``meta/lib/oeqa/runtime/cases`` in the :term:`Source Directory`. A test name maps directly to a Python module. Each test module may contain a number of individual tests. Tests are usually grouped together by the area tested -(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/systemd.py``). +(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/cases/systemd.py``). You can add tests to any layer provided you place them in the proper area and you extend :term:`BBPATH` in the ``local.conf`` file as normal. Be sure that tests reside in -``layer/lib/oeqa/runtime``. +``layer/lib/oeqa/runtime/cases``. .. note:: Be sure that module names do not collide with module names used in - the default set of test modules in ``meta/lib/oeqa/runtime``. + the default set of test modules in ``meta/lib/oeqa/runtime/cases``. You can change the set of tests run by appending or overriding :term:`TEST_SUITES` variable in @@ -9009,7 +9009,7 @@ Writing New Tests As mentioned previously, all new test files need to be in the proper place for the build system to find them. New tests for additional functionality outside of the core should be added to the layer that adds -the functionality, in ``layer/lib/oeqa/runtime`` (as long as +the functionality, in ``layer/lib/oeqa/runtime/cases`` (as long as :term:`BBPATH` is extended in the layer's ``layer.conf`` file as normal). Just remember the following: @@ -10734,7 +10734,7 @@ without using the scripts once the steps in command, see ``GIT-SEND-EMAIL(1)`` displayed using the ``man git-send-email`` command. -The Yocto Project uses a `Patchwork instance <https://patchwork.openembedded.org/>`__ +The Yocto Project uses a `Patchwork instance <https://patchwork.yoctoproject.org/>`__ to track the status of patches submitted to the various mailing lists and to support automated patch testing. Each submitted patch is checked for common mistakes and deviations from the expected patch format and submitters are @@ -11229,8 +11229,6 @@ to be covered by assuming that there are three main areas of concern: - Compilation scripts and modifications to the source code must be provided. -- spdx files can be provided. - There are other requirements beyond the scope of these three and the methods described in this section (e.g. the mechanism through which source code is distributed). @@ -11422,39 +11420,6 @@ layers (recipes, configuration files, and so forth) enables you to meet your requirements to include the scripts to control compilation as well as any modifications to the original source. -Providing spdx files -~~~~~~~~~~~~~~~~~~~~~~~~~ - -The spdx module has been integrated to a layer named meta-spdxscanner. -meta-spdxscanner provides several kinds of scanner. If you want to enable -this function, you have to follow the following steps: - -1. Add meta-spdxscanner layer into ``bblayers.conf``. - -2. Refer to the README in meta-spdxscanner to setup the environment (e.g, - setup a fossology server) needed for the scanner. - -3. Meta-spdxscanner provides several methods within the bbclass to create spdx files. - Please choose one that you want to use and enable the spdx task. You have to - add some config options in ``local.conf`` file in your :term:`Build - Directory`. Here is an example showing how to generate spdx files - during BitBake using the fossology-python.bbclass:: - - # Select fossology-python.bbclass. - INHERIT += "fossology-python" - # For fossology-python.bbclass, TOKEN is necessary, so, after setup a - # Fossology server, you have to create a token. - TOKEN = "eyJ0eXAiO..." - # The fossology server is necessary for fossology-python.bbclass. - FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" - # If you want to upload the source code to a special folder: - FOLDER_NAME = "xxxx" //Optional - # If you don't want to put spdx files in tmp/deploy/spdx, you can enable: - SPDX_DEPLOY_DIR = "${DEPLOY_DIR}" //Optional - -For more usage information refer to :yocto_git:`the meta-spdxscanner repository -</meta-spdxscanner/>`. - Compliance Limitations with Executables Built from Static Libraries ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -11495,12 +11460,12 @@ the license from the fetched source:: Checking for Vulnerabilities ============================ -Vulnerabilities in images -------------------------- +Vulnerabilities in Poky and OE-Core +----------------------------------- The Yocto Project has an infrastructure to track and address unfixed known security vulnerabilities, as tracked by the public -`Common Vulnerabilities and Exposures (CVE) <https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures>`__ +:wikipedia:`Common Vulnerabilities and Exposures (CVE) <Common_Vulnerabilities_and_Exposures>` database. The Yocto Project maintains a `list of known vulnerabilities @@ -11509,14 +11474,78 @@ for packages in Poky and OE-Core, tracking the evolution of the number of unpatched CVEs and the status of patches. Such information is available for the current development version and for each supported release. -To know which packages are vulnerable to known security vulnerabilities -in the specific image you are building, add the following setting to your -configuration:: +Security is a process, not a product, and thus at any time, a number of security +issues may be impacting Poky and OE-Core. It is up to the maintainers, users, +contributors and anyone interested in the issues to investigate and possibly fix them by +updating software components to newer versions or by applying patches to address them. +It is recommended to work with Poky and OE-Core upstream maintainers and submit +patches to fix them, see ":ref:`dev-manual/common-tasks:submitting a change to the yocto project`" for details. + +Vulnerability check at build time +--------------------------------- + +To enable a check for CVE security vulnerabilities using :ref:`cve-check <ref-classes-cve-check>` in the specific image +or target you are building, add the following setting to your configuration:: INHERIT += "cve-check" -This way, at build time, BitBake will warn you about known CVEs -as in the example below:: +The CVE database contains some old incomplete entries which have been +deemed not to impact Poky or OE-Core. These CVE entries can be excluded from the +check using build configuration:: + + include conf/distro/include/cve-extra-exclusions.inc + +With this CVE check enabled, BitBake build will try to map each compiled software component +recipe name and version information to the CVE database and generate recipe and +image specific reports. These reports will contain: + +- metadata about the software component like names and versions + +- metadata about the CVE issue such as description and NVD link + +- for each software component, a list of CVEs which are possibly impacting this version + +- status of each CVE: ``Patched``, ``Unpatched`` or ``Ignored`` + +The status ``Patched`` means that a patch file to address the security issue has been +applied. ``Unpatched`` status means that no patches to address the issue have been +applied and that the issue needs to be investigated. ``Ignored`` means that after +analysis, it has been deemed to ignore the issue as it for example affects +the software component on a different operating system platform. + +After a build with CVE check enabled, reports for each compiled source recipe will be +found in ``build/tmp/deploy/cve``. + +For example the CVE check report for the ``flex-native`` recipe looks like:: + + $ cat poky/build/tmp/deploy/cve/flex-native + LAYER: meta + PACKAGE NAME: flex-native + PACKAGE VERSION: 2.6.4 + CVE: CVE-2016-6354 + CVE STATUS: Patched + CVE SUMMARY: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. + CVSS v2 BASE SCORE: 7.5 + CVSS v3 BASE SCORE: 9.8 + VECTOR: NETWORK + MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6354 + + LAYER: meta + PACKAGE NAME: flex-native + PACKAGE VERSION: 2.6.4 + CVE: CVE-2019-6293 + CVE STATUS: Ignored + CVE SUMMARY: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. + CVSS v2 BASE SCORE: 4.3 + CVSS v3 BASE SCORE: 5.5 + VECTOR: NETWORK + MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6293 + +For images, a summary of all recipes included in the image and their CVEs is also +generated in textual and JSON formats. These ``.cve`` and ``.json`` reports can be found +in the ``tmp/deploy/images`` directory for each compiled image. + +At build time CVE check will also throw warnings about ``Unpatched`` CVEs:: WARNING: flex-2.6.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-6293), for more information check /poky/build/tmp/work/core2-64-poky-linux/flex/2.6.4-r0/temp/cve.log WARNING: libarchive-3.5.1-r0 do_cve_check: Found unpatched CVE (CVE-2021-36976), for more information check /poky/build/tmp/work/core2-64-poky-linux/libarchive/3.5.1-r0/temp/cve.log @@ -11525,21 +11554,46 @@ It is also possible to check the CVE status of individual packages as follows:: bitbake -c cve_check flex libarchive -Note that OpenEmbedded-Core keeps a list of known unfixed CVE issues which can -be ignored. You can pass this list to the check as follows:: +Fixing CVE product name and version mappings +-------------------------------------------- + +By default, :ref:`cve-check <ref-classes-cve-check>` uses the recipe name :term:`BPN` as CVE +product name when querying the CVE database. If this mapping contains false positives, e.g. +some reported CVEs are not for the software component in question, or false negatives like +some CVEs are not found to impact the recipe when they should, then the problems can be +in the recipe name to CVE product mapping. These mapping issues can be fixed by setting +the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of the software component in the +upstream `NIST CVE database <https://nvd.nist.gov/>`__. - bitbake -c cve_check libarchive -R conf/distro/include/cve-extra-exclusions.inc +The variable supports using vendor and product names like this:: -Enabling vulnerabily tracking in recipes ----------------------------------------- + CVE_PRODUCT = "flex_project:flex" -The :term:`CVE_PRODUCT` variable defines the name used to match the recipe name -against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__. +In this example the vendor name used in the CVE database is ``flex_project`` and the +product is ``flex``. With this setting the ``flex`` recipe only maps to this specific +product and not products from other vendors with same name ``flex``. -Editing recipes to fix vulnerabilities --------------------------------------- +Similarly, when the recipe version :term:`PV` is not compatible with software versions used by +the upstream software component releases and the CVE database, these can be fixed using +the :term:`CVE_VERSION` variable. + +Note that if the CVE entries in the NVD database contain bugs or have missing or incomplete +information, it is recommended to fix the information there directly instead of working +around the issues possibly for a long time in Poky and OE-Core side recipes. Feedback to +NVD about CVE entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__. -To fix a given known vulnerability, you need to add a patch file to your recipe. Here's +Fixing vulnerabilities in recipes +--------------------------------- + +If a CVE security issue impacts a software component, it can be fixed by updating to a newer +version of the software component or by applying a patch. For Poky and OE-Core master branches, updating +to a newer software component release with fixes is the best option, but patches can be applied +if releases are not yet available. + +For stable branches, it is preferred to apply patches for the issues. For some software +components minor version updates can also be applied if they are backwards compatible. + +Here is an example of fixing CVE security issues with patch files, an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`:: SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ @@ -11551,31 +11605,21 @@ an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`:: file://fix-CVE-2020-22033-CVE-2020-22019.patch \ file://fix-CVE-2021-33815.patch \ -The :ref:`cve-check <ref-classes-cve-check>` class defines two ways of -supplying a patch for a given CVE. The first -way is to use a patch filename that matches the below pattern:: +A good practice is to include the CVE identifier in both the patch file name +and inside the patch file commit message using the format:: - cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") + CVE: CVE-2020-22033 -As shown in the example above, multiple CVE IDs can appear in a patch filename, -but the :ref:`cve-check <ref-classes-cve-check>` class will only consider -the last CVE ID in the filename as patched. +CVE checker will then capture this information and change the CVE status to ``Patched`` +in the generated reports. -The second way to recognize a patched CVE ID is when a line matching the -below pattern is found in any patch file provided by the recipe:: +If analysis shows that the CVE issue does not impact the recipe due to configuration, platform, +version or other reasons, the CVE can be marked as ``Ignored`` using the :term:`CVE_CHECK_IGNORE` variable. +As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those +issues in the CVE database directly. - cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") - -This allows a single patch file to address multiple CVE IDs at the same time. - -Of course, another way to fix vulnerabilities is to upgrade to a version -of the package which is not impacted, typically a more recent one. -The NIST database knows which versions are vulnerable and which ones -are not. - -Last but not least, you can choose to ignore vulnerabilities through -the :term:`CVE_CHECK_SKIP_RECIPE` and :term:`CVE_CHECK_IGNORE` -variables. +Recipes can be completely skipped by CVE check by including the recipe name in +the :term:`CVE_CHECK_SKIP_RECIPE` variable. Implementation details ---------------------- @@ -11592,24 +11636,110 @@ file. The found CVE IDs are also considered as patched. Then, the code looks up all the CVE IDs in the NIST database for all the products defined in :term:`CVE_PRODUCT`. Then, for each found CVE: - - If the package name (:term:`PN`) is part of - :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as patched. +- If the package name (:term:`PN`) is part of + :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as ``Patched``. - - If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is - considered as patched too. +- If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is + set as ``Ignored``. - - If the CVE ID is part of the patched CVE for the recipe, it is - already considered as patched. +- If the CVE ID is part of the patched CVE for the recipe, it is + already considered as ``Patched``. - - Otherwise, the code checks whether the recipe version (:term:`PV`) +- Otherwise, the code checks whether the recipe version (:term:`PV`) is within the range of versions impacted by the CVE. If so, the CVE - is considered as unpatched. + is considered as ``Unpatched``. The CVE database is stored in :term:`DL_DIR` and can be inspected using ``sqlite3`` command as follows:: sqlite3 downloads/CVE_CHECK/nvdcve_1.1.db .dump | grep CVE-2021-37462 +When analyzing CVEs, it is recommended to: + +- study the latest information in `CVE database <https://nvd.nist.gov/vuln/search>`__. + +- check how upstream developers of the software component addressed the issue, e.g. + what patch was applied, which upstream release contains the fix. + +- check what other Linux distributions like `Debian <https://security-tracker.debian.org/tracker/>`__ + did to analyze and address the issue. + +- follow security notices from other Linux distributions. + +- follow public `open source security mailing lists <https://oss-security.openwall.org/wiki/mailing-lists>`__ for + discussions and advance notifications of CVE bugs and software releases with fixes. + +Creating a Software Bill of Materials +===================================== + +Once you are able to build an image for your project, once the licenses for +each software component are all identified (see +":ref:`dev-manual/common-tasks:working with licenses`") and once vulnerability +fixes are applied (see ":ref:`dev-manual/common-tasks:checking +for vulnerabilities`"), the OpenEmbedded build system can generate +a description of all the components you used, their licenses, their dependencies, +the changes that were applied and the known vulnerabilities that were fixed. + +This description is generated in the form of a *Software Bill of Materials* +(:term:`SBOM`), using the :term:`SPDX` standard. + +When you release software, this is the most standard way to provide information +about the Software Supply Chain of your software image and SDK. The +:term:`SBOM` tooling is often used to ensure open source license compliance by +providing the license texts used in the product which legal departments and end +users can read in standardized format. + +:term:`SBOM` information is also critical to performing vulnerability exposure +assessments, as all the components used in the Software Supply Chain are listed. + +The OpenEmbedded build system doesn't generate such information by default. +To make this happen, you must inherit the +:ref:`create-spdx <ref-classes-create-spdx>` class from a configuration file:: + + INHERIT += "create-spdx" + +You then get :term:`SPDX` output in JSON format as an +``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the +:term:`Build Directory`. + +This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json`` +containing an index of JSON :term:`SPDX` files for individual recipes, together +with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such +files. + +The :ref:`create-spdx <ref-classes-create-spdx>` class offers options to include +more information in the output :term:`SPDX` data, such as making the generated +files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of +the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`), +adding a description of the source files handled by the target recipes +(:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source files +themselves (:term:`SPDX_ARCHIVE_SOURCES`). + +Though the toplevel :term:`SPDX` output is available in +``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary +generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as: + +- The individual :term:`SPDX` JSON files in the ``IMAGE-MACHINE.spdx.tar.zst`` + archive. + +- Compressed archives of the files in the generated target packages, + in ``packages/packagename.tar.zst`` (when :term:`SPDX_ARCHIVE_PACKAGED` + is set). + +- Compressed archives of the source files used to build the host tools + and the target packages in ``recipes/recipe-packagename.tar.zst`` + (when :term:`SPDX_ARCHIVE_SOURCES` is set). Those are needed to fulfill + "source code access" license requirements. + +See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX` +project website for a list of tools to consume and transform the :term:`SPDX` +data generated by the OpenEmbedded build system. + +See also Joshua Watt's +`Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__ +presentation at FOSDEM 2023. + + Using the Error Reporting Tool ============================== diff --git a/poky/documentation/kernel-dev/faq.rst b/poky/documentation/kernel-dev/faq.rst index e40e3ff372..76923f6104 100644 --- a/poky/documentation/kernel-dev/faq.rst +++ b/poky/documentation/kernel-dev/faq.rst @@ -36,7 +36,7 @@ How do I install/not-install the kernel image on the root filesystem? The kernel image (e.g. ``vmlinuz``) is provided by the ``kernel-image`` package. Image recipes depend on ``kernel-base``. To specify whether or not the kernel image is installed in the generated -root filesystem, override ``RDEPENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not +root filesystem, override ``RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not include "kernel-image". See the ":ref:`dev-manual/common-tasks:appending other layers metadata with your layer`" section in the diff --git a/poky/documentation/migration-guides/migration-4.0.rst b/poky/documentation/migration-guides/migration-4.0.rst index 02d3c3e2bd..ab82280f5e 100644 --- a/poky/documentation/migration-guides/migration-4.0.rst +++ b/poky/documentation/migration-guides/migration-4.0.rst @@ -265,3 +265,6 @@ Miscellaneous changes when parsing recipes. Any code depending on the previous behaviour will no longer work - change any such code to explicitly use appropriate path variables instead. +- In order to exclude the kernel image from the image rootfs, + :term:`RRECOMMENDS`\ ``:${KERNEL_PACKAGE_NAME}-base`` should be set instead of + :term:`RDEPENDS`\ ``:${KERNEL_PACKAGE_NAME}-base``. diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index 9f67daaffb..2294265a46 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -1,3 +1,5 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + Release 4.0 (kirkstone) ======================= @@ -9,3 +11,7 @@ Release 4.0 (kirkstone) release-notes-4.0.2 release-notes-4.0.3 release-notes-4.0.4 + release-notes-4.0.5 + release-notes-4.0.6 + release-notes-4.0.7 + release-notes-4.0.8 diff --git a/poky/documentation/migration-guides/release-4.1.rst b/poky/documentation/migration-guides/release-4.1.rst index 8ebf4a4c95..dbca7c7e04 100644 --- a/poky/documentation/migration-guides/release-4.1.rst +++ b/poky/documentation/migration-guides/release-4.1.rst @@ -1,3 +1,5 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + Release 4.1 (langdale) ====================== @@ -5,3 +7,6 @@ Release 4.1 (langdale) migration-4.1 release-notes-4.1 + release-notes-4.1.1 + release-notes-4.1.2 + release-notes-4.1.3 diff --git a/poky/documentation/migration-guides/release-notes-4.0.5.rst b/poky/documentation/migration-guides/release-notes-4.0.5.rst new file mode 100644 index 0000000000..ea0280b03c --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.5.rst @@ -0,0 +1,196 @@ +Release notes for Yocto-4.0.5 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.5 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- qemu: fix :cve:`2021-3750`, :cve:`2021-3611` and :cve:`2022-2962` +- binutils : fix :cve:`2022-38126`, :cve:`2022-38127` and :cve:`2022-38128` +- tff: fix :cve:`2022-2867`, :cve:`2022-2868` and :cve:`2022-2869` +- inetutils: fix :cve:`2022-39028` +- go: fix :cve:`2022-27664` + +Fixes in Yocto-4.0.5 +~~~~~~~~~~~~~~~~~~~~ + +- Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks" +- bind: upgrade to 9.18.7 +- binutils: stable 2.38 branch updates (dc2474e7) +- bitbake: Fix npm to use https rather than http +- bitbake: asyncrpc/client: Fix unix domain socket chdir race issues +- bitbake: bitbake: Add copyright headers where missing +- bitbake: gitsm: Error out if submodule refers to parent repo +- bitbake: runqueue: Drop deadlock breaking force fail +- bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig +- bitbake: runqueue: Improve deadlock warning messages +- bitbake: siggen: Fix insufficent entropy in sigtask file names +- bitbake: tests/fetch: Allow handling of a file:// url within a submodule +- build-appliance-image: Update to kirkstone head revision (4a88ada) +- busybox: add devmem 128-bit support +- classes: files: Extend overlayfs-etc class +- coreutils: add openssl PACKAGECONFIG +- create-pull-request: don't switch the git remote protocol to git:// +- dev-manual: fix reference to BitBake user manual +- expat: upgrade 2.4.8 -> 2.4.9 +- files: overlayfs-etc: refactor preinit template +- gcc-cross-canadian: add default plugin linker +- gcc: add arm-v9 support +- git: upgrade 2.35.4 -> 2.35.5 +- glibc-locale: explicitly remove empty dirs in ${libdir} +- glibc-tests: use += instead of :append +- glibc: stable 2.35 branch updates.(8d125a1f) +- go-native: switch from SRC_URI:append to SRC_URI += +- image_types_wic.bbclass: fix cross binutils dependency +- kern-tools: allow 'y' or 'm' to avoid config audit warnings +- kern-tools: fix queue processing in relative TOPDIR configurations +- kernel-yocto: allow patch author date to be commit date +- libpng: upgrade to 1.6.38 +- linux-firmware: package new Qualcomm firmware +- linux-firmware: upgrade 20220708 -> 20220913 +- linux-libc-headers: switch from SRC_URI:append to SRC_URI += +- linux-yocto-dev: add qemuarm64 +- linux-yocto/5.10: update to v5.10.149 +- linux-yocto/5.15: cfg: fix ACPI warnings for -tiny +- linux-yocto/5.15: update to v5.15.68 +- local.conf.sample: correct the location of public hashserv +- ltp: Fix pread02 case trigger the glibc overflow detection +- lttng-modules: Fix crash on powerpc64 +- lttng-tools: Disable on qemuriscv32 +- lttng-tools: Disable on riscv32 +- migration-guides: add 4.0.4 release notes +- oeqa/runtime/dnf: fix typo +- own-mirrors: add crate +- perf: Fix for recent kernel upgrades +- poky.conf: bump version for 4.0.5 +- poky.yaml.in: update version requirements +- python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI += +- python3: upgrade 3.10.4 -> 3.10.7 +- qemu: Backport patches from upstream to support float128 on qemu-ppc64 +- rpm: Remove -Wimplicit-function-declaration warnings +- rpm: update to 4.17.1 +- rsync: update to 3.2.5 +- stress-cpu: disable float128 math on powerpc64 to avoid SIGILL +- tune-neoversen2: support tune-neoversen2 base on armv9a +- tzdata: update to 2022d +- u-boot: switch from append to += in SRC_URI +- uninative: Upgrade to 3.7 to work with glibc 2.36 +- vim: Upgrade to 9.0.0598 +- webkitgtk: Update to 2.36.7 + + +Known Issues in Yocto-4.0.5 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- There are recent CVEs in key components such as openssl. They are not included in this release as it was built before the issues were known and fixes were available but these are now available on the kirkstone branch. + + +Contributors to Yocto-4.0.5 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Adrian Freihofer +- Alexander Kanavin +- Alexandre Belloni +- Bhabu Bindu +- Bruce Ashfield +- Chen Qi +- Daniel McGregor +- Denys Dmytriyenko +- Dmitry Baryshkov +- Florin Diaconescu +- He Zhe +- Joshua Watt +- Khem Raj +- Martin Jansa +- Michael Halstead +- Michael Opdenacker +- Mikko Rapeli +- Mingli Yu +- Neil Horman +- Pavel Zhukov +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Ruiqiang Hao +- Samuli Piippo +- Steve Sakoman +- Sundeep KOKKONDA +- Teoh Jay Shen +- Tim Orling +- Virendra Thakur +- Vyacheslav Yurkov +- Xiangyu Chen +- Yash Shinde +- pgowda +- Wang Mingyu + + +Repositories / Downloads for Yocto-4.0.5 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.5 </poky/log/?h=yocto-4.0.5>` +- Git Revision: :yocto_git:`2e79b199114b25d81bfaa029ccfb17676946d20d </poky/commit/?id=2e79b199114b25d81bfaa029ccfb17676946d20d>` +- Release Artefact: poky-2e79b199114b25d81bfaa029ccfb17676946d20d +- sha: 7bcf3f901d4c5677fc95944ab096e9e306f4c758a658dde5befd16861ad2b8ea +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.5 </openembedded-core/log/?h=yocto-4.0.5>` +- Git Revision: :oe_git:`fbdf93f43ff4b876487e1f26752598ec8abcb46e </openembedded-core/commit/?id=fbdf93f43ff4b876487e1f26752598ec8abcb46e>` +- Release Artefact: oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e +- sha: 2d9b5a8e9355b633bb57633cc8c2d319ba13fe4721f79204e61116b3faa6cbf1 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.5 </meta-mingw/log/?h=yocto-4.0.5>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.5 </meta-gplv2/log/?h=yocto-4.0.5>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.5 </bitbake/log/?h=yocto-4.0.5>` +- Git Revision: :oe_git:`c90d57497b9bcd237c3ae810ee8edb5b0d2d575a </bitbake/commit/?id=c90d57497b9bcd237c3ae810ee8edb5b0d2d575a>` +- Release Artefact: bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a +- sha: 5698d548ce179036e46a24f80b213124c8825a4f443fa1d6be7ab0f70b01a9ff +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.5 </yocto-docs/log/?h=yocto-4.0.5>` +- Git Revision: :yocto_git:`8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3 </yocto-docs/commit/?id=8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3>` + diff --git a/poky/documentation/migration-guides/release-notes-4.0.6.rst b/poky/documentation/migration-guides/release-notes-4.0.6.rst new file mode 100644 index 0000000000..76d23fcf0c --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.6.rst @@ -0,0 +1,313 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.6 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- bash: Fix :cve:`2022-3715` +- curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916` +- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012` +- dropbear: Fix :cve:`2021-36369` +- ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965` +- go: Fix :cve:`2022-2880` +- grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736` +- libarchive: Fix :cve:`2022-36227` +- libpam: Fix :cve:`2022-28321` +- libsndfile1: Fix :cve:`2021-4156` +- lighttpd: Fix :cve:`2022-41556` +- openssl: Fix :cve:`2022-3358` +- pixman: Fix :cve:`2022-44638` +- python3-mako: Fix :cve:`2022-40023` +- python3: Fix :cve:`2022-42919` +- qemu: Fix :cve:`2022-3165` +- sysstat: Fix :cve:`2022-39377` +- systemd: Fix :cve:`2022-3821` +- tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970` +- vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141` +- wayland: Fix :cve:`2021-3782` +- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551` + + +Fixes in Yocto-4.0.6 +~~~~~~~~~~~~~~~~~~~~ + +- archiver: avoid using machine variable as it breaks multiconfig +- babeltrace: upgrade to 1.5.11 +- bind: upgrade to 9.18.8 +- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK +- bitbake: gitsm: Fix regression in gitsm submodule path parsing +- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse +- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware +- bluez5: add dbus to RDEPENDS +- build-appliance-image: Update to kirkstone head revision +- buildtools-tarball: export certificates to python and curl +- cargo_common.bbclass: Fix typos +- classes: make TOOLCHAIN more permissive for kernel +- cmake-native: Fix host tool contamination (Bug: 14951) +- common-tasks.rst: fix oeqa runtime test path +- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED +- create-spdx: Remove ";name=..." for downloadLocation +- create-spdx: default share_src for shared sources +- cve-update-db-native: add timeout to urlopen() calls +- dbus: upgrade to 1.14.4 +- dhcpcd: fix to work with systemd +- expat: upgrade to 2.5.0 +- externalsrc.bbclass: Remove a trailing slash from ${B} +- externalsrc.bbclass: fix git repo detection +- externalsrc: git submodule--helper list unsupported +- gcc-shared-source: Fix source date epoch handling +- gcc-source: Drop gengtype manipulation +- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change +- gcc-source: Fix gengtypes race +- gdk-pixbuf: upgrade to 2.42.10 +- get_module_deps3.py: Check attribute '__file__' +- glib-2.0: fix rare GFileInfo test case failure +- glibc-locale: Do not INHIBIT_DEFAULT_DEPS +- gnomebase.bbclass: return the whole version for tarball directory if it is a number +- gnutls: Unified package names to lower-case +- groff: submit patches upstream +- gstreamer1.0-libav: fix errors with ffmpeg 5.x +- gstreamer1.0: upgrade to 1.20.4 +- ifupdown: upgrade to 0.8.39 +- insane.bbclass: Allow hashlib version that only accepts on parameter +- iso-codes: upgrade to 4.12.0 +- kea: submit patch upstream (fix-multilib-conflict.patch) +- kern-tools: fix relative path processing +- kern-tools: integrate ZFS speedup patch +- kernel-yocto: improve fatal error messages of symbol_why.py +- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR +- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild +- kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all +- libcap: upgrade to 2.66 +- libepoxy: convert to git +- libepoxy: update to 1.5.10 +- libffi: submit patch upstream (0001-arm-sysv-reverted-clang-VFP-mitigation.patch ) +- libffi: upgrade to 3.4.4 +- libical: upgrade to 3.0.16 +- libksba: upgrade to 1.6.2 +- libuv: fixup SRC_URI +- libxcrypt: upgrade to 4.4.30 +- lighttpd: upgrade to 1.4.67 +- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 +- linux-firmware: don't put the firmware into the sysroot +- linux-firmware: package amdgpu firmware +- linux-firmware: split rtl8761 firmware +- linux-firmware: upgrade to 20221109 +- linux-yocto/5.10: update genericx86* machines to v5.10.149 +- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings +- linux-yocto/5.15: update genericx86* machines to v5.15.72 +- linux-yocto/5.15: update to v5.15.78 +- ltp: backport clock_gettime04 fix from upstream +- lttng-modules: upgrade to 2.13.7 +- lttng-tools: Upgrade to 2.13.8 +- lttng-tools: submit determinism.patch upstream +- lttng-ust: upgrade to 2.13.5 +- meson: make wrapper options sub-command specific +- meta-selftest/staticids: add render group for systemd +- mirrors.bbclass: update CPAN_MIRROR +- mirrors.bbclass: use shallow tarball for binutils-native +- mobile-broadband-provider-info: upgrade 20220725 -> 20221107 +- mtd-utils: upgrade 2.1.4 -> 2.1.5 +- numactl: upgrade to 2.0.16 +- oe/packagemanager/rpm: don't leak file objects +- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include +- oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo +- oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() +- openssl: Fix SSL_CERT_FILE to match ca-certs location +- openssl: upgrade to 3.0.7 +- openssl: export necessary env vars in SDK +- opkg-utils: use a git clone, not a dynamic snapshot +- opkg: Set correct info_dir and status_file in opkg.conf +- overlayfs: Allow not used mount points +- ovmf: correct patches status +- package: Fix handling of minidebuginfo with newer binutils +- perf: Depend on native setuptools3 +- poky.conf: bump version for 4.0.6 +- psplash: add psplash-default in rdepends +- psplash: consider the situation of psplash not exist for systemd +- python3: advance to version 3.10.8 +- qemu-helper-native: Correctly pass program name as argv[0] +- qemu-helper-native: Re-write bridge helper as C program +- qemu-native: Add PACKAGECONFIG option for jack +- qemu: add io_uring PACKAGECONFIG +- quilt: backport a patch to address grep 3.8 failures +- resolvconf: make it work +- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature +- runqemu: Do not perturb script environment +- runqemu: Fix gl-es argument from causing other arguments to be ignored +- sanity: Drop data finalize call +- sanity: check for GNU tar specifically +- scripts/oe-check-sstate: cleanup +- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot +- scripts: convert-overrides: Allow command-line customizations +- socat: upgrade to 1.7.4.4 +- SPDX and CVE documentation updates +- sstate: Allow optimisation of do_deploy_archives task dependencies +- sstatesig: emit more helpful error message when not finding sstate manifest +- sstatesig: skip the rm_work task signature +- sudo: upgrade to 1.9.12p1 +- systemd: Consider PACKAGECONFIG in RRECOMMENDS +- systemd: add group render to udev package +- tcl: correct patch status +- tiff: refresh with devtool +- tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch +- u-boot: Remove duplicate inherit of cml1 +- uboot-sign: Fix using wrong KEY_REQ_ARGS +- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that +- valgrind: remove most hidden tests for arm64 +- vim: Upgrade to 9.0.0947 +- vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack +- wic: honor the SOURCE_DATE_EPOCH in case of updated fstab +- wic: make ext2/3/4 images reproducible +- wic: swap partitions are not added to fstab +- wpebackend-fdo: upgrade to 1.14.0 +- xserver-xorg: move some recommended dependencies in required +- xwayland: upgrade to 22.1.5 + + +Known Issues in Yocto-4.0.6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alex Kiernan +- Alexander Kanavin +- Alexey Smirnov +- Bartosz Golaszewski +- Bernhard Rosenkränzer +- Bhabu Bindu +- Bruce Ashfield +- Chee Yang Lee +- Chen Qi +- Christian Eggers +- Claus Stovgaard +- Diego Sueiro +- Dmitry Baryshkov +- Ed Tanous +- Enrico Jörns +- Etienne Cordonnier +- Frank de Brabander +- Harald Seiler +- Hitendra Prajapati +- Jan-Simon Moeller +- Jeremy Puhlman +- Joe Slater +- John Edward Broadbent +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Keiya Nobuta +- Khem Raj +- Konrad Weihmann +- Leon Anavi +- Liam Beguin +- Marek Vasut +- Mark Hatle +- Martin Jansa +- Michael Opdenacker +- Mikko Rapeli +- Narpat Mali +- Nathan Rossi +- Niko Mauno +- Pavel Zhukov +- Peter Kjellerstedt +- Peter Marko +- Polampalli, Archana +- Qiu, Zheng +- Ravula Adhitya Siddartha +- Richard Purdie +- Ross Burton +- Sakib Sajal +- Sean Anderson +- Sergei Zhmylev +- Steve Sakoman +- Teoh Jay Shen +- Thomas Perrot +- Tim Orling +- Vincent Davis Jr +- Vivek Kumbhar +- Vyacheslav Yurkov +- Wang Mingyu +- Xiangyu Chen +- Zheng Qiu +- Ciaran Courtney +- Wang Mingyu + + +Repositories / Downloads for Yocto-4.0.6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.6 </poky/log/?h=yocto-4.0.6>` +- Git Revision: :yocto_git:`c4e08719a782fd4119eaf643907b80cebf57f88f </poky/commit/?id=c4e08719a782fd4119eaf643907b80cebf57f88f>` +- Release Artefact: poky-c4e08719a782fd4119eaf643907b80cebf57f88f +- sha: 2eb3b323dd2ccd25f9442bfbcbde82bc081fad5afd146a8e6dde439db24a99d4 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.6 </openembedded-core/log/?h=yocto-4.0.6>` +- Git Revision: :oe_git:`45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 </openembedded-core/commit/?id=45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2>` +- Release Artefact: oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 +- sha: de8b443365927befe67cc443b60db57563ff0726377223f836a3f3971cf405ec +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.6 </meta-mingw/log/?h=yocto-4.0.6>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.6 </meta-gplv2/log/?h=yocto-4.0.6>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.6 </bitbake/log/?h=yocto-4.0.6>` +- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>` +- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509 +- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.6 </yocto-docs/log/?h=yocto-4.0.6>` +- Git Revision: :yocto_git:`c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f </yocto-docs/commit/?id=c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f>` + + diff --git a/poky/documentation/migration-guides/release-notes-4.0.7.rst b/poky/documentation/migration-guides/release-notes-4.0.7.rst new file mode 100644 index 0000000000..9e8ad51a0c --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.7.rst @@ -0,0 +1,242 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.7 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils: Fix :cve:`2022-4285` +- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552>`__ +- ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341` +- go: Fix :cve:`2022-41715` and :cve:`2022-41717` +- libX11: Fix :cve:`2022-3554` and :cve:`2022-3555` +- libarchive: Fix :cve:`2022-36227` +- libksba: Fix :cve:`2022-47629` +- libpng: Fix :cve:`2019-6129` +- libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304` +- openssl: Fix :cve:`2022-3996` +- python3: Fix :cve:`2022-45061` +- python3-git: Fix :cve:`2022-24439` +- python3-setuptools: Fix :cve:`2022-40897` +- python3-wheel: Fix :cve:`2022-40898` +- qemu: Fix :cve:`2022-4144` +- sqlite: Fix :cve:`2022-46908` +- systemd: Fix :cve:`2022-45873` +- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088` +- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891>`__ and :cve:`2022-32912` + + +Fixes in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~ + +- Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" +- at: Change when files are copied +- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES +- base.bbclass: Fix way to check ccache path +- bc: extend to nativesdk +- bind: upgrade to 9.18.10 +- busybox: always start do_compile with orig config files +- busybox: rm temporary files if do_compile was interrupted +- cairo: fix CVE patches assigned wrong CVE number +- cairo: update patch for :cve:`2019-6461` with upstream solution +- classes/create-spdx: Add SPDX_PRETTY option +- classes: image: Set empty weak default IMAGE_LINGUAS +- combo-layer: add sync-revs command +- combo-layer: dont use bb.utils.rename +- combo-layer: remove unused import +- curl: Correct LICENSE from MIT-open-group to curl +- cve-check: write the cve manifest to IMGDEPLOYDIR +- cve-update-db-native: avoid incomplete updates +- cve-update-db-native: show IP on failure +- dbus: Add missing CVE product name +- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree +- devtool: process local files only for the main branch +- dhcpcd: backport two patches to fix runtime error +- docs: kernel-dev: faq: update tip on how to not include kernel in image +- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe +- efibootmgr: update compilation with musl +- externalsrc: fix lookup for .gitmodules +- ffmpeg: refresh patches to apply cleanly +- freetype:update mirror site. +- gcc: Refactor linker patches and fix linker on arm with usrmerge +- glibc: stable 2.35 branch updates. +- go-crosssdk: avoid host contamination by GOCACHE +- gstreamer1.0: Fix race conditions in gstbin tests +- gstreamer1.0: upgrade to 1.20.5 +- gtk-icon-cache: Fix GTKIC_CMD if-else condition +- harfbuzz: remove bindir only if it exists +- kernel-fitimage: Adjust order of dtb/dtbo files +- kernel-fitimage: Allow user to select dtb when multiple dtb exists +- kernel.bbclass: remove empty module directories to prevent QA issues +- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories +- lib/oe/reproducible: Use git log without gpg signature +- libepoxy: remove upstreamed patch +- libnewt: update 0.52.21 -> 0.52.23 +- libseccomp: fix typo in DESCRIPTION +- libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 +- libxml2: fix test data checksums +- linux-firmware: upgrade 20221109 -> 20221214 +- linux-yocto/5.10: update to v5.10.152 +- linux-yocto/5.10: update to v5.10.154 +- linux-yocto/5.10: update to v5.10.160 +- linux-yocto/5.15: fix perf build with clang +- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off +- linux-yocto/5.15: ltp and squashfs fixes +- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy +- linux-yocto/5.15: update to v5.15.84 +- lsof: add update-alternatives logic +- lttng-modules: update 2.13.7 -> 2.13.8 +- manuals: add 4.0.5 and 4.0.6 release notes +- manuals: document SPDX_PRETTY variable +- mpfr: upgrade 4.1.0 -> 4.1.1 +- oeqa/concurrencytest: Add number of failures to summary output +- oeqa/rpm.py: Increase timeout and add debug output +- oeqa/selftest/externalsrc: add test for srctree_hash_files +- openssh: remove RRECOMMENDS to rng-tools for sshd package +- poky.conf: bump version for 4.0.7 +- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image +- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively +- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work +- ruby: merge .inc into .bb +- ruby: update 3.1.2 -> 3.1.3 +- selftest/virgl: use pkg-config from the host +- tiff: Add packageconfig knob for webp +- toolchain-scripts: compatibility with unbound variable protection +- tzdata: update 2022d -> 2022g +- valgrind: skip the boost_thread test on arm +- xserver-xorg: upgrade 21.1.4 -> 21.1.6 +- xwayland: libxshmfence is needed when dri3 is enabled +- xwayland: upgrade 22.1.5 -> 22.1.7 +- yocto-check-layer: Allow OE-Core to be tested + + +Known Issues in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alex Stewart +- Alexander Kanavin +- Antonin Godard +- Benoît Mauduit +- Bhabu Bindu +- Bruce Ashfield +- Carlos Alberto Lopez Perez +- Changqing Li +- Chen Qi +- Daniel Gomez +- Florin Diaconescu +- He Zhe +- Hitendra Prajapati +- Jagadeesh Krishnanjanappa +- Jan Kircher +- Jermain Horsman +- Jose Quaresma +- Joshua Watt +- KARN JYE LAU +- Kai Kang +- Khem Raj +- Luis +- Marta Rybczynska +- Martin Jansa +- Mathieu Dubois-Briand +- Michael Opdenacker +- Narpat Mali +- Ovidiu Panait +- Pavel Zhukov +- Peter Marko +- Petr Kubizňák +- Quentin Schulz +- Randy MacLeod +- Ranjitsinh Rathod +- Richard Purdie +- Robert Andersson +- Ross Burton +- Sandeep Gundlupet Raju +- Saul Wold +- Steve Sakoman +- Vivek Kumbhar +- Wang Mingyu +- Xiangyu Chen +- Yash Shinde +- Yogita Urade + + +Repositories / Downloads for Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.7 </poky/log/?h=yocto-4.0.7>` +- Git Revision: :yocto_git:`65dafea22018052fe7b2e17e6e4d7eb754224d38 </poky/commit/?id=65dafea22018052fe7b2e17e6e4d7eb754224d38>` +- Release Artefact: poky-65dafea22018052fe7b2e17e6e4d7eb754224d38 +- sha: 6b1b67600b84503e2d5d29bcd6038547339f4f9413b830cd2408df825eda642d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.7 </openembedded-core/log/?h=yocto-4.0.7>` +- Git Revision: :oe_git:`a8c82902384f7430519a31732a4bb631f21693ac </openembedded-core/commit/?id=a8c82902384f7430519a31732a4bb631f21693ac>` +- Release Artefact: oecore-a8c82902384f7430519a31732a4bb631f21693ac +- sha: 6f2dbc4ea1e388620ef77ac3a7bbb2b5956bb8bf9349b0c16cd7610e9996f5ea +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.7 </meta-mingw/log/?h=yocto-4.0.7>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.7 </meta-gplv2/log/?h=yocto-4.0.7>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.7 </bitbake/log/?h=yocto-4.0.7>` +- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>` +- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509 +- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.7 </yocto-docs/log/?h=yocto-4.0.7>` +- Git Revision: :yocto_git:`5883e897c34f25401b358a597fb6e18d80f7f90b </yocto-docs/commit/?id=5883e897c34f25401b358a597fb6e18d80f7f90b>` + + diff --git a/poky/documentation/migration-guides/release-notes-4.0.8.rst b/poky/documentation/migration-guides/release-notes-4.0.8.rst new file mode 100644 index 0000000000..223b74fbaf --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.8.rst @@ -0,0 +1,217 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.8 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.8 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- apr-util: Fix :cve:`2022-25147` +- apr: Fix :cve:`2022-24963`, :cve:`2022-28331` and :cve:`2021-35940` +- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924` +- git: Ignore :cve:`2022-41953` +- git: Fix :cve:`2022-23521` and :cve:`2022-41903` +- libgit2: Fix :cve:`2023-22742` +- ppp: Fix :cve:`2022-4603` +- python3-certifi: Fix :cve:`2022-23491` +- sudo: Fix :cve:`2023-22809` +- tar: Fix :cve:`2022-48303` + + +Fixes in Yocto-4.0.8 +~~~~~~~~~~~~~~~~~~~~ + +- core-image.bbclass: Fix missing leading whitespace with ':append' +- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append' +- ptest-packagelists.inc: Fix missing leading whitespace with ':append' +- apr-util: upgrade to 1.6.3 +- apr: upgrade to 1.7.2 +- apt: fix do_package_qa failure +- bind: upgrade to 9.18.11 +- bitbake: bb/utils: include SSL certificate paths in export_proxies +- bitbake: bitbake-diffsigs: Make PEP8 compliant +- bitbake: bitbake-diffsigs: break on first dependent task difference +- bitbake: fetch2/git: Clarify the meaning of namespace +- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata +- bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV +- bitbake: siggen: Fix inefficient string concatenation +- bitbake: utils/ply: Update md5 to better report errors with hashlib +- bootchart2: Fix usrmerge support +- bsp-guide: fix broken git URLs and missing word +- build-appliance-image: Update to kirkstone head revision +- buildtools-tarball: set pkg-config search path +- classes/fs-uuid: Fix command output decoding issue +- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video +- dev-manual: fix old override syntax +- devshell: Do not add scripts/git-intercept to PATH +- devtool: fix devtool finish when gitmodules file is empty +- diffutils: upgrade to 3.9 +- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests +- git: upgrade to 2.35.7 +- glslang: branch rename master -> main +- httpserver: add error handler that write to the logger +- image.bbclass: print all QA functions exceptions +- kernel/linux-kernel-base: Fix kernel build artefact determinism issues +- libc-locale: Fix on target locale generation +- libgit2: upgrade to 1.4.5 +- libjpeg-turbo: upgrade to 2.1.5 +- libtirpc: Check if file exists before operating on it +- libusb1: Link with latomic only if compiler has no atomic builtins +- libusb1: Strip trailing whitespaces +- linux-firmware: upgrade to 20230117 +- linux-yocto/5.15: update to v5.15.91 +- lsof: fix old override syntax +- lttng-modules: Fix for 5.10.163 kernel version +- lttng-tools: upgrade to 2.13.9 +- make-mod-scripts: Ensure kernel build output is deterministic +- manuals: update patchwork instance URL +- meta: remove True option to getVar and getVarFlag calls (again) +- migration-guides: add release-notes for 4.0.7 +- native: Drop special variable handling +- numactl: skip test case when target platform doesn't have 2 CPU node +- oeqa context.py: fix --target-ip comment to include ssh port number +- oeqa dump.py: add error counter and stop after 5 failures +- oeqa qemurunner.py: add timeout to QMP calls +- oeqa qemurunner.py: try to avoid reading one character at a time +- oeqa qemurunner: read more data at a time from serial +- oeqa ssh.py: add connection keep alive options to ssh client +- oeqa ssh.py: move output prints to new line +- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal +- oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail +- oeqa/selftest/locales: Add selftest for locale generation/presence +- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder +- poky.conf: bump version for 4.0.8 +- profile-manual: update WireShark hyperlinks +- python3-pytest: depend on python3-tomli instead of python3-toml +- qemu: fix compile error +- quilt: fix intermittent failure in faildiff.test +- quilt: use upstreamed faildiff.test fix +- recipe_sanity: fix old override syntax +- ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT +- scons.bbclass: Make MAXLINELENGTH overridable +- scons: Pass MAXLINELENGTH to scons invocation +- sdkext/cases/devtool: pass a logger to HTTPService +- spirv-headers: set correct branch name +- sudo: upgrade to 1.9.12p2 +- system-requirements.rst: add Fedora 36 and AlmaLinux 8.7 to list of supported distros +- testimage: Fix error message to reflect new syntax +- update-alternatives: fix typos +- vulkan-samples: branch rename master -> main + + +Known Issues in Yocto-4.0.8 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.8 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alexander Kanavin +- Alexandre Belloni +- Armin Kuster +- Arnout Vandecappelle +- Bruce Ashfield +- Changqing Li +- Chee Yang Lee +- Etienne Cordonnier +- Harald Seiler +- Kai Kang +- Khem Raj +- Lee Chee Yang +- Louis Rannou +- Marek Vasut +- Marius Kriegerowski +- Mark Hatle +- Martin Jansa +- Mauro Queiros +- Michael Opdenacker +- Mikko Rapeli +- Mingli Yu +- Narpat Mali +- Niko Mauno +- Pawel Zalewski +- Peter Kjellerstedt +- Richard Purdie +- Rodolfo Quesada Zumbado +- Ross Burton +- Sakib Sajal +- Schmidt, Adriaan +- Steve Sakoman +- Thomas Roos +- Ulrich Ölmann +- Xiangyu Chen + + +Repositories / Downloads for Yocto-4.0.8 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.8 </poky/log/?h=yocto-4.0.8>` +- Git Revision: :yocto_git:`a361fb3df9c87cf12963a9d785a9f99faa839222 </poky/commit/?id=a361fb3df9c87cf12963a9d785a9f99faa839222>` +- Release Artefact: poky-a361fb3df9c87cf12963a9d785a9f99faa839222 +- sha: af4e8d64be27d3a408357c49b7952ce04c6d8bb0b9d7b50c48848d9355de7fc2 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.8 </openembedded-core/log/?h=yocto-4.0.8>` +- Git Revision: :oe_git:`b20e2134daec33fbb8ce358d984751d887752bd5 </openembedded-core/commit/?id=b20e2134daec33fbb8ce358d984751d887752bd5>` +- Release Artefact: oecore-b20e2134daec33fbb8ce358d984751d887752bd5 +- sha: 63cce6f1caf8428eefc1471351ab024affc8a41d8d7777f525e3aa9ea454d2cd +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.8 </meta-mingw/log/?h=yocto-4.0.8>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.8 </meta-gplv2/log/?h=yocto-4.0.8>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.8 </bitbake/log/?h=yocto-4.0.8>` +- Git Revision: :oe_git:`9bbdedc0ba7ca819b898e2a29a151d6a2014ca11 </bitbake/commit/?id=9bbdedc0ba7ca819b898e2a29a151d6a2014ca11>` +- Release Artefact: bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11 +- sha: 8e724411f4df00737e81b33eb568f1f97d2a00d5364342c0a212c46abb7b005b +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.8 </yocto-docs/log/?h=yocto-4.0.8>` +- Git Revision: :yocto_git:`16ecbe028f2b9cc021267817a5413054e070b563 </yocto-docs/commit/?id=16ecbe028f2b9cc021267817a5413054e070b563>` + diff --git a/poky/documentation/migration-guides/release-notes-4.1.1.rst b/poky/documentation/migration-guides/release-notes-4.1.1.rst new file mode 100644 index 0000000000..4f31fbf1c7 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.1.1.rst @@ -0,0 +1,319 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.1.1 (Langdale) +---------------------------------------- + +Security Fixes in Yocto-4.1.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- curl: Fix :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915` and :cve:`2022-42916` +- libx11: Fix :cve:`2022-3554` +- lighttpd: Fix :cve:`2022-41556` +- openssl: Fix :cve:`2022-3358`, :cve:`2022-3602` and :cve:`2022-3786` +- pixman: Fix :cve:`2022-44638` +- qemu: Fix :cve:`2022-3165` +- sudo: Fix :cve:`2022-43995` +- tiff: Fix :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570` and :cve:`2022-3598` +- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551` +- xserver-xorg: Ignore :cve:`2022-3553` + + +Fixes in Yocto-4.1.1 +~~~~~~~~~~~~~~~~~~~~ + +- Add 4.1 migration guide & release notes +- bitbake: asyncrpc: serv: correct closed client socket detection +- bitbake: bitbake-user-manual: details about variable flags starting with underscore +- bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists +- bitbake: bitbake: user-manual: inform about spaces in :remove +- bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables +- bitbake: fetch2/git: don't set core.fsyncobjectfiles=0 +- bitbake: tests/fetch: Allow handling of a file:// url within a submodule +- bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests +- bitbake: utils/ply: Update md5 to better report errors with hashlib +- bluez5: add dbus to :term:`RDEPENDS` +- build-appliance-image: Update to langdale head revision +- buildconf: compare abspath +- buildtools-tarball: export certificates to python and curl +- cmake-native: Fix host tool contamination +- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED +- create-spdx: Remove ";name=..." for downloadLocation +- cve-update-db-native: add timeout to urlopen() calls +- dev-manual: common-tasks.rst: add reference to "do_clean" task +- dev-manual: common-tasks.rst: add reference to "do_listtasks" task +- docs: add support for langdale (4.1) release +- dropbear: add pam to :term:`PACKAGECONFIG` +- externalsrc.bbclass: fix git repo detection +- externalsrc.bbclass: Remove a trailing slash from ${B} +- externalsrc: move back to classes +- gcc: Allow -Wno-error=poison-system-directories to take effect +- glib-2.0: fix rare GFileInfo test case failure +- gnutls: Unified package names to lower-case +- gnutls: upgrade 3.7.7 -> 3.7.8 +- grub: disable build on armv7ve/a with hardfp +- gstreamer1.0-libav: fix errors with ffmpeg 5.x +- ifupdown: upgrade 0.8.37 -> 0.8.39 +- insane.bbclass: Allow hashlib version that only accepts on parameter +- install-buildtools: support buildtools-make-tarball and update to 4.1 +- kern-tools: fix relative path processing +- kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate +- kernel-yocto: improve fatal error messages of symbol_why.py +- kernel: Clear :term:`SYSROOT_DIRS` instead of replacing sysroot_stage_all +- libcap: upgrade 2.65 -> 2.66 +- libical: upgrade 3.0.14 -> 3.0.15 +- libksba: upgrade 1.6.0 -> 1.6.2 +- libsdl2: upgrade 2.24.0 -> 2.24.1 +- lighttpd: upgrade 1.4.66 -> 1.4.67 +- linux-firmware: package amdgpu firmware +- linux-firmware: split rtl8761 firmware +- linux-yocto/5.15: update to v5.15.72 +- linux-yocto/5.19: update to v5.19.14 +- linux-yocto: add efi entry for machine features +- lttng-modules: upgrade 2.13.4 -> 2.13.5 +- lttng-ust: upgrade 2.13.4 -> 2.13.5 +- manuals: add reference to "do_configure" task +- manuals: add reference to the "do_compile" task +- manuals: add reference to the "do_install" task +- manuals: add reference to the "do_kernel_configcheck" task +- manuals: add reference to the "do_populate_sdk" task +- manuals: add references to "do_package_write_*" tasks +- manuals: add references to "do_populate_sysroot" task +- manuals: add references to the "do_build" task +- manuals: add references to the "do_bundle_initramfs" task +- manuals: add references to the "do_cleanall" task +- manuals: add references to the "do_deploy" task +- manuals: add references to the "do_devshell" task +- manuals: add references to the "do_fetch" task +- manuals: add references to the "do_image" task +- manuals: add references to the "do_kernel_configme" task +- manuals: add references to the "do_package" task +- manuals: add references to the "do_package_qa" task +- manuals: add references to the "do_patch" task +- manuals: add references to the "do_rootfs" task +- manuals: add references to the "do_unpack" task +- manuals: fix misc typos +- manuals: improve initramfs details +- manuals: updates for building on Windows (WSL 2) +- mesa: only apply patch to fix ALWAYS_INLINE for native +- mesa: update 22.2.0 -> 22.2.2 +- meson: make wrapper options sub-command specific +- meson: upgrade 0.63.2 -> 0.63.3 +- migration guides: 3.4: remove spurious space in example +- migration guides: add release notes for 4.0.4 +- migration-general: add section on using buildhistory +- migration-guides/release-notes-4.1.rst: add more known issues +- migration-guides/release-notes-4.1.rst: update Repositories / Downloads +- migration-guides: add known issues for 4.1 +- migration-guides: add reference to the "do_shared_workdir" task +- migration-guides: use contributor real name +- migration-guides: use contributor real name +- mirrors.bbclass: use shallow tarball for binutils-native +- mtools: upgrade 4.0.40 -> 4.0.41 +- numactl: upgrade 2.0.15 -> 2.0.16 +- oe/packagemanager/rpm: don't leak file objects +- openssl: export necessary env vars in SDK +- openssl: Fix SSL_CERT_FILE to match ca-certs location +- openssl: Upgrade 3.0.5 -> 3.0.7 +- opkg-utils: use a git clone, not a dynamic snapshot +- overlayfs: Allow not used mount points +- overview-manual: concepts.rst: add reference to "do_packagedata" task +- overview-manual: concepts.rst: add reference to "do_populate_sdk_ext" task +- overview-manual: concepts.rst: fix formating and add references +- own-mirrors: add crate +- pango: upgrade 1.50.9 -> 1.50.10 +- perf: Depend on native setuptools3 +- poky.conf: bump version for 4.1.1 +- poky.conf: remove Ubuntu 21.10 +- populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner +- psplash: add psplash-default in rdepends +- qemu-native: Add :term:`PACKAGECONFIG` option for jack +- quilt: backport a patch to address grep 3.8 failures +- ref-manual/faq.rst: update references to products built with OE / Yocto Project +- ref-manual/variables.rst: clarify sentence +- ref-manual: add a note to ssh-server-dropbear feature +- ref-manual: add :term:`CVE_CHECK_SHOW_WARNINGS` +- ref-manual: add :term:`CVE_DB_UPDATE_INTERVAL` +- ref-manual: add :term:`DEV_PKG_DEPENDENCY` +- ref-manual: add :term:`DISABLE_STATIC` +- ref-manual: add :term:`FIT_PAD_ALG` +- ref-manual: add :term:`KERNEL_DEPLOY_DEPEND` +- ref-manual: add missing features +- ref-manual: add :term:`MOUNT_BASE` variable +- ref-manual: add overlayfs class variables +- ref-manual: add :term:`OVERLAYFS_ETC_EXPOSE_LOWER` +- ref-manual: add :term:`OVERLAYFS_QA_SKIP` +- ref-manual: add previous overlayfs-etc variables +- ref-manual: add pypi class +- ref-manual: add :term:`SDK_TOOLCHAIN_LANGS` +- ref-manual: add section for create-spdx class +- ref-manual: add serial-autologin-root to :term:`IMAGE_FEATURES` documentation +- ref-manual: add :term:`UBOOT_MKIMAGE_KERNEL_TYPE` +- ref-manual: add :term:`WATCHDOG_TIMEOUT` to variable glossary +- ref-manual: add :term:`WIRELESS_DAEMON` +- ref-manual: classes.rst: add links to all references to a class +- ref-manual: complementary package installation recommends +- ref-manual: correct default for :term:`BUILDHISTORY_COMMIT` +- ref-manual: document new github-releases class +- ref-manual: expand documentation on image-buildinfo class +- ref-manual: faq.rst: reorganize into subsections, contents at top +- ref-manual: remove reference to largefile in :term:`DISTRO_FEATURES` +- ref-manual: remove reference to testimage-auto class +- ref-manual: system-requirements: Ubuntu 22.04 now supported +- ref-manual: tasks.rst: add reference to the "do_image_complete" task +- ref-manual: tasks.rst: add reference to the "do_kernel_checkout" task +- ref-manual: tasks.rst: add reference to the "do_kernel_metadata" task +- ref-manual: tasks.rst: add reference to the "do_validate_branches" task +- ref-manual: tasks.rst: add references to the "do_cleansstate" task +- ref-manual: update buildpaths QA check documentation +- ref-manual: update pypi documentation for :term:`CVE_PRODUCT` default in 4.1 +- ref-manual: variables.rst: add reference to "do_populate_lic" task +- release-notes-4.1.rst remove bitbake-layers subcommand argument +- runqemu: Do not perturb script environment +- runqemu: Fix gl-es argument from causing other arguments to be ignored +- rust-target-config: match riscv target names with what rust expects +- rust: install rustfmt for riscv32 as well +- sanity: check for GNU tar specifically +- scripts/oe-check-sstate: cleanup +- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot +- sdk-manual: correct the bitbake target for a unified sysroot build +- shadow: update 4.12.1 -> 4.12.3 +- systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils +- test-manual: fix typo in machine name +- tiff: fix a typo for :cve:`2022-2953`.patch +- u-boot: Add savedefconfig task +- u-boot: Remove duplicate inherit of cml1 +- uboot-sign: Fix using wrong KEY_REQ_ARGS +- Update documentation for classes split +- vim: upgrade to 9.0.0820 +- vulkan-samples: add lfs=0 to :term:`SRC_URI` to avoid git smudge errors in do_unpack +- wic: honor the :term:`SOURCE_DATE_EPOCH` in case of updated fstab +- wic: swap partitions are not added to fstab +- wpebackend-fdo: upgrade 1.12.1 -> 1.14.0 +- xserver-xorg: move some recommended dependencies in required +- zlib: do out-of-tree builds +- zlib: upgrade 1.2.12 -> 1.2.13 +- zlib: use .gz archive and set a PREMIRROR + + +Known Issues in Yocto-4.1.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + + +Contributors to Yocto-4.1.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Adrian Freihofer +- Alex Kiernan +- Alexander Kanavin +- Bartosz Golaszewski +- Bernhard Rosenkränzer +- Bruce Ashfield +- Chen Qi +- Christian Eggers +- Claus Stovgaard +- Ed Tanous +- Etienne Cordonnier +- Frank de Brabander +- Hitendra Prajapati +- Jan-Simon Moeller +- Jeremy Puhlman +- Johan Korsnes +- Jon Mason +- Jose Quaresma +- Joshua Watt +- Justin Bronder +- Kai Kang +- Keiya Nobuta +- Khem Raj +- Lee Chee Yang +- Liam Beguin +- Luca Boccassi +- Mark Asselstine +- Mark Hatle +- Markus Volk +- Martin Jansa +- Michael Opdenacker +- Ming Liu +- Mingli Yu +- Paul Eggleton +- Peter Kjellerstedt +- Qiu, Zheng +- Quentin Schulz +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Sean Anderson +- Sergei Zhmylev +- Steve Sakoman +- Takayasu Ito +- Teoh Jay Shen +- Thomas Perrot +- Tim Orling +- Vincent Davis Jr +- Vyacheslav Yurkov +- Ciaran Courtney +- Wang Mingyu + + +Repositories / Downloads for Yocto-4.1.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`langdale </poky/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.1 </poky/log/?h=yocto-4.1.1>` +- Git Revision: :yocto_git:`d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff </poky/commit/?id=d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff>` +- Release Artefact: poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff +- sha: e92b694fbb74a26c7a875936dfeef4a13902f24b06127ee52f4d1c1e4b03ec24 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>` +- Tag: :oe_git:`yocto-4.1.1 </openembedded-core/log/?h=yocto-4.1.1>` +- Git Revision: :oe_git:`9237ffc4feee2dd6ff5bdd672072509ef9e82f6d </openembedded-core/commit/?id=9237ffc4feee2dd6ff5bdd672072509ef9e82f6d>` +- Release Artefact: oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d +- sha: d73198aef576f0fca0d746f9d805b1762c19c31786bc3f7d7326dfb2ed6fc1be +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.1 </meta-mingw/log/?h=yocto-4.1.1>` +- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>` +- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c +- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>` +- Tag: :oe_git:`yocto-4.1.1 </bitbake/log/?h=yocto-4.1.1>` +- Git Revision: :oe_git:`138dd7883ee2c521900b29985b6d24a23d96563c </bitbake/commit/?id=138dd7883ee2c521900b29985b6d24a23d96563c>` +- Release Artefact: bitbake-138dd7883ee2c521900b29985b6d24a23d96563c +- sha: 5dc5aff4b4a801253c627cdaab6b1a0ceee2c531f1a6b166d85d1265a35d4be5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.1 </yocto-docs/log/?h=yocto-4.1.1>` +- Git Revision: :yocto_git:`8e0841c3418caa227c66a60327db09dfbe72054a </yocto-docs/commit/?id=8e0841c3418caa227c66a60327db09dfbe72054a>` + + diff --git a/poky/documentation/migration-guides/release-notes-4.1.2.rst b/poky/documentation/migration-guides/release-notes-4.1.2.rst new file mode 100644 index 0000000000..ee5d4ccc51 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.1.2.rst @@ -0,0 +1,286 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.1.2 (Langdale) +---------------------------------------- + +Security Fixes in Yocto-4.1.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- sudo: Fix :cve:`2022-43995` +- binutils: Fix :cve:`2022-4285` +- cairo: update patch for :cve:`2019-6461` with upstream solution +- expat: Fix :cve:`2022-43680` +- ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965` +- grub: Fix :cve:`2022-28736` +- libarchive: Fix :cve:`2022-36227` +- libpam: Fix :cve:`2022-28321` +- libpng: Fix :cve:`2019-6129` +- ruby: Fix :cve:`2022-28738` and :cve:`2022-28739` +- tiff: Fix :cve:`2022-3970` +- vim: Fix :cve:`2022-4141` + + +Fixes in Yocto-4.1.2 +~~~~~~~~~~~~~~~~~~~~ + +- Expand create-spdx class documentation +- Expand cve-check class documentation +- archiver: avoid using machine variable as it breaks multiconfig +- babeltrace: Upgrade to 1.5.11 +- backport SPDX documentation and vulnerability improvements +- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES +- bc: extend to nativesdk +- bind: Upgrade to 9.18.9 +- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK +- bitbake: gitsm: Fix regression in gitsm submodule path parsing +- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse +- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware +- build-appliance-image: Update to langdale head revision +- cargo_common.bbclass: Fix typos +- classes: make TOOLCHAIN more permissive for kernel +- cmake: Upgrade to 3.24.2 +- combo-layer: add sync-revs command +- combo-layer: dont use bb.utils.rename +- combo-layer: remove unused import +- common-tasks.rst: fix oeqa runtime test path +- create-spdx: default share_src for shared sources +- curl: Correct LICENSE from MIT-open-group to curl +- dbus: Add missing CVE product name +- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree +- dhcpcd: fix to work with systemd +- docs: kernel-dev: faq: update tip on how to not include kernel in image +- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe +- expat: upgrade to 2.5.0 +- externalsrc: fix lookup for .gitmodules +- ffmpeg: Upgrade to 5.1.2 +- gcc-shared-source: Fix source date epoch handling +- gcc-source: Drop gengtype manipulation +- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change +- gcc-source: Fix gengtypes race +- gdk-pixbuf: Upgrade to 2.42.10 +- get_module_deps3.py: Check attribute '__file__' +- glibc-tests: correctly pull in the actual tests when installing -ptest package +- gnomebase.bbclass: return the whole version for tarball directory if it is a number +- go-crosssdk: avoid host contamination by GOCACHE +- go: Update reproducibility patch to fix panic errors +- go: submit patch upstream +- go: Upgrade to 1.19.3 +- gptfdisk: remove warning message from target system +- groff: submit patches upstream +- gstreamer1.0: Upgrade to 1.20.5 +- help2man: Upgrade to 1.49.3 +- insane: add codeload.github.com to src-uri-bad checkz +- inetutils: Upgrade to 2.4 +- iso-codes: Upgrade to 4.12.0 +- kbd: Don't build tests +- kea: submit patch upstream +- kern-tools: integrate ZFS speedup patch +- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR +- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild +- kernel.bbclass: remove empty module directories to prevent QA issues +- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories +- libdrm: Remove libdrm-kms package +- libepoxy: convert to git +- libepoxy: remove upstreamed patch +- libepoxy: Upgrade to 1.5.10 +- libffi: submit patch upstream +- libffi: Upgrade to 3.4.4 +- libical: Upgrade to 3.0.16 +- libnewt: Upgrade to 0.52.23 +- libsdl2: Upgrade to 2.24.2 +- libpng: Upgrade to 1.6.39 +- libuv: fixup SRC_URI +- libxcrypt-compat: Upgrade to 4.4.33 +- libxcrypt: Upgrade to 4.4.30 +- libxml2: fix test data checksums +- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 +- linux-firmware: don't put the firmware into the sysroot +- linux-firmware: Upgrade to 20221109 +- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings +- linux-yocto/5.15: update genericx86* machines to v5.15.72 +- linux-yocto/5.15: Upgrade to v5.15.78 +- linux-yocto/5.19: cfg: intel and vesa updates +- linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings +- linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure +- linux-yocto/5.19: security.cfg: remove configs which have been dropped +- linux-yocto/5.19: update genericx86* machines to v5.19.14 +- linux-yocto/5.19: Upgrade to v5.19.17 +- lsof: add update-alternatives logic +- lttng-modules: Upgrade to 2.13.7 +- lttng-tools: submit determinism.patch upstream +- manuals: add 4.0.5 and 4.0.6 release notes +- mesa: do not rely on native llvm-config in target sysroot +- mesa: Upgrade to 22.2.3 +- meta-selftest/staticids: add render group for systemd +- mirrors.bbclass: update CPAN_MIRROR +- mobile-broadband-provider-info: Upgrade to 20221107 +- mpfr: Upgrade to 4.1.1 +- mtd-utils: Upgrade to 2.1.5 +- oeqa/concurrencytest: Add number of failures to summary output +- oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge +- oeqa/selftest/externalsrc: add test for srctree_hash_files +- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include +- openssh: remove RRECOMMENDS to rng-tools for sshd package +- opkg: Set correct info_dir and status_file in opkg.conf +- opkg: Upgrade to 0.6.1 +- ovmf: correct patches status +- package: Fix handling of minidebuginfo with newer binutils +- pango: Make it build with ptest disabled +- pango: replace a recipe fix with an upstream submitted patch +- pango: Upgrade to 1.50.11 +- poky.conf: bump version for 4.1.2 +- psplash: consider the situation of psplash not exist for systemd +- python3-mako: Upgrade to 1.2.3 +- qemu-helper-native: Correctly pass program name as argv[0] +- qemu-helper-native: Re-write bridge helper as C program +- qemu: Ensure libpng dependency is deterministic +- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image +- resolvconf: make it work +- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work +- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature +- ruby: merge .inc into .bb +- ruby: Upgrade to 3.1.3 +- rust: submit a rewritten version of crossbeam_atomic.patch upstream +- sanity: Drop data finalize call +- scripts: convert-overrides: Allow command-line customizations +- selftest: add a copy of previous mtd-utils version to meta-selftest +- socat: Upgrade to 1.7.4.4 +- sstate: Allow optimisation of do_deploy_archives task dependencies +- sstatesig: emit more helpful error message when not finding sstate manifest +- sstatesig: skip the rm_work task signature +- sudo: Upgrade to 1.9.12p1 +- sysstat: Upgrade to 12.6.1 +- systemd: Consider PACKAGECONFIG in RRECOMMENDS +- systemd: Make importd depend on glib-2.0 again +- systemd: add group render to udev package +- systemd: Upgrade to 251.8 +- tcl: correct patch status +- tzdata: Upgrade to 2022g +- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that +- valgrind: skip the boost_thread test on arm +- vim: Upgrade to 9.0.0947 +- wic: make ext2/3/4 images reproducible +- xwayland: libxshmfence is needed when dri3 is enabled +- xwayland: Upgrade to 22.1.5 +- yocto-check-layer: Allow OE-Core to be tested + + +Known Issues in Yocto-4.1.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.1.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alex Stewart +- Alexander Kanavin +- Alexey Smirnov +- Bruce Ashfield +- Carlos Alberto Lopez Perez +- Chen Qi +- Diego Sueiro +- Dmitry Baryshkov +- Enrico Jörns +- Harald Seiler +- Hitendra Prajapati +- Jagadeesh Krishnanjanappa +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Konrad Weihmann +- Leon Anavi +- Marek Vasut +- Martin Jansa +- Mathieu Dubois-Briand +- Michael Opdenacker +- Mikko Rapeli +- Narpat Mali +- Nathan Rossi +- Niko Mauno +- Ola x Nilsson +- Ovidiu Panait +- Pavel Zhukov +- Peter Bergin +- Peter Kjellerstedt +- Peter Marko +- Polampalli, Archana +- Qiu, Zheng +- Quentin Schulz +- Randy MacLeod +- Ranjitsinh Rathod +- Ravula Adhitya Siddartha +- Richard Purdie +- Robert Andersson +- Ross Burton +- Ryan Eatmon +- Sakib Sajal +- Sandeep Gundlupet Raju +- Sergei Zhmylev +- Steve Sakoman +- Tim Orling +- Wang Mingyu +- Xiangyu Chen +- pgowda + +Repositories / Downloads for Yocto-4.1.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`langdale </poky/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.2 </poky/log/?h=yocto-4.1.2>` +- Git Revision: :yocto_git:`74c92e38c701e268406bb656b45ccd68471c217e </poky/commit/?id=74c92e38c701e268406bb656b45ccd68471c217e>` +- Release Artefact: poky-74c92e38c701e268406bb656b45ccd68471c217e +- sha: 06a2b304d0e928b62d81087797ae86115efe925c506bcb40c7d4747e14790bb0 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>` +- Tag: :oe_git:`yocto-4.1.2 </openembedded-core/log/?h=yocto-4.1.2>` +- Git Revision: :oe_git:`670f4f103b25897524d115c1f290ecae441fe4bd </openembedded-core/commit/?id=670f4f103b25897524d115c1f290ecae441fe4bd>` +- Release Artefact: oecore-670f4f103b25897524d115c1f290ecae441fe4bd +- sha: 09d77700e84efc738aef5713c5e86f19fa092f876d44b870789155cc1625ef04 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.2 </meta-mingw/log/?h=yocto-4.1.2>` +- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>` +- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c +- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>` +- Tag: :oe_git:`yocto-4.1.2 </bitbake/log/?h=yocto-4.1.2>` +- Git Revision: :oe_git:`f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4 </bitbake/commit/?id=f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4>` +- Release Artefact: bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4 +- sha: 7faf97eca78afd3994e4e126e5f5908617408c340c6eff8cd7047e0b961e2d10 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.2 </yocto-docs/log/?h=yocto-4.1.2>` +- Git Revision: :yocto_git:`30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b </yocto-docs/commit/?id=30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b>` + diff --git a/poky/documentation/migration-guides/release-notes-4.1.3.rst b/poky/documentation/migration-guides/release-notes-4.1.3.rst new file mode 100644 index 0000000000..16e0a40426 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.1.3.rst @@ -0,0 +1,317 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.1.3 (Langdale) +---------------------------------------- + +Security Fixes in Yocto-4.1.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- apr-util: Fix :cve:`2022-25147` +- apr: Fix :cve:`2022-24963` and :cve:`2022-28331` +- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924` +- curl: Fix :cve:`2022-43551` and :cve:`2022-43552` +- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012` +- git: Fix :cve:`2022-23521`, :cve:`2022-39253`, :cve:`2022-39260` and :cve:`2022-41903` +- git: Ignore :cve:`2022-41953` +- go: Fix :cve:`2022-41717` and :cve:`2022-41720` +- grub2: Fix :cve:`2022-2601` and :cve:`2022-3775` +- less: Fix :cve:`2022-46663` +- libarchive: Fix :cve:`2022-36227` +- libksba: Fix :cve:`2022-47629` +- openssl: Fix :cve:`2022-3996` +- pkgconf: Fix :cve:`2023-24056` +- ppp: Fix :cve:`2022-4603` +- sudo: Fix :cve:`2023-22809` +- tar: Fix :cve:`2022-48303` +- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-0433` and :cve:`2023-0512` +- xserver-xorg: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__ +- xwayland: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__ + + +Fixes in Yocto-4.1.3 +~~~~~~~~~~~~~~~~~~~~ + +- apr-util: Upgrade to 1.6.3 +- apr: Upgrade to 1.7.2 +- apt: fix do_package_qa failure +- at: Change when files are copied +- base.bbclass: Fix way to check ccache path +- bblayers/makesetup: skip git repos that are submodules +- bblayers/setupwriters/oe-setup-layers: create dir if not exists +- bind: Upgrade to 9.18.11 +- bitbake-layers: fix a typo +- bitbake: bb/utils: include SSL certificate paths in export_proxies +- bitbake: fetch2/git: Clarify the meaning of namespace +- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata +- bitbake: process: log odd unlink events with bitbake.sock +- bitbake: server/process: Add bitbake.sock race handling +- bitbake: siggen: Fix inefficient string concatenation +- bootchart2: Fix usrmerge support +- bsp-guide: fix broken git URLs and missing word +- build-appliance-image: Update to langdale head revision +- buildtools-tarball: set pkg-config search path +- busybox: Fix depmod patch +- busybox: always start do_compile with orig config files +- busybox: rm temporary files if do_compile was interrupted +- cairo: fix CVE patches assigned wrong CVE number +- classes/fs-uuid: Fix command output decoding issue +- classes/populate_sdk_base: Append cleandirs +- classes: image: Set empty weak default IMAGE_LINGUAS +- cml1: remove redundant addtask +- core-image.bbclass: Fix missing leading whitespace with ':append' +- createrepo-c: Include missing rpm/rpmstring.h +- curl: don't enable debug builds +- curl: fix dependencies when building with ldap/ldaps +- cve-check: write the cve manifest to IMGDEPLOYDIR +- cve-update-db-native: avoid incomplete updates +- cve-update-db-native: show IP on failure +- dbus: Upgrade to 1.14.6 +- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video +- dev-manual: fix old override syntax +- devshell: Do not add scripts/git-intercept to PATH +- devtool: fix devtool finish when gitmodules file is empty +- devtool: process local files only for the main branch +- dhcpcd: backport two patches to fix runtime error +- dhcpcd: fix dhcpcd start failure on qemuppc64 +- diffutils: Upgrade to 3.9 +- ffmpeg: fix configure failure on noexec /tmp host +- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests +- git: Upgrade to 2.37.6 +- glslang: branch rename master -> main +- go: Upgrade to 1.19.4 +- gstreamer1.0 : Revert "disable flaky gstbin:test_watch_for_state_change test" and Fix race conditions in gstbin tests with upstream solution +- harfbuzz: remove bindir only if it exists +- httpserver: add error handler that write to the logger +- image.bbclass: print all QA functions exceptions +- kernel-fitimage: Adjust order of dtb/dtbo files +- kernel-fitimage: Allow user to select dtb when multiple dtb exists +- kernel-yocto: fix kernel-meta data detection +- kernel/linux-kernel-base: Fix kernel build artefact determinism issues +- lib/buildstats: handle tasks that never finished +- lib/oe/reproducible: Use git log without gpg signature +- libarchive: Upgrade to 3.6.2 +- libc-locale: Fix on target locale generation +- libgit2: Upgrade to 1.5.1 +- libjpeg-turbo: Upgrade to 2.1.5.1 +- libksba: Upgrade to 1.6.3 +- libpng: Enable NEON for aarch64 to enensure consistency with arm32. +- librsvg: Only enable the Vala bindings if GObject Introspection is enabled +- librsvg: enable vapi build +- libseccomp: fix for the ptest result format +- libseccomp: fix typo in DESCRIPTION +- libssh2: Clean up ptest patch/coverage +- libtirpc: Check if file exists before operating on it +- libusb1: Link with latomic only if compiler has no atomic builtins +- libusb1: Strip trailing whitespaces +- linux-firmware: add yamato fw files to qcom-adreno-a2xx package +- linux-firmware: properly set license for all Qualcomm firmware +- linux-firmware: Upgrade to 20230210 +- linux-yocto/5.15: fix perf build with clang +- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off +- linux-yocto/5.15: ltp and squashfs fixes +- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy +- linux-yocto/5.15: Upgrade to v5.15.91 +- linux-yocto/5.19: fix perf build with clang +- linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy +- lsof: fix old override syntax +- lttng-modules: Fix for 5.10.163 kernel version +- lttng-modules: fix for kernel 6.2+ +- lttng-modules: Upgrade to 2.13.8 +- lttng-tools: Upgrade to 2.13.9 +- make-mod-scripts: Ensure kernel build output is deterministic +- manuals: update patchwork instance URL +- mesa-gl: gallium is required when enabling x11 +- meta: remove True option to getVar and getVarFlag calls (again) +- migration-guides: add release-notes for 4.0.7 +- native: Drop special variable handling +- numactl: skip test case when target platform doesn't have 2 CPU node +- oeqa context.py: fix --target-ip comment to include ssh port number +- oeqa dump.py: add error counter and stop after 5 failures +- oeqa qemurunner.py: add timeout to QMP calls +- oeqa qemurunner.py: try to avoid reading one character at a time +- oeqa qemurunner: read more data at a time from serial +- oeqa ssh.py: add connection keep alive options to ssh client +- oeqa ssh.py: fix hangs in run() +- oeqa ssh.py: move output prints to new line +- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal +- oeqa/rpm.py: Increase timeout and add debug output +- oeqa/selftest/debuginfod: improve testcase +- oeqa/selftest/locales: Add selftest for locale generation/presence +- oeqa/selftest/resulttooltests: fix minor typo +- openssl: Upgrade to 3.0.8 +- opkg: ensure opkg uses private gpg.conf when applying keys. +- pango: Upgrade to 1.50.12 +- perf: Enable debug/source packaging +- pkgconf: Upgrade to 1.9.4 +- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder +- poky.conf: bump version for 4.1.3 +- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append' +- profile-manual: update WireShark hyperlinks +- ptest-packagelists.inc: Fix missing leading whitespace with ':append' +- python3-pytest: depend on python3-tomli instead of python3-toml +- quilt: fix intermittent failure in faildiff.test +- quilt: use upstreamed faildiff.test fix +- recipe_sanity: fix old override syntax +- ref-manual: Fix invalid feature name +- ref-manual: update DEV_PKG_DEPENDENCY in variables +- ref-manual: variables.rst: fix broken hyperlink +- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively +- runqemu: kill qemu if it hangs +- rust: Do not use default compiler flags defined in CC crate +- scons.bbclass: Make MAXLINELENGTH overridable +- scons: Pass MAXLINELENGTH to scons invocation +- sdkext/cases/devtool: pass a logger to HTTPService +- selftest/virgl: use pkg-config from the host +- spirv-headers/spirv-tools: set correct branch name +- sstate.bbclass: Fetch non-existing local .sig files if needed +- sstatesig: Improve output hash calculation +- sudo: Upgrade to 1.9.12p2 +- system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros +- testimage: Fix error message to reflect new syntax +- tiff: Add packageconfig knob for webp +- toolchain-scripts: compatibility with unbound variable protection +- uninative: Upgrade to 3.8.1 to include libgcc +- update-alternatives: fix typos +- vim: Upgrade to 9.0.1293 +- vulkan-samples: branch rename master -> main +- wic: Fix usage of fstype=none in wic +- wireless-regdb: Upgrade to 2023.02.13 +- xserver-xorg: Upgrade to 21.1.7 +- xwayland: Upgrade to 22.1.8 + + +Known Issues in Yocto-4.1.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.1.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Adrian Freihofer +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alexander Kanavin +- Alexis Lothoré +- Anton Antonov +- Antonin Godard +- Armin Kuster +- Arnout Vandecappelle +- Benoît Mauduit +- Bruce Ashfield +- Carlos Alberto Lopez Perez +- Changqing Li +- Charlie Johnston +- Chee Yang Lee +- Chen Qi +- Dmitry Baryshkov +- Enguerrand de Ribaucourt +- Etienne Cordonnier +- Fawzi KHABER +- Federico Pellegrin +- Frank de Brabander +- Harald Seiler +- He Zhe +- Jan Kircher +- Jermain Horsman +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Khem Raj +- Lei Maohui +- Louis Rannou +- Luis +- Marek Vasut +- Markus Volk +- Marta Rybczynska +- Martin Jansa +- Mateusz Marciniec +- Mauro Queiros +- Michael Halstead +- Michael Opdenacker +- Mikko Rapeli +- Mingli Yu +- Narpat Mali +- Niko Mauno +- Pavel Zhukov +- Pawel Zalewski +- Peter Kjellerstedt +- Petr Kubizňák +- Quentin Schulz +- Randy MacLeod +- Richard Purdie +- Robert Joslyn +- Rodolfo Quesada Zumbado +- Ross Burton +- Sakib Sajal +- Sandeep Gundlupet Raju +- Saul Wold +- Siddharth Doshi +- Steve Sakoman +- Thomas Roos +- Tobias Hagelborn +- Ulrich Ölmann +- Vivek Kumbhar +- Wang Mingyu +- Xiangyu Chen + + +Repositories / Downloads for Yocto-4.1.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`langdale </poky/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.3 </poky/log/?h=yocto-4.1.3>` +- Git Revision: :yocto_git:`91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f </poky/commit/?id=91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f>` +- Release Artefact: poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f +- sha: 94e4615eba651fe705436b29b854458be050cc39db936295f9d5eb7e85d3eff1 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>` +- Tag: :oe_git:`yocto-4.1.3 </openembedded-core/log/?h=yocto-4.1.3>` +- Git Revision: :oe_git:`b995ea45773211bd7bdd60eabcc9bbffda6beb5c </openembedded-core/commit/?id=b995ea45773211bd7bdd60eabcc9bbffda6beb5c>` +- Release Artefact: oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c +- sha: 952e19361f205ee91b74e5caaa835d58fa6dd0d92ddaed50d4cd3f3fa56fab63 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.3 </meta-mingw/log/?h=yocto-4.1.3>` +- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>` +- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c +- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>` +- Tag: :oe_git:`yocto-4.1.3 </bitbake/log/?h=yocto-4.1.3>` +- Git Revision: :oe_git:`592ee222a1c6da42925fb56801f226884b6724ec </bitbake/commit/?id=592ee222a1c6da42925fb56801f226884b6724ec>` +- Release Artefact: bitbake-592ee222a1c6da42925fb56801f226884b6724ec +- sha: 79c32f2ca66596132e32a45654ce0e9dd42b6b39186eff3540a9d6b499fe952c +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1.3 </yocto-docs/log/?h=yocto-4.1.3>` +- Git Revision: :yocto_git:`3de2ad1f8ff87aeec30088779267880306a0f31a </yocto-docs/commit/?id=3de2ad1f8ff87aeec30088779267880306a0f31a>` + diff --git a/poky/documentation/overview-manual/yp-intro.rst b/poky/documentation/overview-manual/yp-intro.rst index 8b476f43c4..8a571176dc 100644 --- a/poky/documentation/overview-manual/yp-intro.rst +++ b/poky/documentation/overview-manual/yp-intro.rst @@ -361,7 +361,7 @@ Yocto Project: of the :oe_layerindex:`OpenEmbedded Layer Index <>`, which is a website that indexes OpenEmbedded-Core layers. -- *Patchwork:* `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__ +- *Patchwork:* `Patchwork <https://patchwork.yoctoproject.org/>`__ is a fork of a project originally started by `OzLabs <https://ozlabs.org/>`__. The project is a web-based tracking system designed to streamline the process of bringing contributions diff --git a/poky/documentation/profile-manual/usage.rst b/poky/documentation/profile-manual/usage.rst index 49f8af4a74..5493a2b45b 100644 --- a/poky/documentation/profile-manual/usage.rst +++ b/poky/documentation/profile-manual/usage.rst @@ -1738,7 +1738,7 @@ events': The tool is pretty self-explanatory, but for more detailed information on navigating through the data, see the `kernelshark -website <https://rostedt.homelinux.com/kernelshark/>`__. +website <https://kernelshark.org/Documentation.html>`__. ftrace Documentation -------------------- @@ -1767,8 +1767,8 @@ There is a nice series of articles on using ftrace and trace-cmd at LWN: - `trace-cmd: A front-end for Ftrace <https://lwn.net/Articles/410200/>`__ -There's more detailed documentation kernelshark usage here: -`KernelShark <https://rostedt.homelinux.com/kernelshark/>`__ +See also `KernelShark's documentation <https://kernelshark.org/Documentation.html>`__ +for further usage details. An amusing yet useful README (a tracing mini-HOWTO) can be found in ``/sys/kernel/debug/tracing/README``. diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst index 1880e44486..03995e996d 100644 --- a/poky/documentation/ref-manual/classes.rst +++ b/poky/documentation/ref-manual/classes.rst @@ -373,8 +373,26 @@ support. ``create-spdx.bbclass`` ======================= -The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for automatically creating -SPDX SBoM documents based upon image and SDK contents. +The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for +automatically creating :term:`SPDX` :term:`SBOM` documents based upon image +and SDK contents. + +This class is meant to be inherited globally from a configuration file:: + + INHERIT += "create-spdx" + +The toplevel :term:`SPDX` output file is generated in JSON format as a +``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the +:term:`Build Directory`. There are other related files in the same directory, +as well as in ``tmp/deploy/spdx``. + +The exact behaviour of this class, and the amount of output can be controlled +by the :term:`SPDX_PRETTY`, :term:`SPDX_ARCHIVE_PACKAGED`, +:term:`SPDX_ARCHIVE_SOURCES` and :term:`SPDX_INCLUDE_SOURCES` variables. + +See the description of these variables and the +":ref:`dev-manual/common-tasks:creating a software bill of materials`" +section in the Yocto Project Development Manual for more details. .. _ref-classes-cross: @@ -412,13 +430,61 @@ discussion on these cross-compilation tools. ===================== The :ref:`cve-check <ref-classes-cve-check>` class looks for known CVEs (Common Vulnerabilities -and Exposures) while building an image. This class is meant to be +and Exposures) while building with BitBake. This class is meant to be inherited globally from a configuration file:: INHERIT += "cve-check" +To filter out obsolete CVE database entries which are known not to impact software from Poky and OE-Core, +add following line to the build configuration file:: + + include cve-extra-exclusions.inc + You can also look for vulnerabilities in specific packages by passing -``-c cve_check`` to BitBake. You will find details in the +``-c cve_check`` to BitBake. + +After building the software with Bitbake, CVE check output reports are available in ``tmp/deploy/cve`` +and image specific summaries in ``tmp/deploy/images/*.cve`` or ``tmp/deploy/images/*.json`` files. + +When building, the CVE checker will emit build time warnings for any detected +issues which are in the state ``Unpatched``, meaning that CVE issue seems to affect the software component +and version being compiled and no patches to address the issue are applied. Other states +for detected CVE issues are: ``Patched`` meaning that a patch to address the issue is already +applied, and ``Ignored`` meaning that the issue can be ignored. + +The ``Patched`` state of a CVE issue is detected from patch files with the format +``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using +CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file. + +If the recipe lists the ``CVE-ID`` in :term:`CVE_CHECK_IGNORE` variable, then the CVE state is reported +as ``Ignored``. Multiple CVEs can be listed separated by spaces. Example:: + + CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511" + +If CVE check reports that a recipe contains false positives or false negatives, these may be +fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables. +:term:`CVE_PRODUCT` defaults to the plain recipe name :term:`BPN` which can be adjusted to one or more CVE +database vendor and product pairs using the syntax:: + + CVE_PRODUCT = "flex_project:flex" + +where ``flex_project`` is the CVE database vendor name and ``flex`` is the product name. Similarly +if the default recipe version :term:`PV` does not match the version numbers of the software component +in upstream releases or the CVE database, then the :term:`CVE_VERSION` variable can be used to set the +CVE database compatible version number, for example:: + + CVE_VERSION = "2.39" + +Any bugs or missing or incomplete information in the CVE database entries should be fixed in the CVE database +via the `NVD feedback form <https://nvd.nist.gov/info/contact-form>`__. + +Users should note that security is a process, not a product, and thus also CVE checking, analyzing results, +patching and updating the software should be done as a regular process. The data and assumptions +required for CVE checker to reliably detect issues are frequently broken in various ways. +These can only be detected by reviewing the details of the issues and iterating over the generated reports, +and following what happens in other Linux distributions and in the greater open source community. + +You will find some more details in the ":ref:`dev-manual/common-tasks:checking for vulnerabilities`" section in the Development Tasks Manual. diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst index a5b01e8df7..9345543ebb 100644 --- a/poky/documentation/ref-manual/features.rst +++ b/poky/documentation/ref-manual/features.rst @@ -296,11 +296,11 @@ Here are the image features available for all images: forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist. .. note:: - ``empty-root-passwd`` doesn't set an empty root password by itself. + ``empty-root-password`` doesn't set an empty root password by itself. You get an initial empty root password thanks to the :oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>` and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>` - recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks`` + recipes, and the presence of ``empty-root-password`` or ``debug-tweaks`` just disables the mechanism which forces an non-empty password for the root user. diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index 2a6d444040..7756284864 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -47,14 +47,22 @@ distributions: - Fedora 35 +- Fedora 36 + - AlmaLinux 8.5 +- AlmaLinux 8.7 + +- AlmaLinux 9.1 + - Debian GNU/Linux 10.x (Buster) - Debian GNU/Linux 11.x (Bullseye) - OpenSUSE Leap 15.3 +- OpenSUSE Leap 15.4 + .. note:: - While the Yocto Project Team attempts to ensure all Yocto Project diff --git a/poky/documentation/ref-manual/terms.rst b/poky/documentation/ref-manual/terms.rst index 1e3f718a8f..7e5295a646 100644 --- a/poky/documentation/ref-manual/terms.rst +++ b/poky/documentation/ref-manual/terms.rst @@ -323,6 +323,23 @@ universal, the list includes them just in case: :term:`build host<Build Host>` and other components, that can work on specific hardware. + :term:`SBOM` + This term means *Software Bill of Materials*. When you distribute + software, it offers a description of all the components you used, + their corresponding licenses, their dependencies, the changes that were + applied and the known vulnerabilities that were fixed. + + This can be used by the recipients of the software to assess + their exposure to license compliance and security vulnerability issues. + + See the :wikipedia:`Software Supply Chain <Software_supply_chain>` + article on Wikipedia for more details. + + The OpenEmbedded Build System can generate such documentation for your + project, in :term:`SPDX` format, based on all the metadata it used to + build the software images. See the ":ref:`dev-manual/common-tasks:creating + a software bill of materials`" section of the Development Tasks manual. + :term:`Source Directory` This term refers to the directory structure created as a result of creating a local copy of the ``poky`` Git @@ -383,6 +400,17 @@ universal, the list includes them just in case: ":ref:`overview-manual/development-environment:repositories, tags, and branches`" section in the Yocto Project Overview and Concepts Manual. + :term:`SPDX` + This term means *Software Package Data Exchange*, and is used as a open + standard for providing a *Software Bill of Materials* (:term:`SBOM`). + This standard is developed through a `Linux Foundation project + <https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to + provide an :term:`SBOM` associated to each a software image. + + For details, see Wikipedia's :wikipedia:`SPDX page <Software_Package_Data_Exchange>` + and the ":ref:`dev-manual/common-tasks:creating a software bill of materials`" + section of the Development Tasks manual. + :term:`Sysroot` When cross-compiling, the target file system may be differently laid out and contain different things compared to the host system. The concept diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst index 71e8c272a7..2f12677a34 100644 --- a/poky/documentation/ref-manual/variables.rst +++ b/poky/documentation/ref-manual/variables.rst @@ -1508,6 +1508,18 @@ system and gives an overview of their function and contents. CVE_PRODUCT = "vendor:package" + :term:`CVE_VERSION` + In a recipe, defines the version used to match the recipe version + against the version in the `NIST CVE database <https://nvd.nist.gov/>`__ + when usign :ref:`cve-check <ref-classes-cve-check>`. + + The default is ${:term:`PV`} but if recipes use custom version numbers + which do not map to upstream software component release versions and the versions + used in the CVE database, then this variable can be used to set the + version number for :ref:`cve-check <ref-classes-cve-check>`. Example:: + + CVE_VERSION = "2.39" + :term:`CVSDIR` The directory in which files checked out under the CVS system are stored. @@ -1832,9 +1844,9 @@ system and gives an overview of their function and contents. variable. :term:`DEV_PKG_DEPENDENCY` - Provides an easy way for recipes to disable or adjust the runtime - dependency (:term:`RDEPENDS`) of the ``${PN}-dev`` package on the main - (``${PN}``) package, particularly where the main package may be empty. + Provides an easy way for recipes to disable or adjust the runtime recommendation + (:term:`RRECOMMENDS`) of the ``${PN}-dev`` package on the main + (``${PN}``) package. :term:`DISABLE_STATIC` Used in order to disable static linking by default (in order to save @@ -7278,6 +7290,88 @@ system and gives an overview of their function and contents. You can specify only a single URL in :term:`SOURCE_MIRROR_URL`. + :term:`SPDX_ARCHIVE_PACKAGED` + This option allows to add to :term:`SPDX` output compressed archives + of the files in the generated target packages. + + Such archives are available in + ``tmp/deploy/spdx/MACHINE/packages/packagename.tar.zst`` + under the :term:`Build Directory`. + + Enable this option as follows:: + + SPDX_ARCHIVE_PACKAGED = "1" + + According to our tests on release 4.1 "langdale", building + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling this + option multiplied the size of the ``tmp/deploy/spdx`` directory by a + factor of 13 (+1.6 GiB for this image), compared to just using the + :ref:`create-spdx <ref-classes-create-spdx>` class with no option. + + Note that this option doesn't increase the size of :term:`SPDX` + files in ``tmp/deploy/images/MACHINE``. + + :term:`SPDX_ARCHIVE_SOURCES` + This option allows to add to :term:`SPDX` output compressed archives + of the sources for packages installed on the target. It currently + only works when :term:`SPDX_INCLUDE_SOURCES` is set. + + This is one way of fulfilling "source code access" license + requirements. + + Such source archives are available in + ``tmp/deploy/spdx/MACHINE/recipes/recipe-packagename.tar.zst`` + under the :term:`Build Directory`. + + Enable this option as follows:: + + SPDX_INCLUDE_SOURCES = "1" + SPDX_ARCHIVE_SOURCES = "1" + + According to our tests on release 4.1 "langdale", building + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling + these options multiplied the size of the ``tmp/deploy/spdx`` + directory by a factor of 11 (+1.4 GiB for this image), + compared to just using the :ref:`create-spdx <ref-classes-create-spdx>` + class with no option. + + Note that using this option only marginally increases the size + of the :term:`SPDX` output in ``tmp/deploy/images/MACHINE/`` + (+ 0.07\% with the tested image), compared to just enabling + :term:`SPDX_INCLUDE_SOURCES`. + + :term:`SPDX_INCLUDE_SOURCES` + This option allows to add a description of the source files used to build + the host tools and the target packages, to the ``spdx.json`` files in + ``tmp/deploy/spdx/MACHINE/recipes/`` under the :term:`Build Directory`. + As a consequence, the ``spdx.json`` files under the ``by-namespace`` and + ``packages`` subdirectories in ``tmp/deploy/spdx/MACHINE`` are also + modified to include references to such source file descriptions. + + Enable this option as follows:: + + SPDX_INCLUDE_SOURCES = "1" + + According to our tests on release 4.1 "langdale", building + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling + this option multiplied the total size of the ``tmp/deploy/spdx`` + directory by a factor of 3 (+291 MiB for this image), + and the size of the ``IMAGE-MACHINE.spdx.tar.zst`` in + ``tmp/deploy/images/MACHINE`` by a factor of 130 (+15 MiB for this + image), compared to just using the + :ref:`create-spdx <ref-classes-create-spdx>` class with no option. + + :term:`SPDX_PRETTY` + This option makes the SPDX output more human-readable, using + identation and newlines, instead of the default output in a + single line:: + + SPDX_PRETTY = "1" + + The generated SPDX files are approximately 20% bigger, but + this option is recommended if you want to inspect the SPDX + output files with a text editor. + :term:`SPDXLICENSEMAP` Maps commonly used license names to their SPDX counterparts found in ``meta/files/common-licenses/``. For the default :term:`SPDXLICENSEMAP` @@ -7451,7 +7545,7 @@ system and gives an overview of their function and contents. ``SSTATE_EXCLUDEDEPS_SYSROOT`` is evaluated as two regular expressions of recipe and dependency to ignore. An example - is the rule in :oe_git:`meta/conf/layer.conf </meta/conf/layer.conf>`:: + is the rule in :oe_git:`meta/conf/layer.conf </openembedded-core/tree/meta/conf/layer.conf>`:: # Nothing needs to depend on libc-initial # base-passwd/shadow-sysroot don't need their dependencies diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 3e90766349..3b0edd8442 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" #DISTRO_VERSION = "4.1+snapshot-${METADATA_REVISION}" -DISTRO_VERSION = "4.1" +DISTRO_VERSION = "4.1.4" DISTRO_CODENAME = "langdale" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" @@ -41,10 +41,13 @@ SANITY_TESTED_DISTROS ?= " \ ubuntu-22.04 \n \ fedora-34 \n \ fedora-35 \n \ + fedora-36 \n \ debian-10 \n \ debian-11 \n \ opensuseleap-15.3 \n \ + opensuseleap-15.4 \n \ almalinux-8.5 \n \ + almalinux-8.7 \n \ " # add poky sanity bbclass INHERIT += "poky-sanity" diff --git a/poky/meta-selftest/files/static-group b/poky/meta-selftest/files/static-group index b2e0e2f870..cbec6f1377 100644 --- a/poky/meta-selftest/files/static-group +++ b/poky/meta-selftest/files/static-group @@ -23,3 +23,5 @@ _apt:x:523: weston-launch:x:524: weston:x:525: wayland:x:526: +render:x:527: +sgx:x:528: diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch index 73d4a8475f..73d4a8475f 100644 --- a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch +++ b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch diff --git a/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb new file mode 100644 index 0000000000..ca2141c972 --- /dev/null +++ b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb @@ -0,0 +1,77 @@ +SUMMARY = "Tools for managing memory technology devices" +HOMEPAGE = "http://www.linux-mtd.infradead.org/" +DESCRIPTION = "mtd-utils tool is a generic Linux subsystem for memory devices, especially Flash devices." +SECTION = "base" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ + file://include/common.h;beginline=1;endline=17;md5=ba05b07912a44ea2bf81ce409380049c" + +inherit autotools pkgconfig update-alternatives + +DEPENDS = "zlib e2fsprogs util-linux" +RDEPENDS:mtd-utils-tests += "bash" + +PV = "2.1.4" + +SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c" +SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \ + file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \ + " + +S = "${WORKDIR}/git" + +# xattr support creates an additional compile-time dependency on acl because +# the sys/acl.h header is needed. libacl is not needed and thus enabling xattr +# regardless whether acl is enabled or disabled in the distro should be okay. +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)} lzo jffs ubifs" +PACKAGECONFIG[lzo] = "--with-lzo,--without-lzo,lzo" +PACKAGECONFIG[xattr] = "--with-xattr,--without-xattr,acl" +PACKAGECONFIG[crypto] = "--with-crypto,--without-crypto,openssl" +PACKAGECONFIG[jffs] = "--with-jffs,--without-jffs" +PACKAGECONFIG[ubifs] = "--with-ubifs,--without-ubifs" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +CPPFLAGS:append:riscv64 = " -pthread -D_REENTRANT" + +EXTRA_OEMAKE = "'CC=${CC}' 'RANLIB=${RANLIB}' 'AR=${AR}' 'CFLAGS=${CFLAGS} ${@bb.utils.contains('PACKAGECONFIG', 'xattr', '', '-DWITHOUT_XATTR', d)} -I${S}/include' 'BUILDDIR=${S}'" + +# Use higher priority than corresponding BusyBox-provided applets +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE:${PN} = "flashcp flash_eraseall flash_lock flash_unlock nanddump nandwrite" +ALTERNATIVE:${PN}-ubifs = "ubiattach ubidetach ubimkvol ubirename ubirmvol ubirsvol ubiupdatevol" + +ALTERNATIVE_LINK_NAME[nandwrite] = "${sbindir}/nandwrite" +ALTERNATIVE_LINK_NAME[nanddump] = "${sbindir}/nanddump" +ALTERNATIVE_LINK_NAME[ubiattach] = "${sbindir}/ubiattach" +ALTERNATIVE_LINK_NAME[ubidetach] = "${sbindir}/ubidetach" +ALTERNATIVE_LINK_NAME[ubimkvol] = "${sbindir}/ubimkvol" +ALTERNATIVE_LINK_NAME[ubirename] = "${sbindir}/ubirename" +ALTERNATIVE_LINK_NAME[ubirmvol] = "${sbindir}/ubirmvol" +ALTERNATIVE_LINK_NAME[ubirsvol] = "${sbindir}/ubirsvol" +ALTERNATIVE_LINK_NAME[ubiupdatevol] = "${sbindir}/ubiupdatevol" +ALTERNATIVE_LINK_NAME[flash_eraseall] = "${sbindir}/flash_eraseall" +ALTERNATIVE_LINK_NAME[flash_lock] = "${sbindir}/flash_lock" +ALTERNATIVE_LINK_NAME[flash_unlock] = "${sbindir}/flash_unlock" +ALTERNATIVE_LINK_NAME[flashcp] = "${sbindir}/flashcp" + +do_install () { + oe_runmake install DESTDIR=${D} SBINDIR=${sbindir} MANDIR=${mandir} INCLUDEDIR=${includedir} +} + +PACKAGES =+ "mtd-utils-misc mtd-utils-tests" +PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "jffs", "mtd-utils-jffs2", "", d)}" +PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "ubifs", "mtd-utils-ubifs", "", d)}" + +FILES:mtd-utils-jffs2 = "${sbindir}/mkfs.jffs2 ${sbindir}/jffs2dump ${sbindir}/jffs2reader ${sbindir}/sumtool" +FILES:mtd-utils-ubifs = "${sbindir}/mkfs.ubifs ${sbindir}/ubi*" +FILES:mtd-utils-misc = "${sbindir}/nftl* ${sbindir}/ftl* ${sbindir}/rfd* ${sbindir}/doc* ${sbindir}/serve_image ${sbindir}/recv_image" +FILES:mtd-utils-tests = "${libexecdir}/mtd-utils/*" + +BBCLASSEXTEND = "native nativesdk" + +# git/.compr.c.dep:46: warning: NUL character seen; rest of line ignored +# git/.compr.c.dep:47: *** missing separator. Stop. +PARALLEL_MAKE = "" + +EXCLUDE_FROM_WORLD = "1" diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3 b/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3 new file mode 100644 index 0000000000..0f30e9eec4 --- /dev/null +++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3 @@ -0,0 +1 @@ +The third file. diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb b/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb index 463cfe0a7a..d0fd697978 100644 --- a/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb +++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb @@ -7,9 +7,12 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/syslinux-${PV}.tar.x file://file1 \ file://file2" +SRC_URI:append:class-native = " file://file3" + SRC_URI[md5sum] = "92a253df9211e9c20172796ecf388f13" SRC_URI[sha256sum] = "26d3986d2bea109d5dc0e4f8c4822a459276cf021125e8c9f23c3cca5d8c850e" S = "${WORKDIR}/syslinux-${PV}" EXCLUDE_FROM_WORLD = "1" +BBCLASSEXTEND = "native" diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb index 3f7123cda0..e767619879 100644 --- a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb +++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb @@ -4,4 +4,7 @@ INHIBIT_DEFAULT_DEPS = "1" SRC_URI = "file://file1 \ file://file2" +SRC_URI:append:class-native = " file://file3" + EXCLUDE_FROM_WORLD = "1" +BBCLASSEXTEND = "native" diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 new file mode 100644 index 0000000000..0f30e9eec4 --- /dev/null +++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 @@ -0,0 +1 @@ +The third file. diff --git a/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb b/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb new file mode 100644 index 0000000000..5d19a4dd25 --- /dev/null +++ b/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb @@ -0,0 +1,10 @@ +SUMMARY = "Test case that tries to rename a package to an existing one and fails" +DESCRIPTION = "This generates a packaging error when a package is renamed to a pre-existing name" +LICENSE = "MIT" + +# Add a new package ${PN}-renametest +PACKAGES += "${PN}-renametest" +# ... and try to rename the ${PN}-dev to the new ${PN}-renametest (conflict) +PKG:${PN}-dev = "${PN}-renametest" + +EXCLUDE_FROM_WORLD = "1" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend index a5c0ecdbd9..3ad175dc84 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" -SRCREV_machine:genericx86-64 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" +SRCREV_machine:genericx86 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" +SRCREV_machine:genericx86-64 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" SRCREV_machine:edgerouter ?= "90f1ee6589264545f548d731c2480b08a007230f" SRCREV_machine:beaglebone-yocto ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.15.54" -LINUX_VERSION:genericx86-64 = "5.15.54" +LINUX_VERSION:genericx86 = "5.15.72" +LINUX_VERSION:genericx86-64 = "5.15.72" LINUX_VERSION:edgerouter = "5.15.54" LINUX_VERSION:beaglebone-yocto = "5.15.54" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend index ff5070ba4a..950bf0ad9b 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12" -SRCREV_machine:genericx86-64 ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12" +SRCREV_machine:genericx86 ?= "23ee2ef634b3fb51be429623fa1927b1d5c3e95c" +SRCREV_machine:genericx86-64 ?= "23ee2ef634b3fb51be429623fa1927b1d5c3e95c" SRCREV_machine:edgerouter ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12" SRCREV_machine:beaglebone-yocto ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.19" -LINUX_VERSION:genericx86-64 = "5.19" +LINUX_VERSION:genericx86 = "5.19.14" +LINUX_VERSION:genericx86-64 = "5.19.14" LINUX_VERSION:edgerouter = "5.19" LINUX_VERSION:beaglebone-yocto = "5.19" diff --git a/poky/meta/classes-global/base.bbclass b/poky/meta/classes-global/base.bbclass index 8203f54519..2d0e35517e 100644 --- a/poky/meta/classes-global/base.bbclass +++ b/poky/meta/classes-global/base.bbclass @@ -139,7 +139,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): # /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc) # would return /usr/local/bin/ccache/gcc, but what we need is # /usr/bin/gcc, this code can check and fix that. - if "ccache" in srctool: + if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache': srctool = bb.utils.which(path, tool, executable=True, direction=1) if srctool: os.symlink(srctool, desttool) diff --git a/poky/meta/classes-global/devshell.bbclass b/poky/meta/classes-global/devshell.bbclass index 03af56b7a2..4c23049cf0 100644 --- a/poky/meta/classes-global/devshell.bbclass +++ b/poky/meta/classes-global/devshell.bbclass @@ -8,8 +8,6 @@ inherit terminal DEVSHELL = "${SHELL}" -PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:" - python do_devshell () { if d.getVarFlag("do_devshell", "manualfakeroot"): d.prependVar("DEVSHELL", "pseudo ") diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass index dc46857a19..df2c40c3c5 100644 --- a/poky/meta/classes-global/insane.bbclass +++ b/poky/meta/classes-global/insane.bbclass @@ -1346,7 +1346,7 @@ def unpack_check_src_uri(pn, d): for url in d.getVar("SRC_URI").split(): # Search for github and gitlab URLs that pull unstable archives (comment for future greppers) - if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url): + if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url) or "//codeload.github.com/" in url: oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d) python do_qa_unpack() { diff --git a/poky/meta/classes-global/mirrors.bbclass b/poky/meta/classes-global/mirrors.bbclass index 9643b31a23..d641c390bb 100644 --- a/poky/meta/classes-global/mirrors.bbclass +++ b/poky/meta/classes-global/mirrors.bbclass @@ -67,8 +67,7 @@ osc://.*/.* http://sources.openembedded.org/ \ https?://.*/.* http://sources.openembedded.org/ \ ftp://.*/.* http://sources.openembedded.org/ \ npm://.*/?.* http://sources.openembedded.org/ \ -${CPAN_MIRROR} http://cpan.metacpan.org/ \ -${CPAN_MIRROR} http://search.cpan.org/CPAN/ \ +${CPAN_MIRROR} https://cpan.metacpan.org/ \ https?://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \ https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \ " @@ -90,6 +89,7 @@ BB_GIT_SHALLOW:pn-binutils-cross-${TARGET_ARCH} = "1" BB_GIT_SHALLOW:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "1" BB_GIT_SHALLOW:pn-binutils-cross-testsuite = "1" BB_GIT_SHALLOW:pn-binutils-crosssdk-${SDK_SYS} = "1" +BB_GIT_SHALLOW:pn-binutils-native = "1" BB_GIT_SHALLOW:pn-glibc = "1" PREMIRRORS += "git://sourceware.org/git/glibc.git https://downloads.yoctoproject.org/mirror/sources/ \ git://sourceware.org/git/binutils-gdb.git https://downloads.yoctoproject.org/mirror/sources/" diff --git a/poky/meta/classes-global/package.bbclass b/poky/meta/classes-global/package.bbclass index 2d985d8aff..a47da14ea5 100644 --- a/poky/meta/classes-global/package.bbclass +++ b/poky/meta/classes-global/package.bbclass @@ -490,16 +490,31 @@ def inject_minidebuginfo(file, dvar, dv, d): bb.debug(1, 'ELF file {} has no debuginfo, skipping minidebuginfo injection'.format(file)) return + # minidebuginfo does not make sense to apply to ELF objects other than + # executables and shared libraries, skip applying the minidebuginfo + # generation for objects like kernel modules. + for line in subprocess.check_output([readelf, '-h', debugfile], universal_newlines=True).splitlines(): + if not line.strip().startswith("Type:"): + continue + elftype = line.split(":")[1].strip() + if not any(elftype.startswith(i) for i in ["EXEC", "DYN"]): + bb.debug(1, 'ELF file {} is not executable/shared, skipping minidebuginfo injection'.format(file)) + return + break + # Find non-allocated PROGBITS, NOTE, and NOBITS sections in the debuginfo. # We will exclude all of these from minidebuginfo to save space. remove_section_names = [] for line in subprocess.check_output([readelf, '-W', '-S', debugfile], universal_newlines=True).splitlines(): - fields = line.split() - if len(fields) < 8: + # strip the leading " [ 1]" section index to allow splitting on space + if ']' not in line: + continue + fields = line[line.index(']') + 1:].split() + if len(fields) < 7: continue name = fields[0] type = fields[1] - flags = fields[7] + flags = fields[6] # .debug_ sections will be removed by objcopy -S so no need to explicitly remove them if name.startswith('.debug_'): continue @@ -2434,6 +2449,15 @@ python do_package () { bb.build.exec_func("package_convert_pr_autoinc", d) + # Check for conflict between renamed packages and existing ones + # for each package in PACKAGES, check if it will be renamed to an existing one + for p in packages: + localdata = bb.data.createCopy(d) + localdata.setVar('OVERRIDES', p) + rename = localdata.getVar('PKG') + if (rename != None) and rename in packages: + bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists'%(p,rename,p)) + ########################################################################### # Optimisations ########################################################################### diff --git a/poky/meta/classes-global/sanity.bbclass b/poky/meta/classes-global/sanity.bbclass index 15067e78d3..8cf42036f6 100644 --- a/poky/meta/classes-global/sanity.bbclass +++ b/poky/meta/classes-global/sanity.bbclass @@ -504,6 +504,14 @@ def check_tar_version(sanity_data): version = result.split()[3] if bb.utils.vercmp_string_op(version, "1.28", "<"): return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" + + try: + result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8') + if "--xattrs" not in result: + return "Your tar doesn't support --xattrs, please use GNU tar.\n" + except subprocess.CalledProcessError as e: + return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output) + return None # We use git parameters and functionality only found in 1.7.8 or later @@ -997,13 +1005,6 @@ def check_sanity(sanity_data): if status.messages != "": raise_sanity_error(sanity_data.expand(status.messages), sanity_data, status.network_error) -# Create a copy of the datastore and finalise it to ensure appends and -# overrides are set - the datastore has yet to be finalised at ConfigParsed -def copy_data(e): - sanity_data = bb.data.createCopy(e.data) - sanity_data.finalize() - return sanity_data - addhandler config_reparse_eventhandler config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed" python config_reparse_eventhandler() { @@ -1014,13 +1015,13 @@ addhandler check_sanity_eventhandler check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck bb.event.NetworkTest" python check_sanity_eventhandler() { if bb.event.getName(e) == "SanityCheck": - sanity_data = copy_data(e) + sanity_data = bb.data.createCopy(e.data) check_sanity(sanity_data) if e.generateevents: sanity_data.setVar("SANITY_USE_EVENTS", "1") bb.event.fire(bb.event.SanityCheckPassed(), e.data) elif bb.event.getName(e) == "NetworkTest": - sanity_data = copy_data(e) + sanity_data = bb.data.createCopy(e.data) if e.generateevents: sanity_data.setVar("SANITY_USE_EVENTS", "1") bb.event.fire(bb.event.NetworkTestFailed() if check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data) diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass index 2c8e7b8cc2..2dd880bbab 100644 --- a/poky/meta/classes-global/sstate.bbclass +++ b/poky/meta/classes-global/sstate.bbclass @@ -365,8 +365,9 @@ def sstate_installpkg(ss, d): d.setVar("SSTATE_CURRTASK", ss['task']) sstatefetch = d.getVar('SSTATE_PKGNAME') sstatepkg = d.getVar('SSTATE_PKG') + verify_sig = bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False) - if not os.path.exists(sstatepkg): + if not os.path.exists(sstatepkg) or (verify_sig and not os.path.exists(sstatepkg + '.sig')): pstaging_fetch(sstatefetch, d) if not os.path.isfile(sstatepkg): @@ -377,7 +378,7 @@ def sstate_installpkg(ss, d): d.setVar('SSTATE_INSTDIR', sstateinst) - if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False): + if verify_sig: if not os.path.isfile(sstatepkg + '.sig'): bb.warn("No signature file for sstate package %s, skipping acceleration..." % sstatepkg) return False @@ -1097,7 +1098,7 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): logit("Considering setscene task: %s" % (str(taskdependees[task])), log) - directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx"] + directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_deploy_archives"] def isNativeCross(x): return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross") diff --git a/poky/meta/classes-global/staging.bbclass b/poky/meta/classes-global/staging.bbclass index 5a1f43de78..a058d344fd 100644 --- a/poky/meta/classes-global/staging.bbclass +++ b/poky/meta/classes-global/staging.bbclass @@ -275,6 +275,10 @@ python extend_recipe_sysroot() { pn = d.getVar("PN") stagingdir = d.getVar("STAGING_DIR") sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests" + # only needed by multilib cross-canadian since it redefines RECIPE_SYSROOT + manifestprefix = d.getVar("RECIPE_SYSROOT_MANIFEST_SUBDIR") + if manifestprefix: + sharedmanifests = sharedmanifests + "/" + manifestprefix recipesysroot = d.getVar("RECIPE_SYSROOT") recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE") diff --git a/poky/meta/classes-recipe/baremetal-image.bbclass b/poky/meta/classes-recipe/baremetal-image.bbclass index d3377a92fa..513155e9ae 100644 --- a/poky/meta/classes-recipe/baremetal-image.bbclass +++ b/poky/meta/classes-recipe/baremetal-image.bbclass @@ -15,15 +15,6 @@ # # See meta-skeleton for a working example. -## Emulate image.bbclass -# Handle inherits of any of the image classes we need -IMAGE_CLASSES ??= "" -IMGCLASSES = " ${IMAGE_CLASSES}" -inherit ${IMGCLASSES} -# Set defaults to satisfy IMAGE_FEATURES check -IMAGE_FEATURES ?= "" -IMAGE_FEATURES[type] = "list" -IMAGE_FEATURES[validitems] += "" # Toolchain should be baremetal or newlib based. # TCLIBC="baremetal" or TCLIBC="newlib" @@ -110,6 +101,17 @@ QB_OPT_APPEND:append:qemuriscv32 = " -bios none" CFLAGS:append:qemuriscv64 = " -mcmodel=medany" +## Emulate image.bbclass +# Handle inherits of any of the image classes we need +IMAGE_CLASSES ??= "" +IMGCLASSES = " ${IMAGE_CLASSES}" +inherit ${IMGCLASSES} +# Set defaults to satisfy IMAGE_FEATURES check +IMAGE_FEATURES ?= "" +IMAGE_FEATURES[type] = "list" +IMAGE_FEATURES[validitems] += "" + + # This next part is necessary to trick the build system into thinking # its building an image recipe so it generates the qemuboot.conf addtask do_rootfs before do_image after do_install diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass index d1e83518b5..b27eb2f209 100644 --- a/poky/meta/classes-recipe/cargo.bbclass +++ b/poky/meta/classes-recipe/cargo.bbclass @@ -39,7 +39,7 @@ MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml" RUSTFLAGS ??= "" BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}" -CARGO_BUILD_FLAGS = "-v --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}" +CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}" # This is based on the content of CARGO_BUILD_FLAGS and generally will need to # change if CARGO_BUILD_FLAGS changes. diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass index dea0fbe2f6..f503a001dd 100644 --- a/poky/meta/classes-recipe/cargo_common.bbclass +++ b/poky/meta/classes-recipe/cargo_common.bbclass @@ -56,7 +56,7 @@ cargo_common_do_configure () { [source.crates-io] replace-with = "bitbake" - local-registry = "/nonexistant" + local-registry = "/nonexistent" EOF fi @@ -103,7 +103,7 @@ cargo_common_do_configure () { cat <<- EOF >> ${CARGO_HOME}/config [build] - # Use out of tree build destination to avoid poluting the source tree + # Use out of tree build destination to avoid polluting the source tree target-dir = "${B}/target" EOF fi diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass index b79091383d..a09a042c3f 100644 --- a/poky/meta/classes-recipe/cml1.bbclass +++ b/poky/meta/classes-recipe/cml1.bbclass @@ -21,7 +21,6 @@ cml1_do_configure() { } EXPORT_FUNCTIONS do_configure -addtask configure after do_unpack do_patch before do_compile inherit terminal diff --git a/poky/meta/classes-recipe/core-image.bbclass b/poky/meta/classes-recipe/core-image.bbclass index 90d9eb9d3f..40fc15cb04 100644 --- a/poky/meta/classes-recipe/core-image.bbclass +++ b/poky/meta/classes-recipe/core-image.bbclass @@ -65,7 +65,7 @@ IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" # Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear # is installed # to avoid openssh-dropbear conflict # see [Yocto #14858] for more information -PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}" +PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', ' openssh', '' , d)}" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included diff --git a/poky/meta/classes-recipe/fs-uuid.bbclass b/poky/meta/classes-recipe/fs-uuid.bbclass index a9e7eb8c67..e215f06c80 100644 --- a/poky/meta/classes-recipe/fs-uuid.bbclass +++ b/poky/meta/classes-recipe/fs-uuid.bbclass @@ -10,7 +10,7 @@ def get_rootfs_uuid(d): import subprocess rootfs = d.getVar('ROOTFS') - output = subprocess.check_output(['tune2fs', '-l', rootfs]) + output = subprocess.check_output(['tune2fs', '-l', rootfs], text=True) for line in output.split('\n'): if line.startswith('Filesystem UUID:'): uuid = line.split()[-1] diff --git a/poky/meta/classes-recipe/gnomebase.bbclass b/poky/meta/classes-recipe/gnomebase.bbclass index 805daafa40..5e72f549a3 100644 --- a/poky/meta/classes-recipe/gnomebase.bbclass +++ b/poky/meta/classes-recipe/gnomebase.bbclass @@ -5,7 +5,7 @@ # def gnome_verdir(v): - return ".".join(v.split(".")[:-1]) + return ".".join(v.split(".")[:-1]) or v GNOME_COMPRESS_TYPE ?= "xz" diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass index e387645503..14528e664c 100644 --- a/poky/meta/classes-recipe/image.bbclass +++ b/poky/meta/classes-recipe/image.bbclass @@ -182,8 +182,7 @@ python () { IMAGE_POSTPROCESS_COMMAND ?= "" -# some default locales -IMAGE_LINGUAS ?= "de-de fr-fr en-gb" +IMAGE_LINGUAS ??= "" LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}" @@ -319,7 +318,7 @@ fakeroot python do_image_qa () { except oe.utils.ImageQAFailed as e: qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description) except Exception as e: - qamsg = qamsg + '\tImage QA function %s failed\n' % cmd + qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e) if qamsg: imgname = d.getVar('IMAGE_NAME') @@ -446,7 +445,7 @@ python () { localdata.delVar('DATE') localdata.delVar('TMPDIR') localdata.delVar('IMAGE_VERSION_SUFFIX') - vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude', True) or '').split() + vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude') or '').split() for dep in vardepsexclude: localdata.delVar(dep) diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass index 764e6a5574..e4939af459 100644 --- a/poky/meta/classes-recipe/image_types.bbclass +++ b/poky/meta/classes-recipe/image_types.bbclass @@ -157,11 +157,7 @@ UBI_VOLTYPE ?= "dynamic" UBI_IMGTYPE ?= "ubifs" write_ubi_config() { - if [ -z "$1" ]; then - local vname="" - else - local vname="_$1" - fi + local vname="$1" cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg [ubifs] @@ -183,7 +179,12 @@ multiubi_mkfs() { bbfatal "MKUBIFS_ARGS and UBINIZE_ARGS have to be set, see http://www.linux-mtd.infradead.org/faq/ubifs.html for details" fi - write_ubi_config "$3" + if [ -z "$3" ]; then + local vname="" + else + local vname="_$3" + fi + write_ubi_config "${vname}" if [ -n "$vname" ]; then mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args} @@ -208,7 +209,10 @@ multiubi_mkfs() { fi } +MULTIUBI_ARGS = "MKUBIFS_ARGS UBINIZE_ARGS" + IMAGE_CMD:multiubi () { + ${@' '.join(['%s_%s="%s";' % (arg, name, d.getVar('%s_%s' % (arg, name))) for arg in d.getVar('MULTIUBI_ARGS').split() for name in d.getVar('MULTIUBI_BUILD').split()])} # Split MKUBIFS_ARGS_<name> and UBINIZE_ARGS_<name> for name in ${MULTIUBI_BUILD}; do eval local mkubifs_args=\"\$MKUBIFS_ARGS_${name}\" diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass index 6f5d3bde6c..1531ae6cd5 100644 --- a/poky/meta/classes-recipe/kernel-arch.bbclass +++ b/poky/meta/classes-recipe/kernel-arch.bbclass @@ -70,5 +70,5 @@ HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}" KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" -TOOLCHAIN = "gcc" +TOOLCHAIN ?= "gcc" diff --git a/poky/meta/classes-recipe/kernel-fitimage.bbclass b/poky/meta/classes-recipe/kernel-fitimage.bbclass index 107914e28c..f6d82ce061 100644 --- a/poky/meta/classes-recipe/kernel-fitimage.bbclass +++ b/poky/meta/classes-recipe/kernel-fitimage.bbclass @@ -73,6 +73,9 @@ FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" +# Allow user to select the default DTB for FIT image when multiple dtb's exists. +FIT_CONF_DEFAULT_DTB ?= "" + # Keys used to sign individually image nodes. # The keys to sign image nodes must be different from those used to sign # configuration nodes, otherwise the "required" property, from @@ -375,6 +378,7 @@ fitimage_emit_section_config() { bootscr_line="" setup_line="" default_line="" + default_dtb_image="${FIT_CONF_DEFAULT_DTB}" # conf node name is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID @@ -417,7 +421,17 @@ fitimage_emit_section_config() { # default node is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then - default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + # Select default node as user specified dtb when + # multiple dtb exists. + if [ -n "$default_dtb_image" ]; then + if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then + default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" + else + bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" + fi + else + default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + fi else default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" fi @@ -496,7 +510,7 @@ fitimage_assemble() { ramdiskcount=$3 setupcount="" bootscr_id="" - rm -f $1 arch/${ARCH}/boot/$2 + rm -f $1 ${KERNEL_OUTPUT_DIR}/$2 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then bbfatal "Keys used to sign images and configuration nodes must be different." @@ -529,9 +543,9 @@ fitimage_assemble() { continue fi - DTB_PATH="arch/${ARCH}/boot/dts/$DTB" + DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB" if [ ! -e "$DTB_PATH" ]; then - DTB_PATH="arch/${ARCH}/boot/$DTB" + DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" fi DTB=$(echo "$DTB" | tr '/' '_') @@ -546,10 +560,11 @@ fitimage_assemble() { if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then dtbcount=1 - for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do + for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ + $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do DTB=$(echo "$DTB" | tr '/' '_') - # Skip DTB if we've picked it up previously + # Skip DTB/DTBO if we've picked it up previously echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue DTBS="$DTBS $DTB" @@ -574,9 +589,9 @@ fitimage_assemble() { # # Step 4: Prepare a setup section. (For x86) # - if [ -e arch/${ARCH}/boot/setup.bin ]; then + if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then setupcount=1 - fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin + fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin fi # @@ -650,7 +665,7 @@ fitimage_assemble() { ${UBOOT_MKIMAGE} \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -f $1 \ - arch/${ARCH}/boot/$2 + ${KERNEL_OUTPUT_DIR}/$2 # # Step 8: Sign the image and add public key to U-Boot dtb @@ -667,7 +682,7 @@ fitimage_assemble() { ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -F -k "${UBOOT_SIGN_KEYDIR}" \ $add_key_to_u_boot \ - -r arch/${ARCH}/boot/$2 \ + -r ${KERNEL_OUTPUT_DIR}/$2 \ ${UBOOT_MKIMAGE_SIGN_ARGS} fi } @@ -770,7 +785,7 @@ kernel_do_deploy:append() { if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." - install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" + install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" fi diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass index 8eda0dcaf3..7de99cff56 100644 --- a/poky/meta/classes-recipe/kernel-yocto.bbclass +++ b/poky/meta/classes-recipe/kernel-yocto.bbclass @@ -212,7 +212,7 @@ do_kernel_metadata() { # SRC_URI. If they were supplied, we convert them into include directives # for the update part of the process for f in ${feat_dirs}; do - if [ -d "${WORKDIR}/$f/meta" ]; then + if [ -d "${WORKDIR}/$f/kernel-meta" ]; then includes="$includes -I${WORKDIR}/$f/kernel-meta" elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then includes="$includes -I${WORKDIR}/../oe-local-files/$f" @@ -506,7 +506,7 @@ python do_config_analysis() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--blame', c], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) outfile = d.getVar( 'CONFIG_ANALYSIS_FILE' ) @@ -514,7 +514,7 @@ python do_config_analysis() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--summary', '--extended', '--sanity', c], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) outfile = d.getVar( 'CONFIG_AUDIT_FILE' ) @@ -575,7 +575,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--mismatches', extra_params], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/mismatch.txt".format( s, kmeta ) @@ -597,7 +597,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--invalid', extra_params], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/invalid.txt".format(s,kmeta) @@ -616,7 +616,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--sanity'], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/redefinition.txt".format(s,kmeta) diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass index e4e69e0763..01f866f0a6 100644 --- a/poky/meta/classes-recipe/kernel.bbclass +++ b/poky/meta/classes-recipe/kernel.bbclass @@ -210,9 +210,6 @@ PACKAGES_DYNAMIC += "^${KERNEL_PACKAGE_NAME}-firmware-.*" export OS = "${TARGET_OS}" export CROSS_COMPILE = "${TARGET_PREFIX}" -export KBUILD_BUILD_VERSION = "1" -export KBUILD_BUILD_USER ?= "oe-user" -export KBUILD_BUILD_HOST ?= "oe-host" KERNEL_RELEASE ?= "${KERNEL_VERSION}" @@ -367,6 +364,10 @@ kernel_do_compile() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi # The $use_alternate_initrd is only set from # do_bundle_initramfs() This variable is specifically for the @@ -412,6 +413,10 @@ do_compile_kernelmodules() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} @@ -442,8 +447,8 @@ kernel_do_install() { oe_runmake DEPMOD=echo MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION} INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build" rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source" - # If the kernel/ directory is empty remove it to prevent QA issues - rmdir --ignore-fail-on-non-empty "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" + # Remove empty module directories to prevent QA issues + find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete else bbnote "no modules to install" fi @@ -591,12 +596,26 @@ do_shared_workdir () { cp tools/objtool/objtool ${kerneldir}/tools/objtool/ fi fi + + # When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need + # to copy the build assets generated for the randstruct seed to + # STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will + # generate those assets which will result in a different + # RANDSTRUCT_HASHED_SEED + if [ -d scripts/basic ]; then + mkdir -p ${kerneldir}/scripts + cp -r scripts/basic ${kerneldir}/scripts + fi + + if [ -d scripts/gcc-plugins ]; then + mkdir -p ${kerneldir}/scripts + cp -r scripts/gcc-plugins ${kerneldir}/scripts + fi + } # We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware -sysroot_stage_all () { - : -} +SYSROOT_DIRS = "" KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig" @@ -641,7 +660,7 @@ do_savedefconfig() { do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure -inherit cml1 +inherit cml1 pkgconfig # Need LD, HOSTLDFLAGS and more for config operations KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}" diff --git a/poky/meta/classes-recipe/libc-package.bbclass b/poky/meta/classes-recipe/libc-package.bbclass index de3d4223a8..8a99f73ae7 100644 --- a/poky/meta/classes-recipe/libc-package.bbclass +++ b/poky/meta/classes-recipe/libc-package.bbclass @@ -51,6 +51,7 @@ PACKAGE_NO_GCONV ?= "0" OVERRIDES:append = ":${TARGET_ARCH}-${TARGET_OS}" locale_base_postinst_ontarget() { +mkdir ${libdir}/locale localedef --inputfile=${datadir}/i18n/locales/%s --charmap=%s %s } diff --git a/poky/meta/classes-recipe/license_image.bbclass b/poky/meta/classes-recipe/license_image.bbclass index b60d6e44f4..8560c27e93 100644 --- a/poky/meta/classes-recipe/license_image.bbclass +++ b/poky/meta/classes-recipe/license_image.bbclass @@ -235,7 +235,7 @@ def get_deployed_dependencies(d): deploy = {} # Get all the dependencies for the current task (rootfs). taskdata = d.getVar("BB_TASKDEPDATA", False) - pn = d.getVar("PN", True) + pn = d.getVar("PN") depends = list(set([dep[0] for dep in list(taskdata.values()) if not dep[0].endswith("-native") and not dep[0] == pn])) diff --git a/poky/meta/classes-recipe/linux-kernel-base.bbclass b/poky/meta/classes-recipe/linux-kernel-base.bbclass index cb2212c948..65cc48f304 100644 --- a/poky/meta/classes-recipe/linux-kernel-base.bbclass +++ b/poky/meta/classes-recipe/linux-kernel-base.bbclass @@ -43,5 +43,9 @@ def linux_module_packages(s, d): suffix = "" return " ".join(map(lambda s: "kernel-module-%s%s" % (s.lower().replace('_', '-').replace('@', '+'), suffix), s.split())) +export KBUILD_BUILD_VERSION = "1" +export KBUILD_BUILD_USER ?= "oe-user" +export KBUILD_BUILD_HOST ?= "oe-host" + # that's all diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass index 61ad053def..1e94585f3e 100644 --- a/poky/meta/classes-recipe/native.bbclass +++ b/poky/meta/classes-recipe/native.bbclass @@ -161,7 +161,7 @@ python native_virtclass_handler () { newdeps.append(dep.replace(pn, bpn) + "-native") else: newdeps.append(dep) - d.setVar(varname, " ".join(newdeps), parsing=True) + d.setVar(varname, " ".join(newdeps)) map_dependencies("DEPENDS", e.data, selfref=False) for pkg in e.data.getVar("PACKAGES", False).split(): diff --git a/poky/meta/classes-recipe/overlayfs.bbclass b/poky/meta/classes-recipe/overlayfs.bbclass index bdc6dd9d57..53d65d7531 100644 --- a/poky/meta/classes-recipe/overlayfs.bbclass +++ b/poky/meta/classes-recipe/overlayfs.bbclass @@ -102,7 +102,11 @@ python do_create_overlayfs_units() { overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT") for mountPoint in overlayMountPoints: bb.debug(1, "Process variable flag %s" % mountPoint) - for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split(): + lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint) + if not lowerList: + bb.note("No mount points defined for %s flag, skipping" % (mountPoint)) + continue + for lower in lowerList.split(): bb.debug(1, "Prepare mount unit for %s with data mount point %s" % (lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint))) prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower) diff --git a/poky/meta/classes-recipe/populate_sdk_base.bbclass b/poky/meta/classes-recipe/populate_sdk_base.bbclass index 64a4a58bef..6286d64233 100644 --- a/poky/meta/classes-recipe/populate_sdk_base.bbclass +++ b/poky/meta/classes-recipe/populate_sdk_base.bbclass @@ -74,6 +74,8 @@ TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}" SDK_ARCHIVE_TYPE ?= "tar.xz" SDK_XZ_COMPRESSION_LEVEL ?= "-9" SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}" +SDK_ZIP_OPTIONS ?= "-y" + # To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz python () { @@ -81,7 +83,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') @@ -205,7 +207,7 @@ fakeroot python do_populate_sdk() { } SSTATETASKS += "do_populate_sdk" SSTATE_SKIP_CREATION:task-populate-sdk = '1' -do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}" +do_populate_sdk[cleandirs] += "${SDKDEPLOYDIR}" do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}" do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}" do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}" diff --git a/poky/meta/classes-recipe/populate_sdk_ext.bbclass b/poky/meta/classes-recipe/populate_sdk_ext.bbclass index 925cb313fc..1b47fbe770 100644 --- a/poky/meta/classes-recipe/populate_sdk_ext.bbclass +++ b/poky/meta/classes-recipe/populate_sdk_ext.bbclass @@ -120,7 +120,7 @@ python write_host_sdk_ext_manifest () { f.write("%s %s %s\n" % (info[1], info[2], info[3])) } -SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = "write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; " +SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = " write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; " SDK_TITLE:task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK" @@ -720,7 +720,7 @@ sdk_ext_postinst() { # A bit of another hack, but we need this in the path only for devtool # so put it at the end of $PATH. - echo "export PATH=$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH" >> $env_setup_script + echo "export PATH=\"$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH\"" >> $env_setup_script echo "printf 'SDK environment now set up; additionally you may now run devtool to perform development tasks.\nRun devtool --help for further details.\n'" >> $env_setup_script diff --git a/poky/meta/classes-recipe/qemuboot.bbclass b/poky/meta/classes-recipe/qemuboot.bbclass index 018c000ca2..5a0e50ccfc 100644 --- a/poky/meta/classes-recipe/qemuboot.bbclass +++ b/poky/meta/classes-recipe/qemuboot.bbclass @@ -13,6 +13,7 @@ # QB_OPT_APPEND: options to append to qemu, e.g., "-device usb-mouse" # # QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage" +# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1. # # QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4" # @@ -93,7 +94,7 @@ QB_MEM ?= "-m 256" QB_SMP ?= "" QB_SERIAL_OPT ?= "-serial mon:stdio -serial null" -QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}" +QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}" QB_DEFAULT_FSTYPE ?= "ext4" QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0" QB_OPT_APPEND ?= "" diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass index 93bf6c8be6..5e70007377 100644 --- a/poky/meta/classes-recipe/rust-common.bbclass +++ b/poky/meta/classes-recipe/rust-common.bbclass @@ -94,7 +94,7 @@ RUST_BUILD_ARCH = "${@oe.rust.arch_to_rust_arch(d.getVar('BUILD_ARCH'))}" # Rust additionally will use two additional cases: # - undecorated (e.g. CC) - equivalent to TARGET # - triple suffix (e.g. CC:x86_64_unknown_linux_gnu) - both -# see: https://github.com/alexcrichton/gcc-rs +# see: https://github.com/rust-lang/cc-rs # The way that Rust's internal triples and Yocto triples are mapped together # its likely best to not use the triple suffix due to potential confusion. @@ -125,12 +125,22 @@ create_wrapper_rust () { shift extras="$1" shift + crate_cc_extras="$1" + shift cat <<- EOF > "${file}" #!/usr/bin/env python3 import os, sys orig_binary = "$@" extras = "${extras}" + + # Apply a required subset of CC crate compiler flags + # when we build a target recipe for a non-bare-metal target. + # https://github.com/rust-lang/cc-rs/blob/main/src/lib.rs#L1614 + if "CRATE_CC_NO_DEFAULTS" in os.environ.keys() and \ + "TARGET" in os.environ.keys() and not "-none-" in os.environ["TARGET"]: + orig_binary += "${crate_cc_extras}" + binary = orig_binary.split()[0] args = orig_binary.split() + sys.argv[1:] if extras: @@ -154,22 +164,22 @@ do_rust_create_wrappers () { mkdir -p "${WRAPPER_DIR}" # Yocto Build / Rust Host C compiler - create_wrapper_rust "${RUST_BUILD_CC}" "" "${BUILD_CC}" + create_wrapper_rust "${RUST_BUILD_CC}" "" "${CRATE_CC_FLAGS}" "${BUILD_CC}" # Yocto Build / Rust Host C++ compiler - create_wrapper_rust "${RUST_BUILD_CXX}" "" "${BUILD_CXX}" + create_wrapper_rust "${RUST_BUILD_CXX}" "" "${CRATE_CC_FLAGS}" "${BUILD_CXX}" # Yocto Build / Rust Host linker - create_wrapper_rust "${RUST_BUILD_CCLD}" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}" + create_wrapper_rust "${RUST_BUILD_CCLD}" "" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}" # Yocto Build / Rust Host archiver - create_wrapper_rust "${RUST_BUILD_AR}" "" "${BUILD_AR}" + create_wrapper_rust "${RUST_BUILD_AR}" "" "" "${BUILD_AR}" # Yocto Target / Rust Target C compiler - create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}" + create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}" # Yocto Target / Rust Target C++ compiler - create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}" + create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}" # Yocto Target / Rust Target linker - create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}" + create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}" # Yocto Target / Rust Target archiver - create_wrapper_rust "${RUST_TARGET_AR}" "" "${WRAPPER_TARGET_AR}" + create_wrapper_rust "${RUST_TARGET_AR}" "" "" "${WRAPPER_TARGET_AR}" } diff --git a/poky/meta/classes-recipe/rust-target-config.bbclass b/poky/meta/classes-recipe/rust-target-config.bbclass index 9e1d81bf5c..876fe8fd9b 100644 --- a/poky/meta/classes-recipe/rust-target-config.bbclass +++ b/poky/meta/classes-recipe/rust-target-config.bbclass @@ -114,7 +114,7 @@ def llvm_features_from_target_fpu(d): # TARGET_FPU can be hard or soft. +soft-float tell llvm to use soft float # ABI. There is no option for hard. - fpu = d.getVar('TARGET_FPU', True) + fpu = d.getVar('TARGET_FPU') return ["+soft-float"] if fpu == "soft" else [] def llvm_features(d): @@ -231,19 +231,19 @@ TARGET_POINTER_WIDTH[powerpc64le] = "64" TARGET_C_INT_WIDTH[powerpc64le] = "64" MAX_ATOMIC_WIDTH[powerpc64le] = "64" -## riscv32-unknown-linux-{gnu, musl} -DATA_LAYOUT[riscv32] = "e-m:e-p:32:32-i64:64-n32-S128" -TARGET_ENDIAN[riscv32] = "little" -TARGET_POINTER_WIDTH[riscv32] = "32" -TARGET_C_INT_WIDTH[riscv32] = "32" -MAX_ATOMIC_WIDTH[riscv32] = "32" +## riscv32gc-unknown-linux-{gnu, musl} +DATA_LAYOUT[riscv32gc] = "e-m:e-p:32:32-i64:64-n32-S128" +TARGET_ENDIAN[riscv32gc] = "little" +TARGET_POINTER_WIDTH[riscv32gc] = "32" +TARGET_C_INT_WIDTH[riscv32gc] = "32" +MAX_ATOMIC_WIDTH[riscv32gc] = "32" -## riscv64-unknown-linux-{gnu, musl} -DATA_LAYOUT[riscv64] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128" -TARGET_ENDIAN[riscv64] = "little" -TARGET_POINTER_WIDTH[riscv64] = "64" -TARGET_C_INT_WIDTH[riscv64] = "64" -MAX_ATOMIC_WIDTH[riscv64] = "64" +## riscv64gc-unknown-linux-{gnu, musl} +DATA_LAYOUT[riscv64gc] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128" +TARGET_ENDIAN[riscv64gc] = "little" +TARGET_POINTER_WIDTH[riscv64gc] = "64" +TARGET_C_INT_WIDTH[riscv64gc] = "64" +MAX_ATOMIC_WIDTH[riscv64gc] = "64" # Convert a normal arch (HOST_ARCH, TARGET_ARCH, BUILD_ARCH, etc) to something # rust's internals won't choke on. @@ -258,9 +258,21 @@ def arch_to_rust_target_arch(arch): return "arm" elif arch == "powerpc64le": return "powerpc64" + elif arch == "riscv32gc": + return "riscv32" + elif arch == "riscv64gc": + return "riscv64" else: return arch +# Convert a rust target string to a llvm-compatible triplet +def rust_sys_to_llvm_target(sys): + if sys.startswith('riscv32gc-'): + return sys.replace('riscv32gc-', 'riscv32-', 1) + if sys.startswith('riscv64gc-'): + return sys.replace('riscv64gc-', 'riscv64-', 1) + return sys + # generates our target CPU value def llvm_cpu(d): cpu = d.getVar('PACKAGE_ARCH') @@ -334,7 +346,7 @@ def rust_gen_target(d, thing, wd, arch): # build tspec tspec = {} - tspec['llvm-target'] = rustsys + tspec['llvm-target'] = rust_sys_to_llvm_target(rustsys) tspec['data-layout'] = d.getVarFlag('DATA_LAYOUT', arch_abi) if tspec['data-layout'] is None: bb.fatal("No rust target defined for %s" % arch_abi) @@ -389,3 +401,19 @@ python do_rust_gen_targets () { addtask rust_gen_targets after do_patch before do_compile do_rust_gen_targets[dirs] += "${RUST_TARGETS_DIR}" +# For building target C dependecies use only compiler parameters defined in OE +# and ignore the CC crate defaults which conflicts with OE ones in some cases. +# https://github.com/rust-lang/cc-rs#external-configuration-via-environment-variables +# Some CC crate compiler flags are still required. +# We apply them conditionally in rust wrappers. + +CRATE_CC_FLAGS:class-native = "" +CRATE_CC_FLAGS:class-nativesdk = "" +CRATE_CC_FLAGS:class-target = " -ffunction-sections -fdata-sections -fPIC" + +do_compile:prepend:class-target() { + export CRATE_CC_NO_DEFAULTS=1 +} +do_install:prepend:class-target() { + export CRATE_CC_NO_DEFAULTS=1 +} diff --git a/poky/meta/classes-recipe/scons.bbclass b/poky/meta/classes-recipe/scons.bbclass index 5f0d4a910b..d20a78dc6e 100644 --- a/poky/meta/classes-recipe/scons.bbclass +++ b/poky/meta/classes-recipe/scons.bbclass @@ -9,7 +9,9 @@ inherit python3native DEPENDS += "python3-scons-native" EXTRA_OESCONS ?= "" - +# This value below is derived from $(getconf ARG_MAX) +SCONS_MAXLINELENGTH ?= "MAXLINELENGTH=2097152" +EXTRA_OESCONS:append = " ${SCONS_MAXLINELENGTH}" do_configure() { if [ -n "${CONFIGURESTAMPFILE}" -a "${S}" = "${B}" ]; then if [ -e "${CONFIGURESTAMPFILE}" -a "`cat ${CONFIGURESTAMPFILE}`" != "${BB_TASKHASH}" -a "${CLEANBROKEN}" != "1" ]; then @@ -31,4 +33,8 @@ scons_do_install() { die "scons install execution failed." } +do_configure[vardepsexclude] = "SCONS_MAXLINELENGTH" +do_compile[vardepsexclude] = "SCONS_MAXLINELENGTH" +do_install[vardepsexclude] = "SCONS_MAXLINELENGTH" + EXPORT_FUNCTIONS do_compile do_install diff --git a/poky/meta/classes-recipe/systemd.bbclass b/poky/meta/classes-recipe/systemd.bbclass index f6564c2b31..ce188a8113 100644 --- a/poky/meta/classes-recipe/systemd.bbclass +++ b/poky/meta/classes-recipe/systemd.bbclass @@ -152,6 +152,7 @@ python systemd_populate_packages() { def systemd_check_services(): searchpaths = [oe.path.join(d.getVar("sysconfdir"), "systemd", "system"),] searchpaths.append(d.getVar("systemd_system_unitdir")) + searchpaths.append(d.getVar("systemd_user_unitdir")) systemd_packages = d.getVar('SYSTEMD_PACKAGES') keys = 'Also' diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass index 5cc408b0c4..b48cd96575 100644 --- a/poky/meta/classes-recipe/testimage.bbclass +++ b/poky/meta/classes-recipe/testimage.bbclass @@ -98,7 +98,7 @@ TESTIMAGELOCK:qemuall = "" TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" -TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR" +TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME" testimage_dump_target () { top -bn1 @@ -236,7 +236,7 @@ def testimage_main(d): with open(tdname, "r") as f: td = json.load(f) except FileNotFoundError as err: - bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err)) + bb.fatal('File %s not found (%s).\nHave you built the image with IMAGE_CLASSES += "testimage" in the conf/local.conf?' % (tdname, err)) # Some variables need to be updates (mostly paths) with the # ones of the current environment because some tests require them. diff --git a/poky/meta/classes-recipe/toolchain-scripts.bbclass b/poky/meta/classes-recipe/toolchain-scripts.bbclass index 3cc823fe63..6bfe0b6de0 100644 --- a/poky/meta/classes-recipe/toolchain-scripts.bbclass +++ b/poky/meta/classes-recipe/toolchain-scripts.bbclass @@ -37,7 +37,7 @@ toolchain_create_sdk_env_script () { echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script echo '# Only disable this check if you are absolutely know what you are doing!' >> $script - echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script + echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script @@ -53,7 +53,7 @@ toolchain_create_sdk_env_script () { for i in ${CANADIANEXTRAOS}; do EXTRAPATH="$EXTRAPATH:$sdkpathnative$bindir/${TARGET_ARCH}${TARGET_VENDOR}-$i" done - echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':$PATH' >> $script + echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':"$PATH"' >> $script echo 'export PKG_CONFIG_SYSROOT_DIR=$SDKTARGETSYSROOT' >> $script echo 'export PKG_CONFIG_PATH=$SDKTARGETSYSROOT'"$libdir"'/pkgconfig:$SDKTARGETSYSROOT'"$prefix"'/share/pkgconfig' >> $script echo 'export CONFIG_SITE=${SDKPATH}/site-config-'"${multimach_target_sys}" >> $script diff --git a/poky/meta/classes-recipe/uboot-sign.bbclass b/poky/meta/classes-recipe/uboot-sign.bbclass index debbf23ec6..4b5912a01d 100644 --- a/poky/meta/classes-recipe/uboot-sign.bbclass +++ b/poky/meta/classes-recipe/uboot-sign.bbclass @@ -298,7 +298,7 @@ do_uboot_generate_rsa_keys() { "${UBOOT_FIT_SIGN_NUMBITS}" echo "Generating certificate for signing U-Boot fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ + openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \ -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt fi diff --git a/poky/meta/classes-recipe/update-alternatives.bbclass b/poky/meta/classes-recipe/update-alternatives.bbclass index 970d9bcd45..f34cc6bc19 100644 --- a/poky/meta/classes-recipe/update-alternatives.bbclass +++ b/poky/meta/classes-recipe/update-alternatives.bbclass @@ -5,7 +5,7 @@ # # This class is used to help the alternatives system which is useful when -# multiple sources provide same command. You can use update-alternatives +# multiple sources provide the same command. You can use update-alternatives # command directly in your recipe, but in most cases this class simplifies # that job. # @@ -35,7 +35,7 @@ # A non-default link to create for a target # ALTERNATIVE_TARGET[name] = "target" # -# This is the name of the binary as it's been install by do_install +# This is the name of the binary as it's been installed by do_install # i.e. ALTERNATIVE_TARGET[sh] = "/bin/bash" # # A package specific link for a target @@ -68,7 +68,7 @@ ALTERNATIVE_PRIORITY = "10" # We need special processing for vardeps because it can not work on # modified flag values. So we aggregate the flags into a new variable -# and include that vairable in the set. +# and include that variable in the set. UPDALTVARS = "ALTERNATIVE ALTERNATIVE_LINK_NAME ALTERNATIVE_TARGET ALTERNATIVE_PRIORITY" PACKAGE_WRITE_DEPS += "virtual/update-alternatives-native" diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 0710c1ec5e..4049694d85 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -465,7 +465,7 @@ def is_work_shared(d): pn = d.getVar('PN') return pn.startswith('gcc-source') or \ bb.data.inherits_class('kernel', d) or \ - (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR')) + (bb.data.inherits_class('kernelsrc', d) and d.expand("${TMPDIR}/work-shared") in d.getVar('S')) # Run do_unpack and do_patch python do_unpack_and_patch() { diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass index 47dd12c383..f0513af083 100644 --- a/poky/meta/classes/create-spdx.bbclass +++ b/poky/meta/classes/create-spdx.bbclass @@ -21,7 +21,6 @@ SPDX_TOOL_VERSION ??= "1.0" SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" SPDX_INCLUDE_SOURCES ??= "0" -SPDX_INCLUDE_PACKAGED ??= "0" SPDX_ARCHIVE_SOURCES ??= "0" SPDX_ARCHIVE_PACKAGED ??= "0" @@ -431,7 +430,6 @@ python do_create_spdx() { deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) spdx_workdir = Path(d.getVar("SPDXWORK")) - include_packaged = d.getVar("SPDX_INCLUDE_PACKAGED") == "1" include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" @@ -459,6 +457,7 @@ python do_create_spdx() { for s in d.getVar('SRC_URI').split(): if not s.startswith("file://"): + s = s.split(';')[0] recipe.downloadLocation = s break else: @@ -796,6 +795,7 @@ def spdx_get_src(d): bb.build.exec_func('do_unpack', d) # Copy source of kernel to spdx_workdir if is_work_shared_spdx(d): + share_src = d.getVar('WORKDIR') d.setVar('WORKDIR', spdx_workdir) d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native) src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR') @@ -803,8 +803,8 @@ def spdx_get_src(d): if bb.data.inherits_class('kernel',d): share_src = d.getVar('STAGING_KERNEL_DIR') cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/" - cmd_copy_kernel_result = os.popen(cmd_copy_share).read() - bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result) + cmd_copy_shared_res = os.popen(cmd_copy_share).read() + bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res) git_path = src_dir + "/.git" if os.path.exists(git_path): diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 4b4ea7893e..5e2da56046 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -48,8 +48,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" -CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" +CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -202,7 +202,7 @@ python cve_check_write_rootfs_manifest () { recipies.add(pkg_data["PN"]) bb.note("Writing rootfs CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") + deploy_dir = d.getVar("IMGDEPLOYDIR") link_name = d.getVar("IMAGE_LINK_NAME") json_data = {"version":"1", "package": []} @@ -260,7 +260,7 @@ def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. """ - from oe.cve_check import Version + from oe.cve_check import Version, convert_cve_version pn = d.getVar("PN") real_pv = d.getVar("PV") @@ -324,6 +324,9 @@ def check_cves(d, patched_cves): if cve in cve_ignore: ignored = True + version_start = convert_cve_version(version_start) + version_end = convert_cve_version(version_end) + if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True else: diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 06a9548a20..26c5803ee6 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -61,7 +61,7 @@ python () { if externalsrcbuild: d.setVar('B', externalsrcbuild) else: - d.setVar('B', '${WORKDIR}/${BPN}-${PV}/') + d.setVar('B', '${WORKDIR}/${BPN}-${PV}') local_srcuri = [] fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d) @@ -212,8 +212,8 @@ def srctree_hash_files(d, srcdir=None): try: git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) - top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], - stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) + top_git_dir = os.path.join(d.getVar("TOPDIR"), + subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) if git_dir == top_git_dir: git_dir = None except subprocess.CalledProcessError: @@ -230,7 +230,7 @@ def srctree_hash_files(d, srcdir=None): env['GIT_INDEX_FILE'] = tmp_index.name subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env) git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8") - if os.path.exists(".gitmodules"): + if os.path.exists(os.path.join(s_dir, ".gitmodules")) and os.path.getsize(os.path.join(s_dir, ".gitmodules")) > 0: submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8") for line in submodule_helper.splitlines(): module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1]) diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass index 10a4ef9c37..8a1a51aaba 100644 --- a/poky/meta/classes/multilib.bbclass +++ b/poky/meta/classes/multilib.bbclass @@ -51,6 +51,7 @@ python multilib_virtclass_handler () { e.data.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot") e.data.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot") e.data.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot") + e.data.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant) e.data.setVar("MLPREFIX", variant + "-") override = ":virtclass-multilib-" + variant e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) diff --git a/poky/meta/classes/recipe_sanity.bbclass b/poky/meta/classes/recipe_sanity.bbclass index 1c2e24c6a1..a5cc4315fb 100644 --- a/poky/meta/classes/recipe_sanity.bbclass +++ b/poky/meta/classes/recipe_sanity.bbclass @@ -16,7 +16,7 @@ def bad_runtime_vars(cfgdata, d): for var in d.getVar("__recipe_sanity_badruntimevars").split(): val = d.getVar(var, False) if val and val != cfgdata.get(var): - __note("%s should be %s_${PN}" % (var, var), d) + __note("%s should be %s:${PN}" % (var, var), d) __recipe_sanity_reqvars = "DESCRIPTION" __recipe_sanity_reqdiffvars = "" diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass index 2f692fbbcc..2b2ad56514 100644 --- a/poky/meta/classes/report-error.bbclass +++ b/poky/meta/classes/report-error.bbclass @@ -107,6 +107,31 @@ python errorreport_handler () { errorreport_savedata(e, jsondata, "error-report.txt") bb.utils.unlockfile(lock) + elif isinstance(e, bb.event.NoProvider): + bb.utils.mkdirhier(logpath) + data = {} + machine = e.data.getVar("MACHINE") + data['machine'] = machine + data['build_sys'] = e.data.getVar("BUILD_SYS") + data['nativelsb'] = nativelsb() + data['distro'] = e.data.getVar("DISTRO") + data['target_sys'] = e.data.getVar("TARGET_SYS") + data['failures'] = [] + data['component'] = str(e._item) + data['branch_commit'] = str(oe.buildcfg.detect_branch(e.data)) + ": " + str(oe.buildcfg.detect_revision(e.data)) + data['bitbake_version'] = e.data.getVar("BB_VERSION") + data['layer_version'] = get_layers_branch_rev(e.data) + data['local_conf'] = get_conf_data(e, 'local.conf') + data['auto_conf'] = get_conf_data(e, 'auto.conf') + taskdata={} + taskdata['log'] = str(e) + taskdata['package'] = str(e._item) + taskdata['task'] = "Nothing provides " + "'" + str(e._item) + "'" + data['failures'].append(taskdata) + lock = bb.utils.lockfile(datafile + '.lock') + errorreport_savedata(e, data, "error-report.txt") + bb.utils.unlockfile(lock) + elif isinstance(e, bb.event.BuildCompleted): lock = bb.utils.lockfile(datafile + '.lock') jsondata = json.loads(errorreport_getdata(e)) @@ -120,4 +145,4 @@ python errorreport_handler () { } addhandler errorreport_handler -errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed" +errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed bb.event.NoProvider" diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass index c493efff2f..8b5fe1b808 100644 --- a/poky/meta/classes/rm_work.bbclass +++ b/poky/meta/classes/rm_work.bbclass @@ -33,6 +33,13 @@ BB_SCHEDULER ?= "completion" BB_TASK_IONICE_LEVEL:task-rm_work = "3.0" do_rm_work () { + # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH + # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function + RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)" + if [ -z "${RM_BIN}" ]; then + bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data." + fi + # If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe. for p in ${RM_WORK_EXCLUDE}; do if [ "$p" = "${PN}" ]; then @@ -79,7 +86,7 @@ do_rm_work () { # sstate version since otherwise we'd need to leave 'plaindirs' around # such as 'packages' and 'packages-split' and these can be large. No end # of chain tasks depend directly on do_package anymore. - rm -f -- $i; + "${RM_BIN}" -f -- $i; ;; *_setscene*) # Skip stamps which are already setscene versions @@ -96,7 +103,7 @@ do_rm_work () { ;; esac done - rm -f -- $i + "${RM_BIN}" -f -- $i esac done @@ -106,12 +113,14 @@ do_rm_work () { # Retain only logs and other files in temp, safely ignore # failures of removing pseudo folers on NFS2/3 server. if [ $dir = 'pseudo' ]; then - rm -rf -- $dir 2> /dev/null || true + "${RM_BIN}" -rf -- $dir 2> /dev/null || true elif ! echo "$excludes" | grep -q -w "$dir"; then - rm -rf -- $dir + "${RM_BIN}" -rf -- $dir fi done } +do_rm_work[vardepsexclude] += "SSTATETASKS" + do_rm_work_all () { : } @@ -178,7 +187,7 @@ python inject_rm_work() { # other recipes and thus will typically run much later than completion of # work in the recipe itself. # In practice, addtask() here merely updates the dependencies. - bb.build.addtask('do_rm_work', 'do_build', ' '.join(deps), d) + bb.build.addtask('do_rm_work', 'do_rm_work_all do_build', ' '.join(deps), d) # Always update do_build_without_rm_work dependencies. bb.build.addtask('do_build_without_rm_work', '', ' '.join(deps), d) diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 62cdd9aa9c..a1f0f624e9 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -676,7 +676,7 @@ export PYTHONHASHSEED = "0" export PERL_HASH_SEED = "0" export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}" # A SOURCE_DATE_EPOCH of '0' might be misinterpreted as no SDE -export SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400" +SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400" REPRODUCIBLE_TIMESTAMP_ROOTFS ??= "1520598896" ################################################################## diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index 8b5f8d49b8..f5d6867ed4 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-108 CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887" # 2020 CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" + +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 +CVE_CHECK_IGNORE += "CVE-2020-27784" + # 2021 CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 +CVE_CHECK_IGNORE += "CVE-2021-3669" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 +CVE_CHECK_IGNORE += "CVE-2021-3759" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 +CVE_CHECK_IGNORE += "CVE-2021-4218" + # 2022 CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ @@ -90,6 +115,193 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ CVE-2022-29582 CVE-2022-29968" +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 +CVE_CHECK_IGNORE += "CVE-2022-0480" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d +CVE_CHECK_IGNORE += "CVE-2022-1184" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_CHECK_IGNORE += "CVE-2022-1462" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac +CVE_CHECK_IGNORE += "CVE-2022-2308" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 +CVE_CHECK_IGNORE += "CVE-2022-2327" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d +CVE_CHECK_IGNORE += "CVE-2022-2663" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd +CVE_CHECK_IGNORE += "CVE-2022-2785" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 +CVE_CHECK_IGNORE += "CVE-2022-3176" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b +CVE_CHECK_IGNORE += "CVE-2022-3526" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd +CVE_CHECK_IGNORE += "CVE-2022-3621" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 +CVE_CHECK_IGNORE += "CVE-2022-3623" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 +CVE_CHECK_IGNORE += "CVE-2022-3624" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 +CVE_CHECK_IGNORE += "CVE-2022-3625" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 +CVE_CHECK_IGNORE += "CVE-2022-3629" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b +CVE_CHECK_IGNORE += "CVE-2022-3630" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de +CVE_CHECK_IGNORE += "CVE-2022-3633" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 +CVE_CHECK_IGNORE += "CVE-2022-3635" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 +# The vulnerability has been introduced and patched in rc1 of v5.19. +CVE_CHECK_IGNORE += "CVE-2022-3636" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 +CVE_CHECK_IGNORE += "CVE-2022-3646" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 +CVE_CHECK_IGNORE += "CVE-2022-3649" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 +CVE_CHECK_IGNORE += "CVE-2022-26365" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 +CVE_CHECK_IGNORE += "CVE-2022-33740" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 +CVE_CHECK_IGNORE += "CVE-2022-33741" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 +CVE_CHECK_IGNORE += "CVE-2022-33742" + + +# Wrong CPE in NVD database +# https://nvd.nist.gov/vuln/detail/CVE-2022-3563 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3637 +# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git +CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637" # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index 56088e4e66..99929accce 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -103,7 +103,7 @@ PTESTS_SLOW = "\ " PTESTS_SLOW:remove:riscv64 = "valgrind-ptest" -PTESTS_PROBLEMS:append:riscv64 = "valgrind-ptest" +PTESTS_PROBLEMS:append:riscv64 = " valgrind-ptest" # ruby-ptest \ # Timeout # lz4-ptest \ # Needs a rewrite diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 7012db441b..8a5cab5360 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.36" -UNINATIVE_VERSION = "3.7" +UNINATIVE_MAXGLIBCVERSION = "2.37" +UNINATIVE_VERSION = "3.9" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6" -UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305" -UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570" +UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b" +UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c" +UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b" diff --git a/poky/meta/lib/bblayers/buildconf.py b/poky/meta/lib/bblayers/buildconf.py index e07fc534e1..ccab332adf 100644 --- a/poky/meta/lib/bblayers/buildconf.py +++ b/poky/meta/lib/bblayers/buildconf.py @@ -64,7 +64,7 @@ TEMPLATECONF={} . {}/oe-init-build-env build-try-{}""" oecore = None for l in layers: - if l[0] == os.path.abspath(args.layerpath): + if os.path.abspath(l[0]) == os.path.abspath(args.layerpath): targetlayer = l[0] if l[1] == 'meta': oecore = os.path.dirname(l[0]) diff --git a/poky/meta/lib/bblayers/makesetup.py b/poky/meta/lib/bblayers/makesetup.py index 22f89d81a4..5fb6f1469e 100644 --- a/poky/meta/lib/bblayers/makesetup.py +++ b/poky/meta/lib/bblayers/makesetup.py @@ -45,8 +45,15 @@ class MakeSetupPlugin(LayerPlugin): return "" return describe.strip() + def _is_submodule(self, repo_path): + # This is slightly brittle: git does not offer a way to tell whether + # a given repo dir is a submodule checkout, so we need to rely on .git + # being a file (rather than a dir like it is in standalone checkouts). + # The file typically contains a gitdir pointer to elsewhere. + return os.path.isfile(os.path.join(repo_path,".git")) + def make_repo_config(self, destdir): - """ This is a helper function for the writer plugins that discovers currently confugured layers. + """ This is a helper function for the writer plugins that discovers currently configured layers. The writers do not have to use it, but it can save a bit of work and avoid duplicated code, hence it is available here. """ repos = {} @@ -63,6 +70,9 @@ class MakeSetupPlugin(LayerPlugin): logger.error("Layer {name} in {path} has uncommitted modifications or is not in a git repository.".format(name=l_name,path=l_path)) return repo_path = self._get_repo_path(l_path) + + if self._is_submodule(repo_path): + continue if repo_path not in repos.keys(): repos[repo_path] = {'path':os.path.basename(repo_path),'git-remote':{'rev':l_rev, 'branch':l_branch, 'remotes':self._get_remotes(repo_path), 'describe':self._get_describe(repo_path)}} if repo_path == destdir_repo: diff --git a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py index f6a484b766..d5bc19a8cb 100644 --- a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py +++ b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py @@ -33,6 +33,8 @@ class OeSetupLayersWriter(): def do_write(self, parent, args): """ Writes out a python script and a json config that replicate the directory structure and revisions of the layers in a current build. """ + if not os.path.exists(args.destdir): + os.makedirs(args.destdir) repos = parent.make_repo_config(args.destdir) json = {"version":"1.0","sources":repos} if not repos: diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index 4f1d80f050..dbaa0b373a 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -179,3 +179,42 @@ def update_symlinks(target_path, link_path): if os.path.exists(os.path.realpath(link_path)): os.remove(link_path) os.symlink(os.path.basename(target_path), link_path) + + +def convert_cve_version(version): + """ + This function converts from CVE format to Yocto version format. + eg 8.3_p1 -> 8.3p1, 6.2_rc1 -> 6.2-rc1 + + Unless it is redefined using CVE_VERSION in the recipe, + cve_check uses the version in the name of the recipe (${PV}) + to check vulnerabilities against a CVE in the database downloaded from NVD. + + When the version has an update, i.e. + "p1" in OpenSSH 8.3p1, + "-rc1" in linux kernel 6.2-rc1, + the database stores the version as version_update (8.3_p1, 6.2_rc1). + Therefore, we must transform this version before comparing to the + recipe version. + + In this case, the parameter of the function is 8.3_p1. + If the version uses the Release Candidate format, "rc", + this function replaces the '_' by '-'. + If the version uses the Update format, "p", + this function removes the '_' completely. + """ + import re + + matches = re.match('^([0-9.]+)_((p|rc)[0-9]+)$', version) + + if not matches: + return version + + version = matches.group(1) + update = matches.group(2) + + if matches.group(3) == "rc": + return version + '-' + update + + return version + update + diff --git a/poky/meta/lib/oe/gpg_sign.py b/poky/meta/lib/oe/gpg_sign.py index 613dab8561..ede6186c84 100644 --- a/poky/meta/lib/oe/gpg_sign.py +++ b/poky/meta/lib/oe/gpg_sign.py @@ -5,11 +5,12 @@ # """Helper module for GPG signing""" -import os import bb -import subprocess +import os import shlex +import subprocess +import tempfile class LocalSigner(object): """Class for handling local (on the build host) signing""" @@ -73,8 +74,6 @@ class LocalSigner(object): cmd += ['--homedir', self.gpg_path] if armor: cmd += ['--armor'] - if output_suffix: - cmd += ['-o', input_file + "." + output_suffix] if use_sha256: cmd += ['--digest-algo', "SHA256"] @@ -83,19 +82,27 @@ class LocalSigner(object): if self.gpg_version > (2,1,): cmd += ['--pinentry-mode', 'loopback'] - cmd += [input_file] - try: if passphrase_file: with open(passphrase_file) as fobj: passphrase = fobj.readline(); - job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) - (_, stderr) = job.communicate(passphrase.encode("utf-8")) + if not output_suffix: + output_suffix = 'asc' if armor else 'sig' + output_file = input_file + "." + output_suffix + with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir: + tmp_file = os.path.join(tmp_dir, os.path.basename(output_file)) + cmd += ['-o', tmp_file] + + cmd += [input_file] + + job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) + (_, stderr) = job.communicate(passphrase.encode("utf-8")) - if job.returncode: - bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) + if job.returncode: + bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) + os.rename(tmp_file, output_file) except IOError as e: bb.error("IO error (%s): %s" % (e.errno, e.strerror)) raise Exception("Failed to sign '%s'" % input_file) diff --git a/poky/meta/lib/oe/overlayfs.py b/poky/meta/lib/oe/overlayfs.py index 8d7a047125..8b88900f71 100644 --- a/poky/meta/lib/oe/overlayfs.py +++ b/poky/meta/lib/oe/overlayfs.py @@ -40,7 +40,11 @@ def unitFileList(d): bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint) for mountPoint in overlayMountPoints: - for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split(): + mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint) + if not mountPointList: + bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint) + continue + for path in mountPointList.split(): fileList.append(mountUnitName(path)) fileList.append(helperUnitName(path)) diff --git a/poky/meta/lib/oe/package_manager/deb/__init__.py b/poky/meta/lib/oe/package_manager/deb/__init__.py index c672454072..0c23c884c1 100644 --- a/poky/meta/lib/oe/package_manager/deb/__init__.py +++ b/poky/meta/lib/oe/package_manager/deb/__init__.py @@ -82,15 +82,15 @@ class DpkgIndexer(Indexer): return oe.utils.multiprocess_launch(create_index, index_cmds, self.d) - if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': - signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) + if self.d.getVar('PACKAGE_FEED_SIGN') == '1': + signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND')) else: signer = None if signer: for f in index_sign_files: signer.detach_sign(f, - self.d.getVar('PACKAGE_FEED_GPG_NAME', True), - self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True), + self.d.getVar('PACKAGE_FEED_GPG_NAME'), + self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE'), output_suffix="gpg", use_sha256=True) diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py index 04a1810d4f..9ac75c02e3 100644 --- a/poky/meta/lib/oe/reproducible.py +++ b/poky/meta/lib/oe/reproducible.py @@ -115,7 +115,8 @@ def get_source_date_epoch_from_git(d, sourcedir): return None bb.debug(1, "git repository: %s" % gitpath) - p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE) + p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], + check=True, stdout=subprocess.PIPE) return int(p.stdout.decode('utf-8')) def get_source_date_epoch_from_youngest_file(d, sourcedir): diff --git a/poky/meta/lib/oe/rust.py b/poky/meta/lib/oe/rust.py index 1dc9cf150d..185553eeeb 100644 --- a/poky/meta/lib/oe/rust.py +++ b/poky/meta/lib/oe/rust.py @@ -8,4 +8,6 @@ def arch_to_rust_arch(arch): if arch == "ppc64le": return "powerpc64le" + if arch in ('riscv32', 'riscv64'): + return arch + 'gc' return arch diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py index fad10af539..fb4abe8241 100644 --- a/poky/meta/lib/oe/sstatesig.py +++ b/poky/meta/lib/oe/sstatesig.py @@ -32,6 +32,12 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches): depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep) mc, _ = bb.runqueue.split_mc(fn) + # We can skip the rm_work task signature to avoid running the task + # when we remove some tasks from the dependencie chain + # i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work + if task == "do_rm_work": + return False + # Keep all dependencies between SPDX tasks in the signature. SPDX documents # are linked together by hashes, which means if a dependent document changes, # all downstream documents must be re-written (even if they are "safe" @@ -463,11 +469,15 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, multilibcache): pkgarchs.append('allarch') pkgarchs.append('${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}') + searched_manifests = [] + for pkgarch in pkgarchs: manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname)) if os.path.exists(manifest): return manifest, d2 - bb.fatal("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant)) + searched_manifests.append(manifest) + bb.fatal("The sstate manifest for task '%s:%s' (multilib variant '%s') could not be found.\nThe pkgarchs considered were: %s.\nBut none of these manifests exists:\n %s" + % (taskdata, taskname, variant, d2.expand(", ".join(pkgarchs)),"\n ".join(searched_manifests))) return None, d2 def OEOuthashBasic(path, sigfile, task, d): @@ -652,6 +662,10 @@ def OEOuthashBasic(path, sigfile, task, d): if f == 'fixmepath': continue process(os.path.join(root, f)) + + for dir in dirs: + if os.path.islink(os.path.join(root, dir)): + process(os.path.join(root, dir)) finally: os.chdir(prev_dir) diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py index f956a7744f..4ab0cddb43 100644 --- a/poky/meta/lib/oeqa/core/target/ssh.py +++ b/poky/meta/lib/oeqa/core/target/ssh.py @@ -34,6 +34,8 @@ class OESSHTarget(OETarget): self.timeout = timeout self.user = user ssh_options = [ + '-o', 'ServerAliveCountMax=2', + '-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR' @@ -224,27 +226,33 @@ def SSHCall(command, logger, timeout=None, **opts): def run(): nonlocal output nonlocal process + output_raw = b'' starttime = time.time() process = subprocess.Popen(command, **options) if timeout: endtime = starttime + timeout eof = False + os.set_blocking(process.stdout.fileno(), False) while time.time() < endtime and not eof: - logger.debug('time: %s, endtime: %s' % (time.time(), endtime)) try: + logger.debug('Waiting for process output: time: %s, endtime: %s' % (time.time(), endtime)) if select.select([process.stdout], [], [], 5)[0] != []: - reader = codecs.getreader('utf-8')(process.stdout, 'ignore') - data = reader.read(1024, 4096) + # wait a bit for more data, tries to avoid reading single characters + time.sleep(0.2) + data = process.stdout.read() if not data: - process.stdout.close() eof = True else: - output += data - logger.debug('Partial data from SSH call: %s' % data) + output_raw += data + # ignore errors to capture as much as possible + logger.debug('Partial data from SSH call:\n%s' % data.decode('utf-8', errors='ignore')) endtime = time.time() + timeout except InterruptedError: + logger.debug('InterruptedError') continue + process.stdout.close() + # process hasn't returned yet if not eof: process.terminate() @@ -252,16 +260,30 @@ def SSHCall(command, logger, timeout=None, **opts): try: process.kill() except OSError: + logger.debug('OSError when killing process') pass endtime = time.time() - starttime lastline = ("\nProcess killed - no output for %d seconds. Total" " running time: %d seconds." % (timeout, endtime)) - logger.debug('Received data from SSH call %s ' % lastline) + logger.debug('Received data from SSH call:\n%s ' % lastline) output += lastline else: - output = process.communicate()[0].decode('utf-8', errors='ignore') - logger.debug('Data from SSH call: %s' % output.rstrip()) + output_raw = process.communicate()[0] + + output = output_raw.decode('utf-8', errors='ignore') + logger.debug('Data from SSH call:\n%s' % output.rstrip()) + + # timout or not, make sure process exits and is not hanging + if process.returncode == None: + try: + process.wait(timeout=5) + except TimeoutExpired: + try: + process.kill() + except OSError: + logger.debug('OSError') + pass options = { "stdout": subprocess.PIPE, @@ -290,4 +312,5 @@ def SSHCall(command, logger, timeout=None, **opts): process.kill() logger.debug('Something went wrong, killing SSH process') raise - return (process.wait(), output.rstrip()) + + return (process.returncode, output.rstrip()) diff --git a/poky/meta/lib/oeqa/core/utils/concurrencytest.py b/poky/meta/lib/oeqa/core/utils/concurrencytest.py index 383479c959..4f77589b00 100644 --- a/poky/meta/lib/oeqa/core/utils/concurrencytest.py +++ b/poky/meta/lib/oeqa/core/utils/concurrencytest.py @@ -59,6 +59,7 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult): self.outputbuf = output self.finalresult = finalresult self.finalresult.buffer = True + self.target = target def _add_result_with_semaphore(self, method, test, *args, **kwargs): self.semaphore.acquire() @@ -67,13 +68,14 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult): self.result.starttime[test.id()] = self._test_start.timestamp() self.result.threadprogress[self.threadnum].append(test.id()) totalprogress = sum(len(x) for x in self.result.threadprogress.values()) - self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % ( + self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s failed) (%s)" % ( self.threadnum, len(self.result.threadprogress[self.threadnum]), self.totalinprocess, totalprogress, self.totaltests, "{0:.2f}".format(time.time()-self._test_start.timestamp()), + self.target.failed_tests, test.id()) finally: self.semaphore.release() diff --git a/poky/meta/lib/oeqa/runtime/cases/apt.py b/poky/meta/lib/oeqa/runtime/cases/apt.py index 4e09374add..8000645843 100644 --- a/poky/meta/lib/oeqa/runtime/cases/apt.py +++ b/poky/meta/lib/oeqa/runtime/cases/apt.py @@ -39,9 +39,9 @@ class AptRepoTest(AptTest): self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s/all ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server)) def setup_source_config_for_package_install_signed(self): - apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port) + apt_get_source_server = 'http://%s:%s' % (self.tc.target.server_ip, self.repo_server.port) apt_get_sourceslist_dir = '/etc/apt/' - self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server)) + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's|\[trusted=yes\] http://bogus_ip:bogus_port|%s|g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server)) def cleanup_source_config_for_package_install(self): apt_get_sourceslist_dir = '/etc/apt/' diff --git a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py index bd3b46d9ef..3728855d24 100644 --- a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py +++ b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py @@ -29,7 +29,10 @@ class BuildCpioTest(OERuntimeTestCase): @OEHasPackage(['autoconf']) def test_cpio(self): self.project.download_archive() - self.project.run_configure('--disable-maintainer-mode', - 'sed -i -e "/char \*program_name/d" src/global.c;') + self.project.run_configure('--disable-maintainer-mode') + # This sed is needed until + # https://git.savannah.gnu.org/cgit/cpio.git/commit/src/global.c?id=641d3f489cf6238bb916368d4ba0d9325a235afb + # is in a release. + self.project._run(r'sed -i -e "/char \*program_name/d" %s/src/global.c' % self.project.targetdir) self.project.run_make() self.project.run_install() diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py index 410d456bdf..3ccb18ce83 100644 --- a/poky/meta/lib/oeqa/runtime/cases/dnf.py +++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py @@ -147,29 +147,21 @@ class DnfRepoTest(DnfTest): rootpath = '/home/root/chroot/test' #Copy necessary files to avoid errors with not yet installed tools on #installroot directory. - self.target.run('mkdir -p %s/etc' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath), 1500) - self.target.run('ln -sf -r %s/usr/bin %s/bin' % (rootpath, rootpath), 1500) - self.target.run('ln -sf -r %s/usr/sbin %s/sbin' % (rootpath, rootpath), 1500) - self.target.run('mkdir -p %s/dev' % rootpath, 1500) + self.target.run('mkdir -p %s/etc' % rootpath) + self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath)) + self.target.run('ln -sf usr/bin %s/bin' % (rootpath)) + self.target.run('ln -sf usr/sbin %s/sbin' % (rootpath)) + self.target.run('mkdir -p %s/dev' % rootpath) #Handle different architectures lib dirs - self.target.run('mkdir -p %s/usr/lib' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/libx32' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/lib64' % rootpath, 1500) - self.target.run('cp /lib/libtinfo.so.5 %s/usr/lib' % rootpath, 1500) - self.target.run('cp /libx32/libtinfo.so.5 %s/usr/libx32' % rootpath, 1500) - self.target.run('cp /lib64/libtinfo.so.5 %s/usr/lib64' % rootpath, 1500) - self.target.run('ln -sf -r %s/lib %s/usr/lib' % (rootpath,rootpath), 1500) - self.target.run('ln -sf -r %s/libx32 %s/usr/libx32' % (rootpath,rootpath), 1500) - self.target.run('ln -sf -r %s/lib64 %s/usr/lib64' % (rootpath,rootpath), 1500) - self.target.run('cp -r /etc/rpm %s/etc' % rootpath, 1500) - self.target.run('cp -r /etc/dnf %s/etc' % rootpath, 1500) - self.target.run('cp /bin/sh %s/bin' % rootpath, 1500) - self.target.run('mount -o bind /dev %s/dev/' % rootpath, 1500) + self.target.run("for l in /lib*; do mkdir -p %s/usr/$l; ln -s usr/$l %s/$l; done" % (rootpath, rootpath)) + self.target.run('cp -r /etc/rpm %s/etc' % rootpath) + self.target.run('cp -r /etc/dnf %s/etc' % rootpath) + self.target.run('cp /bin/busybox %s/bin/sh' % rootpath) + self.target.run('mount -o bind /dev %s/dev/' % rootpath) self.dnf_with_repo('install --installroot=%s -v -y --rpmverbosity=debug busybox' % rootpath) - status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath, 1500) + status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath) self.assertEqual(0, status, output) - status, output = self.target.run('test -e %s/bin/busybox' % rootpath, 1500) + status, output = self.target.run('test -e %s/bin/busybox' % rootpath) self.assertEqual(0, status, output) @OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache']) diff --git a/poky/meta/lib/oeqa/runtime/cases/ping.py b/poky/meta/lib/oeqa/runtime/cases/ping.py index 967b44175f..f72460e7f3 100644 --- a/poky/meta/lib/oeqa/runtime/cases/ping.py +++ b/poky/meta/lib/oeqa/runtime/cases/ping.py @@ -5,6 +5,7 @@ # from subprocess import Popen, PIPE +from time import sleep from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.oetimeout import OETimeout @@ -16,6 +17,7 @@ class PingTest(OERuntimeTestCase): def test_ping(self): output = '' count = 0 + self.assertNotEqual(len(self.target.ip), 0, msg="No target IP address set") try: while count < 5: cmd = 'ping -c 1 %s' % self.target.ip @@ -25,6 +27,7 @@ class PingTest(OERuntimeTestCase): count += 1 else: count = 0 + sleep(1) except OEQATimeoutError: self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output)) msg = ('Expected 5 consecutive, got %d.\n' diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py index e3cd818b2b..fa86eb0537 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rpm.py +++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py @@ -51,21 +51,20 @@ class RpmBasicTest(OERuntimeTestCase): msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output) self.assertEqual(status, 0, msg=msg) - def check_no_process_for_user(u): - _, output = self.target.run(self.tc.target_cmds['ps']) - if u + ' ' in output: - return False - else: - return True + def wait_for_no_process_for_user(u, timeout = 120): + timeout_at = time.time() + timeout + while time.time() < timeout_at: + _, output = self.target.run(self.tc.target_cmds['ps']) + if u + ' ' not in output: + return + time.sleep(1) + user_pss = [ps for ps in output.split("\n") if u + ' ' in ps] + msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss)) + assertTrue(True, msg=msg) def unset_up_test_user(u): # ensure no test1 process in running - timeout = time.time() + 30 - while time.time() < timeout: - if check_no_process_for_user(u): - break - else: - time.sleep(1) + wait_for_no_process_for_user(u) status, output = self.target.run('userdel -r %s' % u) msg = 'Failed to erase user: %s' % output self.assertTrue(status == 0, msg=msg) diff --git a/poky/meta/lib/oeqa/runtime/cases/rtc.py b/poky/meta/lib/oeqa/runtime/cases/rtc.py index b2159b1134..6e45c5db4f 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rtc.py +++ b/poky/meta/lib/oeqa/runtime/cases/rtc.py @@ -5,6 +5,7 @@ # from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends +from oeqa.core.decorator.data import skipIfFeature from oeqa.runtime.decorator.package import OEHasPackage import re @@ -21,12 +22,14 @@ class RTCTest(OERuntimeTestCase): self.logger.debug('Starting systemd-timesyncd daemon') self.target.run('systemctl enable --now --runtime systemd-timesyncd') + @skipIfFeature('read-only-rootfs', + 'Test does not work with read-only-rootfs in IMAGE_FEATURES') @OETestDepends(['ssh.SSHTest.test_ssh']) @OEHasPackage(['coreutils', 'busybox']) def test_rtc(self): (status, output) = self.target.run('hwclock -r') self.assertEqual(status, 0, msg='Failed to get RTC time, output: %s' % output) - + (status, current_datetime) = self.target.run('date +"%m%d%H%M%Y"') self.assertEqual(status, 0, msg='Failed to get system current date & time, output: %s' % current_datetime) @@ -37,7 +40,6 @@ class RTCTest(OERuntimeTestCase): (status, output) = self.target.run('date %s' % current_datetime) self.assertEqual(status, 0, msg='Failed to reset system date & time, output: %s' % output) - + (status, output) = self.target.run('hwclock -w') self.assertEqual(status, 0, msg='Failed to reset RTC time, output: %s' % output) - diff --git a/poky/meta/lib/oeqa/runtime/cases/systemd.py b/poky/meta/lib/oeqa/runtime/cases/systemd.py index 720b4b517a..37f295492d 100644 --- a/poky/meta/lib/oeqa/runtime/cases/systemd.py +++ b/poky/meta/lib/oeqa/runtime/cases/systemd.py @@ -154,7 +154,7 @@ class SystemdJournalTests(SystemdTest): """ # The expression chain that uniquely identifies the time boot message. - expr_items=['Startup finished', 'kernel', 'userspace','\.$'] + expr_items=['Startup finished', 'kernel', 'userspace', r'\.$'] try: output = self.journalctl(args='-o cat --reverse') except AssertionError: diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py index 8092dd0bae..0c5d1869ab 100644 --- a/poky/meta/lib/oeqa/runtime/context.py +++ b/poky/meta/lib/oeqa/runtime/context.py @@ -67,11 +67,11 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): % self.default_target_type) runtime_group.add_argument('--target-ip', action='store', default=self.default_target_ip, - help="IP address of device under test, default: %s" \ + help="IP address and optionally ssh port (default 22) of device under test, for example '192.168.0.7:22'. Default: %s" \ % self.default_target_ip) runtime_group.add_argument('--server-ip', action='store', default=self.default_target_ip, - help="IP address of device under test, default: %s" \ + help="IP address of the test host from test target machine, default: %s" \ % self.default_server_ip) runtime_group.add_argument('--host-dumper-dir', action='store', diff --git a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py index ee515be188..147ee3e0ee 100644 --- a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py +++ b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py @@ -35,7 +35,7 @@ class EpoxyTest(OESDKTestCase): self.assertTrue(os.path.isdir(dirs["source"])) os.makedirs(dirs["build"]) - log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs)) + log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs)) # Check that Meson thinks we're doing a cross build and not a native self.assertIn("Build type: cross build", log) self._run("ninja -C {build} -v".format(**dirs)) diff --git a/poky/meta/lib/oeqa/sdkext/cases/devtool.py b/poky/meta/lib/oeqa/sdkext/cases/devtool.py index a5c6a76e02..5ffb732556 100644 --- a/poky/meta/lib/oeqa/sdkext/cases/devtool.py +++ b/poky/meta/lib/oeqa/sdkext/cases/devtool.py @@ -112,7 +112,7 @@ class SdkUpdateTest(OESDKExtTestCase): cmd = 'oe-publish-sdk %s %s' % (tcname_new, self.publish_dir) subprocess.check_output(cmd, shell=True) - self.http_service = HTTPService(self.publish_dir) + self.http_service = HTTPService(self.publish_dir, logger=self.logger) self.http_service.start() self.http_url = "http://127.0.0.1:%d" % self.http_service.port diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py index ac47af1990..9534c9775c 100644 --- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py @@ -54,6 +54,25 @@ class CVECheck(OESelftestTestCase): self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") + def test_convert_cve_version(self): + from oe.cve_check import convert_cve_version + + # Default format + self.assertEqual(convert_cve_version("8.3"), "8.3") + self.assertEqual(convert_cve_version(""), "") + + # OpenSSL format version + self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t") + + # OpenSSH format + self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1") + self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22") + + # Linux kernel format + self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8") + self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31") + + def test_recipe_report_json(self): config = """ INHERIT += "cve-check" diff --git a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py index 3c40119282..37f51760fb 100644 --- a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py +++ b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py @@ -12,6 +12,36 @@ from oeqa.utils.commands import bitbake, get_bb_var, runqemu class Debuginfod(OESelftestTestCase): + + def wait_for_debuginfod(self, port): + """ + debuginfod takes time to scan the packages and requesting too early may + result in a test failure if the right packages haven't been scanned yet. + + Request the metrics endpoint periodically and wait for there to be no + busy scanning threads. + + Returns True if debuginfod is ready, False if we timed out + """ + import time, urllib + + # Wait a minute + countdown = 6 + delay = 10 + + while countdown: + time.sleep(delay) + try: + with urllib.request.urlopen("http://localhost:%d/metrics" % port) as f: + lines = f.read().decode("ascii").splitlines() + if "thread_busy{role=\"scan\"} 0" in lines: + return True + except urllib.error.URLError as e: + self.logger.error(e) + countdown -= 1 + return False + + def test_debuginfod(self): self.write_config( """ @@ -25,29 +55,50 @@ CORE_IMAGE_EXTRA_INSTALL += "elfutils" cmd = [ os.path.join(native_sysroot, "usr", "bin", "debuginfod"), "--verbose", + # In-memory database, this is a one-shot test "--database=:memory:", + # Don't use all the host cores + "--concurrency=8", + "--connection-pool=8", + # Disable rescanning, this is a one-shot test + "--rescan-time=0", + "--groom-time=0", get_bb_var("DEPLOY_DIR"), ] - for format in get_bb_var("PACKAGE_CLASSES").split(): - if format == "package_deb": - cmd.append("--scan-deb-dir") - elif format == "package_ipk": - cmd.append("--scan-deb-dir") - elif format == "package_rpm": - cmd.append("--scan-rpm-dir") + + format = get_bb_var("PACKAGE_CLASSES").split()[0] + if format == "package_deb": + cmd.append("--scan-deb-dir") + elif format == "package_ipk": + cmd.append("--scan-deb-dir") + elif format == "package_rpm": + cmd.append("--scan-rpm-dir") + else: + self.fail("Unknown package class %s" % format) + # Find a free port with socketserver.TCPServer(("localhost", 0), None) as s: port = s.server_address[1] cmd.append("--port=%d" % port) try: - debuginfod = subprocess.Popen(cmd) + # Remove DEBUGINFOD_URLS from the environment so we don't try + # looking in the distro debuginfod + env = os.environ.copy() + if "DEBUGINFOD_URLS" in env: + del env["DEBUGINFOD_URLS"] + + self.logger.info(f"Starting server {cmd}") + debuginfod = subprocess.Popen(cmd, env=env) with runqemu("core-image-minimal", runqemuparams="nographic") as qemu: + self.assertTrue(self.wait_for_debuginfod(port)) + cmd = ( "DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/debuginfod" % (qemu.server_ip, port) ) + self.logger.info(f"Starting client {cmd}") status, output = qemu.run_serial(cmd) # This should be more comprehensive self.assertIn("/.cache/debuginfod_client/", output) diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index 142932e12f..877d77d488 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -276,6 +276,7 @@ class DevtoolBase(DevtoolTestCase): cls.sstate_conf = 'SSTATE_DIR = "%s"\n' % cls.devtool_sstate cls.sstate_conf += ('SSTATE_MIRRORS += "file://.* file:///%s/PATH"\n' % cls.original_sstate) + cls.sstate_conf += ('BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"\n') @classmethod def tearDownClass(cls): @@ -954,7 +955,7 @@ class DevtoolUpdateTests(DevtoolBase): def test_devtool_update_recipe_git(self): # Check preconditions - testrecipe = 'mtd-utils' + testrecipe = 'mtd-utils-selftest' bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe) recipefile = bb_vars['FILE'] src_uri = bb_vars['SRC_URI'] @@ -1075,7 +1076,7 @@ class DevtoolUpdateTests(DevtoolBase): def test_devtool_update_recipe_append_git(self): # Check preconditions - testrecipe = 'mtd-utils' + testrecipe = 'mtd-utils-selftest' bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe) recipefile = bb_vars['FILE'] src_uri = bb_vars['SRC_URI'] diff --git a/poky/meta/lib/oeqa/selftest/cases/externalsrc.py b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py new file mode 100644 index 0000000000..1d800dc82c --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py @@ -0,0 +1,44 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +import os +import shutil +import tempfile + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import get_bb_var, runCmd + +class ExternalSrc(OESelftestTestCase): + # test that srctree_hash_files does not crash + # we should be actually checking do_compile[file-checksums] but oeqa currently does not support it + # so we check only that a recipe with externalsrc can be parsed + def test_externalsrc_srctree_hash_files(self): + test_recipe = "git-submodule-test" + git_url = "git://git.yoctoproject.org/git-submodule-test" + externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name + + self.write_config( + """ +INHERIT += "externalsrc" +EXTERNALSRC:pn-%s = "%s" +""" % (test_recipe, externalsrc_dir) + ) + + # test with git without submodules + runCmd('git clone %s %s' % (git_url, externalsrc_dir)) + os.unlink(externalsrc_dir + "/.gitmodules") + open(".gitmodules", 'w').close() # local file .gitmodules in cwd should not affect externalsrc parsing + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") + os.unlink(".gitmodules") + + # test with git with submodules + runCmd('git checkout .gitmodules', cwd=externalsrc_dir) + runCmd('git submodule update --init --recursive', cwd=externalsrc_dir) + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") + + # test without git + shutil.rmtree(os.path.join(externalsrc_dir, ".git")) + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") diff --git a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py index 5897a396d9..2d0b805b90 100644 --- a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py +++ b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py @@ -28,6 +28,7 @@ LIC_FILES_CHKSUM = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" """ % (urllib.parse.quote(lic_path), urllib.parse.quote(lic_path))) result = bitbake(bitbake_cmd) + self.delete_recipeinc('emptytest') # Verify that changing a license file that has an absolute path causes @@ -53,5 +54,6 @@ SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" f.write("data") result = bitbake(bitbake_cmd, ignore_status=True) + self.delete_recipeinc('emptytest') if error_msg not in result.output: raise AssertionError(result.output) diff --git a/poky/meta/lib/oeqa/selftest/cases/locales.py b/poky/meta/lib/oeqa/selftest/cases/locales.py new file mode 100644 index 0000000000..433991abf9 --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/locales.py @@ -0,0 +1,45 @@ +# +# SPDX-License-Identifier: MIT +# + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.core.decorator import OETestTag +from oeqa.utils.commands import bitbake, runqemu + +class LocalesTest(OESelftestTestCase): + + @OETestTag("runqemu") + def test_locales_on(self): + """ + Summary: Test the locales are generated + Expected: 1. Check the locale exist in the locale-archive + 2. Check the locale exist for the glibc + 3. Check the locale can be generated + Product: oe-core + Author: Louis Rannou <lrannou@baylibre.com> + AutomatedBy: Louis Rannou <lrannou@baylibre.com> + """ + + features = [] + features.append('EXTRA_IMAGE_FEATURES = "empty-root-password allow-empty-password allow-root-login"') + features.append('IMAGE_INSTALL:append = " glibc-utils localedef"') + features.append('GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"') + features.append('IMAGE_LINGUAS:append = " en-us fr-fr"') + features.append('ENABLE_BINARY_LOCALE_GENERATION = "1"') + self.write_config("\n".join(features)) + + # Build a core-image-minimal + bitbake('core-image-minimal') + + with runqemu("core-image-minimal", ssh=False, runqemuparams='nographic') as qemu: + cmd = "locale -a" + status, output = qemu.run_serial(cmd) + # output must includes fr_FR or fr_FR.UTF-8 + self.assertEqual(status, 1, msg='locale test command failed: output: %s' % output) + self.assertIn("fr_FR", output, msg='locale -a test failed: output: %s' % output) + + cmd = "localedef --list-archive -v" + status, output = qemu.run_serial(cmd) + # output must includes fr_FR.utf8 + self.assertEqual(status, 1, msg='localedef test command failed: output: %s' % output) + self.assertIn("fr_FR.utf8", output, msg='localedef test failed: output: %s' % output) diff --git a/poky/meta/lib/oeqa/selftest/cases/package.py b/poky/meta/lib/oeqa/selftest/cases/package.py index 2d1b48a15d..cc09a1442d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/package.py +++ b/poky/meta/lib/oeqa/selftest/cases/package.py @@ -89,6 +89,13 @@ class VersionOrdering(OESelftestTestCase): self.assertEqual(status - 100, sort, "%s %s (%d) failed" % (ver1, ver2, sort)) class PackageTests(OESelftestTestCase): + # Verify that a recipe cannot rename a package into an existing one + def test_package_name_conflict(self): + res = bitbake("packagenameconflict", ignore_status=True) + self.assertNotEqual(res.status, 0) + err = "package name already exists" + self.assertTrue(err in res.output) + # Verify that a recipe which sets up hardlink files has those preserved into split packages # Also test file sparseness is preserved def test_preserve_sparse_hardlinks(self): diff --git a/poky/meta/lib/oeqa/selftest/cases/prservice.py b/poky/meta/lib/oeqa/selftest/cases/prservice.py index cb95503c2c..9fe3b80a31 100644 --- a/poky/meta/lib/oeqa/selftest/cases/prservice.py +++ b/poky/meta/lib/oeqa/selftest/cases/prservice.py @@ -77,7 +77,7 @@ class BitbakePrTests(OESelftestTestCase): exported_db_path = os.path.join(self.builddir, 'export.inc') export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True) self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output) - self.assertTrue(os.path.exists(exported_db_path)) + self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output)) if replace_current_db: current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3') diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py index 25b06cdcf0..b193f0f5c8 100644 --- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py @@ -581,7 +581,10 @@ class RecipetoolTests(RecipetoolBase): commonlicdir = get_bb_var('COMMON_LICENSE_DIR') - d = bb.tinfoil.TinfoilDataStoreConnector + class DataConnectorCopy(bb.tinfoil.TinfoilDataStoreConnector): + pass + + d = DataConnectorCopy d.getVar = Mock(return_value=commonlicdir) srctree = tempfile.mkdtemp(prefix='recipetoolqa') diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py index f4dd779842..cd7aa8aafa 100644 --- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py @@ -292,9 +292,13 @@ class ReproducibleTests(OESelftestTestCase): self.copy_file(d.reference, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.reference)])) self.copy_file(d.test, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.test)])) - if result.missing or result.different: - fails.append("The following %s packages are missing or different and not in exclusion list: %s" % - (c, '\n'.join(r.test for r in (result.missing + result.different)))) + if result.different: + fails.append("The following %s packages are different and not in exclusion list:\n%s" % + (c, '\n'.join(r.test for r in (result.different)))) + + if result.missing and len(self.sstate_targets) == 0: + fails.append("The following %s packages are missing and not in exclusion list:\n%s" % + (c, '\n'.join(r.test for r in (result.missing)))) # Clean up empty directories if self.save_results: diff --git a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py index c2e76f1a44..efdfd98af3 100644 --- a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py +++ b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py @@ -71,7 +71,7 @@ class ResultToolTests(OESelftestTestCase): self.assertTrue('target_result1' in results['runtime/mydistro/qemux86/image'], msg="Pair not correct:%s" % results) self.assertTrue('target_result3' in results['runtime/mydistro/qemux86-64/image'], msg="Pair not correct:%s" % results) - def test_regrresion_can_get_regression_result(self): + def test_regression_can_get_regression_result(self): base_result_data = {'result': {'test1': {'status': 'PASSED'}, 'test2': {'status': 'PASSED'}, 'test3': {'status': 'FAILED'}, diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py index c1d277a095..d3eeee3b41 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py +++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py @@ -4,13 +4,13 @@ # SPDX-License-Identifier: MIT # +import os import re -import tempfile import time import oe.types from oeqa.core.decorator import OETestTag from oeqa.selftest.case import OESelftestTestCase -from oeqa.utils.commands import bitbake, runqemu, get_bb_var, runCmd +from oeqa.utils.commands import bitbake, runqemu, get_bb_var @OETestTag("runqemu") class RunqemuTests(OESelftestTestCase): @@ -57,14 +57,16 @@ SYSLINUX_TIMEOUT = "10" cmd = "%s %s ext4" % (self.cmd_common, self.machine) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('rootfs.ext4', f.read(), "Failed: %s" % cmd) + regexp = r'\nROOTFS: .*\.ext4]\n' + self.assertRegex(f.read(), regexp, "Failed to find '%s' in '%s' after running '%s'" % (regexp, qemu.qemurunnerlog, cmd)) def test_boot_machine_iso(self): """Test runqemu machine iso""" cmd = "%s %s iso" % (self.cmd_common, self.machine) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('media=cdrom', f.read(), "Failed: %s" % cmd) + text_in = 'media=cdrom' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_recipe_image(self): """Test runqemu recipe-image""" @@ -79,14 +81,16 @@ SYSLINUX_TIMEOUT = "10" cmd = "%s %s wic.vmdk" % (self.cmd_common, self.recipe) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('format=vmdk', f.read(), "Failed: %s" % cmd) + text_in = 'format=vmdk' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_recipe_image_vdi(self): """Test runqemu recipe-image vdi""" cmd = "%s %s wic.vdi" % (self.cmd_common, self.recipe) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('format=vdi', f.read(), "Failed: %s" % cmd) + text_in = 'format=vdi' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_deploy(self): """Test runqemu deploy_dir_image""" diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py index fe83b248f3..533b5d7453 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -254,7 +254,8 @@ class TestImage(OESelftestTestCase): import subprocess, os distro = oe.lsb.distro_identifier() - if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or distro.startswith('almalinux')): + if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or + distro.startswith('almalinux') or distro.startswith('rocky')): self.skipTest('virgl headless cannot be tested with %s' %(distro)) render_hint = """If /dev/dri/renderD* is absent due to lack of suitable GPU, 'modprobe vgem' will create one suitable for mesa llvmpipe software renderer.""" @@ -265,7 +266,7 @@ class TestImage(OESelftestTestCase): except FileNotFoundError: self.fail("/dev/dri directory does not exist; no render nodes available on this machine. %s" %(render_hint)) try: - dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True) + dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True) except subprocess.CalledProcessError as e: self.fail("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.") qemu_distrofeatures = get_bb_var('DISTRO_FEATURES', 'qemu-system-native') diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index 0a66615fd1..dd13c20402 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -66,6 +66,20 @@ class TinfoilTests(OESelftestTestCase): localdata.setVar('PN', 'hello') self.assertEqual('hello', localdata.getVar('BPN')) + # The config_data API tp parse_recipe_file is used by: + # layerindex-web layerindex/update_layer.py + def test_parse_recipe_custom_data(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + localdata = bb.data.createCopy(tinfoil.config_data) + localdata.setVar("TESTVAR", "testval") + testrecipe = 'mdadm' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) + self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_list_recipes(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py index 78c7a467e2..0e3244a1c5 100644 --- a/poky/meta/lib/oeqa/selftest/context.py +++ b/poky/meta/lib/oeqa/selftest/context.py @@ -86,17 +86,27 @@ class OESelftestTestContext(OETestContext): oe.path.copytree(builddir + "/cache", newbuilddir + "/cache") oe.path.copytree(selftestdir, newselftestdir) + subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) + + # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow + subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True) + + # Relative paths in BBLAYERS only works when the new build dir share the same ascending node + if self.newbuilddir: + bblayers = subprocess.check_output("bitbake-getvar --value BBLAYERS | tail -1", cwd=builddir, shell=True, text=True) + if '..' in bblayers: + bblayers_abspath = [os.path.abspath(path) for path in bblayers.split()] + with open("%s/conf/bblayers.conf" % newbuilddir, "a") as f: + newbblayers = "# new bblayers to be used by selftest in the new build dir '%s'\n" % newbuilddir + newbblayers += 'BBLAYERS = "%s"\n' % ' '.join(bblayers_abspath) + f.write(newbblayers) + for e in os.environ: if builddir + "/" in os.environ[e]: os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/") if os.environ[e].endswith(builddir): os.environ[e] = os.environ[e].replace(builddir, newbuilddir) - subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) - - # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow - subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True) - os.chdir(newbuilddir) def patch_test(t): diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py index 1fdff82889..f5f2ce2f12 100644 --- a/poky/meta/lib/oeqa/targetcontrol.py +++ b/poky/meta/lib/oeqa/targetcontrol.py @@ -7,18 +7,14 @@ # This module is used by testimage.bbclass for setting up and controlling a target machine. import os -import shutil import subprocess import bb -import traceback -import sys import logging from oeqa.utils.sshcontrol import SSHControl from oeqa.utils.qemurunner import QemuRunner from oeqa.utils.qemutinyrunner import QemuTinyRunner from oeqa.utils.dump import TargetDumper from oeqa.utils.dump import MonitorDumper -from oeqa.controllers.testtargetloader import TestTargetLoader from abc import ABCMeta, abstractmethod class BaseTarget(object, metaclass=ABCMeta): @@ -145,7 +141,7 @@ class QemuTarget(BaseTarget): boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")), use_kvm = use_kvm, dump_dir = dump_dir, - dump_host_cmds = d.getVar("testimage_dump_host"), + dump_host_cmds = dump_host_cmds, logger = logger, tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"), serial_ports = len(d.getVar("SERIAL_CONSOLES").split())) @@ -205,7 +201,7 @@ class QemuTarget(BaseTarget): self.server_ip = self.runner.server_ip self.connection = SSHControl(ip=self.ip, logfile=self.sshlog) else: - raise RuntimError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn) + raise RuntimeError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn) def run_serial(self, command, timeout=60): return self.runner.run_serial(command, timeout=timeout) diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py index f733fcdf3c..473aa38d41 100644 --- a/poky/meta/lib/oeqa/utils/commands.py +++ b/poky/meta/lib/oeqa/utils/commands.py @@ -8,11 +8,8 @@ # This module is mainly used by scripts/oe-selftest and modules under meta/oeqa/selftest # It provides a class and methods for running commands on the host in a convienent way for tests. - - import os import sys -import signal import subprocess import threading import time @@ -21,6 +18,7 @@ from oeqa.utils import CommandError from oeqa.utils import ftools import re import contextlib +import errno # Export test doesn't require bb try: import bb @@ -85,7 +83,7 @@ class Command(object): except OSError as ex: # It's not an error when the command does not consume all # of our data. subprocess.communicate() also ignores that. - if ex.errno != EPIPE: + if ex.errno != errno.EPIPE: raise # We write in a separate thread because then we can read diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py index bcee03b576..d420b497f9 100644 --- a/poky/meta/lib/oeqa/utils/dump.py +++ b/poky/meta/lib/oeqa/utils/dump.py @@ -93,37 +93,55 @@ class HostDumper(BaseDumper): self._write_dump(cmd.split()[0], result.output) class TargetDumper(BaseDumper): - """ Class to get dumps from target, it only works with QemuRunner """ + """ Class to get dumps from target, it only works with QemuRunner. + Will give up permanently after 5 errors from running commands over + serial console. This helps to end testing when target is really dead, hanging + or unresponsive. + """ def __init__(self, cmds, parent_dir, runner): super(TargetDumper, self).__init__(cmds, parent_dir) self.runner = runner + self.errors = 0 def dump_target(self, dump_dir=""): + if self.errors >= 5: + print("Too many errors when dumping data from target, assuming it is dead! Will not dump data anymore!") + return if dump_dir: self.dump_dir = dump_dir for cmd in self.cmds: # We can continue with the testing if serial commands fail try: (status, output) = self.runner.run_serial(cmd) + if status == 0: + self.errors = self.errors + 1 self._write_dump(cmd.split()[0], output) except: + self.errors = self.errors + 1 print("Tried to dump info from target but " "serial console failed") print("Failed CMD: %s" % (cmd)) class MonitorDumper(BaseDumper): - """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner """ + """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner + Will stop completely if there are more than 5 errors when dumping monitor data. + This helps to end testing when target is really dead, hanging or unresponsive. + """ def __init__(self, cmds, parent_dir, runner): super(MonitorDumper, self).__init__(cmds, parent_dir) self.runner = runner + self.errors = 0 def dump_monitor(self, dump_dir=""): if self.runner is None: return if dump_dir: self.dump_dir = dump_dir + if self.errors >= 5: + print("Too many errors when dumping data from qemu monitor, assuming it is dead! Will not dump data anymore!") + return for cmd in self.cmds: cmd_name = cmd.split()[0] try: @@ -137,4 +155,5 @@ class MonitorDumper(BaseDumper): output = self.runner.run_monitor(cmd_name) self._write_dump(cmd_name, output) except Exception as e: + self.errors = self.errors + 1 print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e)) diff --git a/poky/meta/lib/oeqa/utils/httpserver.py b/poky/meta/lib/oeqa/utils/httpserver.py index 8ce1dd42f4..5860b0a383 100644 --- a/poky/meta/lib/oeqa/utils/httpserver.py +++ b/poky/meta/lib/oeqa/utils/httpserver.py @@ -40,6 +40,12 @@ class HTTPService(object): self.port = self.server.server_port self.process = multiprocessing.Process(target=self.server.server_start, args=[self.root_dir, self.logger]) + def handle_error(self, request, client_address): + import traceback + exception = traceback.format_exc() + self.logger.warn("Exception when handling %s: %s" % (request, exception)) + self.server.handle_error = handle_error + # The signal handler from testimage.bbclass can cause deadlocks here # if the HTTPServer is terminated before it can restore the standard #signal behaviour diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 6a85f57e49..a455b3b389 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -198,7 +198,7 @@ class QemuRunner: qmp_file = "." + next(tempfile._get_candidate_names()) qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file) qmp_port = self.tmpdir + "/" + qmp_file - # Create a second socket connection for debugging use, + # Create a second socket connection for debugging use, # note this will NOT cause qemu to block waiting for the connection qmp_file2 = "." + next(tempfile._get_candidate_names()) qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2) @@ -346,6 +346,8 @@ class QemuRunner: return False try: + # set timeout value for all QMP calls + self.qmp.settimeout(self.runqemutime) self.qmp.connect() connect_time = time.time() self.logger.info("QMP connected to QEMU at %s and took %s seconds" % @@ -463,6 +465,8 @@ class QemuRunner: socklist.remove(self.server_socket) self.logger.debug("Connection from %s:%s" % addr) else: + # try to avoid reading only a single character at a time + time.sleep(0.1) data = data + sock.recv(1024) if data: bootlog += data @@ -507,7 +511,7 @@ class QemuRunner: (status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True, timeout=120) if re.search(self.boot_patterns['search_login_succeeded'], output): self.logged = True - self.logger.debug("Logged as root in serial console") + self.logger.debug("Logged in as %s in serial console" % self.boot_patterns['send_login_user'].replace("\n", "")) if netconf: # configure guest networking cmd = "ifconfig eth0 %s netmask %s up\n" % (self.ip, self.netmask) @@ -518,7 +522,7 @@ class QemuRunner: self.logger.debug("Couldn't configure guest networking") else: self.logger.warning("Couldn't login into serial console" - " as root using blank password") + " as %s using blank password" % self.boot_patterns['send_login_user'].replace("\n", "")) self.logger.warning("The output:\n%s" % output) except: self.logger.warning("Serial console failed while trying to login") @@ -538,10 +542,13 @@ class QemuRunner: except OSError as e: if e.errno != errno.ESRCH: raise - endtime = time.time() + self.runqemutime - while self.runqemu.poll() is None and time.time() < endtime: - time.sleep(1) - if self.runqemu.poll() is None: + try: + outs, errs = self.runqemu.communicate(timeout = self.runqemutime) + if outs: + self.logger.info("Output from runqemu:\n%s", outs.decode("utf-8")) + if errs: + self.logger.info("Stderr from runqemu:\n%s", errs.decode("utf-8")) + except TimeoutExpired: self.logger.debug("Sending SIGKILL to runqemu") os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL) if not self.runqemu.stdout.closed: @@ -618,6 +625,7 @@ class QemuRunner: def run_monitor(self, command, args=None, timeout=60): if hasattr(self, 'qmp') and self.qmp: + self.qmp.settimeout(timeout) if args is not None: return self.qmp.cmd(command, args) else: @@ -645,6 +653,8 @@ class QemuRunner: except InterruptedError: continue if sread: + # try to avoid reading single character at a time + time.sleep(0.1) answer = self.server_socket.recv(1024) if answer: data += answer.decode('utf-8') diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000000..efa00a3c6c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,115 @@ +From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d09bb38..876b5b6 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8c..0d9603f 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include <grub/symbol.h> + #include <grub/types.h> + #include <grub/video.h> ++#include <grub/safemath.h> + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89b..bb0f826 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + #error gcc 5.1 or newer or clang 3.8 or newer is required + #endif diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch new file mode 100644 index 0000000000..727c509694 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch @@ -0,0 +1,85 @@ +From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang <zhangboyang.id@gmail.com> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] +CVE: CVE-2022-2601 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 876b5b6..0ff5525 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000000..5741e53f42 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -0,0 +1,86 @@ +From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 11:48:58 +0100 +Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex() + +This ports the EFI chainloader to use grub_loader_set_ex() in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader() is executed +more than once before a boot attempt is performed. + +Fixes: CVE-2022-28736 + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28736 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d1602c89b..7557eb269 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + +@@ -64,8 +63,9 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_boot_services_t *b; + grub_efi_status_t status; + grub_efi_uintn_t exit_data_size; +@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_physical_address_t address = 0; + grub_efi_uintn_t pages = 0; + grub_efi_char16_t *cmdline = NULL; ++ grub_efi_handle_t image_handle = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + return 0; + + fail: +@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + + if (image_handle != NULL) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = NULL; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch new file mode 100644 index 0000000000..853efd0486 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch @@ -0,0 +1,95 @@ +From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens <dja@axtens.net> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] +CVE: CVE-2022-3775 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 0ff5525..7b1cbde 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch new file mode 100644 index 0000000000..a2c0530f04 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch @@ -0,0 +1,168 @@ +From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:58:28 +0100 +Subject: [PATCH] commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set() a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API, grub_loader_set_ex(), which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset() before mutating their +global context. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++----- + include/grub/loader.h | 5 +++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e94..61514788e 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *context); ++static grub_err_t (*grub_loader_unload_func) (void *context); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set() fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b20864282..97f231054 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch new file mode 100644 index 0000000000..a43025d425 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch @@ -0,0 +1,129 @@ +From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:02:04 +0100 +Subject: [PATCH] loader/efi/chainloader: Simplify the loader state + +The chainloader command retains the source buffer and device path passed +to LoadImage(), requiring the unload hook passed to grub_loader_set() to +free them. It isn't required to retain this state though - they aren't +required by StartImage() or anything else in the boot hook, so clean them +up before grub_cmd_chainloader() finishes. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 2bd80f4db..d1602c89b 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; + + static grub_err_t + grub_chainloader_unload (void) + { ++ grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ + b = grub_efi_system_table->boot_services; + efi_call_1 (b->unload_image, image_handle); +- efi_call_2 (b->free_pages, address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = NULL, *file_path = NULL; + grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_physical_address_t address = 0; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- + b = grub_efi_system_table->boot_services; + + file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); +@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (file); + grub_device_close (dev); + ++ /* We're finished with the source image buffer and file path now. */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + return 0; + +@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (file) + grub_file_close (file); + ++ grub_free (cmdline); + grub_free (file_path); + + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (image_handle != NULL) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = NULL; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 2545b99b6a..bf7aba6b1c 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -34,6 +34,12 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ + file://loader-efi-chainloader-Simplify-the-loader-state.patch \ + file://commands-boot-Add-API-to-pass-context-to-loader.patch \ + file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" @@ -50,8 +56,8 @@ COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}" # Grub doesn't support hard float toolchain and won't be able to forcefully # disable it on some of the target CPUs. See 'configure.ac' for # supported/unsupported CPUs in hardfp. -COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" -COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" # configure.ac has code to set this automagically from the target tuple # but the OE freeform one (core2-foo-bar-linux) don't work with that. diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc index 5705e5835b..4a8d93f70a 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc @@ -32,7 +32,7 @@ do_savedefconfig() { } do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure - +UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}" do_compile () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk @@ -336,7 +336,7 @@ do_deploy () { if [ -n "${UBOOT_DTB}" ] then - install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/ + install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/ fi } diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9 index 968679ff7f..968679ff7f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch index aa3642acec..aa3642acec 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service index cda56ef015..cda56ef015 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb index 4ab11486bf..55a06eae5f 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb @@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" SECTION = "console/network" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408" DEPENDS = "openssl libcap zlib libuv" @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981" +SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index f07e318897..a8eaba1dd6 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -68,6 +68,8 @@ EXTRA_OECONF = "\ --without-zsh-completion-dir \ " +CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\"" + # bluez5 builds a large number of useful utilities but does not # install them. Specify which ones we want put into ${PN}-noinst-tools. NOINST_TOOLS_READLINE ??= "" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index ab6ffe986c..579fa95df7 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -13,8 +13,13 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ + file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ + file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \ + file://0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch \ file://dhcpcd.service \ file://dhcpcd@.service \ + file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ " SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..6f90c88249 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch @@ -0,0 +1,82 @@ +From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Nov 2022 16:33:18 +0800 +Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd + +systemd's resolvconf implementation ignores the protocol part. +See https://github.com/systemd/systemd/issues/25032. + +When using 'dhcp server + dns server + dhcpcd + systemd', we +get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', +yet systemd's resolvconf treats it as eth0. This will delete the +DNS information set by 'resolvconf -a eth0.dhcp'. + +Fortunately, 20-resolv.conf has the ability to build the resolv.conf +file contents itself. We can just pass the generated contents to +systemd's resolvconf. This way, the DNS information is not incorrectly +deleted. Also, it does not cause behavior regression for dhcpcd +in other cases. + +Upstream-Status: Inappropriate [OE Specific] +This patch has been rejected by dhcpcd upstream. +See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + hooks/20-resolv.conf | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf +index 504a6c53..eb6e5845 100644 +--- a/hooks/20-resolv.conf ++++ b/hooks/20-resolv.conf +@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" + NL=" + " + : ${resolvconf:=resolvconf} ++resolvconf_from_systemd=false + if type "$resolvconf" >/dev/null 2>&1; then + have_resolvconf=true ++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then ++ resolvconf_from_systemd=true ++ fi + else + have_resolvconf=false + fi +@@ -69,8 +73,13 @@ build_resolv_conf() + else + echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" + fi +- if change_file /etc/resolv.conf "$cf"; then +- chmod 644 /etc/resolv.conf ++ if $resolvconf_from_systemd; then ++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" ++ "$resolvconf" -a "$ifname" <"$cf" ++ else ++ if change_file /etc/resolv.conf "$cf"; then ++ chmod 644 /etc/resolv.conf ++ fi + fi + rm -f "$cf" + } +@@ -170,7 +179,7 @@ add_resolv_conf() + for x in ${new_domain_name_servers}; do + conf="${conf}nameserver $x$NL" + done +- if $have_resolvconf; then ++ if $have_resolvconf && ! $resolvconf_from_systemd; then + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" + printf %s "$conf" | "$resolvconf" -a "$ifname" + return $? +@@ -186,7 +195,7 @@ add_resolv_conf() + + remove_resolv_conf() + { +- if $have_resolvconf; then ++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then + "$resolvconf" -d "$ifname" -f + else + if [ -e "$resolv_conf_dir/$ifname" ]; then +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch new file mode 100644 index 0000000000..12998aada4 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch @@ -0,0 +1,46 @@ +From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Fri, 10 Mar 2023 03:48:46 +0000 +Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. + +Error: Transaction test error: + file /usr/share/man/man8/dhcpcd.8 conflicts between attempted + installs of dhcpcd-doc-9.4.1-r0.cortexa57 and + lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon + +The differences between the two files are as follows: +@@ -821,7 +821,7 @@ + If you always use the same options, put them here. + .It Pa /usr/libexec/dhcpcd-run-hooks + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa /usr/lib64/dhcpcd/dev ++.It Pa /usr/lib/dhcpcd/dev + Linux + .Pa /dev + management modules. + +It is just a man file, there is no necessary to manage multiple +versions. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + src/dhcpcd.8.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in +index bc6b3b5..791f2ba 100644 +--- a/src/dhcpcd.8.in ++++ b/src/dhcpcd.8.in +@@ -821,7 +821,7 @@ Configuration file for dhcpcd. + If you always use the same options, put them here. + .It Pa @SCRIPT@ + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa @LIBDIR@/dhcpcd/dev ++.It Pa /usr/<libdir>/dhcpcd/dev + Linux + .Pa /dev + management modules. +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch new file mode 100644 index 0000000000..68ab93416a --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch @@ -0,0 +1,30 @@ +From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Fri, 26 Aug 2022 09:08:36 +0100 +Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc + +Fixes #120 + +Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index b238644b..479a1d82 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_getpid + SECCOMP_ALLOW(__NR_getpid), + #endif ++#ifdef __NR_getrandom ++ SECCOMP_ALLOW(__NR_getrandom), ++#endif + #ifdef __NR_getsockopt + /* For route socket overflow */ + SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET), +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch new file mode 100644 index 0000000000..1c514f9b8c --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch @@ -0,0 +1,34 @@ +From 7a2d9767585ed2c407d4985bd2d81552034fb90a Mon Sep 17 00:00:00 2001 +From: CHEN Xiangyu <xiangyu.chen@aol.com> +Date: Thu, 9 Feb 2023 18:41:52 +0800 +Subject: [PATCH] privsep-linux: fix SECCOMP_AUDIT_ARCH missing ppc64le (#181) + +when dhcpcd running on ppc64le platform, it would be killed by SIGSYS. + +Upstream-Status: Backport [7a2d9767585ed2c407d4985bd2d81552034fb90a] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + src/privsep-linux.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 7372d26b..6a301950 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -232,7 +232,11 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol, struct msghdr *msg) + #elif defined(__or1k__) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_OPENRISC + #elif defined(__powerpc64__) +-# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64 ++# if (BYTE_ORDER == LITTLE_ENDIAN) ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE ++# else ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64 ++# endif + #elif defined(__powerpc__) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC + #elif defined(__riscv) +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch new file mode 100644 index 0000000000..c5d2cba305 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch @@ -0,0 +1,31 @@ +From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Fri, 26 Aug 2022 09:24:50 +0100 +Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well + +Allows newer glibc variants to work apparently. +As reported in #84 and #89. + +Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 479a1d82..6327b1bc 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_nanosleep + SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ + #endif ++#ifdef __NR_newfstatat ++ SECCOMP_ALLOW(__NR_newfstatat), ++#endif + #ifdef __NR_ppoll + SECCOMP_ALLOW(__NR_ppoll), + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch deleted file mode 100644 index 3b07515c7b..0000000000 --- a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch +++ /dev/null @@ -1,54 +0,0 @@ -From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001 -From: Erik Auerswald <auerswal@unix-ag.uni-kl.de> -Date: Sat, 3 Sep 2022 16:58:16 +0200 -Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt - -Fix telnetd crash if the first two bytes of a new connection -are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). - -The problem was reported in: -<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>. - -* NEWS: Mention fix. -* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and -zero slctab[SLC_EL].sptr. - -CVE: CVE-2022-39028 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - telnetd/state.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/telnetd/state.c b/telnetd/state.c -index ffc6cba..c2d760f 100644 ---- a/telnetd/state.c -+++ b/telnetd/state.c -@@ -312,15 +312,21 @@ telrcv (void) - case EC: - case EL: - { -- cc_t ch; -+ cc_t ch = (cc_t) (_POSIX_VDISABLE); - - DEBUG (debug_options, 1, printoption ("td: recv IAC", c)); - ptyflush (); /* half-hearted */ - init_termbuf (); - if (c == EC) -- ch = *slctab[SLC_EC].sptr; -+ { -+ if (slctab[SLC_EC].sptr) -+ ch = *slctab[SLC_EC].sptr; -+ } - else -- ch = *slctab[SLC_EL].sptr; -+ { -+ if (slctab[SLC_EL].sptr) -+ ch = *slctab[SLC_EL].sptr; -+ } - if (ch != (cc_t) (_POSIX_VDISABLE)) - pty_output_byte ((unsigned char) ch); - break; --- -2.37.3 - diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index 2fce84374d..6519331141 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb @@ -10,7 +10,7 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI[sha256sum] = "0b01bb08e29623c4e3b940f233c961451d9af8c5066301add76a52a95d51772c" +SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ file://inetutils-1.8-0003-wchar.patch \ @@ -21,7 +21,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ - file://CVE-2022-39028.patch \ " inherit autotools gettext update-alternatives texinfo diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 78f475a495..451b409c88 100644 --- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -12,7 +12,7 @@ Subject: [PATCH] There are conflict of config files between kea and lib32-kea: Because they are all commented out, replace the expanded libdir path with '$libdir' in the config files to avoid conflict. -Upstream-Status: Pending +Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] Signed-off-by: Kai Kang <kai.kang@windriver.com> --- diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb index 4c1b8eed56..27e79276b5 100644 --- a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb +++ b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d" SRCREV = "0c1fa696aa502eb749c2c4735005f41ba00a27b8" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https" +SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 2cc92b7b47..e802bcee18 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5" -PV = "20220725" +SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f" +PV = "20221107" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb index b63ea2b137..689952e857 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb @@ -52,15 +52,12 @@ SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -PACKAGECONFIG ??= "rng-tools" +PACKAGECONFIG ??= "" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" -# Add RRECOMMENDS to rng-tools for sshd package -PACKAGECONFIG[rng-tools] = "" - EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd @@ -160,10 +157,6 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS:${PN}-sshd:append:class-target = "\ - ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ -" - # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch new file mode 100644 index 0000000000..3b94c48e8d --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch @@ -0,0 +1,225 @@ +From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001 +From: Pauli <pauli@openssl.org> +Date: Wed, 8 Mar 2023 15:28:20 +1100 +Subject: [PATCH] x509: excessive resource use verifying policy constraints + +A security vulnerability has been identified in all supported versions +of OpenSSL related to the verification of X.509 certificate chains +that include policy constraints. Attackers may be able to exploit this +vulnerability by creating a malicious certificate chain that triggers +exponential use of computational resources, leading to a denial-of-service +(DoS) attack on affected systems. + +Fixes CVE-2023-0464 + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/20568) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1] +CVE: CVE-2023-0464 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + crypto/x509/pcy_local.h | 8 +++++++- + crypto/x509/pcy_node.c | 12 +++++++++--- + crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++---------- + 3 files changed, 42 insertions(+), 14 deletions(-) + +diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h +index 18b53cc..cba107c 100644 +--- a/crypto/x509/pcy_local.h ++++ b/crypto/x509/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void ossl_policy_node_free(X509_POLICY_NODE *node); + int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c +index 9d9a7ea..450f95a 100644 +--- a/crypto/x509/pcy_node.c ++++ b/crypto/x509/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c +index fa45da5..f953a05 100644 +--- a/crypto/x509/pcy_tree.c ++++ b/crypto/x509/pcy_tree.c +@@ -14,6 +14,17 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + static void expected_print(BIO *channel, + X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) +@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + if ((data = ossl_policy_data_new(NULL, + OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { ++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { + ossl_policy_data_free(data); + goto bad_tree; + } +@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (ossl_policy_node_match(last, node, data->valid_policy)) { +- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { ++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { + ossl_policy_data_free(data); + return 0; + } +@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + /* Finally add link to anyPolicy */ + if (last->anyPolicy && + ossl_policy_level_add_node(curr, cache->anyPolicy, +- last->anyPolicy, NULL) == NULL) ++ last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; + node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, +- tree); ++ tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = ossl_policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch new file mode 100644 index 0000000000..57fd494464 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch @@ -0,0 +1,56 @@ +From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau <hlandau@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/20587) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb] +CVE: CVE-2023-0465 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + crypto/x509/x509_vfy.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 9384f1d..a0282c3 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) + goto memerr; + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + ++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) ++ cbcalled = 1; + CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, + ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch new file mode 100644 index 0000000000..a16bfe42ca --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch @@ -0,0 +1,50 @@ +From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tomas@openssl.org> +Date: Tue, 21 Mar 2023 16:15:47 +0100 +Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() + +The function was incorrectly documented as enabling policy checking. + +Fixes: CVE-2023-0466 + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Paul Dale <pauli@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/20563) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908] +CVE: CVE-2023-0466 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 75a1677..43c1900 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb index 45fd1de2fd..82f3e18dd7 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb @@ -12,13 +12,16 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2023-0464.patch \ + file://CVE-2023-0465.patch \ + file://CVE-2023-0466.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e" +SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch new file mode 100644 index 0000000000..4325b1d6b0 --- /dev/null +++ b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch @@ -0,0 +1,48 @@ +From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Thu, 4 Aug 2022 12:23:08 +1000 +Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer + +This fixes a potential vulnerability where data is written to spkt.buf +and rpkt.buf without a check on the array index. To fix this, we +check the array index (pkt->cnt) before storing the byte or +incrementing the count. This also means we no longer have a potential +signed integer overflow on the increment of pkt->cnt. + +Fortunately, pppdump is not used in the normal process of setting up a +PPP connection, is not installed setuid-root, and is not invoked +automatically in any scenario that I am aware of. + +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + pppdump/pppdump.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c +index 2b815fc9..b85a8627 100644 +--- a/pppdump/pppdump.c ++++ b/pppdump/pppdump.c +@@ -297,6 +297,10 @@ dumpppp(f) + printf("%s aborted packet:\n ", dir); + q = " "; + } ++ if (pkt->cnt >= sizeof(pkt->buf)) { ++ printf("%s over-long packet truncated:\n ", dir); ++ q = " "; ++ } + nb = pkt->cnt; + p = pkt->buf; + pkt->cnt = 0; +@@ -400,7 +404,8 @@ dumpppp(f) + c ^= 0x20; + pkt->esc = 0; + } +- pkt->buf[pkt->cnt++] = c; ++ if (pkt->cnt < sizeof(pkt->buf)) ++ pkt->buf[pkt->cnt++] = c; + break; + } + } diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb index 700ece61dc..7e3ae43b58 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb @@ -25,6 +25,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://provider \ file://ppp@.service \ file://0001-ppp-fix-build-against-5.15-headers.patch \ + file://CVE-2022-4603.patch \ " SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch @@ -0,0 +1,37 @@ +From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Nov 2022 17:26:30 +0800 +Subject: [PATCH] avoid using -m option for readlink + +Use a more widely used option '-f' instead of '-m' here to +avoid dependency on coreutils. + +Looking at the git history of the resolvconf repo, the '-m' +is deliberately used. And it wants to depend on coreutils. +But in case of OE, the existence of /etc is ensured, and busybox +readlink provides '-f' option, so we can just use '-f'. In this +way, the coreutils dependency is not necessary any more. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + etc/resolvconf/update.d/libc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc +index 1c4f6bc..f75d22c 100755 +--- a/etc/resolvconf/update.d/libc ++++ b/etc/resolvconf/update.d/libc +@@ -57,7 +57,7 @@ fi + report_warning() { echo "$0: Warning: $*" >&2 ; } + + resolv_conf_is_symlinked_to_dynamic_file() { +- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] ++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] + } + + if ! resolv_conf_is_symlinked_to_dynamic_file ; then +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb index 94fd2c1a70..3f1b75d07d 100644 --- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb @@ -9,10 +9,11 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS:${PN} = "bash" +RDEPENDS:${PN} = "bash sed util-linux-flock" SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://99_resolvconf \ + file://0001-avoid-using-m-option-for-readlink.patch \ " SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1" @@ -23,8 +24,6 @@ S = "${WORKDIR}/git" # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" -inherit allarch - do_compile () { : } @@ -39,12 +38,14 @@ do_install () { fi install -d ${D}${base_libdir}/${BPN} install -d ${D}${sysconfdir}/${BPN} + install -d ${D}${nonarch_base_libdir}/${BPN} ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${sysconfdir} ${D}${base_sbindir} install -d ${D}${mandir}/man8 ${D}${docdir}/${P} cp -pPR etc/resolvconf ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir}/ install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} install -d ${D}/${sysconfdir}/network/if-up.d install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf @@ -64,4 +65,4 @@ pkg_postinst:${PN} () { fi } -FILES:${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch deleted file mode 100644 index fbfb0816dd..0000000000 --- a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch +++ /dev/null @@ -1,35 +0,0 @@ -From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Mon, 17 Jan 2022 13:21:32 +0100 -Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK - -AC_TRY_COMPILE won't error out if the function is altogether absent -(e.g. on linux musl C library), the test needs to link all the way. - -Upstream-Status: Submitted [via email to socat@dest-unreach.org] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d4acc9e..973a7f2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror) - # getprotobynumber_r() is not standardized - AC_MSG_CHECKING(for getprotobynumber_r() variant) - AC_CACHE_VAL(sc_cv_getprotobynumber_r, --[AC_TRY_COMPILE([#include <stddef.h> -+[AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);], - [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux], -- [AC_TRY_COMPILE([#include <stddef.h> -+ [AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);], - [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris], -- [AC_TRY_COMPILE([#include <stddef.h> -+ [AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);], - [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX], - diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb index a4a0a8933e..5a379380d1 100644 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb +++ b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb @@ -9,11 +9,9 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ - file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \ - " +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2" -SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007" +SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac" inherit autotools diff --git a/poky/meta/recipes-core/base-files/base-files/hosts b/poky/meta/recipes-core/base-files/base-files/hosts index b94f414d5c..10a5b6c704 100644 --- a/poky/meta/recipes-core/base-files/base-files/hosts +++ b/poky/meta/recipes-core/base-files/base-files/hosts @@ -1,4 +1,4 @@ -127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc index 5f1c473d5e..f5d7c3f9c8 100644 --- a/poky/meta/recipes-core/busybox/busybox.inc +++ b/poky/meta/recipes-core/busybox/busybox.inc @@ -34,6 +34,7 @@ INITSCRIPT_PACKAGES = "${PN}-httpd ${PN}-syslog ${PN}-udhcpd ${PN}-mdev ${PN}-hw INITSCRIPT_NAME:${PN}-httpd = "busybox-httpd" INITSCRIPT_NAME:${PN}-hwclock = "hwclock.sh" +INITSCRIPT_PARAMS:${PN}-hwclock = "start 40 S . stop 20 0 1 6 ." INITSCRIPT_NAME:${PN}-mdev = "mdev" INITSCRIPT_PARAMS:${PN}-mdev = "start 04 S ." INITSCRIPT_NAME:${PN}-syslog = "syslog" @@ -138,19 +139,26 @@ do_configure () { do_prepare_config merge_config.sh -m .config ${@" ".join(find_cfgs(d))} cml1_do_configure + + # Save a copy of .config and autoconf.h. + cp .config .config.orig + cp include/autoconf.h include/autoconf.h.orig } do_compile() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS export KCONFIG_NOTIMESTAMP=1 + # Ensure we start do_compile with the original .config and autoconf.h. + # These files should always have matching timestamps. + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h + if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then + # Guard againt interrupted do_compile: clean temporary files. + rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + # split the .config into two parts, and make two busybox binaries - if [ -e .config.orig ]; then - # Need to guard again an interrupted do_compile - restore any backup - cp .config.orig .config - fi - cp .config .config.orig oe_runmake busybox.cfg.suid oe_runmake busybox.cfg.nosuid @@ -187,15 +195,18 @@ do_compile() { bbfatal "busybox suid binary incorrectly provides /bin/sh" fi - # copy .config.orig back to .config, because the install process may check this file - cp .config.orig .config # cleanup - rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps else oe_runmake busybox_unstripped cp busybox_unstripped busybox oe_runmake busybox.links fi + + # restore original .config and autoconf.h, because the install process + # may check these files + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h } do_install () { diff --git a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch index 354f83a4a5..d76118f85b 100644 --- a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch +++ b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch @@ -21,7 +21,7 @@ index bb42bbe..aa5a2de 100644 /* Arbitrary. Was sb->st_size, but that breaks .gz etc */ size_t len = (64*1024*1024 - 4096); -+ if (strstr(fname, ".debug") == NULL) ++ if (strstr(fname, ".debug") != NULL) + return TRUE; + if (strrstr(fname, ".ko") == NULL) diff --git a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb index 0046b9fda2..a6e18a92cb 100644 --- a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb +++ b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb @@ -6,16 +6,17 @@ SECTION = "base" inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome LICENSE = "AFL-2.1 | GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8" +LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \ + file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8 \ + " SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \ file://run-ptest \ file://tmpdir.patch \ file://dbus-1.init \ -" + " -SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4" +SRC_URI[sha256sum] = "fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b" EXTRA_OECONF = "--disable-xml-docs \ --disable-doxygen-docs \ @@ -182,3 +183,5 @@ do_install:class-nativesdk() { rm -rf ${D}${localstatedir}/run } BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT += "d-bus_project:d-bus" diff --git a/poky/meta/recipes-core/expat/expat_2.4.9.bb b/poky/meta/recipes-core/expat/expat_2.5.0.bb index 9561edd84f..aa8d439d5f 100644 --- a/poky/meta/recipes-core/expat/expat_2.4.9.bb +++ b/poky/meta/recipes-core/expat/expat_2.5.0.bb @@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" -SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a" +SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb index c71c0831c6..bb6ef06162 100644 --- a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb +++ b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb @@ -16,7 +16,6 @@ python __anonymous() { d.setVar("PACKAGES", "${PN} ${PN}-ptest") d.setVar("PROVIDES", "${PN} ${PN}-ptest") - d.setVar("RPROVIDES", "${PN} ${PN}-ptest") bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", "").strip() d.setVar("BBCLASSEXTEND", bbclassextend) @@ -29,6 +28,7 @@ python __anonymous() { RPROVIDES:${PN} = "${PN}" RRECOMMENDS:${PN} = "" RDEPENDS:${PN} = " glibc sed" +RDEPENDS:${PN}-ptest = "${PN}" DEPENDS += "sed" export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/" diff --git a/poky/meta/recipes-core/glibc/glibc.inc b/poky/meta/recipes-core/glibc/glibc.inc index fdd241d973..3b940b8ab2 100644 --- a/poky/meta/recipes-core/glibc/glibc.inc +++ b/poky/meta/recipes-core/glibc/glibc.inc @@ -1,7 +1,9 @@ require glibc-common.inc require glibc-ld.inc -DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers" +DEPENDS = "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}binutils${BUSUFFIX} libgcc-initial linux-libc-headers" +BUSUFFIX= "" +BUSUFFIX:class-nativesdk = "-crosssdk" PROVIDES = "virtual/libc" PROVIDES += "virtual/libintl virtual/libiconv" diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb index 57d4152a39..7096bc94d7 100644 --- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb +++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb @@ -16,7 +16,7 @@ SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=mast file://0001-ifupdown-skip-wrong-test-case.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \ " -SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518" +SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index f3f2bb2da1..37681331bc 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,8 +24,8 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "4f942c272d4417b5b719df25b80a6a6b54669a73" -SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ +SRCREV ?= "1516e498fed8eecdb76c60b2cea1f4c17bce9363" +SRC_URI = "git://git.yoctoproject.org/poky;branch=langdale \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb index aa3ab6e121..7662b8f685 100644 --- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb +++ b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb @@ -18,6 +18,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \ SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683" +EXTRA_OECONF = "--disable-tests" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ " diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb index ec9f9f4fa3..ec9f9f4fa3 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index 39ba2636ff..61b0381076 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \ inherit autotools pkgconfig SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" -SRCREV = "50cf2b6dd4fdf04309445f2eec8de7051d953abf" +SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175" SRCBRANCH ?= "develop" SRC_URI += "file://fix_cflags_handling.patch" diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb index 79dba2f6dc..79dba2f6dc 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch new file mode 100644 index 0000000000..346ec37a9f --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch @@ -0,0 +1,624 @@ +From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: [PATCH] CVE-2022-40303 + +Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0] +CVE: CVE-2022-40303 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + parser.c | 233 +++++++++++++++++++++++++++++-------------------------- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index 1bc3713..0f76577 100644 +--- a/parser.c ++++ b/parser.c +@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + * * + ************************************************************************/ + ++#define XML_MAX_HUGE_LENGTH 1000000000 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +- errmsg = "Name too long use XML_PARSE_HUGE option"; ++ errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3346,7 +3352,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */ + (xmlIsNameChar(ctxt, c) && (c != ':'))) { + if (count++ > XML_PARSER_CHUNK_SIZE) { +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- return(NULL); +- } + count = 0; + GROW; + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + if (c == 0) { +@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3467,7 +3473,10 @@ static const xmlChar * + xmlParseNCName(xmlParserCtxtPtr ctxt) { + const xmlChar *in, *e; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNCName++; +@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { + goto complex; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + const xmlChar *cur = *str; + int len = 0, l; + int c; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseStringName++; +@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + COPY_BUF(l,buffer,len,c); + cur += l; + c = CUR_SCHAR(cur, l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + *str = cur; + return(buffer); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNmToken++; +@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((max > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + COPY_BUF(l,buffer,len,c); + NEXTL(l); + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + return(buffer); +@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + } + if (len == 0) + return(NULL); +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); + return(NULL); + } +@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int c, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlChar stop; + xmlChar *ret = NULL; + const xmlChar *cur = NULL; +@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + GROW; + c = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED, ++ "entity value too long\n"); ++ goto error; ++ } + } + buf[len] = 0; + if (ctxt->instate == XML_PARSER_EOF) +@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + xmlChar *rep = NULL; + size_t len = 0; + size_t buf_size = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + while (((NXT(0) != limit) && /* checked */ + (IS_CHAR(c)) && (c != '<')) && + (ctxt->instate != XML_PARSER_EOF)) { +- /* +- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE +- * special option is given +- */ +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } + if (c == '&') { + in_space = 0; + if (NXT(1) == '#') { +@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } + GROW; + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue length too long\n"); ++ goto mem_error; ++ } + } + if (ctxt->instate == XML_PARSER_EOF) + goto error; +@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } else + NEXT; + +- /* +- * There we potentially risk an overflow, don't allow attribute value of +- * length more than INT_MAX it is a very reasonable assumption ! +- */ +- if (len >= INT_MAX) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } +- + if (attlen != NULL) *attlen = (int) len; + return(buf); + +@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int cur, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar stop; + int state = ctxt->instate; + int count = 0; +@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); +- xmlFree(buf); +- ctxt->instate = (xmlParserInputState) state; +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); ++ xmlFree(buf); ++ ctxt->instate = (xmlParserInputState) state; ++ return(NULL); ++ } + } + buf[len] = 0; + ctxt->instate = (xmlParserInputState) state; +@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar cur; + xmlChar stop; + int count = 0; +@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + if (len + 1 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); +- xmlFree(buf); +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR; + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); ++ xmlFree(buf); ++ return(NULL); ++ } + } + buf[len] = 0; + if (cur != stop) { +@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + int r, rl; + int cur, l; + size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int inputid; + + inputid = ctxt->input->id; +@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + if ((r == '-') && (q == '-')) { + xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL); + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, +- "Comment too big found", NULL); +- xmlFree (buf); +- return; +- } + if (len + 5 >= size) { + xmlChar *new_buf; + size_t new_size; +@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + GROW; + cur = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, ++ "Comment too big found", NULL); ++ xmlFree (buf); ++ return; ++ } + } + buf[len] = 0; + if (cur == 0) { +@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t size = XML_PARSER_BUFFER_SIZE; + size_t len = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlParserInputState state; + const xmlChar *in; + size_t nbchar = 0; +@@ -4966,8 +4983,7 @@ get_more: + buf[len] = 0; + } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, + "Comment too big found", NULL); + xmlFree (buf); +@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t len = 0; + size_t size = XML_PARSER_BUFFER_SIZE; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int cur, l; + const xmlChar *target; + xmlParserInputState state; +@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + return; + } + count = 0; +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + } + COPY_BUF(l,buf,len,cur); + NEXTL(l); +@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + GROW; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, ++ "PI %s too big found", target); ++ xmlFree(buf); ++ ctxt->instate = state; ++ return; ++ } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + buf[len] = 0; + if (cur != '?') { + xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + const xmlChar *in = NULL, *start, *end, *last; + xmlChar *ret = NULL; + int line, col; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + GROW; + in = (xmlChar *) CUR_PTR; +@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + start = in; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + if ((*in++ == 0x20) && (*in == 0x20)) break; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + last = last + delta; + } + end = ctxt->input->end; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); + } + } + } +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + col++; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + } + } + last = in; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + int s, sl; + int cur, l; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + /* Check 2.6.0 was NXT(0) not RAW */ + if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) { +@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED, +- "CData section too big found", NULL); +- xmlFree (buf); +- return; +- } + tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar)); + if (tmp == NULL) { + xmlFree(buf); +@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + } + NEXTL(l); + cur = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED, ++ "CData section too big found\n"); ++ xmlFree(buf); ++ return; ++ } + } + buf[len] = 0; + ctxt->instate = XML_PARSER_CONTENT; +-- +2.25.1 + diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch new file mode 100644 index 0000000000..b24be03315 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch @@ -0,0 +1,106 @@ +From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 31 Aug 2022 22:11:25 +0200 +Subject: [PATCH] CVE-2022-40304 + +Fix dict corruption caused by entity reference cycles + +When an entity reference cycle is detected, the entity content is +cleared by setting its first byte to zero. But the entity content might +be allocated from a dict. In this case, the dict entry becomes corrupted +leading to all kinds of logic errors, including memory errors like +double-frees. + +Stop storing entity content, orig, ExternalID and SystemID in a dict. +These values are unlikely to occur multiple times in a document, so they +shouldn't have been stored in a dict in the first place. + +Thanks to Ned Williamson and Nathan Wachholz working with Google Project +Zero for the report! + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b] +CVE: CVE-2022-40304 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + entities.c | 55 ++++++++++++++++-------------------------------------- + 1 file changed, 16 insertions(+), 39 deletions(-) + +diff --git a/entities.c b/entities.c +index 1a8f86f..ec1b9a7 100644 +--- a/entities.c ++++ b/entities.c +@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity) + if ((entity->children) && (entity->owner == 1) && + (entity == (xmlEntityPtr) entity->children->parent)) + xmlFreeNodeList(entity->children); +- if (dict != NULL) { +- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name))) +- xmlFree((char *) entity->name); +- if ((entity->ExternalID != NULL) && +- (!xmlDictOwns(dict, entity->ExternalID))) +- xmlFree((char *) entity->ExternalID); +- if ((entity->SystemID != NULL) && +- (!xmlDictOwns(dict, entity->SystemID))) +- xmlFree((char *) entity->SystemID); +- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI))) +- xmlFree((char *) entity->URI); +- if ((entity->content != NULL) +- && (!xmlDictOwns(dict, entity->content))) +- xmlFree((char *) entity->content); +- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig))) +- xmlFree((char *) entity->orig); +- } else { +- if (entity->name != NULL) +- xmlFree((char *) entity->name); +- if (entity->ExternalID != NULL) +- xmlFree((char *) entity->ExternalID); +- if (entity->SystemID != NULL) +- xmlFree((char *) entity->SystemID); +- if (entity->URI != NULL) +- xmlFree((char *) entity->URI); +- if (entity->content != NULL) +- xmlFree((char *) entity->content); +- if (entity->orig != NULL) +- xmlFree((char *) entity->orig); +- } ++ if ((entity->name != NULL) && ++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name)))) ++ xmlFree((char *) entity->name); ++ if (entity->ExternalID != NULL) ++ xmlFree((char *) entity->ExternalID); ++ if (entity->SystemID != NULL) ++ xmlFree((char *) entity->SystemID); ++ if (entity->URI != NULL) ++ xmlFree((char *) entity->URI); ++ if (entity->content != NULL) ++ xmlFree((char *) entity->content); ++ if (entity->orig != NULL) ++ xmlFree((char *) entity->orig); + xmlFree(entity); + } + +@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type, + ret->SystemID = xmlStrdup(SystemID); + } else { + ret->name = xmlDictLookup(dict, name, -1); +- if (ExternalID != NULL) +- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1); +- if (SystemID != NULL) +- ret->SystemID = xmlDictLookup(dict, SystemID, -1); ++ ret->ExternalID = xmlStrdup(ExternalID); ++ ret->SystemID = xmlStrdup(SystemID); + } + if (content != NULL) { + ret->length = xmlStrlen(content); +- if ((dict != NULL) && (ret->length < 5)) +- ret->content = (xmlChar *) +- xmlDictLookup(dict, content, ret->length); +- else +- ret->content = xmlStrndup(content, ret->length); ++ ret->content = xmlStrndup(content, ret->length); + } else { + ret->length = 0; + ret->content = NULL; +-- +2.25.1 + diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb index a2ed8d71bc..947f5b18f5 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -13,7 +13,7 @@ DEPENDS = "zlib virtual/libiconv" inherit gnomebase -SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ +SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testtar \ file://libxml-64bit.patch \ file://runtest.patch \ file://run-ptest \ @@ -23,10 +23,12 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://remove-fuzz-from-ptests.patch \ file://libxml-m4-use-pkgconfig.patch \ file://0001-Port-gentest.py-to-Python-3.patch \ + file://CVE-2022-40303.patch \ + file://CVE-2022-40304.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" -SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" +SRC_URI[testtar.sha256sum] = "9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d" BINCONFIG = "${bindir}/xml2-config" diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb index 6b59e4934d..70d740b4e0 100644 --- a/poky/meta/recipes-core/meta/buildtools-tarball.bb +++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb @@ -67,12 +67,17 @@ create_sdk_files:append () { # Generate new (mini) sdk-environment-setup file script=${1:-${SDK_OUTPUT}/${SDKPATH}/environment-setup-${SDK_SYS}} touch $script - echo 'export PATH=${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH' >> $script + echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script fi + echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script + echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script + echo 'unset HOST_PKG_PATH' toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 9b9dbbd75f..e042e67b09 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,6 +21,8 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" # Timeout for blocking socket operations, such as the connection attempt. CVE_SOCKET_TIMEOUT ?= "60" +CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -32,25 +34,15 @@ python do_fetch() { """ import bb.utils import bb.progress - import sqlite3, urllib, urllib.parse, gzip - from datetime import date + import shutil bb.utils.export_proxies(d) - YEAR_START = 2002 - db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) + db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") - cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - - if os.path.exists("{0}-journal".format(db_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_file)) - - if os.path.exists(db_file): - os.remove(db_file) + cleanup_db_download(db_file, db_tmp_file) # The NVD database changes once a day, so no need to update more frequently # Allow the user to force-update @@ -68,9 +60,60 @@ python do_fetch() { pass bb.utils.mkdirhier(db_dir) + if os.path.exists(db_file): + shutil.copy2(db_file, db_tmp_file) + + if update_db_file(db_tmp_file, d) == True: + # Update downloaded correctly, can swap files + shutil.move(db_tmp_file, db_file) + else: + # Update failed, do not modify the database + bb.note("CVE database update failed") + os.remove(db_tmp_file) +} + +do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" + +def cleanup_db_download(db_file, db_tmp_file): + """ + Cleanup the download space from possible failed downloads + """ + + # Clean up the updates done on the main file + # Remove it only if a journal file exists - it means a complete re-download + if os.path.exists("{0}-journal".format(db_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_file)) + + if os.path.exists(db_file): + os.remove(db_file) + + # Clean-up the temporary file downloads, we can remove both journal + # and the temporary database + if os.path.exists("{0}-journal".format(db_tmp_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_tmp_file)) + + if os.path.exists(db_tmp_file): + os.remove(db_tmp_file) + +def update_db_file(db_tmp_file, d): + """ + Update the given database file + """ + import bb.utils, bb.progress + from datetime import date + import urllib, gzip, sqlite3 + + YEAR_START = 2002 + cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) # Connect to database - conn = sqlite3.connect(db_file) + conn = sqlite3.connect(db_tmp_file) initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: @@ -87,8 +130,11 @@ python do_fetch() { response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) - return + bb.warn("Failed to fetch CVE data (%s)" % e) + import socket + result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) + bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) + return False if response: for l in response.read().decode("utf-8").splitlines(): @@ -98,7 +144,7 @@ python do_fetch() { break else: bb.warn("Cannot parse CVE metadata, update failed") - return + return False # Compare with current db last modified date cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) @@ -119,7 +165,7 @@ python do_fetch() { except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) - return + return False else: bb.debug(2, "Already up to date (last modified %s)" % last_modified) # Update success, set the date to cve_check file. @@ -128,11 +174,7 @@ python do_fetch() { conn.commit() conn.close() -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" + return True def initialize_db(conn): with conn: diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 89d9ffab5e..0c3df4fc44 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -10,7 +10,7 @@ tools. The BBAKE_EDK_TOOLS_PATH string is used as a pattern to be replaced with the appropriate location before building. Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> -Upstream-Status: Pending +Upstream-Status: Inappropriate [oe-core cross compile specific] --- OvmfPkg/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index f6141c8af5..2293d7e938 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -6,8 +6,13 @@ Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build using the bitbake native sysroot include and library directories. +Note from Alex: this is not appropriate for upstream submission as +the recipe already does lots of similar in-place fixups elsewhere, so +this patch shold be converted to follow that pattern. We're not going +to fight against how upstream wants to configure the build. + Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> -Upstream-Status: Pending +Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups] --- BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/poky/meta/recipes-core/psplash/files/psplash-start.service b/poky/meta/recipes-core/psplash/files/psplash-start.service index 36c2bb38e0..bec9368427 100644 --- a/poky/meta/recipes-core/psplash/files/psplash-start.service +++ b/poky/meta/recipes-core/psplash/files/psplash-start.service @@ -2,6 +2,7 @@ Description=Start psplash boot splash screen DefaultDependencies=no RequiresMountsFor=/run +ConditionFileIsExecutable=/usr/bin/psplash [Service] Type=notify diff --git a/poky/meta/recipes-core/psplash/files/psplash-systemd.service b/poky/meta/recipes-core/psplash/files/psplash-systemd.service index 082207f232..e93e3deb35 100644 --- a/poky/meta/recipes-core/psplash/files/psplash-systemd.service +++ b/poky/meta/recipes-core/psplash/files/psplash-systemd.service @@ -4,6 +4,7 @@ DefaultDependencies=no After=psplash-start.service Requires=psplash-start.service RequiresMountsFor=/run +ConditionFileIsExecutable=/usr/bin/psplash [Service] ExecStart=/usr/bin/psplash-systemd diff --git a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb index b67706b731..b67706b731 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 71eb93f23a..3bb6b0efe6 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -14,7 +14,7 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "2a674b4b66af1a050a0362b646d2fca90c90112e" +SRCREV = "ae8b249af4acb055f920134f2ac584c4cbc86e3b" SRCBRANCH = "v251-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \ " diff --git a/poky/meta/recipes-core/systemd/systemd_251.4.bb b/poky/meta/recipes-core/systemd/systemd_251.8.bb index 910ea71bf6..991da07368 100644 --- a/poky/meta/recipes-core/systemd/systemd_251.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_251.8.bb @@ -144,7 +144,7 @@ PACKAGECONFIG[hostnamed] = "-Dhostnamed=true,-Dhostnamed=false" PACKAGECONFIG[idn] = "-Didn=true,-Didn=false" PACKAGECONFIG[ima] = "-Dima=true,-Dima=false" # importd requires journal-upload/xz/zlib/bzip2/gcrypt -PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false" +PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0" # Update NAT firewall rules PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables" PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl" @@ -217,7 +217,7 @@ rootlibdir ?= "${base_libdir}" rootlibexecdir = "${rootprefix}/lib" EXTRA_OEMESON += "-Dnobody-user=nobody \ - -Dnobody-group=nobody \ + -Dnobody-group=nogroup \ -Drootlibdir=${rootlibdir} \ -Drootprefix=${rootprefix} \ -Ddefault-locale=C \ @@ -395,11 +395,13 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service" USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ + udev \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ " GROUPADD_PARAM:${PN} = "-r systemd-journal;" +GROUPADD_PARAM:udev = "-r render;-r sgx;" GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" @@ -437,9 +439,9 @@ FILES:${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ ${rootlibexecdir}/systemd/systemd-binfmt \ ${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \ ${systemd_system_unitdir}/systemd-binfmt.service" -RRECOMMENDS:${PN}-binfmt = "kernel-module-binfmt-misc" +RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" -RRECOMMENDS:${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps" +RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ @@ -518,6 +520,8 @@ FILES:${PN}-extra-utils = "\ ${bindir}/systemd-path \ ${bindir}/systemd-run \ ${bindir}/systemd-cat \ + ${bindir}/systemd-creds \ + ${bindir}/systemd-cryptenroll \ ${bindir}/systemd-delta \ ${bindir}/systemd-cgls \ ${bindir}/systemd-cgtop \ diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch deleted file mode 100644 index ad5e59de04..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 30 Mar 2022 11:14:53 -0700 -Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. - -The previous releases of zlib were not sensitive to incorrect CRC -inputs with bits set above the low 32. This commit restores that -behavior, so that applications with such bugs will continue to -operate as before. - -Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2] -Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> ---- - crc32.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crc32.c b/crc32.c -index a1bdce5..451887b 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - /* Compute the CRC up to a word boundary. */ - while (len && ((z_size_t)buf & 7) != 0) { -@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - #ifdef W - -@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) - #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); - #endif /* DYNAMIC_CRC_TABLE */ -- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; -+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); - } - - /* ========================================================================= */ -@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) - uLong crc2; - uLong op; - { -- return multmodp(op, crc1) ^ crc2; -+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff); - } diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index 96ab563121..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,38 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler <fork@madler.net> -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index a0978c5f95..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler <fork@madler.net> -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/poky/meta/recipes-core/zlib/zlib/cc.patch b/poky/meta/recipes-core/zlib/zlib/cc.patch deleted file mode 100644 index 8fb974ded4..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/cc.patch +++ /dev/null @@ -1,27 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04e..3fa3e8618 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch deleted file mode 100644 index 286390665f..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch +++ /dev/null @@ -1,45 +0,0 @@ -Obey LDFLAGS for tests - -Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409] -Signed-off-by: Ross Burton <ross.burton@intel.com> - ---- zlib-1.2.8.orig/Makefile.in -+++ zlib-1.2.8/Makefile.in -@@ -26,7 +26,7 @@ CFLAGS=-O - - SFLAGS=-O - LDFLAGS= --TEST_LDFLAGS=-L. libz.a -+TEST_LDFLAGS=-L. $(LDFLAGS) - LDSHARED=$(CC) - CPP=$(CC) -E - -@@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz. - -@rmdir objs - - example$(EXE): example.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip$(EXE): minigzip.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB) - - examplesh$(EXE): example.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - minigzipsh$(EXE): minigzip.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - example64$(EXE): example64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip64$(EXE): minigzip64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB) - - install-libs: $(LIBS) - -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb index 2491cb941f..ec977a3035 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb @@ -8,17 +8,12 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 # The source tarball needs to be .gz as only the .gz ends up in fossils/ SRC_URI = "https://zlib.net/${BP}.tar.gz \ - file://cc.patch \ - file://ldflags-tests.patch \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://run-ptest \ - file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \ - file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \ - file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" -SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" +SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" # When a new release is made the previous release is moved to fossils/, so add this # to PREMIRRORS so it is also searched automatically. @@ -30,9 +25,12 @@ RDEPENDS:${PN}-ptest += "make" inherit ptest +B = "${WORKDIR}/build" + do_configure() { - LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU + LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU } +do_configure[cleandirs] += "${B}" do_compile() { oe_runmake shared diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb index 4b9f804039..ef85750b84 100644 --- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb +++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -38,8 +38,6 @@ UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/a/apt/" # is considered stable, e.g. 1.0, 1.4, 1.8, 2.2, 2.6, etc. As there is no way # to express 'divisible by 4 plus 2' in regex (that I know of), let's hardcode a few. UPSTREAM_CHECK_REGEX = "[^\d\.](?P<pver>((2\.2)|(2\.6)|(3\.0)|(3\.4)|(3\.8)|(4\.2))(\.\d+)+)\.tar" -# needs be marked as unknown until 2.6 is out -UPSTREAM_VERSION_UNKNOWN = "1" inherit cmake perlnative bash-completion useradd @@ -126,6 +124,7 @@ do_install:append:class-native() { do_install:append:class-nativesdk() { customize_apt_conf_sample + rm -rf ${D}${localstatedir}/log } do_install:append:class-target() { diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc index b040e57037..419571d56c 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc @@ -35,6 +35,7 @@ SRC_URI = "\ file://0014-CVE-2022-38128-1.patch \ file://0014-CVE-2022-38128-2.patch \ file://0014-CVE-2022-38128-3.patch \ + file://0015-CVE-2022-4285.patch \ " S = "${WORKDIR}/git" # Already in 2.39 branch diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch index 4fe5520010..9c825df5ab 100644 --- a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch +++ b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch @@ -65,7 +65,7 @@ index bfa0d54753a..0d61a3209ec 100644 info.path = NULL; info.len = info.alloc = 0; - tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf", -+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf", ++ tmppath = concat (ld_sysconfdir, "/ld.so.conf", (const char *) NULL); if (!ldelf_parse_ld_so_conf (&info, tmppath)) { diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch new file mode 100644 index 0000000000..46ec0b15a3 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch @@ -0,0 +1,37 @@ +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 19 Oct 2022 15:09:12 +0100 +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file + containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. + +Upstream-Status: Backport +[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf.c | 4 +++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch deleted file mode 100644 index 88597cf3a9..0000000000 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b6d1a1ff2de363b1b76c8c70f77ae56a4e4d4b56 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Thu, 5 Sep 2019 18:37:31 +0800 -Subject: [PATCH] bootchart2: support usrmerge - -Upstream-Status: Inappropriate [oe-specific] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 1cc2974..f988904 100644 ---- a/Makefile -+++ b/Makefile -@@ -36,7 +36,7 @@ endif - PY_SITEDIR ?= $(PY_LIBDIR)/site-packages - LIBC_A_PATH = /usr$(LIBDIR) - # Always lib, even on systems that otherwise use lib64 --SYSTEMD_UNIT_DIR = $(EARLY_PREFIX)/lib/systemd/system -+SYSTEMD_UNIT_DIR ?= $(EARLY_PREFIX)/lib/systemd/system - COLLECTOR = \ - collector/collector.o \ - collector/output.o \ -@@ -99,7 +99,7 @@ install-chroot: - install -d $(DESTDIR)$(PKGLIBDIR)/tmpfs - - install-collector: all install-chroot -- install -m 755 -D bootchartd $(DESTDIR)$(EARLY_PREFIX)/sbin/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX) -+ install -m 755 -D bootchartd $(DESTDIR)${BASE_SBINDIR}/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX) - install -m 644 -D bootchartd.conf $(DESTDIR)/etc/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX).conf - install -m 755 -D bootchart-collector $(DESTDIR)$(PKGLIBDIR)/$(PROGRAM_PREFIX)bootchart$(PROGRAM_SUFFIX)-collector - --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index b4d5b7cd9b..297dbfb578 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -93,7 +93,6 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \ file://bootchartd_stop.sh \ file://0001-collector-Allocate-space-on-heap-for-chunks.patch \ - file://0001-bootchart2-support-usrmerge.patch \ file://0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch \ file://0001-Do-not-include-linux-fs.h.patch \ " @@ -120,12 +119,11 @@ UPDATERCPN = "bootchartd-stop-initscript" INITSCRIPT_NAME = "bootchartd_stop.sh" INITSCRIPT_PARAMS = "start 99 2 3 4 5 ." -EXTRA_OEMAKE = 'BASE_SBINDIR="${base_sbindir}"' - do_compile:prepend () { export PY_LIBDIR="${libdir}/${PYTHON_DIR}" export BINDIR="${bindir}" - export LIBDIR="${base_libdir}" + export LIBDIR="/${baselib}" + export EARLY_PREFIX="${root_prefix}" } do_install () { @@ -133,9 +131,8 @@ do_install () { export PY_LIBDIR="${libdir}/${PYTHON_DIR}" export BINDIR="${bindir}" export DESTDIR="${D}" - export LIBDIR="${base_libdir}" - export PKGLIBDIR="${base_libdir}/bootchart" - export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}" + export LIBDIR="/${baselib}" + export EARLY_PREFIX="${root_prefix}" oe_runmake install NO_PYTHON_COMPILE=1 install -d ${D}${sysconfdir}/init.d diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb index 722a486f20..bcc87eb8f2 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb @@ -32,6 +32,7 @@ CMAKE_EXTRACONF = "\ -DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \ -DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \ -DHAVE_SYS_ACL_H=0 \ + -DCURL_LIBRARIES=-lcurl \ " do_configure () { diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index d64afffdc1..1ede8eee61 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -21,7 +21,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \ " -SRC_URI[sha256sum] = "c2b61f7cdecb1576cad25f918a8f42b8685d88a832fd4b62b9e0fa32e915a658" +SRC_URI[sha256sum] = "0d9020f06f3ddf17fb537dc228e1a56c927ee506b486f55fe2dc19f69bf0c8db" UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb index bb7ed83e30..bb7ed83e30 100644 --- a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb +++ b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch new file mode 100644 index 0000000000..a249eaf5a1 --- /dev/null +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch @@ -0,0 +1,27 @@ +From 8defe6aaf91613c3fcb540df65a94cd56d377367 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 13 Jan 2023 13:21:51 -0800 +Subject: [PATCH 1/2] include rpm/rpmstring.h + +Its needed for rasprintf declaration + +Fixes +src/xml_file.c:341:36: error: call to undeclared functi +on 'rasprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] + +Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/340] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/xml_file.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/xml_file.c ++++ b/src/xml_file.c +@@ -19,6 +19,7 @@ + + #include <glib.h> + #include <glib/gstdio.h> ++#include <rpm/rpmstring.h> + #include <assert.h> + #include "xml_file.h" + #include <errno.h> diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb index d309bb895f..053198ca5e 100644 --- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \ file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ + file://0001-include-rpm-rpmstring.h.patch \ " SRCREV = "af14e164a3e4ab9dfaef1212e852b9ecebc326a2" diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch new file mode 100644 index 0000000000..f358081092 --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch @@ -0,0 +1,27 @@ +From c640d9011a8330ebaad501784fb0ee1ce5e7a5ef Mon Sep 17 00:00:00 2001 +From: Rod Smith <rodsmith@rodsbooks.com> +Date: Sat, 16 Apr 2022 09:32:04 -0400 +Subject: [PATCH] Updated guid.cc to deal with minor change in libuuid + +Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/6a8416cbd12d55f882bb751993b94f72d338d96f/] +Signed-off-by: Peter Bergin <peter@berginkonsult.se> +--- + guid.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/guid.cc b/guid.cc +index 1e73ab7..d3e4fd5 100644 +--- a/guid.cc ++++ b/guid.cc +@@ -141,7 +141,7 @@ void GUIDData::Zero(void) { + void GUIDData::Randomize(void) { + int i, uuidGenerated = 0; + +-#ifdef _UUID_UUID_H ++#if defined (_UUID_UUID_H) || defined (_UL_LIBUUID_UUID_H) + uuid_generate(uuidData); + ReverseBytes(&uuidData[0], 4); + ReverseBytes(&uuidData[4], 2); +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb index e473b9cd55..2c093c20ae 100644 --- a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb @@ -9,6 +9,7 @@ DEPENDS = "util-linux" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${PV}/${BP}.tar.gz \ file://0001-gptcurses-correctly-include-curses.h.patch \ + file://0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch \ " SRC_URI[sha256sum] = "dafead2693faeb8e8b97832b23407f6ed5b3219bc1784f482dd855774e2d50c2" diff --git a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc index aac4b49313..03f520b093 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc @@ -9,3 +9,13 @@ SRC_URI = "" do_configure[depends] += "gcc-source-${PV}:do_preconfigure" do_populate_lic[depends] += "gcc-source-${PV}:do_unpack" +do_deploy_source_date_epoch[depends] += "gcc-source-${PV}:do_deploy_source_date_epoch" + +# Copy the SDE from the shared workdir to the recipe workdir +do_deploy_source_date_epoch () { + sde_file=${SDE_FILE} + sde_file=${sde_file#${WORKDIR}/} + mkdir -p ${SDE_DEPLOYDIR} $(dirname ${SDE_FILE}) + cp -p $(dirname ${S})/$sde_file ${SDE_DEPLOYDIR} + cp -p $(dirname ${S})/$sde_file ${SDE_FILE} +} diff --git a/poky/meta/recipes-devtools/gcc/gcc-source.inc b/poky/meta/recipes-devtools/gcc/gcc-source.inc index 224b7778ef..265bcf4bef 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-source.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-source.inc @@ -17,6 +17,13 @@ STAMPCLEAN = "${STAMPS_DIR}/work-shared/gcc-${PV}-*" INHIBIT_DEFAULT_DEPS = "1" DEPENDS = "" PACKAGES = "" +TARGET_ARCH = "allarch" +TARGET_AS_ARCH = "none" +TARGET_CC_ARCH = "none" +TARGET_LD_ARCH = "none" +TARGET_OS = "linux" +baselib = "lib" +PACKAGE_ARCH = "all" B = "${WORKDIR}/build" @@ -25,8 +32,6 @@ python do_preconfigure () { import subprocess cmd = d.expand('cd ${S} && PATH=${PATH} gnu-configize') subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) - # See 0044-gengtypes.patch, we need to regenerate this file - bb.utils.remove(d.expand("${S}/gcc/gengtype-lex.c")) cmd = d.expand("sed -i 's/BUILD_INFO=info/BUILD_INFO=/' ${S}/gcc/configure") subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) diff --git a/poky/meta/recipes-devtools/git/git_2.37.3.bb b/poky/meta/recipes-devtools/git/git_2.37.6.bb index 2eed85e807..302db215e2 100644 --- a/poky/meta/recipes-devtools/git/git_2.37.3.bb +++ b/poky/meta/recipes-devtools/git/git_2.37.6.bb @@ -31,6 +31,10 @@ CVE_PRODUCT = "git-scm:git" # in mirrored git repos. Most OE users wouldn't build the docs and # we don't see this as a major issue for our general users/usecases. CVE_CHECK_IGNORE += "CVE-2022-24975" +# This is specific to Git-for-Windows +CVE_CHECK_IGNORE += "CVE-2022-41953" +# specific to Git for Windows +CVE_CHECK_IGNORE += "CVE-2023-22743" PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" @@ -165,4 +169,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ " EXTRA_OEMAKE += "NO_GETTEXT=1" -SRC_URI[tarball.sha256sum] = "181f65587155ea48c682f63135678ec53055adf1532428752912d356e46b64a8" +SRC_URI[tarball.sha256sum] = "626e4c338f72b170e2b3afb1cb2161f6fbe4fb1d0749154f1ebfb5f0a57ec25f" diff --git a/poky/meta/recipes-devtools/go/go-1.19.inc b/poky/meta/recipes-devtools/go/go-1.19.7.inc index f733a807b4..7d76f34bdf 100644 --- a/poky/meta/recipes-devtools/go/go-1.19.inc +++ b/poky/meta/recipes-devtools/go/go-1.19.7.inc @@ -14,6 +14,5 @@ SRC_URI += "\ file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://filter-build-paths.patch \ - file://stack-protector.patch \ " -SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9" +SRC_URI[main.sha256sum] = "775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb index ca424a66b8..0e2c8f1b24 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb @@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" +# Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "464b6b66591f6cf055bc5df90a9750bf5fbc9d038722bb84a9d56a2bea974be6" -SRC_URI[go_linux_arm64.sha256sum] = "efa97fac9574fc6ef6c9ff3e3758fb85f1439b046573bf434cccb5e012bd00c8" +SRC_URI[go_linux_amd64.sha256sum] = "7a75720c9b066ae1750f6bcc7052aba70fa3813f4223199ee2a2315fd3eb533d" +SRC_URI[go_linux_arm64.sha256sum] = "071ea7bf386fdd08df524859b878d99fc359e491e7ad65c1c1cc55b67972c882" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.19.bb b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk.inc b/poky/meta/recipes-devtools/go/go-crosssdk.inc index cd23cca2fe..766938670a 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk.inc +++ b/poky/meta/recipes-devtools/go/go-crosssdk.inc @@ -4,6 +4,8 @@ DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk virtual/nativesdk-${TA PN = "go-crosssdk-${SDK_SYS}" PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk" +export GOCACHE = "${B}/.cache" + do_configure[noexec] = "1" do_compile() { diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.19.bb b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb index ddf25b2c9b..ddf25b2c9b 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch index 8cbed93017..43be5cd2e8 100644 --- a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch +++ b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch @@ -1,4 +1,4 @@ -From a3db4da51df37d163ff9e8c1e1057280c648c545 Mon Sep 17 00:00:00 2001 +From fb22e586871cc6be0b7041e86d2daceee06ea568 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 28 Mar 2022 10:59:03 -0700 Subject: [PATCH] cmd/go: make content-based hash generation less pedantic @@ -32,13 +32,13 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go -index 529351d..df791b0 100644 +index 81ee859..2db3898 100644 --- a/src/cmd/go/internal/envcmd/env.go +++ b/src/cmd/go/internal/envcmd/env.go @@ -176,7 +176,7 @@ func ExtraEnvVars() []cfg.EnvVar { func ExtraEnvVarsCostly() []cfg.EnvVar { - var b work.Builder - b.Init() + b := work.NewBuilder("") + - cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}) + cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}, false) if err != nil { @@ -74,7 +74,7 @@ index c88b315..a06455c 100644 + cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p, true) - ccExe := b.ccExe() -+ ccExe := filterCompilerFlags(b.ccExe()) ++ ccExe := filterCompilerFlags(b.ccExe(), true) fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags) // Include the C compiler tool ID so that if the C // compiler changes we rebuild the package. @@ -83,7 +83,7 @@ index c88b315..a06455c 100644 } if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 { - cxxExe := b.cxxExe() -+ cxxExe := filterCompilerFlags(b.cxxExe()) ++ cxxExe := filterCompilerFlags(b.cxxExe(), true) fmt.Fprintf(h, "CXX=%q %q\n", cxxExe, cxxflags) if cxxID, err := b.gccToolID(cxxExe[0], "c++"); err == nil { fmt.Fprintf(h, "CXX ID=%q\n", cxxID) @@ -91,7 +91,7 @@ index c88b315..a06455c 100644 } if len(p.FFiles) > 0 { - fcExe := b.fcExe() -+ fcExe := filterCompilerFlags(b.fcExe()) ++ fcExe := filterCompilerFlags(b.fcExe(), true) fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags) if fcID, err := b.gccToolID(fcExe[0], "f95"); err == nil { fmt.Fprintf(h, "FC ID=%q\n", fcID) @@ -104,20 +104,22 @@ index c88b315..a06455c 100644 } // Configuration specific to compiler toolchain. -@@ -2705,8 +2707,23 @@ func envList(key, def string) []string { +@@ -2705,8 +2707,25 @@ func envList(key, def string) []string { return args } +var filterFlags = os.Getenv("CGO_PEDANTIC") == "" + -+func filterCompilerFlags(flags []string) []string { ++func filterCompilerFlags(flags []string, keepfirst bool) []string { + var newflags []string ++ var realkeepfirst bool = keepfirst + if !filterFlags { + return flags + } + for _, flag := range flags { -+ if strings.HasPrefix(flag, "-m") { ++ if strings.HasPrefix(flag, "-m") || realkeepfirst { + newflags = append(newflags, flag) ++ realkeepfirst = false + } + } + return newflags @@ -129,21 +131,21 @@ index c88b315..a06455c 100644 defaults := "-g -O2" if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil { -@@ -2724,6 +2741,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l +@@ -2724,6 +2743,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l if ldflags, err = buildFlags("LDFLAGS", defaults, p.CgoLDFLAGS, checkLinkerFlags); err != nil { return } + if filtered { -+ cppflags = filterCompilerFlags(cppflags) -+ cflags = filterCompilerFlags(cflags) -+ cxxflags = filterCompilerFlags(cxxflags) -+ fflags = filterCompilerFlags(fflags) -+ ldflags = filterCompilerFlags(ldflags) ++ cppflags = filterCompilerFlags(cppflags, false) ++ cflags = filterCompilerFlags(cflags, false) ++ cxxflags = filterCompilerFlags(cxxflags, false) ++ fflags = filterCompilerFlags(fflags, false) ++ ldflags = filterCompilerFlags(ldflags, false) + } return } -@@ -2739,7 +2763,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`) +@@ -2739,7 +2765,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`) func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) { p := a.Package @@ -152,7 +154,7 @@ index c88b315..a06455c 100644 if err != nil { return nil, nil, err } -@@ -3246,7 +3270,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) { +@@ -3246,7 +3272,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) { // Run SWIG on one SWIG input file. func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) { diff --git a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch index a1aa37c2a4..280f911a21 100644 --- a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch +++ b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch @@ -8,7 +8,8 @@ embedded in the go binary so that builds are reproducible regardless of build location. This codepath is hit for statically linked go binaries such as those on mips/ppc. -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/golang/go/pull/56410] + Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- diff --git a/poky/meta/recipes-devtools/go/go/stack-protector.patch b/poky/meta/recipes-devtools/go/go/stack-protector.patch deleted file mode 100644 index cc92a444a7..0000000000 --- a/poky/meta/recipes-devtools/go/go/stack-protector.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c537b87782293fe222f2ef5eb1ae818092118e97 Mon Sep 17 00:00:00 2001 -From: Ian Lance Taylor <iant@golang.org> -Date: Sun, 07 Aug 2022 19:21:15 -0700 -Subject: [PATCH] runtime/cgo: add -fno-stack-protector to CFLAGS - -Some compilers default to having -fstack-protector on, which breaks -when using internal linking because the linker doesn't know how to -find the support functions. - -Fixes #52919 -Fixes #54313 - -Change-Id: I6f51d5e906503f61fc768ad8e30c163bad135087 -Upstream-Status: Submitted [https://github.com/golang/go/issues/54313] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - -diff --git a/src/runtime/cgo/cgo.go b/src/runtime/cgo/cgo.go -index 298aa63..4b7046e 100644 ---- a/src/runtime/cgo/cgo.go -+++ b/src/runtime/cgo/cgo.go -@@ -23,7 +23,9 @@ - #cgo solaris LDFLAGS: -lxnet - #cgo solaris LDFLAGS: -lsocket - --#cgo CFLAGS: -Wall -Werror -+// We use -fno-stack-protector because internal linking won't find -+// the support functions. See issues #52919 and #54313. -+#cgo CFLAGS: -Wall -Werror -fno-stack-protector - - #cgo solaris CPPFLAGS: -D_POSIX_PTHREAD_SEMANTICS - diff --git a/poky/meta/recipes-devtools/go/go_1.19.bb b/poky/meta/recipes-devtools/go/go_1.19.7.bb index 98977673ee..587ee55944 100644 --- a/poky/meta/recipes-devtools/go/go_1.19.bb +++ b/poky/meta/recipes-devtools/go/go_1.19.7.bb @@ -12,7 +12,7 @@ export CXX_FOR_TARGET = "g++" # mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its # variants. python() { - if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): - d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") + if 'mips' in d.getVar('TARGET_ARCH') or 'riscv32' in d.getVar('TARGET_ARCH'): + d.appendVar('INSANE_SKIP:%s' % d.getVar('PN'), " textrel") } diff --git a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb index 62e1f67b55..75931a511f 100644 --- a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb +++ b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb @@ -6,7 +6,7 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464" SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "9e2e0e213a7e0a36244eed6204d902b6504602a578b6ecd15268b1454deadd36" +SRC_URI[sha256sum] = "4d7e4fdef2eca6afe07a2682151cea78781e0a4e8f9622142d9f70c083a2fd4f" inherit autotools diff --git a/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch new file mode 100644 index 0000000000..dd9ebc8af4 --- /dev/null +++ b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch @@ -0,0 +1,66 @@ +From 26a9647c832de15248ee649e5b77075521f3d4f0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 3 Mar 2023 08:37:35 -0800 +Subject: [PATCH] libcomps: Use Py_hash_t instead of long in PyCOMPS_hash() + +This function is used as a hashfunc callback in +_typeobject defined python3.11/cpython/object.h +compilers detect the protype mismatch for function pointers +with clang16+ + +Fixes +libcomps/src/python/src/pycomps_sequence.c:667:5: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (*)(PyObject *)' (aka 'long (*)(struct _object *)') [-Wincompatible-function-pointer-types] + &PyCOMPS_hash, /*tp_hash */ + +Upstream-Status: Submitted [https://github.com/rpm-software-management/libcomps/pull/101] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libcomps/src/python/src/pycomps_hash.c | 4 ++-- + libcomps/src/python/src/pycomps_hash.h | 2 +- + libcomps/src/python/src/pycomps_utils.h | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libcomps/src/python/src/pycomps_hash.c b/libcomps/src/python/src/pycomps_hash.c +index 474afd5..4577769 100644 +--- a/libcomps/src/python/src/pycomps_hash.c ++++ b/libcomps/src/python/src/pycomps_hash.c +@@ -20,9 +20,9 @@ + #include "pycomps_hash.h" + #include "pycomps_utils.h" + +-long PyCOMPS_hash(PyObject *self) { ++Py_hash_t PyCOMPS_hash(PyObject *self) { + char *cstr = NULL; +- long crc; ++ Py_hash_t crc; + + cstr = comps_object_tostr(((PyCompsObject*)self)->c_obj); + crc = crc32(0, cstr, strlen(cstr)); +diff --git a/libcomps/src/python/src/pycomps_hash.h b/libcomps/src/python/src/pycomps_hash.h +index b664cae..54e08d9 100644 +--- a/libcomps/src/python/src/pycomps_hash.h ++++ b/libcomps/src/python/src/pycomps_hash.h +@@ -26,6 +26,6 @@ + #include "pycomps_utils.h" + + +-long PyCOMPS_hash(PyObject *self); ++Py_hash_t PyCOMPS_hash(PyObject *self); + + #endif +diff --git a/libcomps/src/python/src/pycomps_utils.h b/libcomps/src/python/src/pycomps_utils.h +index ba9bc2f..b34e4dc 100644 +--- a/libcomps/src/python/src/pycomps_utils.h ++++ b/libcomps/src/python/src/pycomps_utils.h +@@ -137,7 +137,7 @@ COMPS_Object* __pycomps_bytes_in(PyObject *pobj); + PyObject* __pycomps_str_out(COMPS_Object *obj); + PyObject *str_to_unicode(void* str); + +-long PyCOMPS_hash(PyObject *self); ++Py_hash_t PyCOMPS_hash(PyObject *self); + + PyObject* PyCOMPSSeq_extra_get(PyObject *self, PyObject *key); + +-- +2.39.2 + diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb index fa1fbc8f0d..f8063d9400 100644 --- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb +++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb @@ -5,6 +5,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \ + file://0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch \ file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch deleted file mode 100644 index 6f8a3dcb50..0000000000 --- a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 2f7382b35d59fe08034603497e82ffb943fedef1 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 30 Jun 2021 15:31:16 +0200 -Subject: [PATCH] libdnf/dnf-context.cpp: do not try to access BDB database - -Upstream-Status: Inappropriate [upstream needs to rework this to support -sqlite] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - libdnf/dnf-context.cpp | 14 -------------- - 1 file changed, 14 deletions(-) - -diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp -index 86f71a79..9cdcf769 100644 ---- a/libdnf/dnf-context.cpp -+++ b/libdnf/dnf-context.cpp -@@ -2264,20 +2264,6 @@ dnf_context_setup(DnfContext *context, - !dnf_context_set_os_release(context, error)) - return FALSE; - -- /* setup a file monitor on the rpmdb, if we're operating on the native / */ -- if (g_strcmp0(priv->install_root, "/") == 0) { -- rpmdb_path = g_build_filename(priv->install_root, "var/lib/rpm/Packages", NULL); -- file_rpmdb = g_file_new_for_path(rpmdb_path); -- priv->monitor_rpmdb = g_file_monitor_file(file_rpmdb, -- G_FILE_MONITOR_NONE, -- NULL, -- error); -- if (priv->monitor_rpmdb == NULL) -- return FALSE; -- g_signal_connect(priv->monitor_rpmdb, "changed", -- G_CALLBACK(dnf_context_rpmdb_changed_cb), context); -- } -- - /* copy any vendor distributed cached metadata */ - if (!dnf_context_copy_vendor_cache(context, error)) - return FALSE; diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb index da2550d323..14d6a37de1 100644 --- a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb +++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb @@ -10,10 +10,9 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;p file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \ file://enable_test_data_dir_set.patch \ file://0001-drop-FindPythonInstDir.cmake.patch \ - file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \ " -SRCREV = "5c6d9cd6e5955e7038722f091396607c60fcbdd1" +SRCREV = "93759bc5cac262906e52b6a173d7b157914ec29e" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/llvm/llvm/llvm-config b/poky/meta/recipes-devtools/llvm/llvm/llvm-config index a45f38c650..5e4ded2da5 100644 --- a/poky/meta/recipes-devtools/llvm/llvm/llvm-config +++ b/poky/meta/recipes-devtools/llvm/llvm/llvm-config @@ -29,6 +29,15 @@ for arg in "$@"; do --ldflags) output="${output} ${LDFLAGS}" ;; + --shared-mode) + output="${output} shared" + ;; + --libs) + output="${output} -lLLVM" + ;; + --link-shared) + break + ;; *) remain="${remain} ${arg}" ;; diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb index 0b2e754b31..a39d888ec2 100644 --- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb @@ -57,3 +57,6 @@ do_install_ptest () { } BBCLASSEXTEND = "native nativesdk" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h" diff --git a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch b/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch deleted file mode 100644 index 7aaed8b4a3..0000000000 --- a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 18600f7a1cddf23aeabd188f86e66983f27ccfe3 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Fri, 23 Nov 2018 15:28:28 +0000 -Subject: [PATCH] meson: Disable rpath stripping at install time - -We need to allow our rpaths generated through the compiler flags to make it into -our binaries. Therefore disable the meson manipulations of these unless there -is a specific directive to do something differently in the project. - -RP 2018/11/23 - -Upstream-Status: Submitted [https://github.com/mesonbuild/meson/issues/2567] ---- - mesonbuild/minstall.py | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py -index 7d0da13..17d50db 100644 ---- a/mesonbuild/minstall.py -+++ b/mesonbuild/minstall.py -@@ -718,8 +718,11 @@ class Installer: - if file_copied: - self.did_install_something = True - try: -- self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path, -- install_name_mappings, verbose=False) -+ if install_rpath: -+ self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path, -+ install_name_mappings, verbose=False) -+ else: -+ print("RPATH changes at install time disabled") - except SystemExit as e: - if isinstance(e.code, int) and e.code == 0: - pass --- -2.20.1 - diff --git a/poky/meta/recipes-devtools/meson/meson/meson-wrapper b/poky/meta/recipes-devtools/meson/meson/meson-wrapper index c62007f507..7455985297 100755 --- a/poky/meta/recipes-devtools/meson/meson/meson-wrapper +++ b/poky/meta/recipes-devtools/meson/meson/meson-wrapper @@ -5,7 +5,7 @@ if [ -z "$OECORE_NATIVE_SYSROOT" ]; then fi if [ -z "$SSL_CERT_DIR" ]; then - export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/" + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/" fi # If these are set to a cross-compile path, meson will get confused and try to @@ -13,7 +13,19 @@ fi # config is already in meson.cross. unset CC CXX CPP LD AR NM STRIP +case "$1" in +setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;; +*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;; +esac + +if [ "$MESON_CMD" = "setup" ]; then + MESON_SETUP_OPTS=" \ + --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \ + --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \ + " + echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\" +fi + exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \ - --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \ - --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \ - "$@" + "$@" \ + $MESON_SETUP_OPTS diff --git a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb index 890faacec9..0d13448744 100644 --- a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb +++ b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb @@ -12,13 +12,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/meson-${PV}.tar.gz \ file://meson-setup.py \ file://meson-wrapper \ file://0001-python-module-do-not-manipulate-the-environment-when.patch \ - file://disable-rpath-handling.patch \ file://0001-Make-CPU-family-warnings-fatal.patch \ file://0002-Support-building-allarch-recipes-again.patch \ file://0001-is_debianlike-always-return-False.patch \ file://0001-Check-for-clang-before-guessing-gcc-or-lcc.patch \ " -SRC_URI[sha256sum] = "16222f17ef76be0542c91c07994f9676ae879f46fc21c0c786a21ef2cb518bbf" +SRC_URI[sha256sum] = "519c0932e1a8b208741f0fdce90aa5c0b528dd297cf337009bf63539846ac056" inherit python_setuptools_build_meta github-releases diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb index 943666e529..2d76991d2f 100644 --- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -11,12 +11,10 @@ inherit autotools pkgconfig update-alternatives DEPENDS = "zlib e2fsprogs util-linux" RDEPENDS:mtd-utils-tests += "bash" -PV = "2.1.4" +PV = "2.1.5" -SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c" -SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \ - file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \ - " +SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c" +SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 8f46174a5b..2d42fa531a 100644 --- a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 3a05dc2c0acff1713dd44cef5e9f328f0706eb3e Mon Sep 17 00:00:00 2001 +From c496cad7b7a84e599f521f289648373df9fad80f Mon Sep 17 00:00:00 2001 From: Ed Bartosh <ed.bartosh@linux.intel.com> Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -12,10 +12,10 @@ Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 630f99d..07dbf53 100644 +index 8c5fa83..346048b 100644 --- a/config.c +++ b/config.c -@@ -834,14 +834,6 @@ void read_config(void) +@@ -843,14 +843,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb index 200c7c7681..29e7427a10 100644 --- a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb +++ b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "a22fca42354011dd2293a7f51f228b46ebbd802e7740b0975912afecb79d5df4" +SRC_URI[sha256sum] = "2542152264fb3eff7ed70662abf4f4eef8133bc37d0b7a686c240df2b5f80a13" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch new file mode 100644 index 0000000000..f216950002 --- /dev/null +++ b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch @@ -0,0 +1,34 @@ +From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001 +From: Charlie Johnston <charlie.johnston@ni.com> +Date: Fri, 30 Dec 2022 15:21:14 -0600 +Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls. + +The opkg-key script was always passing the --no-options +flag to gpg, which uses /dev/null as the options file. +As a result, the opkg gpg.conf file was not getting +used. This change removes that flag so that gpg.conf +in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/) +will be used if present. + +Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b] +Signed-off-by: Charlie Johnston <charlie.johnston@ni.com> +--- + utils/opkg-key | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/opkg-key b/utils/opkg-key +index e395a59..8645ebc 100755 +--- a/utils/opkg-key ++++ b/utils/opkg-key +@@ -53,7 +53,7 @@ else + exit 1 + fi + +-GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR" ++GPG="$GPGCMD --homedir $GPGHOMEDIR" + + # Gpg home dir isn't created automatically when --homedir option is used + if [ ! -e "$GPGHOMEDIR" ]; then +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb index 4cd589cd29..712f066f0e 100644 --- a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb +++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb @@ -15,10 +15,11 @@ PE = "1" SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \ file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ + file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "56844722eff237daf14aa6e681436f3245213c5590ed0cda37a79df637ff3a4c" +SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a" # This needs to be before ptest inherit, otherwise all ptest files end packaged # in libopkg package if OPKGLIBDIR == libdir, because default @@ -47,7 +48,9 @@ EXTRA_OECONF:class-native = "--localstatedir=/${@os.path.relpath('${localstatedi do_install:append () { install -d ${D}${sysconfdir}/opkg install -m 0644 ${WORKDIR}/opkg.conf ${D}${sysconfdir}/opkg/opkg.conf - echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option info_dir ${OPKGLIBDIR}/opkg/info" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option status_file ${OPKGLIBDIR}/opkg/status" >>${D}${sysconfdir}/opkg/opkg.conf # We need to create the lock directory install -d ${D}${OPKGLIBDIR}/opkg diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb index 453da89c3d..ab0f371093 100644 --- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb +++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb @@ -20,7 +20,7 @@ SRC_URI = "\ file://pkg-config-native.in \ file://pkg-config-esdk.in \ " -SRC_URI[sha256sum] = "5fb355b487d54fb6d341e4f18d4e2f7e813a6622cf03a9e87affa6a40565699d" +SRC_URI[sha256sum] = "daccf1bbe5a30d149b556c7d2ffffeafd76d7b514e249271abdd501533c1d8ae" inherit autotools diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb index e3774ee621..12acfee777 100644 --- a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb +++ b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb @@ -8,7 +8,7 @@ PYPI_PACKAGE = "Mako" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "3724869b363ba630a272a5f89f68c070352137b8fd1757650017b7e06fda163f" +SRC_URI[sha256sum] = "7fde96466fcfeedb0eed94f187f20b23d85e4cb41444be0e542e2c8c65c396cd" RDEPENDS:${PN} = "${PYTHON_PN}-html \ ${PYTHON_PN}-markupsafe \ diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb index 373f7f35fa..9710242655 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb @@ -26,7 +26,7 @@ RDEPENDS:${PN}:class-target += " \ ${PYTHON_PN}-py \ ${PYTHON_PN}-setuptools \ ${PYTHON_PN}-six \ - ${PYTHON_PN}-toml \ + ${PYTHON_PN}-tomli \ ${PYTHON_PN}-wcwidth \ " diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch new file mode 100644 index 0000000000..20a13da7bc --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch @@ -0,0 +1,31 @@ +From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Mon, 9 Jan 2023 14:45:05 +0000 +Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes + #3659. + +CVE: CVE-2022-40897 + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + setuptools/package_index.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index 270e7f3..e93fcc6 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -197,7 +197,7 @@ def unique_values(func): + return wrapper + + +-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I) ++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I) + # this line is here to fix emacs' cruddy broken syntax highlighting + + +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb index 1a639ea333..d7cbb99c9d 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb @@ -9,7 +9,9 @@ inherit pypi python_setuptools_build_meta SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" SRC_URI += "file://0001-change-shebang-to-python3.patch \ - file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" + file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ + file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \ +" SRC_URI[sha256sum] = "101bf15ca723beef42c8db91a761f3748d4d697e17fae904db60c0b619d8d094" diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py index 1f4c982aed..0ca687d2eb 100644 --- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py +++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py @@ -56,7 +56,7 @@ if debug == True: try: m = importlib.import_module(current_module) # handle python packages which may not include all modules in the __init__ - if os.path.basename(m.__file__) == "__init__.py": + if hasattr(m, '__file__') and os.path.basename(m.__file__) == "__init__.py": modulepath = os.path.dirname(m.__file__) for i in os.listdir(modulepath): if i.startswith("_") or not(i.endswith(".py")): diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb index aa9e499c77..e297586bbb 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5 SRC_URI = "\ file://tunctl.c \ - file://qemu-oe-bridge-helper \ + file://qemu-oe-bridge-helper.c \ " S = "${WORKDIR}" @@ -16,13 +16,13 @@ inherit native do_compile() { ${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl + ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper } do_install() { install -d ${D}${bindir} install tunctl ${D}${bindir}/ - - install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/ + install qemu-oe-bridge-helper ${D}${bindir}/ } DEPENDS += "qemu-system-native" diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper deleted file mode 100755 index f057d4eef0..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/sh -# Copyright 2020 Garmin Ltd. or its subsidiaries -# -# SPDX-License-Identifier: GPL-2.0 -# -# Attempts to find and exec the host qemu-bridge-helper program - -# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it. -if [ -n "$QEMU_BRIDGE_HELPER" ]; then - exec "$QEMU_BRIDGE_HELPER" "$@" -fi - -# Search common paths for the helper program -BN="qemu-bridge-helper" -PATHS="/usr/libexec/ /usr/lib/qemu/" - -for p in $PATHS; do - if [ -e "$p/$BN" ]; then - exec "$p/$BN" "$@" - fi -done - -echo "$BN not found!" > /dev/stderr -exit 1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c new file mode 100644 index 0000000000..9434e1d269 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c @@ -0,0 +1,34 @@ +/* + * Copyright 2022 Garmin Ltd. or its subsidiaries + * + * SPDX-License-Identifier: GPL-2.0 + * + * Attempts to find and exec the host qemu-bridge-helper program + */ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> + +void try_program(char const* path, char** args) { + if (access(path, X_OK) == 0) { + execv(path, args); + } +} + +int main(int argc, char** argv) { + char* var; + + var = getenv("QEMU_BRIDGE_HELPER"); + if (var && var[0] != '\0') { + execvp(var, argv); + return 1; + } + + try_program("/usr/libexec/qemu-bridge-helper", argv); + try_program("/usr/lib/qemu/qemu-bridge-helper", argv); + + fprintf(stderr, "No bridge helper found\n"); + return 1; +} + diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 612abd240a..f3237971ce 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -29,6 +29,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \ file://arm-cpreg-fix.patch \ + file://CVE-2022-3165.patch \ + file://CVE-2022-4144.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" @@ -147,6 +149,7 @@ PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+" PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" +PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," PACKAGECONFIG[uring] = "--enable-linux-io-uring,--disable-linux-io-uring,liburing" @@ -198,6 +201,7 @@ PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma" PACKAGECONFIG[vde] = "--enable-vde,--disable-vde" PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp" PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" +PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack," INSANE_SKIP:${PN} = "arch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch new file mode 100644 index 0000000000..3b4a6694c2 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch @@ -0,0 +1,59 @@ +CVE: CVE-2022-3165 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella <mcascell@redhat.com> +Date: Sun, 25 Sep 2022 22:45:11 +0200 +Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in + vnc_client_cut_text_ext + +Extended ClientCutText messages start with a 4-byte header. If len < 4, +an integer underflow occurs in vnc_client_cut_text_ext. The result is +used to decompress data in a while loop in inflate_buffer, leading to +CPU consumption and denial of service. Prevent this by checking dlen in +protocol_client_msg. + +Fixes: CVE-2022-3165 +Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support") +Reported-by: TangPeng <tangpeng@qianxin.com> +Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> +Message-Id: <20220925204511.1103214-1-mcascell@redhat.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + ui/vnc.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 6a05d06147..acb3629cd8 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + if (len == 1) { + return 8; + } ++ uint32_t dlen = abs(read_s32(data, 4)); + if (len == 8) { +- uint32_t dlen = abs(read_s32(data, 4)); + if (dlen > (1 << 20)) { + error_report("vnc: client_cut_text msg payload has %u bytes" + " which exceeds our limit of 1MB.", dlen); +@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + } + + if (read_s32(data, 4) < 0) { +- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)), +- read_u32(data, 8), data + 12); ++ if (dlen < 4) { ++ error_report("vnc: malformed payload (header less than 4 bytes)" ++ " in extended clipboard pseudo-encoding."); ++ vnc_client_error(vs); ++ break; ++ } ++ vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); + break; + } + vnc_client_cut_text(vs, read_u32(data, 4), data + 8); +-- +GitLab + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch new file mode 100644 index 0000000000..96052a19e8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch @@ -0,0 +1,99 @@ +From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Mon, 28 Nov 2022 21:27:40 +0100 +Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt + (CVE-2022-4144) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Have qxl_get_check_slot_offset() return false if the requested +buffer size does not fit within the slot memory region. + +Similarly qxl_phys2virt() now returns NULL in such case, and +qxl_dirty_one_surface() aborts. + +This avoids buffer overrun in the host pointer returned by +memory_region_get_ram_ptr(). + +Fixes: CVE-2022-4144 (out-of-bounds read) +Reported-by: Wenxu Yin (@awxylitol) +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 + +CVE: CVE-2022-4144 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622] +Comments: Deleted patch hunk in qxl.h,as it contains change +in comments which is not present in current version of qemu + +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> +Message-Id: <20221128202741.4945-5-philmd@linaro.org> +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + hw/display/qxl.c | 27 +++++++++++++++++++++++---- + 1 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index 231d733250..0b21626aad 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) + + /* can be also called from spice server thread context */ + static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, +- uint32_t *s, uint64_t *o) ++ uint32_t *s, uint64_t *o, ++ size_t size_requested) + { + uint64_t phys = le64_to_cpu(pqxl); + uint32_t slot = (phys >> (64 - 8)) & 0xff; + uint64_t offset = phys & 0xffffffffffff; ++ uint64_t size_available; + + if (slot >= NUM_MEMSLOTS) { + qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, +@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + slot, offset, qxl->guest_slots[slot].size); + return false; + } ++ size_available = memory_region_size(qxl->guest_slots[slot].mr); ++ if (qxl->guest_slots[slot].offset + offset >= size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n", ++ slot, qxl->guest_slots[slot].offset + offset, ++ size_available); ++ return false; ++ } ++ size_available -= qxl->guest_slots[slot].offset + offset; ++ if (size_requested > size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" size %zu: " ++ "overrun by %"PRIu64" bytes\n", ++ slot, offset, size_requested, ++ size_requested - size_available); ++ return false; ++ } + + *s = slot; + *o = offset; +@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id, + offset = le64_to_cpu(pqxl) & 0xffffffffffff; + return (void *)(intptr_t)offset; + case MEMSLOT_GROUP_GUEST: +- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { ++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { + return NULL; + } + ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); +@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + uint32_t slot; + bool rc; + +- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); +- assert(rc == true); + size = (uint64_t)height * abs(stride); ++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); ++ assert(rc == true); + trace_qxl_surfaces_dirty(qxl->id, offset, size); + qxl_set_dirty(qxl->guest_slots[slot].mr, + qxl->guest_slots[slot].offset + offset, diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc index 07611e6d85..fce81016d8 100644 --- a/poky/meta/recipes-devtools/quilt/quilt.inc +++ b/poky/meta/recipes-devtools/quilt/quilt.inc @@ -12,6 +12,8 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quilt/quilt-${PV}.tar.gz \ file://Makefile \ file://test.sh \ file://0001-tests-Allow-different-output-from-mv.patch \ + file://fix-grep-3.8.patch \ + file://faildiff-order.patch \ " SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch" diff --git a/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch new file mode 100644 index 0000000000..f22065a250 --- /dev/null +++ b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch @@ -0,0 +1,41 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 4dfe7f9e702c85243a71e4de267a13e434b6d6c2 Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Fri, 20 Jan 2023 12:56:08 +0100 +Subject: [PATCH] test: Fix a race condition + +The test suite does not differentiate between stdout and stderr. When +messages are printed to both, the order in which they will reach us +is apparently not guaranteed. Ideally this would be deterministic, but +until then, explicitly test stdout and stderr separately in the test +case itself. Otherwise the test suite fails randomly, which is a pain +for distribution package maintainers. + +This fixes bug #63651 reported by Ross Burton: +https://savannah.nongnu.org/bugs/index.php?63651 + +Signed-off-by: Jean Delvare <jdelvare@suse.de> +--- + test/faildiff.test | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/faildiff.test b/test/faildiff.test +index 5afb8e3..0444c15 100644 +--- a/test/faildiff.test ++++ b/test/faildiff.test +@@ -27,8 +27,9 @@ What happens on binary files? + > File test.bin added to patch %{P}test.diff + + $ printf "\\003\\000\\001" > test.bin +- $ quilt diff -pab --no-index ++ $ quilt diff -pab --no-index 2>/dev/null + >~ (Files|Binary files) a/test\.bin and b/test\.bin differ ++ $ quilt diff -pab --no-index >/dev/null + > Diff failed on file 'test.bin', aborting + $ echo %{?} + > 1 +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch new file mode 100644 index 0000000000..68a4b4c195 --- /dev/null +++ b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch @@ -0,0 +1,144 @@ +From f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Fri, 9 Sep 2022 10:10:37 +0200 +Subject: Avoid warnings with grep 3.8 + +GNU grep version 3.8 became more strict about needless quoting in +patterns. We have one occurrence of that in quilt, where "/" +characters are being quoted by default. There are cases where they +indeed need to be quoted (typically when used in a sed s/// command) +but most of the time they do not, and this results in the following +warning: + +grep: warning: stray \ before / + +So rename quote_bre() to quote_sed_re(), and introduce +quote_grep_re() which does not quote "/". + +Signed-off-by: Jean Delvare <jdelvare@suse.de> +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + quilt/diff.in | 2 +- + quilt/patches.in | 2 +- + quilt/scripts/patchfns.in | 20 +++++++++++++------- + quilt/upgrade.in | 4 ++-- + 4 files changed, 17 insertions(+), 11 deletions(-) + +diff --git a/quilt/diff.in b/quilt/diff.in +index e90dc33..07788ff 100644 +--- a/quilt/diff.in ++++ b/quilt/diff.in +@@ -255,7 +255,7 @@ then + # Add all files in the snapshot into the file list (they may all + # have changed). + files=( $(find $QUILT_PC/$snap_subdir -type f \ +- | sed -e "s/^$(quote_bre $QUILT_PC/$snap_subdir/)//" \ ++ | sed -e "s/^$(quote_sed_re $QUILT_PC/$snap_subdir/)//" \ + | sort) ) + printf "%s\n" "${files[@]}" >&4 + unset files +diff --git a/quilt/patches.in b/quilt/patches.in +index bb17a46..eac45a9 100644 +--- a/quilt/patches.in ++++ b/quilt/patches.in +@@ -60,7 +60,7 @@ scan_unapplied() + # Quote each file name only once + for file in "${opt_files[@]}" + do +- files_bre[${#files_bre[@]}]=$(quote_bre "$file") ++ files_bre[${#files_bre[@]}]=$(quote_grep_re "$file") + done + + # "Or" all files in a single pattern +diff --git a/quilt/scripts/patchfns.in b/quilt/scripts/patchfns.in +index c2d5f9d..1bd7233 100644 +--- a/quilt/scripts/patchfns.in ++++ b/quilt/scripts/patchfns.in +@@ -78,8 +78,14 @@ array_join() + done + } + +-# Quote a string for use in a basic regular expression. +-quote_bre() ++# Quote a string for use in a regular expression for a grep pattern. ++quote_grep_re() ++{ ++ echo "$1" | sed -e 's:\([][^$.*\\]\):\\\1:g' ++} ++ ++# Quote a string for use in a regular expression for a sed s/// command. ++quote_sed_re() + { + echo "$1" | sed -e 's:\([][^$/.*\\]\):\\\1:g' + } +@@ -215,7 +221,7 @@ patch_in_series() + + if [ -e "$SERIES" ] + then +- grep -q "^$(quote_bre $patch)\([ \t]\|$\)" "$SERIES" ++ grep -q "^$(quote_grep_re $patch)\([ \t]\|$\)" "$SERIES" + else + return 1 + fi +@@ -365,7 +371,7 @@ is_applied() + { + local patch=$1 + [ -e $DB ] || return 1 +- grep -q "^$(quote_bre $patch)\$" $DB ++ grep -q "^$(quote_grep_re $patch)\$" $DB + } + + applied_patches() +@@ -465,7 +471,7 @@ remove_from_db() + local tmpfile + if tmpfile=$(gen_tempfile) + then +- grep -v "^$(quote_bre $patch)\$" $DB > $tmpfile ++ grep -v "^$(quote_grep_re $patch)\$" $DB > $tmpfile + cat $tmpfile > $DB + rm -f $tmpfile + [ -s $DB ] || rm -f $DB +@@ -520,7 +526,7 @@ find_patch() + fi + + local patch=${1#$SUBDIR_DOWN$QUILT_PATCHES/} +- local bre=$(quote_bre "$patch") ++ local bre=$(quote_sed_re "$patch") + set -- $(sed -e "/^$bre\(\|\.patch\|\.diff\?\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.lz\)\([ "$'\t'"]\|$\)/!d" \ + -e 's/[ '$'\t''].*//' "$SERIES") + if [ $# -eq 1 ] +@@ -631,7 +637,7 @@ files_in_patch() + then + find "$path" -type f \ + -a ! -path "$(quote_glob "$path")/.timestamp" | +- sed -e "s/$(quote_bre "$path")\///" ++ sed -e "s/$(quote_sed_re "$path")\///" + fi + } + +diff --git a/quilt/upgrade.in b/quilt/upgrade.in +index dbf7d05..866aa33 100644 +--- a/quilt/upgrade.in ++++ b/quilt/upgrade.in +@@ -74,7 +74,7 @@ printf $"Converting meta-data to version %s\n" "$DB_VERSION" + + for patch in $(applied_patches) + do +- proper_name="$(grep "^$(quote_bre $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)" ++ proper_name="$(grep "^$(quote_grep_re $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)" + proper_name=${proper_name#$QUILT_PATCHES/} + proper_name=${proper_name%% *} + if [ -z "$proper_name" ] +@@ -84,7 +84,7 @@ do + fi + + if [ "$patch" != "$proper_name" -a -d $QUILT_PC/$patch ] \ +- && grep -q "^$(quote_bre $patch)\$" \ ++ && grep -q "^$(quote_grep_re $patch)\$" \ + $QUILT_PC/applied-patches + then + mv $QUILT_PC/$patch $QUILT_PC/$proper_name \ +-- +cgit v1.1 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch new file mode 100644 index 0000000000..d0e637191a --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch @@ -0,0 +1,35 @@ +From 6ef189c45b763aedac5ef57ed6a5fc125fa95b41 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 3 Mar 2023 09:54:48 -0800 +Subject: [PATCH] python: Use Py_hash_t instead of long in hdr_hash + +Fixes +python/header-py.c:744:2: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (PyObject *)' (aka 'long (struct _object *)') [-Wincompatible-function-pointer-types] +| hdr_hash, /* tp_hash */ +| ^~~~~~~~ + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2409] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + python/header-py.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/header-py.c b/python/header-py.c +index 0aed0c9267..c15503f359 100644 +--- a/python/header-py.c ++++ b/python/header-py.c +@@ -316,9 +316,9 @@ static PyObject * hdr_dsOfHeader(PyObject * s) + "(Oi)", s, RPMTAG_NEVR); + } + +-static long hdr_hash(PyObject * h) ++static Py_hash_t hdr_hash(PyObject * h) + { +- return (long) h; ++ return (Py_hash_t) h; + } + + static PyObject * hdr_reduce(hdrObject *s) +-- +2.39.2 + diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb index 5f3986d8a3..db83a8c099 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb @@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ file://fifofix.patch \ + file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \ " PE = "1" diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc deleted file mode 100644 index ebff5efd1f..0000000000 --- a/poky/meta/recipes-devtools/ruby/ruby.inc +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "An interpreter of object-oriented scripting language" -DESCRIPTION = "Ruby is an interpreted scripting language for quick \ -and easy object-oriented programming. It has many features to process \ -text files and to do system management tasks (as in Perl). \ -It is simple, straight-forward, and extensible. \ -" -HOMEPAGE = "http://www.ruby-lang.org/" -SECTION = "devel/ruby" -LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \ - file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \ - file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \ - " - -DEPENDS = "zlib openssl libyaml gdbm readline libffi" -DEPENDS:append:class-target = " ruby-native" - -SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" -SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ - file://0001-extmk-fix-cross-compilation-of-external-gems.patch \ - file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ - " -UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" - -inherit autotools ptest pkgconfig - - -# This snippet lets compiled extensions which rely on external libraries, -# such as zlib, compile properly. If we don't do this, then when extmk.rb -# runs, it uses the native libraries instead of the target libraries, and so -# none of the linking operations succeed -- which makes extconf.rb think -# that the libraries aren't available and hence that the extension can't be -# built. - -do_configure:prepend() { - sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk - rm -rf ${S}/ruby/ -} diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch deleted file mode 100644 index 5d0f8fcc09..0000000000 --- a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001 -From: Alan Wu <XrXr@users.noreply.github.com> -Date: Thu, 31 Mar 2022 17:26:28 -0400 -Subject: [PATCH] Remove dependency on libcapstone - -We have received reports of build failures due to this configuration -check modifying compile flags. Since only YJIT devs use this library -we can remove it to make Ruby easier to build for users. - -See: https://github.com/rbenv/ruby-build/discussions/1933 - -Upstream-Status: Backport ---- - configure.ac | 9 --------- - 1 file changed, 9 deletions(-) - -Index: ruby-3.1.2/configure.ac -=================================================================== ---- ruby-3.1.2.orig/configure.ac -+++ ruby-3.1.2/configure.ac -@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki - AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX - AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris - --if pkg-config --exists capstone; then -- CAPSTONE_CFLAGS=`pkg-config --cflags capstone` -- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone` -- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L" -- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS" --fi -- --AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT -- - dnl Checks for header files. - AC_HEADER_DIRENT - dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 387bfa9b44..c8454da3a9 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -1,8 +1,25 @@ -require ruby.inc - -DEPENDS:append:libc-musl = " libucontext" - -SRC_URI += " \ +SUMMARY = "An interpreter of object-oriented scripting language" +DESCRIPTION = "Ruby is an interpreted scripting language for quick \ +and easy object-oriented programming. It has many features to process \ +text files and to do system management tasks (as in Perl). \ +It is simple, straight-forward, and extensible. \ +" +HOMEPAGE = "http://www.ruby-lang.org/" +SECTION = "devel/ruby" +LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \ + file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \ + file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \ + " + +DEPENDS = "zlib openssl libyaml gdbm readline libffi" +DEPENDS:append:class-target = " ruby-native" + +SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" +SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ + file://0001-extmk-fix-cross-compilation-of-external-gems.patch \ + file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ file://remove_has_include_macros.patch \ file://run-ptest \ file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ @@ -12,10 +29,27 @@ SRC_URI += " \ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ - file://0001-Remove-dependency-on-libcapstone.patch \ " +UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" + +inherit autotools ptest pkgconfig + + +# This snippet lets compiled extensions which rely on external libraries, +# such as zlib, compile properly. If we don't do this, then when extmk.rb +# runs, it uses the native libraries instead of the target libraries, and so +# none of the linking operations succeed -- which makes extconf.rb think +# that the libraries aren't available and hence that the extension can't be +# built. + +do_configure:prepend() { + sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk + rm -rf ${S}/ruby/ +} + +DEPENDS:append:libc-musl = " libucontext" -SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" +SRC_URI[sha256sum] = "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service index 7f72f3388a..b6b81d5c1a 100644 --- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service +++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service @@ -1,7 +1,7 @@ [Unit] Description=Run pending postinsts DefaultDependencies=no -After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount +After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service Before=sysinit.target [Service] diff --git a/poky/meta/recipes-devtools/rust/rust.inc b/poky/meta/recipes-devtools/rust/rust.inc index 956301023a..7d87e8e1b2 100644 --- a/poky/meta/recipes-devtools/rust/rust.inc +++ b/poky/meta/recipes-devtools/rust/rust.inc @@ -72,7 +72,7 @@ python do_configure() { config = configparser.RawConfigParser() # [target.ARCH-poky-linux] - host_section = "target.{}".format(d.getVar('RUST_HOST_SYS', True)) + host_section = "target.{}".format(d.getVar('RUST_HOST_SYS')) config.add_section(host_section) llvm_config_target = d.expand("${RUST_ALTERNATE_EXE_PATH}") @@ -87,7 +87,7 @@ python do_configure() { # If we don't do this rust-native will compile it's own llvm for BUILD. # [target.${BUILD_ARCH}-unknown-linux-gnu] - build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS', True)) + build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS')) if build_section != host_section: config.add_section(build_section) @@ -97,7 +97,7 @@ python do_configure() { config.set(build_section, "cc", e(d.expand("${RUST_BUILD_CC}"))) config.set(build_section, "linker", e(d.expand("${RUST_BUILD_CCLD}"))) - target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS', True)) + target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS')) if target_section != host_section and target_section != build_section: config.add_section(target_section) @@ -143,26 +143,26 @@ python do_configure() { config.set("build", "vendor", e(True)) if not "targets" in locals(): - targets = [d.getVar("RUST_TARGET_SYS", True)] + targets = [d.getVar("RUST_TARGET_SYS")] config.set("build", "target", e(targets)) if not "hosts" in locals(): - hosts = [d.getVar("RUST_HOST_SYS", True)] + hosts = [d.getVar("RUST_HOST_SYS")] config.set("build", "host", e(hosts)) # We can't use BUILD_SYS since that is something the rust snapshot knows # nothing about when trying to build some stage0 tools (like fabricate) - config.set("build", "build", e(d.getVar("RUST_BUILD_SYS", True))) + config.set("build", "build", e(d.getVar("RUST_BUILD_SYS"))) # [install] config.add_section("install") # ./x.py install doesn't have any notion of "destdir" # but we can prepend ${D} to all the directories instead - config.set("install", "prefix", e(d.getVar("D", True) + d.getVar("prefix", True))) - config.set("install", "bindir", e(d.getVar("D", True) + d.getVar("bindir", True))) - config.set("install", "libdir", e(d.getVar("D", True) + d.getVar("libdir", True))) - config.set("install", "datadir", e(d.getVar("D", True) + d.getVar("datadir", True))) - config.set("install", "mandir", e(d.getVar("D", True) + d.getVar("mandir", True))) + config.set("install", "prefix", e(d.getVar("D") + d.getVar("prefix"))) + config.set("install", "bindir", e(d.getVar("D") + d.getVar("bindir"))) + config.set("install", "libdir", e(d.getVar("D") + d.getVar("libdir"))) + config.set("install", "datadir", e(d.getVar("D") + d.getVar("datadir"))) + config.set("install", "mandir", e(d.getVar("D") + d.getVar("mandir"))) with open("config.toml", "w") as f: f.write('changelog-seen = 2\n\n') diff --git a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch index 7097bb9087..31a76d9bb4 100644 --- a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch +++ b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch @@ -14,7 +14,7 @@ Someone with more rust knowledge could split up the triplets in no_atmoics.rs and compare against the architecture/processor, or replace -unknown with a glob to create a patch that upstream might accept. -Upstream-Status: Inappropriate [OE Specific tweak but could be rewritten] +Upstream-Status: Submitted [https://github.com/crossbeam-rs/crossbeam/pull/922] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Index: rustc-1.63.0-src/vendor/crossbeam-utils/build.rs diff --git a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb index 1f9dbd3cce..dbf74cec8f 100644 --- a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb +++ b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb @@ -57,7 +57,6 @@ rust_do_install:class-nativesdk() { } EXTRA_TOOLS ?= "cargo-clippy clippy-driver rustfmt" -EXTRA_TOOLS:remove:riscv32 = "rustfmt" rust_do_install:class-target() { export PSEUDO_UNLOAD=1 rust_runx install diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch index 44b2ce0a30..5a10c93a31 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch @@ -1,4 +1,4 @@ -Upstream-Status: Pending +Upstream-Status: Inappropriate [upstream does not support installed tests] Index: unix/Makefile.in =================================================================== diff --git a/poky/meta/recipes-devtools/vala/vala.inc b/poky/meta/recipes-devtools/vala/vala.inc index 974baa33f5..162e99bb03 100644 --- a/poky/meta/recipes-devtools/vala/vala.inc +++ b/poky/meta/recipes-devtools/vala/vala.inc @@ -42,20 +42,23 @@ EXTRA_OECONF += " --disable-valadoc" # Vapigen wrapper needs to be available system-wide, because it will be used # to build vapi files from all other packages with vala support do_install:append:class-target() { - install -d ${D}${bindir}/ - install ${B}/vapigen-wrapper ${D}${bindir}/ + install -d ${D}${bindir_crossscripts}/ + install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/ } # Put vapigen wrapper into target sysroot so that it can be used when building # vapi files. -SYSROOT_DIRS:append:class-target = " ${bindir}" +SYSROOT_DIRS += "${bindir_crossscripts}" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56" SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess" vapigen_sysroot_preprocess() { # Tweak the vapigen name in the vapigen pkgconfig file, so that it picks # up our wrapper. sed -i \ - -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \ + -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \ ${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc } @@ -64,5 +67,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper" PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess" vala_package_preprocess () { - sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper + rm -rf ${PKGD}${bindir_crossscripts} } diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 index 887bfd2766..432dcc916c 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 +++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 @@ -1,3 +1,4 @@ +drd/tests/boost_thread gdbserver_tests/hgtls cachegrind/tests/ann1 callgrind/tests/simwork1 diff --git a/poky/meta/recipes-extended/at/at_3.2.5.bb b/poky/meta/recipes-extended/at/at_3.2.5.bb index 87a436173f..c0c876a644 100644 --- a/poky/meta/recipes-extended/at/at_3.2.5.bb +++ b/poky/meta/recipes-extended/at/at_3.2.5.bb @@ -52,8 +52,10 @@ INITSCRIPT_PARAMS = "defaults" SYSTEMD_SERVICE:${PN} = "atd.service" -do_configure:prepend() { - cp -f ${WORKDIR}/posixtm.[ch] ${S} +do_patch[postfuncs] += "copy_posix_files" + +copy_posix_files() { + cp -f ${WORKDIR}/posixtm.[ch] ${S} } do_install () { diff --git a/poky/meta/recipes-extended/bc/bc_1.07.1.bb b/poky/meta/recipes-extended/bc/bc_1.07.1.bb index 1bec76bb2a..5a03751304 100644 --- a/poky/meta/recipes-extended/bc/bc_1.07.1.bb +++ b/poky/meta/recipes-extended/bc/bc_1.07.1.bb @@ -32,4 +32,4 @@ do_compile:prepend() { ALTERNATIVE:${PN} = "bc dc" ALTERNATIVE_PRIORITY = "100" -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch new file mode 100644 index 0000000000..4b96e4316c --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch @@ -0,0 +1,39 @@ +From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001 +From: Stefano Babic <sbabic@denx.de> +Date: Fri, 28 Jul 2017 13:20:52 +0200 +Subject: [PATCH] Wrong CRC with ASCII CRC for large files + +Due to signedness, the checksum is not computed when filesize is bigger +a 2GB. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html] +Signed-off-by: Stefano Babic <sbabic@denx.de> +--- + src/copyout.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..727aeca 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -34,13 +34,13 @@ + compute and return a checksum for them. */ + + static uint32_t +-read_for_checksum (int in_file_des, int file_size, char *file_name) ++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name) + { + uint32_t crc; + char buf[BUFSIZ]; +- int bytes_left; +- int bytes_read; +- int i; ++ unsigned int bytes_left; ++ unsigned int bytes_read; ++ unsigned int i; + + crc = 0; + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index e72a114de9..dd3541096f 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ file://CVE-2021-38185.patch \ + file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb index 786940a7e0..a3db6eb394 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -9,7 +9,7 @@ DEPENDS = "cracklib-native zlib" EXTRA_OECONF = "--without-python --libdir=${base_libdir}" -SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ +SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ file://0002-craklib-fix-testnum-and-teststr-failed.patch \ " diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index 9c920bb133..da320b1085 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -47,6 +47,7 @@ PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" +PACKAGECONFIG[webif] = "--enable-webif,--disable-webif" EXTRA_OECONF = " \ --enable-dbus \ @@ -66,7 +67,7 @@ EXTRA_OECONF = " \ EXTRA_AUTORECONF += "--exclude=autoheader" do_install () { - oe_runmake "DESTDIR=${D}" install + oe_runmake "BUILDROOT=${D}" install # Remove /var/run from package as cupsd will populate it on startup rm -fr ${D}/${localstatedir}/run @@ -74,7 +75,7 @@ do_install () { rmdir ${D}/${libexecdir}/${BPN}/driver # Fix the pam configuration file permissions - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + if ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then chmod 0644 ${D}${sysconfdir}/pam.d/cups fi @@ -92,7 +93,7 @@ do_install () { fi } -PACKAGES =+ "${PN}-lib ${PN}-libimage" +PACKAGES =+ "${PN}-lib ${PN}-libimage ${PN}-webif" RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}" FILES:${PN} += "${libexecdir}/cups/" @@ -101,13 +102,10 @@ FILES:${PN}-lib = "${libdir}/libcups.so.*" FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*" -#package the html for the webgui inside the main packages (~1MB uncompressed) +# put the html for the web interface into its own PACKAGE +FILES:${PN}-webif += "${datadir}/doc/cups/ ${datadir}/icons/" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'webif', '${PN}-webif', '', d)}" -FILES:${PN} += "${datadir}/doc/cups/images \ - ${datadir}/doc/cups/*html \ - ${datadir}/doc/cups/*.css \ - ${datadir}/icons/ \ - " CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf" MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config" diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch index aac1c43465..8b88c308f2 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch +++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch @@ -1,4 +1,4 @@ -From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001 +From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001 From: Peiran Hong <peiran.hong@windriver.com> Date: Thu, 5 Sep 2019 15:42:22 -0400 Subject: [PATCH] Skip strip-trailing-cr test case @@ -10,19 +10,21 @@ package. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Peiran Hong <peiran.hong@windriver.com> + --- tests/Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am -index 83a7c9d..04d51b5 100644 +index d98df82..757ea52 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -21,8 +21,10 @@ TESTS = \ +@@ -21,9 +21,11 @@ TESTS = \ stdin \ strcoll-0-names \ filename-quoting \ - strip-trailing-cr \ + timezone \ colors +# Skipping this test since it requires valgrind +# and thus is too heavy for diffutils package @@ -30,6 +32,3 @@ index 83a7c9d..04d51b5 100644 XFAIL_TESTS = large-subopt --- -2.21.0 - diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch deleted file mode 100644 index 4928e1eaff..0000000000 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 25 Mar 2022 13:43:19 -0700 -Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ - -This is already applied to libsigsegv upstream, hopefully next version -of grep will update its internal copy and we can drop this patch - -Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/sigsegv.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/sigsegv.c b/lib/sigsegv.c -index 998c827..b6f4841 100644 ---- a/lib/sigsegv.c -+++ b/lib/sigsegv.c -@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION; - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1] - # else /* 32-bit */ - /* both should be equivalent */ --# if 0 --# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1] -+# if ! defined __GLIBC__ -+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1] - # else - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1] - # endif --- -2.35.1 - diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb index 8889c83ee2..2bb9e6f32d 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb +++ b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb @@ -6,10 +6,9 @@ require diffutils.inc SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \ file://run-ptest \ file://0001-Skip-strip-trailing-cr-test-case.patch \ - file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \ " -SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec" +SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1" EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix" diff --git a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch index 9105da6457..c3cfc7cea8 100644 --- a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch +++ b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch @@ -3,7 +3,7 @@ From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Sat, 7 Mar 2020 00:59:13 +0000 Subject: [PATCH] Make manpages mulitlib identical -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> --- Makefile.am | 2 +- diff --git a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch index eda6a40f51..b028fa20aa 100644 --- a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch +++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch @@ -15,7 +15,7 @@ doesn't work: So replace "perl -w" with "use warnings" to make it work. -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> diff --git a/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch new file mode 100644 index 0000000000..20f9d89ed8 --- /dev/null +++ b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch @@ -0,0 +1,28 @@ +CVE: CVE-2022-46663 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. + +--- + line.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/line.c b/line.c +index 236c49ae..cba7bdd1 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } diff --git a/poky/meta/recipes-extended/less/less_608.bb b/poky/meta/recipes-extended/less/less_608.bb index f411a8fb53..f907a8159c 100644 --- a/poky/meta/recipes-extended/less/less_608.bb +++ b/poky/meta/recipes-extended/less/less_608.bb @@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ DEPENDS = "ncurses" SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ + file://CVE-2022-46663.patch \ " SRC_URI[sha256sum] = "a69abe2e0a126777e021d3b73aa3222e1b261f10e64624d41ec079685a6ac209" diff --git a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch b/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch deleted file mode 100644 index 0d21799682..0000000000 --- a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch +++ /dev/null @@ -1,47 +0,0 @@ -From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 25 Jul 2022 10:56:53 -0700 -Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is - present - -These headers are in conflict and only one is needed by -archive_read_disk_posix.c therefore include linux/fs.h if it exists -otherwise include sys/mount.h - -It also helps compiling with glibc 2.36 -where sys/mount.h conflicts with linux/mount.h see [1] - -[1] https://sourceware.org/glibc/wiki/Release/2.36 - -Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/1761] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libarchive/archive_read_disk_posix.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c -index 2b39e672..a96008db 100644 ---- a/libarchive/archive_read_disk_posix.c -+++ b/libarchive/archive_read_disk_posix.c -@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$"); - #ifdef HAVE_SYS_PARAM_H - #include <sys/param.h> - #endif --#ifdef HAVE_SYS_MOUNT_H --#include <sys/mount.h> --#endif - #ifdef HAVE_SYS_STAT_H - #include <sys/stat.h> - #endif -@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$"); - #endif - #ifdef HAVE_LINUX_FS_H - #include <linux/fs.h> -+#elif HAVE_SYS_MOUNT_H -+#include <sys/mount.h> - #endif - /* - * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. --- -2.25.1 - diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 24d7918bf9..f447035b67 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -30,14 +30,12 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls," PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," -EXTRA_OECONF += "--enable-largefile" +EXTRA_OECONF += "--enable-largefile --without-iconv" -SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ - file://0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch \ - " +SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2" +SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3" inherit autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb index 8c6c20733c..f55e0b0ed1 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -22,7 +22,7 @@ inherit autotools pkgconfig EXTRA_OECONF = "--disable-gssapi" do_install:append() { - chown root:root ${D}${sysconfdir}/netconfig + test -e ${D}${sysconfdir}/netconfig && chown root:root ${D}${sysconfdir}/netconfig } BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch deleted file mode 100644 index 284a5a3ea9..0000000000 --- a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch +++ /dev/null @@ -1,31 +0,0 @@ -CVE: CVE-2022-41556 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss <gstrauss@gluelogic.com> -Date: Sun, 11 Sep 2022 22:31:34 -0400 -Subject: [PATCH] [core] handle RDHUP when collecting chunked body - -handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked -request body (and when not streaming request body to backend) - -x-ref: - https://github.com/lighttpd/lighttpd1.4/pull/115 ---- - src/gw_backend.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gw_backend.c b/src/gw_backend.c -index df9d8217..5db56287 100644 ---- a/src/gw_backend.c -+++ b/src/gw_backend.c -@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) { - * and module is flagged to stream request body to backend) */ - return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST) - ? http_response_reqbody_read_error(r, 411) -- : HANDLER_WAIT_FOR_EVENT; -+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; - } - - if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) { diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb index 78978105b2..838881f238 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb @@ -14,13 +14,12 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ - file://CVE-2022-41556.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ " -SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" +SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358" DEPENDS = "virtual/crypt" diff --git a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb index f380de0b6b..f59fe009bb 100644 --- a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb +++ b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb @@ -19,6 +19,15 @@ SRCREV = "67d8c828e7bdc01ba93f8ff79765dd424da0c9d7" S = "${WORKDIR}/git" + +inherit update-alternatives + +ALTERNATIVE:${PN} = "lsof" +ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof" +# Make our priority higher than busybox +ALTERNATIVE_PRIORITY = "100" + + export LSOF_INCLUDE = "${STAGING_INCDIR}" do_configure () { diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch new file mode 100644 index 0000000000..186d1e76f2 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch @@ -0,0 +1,45 @@ +From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:12 -0600 +Subject: [PATCH] mdadm: Fix optional --write-behind parameter + +The commit noted below changed the behaviour of --write-behind to +require an argument. This broke the 06wrmostly test with the error: + + mdadm: Invalid value for maximum outstanding write-behind writes: (null). + Must be between 0 and 16383. + +To fix this, check if optarg is NULL before parising it, as the origial +code did. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9] + +Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.") +Cc: Mateusz Grzonka <mateusz.grzonka@intel.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + mdadm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mdadm.c b/mdadm.c +index d0c5e6de..56722ed9 100644 +--- a/mdadm.c ++++ b/mdadm.c +@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[]) + case O(BUILD, WriteBehind): + case O(CREATE, WriteBehind): + s.write_behind = DEFAULT_MAX_WRITE_BEHIND; +- if (parse_num(&s.write_behind, optarg) != 0 || +- s.write_behind < 0 || s.write_behind > 16383) { ++ if (optarg && ++ (parse_num(&s.write_behind, optarg) != 0 || ++ s.write_behind < 0 || s.write_behind > 16383)) { + pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n", + optarg); + exit(2); +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch new file mode 100644 index 0000000000..1c95834a7e --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch @@ -0,0 +1,41 @@ +From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:13 -0600 +Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout + fails for 0.9 + +329dfc28debb disallows the creation of raid0 with layouts for 0.9 +metadata. This test confirms the new behavior. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index 8bc18985..e6b21cc4 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -6,11 +6,9 @@ check raid0 + testdev $md0 3 $mdsize2_l 512 + mdadm -S $md0 + +-# now with version-0.90 superblock ++# verify raid0 with layouts fail for 0.90 + mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3 +-check raid0 +-testdev $md0 4 $mdsize0 512 +-mdadm -S $md0 ++check opposite_result + + # now with no superblock + mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4 +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch new file mode 100644 index 0000000000..c621c082e8 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch @@ -0,0 +1,39 @@ +From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 27 Jul 2022 15:52:45 -0600 +Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro + +In some recent kernel versions, 00readonly fails with: + + mdadm: failed to set readonly for /dev/md0: Device or resource busy + ERROR: array is not read-only! + +This was traced down to a race condition with udev holding a reference +to the block device at the same time as trying to set it read only. + +To fix this, call udevadm settle before setting the array read only. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26] + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jsorensen@fb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00readonly | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/00readonly b/tests/00readonly +index 39202487..afe243b3 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -12,6 +12,7 @@ do + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync + check $level ++ udevadm settle + mdadm -ro $md0 + check readonly + state=$(cat /sys/block/md0/md/array_state) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch new file mode 100644 index 0000000000..1a7104b76d --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch @@ -0,0 +1,33 @@ +From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:16 -0600 +Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration + +This fixes 02lineargrow test as prior metadata causes --add operation +to misbehave. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/02lineargrow | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/02lineargrow b/tests/02lineargrow +index e05c219d..595bf9f2 100644 +--- a/tests/02lineargrow ++++ b/tests/02lineargrow +@@ -20,4 +20,6 @@ do + testdev $md0 3 $sz 1 + + mdadm -S $md0 ++ mdadm --zero /dev/loop2 ++ mdadm --zero /dev/loop3 + done +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch new file mode 100644 index 0000000000..9098fb2540 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch @@ -0,0 +1,41 @@ +From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:15 -0600 +Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1 + +'04update-metadata' test fails with error, "specifying chunk size is +forbidden for this level" added by commit, 5b30a34aa4b5e. Hence, +correcting the test to ignore passing chunk size to raid1. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +[logang@deltatee.com: fix if/then style and dropped unrelated hunk] +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/04update-metadata | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 08c14af7..2b72a303 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3" + for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} +- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ if [[ $l == 'raid1' ]]; then ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist ++ else ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ fi + testdev $md0 $s 19904 64 + mdadm -S $md0 + mdadm -A $md0 --update=metadata $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch new file mode 100644 index 0000000000..d2e7d8ee50 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch @@ -0,0 +1,102 @@ +From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:14 -0600 +Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata + +Some of the test cases fail because raid0 creation fails with the error, +"0.90 metadata does not support layouts for RAID0" added by commit, +329dfc28debb. Fix some of the test cases by switching from raid0 to +linear level for 0.9 metadata where possible. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 4 ++-- + tests/00readonly | 4 ++++ + tests/03r0assem | 6 +++--- + tests/04r0update | 4 ++-- + tests/04update-metadata | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index e6b21cc4..9b8896cb 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -20,8 +20,8 @@ mdadm -S $md0 + # now same again with different chunk size + for chunk in 4 32 256 + do +- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2 +- check raid0 ++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2 ++ check linear + testdev $md0 3 $mdsize0 $chunk + mdadm -S $md0 + +diff --git a/tests/00readonly b/tests/00readonly +index 28b0fa13..39202487 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2 + do + for level in linear raid0 raid1 raid4 raid5 raid6 raid10 + do ++ if [[ $metadata == "0.9" && $level == "raid0" ]]; ++ then ++ continue ++ fi + mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \ + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync +diff --git a/tests/03r0assem b/tests/03r0assem +index 6744e322..44df0645 100644 +--- a/tests/03r0assem ++++ b/tests/03r0assem +@@ -68,9 +68,9 @@ mdadm -S $md2 + ### Now for version 0... + + mdadm --zero-superblock $dev0 $dev1 $dev2 +-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2 +-check raid0 +-tst="testdev $md2 3 $mdsize0 512" ++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2 ++check linear ++tst="testdev $md2 3 $mdsize0 1" + $tst + + uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'` +diff --git a/tests/04r0update b/tests/04r0update +index 73ee3b9f..b95efb06 100644 +--- a/tests/04r0update ++++ b/tests/04r0update +@@ -1,7 +1,7 @@ + + # create a raid0, re-assemble with a different super-minor +-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2 +-testdev $md0 3 $mdsize0 512 ++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2 ++testdev $md0 3 $mdsize0 1 + minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'` + mdadm -S /dev/md0 + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 232fc1ff..08c14af7 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -8,7 +8,7 @@ set -xe + + dlist="$dev0 $dev1 $dev2 $dev3" + +-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2 ++for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} + mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb index 19035caaec..4aa3737562 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -24,6 +24,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-mdadm-skip-test-11spare-migration.patch \ file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \ file://0001-Makefile-install-mdcheck.patch \ + file://0001-mdadm-Fix-optional-write-behind-parameter.patch \ + file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \ + file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \ + file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ + file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ + file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ " SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" diff --git a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch index a4b3afd959..090ed5c1c9 100644 --- a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch +++ b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch @@ -1,4 +1,4 @@ -From 58245b859ffbcb1780575bf1b0a018d55e74e434 Mon Sep 17 00:00:00 2001 +From 08ba909500412611953aea0fa2fe0d8fe76b6e24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com> Date: Wed, 21 Sep 2016 21:14:40 +0200 Subject: [PATCH] detect gold as GNU linker too @@ -9,23 +9,21 @@ Content-Transfer-Encoding: 8bit Upstream-Status: Pending Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 03e8bda..c2fce51 100644 +index 468c718..cd93f30 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ AC_CHECK_SIZEOF([void *]) AC_MSG_CHECKING([for GNU ld]) - LD=`$CC -print-prog-name=ld 2>&5` + LD=$($CC -print-prog-name=ld 2>&5) --if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld"` = 0; then -+if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU "` = 0; then +-if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld") = 0; then ++if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ") = 0; then # Not GNU_LD="" AC_MSG_RESULT([no]) --- -2.5.5 - diff --git a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch b/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch deleted file mode 100644 index ca235d5108..0000000000 --- a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f60dc1063607ca1f201ba4cbda467d8af3f78f64 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar <mlichvar@redhat.com> -Date: Tue, 1 Oct 2019 16:37:55 +0200 -Subject: [PATCH] don't ignore CFLAGS when building snack - -In addition to the flags returned by python-config --cflags, use the -user-specified CFLAGS when building the snack object. - -Upstream-Status: Backport from master -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index be5f87b..6facd5e 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -96,8 +96,8 @@ _snack.$(SOEXT): snack.c $(LIBNEWTSH) - PIFLAGS=`$$pyconfig --includes`; \ - PLDFLAGS=`$$pyconfig --ldflags`; \ - PLFLAGS=`$$pyconfig --libs`; \ -- echo $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -- $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ echo $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ - echo $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - done || : diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb index 430e481b36..cd3731cf74 100644 --- a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb @@ -21,11 +21,9 @@ SRC_URI = "https://releases.pagure.org/newt/newt-${PV}.tar.gz \ file://cross_ar.patch \ file://Makefile.in-Add-tinfo-library-to-the-linking-librari.patch \ file://0001-detect-gold-as-GNU-linker-too.patch \ - file://0002-don-t-ignore-CFLAGS-when-building-snack.patch \ " -SRC_URI[md5sum] = "a0a5fd6b53bb167a65e15996b249ebb5" -SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac5abb31" +SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a" S = "${WORKDIR}/newt-${PV}" diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch new file mode 100644 index 0000000000..e7bf03f9f7 --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch @@ -0,0 +1,205 @@ +From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <kukuk@suse.com> +Date: Thu, 24 Feb 2022 10:37:32 +0100 +Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf + +According to the manual page, the following entry is valid but does not +work: +-:root:ALL EXCEPT localhost + +See https://bugzilla.suse.com/show_bug.cgi?id=1019866 + +Patched is based on PR#226 from Josef Moellers + +Upstream-Status: Backport +CVE: CVE-2022-28321 + +Reference to upstream patch: +[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- + 1 file changed, 76 insertions(+), 19 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 277192b..bca424f 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); + } + +@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai = NULL; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- DIAG_PUSH_IGNORE_CAST_ALIGN; +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } +-- +2.37.3 + diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch new file mode 100644 index 0000000000..77dc649090 --- /dev/null +++ b/poky/meta/recipes-extended/screen/screen/signal-permission.patch @@ -0,0 +1,40 @@ +From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 +From: Alexander Naumov <alexander_naumov@opensuse.org> +Date: Mon, 30 Jan 2023 17:22:25 +0200 +Subject: fix: missing signal sending permission check on failed query messages + +Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> + +CVE: CVE-2023-24626 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/socket.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/socket.c b/src/socket.c +index 147dc54..54d8cb8 100644 +--- a/socket.c ++++ b/socket.c +@@ -1285,11 +1285,16 @@ ReceiveMsg() + else + queryflag = -1; + +- Kill(m.m.command.apid, ++ if (CheckPid(m.m.command.apid)) { ++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); ++ } ++ else { ++ Kill(m.m.command.apid, + (queryflag >= 0) + ? SIGCONT + : SIG_BYE); /* Send SIG_BYE if an error happened */ +- queryflag = -1; ++ queryflag = -1; ++ } + } + break; + case MSG_COMMAND: +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.0.bb index 77e8000bf3..235cd8c6cf 100644 --- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb +++ b/poky/meta/recipes-extended/screen/screen_4.9.0.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-Remove-more-compatibility-stuff.patch \ file://0001-configure-Add-needed-system-headers-in-checks.patch \ + file://signal-permission.patch \ " SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4" diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch new file mode 100644 index 0000000000..37ba5f3dc2 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch @@ -0,0 +1,41 @@ +commit 670cae834827a8f794e6f7464fa57790d911b63c +Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> +Date: Tue Dec 27 17:40:17 2022 +0530 + + shadow: Fix can not print full login timeout message + + Login timed out message prints only first few bytes when write is immediately followed by exit. + Calling exit from new handler provides enough time to display full message. + +Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] + +diff --git a/src/login.c b/src/login.c +index 116e2cb3..c55f4de0 100644 +--- a/src/login.c ++++ b/src/login.c +@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); + + static void init_env (void); + static void alarm_handler (int); ++static void exit_handler (int); + + /* + * usage - print login command usage and exit +@@ -391,11 +392,16 @@ static void init_env (void) + #endif /* !USE_PAM */ + } + ++static void exit_handler (unused int sig) ++{ ++ _exit (0); ++} + + static void alarm_handler (unused int sig) + { + write (STDERR_FILENO, tmsg, strlen (tmsg)); +- _exit (0); ++ signal(SIGALRM, exit_handler); ++ alarm(2); + } + + #ifdef USE_PAM diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index a87e23569b..0ed220ac5c 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -15,6 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ file://0001-shadow-use-relaxed-usernames.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://useradd \ + file://0001-Fix-can-not-print-full-login.patch \ " SRC_URI:append:class-target = " \ @@ -30,7 +31,7 @@ SRC_URI:append:class-native = " \ SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ " -SRC_URI[sha256sum] = "9fdb73b5d2b44e8ba9fcee1b4493ac75dd5040bda35b9ac8b06570cd192e7ee3" +SRC_URI[sha256sum] = "f525154adc5605e4ebf03d3e7ee8be4d7f3c7cf9df2c2244043406b6eefca2da" # Additional Policy files for PAM diff --git a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb index 40b11345c9..d1a3fd5593 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb @@ -9,3 +9,6 @@ BBCLASSEXTEND = "native nativesdk" # Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 CVE_CHECK_IGNORE += "CVE-2013-4235" + +# This is an issue for a different shadow +CVE_CHECK_IGNORE += "CVE-2016-15024" diff --git a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch index f4fc376bb8..041c717e00 100644 --- a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch +++ b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -1,4 +1,7 @@ -sudo.conf.in: fix conflict with multilib +From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 17 Nov 2020 11:13:40 +0800 +Subject: [PATCH] sudo.conf.in: fix conflict with multilib When pass ${libdir} to --libexecdir of sudo, it fails to install sudo and lib32-sudo at same time: @@ -12,12 +15,13 @@ Update the comments in sudo.conf.in to avoid the conflict. Signed-off-by: Kai Kang <kai.kang@windriver.com> Upstream-Status: Inappropriate [OE configuration specific] + --- examples/sudo.conf.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in -index 6535d3a..50afc8f 100644 +index 2187457..0908d24 100644 --- a/examples/sudo.conf.in +++ b/examples/sudo.conf.in @@ -4,7 +4,7 @@ @@ -33,8 +37,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_intercept.so file. # --#Path intercept @plugindir@/sudo_intercept.so -+#Path intercept $plugindir/sudo_intercept.so +-#Path intercept @intercept_file@ ++#Path intercept $intercept_file # # Sudo noexec: @@ -42,8 +46,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # --#Path noexec @plugindir@/sudo_noexec.so -+#Path noexec $plugindir/sudo_noexec.so +-#Path noexec @noexec_file@ ++#Path noexec $noexec_file # # Sudo plugin directory: @@ -55,7 +59,4 @@ index 6535d3a..50afc8f 100644 +#Path plugin_dir $plugindir # - # Sudo developer mode: --- -2.17.1 - + # Core dumps: diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc index 8947c46129..f22b3eab99 100644 --- a/poky/meta/recipes-extended/sudo/sudo.inc +++ b/poky/meta/recipes-extended/sudo/sudo.inc @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=16cf60b466f3a0606427a7b624a3a670 \ +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \ file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb index ba610ee2e7..2e11739470 100644 --- a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb +++ b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb @@ -8,7 +8,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ PAM_SRC_URI = "file://sudo.pam" -SRC_URI[sha256sum] = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70" +SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b" DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb index 273c5c1815..6df7bdbb83 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb +++ b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb @@ -4,4 +4,4 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" -SRC_URI[sha256sum] = "699fd948836d77f9ad0541fd5dcf75cd2505f9da4ec14df669286ad047c23d97" +SRC_URI[sha256sum] = "18ff5a4e149e2568e43385637f72437fe6bafcc1322a93d13d1981e9464a0342" diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch new file mode 100644 index 0000000000..b2f40f3e64 --- /dev/null +++ b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch @@ -0,0 +1,43 @@ +From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sat, 11 Feb 2023 11:57:39 +0200 +Subject: Fix boundary checking in base-256 decoder + +* src/list.c (from_header): Base-256 encoding is at least 2 bytes +long. + +Upstream-Status: Backport [see reference below] +CVE: CVE-2022-48303 + +Reference to upstream patch: +https://savannah.gnu.org/bugs/?62387 +https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 + +Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + src/list.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> + + +(limited to 'src/list.c') + +diff --git a/src/list.c b/src/list.c +index 9fafc42..86bcfdd 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type, + where++; + } + } +- else if (*where == '\200' /* positive base-256 */ +- || *where == '\377' /* negative base-256 */) ++ else if (where <= lim - 2 ++ && (*where == '\200' /* positive base-256 */ ++ || *where == '\377' /* negative base-256 */)) + { + /* Parse base-256 output. A nonnegative number N is + represented as (256**DIGS)/2 + N; a negative number -N is +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/tar/tar_1.34.bb b/poky/meta/recipes-extended/tar/tar_1.34.bb index 7307cd57a2..1ef5fe221e 100644 --- a/poky/meta/recipes-extended/tar/tar_1.34.bb +++ b/poky/meta/recipes-extended/tar/tar_1.34.bb @@ -6,7 +6,9 @@ SECTION = "base" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2" +SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ + file://CVE-2022-48303.patch \ +" SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index d3c78e9157..14a1ce18f3 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,14 +6,15 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022d" +PV = "2023c" -SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ - http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ +SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ + http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ " -UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +S = "${WORKDIR}/tz" -SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" -SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" +UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7" +SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c" diff --git a/poky/meta/recipes-extended/timezone/tzcode-native.bb b/poky/meta/recipes-extended/timezone/tzcode-native.bb index e3582ba674..d0b23a9d80 100644 --- a/poky/meta/recipes-extended/timezone/tzcode-native.bb +++ b/poky/meta/recipes-extended/timezone/tzcode-native.bb @@ -1,10 +1,7 @@ require timezone.inc -# SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" -S = "${WORKDIR}" - inherit native EXTRA_OEMAKE += "cc='${CC}'" diff --git a/poky/meta/recipes-extended/timezone/tzdata.bb b/poky/meta/recipes-extended/timezone/tzdata.bb index 7f4322d867..dd1960ffa7 100644 --- a/poky/meta/recipes-extended/timezone/tzdata.bb +++ b/poky/meta/recipes-extended/timezone/tzdata.bb @@ -4,8 +4,6 @@ DEPENDS = "tzcode-native" inherit allarch -S = "${WORKDIR}" - DEFAULT_TIMEZONE ?= "Universal" INSTALL_TIMEZONE_FILE ?= "1" @@ -18,17 +16,21 @@ TZONES = " \ # "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql ZIC_FMT ?= "slim" +do_configure[cleandirs] = "${B}" +B = "${WORKDIR}/build" + do_compile() { for zone in ${TZONES}; do - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} done } do_install() { - install -d ${D}$exec_prefix ${D}${datadir}/zoneinfo - cp -pPR ${WORKDIR}$exec_prefix ${D}${base_prefix} + install -d ${D}${datadir}/zoneinfo + cp -pPR ${B}/zoneinfo/* ${D}${datadir}/zoneinfo + # libc is removing zoneinfo files from package cp -pP "${S}/zone.tab" ${D}${datadir}/zoneinfo cp -pP "${S}/zone1970.tab" ${D}${datadir}/zoneinfo diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..b236030108 --- /dev/null +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch @@ -0,0 +1,145 @@ +xdg-email does not parse mailto uris properly for thunderbird + +When using thunderbird as mailto handler xdg-email translates mailto uris into an 'thunderbird -compose' argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g. + +xdg-email 'mailto:test@example.com?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt' + +translates into + +thunderbird -compose to='test@example.com,',subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt + +with working attachment and message. (And, yes, ~ expands to the home directory.) + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205] + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +CVE: CVE-2022-4055 + + +Index: xdg-utils-1.1.3/scripts/xdg-email.in +=================================================================== +--- xdg-utils-1.1.3.orig/scripts/xdg-email.in ++++ xdg-utils-1.1.3/scripts/xdg-email.in +@@ -30,53 +30,6 @@ _USAGE + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { + if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +@@ -130,15 +83,6 @@ open_kde() + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -159,13 +103,6 @@ open_gnome3() + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -231,15 +168,6 @@ open_flatpak() + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -364,21 +292,6 @@ while [ $# -gt 0 ] ; do + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 73acf6b744..4d93180535 100644 --- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ + file://CVE-2022-4055.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb index 9efd2800da..98923a3bdc 100644 --- a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb +++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb @@ -27,6 +27,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN file://0002-help-meson.build-disable-the-use-of-yelp.patch \ file://migrator.patch \ file://distributor.patch \ + file://CVE-2023-26081.patch \ " SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860" diff --git a/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch new file mode 100644 index 0000000000..af1e20bd8f --- /dev/null +++ b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch @@ -0,0 +1,90 @@ +From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Fri, 3 Feb 2023 13:07:15 -0600 +Subject: [PATCH] Don't autofill passwords in sandboxed contexts + +If using the sandbox CSP or iframe tag, the web content is supposed to +be not trusted by the main resource origin. Therefore, we'd better +disable the password manager entirely so the untrusted web content +cannot exfiltrate passwords. + +https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x + +Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275> + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd] +CVE: CVE-2023-26081 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + .../resources/js/ephy.js | 26 +++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js +index 38b806f..44d1792 100644 +--- a/embed/web-process-extension/resources/js/ephy.js ++++ b/embed/web-process-extension/resources/js/ephy.js +@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function() + } + }; + ++Ephy.isSandboxedWebContent = function() ++{ ++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x ++ return self.origin === null || self.origin === 'null'; ++}; ++ + Ephy.PasswordManager = class PasswordManager + { + constructor(pageID, frameID) +@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager + + query(origin, targetOrigin, username, usernameField, passwordField) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`); + + return new Promise((resolver, reject) => { +@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager + + save(origin, targetOrigin, username, password, usernameField, passwordField, isNew) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerSave.postMessage({ +@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager + // FIXME: Why is pageID a parameter here? + requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({ +@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager + + queryUsernames(origin) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Requesting usernames for origin=${origin}`); + + return new Promise((resolver, reject) => { +-- +2.35.5 + diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch deleted file mode 100644 index 02cc9a2a70..0000000000 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch +++ /dev/null @@ -1,173 +0,0 @@ -From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Sat, 8 May 2021 21:58:54 +0200 -Subject: [PATCH] Add use_prebuilt_tools option - -This allows using the gdk-pixbuf tools from the host to -build and install tests in a cross-compile scenarion. - -Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/119] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - gdk-pixbuf/meson.build | 11 +++++++++-- - meson.build | 6 +++--- - meson_options.txt | 4 ++++ - tests/meson.build | 16 ++++++++-------- - thumbnailer/meson.build | 24 ++++++++++++++++++------ - 5 files changed, 42 insertions(+), 19 deletions(-) - -diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build -index 54ff9dd..2e321cf 100644 ---- a/gdk-pixbuf/meson.build -+++ b/gdk-pixbuf/meson.build -@@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin - include_directories: [ root_inc, gdk_pixbuf_inc ], - c_args: common_cflags + gdk_pixbuf_cflags, - install: true) -- meson.override_find_program(bin_name, bin) -+ if not get_option('use_prebuilt_tools') -+ meson.override_find_program(bin_name, bin) -+ endif - - # Used in tests - set_variable(bin_name.underscorify(), bin) - endforeach - --if not meson.is_cross_build() -+if get_option('use_prebuilt_tools') -+ gdk_pixbuf_query_loaders = find_program('gdk-pixbuf-query-loaders', required: true) -+ gdk_pixbuf_pixdata = find_program('gdk-pixbuf-pixdata', required: true) -+endif -+ -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - # The 'loaders.cache' used for testing, so we don't accidentally - # load the installed cache; we always build it by default - loaders_cache = custom_target('loaders.cache', -diff --git a/meson.build b/meson.build -index 813bd43..a93e6f7 100644 ---- a/meson.build -+++ b/meson.build -@@ -369,18 +369,18 @@ subdir('gdk-pixbuf') - # i18n - subdir('po') - --if not meson.is_cross_build() -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - if get_option('tests') - subdir('tests') - endif -- subdir('thumbnailer') - endif -+subdir('thumbnailer') - - # Documentation - build_docs = get_option('gtk_doc') or get_option('docs') - subdir('docs') - --if not meson.is_cross_build() -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - meson.add_install_script('build-aux/post-install.py', - gdk_pixbuf_bindir, - gdk_pixbuf_libdir, -diff --git a/meson_options.txt b/meson_options.txt -index d198d99..1c899e9 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -53,4 +53,8 @@ option('gio_sniffing', - description: 'Perform file type detection using GIO (Unused on MacOS and Windows)', - type: 'boolean', - value: true) -+option('use_prebuilt_tools', -+ description: 'Use prebuilt gdk-pixbuf tools from the host for cross-compilation', -+ type: 'boolean', -+ value: false) - -diff --git a/tests/meson.build b/tests/meson.build -index 28c2525..d97c02d 100644 ---- a/tests/meson.build -+++ b/tests/meson.build -@@ -5,6 +5,12 @@ - # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with - # this problem: See https://github.com/mesonbuild/meson/issues/8266. - if enabled_loaders.contains('png') and host_system != 'windows' -+ -+ resources_deps = [loaders_cache,] -+ if not get_option('use_prebuilt_tools') -+ resources_deps += [gdk_pixbuf_pixdata,] -+ endif -+ - # Resources; we cannot use gnome.compile_resources() here, because we need to - # override the environment in order to use the utilities we just built instead - # of the system ones -@@ -21,10 +27,7 @@ if enabled_loaders.contains('png') and host_system != 'windows' - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: resources_deps, - ) - - resources_h = custom_target('resources.h', -@@ -40,10 +43,7 @@ if enabled_loaders.contains('png') and host_system != 'windows' - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: resources_deps, - ) - no_resources = false - else -diff --git a/thumbnailer/meson.build b/thumbnailer/meson.build -index b6a206d..9336c21 100644 ---- a/thumbnailer/meson.build -+++ b/thumbnailer/meson.build -@@ -6,13 +6,29 @@ bin = executable('gdk-pixbuf-thumbnailer', - ], - dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ], - install: true) --meson.override_find_program('gdk-pixbuf-thumbnailer', bin) -+if not get_option('use_prebuilt_tools') -+ meson.override_find_program('gdk-pixbuf-thumbnailer', bin) -+endif - - gdk_pixbuf_print_mime_types = executable('gdk-pixbuf-print-mime-types', - 'gdk-pixbuf-print-mime-types.c', -+ install: true, - c_args: common_cflags, - dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ]) - -+if get_option('use_prebuilt_tools') -+ gdk_pixbuf_print_mime_types = find_program('gdk-pixbuf-print-mime-types', required: true) -+endif -+ -+thumbnailer_deps = [loaders_cache,] -+ -+if not get_option('use_prebuilt_tools') -+ thumbnailer_deps += [ -+ gdk_pixbuf_print_mime_types, -+ gdk_pixbuf_pixdata, -+ ] -+endif -+ - custom_target('thumbnailer', - input: 'gdk-pixbuf-thumbnailer.thumbnailer.in', - output: 'gdk-pixbuf-thumbnailer.thumbnailer', -@@ -25,10 +41,6 @@ custom_target('thumbnailer', - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_print_mime_types, -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: thumbnailer_deps, - install: true, - install_dir: join_paths(gdk_pixbuf_datadir, 'thumbnailers')) diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch new file mode 100644 index 0000000000..7250fa3f62 --- /dev/null +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch @@ -0,0 +1,66 @@ +From 9d3b374e75692da3d1d05344a1693c85a3098f47 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Thu, 26 Jan 2023 20:29:46 +0100 +Subject: [PATCH] meson.build: allow (a subset of) tests in cross compile + settings + +There is no need to completely disable tests: most of them +do not require running target executables at build time, +and so can be built and installed. + +This requires inserting a couple of specific guards around +items that do require running target executables. + +Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/150] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + meson.build | 6 +++--- + tests/meson.build | 10 ++++++---- + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/meson.build b/meson.build +index 8a16c8f..7c8b20f 100644 +--- a/meson.build ++++ b/meson.build +@@ -369,10 +369,10 @@ subdir('gdk-pixbuf') + # i18n + subdir('po') + ++if get_option('tests') ++ subdir('tests') ++endif + if not meson.is_cross_build() +- if get_option('tests') +- subdir('tests') +- endif + subdir('thumbnailer') + endif + +diff --git a/tests/meson.build b/tests/meson.build +index 28c2525..c45e765 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -4,7 +4,7 @@ + # gdk-pixbuf-pixdata from build directory because it needs all DLL locations in + # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with + # this problem: See https://github.com/mesonbuild/meson/issues/8266. +-if enabled_loaders.contains('png') and host_system != 'windows' ++if enabled_loaders.contains('png') and host_system != 'windows' and not meson.is_cross_build() + # Resources; we cannot use gnome.compile_resources() here, because we need to + # override the environment in order to use the utilities we just built instead + # of the system ones +@@ -166,9 +166,11 @@ endif + test_deps = gdk_pixbuf_deps + [ gdkpixbuf_dep, ] + test_args = [ '-k' ] + test_env = environment() +-test_env.set('G_TEST_SRCDIR', meson.current_source_dir()) +-test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) +-test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path()) ++if not meson.is_cross_build() ++ test_env.set('G_TEST_SRCDIR', meson.current_source_dir()) ++ test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) ++ test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path()) ++endif + + foreach test_name, test_data: installed_tests + test_sources = [ test_name + '.c', 'test-common.c' ] diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb index d33718e3ea..cca89a9059 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb @@ -12,18 +12,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SECTION = "libs" -DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info" -DEPENDS:remove:class-native = "gdk-pixbuf-native" +DEPENDS = "glib-2.0 shared-mime-info" MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://run-ptest \ file://fatal-loader.patch \ - file://0001-Add-use_prebuilt_tools-option.patch \ + file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \ " -SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962" +SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b" inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package @@ -46,14 +45,6 @@ PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" EXTRA_OEMESON = "-Dman=false" -EXTRA_OEMESON:append:class-target = " \ - -Duse_prebuilt_tools=true \ -" - -EXTRA_OEMESON:append:class-nativesdk = " \ - -Duse_prebuilt_tools=true \ -" - PACKAGES =+ "${PN}-xlib" # For GIO image type sniffing @@ -115,10 +106,6 @@ do_install:append:class-native() { XDG_DATA_DIRS=${STAGING_DATADIR} \ GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ XDG_DATA_DIRS=${STAGING_DATADIR} \ GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb index fc52ae61c5..59278d1b16 100644 --- a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb +++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb @@ -56,8 +56,10 @@ CVE_CHECK_IGNORE += "CVE-2018-1000041" CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" PACKAGECONFIG ??= "gdkpixbuf" +PACKAGECONFIG:append:class-target = " ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vala', '', d)}" # The gdk-pixbuf loader PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native" +PACKAGECONFIG[vala] = "--enable-vala,--disable-vala" do_install:append() { # Loadable modules don't need .a or .la on Linux diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 5232cf70c6..a2dba6cb20 100644 --- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch @@ -1,19 +1,20 @@ -There is a potential infinite-loop in function _arc_error_normalized(). +There is an assertion in function _cairo_arc_in_direction(). CVE: CVE-2019-6461 Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..f9249dbeb 100644 +index 390397bae..1bde774a4 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); -- } while (error > tolerance); -+ } while (error > tolerance && error > __DBL_EPSILON__); +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; - return angle; - } +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..7c3209291b 100644 --- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch @@ -1,20 +1,40 @@ -There is an assertion in function _cairo_arc_in_direction(). - CVE: CVE-2019-6462 -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> +Upstream-Status: Backport +Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> + +From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <hlewin@gmx.de> +Date: Sun, 1 Aug 2021 11:16:03 +0000 +Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop + +--- + src/cairo-arc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 +index 390397bae..1c891d1a0 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; +@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + { M_PI / 11.0, 9.81410988043554039085e-09 }, + }; + int table_size = ARRAY_LENGTH (table); ++ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; + for (i = 0; i < table_size; i++) + if (table[i].error < tolerance) + return table[i].angle; - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); + ++i; ++ + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && i < max_segments); + + return angle; + } +-- +2.38.1 + diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb index 959ef68032..613d3430ce 100644 --- a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb +++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb @@ -39,7 +39,7 @@ PACKAGECONFIG[manpages] = "-Dman-pages=enabled,-Dman-pages=disabled,libxslt-nati ALLOW_EMPTY:${PN}-drivers = "1" PACKAGES =+ "${PN}-tests ${PN}-drivers ${PN}-radeon ${PN}-nouveau ${PN}-omap \ - ${PN}-intel ${PN}-exynos ${PN}-kms ${PN}-freedreno ${PN}-amdgpu \ + ${PN}-intel ${PN}-exynos ${PN}-freedreno ${PN}-amdgpu \ ${PN}-etnaviv" RRECOMMENDS:${PN}-drivers = "${PN}-radeon ${PN}-nouveau ${PN}-omap ${PN}-intel \ @@ -52,7 +52,6 @@ FILES:${PN}-nouveau = "${libdir}/libdrm_nouveau.so.*" FILES:${PN}-omap = "${libdir}/libdrm_omap.so.*" FILES:${PN}-intel = "${libdir}/libdrm_intel.so.*" FILES:${PN}-exynos = "${libdir}/libdrm_exynos.so.*" -FILES:${PN}-kms = "${libdir}/libkms*.so.*" FILES:${PN}-freedreno = "${libdir}/libdrm_freedreno.so.*" FILES:${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids" FILES:${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*" diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb index 69d9a0a84e..5b3b85b4ff 100644 --- a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exc LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3" SRCREV = "adbf0d3106b26daa237b10b9bf72b1af7c31092d" -SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \ +SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \ file://0001-generate-glslang-pkg-config.patch" PE = "1" UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch new file mode 100644 index 0000000000..47d2d7c270 --- /dev/null +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch @@ -0,0 +1,135 @@ +From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Mon, 6 Feb 2023 13:08:52 -0700 +Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match() + +Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324] +Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP. +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++--------------- + 1 file changed, 54 insertions(+), 40 deletions(-) + +diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh +index c77ec12..04b823e 100644 +--- a/src/hb-ot-layout-gsubgpos.hh ++++ b/src/hb-ot-layout-gsubgpos.hh +@@ -532,33 +532,52 @@ struct hb_ot_apply_context_t : + may_skip (const hb_glyph_info_t &info) const + { return matcher.may_skip (c, info); } + ++ enum match_t { ++ MATCH, ++ NOT_MATCH, ++ SKIP ++ }; ++ ++ match_t match (hb_glyph_info_t &info) ++ { ++ matcher_t::may_skip_t skip = matcher.may_skip (c, info); ++ if (unlikely (skip == matcher_t::SKIP_YES)) ++ return SKIP; ++ ++ matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); ++ if (match == matcher_t::MATCH_YES || ++ (match == matcher_t::MATCH_MAYBE && ++ skip == matcher_t::SKIP_NO)) ++ return MATCH; ++ ++ if (skip == matcher_t::SKIP_NO) ++ return NOT_MATCH; ++ ++ return SKIP; ++ } ++ + bool next (unsigned *unsafe_to = nullptr) + { + assert (num_items > 0); + while (idx + num_items < end) + { + idx++; +- hb_glyph_info_t &info = c->buffer->info[idx]; +- +- matcher_t::may_skip_t skip = matcher.may_skip (c, info); +- if (unlikely (skip == matcher_t::SKIP_YES)) +- continue; +- +- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); +- if (match == matcher_t::MATCH_YES || +- (match == matcher_t::MATCH_MAYBE && +- skip == matcher_t::SKIP_NO)) +- { +- num_items--; +- advance_glyph_data (); +- return true; +- } +- +- if (skip == matcher_t::SKIP_NO) ++ switch (match (c->buffer->info[idx])) + { +- if (unsafe_to) +- *unsafe_to = idx + 1; +- return false; ++ case MATCH: ++ { ++ num_items--; ++ advance_glyph_data (); ++ return true; ++ } ++ case NOT_MATCH: ++ { ++ if (unsafe_to) ++ *unsafe_to = idx + 1; ++ return false; ++ } ++ case SKIP: ++ continue; + } + } + if (unsafe_to) +@@ -571,27 +590,22 @@ struct hb_ot_apply_context_t : + while (idx > num_items - 1) + { + idx--; +- hb_glyph_info_t &info = c->buffer->out_info[idx]; +- +- matcher_t::may_skip_t skip = matcher.may_skip (c, info); +- if (unlikely (skip == matcher_t::SKIP_YES)) +- continue; +- +- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); +- if (match == matcher_t::MATCH_YES || +- (match == matcher_t::MATCH_MAYBE && +- skip == matcher_t::SKIP_NO)) +- { +- num_items--; +- advance_glyph_data (); +- return true; +- } +- +- if (skip == matcher_t::SKIP_NO) ++ switch (match (c->buffer->out_info[idx])) + { +- if (unsafe_from) +- *unsafe_from = hb_max (1u, idx) - 1u; +- return false; ++ case MATCH: ++ { ++ num_items--; ++ advance_glyph_data (); ++ return true; ++ } ++ case NOT_MATCH: ++ { ++ if (unsafe_from) ++ *unsafe_from = hb_max (1u, idx) - 1u; ++ return false; ++ } ++ case SKIP: ++ continue; + } + } + if (unsafe_from) +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch new file mode 100644 index 0000000000..f5c5cf439d --- /dev/null +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch @@ -0,0 +1,192 @@ +From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Mon, 6 Feb 2023 14:51:25 -0700 +Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment + +Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8] +Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc] causes regression and was reverted. This Patch completes the fix. +CVE: CVE-2023-25193 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> + +--- + src/OT/Layout/GPOS/MarkBasePosFormat1.hh | 76 +++++++++++++++--------- + src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 24 ++++++-- + src/hb-ot-layout-gsubgpos.hh | 5 +- + 3 files changed, 69 insertions(+), 36 deletions(-) + +diff --git a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh +index ebb8c31..73839a4 100644 +--- a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh ++++ b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh +@@ -90,6 +90,25 @@ struct MarkBasePosFormat1_2 + + const Coverage &get_coverage () const { return this+markCoverage; } + ++ static inline bool accept (hb_buffer_t *buffer, unsigned idx) ++ { ++ /* We only want to attach to the first of a MultipleSubst sequence. ++ * https://github.com/harfbuzz/harfbuzz/issues/740 ++ * Reject others... ++ * ...but stop if we find a mark in the MultipleSubst sequence: ++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */ ++ return !_hb_glyph_info_multiplied (&buffer->info[idx]) || ++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) || ++ (idx == 0 || ++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) || ++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) || ++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) != ++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) || ++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) != ++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1 ++ ); ++ } ++ + bool apply (hb_ot_apply_context_t *c) const + { + TRACE_APPLY (this); +@@ -97,48 +116,47 @@ struct MarkBasePosFormat1_2 + unsigned int mark_index = (this+markCoverage).get_coverage (buffer->cur().codepoint); + if (likely (mark_index == NOT_COVERED)) return_trace (false); + +- /* Now we search backwards for a non-mark glyph */ ++ /* Now we search backwards for a non-mark glyph. ++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */ ++ + hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input; +- skippy_iter.reset (buffer->idx, 1); + skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks); +- do { +- unsigned unsafe_from; +- if (!skippy_iter.prev (&unsafe_from)) ++ ++ unsigned j; ++ for (j = buffer->idx; j > c->last_base_until; j--) ++ { ++ auto match = skippy_iter.match (buffer->info[j - 1]); ++ if (match == skippy_iter.MATCH) + { +- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1); +- return_trace (false); ++ if (!accept (buffer, j - 1)) ++ match = skippy_iter.SKIP; + } ++ if (match == skippy_iter.MATCH) ++ { ++ c->last_base = (signed) j - 1; ++ break; ++ } ++ } ++ c->last_base_until = buffer->idx; ++ if (c->last_base == -1) ++ { ++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1); ++ return_trace (false); ++ } + +- /* We only want to attach to the first of a MultipleSubst sequence. +- * https://github.com/harfbuzz/harfbuzz/issues/740 +- * Reject others... +- * ...but stop if we find a mark in the MultipleSubst sequence: +- * https://github.com/harfbuzz/harfbuzz/issues/1020 */ +- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) || +- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) || +- (skippy_iter.idx == 0 || +- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) || +- !_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx - 1]) || +- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) != +- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) || +- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) != +- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx - 1]) + 1 +- )) +- break; +- skippy_iter.reject (); +- } while (true); ++ unsigned idx = (unsigned) c->last_base; + + /* Checking that matched glyph is actually a base glyph by GDEF is too strong; disabled */ +- //if (!_hb_glyph_info_is_base_glyph (&buffer->info[skippy_iter.idx])) { return_trace (false); } ++ //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); } + +- unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint); ++ unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint); + if (base_index == NOT_COVERED) + { +- buffer->unsafe_to_concat_from_outbuffer (skippy_iter.idx, buffer->idx + 1); ++ buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1); + return_trace (false); + } + +- return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx)); ++ return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, idx)); + } + + bool subset (hb_subset_context_t *c) const +diff --git a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh +index 1a80212..4471871 100644 +--- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh ++++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh +@@ -100,20 +100,32 @@ struct MarkLigPosFormat1_2 + if (likely (mark_index == NOT_COVERED)) return_trace (false); + + /* Now we search backwards for a non-mark glyph */ ++ + hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input; +- skippy_iter.reset (buffer->idx, 1); + skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks); +- unsigned unsafe_from; +- if (!skippy_iter.prev (&unsafe_from)) ++ ++ unsigned j; ++ for (j = buffer->idx; j > c->last_base_until; j--) + { +- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1); ++ auto match = skippy_iter.match (buffer->info[j - 1]); ++ if (match == skippy_iter.MATCH) ++ { ++ c->last_base = (signed) j - 1; ++ break; ++ } ++ } ++ c->last_base_until = buffer->idx; ++ if (c->last_base == -1) ++ { ++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1); + return_trace (false); + } + ++ j = (unsigned) c->last_base; ++ + /* Checking that matched glyph is actually a ligature by GDEF is too strong; disabled */ +- //if (!_hb_glyph_info_is_ligature (&buffer->info[skippy_iter.idx])) { return_trace (false); } ++ //if (!_hb_glyph_info_is_ligature (&buffer->info[j])) { return_trace (false); } + +- unsigned int j = skippy_iter.idx; + unsigned int lig_index = (this+ligatureCoverage).get_coverage (buffer->info[j].codepoint); + if (lig_index == NOT_COVERED) + { +diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh +index 04b823e..dc3c4b6 100644 +--- a/src/hb-ot-layout-gsubgpos.hh ++++ b/src/hb-ot-layout-gsubgpos.hh +@@ -701,6 +701,9 @@ struct hb_ot_apply_context_t : + uint32_t random_state = 1; + unsigned new_syllables = (unsigned) -1; + ++ signed last_base = -1; // GPOS uses ++ unsigned last_base_until = 0; // GPOS uses ++ + hb_ot_apply_context_t (unsigned int table_index_, + hb_font_t *font_, + hb_buffer_t *buffer_) : +@@ -738,7 +741,7 @@ struct hb_ot_apply_context_t : + iter_context.init (this, true); + } + +- void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; init_iters (); } ++ void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; last_base = -1; last_base_until = 0; init_iters (); } + void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); } + void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); } + void set_per_syllable (bool per_syllable_) { per_syllable = per_syllable_; init_iters (); } +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb index 4905e8e2ad..0d68a4bf84 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6ee0f16281694fb6aa689cca1e0fb3da \ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \ file://0001-fix-signedness-of-char-in-tests.patch \ + file://CVE-2023-25193-pre1.patch \ + file://CVE-2023-25193.patch \ " SRC_URI[sha256sum] = "2edb95db668781aaa8d60959d21be2ff80085f31b12053cdd660d9a50ce84f05" @@ -32,9 +34,9 @@ PACKAGES =+ "${PN}-icu ${PN}-icu-dev ${PN}-subset" LEAD_SONAME = "libharfbuzz.so" do_install:append() { - # If no tools are installed due to PACKAGECONFIG then this directory is - #still installed, so remove it to stop packaging wanings. - rmdir --ignore-fail-on-non-empty ${D}${bindir} + # If no tools are installed due to PACKAGECONFIG then this directory might + # still be installed, so remove it to stop packaging warnings. + [ ! -d ${D}${bindir} ] || rmdir --ignore-fail-on-non-empty ${D}${bindir} } FILES:${PN}-icu = "${libdir}/libharfbuzz-icu.so.*" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb index 1708fa97f0..e086830c02 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb @@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ file://0001-libjpeg-turbo-fix-package_qa-error.patch \ " -SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b" +SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch b/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch deleted file mode 100644 index 971a3f54e0..0000000000 --- a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7211120d1e2f059d900f3379b9790484dbcf7761 Mon Sep 17 00:00:00 2001 -From: Martin Jansa <Martin.Jansa@gmail.com> -Date: Fri, 25 Oct 2019 11:09:34 +0000 -Subject: [PATCH] dispatch_common.h: define also EGL_NO_X11 - -MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in: -https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb - -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> -Upstream-Status: Pending - ---- - src/dispatch_common.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/dispatch_common.h b/src/dispatch_common.h -index a136943..448c9b1 100644 ---- a/src/dispatch_common.h -+++ b/src/dispatch_common.h -@@ -55,6 +55,7 @@ - * as EGL_NO_X11 - */ - # define MESA_EGL_NO_X11_HEADERS 1 -+# define EGL_NO_X11 1 - # endif - #include "epoxy/egl.h" - #endif diff --git a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb index 1210f73a86..384afa6907 100644 --- a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb +++ b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb @@ -9,11 +9,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b" -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ - file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \ - " -SRC_URI[sha256sum] = "d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4" -GITHUB_BASE_URI = "https://github.com/anholt/libepoxy/releases" +SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https" +SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973" +S = "${WORKDIR}/git" inherit meson pkgconfig features_check github-releases diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch index 57bc522393..f34b870e74 100644 --- a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch +++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch @@ -1,4 +1,4 @@ -From 0234c546d86174fafe9ab280cf5f44de50b73676 Mon Sep 17 00:00:00 2001 +From 77093de6a12c24a60fc447698900d18d0a3943af Mon Sep 17 00:00:00 2001 From: Carlos Rafael Giani <crg7475@mailbox.org> Date: Fri, 18 Mar 2022 12:06:23 +0100 Subject: [PATCH] Disable libunwind in native OE builds by not looking for @@ -22,10 +22,10 @@ Upstream-Status: Inappropriate [OE specific] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 644715a..bbf2e28 100644 +index 7617205..d9b1522 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -869,7 +869,7 @@ if(SDL_LIBC) +@@ -952,7 +952,7 @@ if(SDL_LIBC) check_include_file(sys/types.h HAVE_SYS_TYPES_H) foreach(_HEADER stdio.h stdlib.h stddef.h stdarg.h malloc.h memory.h string.h limits.h float.h diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb index d5cbf73df2..ce5a8aa8f2 100644 --- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb +++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-native = " file://0001-Disable-libunwind-in-native-OE-build S = "${WORKDIR}/SDL2-${PV}" -SRC_URI[sha256sum] = "91e4c34b1768f92d399b078e171448c6af18cafda743987ed2064a28954d6d97" +SRC_URI[sha256sum] = "b35ef0a802b09d90ed3add0dcac0e95820804202914f5bb7b0feb710f1a1329f" inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even diff --git a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb index 6e9b95e1e2..12f41d75a5 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb @@ -30,7 +30,7 @@ PACKAGECONFIG[gles1] = "-Dgles1=enabled,-Dgles1=disabled,virtual/libgles1" PACKAGECONFIG[gles2] = "-Dgles2=enabled,-Dgles2=disabled,virtual/libgles2" PACKAGECONFIG[glut] = "-Dwith-glut=${STAGING_EXECPREFIXDIR},,freeglut" PACKAGECONFIG[osmesa] = "-Dosmesa=enabled,-Dosmesa=disabled," -PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native" +PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native wayland-protocols" PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libglu" do_install:append() { diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb index f2bc8f6b5b..c7c7aa7ac3 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb @@ -8,6 +8,6 @@ S = "${WORKDIR}/mesa-${PV}" # At least one DRI rendering engine is required to build mesa. # When no X11 is available, use osmesa for the rendering engine. -PACKAGECONFIG ??= "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}" -PACKAGECONFIG:class-target = "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}" +PACKAGECONFIG ??= "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}" +PACKAGECONFIG:class-target = "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}" diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index 8a74e0a80a..f9007f3187 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -19,10 +19,12 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \ file://0001-util-format-Check-for-NEON-before-using-it.patch \ - file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch \ " -SRC_URI[sha256sum] = "b1f9c8fd08f2cae3adf83355bef4d2398e8025f44947332880f2d0066bdafa8c" +# required by mesa-native on Ubuntu 18.04 with gcc 7.5 when DEBUG_BUILD enabled +SRC_URI:append:class-native = " file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch" + +SRC_URI[sha256sum] = "ee7d026f7b1991dbae0861d359b671145c3a86f2a731353b885d2ea2d5c098d6" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" @@ -52,17 +54,7 @@ ANY_OF_DISTRO_FEATURES:class-target = "opengl vulkan" PLATFORMS ??= "${@bb.utils.filter('PACKAGECONFIG', 'x11 wayland', d)}" -# By placing llvm-config in the target sysroot bindir, it will then map values -# to the target libdir magically. We can safely add to path as there are no other binaries -# there. -PATH:prepend = "${STAGING_BINDIR_CROSS}:${STAGING_BINDIR}:" MESA_LLVM_RELEASE ?= "${LLVMVERSION}" -do_configure:prepend () { - if [ -e ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ]; then - cp ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ${STAGING_BINDIR} - cp ${STAGING_BINDIR_NATIVE}/llvm-config ${STAGING_BINDIR} - fi -} # set the MESA_BUILD_TYPE to either 'release' (default) or 'debug' # by default the upstream mesa sources build a debug release @@ -179,6 +171,8 @@ PACKAGECONFIG[vulkan-beta] = "-Dvulkan-beta=true,-Dvulkan-beta=false" PACKAGECONFIG[osmesa] = "-Dosmesa=true,-Dosmesa=false" +PACKAGECONFIG[perfetto] = "-Dperfetto=true,-Dperfetto=false,libperfetto" + PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind" PACKAGECONFIG[lmsensors] = "-Dlmsensors=enabled,-Dlmsensors=disabled,lmsensors" diff --git a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb index 96e8aa38d6..96e8aa38d6 100644 --- a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb diff --git a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb index 03e2ca6721..e673366dc7 100644 --- a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb +++ b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb @@ -21,10 +21,10 @@ GIR_MESON_ENABLE_FLAG = "enabled" GIR_MESON_DISABLE_FLAG = "disabled" SRC_URI += "file://run-ptest \ - file://0001-Skip-running-test-layout-test.patch \ -" + file://0001-Skip-running-test-layout-test.patch \ + " -SRC_URI[archive.sha256sum] = "1b636aabf905130d806372136f5e137b6a27f26d47defd9240bf444f6a4fe610" +SRC_URI[archive.sha256sum] = "5cdcf6d761d26a3eb9412b6cb069b32bd1d9b07abf116321167d94c2189299fd" DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi" @@ -38,7 +38,7 @@ PACKAGECONFIG[thai] = ",,libthai" GIR_MESON_OPTION = 'introspection' do_configure:prepend() { - chmod +x ${S}/tests/*.py + chmod +x ${S}/tests/*.py } LEAD_SONAME = "libpango-1.0*" diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb index f758208c6b..4a4e44f685 100644 --- a/poky/meta/recipes-graphics/piglit/piglit_git.bb +++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb @@ -39,7 +39,7 @@ do_compile[dirs] =+ "${B}/temp/" PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}" PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut," PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF" -PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,opencl-icd-loader" +PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd" PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}" PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader" diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb index 94500a96ba..ce47206ac2 100644 --- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb @@ -8,7 +8,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d" SRCREV = "b2a156e1c0434bc8c99aaebba1c7be98be7ac580" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master" +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main" PE = "1" UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb index fc1074d8b8..c6fba3821b 100644 --- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb @@ -8,7 +8,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "c94501352d545e84c821ce031399e76d1af32d18" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https \ file://0001-Remove-default-copy-constructor-in-header.-4879.patch \ " PE = "1" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb index 332411b312..d5d285cd83 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a" -SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \ +SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=main;protocol=https;lfs=0 \ file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \ file://debugfix.patch \ file://0001-Qualify-move-as-std-move.patch;patchdir=third_party/spirv-cross \ diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch new file mode 100644 index 0000000000..722116c07e --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch @@ -0,0 +1,57 @@ +CVE: CVE-2022-3554 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Tue, 4 Oct 2022 18:26:17 -0400 +Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback + +Analysis: + + _XimRegisterIMInstantiateCallback() opens an XIM and closes it using + the internal function pointers, but the internal close function does + not free the pointer to the XIM (this would be done in XCloseIM()). + +Report/patch: + + Date: Mon, 03 Oct 2022 18:47:32 +0800 + From: Po Lu <luangruo@yahoo.com> + To: xorg-devel@lists.x.org + Subject: Re: Yet another leak in Xlib + + For reference, here's how I'm calling XRegisterIMInstantiateCallback: + + XSetLocaleModifiers (""); + XRegisterIMInstantiateCallback (compositor.display, + XrmGetDatabase (compositor.display), + (char *) compositor.resource_name, + (char *) compositor.app_name, + IMInstantiateCallback, NULL); + + and XMODIFIERS is: + + @im=ibus + +Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net> +--- + modules/im/ximcp/imInsClbk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c +index 95b379cb..c10e347f 100644 +--- a/modules/im/ximcp/imInsClbk.c ++++ b/modules/im/ximcp/imInsClbk.c +@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( + if( xim ) { + lock = True; + xim->methods->close( (XIM)xim ); ++ /* XIMs must be freed manually after being opened; close just ++ does the protocol to deinitialize the IM. */ ++ XFree( xim ); + lock = False; + icb->call = True; + callback( display, client_data, NULL ); +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb index 1dcc3abee9..9ff196c897 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb @@ -15,6 +15,7 @@ PE = "1" SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz" SRC_URI += "file://disable_tests.patch \ + file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \ " SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7" diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch new file mode 100644 index 0000000000..d226766d49 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch @@ -0,0 +1,33 @@ +CVE: CVE-2022-44638 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001 +From: Matt Turner <mattst88@gmail.com> +Date: Wed, 2 Nov 2022 12:07:32 -0400 +Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write + +Thanks to Maddie Stone and Google's Project Zero for discovering this +issue, providing a proof-of-concept, and a great analysis. + +Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 +--- + pixman/pixman-trap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c +index 91766fd..7560405 100644 +--- a/pixman/pixman-trap.c ++++ b/pixman/pixman-trap.c +@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y, + + if (f < Y_FRAC_FIRST (n)) + { +- if (pixman_fixed_to_int (i) == 0x8000) ++ if (pixman_fixed_to_int (i) == 0xffff8000) + { + f = 0; /* saturate */ + } +-- +GitLab + diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb index ccfe277746..c56733eefd 100644 --- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb @@ -9,6 +9,7 @@ DEPENDS = "zlib" SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \ file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \ + file://CVE-2022-44638.patch \ " SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4" SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc" diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch new file mode 100644 index 0000000000..4209139da8 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch @@ -0,0 +1,32 @@ +From fc28149b6b198042c8d29e0931415adad7ed3231 Mon Sep 17 00:00:00 2001 +From: Wang Mingyu <wangmy@fujitsu.com> +Date: Thu, 16 Mar 2023 08:03:47 +0000 +Subject: [PATCH] Fix install conflict when enable multilib. + +Automake defines pythondir in terms of libdir (rather than hardcode 'lib' or query it from python as automake upstream does) +https://git.yoctoproject.org/poky/tree/meta/recipes-devtools/automake/automake/0001-automake-Update-for-python.m4-to-respect-libdir.patch + +So libdir needs to be defined when pythondir is defined. + +Upstream-Status: Inappropriate + +Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 8b57a83..580f5bc 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,6 @@ + SUBDIRS = src xcbgen + +-pkgconfigdir = $(datarootdir)/pkgconfig ++pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = xcb-proto.pc + + EXTRA_DIST=doc xcb-proto.pc.in autogen.sh README.md +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb index 4e4472a9c1..e60e7958a7 100644 --- a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb +++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb @@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d763b081cb10c223435b01e00dc0aba7 \ SRC_URI = "https://xorg.freedesktop.org/archive/individual/proto/${BP}.tar.xz \ file://0001-xcb-proto.pc.in-reinstate-libdir.patch \ + file://0001-Fix-install-conflict-when-enable-multilib.patch \ " SRC_URI[sha256sum] = "7072beb1f680a2fe3f9e535b797c146d22528990c72f63ddb49d2f350a3653ed" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 057a1ba6ad..ecb164ddf7 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2011-4613" # impossible or difficult to exploit. There is currently no upstream patch # available for this flaw. CVE_CHECK_IGNORE += "CVE-2020-25697" +# This is specific to XQuartz, which is the macOS X server port +CVE_CHECK_IGNORE += "CVE-2022-3553" S = "${WORKDIR}/${XORG_PN}-${PV}" @@ -80,9 +82,9 @@ PACKAGES =+ "${PN}-sdl \ SUMMARY:xf86-video-modesetting = "X.Org X server -- modesetting display driver" INSANE_SKIP:${MLPREFIX}xf86-video-modesetting = "xorg-driver-abi" -XSERVER_RRECOMMENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput" -RRECOMMENDS:${PN} += "${XSERVER_RRECOMMENDS}" -RRECOMMENDS:${PN}-xwayland += "${XSERVER_RRECOMMENDS}" +XSERVER_RDEPENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput" +RDEPENDS:${PN} += "${XSERVER_RDEPENDS}" +RDEPENDS:${PN}-xwayland += "${XSERVER_RDEPENDS}" RDEPENDS:${PN}-xvfb += "xkeyboard-config" RDEPENDS:${PN}-module-exa = "${PN} (= ${EXTENDPKGV})" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch new file mode 100644 index 0000000000..fc426daba5 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch @@ -0,0 +1,46 @@ +From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Mon, 13 Mar 2023 11:08:47 +0100 +Subject: [PATCH] composite: Fix use-after-free of the COW + +ZDI-CAN-19866/CVE-2023-1393 + +If a client explicitly destroys the compositor overlay window (aka COW), +we would leave a dangling pointer to that window in the CompScreen +structure, which will trigger a use-after-free later. + +Make sure to clear the CompScreen pointer to the COW when the latter gets +destroyed explicitly by the client. + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> + +CVE: CVE-2023-1393 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + composite/compwindow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/composite/compwindow.c b/composite/compwindow.c +index 4e2494b86..b30da589e 100644 +--- a/composite/compwindow.c ++++ b/composite/compwindow.c +@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) + ret = (*pScreen->DestroyWindow) (pWin); + cs->DestroyWindow = pScreen->DestroyWindow; + pScreen->DestroyWindow = compDestroyWindow; ++ ++ /* Did we just destroy the overlay window? */ ++ if (pWin == cs->pOverlayWin) ++ cs->pOverlayWin = NULL; ++ + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ + return ret; + } +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb index b9cbc9989e..f0771cc86e 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb @@ -1,9 +1,10 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ - file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ + file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ + file://0001-composite-Fix-use-after-free-of-the-COW.patch \ " -SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587" +SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb index da1b27525d..6919ba421b 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5" +SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" @@ -23,7 +23,7 @@ OPENGL_PKGCONFIGS = "glx glamor dri3" PACKAGECONFIG ??= "${XORG_CRYPTO} \ ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \ " -PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false" +PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence" PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11" PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,libegl" PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index dea7b65a7c..12f1cf516e 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "ba600ef61a85966596126a6e8d936971905e8749" +SRCREV = "2d01f24bc78256c709728eb3f204491bce13e0e5" PV = "0.3+git${SRCPV}" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb index 45c9d0e861..bf5d4f54e6 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb @@ -45,6 +45,7 @@ LICENSE = "\ & Firmware-phanfw \ & Firmware-qat \ & Firmware-qcom \ + & Firmware-qcom-yamato \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-qualcommAthos_ar3k \ @@ -70,8 +71,8 @@ LICENSE = "\ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ - file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ + file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \ + file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ @@ -109,6 +110,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ + file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ @@ -132,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20" +WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -177,6 +179,7 @@ NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" +NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato" NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" @@ -209,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9" +SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a" inherit allarch @@ -228,6 +231,7 @@ do_install() { PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-mt7601u-license ${PN}-mt7601u \ ${PN}-radeon-license ${PN}-radeon \ + ${PN}-amdgpu-license ${PN}-amdgpu \ ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ @@ -235,6 +239,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8761 \ ${PN}-rtl8168 \ ${PN}-cypress-license \ ${PN}-broadcom-license \ @@ -305,7 +310,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-nvidia-gpu \ ${PN}-netronome-license ${PN}-netronome \ ${PN}-qat ${PN}-qat-license \ - ${PN}-qcom-license \ + ${PN}-qcom-license ${PN}-qcom-yamato-license \ ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ @@ -428,6 +433,17 @@ FILES:${PN}-radeon = " \ RDEPENDS:${PN}-radeon += "${PN}-radeon-license" +# For amdgpu +LICENSE:${PN}-amdgpu = "Firmware-amdgpu" +LICENSE:${PN}-amdgpu-license = "Firmware-amdgpu" + +FILES:${PN}-amdgpu-license = "${nonarch_base_libdir}/firmware/LICENSE.amdgpu" +FILES:${PN}-amdgpu = " \ + ${nonarch_base_libdir}/firmware/amdgpu \ +" + +RDEPENDS:${PN}-amdgpu += "${PN}-amdgpu-license" + # For lontium LICENSE:${PN}-lt9611uxc = "Firmware-Lontium" @@ -563,6 +579,7 @@ LICENSE:${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8761 = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8168 = "WHENCE" @@ -588,6 +605,9 @@ FILES:${PN}-rtl8723 = " \ FILES:${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ " +FILES:${PN}-rtl8761 = " \ + ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \ +" FILES:${PN}-rtl8168 = " \ ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ " @@ -598,6 +618,7 @@ RDEPENDS:${PN}-rtl8192cu += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license" RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" # For ti-connectivity @@ -965,17 +986,44 @@ RDEPENDS:${PN}-qat = "${PN}-qat-license" # For QCOM VPU/GPU and SDM845 LICENSE:${PN}-qcom-license = "Firmware-qcom" +LICENSE:${PN}-qcom-yamato-license = "Firmware-qcom-yamato" +LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom" +LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom" +LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato" +LICENSE:${PN}-qcom-adreno-a3xx = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a4xx = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom" +LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom" + FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato" FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" -FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" +FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw" FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" -FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/a530*.*" FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" @@ -991,13 +1039,14 @@ FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/c FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" + RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license" RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" @@ -1103,3 +1152,6 @@ INSANE_SKIP = "arch" # Don't warn about already stripped files INSANE_SKIP:${PN} = "already-stripped" + +# No need to put firmware into the sysroot +SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc new file mode 100644 index 0000000000..53d5379046 --- /dev/null +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc @@ -0,0 +1,90 @@ +# CVE exclusions specific to version 5.15 of the kernel. + +# 2021 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 +CVE_CHECK_IGNORE += "CVE-2022-3435" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d +CVE_CHECK_IGNORE += "CVE-2022-3534" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde +CVE_CHECK_IGNORE += "CVE-2022-3564" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c +CVE_CHECK_IGNORE += "CVE-2022-3619" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a +CVE_CHECK_IGNORE += "CVE-2022-3640" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 +CVE_CHECK_IGNORE += "CVE-2022-4382" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 +CVE_CHECK_IGNORE += "CVE-2022-42895" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a +CVE_CHECK_IGNORE += "CVE-2022-42896" + + +# 2023 +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 +CVE_CHECK_IGNORE += "CVE-2023-0266" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 +CVE_CHECK_IGNORE += "CVE-2023-0394" + + diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb index 46d706b955..17ae744d0d 100644 --- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -308,6 +308,13 @@ do_install() { # external modules can be built touch -r $kerneldir/build/Makefile $kerneldir/build/include/generated/uapi/linux/version.h + # This fixes a warning that the compilers don't match when building a module + # Change: CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0" + # #define CONFIG_CC_VERSION_TEXT "x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0" + sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' "$kerneldir/build/.config" + sed -i 's/#define CONFIG_CC_VERSION_TEXT ".*\(gcc.*\)"/#define CONFIG_CC_VERSION_TEXT "\1"/' $kerneldir/build/include/generated/autoconf.h + sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' $kerneldir/build/include/config/auto.conf + # make sure these are at least as old as the .config, or rebuilds will trigger touch -r $kerneldir/build/.config $kerneldir/build/include/generated/autoconf.h 2>/dev/null || : touch -r $kerneldir/build/.config $kerneldir/build/include/config/auto.conf* 2>/dev/null || : diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb index b1b57beac3..f01931ddec 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -10,8 +10,6 @@ inherit kernel require recipes-kernel/linux/linux-yocto.inc -# for ncurses tests -inherit pkgconfig # provide this .inc to set specific revisions include recipes-kernel/linux/linux-yocto-dev-revisions.inc diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 6f8648e004..2117e1ffb3 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -2,6 +2,9 @@ KBRANCH ?= "v5.15/standard/preempt-rt/base" require recipes-kernel/linux/linux-yocto.inc +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + # Skip processing of this recipe if it is not explicitly specified as the # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying # to build multiple virtual/kernel providers, e.g. as dependency of @@ -11,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.68" +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb index b3e9fbae62..f4d205e613 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "bc8af638c00f28a46e77e34056079087638f6e65" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine ?= "3101c367eab8952721086b545ad37c301b2a7452" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 4f2bb48743..277a6a6c0d 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,10 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.68" +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb index 466b7063b4..95a8a46bbc 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 091003ed82..9bca0e7124 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -47,7 +47,6 @@ LINUX_VERSION_EXTENSION ??= "-yocto-${LINUX_KERNEL_TYPE}" # Pick up shared functions inherit kernel inherit kernel-yocto -inherit pkgconfig B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 2f91fb7a37..b58ca03ddb 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -2,6 +2,9 @@ KBRANCH ?= "v5.15/standard/base" require recipes-kernel/linux/linux-yocto.inc +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + # board specific branches KBRANCH:qemuarm ?= "v5.15/standard/arm-versatile-926ejs" KBRANCH:qemuarm64 ?= "v5.15/standard/qemuarm64" @@ -13,24 +16,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e" -SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad" -SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a" -SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6" -SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a" -SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010" +SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5" +SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf" +SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558" +SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5" +SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a" +SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +41,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.68" +LINUX_VERSION ?= "5.15.108" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb index f882972e35..5baa0c1130 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.19/standard/base" KBRANCH:qemux86-64 ?= "v5.19/standard/base" KBRANCH:qemumips64 ?= "v5.19/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "446661f6a3b07535304497c1a51d9cab95f48f0b" -SRCREV_machine:qemuarm64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemumips ?= "98da147618fca3da29cf1c6ab9c53f24de2c587c" -SRCREV_machine:qemuppc ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemuriscv64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemuriscv32 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemux86 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemux86-64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemumips64 ?= "53842054198d851b5deb5810afaf126156efbb54" -SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine:qemuarm ?= "f30404d233fc4cc461a0800fd635f4e9650a20a5" +SRCREV_machine:qemuarm64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemumips ?= "ceaf2134635845794c24b750f15004096a597256" +SRCREV_machine:qemuppc ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemuriscv64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemuriscv32 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemux86 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemux86-64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemumips64 ?= "acf9ebb1e7d1ceb61a89ec33ca4cc3613287630b" +SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "d1105a680e66b0482bd18048534c58ecabb5c284" +SRCREV_machine:class-devupstream ?= "2b525314c7b57eac29fe8b77a6589428e4a4f6dd" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.19/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb index 19601e7d1b..8e2fe4164d 100644 --- a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb +++ b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb @@ -10,7 +10,7 @@ DEPENDS = "glib-2.0 util-linux popt bison-native flex-native" SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \ file://run-ptest \ " -SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c" +SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>1(\.\d+)+)$" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch deleted file mode 100644 index 21e27ffc5e..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 10 Aug 2022 11:07:14 -0400 -Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION - -The definition of 'struct compact_control' in 'mm/internal.h' depends on -CONFIG_COMPACTION being defined. Only build the compaction probe when -this configuration option is enabled. - -Thanks to Bruce Ashfield <bruce.ashfield@gmail.com> for reporting this -issue. - -Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660] - -Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> ---- - src/probes/Kbuild | 34 ++++++++++++++++++---------------- - 1 file changed, 18 insertions(+), 16 deletions(-) - -diff --git a/src/probes/Kbuild b/src/probes/Kbuild -index 2908cf75..3e556b8e 100644 ---- a/src/probes/Kbuild -+++ b/src/probes/Kbuild -@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),) - endif # $(wildcard $(btrfs_dep)) - endif # CONFIG_BTRFS_FS - --# A dependency on internal header 'mm/internal.h' was introduced in v5.18 --compaction_dep = $(srctree)/mm/internal.h --compaction_dep_wildcard = $(wildcard $(compaction_dep)) --compaction_dep_check = $(shell \ --if [ \( $(VERSION) -ge 6 \ -- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ -- -z "$(compaction_dep_wildcard)" ] ; then \ -- echo "warn" ; \ --else \ -- echo "ok" ; \ --fi ;) --ifeq ($(compaction_dep_check),ok) -- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o --else -- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) --endif # $(wildcard $(compaction_dep)) -+ifneq ($(CONFIG_COMPACTION),) -+ # A dependency on internal header 'mm/internal.h' was introduced in v5.18 -+ compaction_dep = $(srctree)/mm/internal.h -+ compaction_dep_wildcard = $(wildcard $(compaction_dep)) -+ compaction_dep_check = $(shell \ -+ if [ \( $(VERSION) -ge 6 \ -+ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ -+ -z "$(compaction_dep_wildcard)" ] ; then \ -+ echo "warn" ; \ -+ else \ -+ echo "ok" ; \ -+ fi ;) -+ ifeq ($(compaction_dep_check),ok) -+ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o -+ else -+ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) -+ endif # $(wildcard $(compaction_dep)) -+endif # CONFIG_COMPACTION - - ifneq ($(CONFIG_EXT4_FS),) - ext4_dep = $(srctree)/fs/ext4/*.h --- -2.34.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch deleted file mode 100644 index 62376806c8..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 8 Jun 2022 12:56:36 -0400 -Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint - mm_page_alloc_zone_locked() (v5.19) - -See upstream commit : - - commit 10e0f7530205799e7e971aba699a7cb3a47456de - Author: Wonhyuk Yang <vvghjk1234@gmail.com> - Date: Thu May 19 14:08:54 2022 -0700 - - mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() - - Currently, trace point mm_page_alloc_zone_locked() doesn't show correct - information. - - First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated - from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use - requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA. - - Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages - to be stored on the per-cpu lists") percpu-list can store high order - pages. But trace point determine whether it is a refiil of percpu-list by - comparing requested order and 0. - - To handle these problems, make mm_page_alloc_zone_locked() only be called - by __rmqueue_smallest with correct migration type. With a new argument - called percpu_refill, it can show roughly whether it is a refill of - percpu-list. - -Upstream-Status: Backport - -Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++ - 1 file changed, 45 insertions(+) - -diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h -index 29c0fb7f..8c19e962 100644 ---- a/include/instrumentation/events/kmem.h -+++ b/include/instrumentation/events/kmem.h -@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) -+LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype, -+ int percpu_refill), -+ -+ TP_ARGS(page, order, migratetype, percpu_refill), -+ -+ TP_FIELDS( -+ ctf_integer_hex(struct page *, page, page) -+ ctf_integer(unsigned long, pfn, -+ page ? page_to_pfn(page) : -1UL) -+ ctf_integer(unsigned int, order, order) -+ ctf_integer(int, migratetype, migratetype) -+ ctf_integer(int, percpu_refill, percpu_refill) -+ ) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked, -+ -+ kmem_mm_page_alloc_zone_locked, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype, -+ int percpu_refill), -+ -+ TP_ARGS(page, order, migratetype, percpu_refill) -+) -+ -+LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain, -+ -+ kmem_mm_page_pcpu_drain, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype), -+ -+ TP_ARGS(page, order, migratetype), -+ -+ TP_FIELDS( -+ ctf_integer(unsigned long, pfn, -+ page ? page_to_pfn(page) : -1UL) -+ ctf_integer(unsigned int, order, order) -+ ctf_integer(int, migratetype, migratetype) -+ ) -+) -+#else - LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, - - TP_PROTO(struct page *page, unsigned int order, int migratetype), -@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain, - - TP_ARGS(page, order, migratetype) - ) -+#endif - - #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \ - || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \ --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch deleted file mode 100644 index ca6abea9c0..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d8254360c7f2ff9b3f945e9668d89c0b56b9bd91 Mon Sep 17 00:00:00 2001 -From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Date: Fri, 29 Jul 2022 15:37:43 -0400 -Subject: [PATCH] fix: net: skb: introduce kfree_skb_reason() (v5.15.58..v5.16) - -See upstream commit : - - commit c504e5c2f9648a1e5c2be01e8c3f59d394192bd3 - Author: Menglong Dong <imagedong@tencent.com> - Date: Sun Jan 9 14:36:26 2022 +0800 - - net: skb: introduce kfree_skb_reason() - - Introduce the interface kfree_skb_reason(), which is able to pass - the reason why the skb is dropped to 'kfree_skb' tracepoint. - - Add the 'reason' field to 'trace_kfree_skb', therefor user can get - more detail information about abnormal skb with 'drop_monitor' or - eBPF. - - All drop reasons are defined in the enum 'skb_drop_reason', and - they will be print as string in 'kfree_skb' tracepoint in format - of 'reason: XXX'. - - ( Maybe the reasons should be defined in a uapi header file, so that - user space can use them? ) - -Upstream-Status: Backport - -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Change-Id: Ib3c039207739dad10f097cf76474e0822e351273 ---- - include/instrumentation/events/skb.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/include/instrumentation/events/skb.h b/include/instrumentation/events/skb.h -index 237e54ad..186732ea 100644 ---- a/include/instrumentation/events/skb.h -+++ b/include/instrumentation/events/skb.h -@@ -13,7 +13,9 @@ - /* - * Tracepoint for free an sk_buff: - */ --#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0)) -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0) \ -+ || LTTNG_KERNEL_RANGE(5,15,58, 5,16,0)) -+ - LTTNG_TRACEPOINT_ENUM(skb_drop_reason, - TP_ENUM_VALUES( - ctf_enum_value("NOT_SPECIFIED", SKB_DROP_REASON_NOT_SPECIFIED) --- -2.17.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch deleted file mode 100644 index 84c97d5f90..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch +++ /dev/null @@ -1,76 +0,0 @@ -From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 8 Jun 2022 13:07:59 -0400 -Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin - (v5.19) - -See upstream commit : - - commit 9d6b0cd7579844761ed68926eb3073bab1dca87b - Author: Matthew Wilcox (Oracle) <willy@infradead.org> - Date: Tue Feb 22 14:31:43 2022 -0500 - - fs: Remove flags parameter from aops->write_begin - - There are no more aop flags left, so remove the parameter. - -Upstream-Status: Backport - -Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h -index 513762c0..222416ec 100644 ---- a/include/instrumentation/events/ext4.h -+++ b/include/instrumentation/events/ext4.h -@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) -+LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len), -+ -+ TP_FIELDS( -+ ctf_integer(dev_t, dev, inode->i_sb->s_dev) -+ ctf_integer(ino_t, ino, inode->i_ino) -+ ctf_integer(loff_t, pos, pos) -+ ctf_integer(unsigned int, len, len) -+ ) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len) -+) -+#else - LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, - - TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, -@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, - - TP_ARGS(inode, pos, len, flags) - ) -+#endif - - LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end, - TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch deleted file mode 100644 index 63f9c40d92..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 15 Jun 2022 12:07:16 -0400 -Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19) - -See upstream commit : - - commit 873a400938b31a1e443c4d94b560b78300787540 - Author: Wonhyuk Yang <vvghjk1234@gmail.com> - Date: Wed May 4 11:32:03 2022 +0900 - - workqueue: Fix type of cpu in trace event - - The trace event "workqueue_queue_work" use unsigned int type for - req_cpu, cpu. This casue confusing cpu number like below log. - - $ cat /sys/kernel/debug/tracing/trace - cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295 - - So, change unsigned type to signed type in the trace event. After - applying this patch, cpu number will be printed as -1 instead of - 4294967295 as folllows. - - $ cat /sys/kernel/debug/tracing/trace - cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1 - -Upstream-Status: Backport - -Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++-- - 1 file changed, 46 insertions(+), 3 deletions(-) - -diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h -index 023b65a8..5693cf89 100644 ---- a/include/instrumentation/events/workqueue.h -+++ b/include/instrumentation/events/workqueue.h -@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) - /** - * workqueue_queue_work - called when a work gets queued - * @req_cpu: the requested cpu -- * @cwq: pointer to struct cpu_workqueue_struct -+ * @pwq: pointer to struct pool_workqueue -+ * @work: pointer to struct work_struct -+ * -+ * This event occurs when a work is queued immediately or once a -+ * delayed work is actually queued on a workqueue (ie: once the delay -+ * has been reached). -+ */ -+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, -+ -+ TP_PROTO(int req_cpu, struct pool_workqueue *pwq, -+ struct work_struct *work), -+ -+ TP_ARGS(req_cpu, pwq, work), -+ -+ TP_FIELDS( -+ ctf_integer_hex(void *, work, work) -+ ctf_integer_hex(void *, function, work->func) -+ ctf_integer(int, req_cpu, req_cpu) -+ ) -+) -+#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) -+/** -+ * workqueue_queue_work - called when a work gets queued -+ * @req_cpu: the requested cpu -+ * @pwq: pointer to struct pool_workqueue - * @work: pointer to struct work_struct - * - * This event occurs when a work is queued immediately or once a -@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, - */ - LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, - --#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) - TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq, - struct work_struct *work), - - TP_ARGS(req_cpu, pwq, work), -+ -+ TP_FIELDS( -+ ctf_integer_hex(void *, work, work) -+ ctf_integer_hex(void *, function, work->func) -+ ctf_integer(unsigned int, req_cpu, req_cpu) -+ ) -+) - #else -+/** -+ * workqueue_queue_work - called when a work gets queued -+ * @req_cpu: the requested cpu -+ * @cwq: pointer to struct cpu_workqueue_struct -+ * @work: pointer to struct work_struct -+ * -+ * This event occurs when a work is queued immediately or once a -+ * delayed work is actually queued on a workqueue (ie: once the delay -+ * has been reached). -+ */ -+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, -+ - TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq, - struct work_struct *work), - - TP_ARGS(req_cpu, cwq, work), --#endif - - TP_FIELDS( - ctf_integer_hex(void *, work, work) -@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, - ctf_integer(unsigned int, req_cpu, req_cpu) - ) - ) -+#endif - - /** - * workqueue_activate_work - called when a work gets activated --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb index f60ab3b5f5..a08386b053 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb @@ -11,17 +11,12 @@ include lttng-platforms.inc SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0009-Rename-genhd-wrapper-to-blkdev.patch \ - file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \ - file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \ - file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \ - file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \ - file://0001-fix-compaction.patch \ " # Use :append here so that the patch is applied also when using devupstream SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch" -SRC_URI[sha256sum] = "6159d00e4e1d59546eec8d4a67e1aa39c1084ceb5e5afeb666eab4b8a5b5a9ee" +SRC_URI[sha256sum] = "bf808b113544287cfe837a6382887fa66354ef5cc8216460cebbef3d27dc3581" export INSTALL_MOD_DIR="kernel/lttng-modules" diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch b/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch deleted file mode 100644 index b2ab880bd6..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch +++ /dev/null @@ -1,64 +0,0 @@ -This is a bit ugly. Specifing abs_builddir as an RPATH is plain wrong when -cross compiling. Sadly, removing the rpath makes libtool/automake do -weird things and breaks the build as shared libs are no longer generated. - -We already try and delete the RPATH at do_install with chrpath however -that does leave the path in the string table so it doesn't help us -with reproducibility. - -Instead, hack in a bogus but harmless path, then delete it later in -our do_install. Ultimately we may want to pass a specific path to use -to configure if we really do need to set an RPATH at all. It is unclear -to me whether the tests need that or not. - -Fixes reproducibility issues for lttng-tools. - -Upstream-Status: Pending [needs discussion with upstream about the correct solution] -RP 2021/3/1 - -Index: lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am -=================================================================== ---- lttng-tools-2.12.2.orig/tests/regression/ust/ust-dl/Makefile.am -+++ lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am -@@ -27,16 +27,16 @@ noinst_LTLIBRARIES = libzzz.la libbar.la - - libzzz_la_SOURCES = libzzz.c libzzz.h - libzzz_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - - libbar_la_SOURCES = libbar.c libbar.h - libbar_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - libbar_la_LIBADD = libzzz.la - - libfoo_la_SOURCES = libfoo.c libfoo.h - libfoo_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - libfoo_la_LIBADD = libbar.la - - CLEANFILES = libfoo.so libfoo.so.debug libbar.so libbar.so.debug \ -@@ -44,7 +44,7 @@ CLEANFILES = libfoo.so libfoo.so.debug l - - libtp_la_SOURCES = libbar-tp.h libbar-tp.c libfoo-tp.h libfoo-tp.c \ - libzzz-tp.h libzzz-tp.c --libtp_la_LDFLAGS = -module -shared -rpath $(abs_builddir) -+libtp_la_LDFLAGS = -module -shared -rpath /usr/lib - - # Extract debug symbols - libfoo.so.debug: libfoo.la -Index: lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -=================================================================== ---- lttng-tools-2.12.2.orig/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -+++ lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -@@ -5,7 +5,7 @@ AM_CFLAGS += -O0 - noinst_LTLIBRARIES = libfoo.la - - libfoo_la_SOURCES = foo.c foo.h --libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath $(abs_builddir)/.libs/ -+libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath /usr/lib - - noinst_PROGRAMS = userspace-probe-elf-binary - userspace_probe_elf_binary_SOURCES = userspace-probe-elf-binary.c diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb index a814eb79f9..1f6929e307 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb @@ -35,11 +35,10 @@ SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \ file://0001-tests-do-not-strip-a-helper-library.patch \ file://run-ptest \ file://lttng-sessiond.service \ - file://determinism.patch \ file://disable-tests.patch \ " -SRC_URI[sha256sum] = "b1e959579b260790930b20f3c7aa7cefb8a40e0de80d4a777c2bf78c6b353dc1" +SRC_URI[sha256sum] = "8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337" inherit autotools ptest pkgconfig useradd python3-dir manpages systemd diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb index 56200ac3e1..916408bff0 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb @@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \ file://0001-Makefile.am-update-rpath-link.patch \ " -SRC_URI[sha256sum] = "698f82ec5dc56e981c0bb08c46ebabaf31c60e877c2e365b9fd6d3a9fff8b398" +SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6" CVE_PRODUCT = "ust" diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb index 9afd6714f0..38282e58f1 100644 --- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb +++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://www.yoctoproject.org/" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -inherit kernel-arch +inherit kernel-arch linux-kernel-base inherit pkgconfig PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 5b2f5956a6..691268d785 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -356,6 +356,16 @@ FILES:${PN}-python = " \ " FILES:${PN}-perl = "${libexecdir}/perf-core/scripts/perl" - -INHIBIT_PACKAGE_DEBUG_SPLIT="1" DEBUG_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized" + +PACKAGESPLITFUNCS =+ "perf_fix_sources" + +perf_fix_sources () { + for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \ + util/expr-flex.h util/expr-flex.c; do + f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f + if [ -e $f ]; then + sed -i -e 's#${S}/##g' $f + fi + done +} diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb index 357e79d7e1..ce60154f1e 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84" +SRC_URI[sha256sum] = "fe81e8a8694dc4753a45087a1c4c7e1b48dee5a59f5f796ce374ea550f0b2e73" inherit bin_package allarch diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch new file mode 100644 index 0000000000..2775a81cc8 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch @@ -0,0 +1,89 @@ +From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Sat, 12 Nov 2022 16:12:00 +0100 +Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984] + +Signed-off-by: <narpat.mali@windriver.com> + +--- + libavcodec/rpzaenc.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c +index d710eb4f82..4ced9523e2 100644 +--- a/libavcodec/rpzaenc.c ++++ b/libavcodec/rpzaenc.c +@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt + + // loop thru and compare pixels + for (y = 0; y < bi->block_height; y++) { +- for (x = 0; x < bi->block_width; x++){ ++ for (x = 0; x < bi->block_width; x++) { + // TODO: optimize + min_r = FFMIN(R(block_ptr[x]), min_r); + min_g = FFMIN(G(block_ptr[x]), min_g); +@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi, + return -1; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); + sumx += x; +@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi + int max_err = 0; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + int x_inc, lin_y, lin_x; + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); +@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels, + uint16_t *dest_pixels, + const BlockInfo *bi, int block_counter) + { +- for (int y = 0; y < 4; y++) { ++ const int y_size = FFMIN(4, bi->image_height - bi->row * 4); ++ ++ for (int y = 0; y < y_size; y++) { + memcpy(dest_pixels, src_pixels, 8); + dest_pixels += bi->rowstride; + src_pixels += bi->rowstride; +@@ -730,14 +732,15 @@ post_skip : + + if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK + uint16_t *row_ptr; +- int rgb555; ++ int y_size, rgb555; + + block_offset = get_block_info(&bi, block_counter); + + row_ptr = &src_pixels[block_offset]; ++ y_size = FFMIN(4, bi.image_height - bi.row * 4); + +- for (int y = 0; y < 4; y++) { +- for (int x = 0; x < 4; x++){ ++ for (int y = 0; y < y_size; y++) { ++ for (int x = 0; x < 4; x++) { + rgb555 = row_ptr[x] & ~0x8000; + + put_bits(&s->pb, 16, rgb555); +@@ -745,6 +748,11 @@ post_skip : + row_ptr += bi.rowstride; + } + ++ for (int y = y_size; y < 4; y++) { ++ for (int x = 0; x < 4; x++) ++ put_bits(&s->pb, 16, 0); ++ } ++ + block_counter++; + } else { // FOUR COLOR BLOCK + block_counter += encode_four_color_block(min_color, max_color, +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch new file mode 100644 index 0000000000..923fc6a9c1 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch @@ -0,0 +1,108 @@ +From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Sat, 12 Nov 2022 15:19:21 +0100 +Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd] + +Signed-off-by: <narpat.mali@windriver.com> + +--- + libavcodec/smcenc.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c +index f3d26a4e8d..33549b8ab4 100644 +--- a/libavcodec/smcenc.c ++++ b/libavcodec/smcenc.c +@@ -61,6 +61,7 @@ typedef struct SMCContext { + { \ + row_ptr += stride * 4; \ + pixel_ptr = row_ptr; \ ++ cur_y += 4; \ + } \ + } \ + } +@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0]; + uint8_t *distinct_values = s->distinct_values; + const uint8_t *pixel_ptr, *row_ptr; ++ const int height = frame->height; + const int width = frame->width; + uint8_t block_values[16]; + int block_counter = 0; +@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + int color_octet_index = 0; + int color_table_index; /* indexes to color pair, quad, or octet tables */ + int total_blocks; ++ int cur_y = 0; + + memset(s->color_pairs, 0, sizeof(s->color_pairs)); + memset(s->color_quads, 0, sizeof(s->color_quads)); + memset(s->color_octets, 0, sizeof(s->color_octets)); + + /* Number of 4x4 blocks in frame. */ +- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4); ++ total_blocks = ((width + 3) / 4) * ((height + 3) / 4); + + pixel_ptr = row_ptr = src_pixels; + +@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + int cache_index; + int distinct = 0; + int blocks = 0; ++ int frame_y = cur_y; + + while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + const ptrdiff_t offset = pixel_ptr - src_pixels; + const uint8_t *prev_pixel_ptr = prev_pixels + offset; + +@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + const ptrdiff_t offset = pixel_ptr - src_pixels; + const int sy = offset / stride; + const int sx = offset % stride; +@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride; + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4); + if (compare) + break; +@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) { +- for (int y = 0; y < 4; y++) ++ const int y_size = FFMIN(4, height - cur_y); ++ for (int y = 0; y < y_size; y++) + memcpy(block_values + y * 4, pixel_ptr + y * stride, 4); + + qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values); +@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + blocks = coded_blocks; + distinct = coded_distinct; +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch new file mode 100644 index 0000000000..95bd608a27 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch @@ -0,0 +1,34 @@ +From: Lynne <dev@lynne.ee> +Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100) +Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list +X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690 + +hwcontext_vulkan: remove optional encode/decode extensions from the list + +They're not currently used, so they don't need to be there. +Vulkan stabilized the decode extensions less than a week ago, and their +name prefixes were changed from EXT to KHR. It's a bit too soon to be +depending on it, so rather than bumping, just remove these for now. + +Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690] +--- + +diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c +index f1db1c7291..2a9b5f4aac 100644 +--- a/libavutil/hwcontext_vulkan.c ++++ b/libavutil/hwcontext_vulkan.c +@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = { + { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY }, + { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM }, + #endif +- +- /* Video encoding/decoding */ +- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, + }; + + /* Converts return values to strings */ diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb index 2306fe4a42..2ab34166df 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb @@ -22,8 +22,13 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "95bf3ff8c496511e71e958fb249e663c8c9c3de583c5bebc0f5a9745abbc0435" +SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ + file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ + file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ + file://ffmpeg-fix-vulkan.patch \ + " + +SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 ARM_INSTRUCTION_SET:armv4 = "arm" @@ -137,6 +142,8 @@ LDFLAGS:append:x86 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -f EXTRA_OEMAKE = "V=1" do_configure() { + export TMPDIR="${B}/tmp" + mkdir -p ${B}/tmp ${S}/configure ${EXTRA_OECONF} } diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb index c515e173c8..9db31c18e4 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47" +SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb index e8da49af99..e5925c6510 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "3fedd10560fcdfaa1b6462cbf79a38c4e7b57d7f390359393fc0cef6dbf27dfe" +SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb index fb48562a2b..ec5efcd408 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "8db48040bb41f09edf8d17ff6d16c54888d7777ba4501c2c69f0083350ea9a15" +SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb index 39d5e08b21..2f1793d1ce 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "7a11c13b55dd1d2386dd902219e41cbfcdda8e1e0aa3e738186c95074b35da4f" +SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch deleted file mode 100644 index 23c1048a36..0000000000 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c85a53a41d4e6bfc49c377217ece12a1f330a690 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 12 Aug 2022 22:50:06 -0700 -Subject: [PATCH] include required system headers for isspace() and sscanf() - functions - -Newer compilers ( clang 15 ) has turned stricter and errors out instead -of warning on implicit function declations -Fixes -gstssaparse.c:297:12: error: call to undeclared library function 'isspace' with type 'int (int)'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] -while (isspace(*t)) - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2879] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - gst/subparse/gstssaparse.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c -index ff802fa..5ebe678 100755 ---- a/gst/subparse/gstssaparse.c -+++ b/gst/subparse/gstssaparse.c -@@ -24,6 +24,8 @@ - #include "config.h" - #endif - -+#include <ctype.h> /* isspace() */ -+#include <stdio.h> /* sscanf() */ - #include <stdlib.h> /* atoi() */ - #include <string.h> - --- -2.37.1 - diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb index e5e346e5e9..c37b542c57 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb @@ -10,9 +10,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \ file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ - file://0001-include-required-system-headers-for-isspace-and-ssca.patch \ " -SRC_URI[sha256sum] = "7e30b3dd81a70380ff7554f998471d6996ff76bbe6fc5447096f851e24473c9f" +SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb index 0235935a4a..80aed01973 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ " -SRC_URI[sha256sum] = "f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7" +SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb index ad7b84b5ab..f765e626c9 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "8caa20789a09c304b49cf563d33cca9421b1875b84fcc187e4a385fa01d6aefd" +SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb index 57026ba73b..05e9ace276 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "db348120eae955b8cc4de3560a7ea06e36d6e1ddbaa99a7ad96b59846601cfdc" +SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb index fd4f82fcc3..c9cf42903d 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "ee402718be9b127f0e5e66ca4c1b4f42e4926ec93ba307b7ccca5dc6cc9794ca" +SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb index 6e580f9f79..716f50ebe1 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "6ee99eb316abdde9ad37002915bd8c3867918f6fdc74b7cf2ac4c1ae0d690b45" +SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch new file mode 100644 index 0000000000..f1fac2df57 --- /dev/null +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch @@ -0,0 +1,300 @@ +From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Tue, 21 Jun 2022 11:51:35 +0300 +Subject: [PATCH] bin: Fix race conditions in tests + +The latency messages are non-deterministic and can arrive before/after +async-done or during state-changes as they are posted by e.g. sinks from +their streaming thread but bins are finishing asynchronous state changes +from a secondary helper thread. + +To solve this, expect latency messages at any time and assert that we +receive one at some point during the test. + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643] +Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> +--- + .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------ + 1 file changed, 92 insertions(+), 40 deletions(-) + +diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c +index e366d5fe20f..88ff44db0c3 100644 +--- a/subprojects/gstreamer/tests/check/gst/gstbin.c ++++ b/subprojects/gstreamer/tests/check/gst/gstbin.c +@@ -27,50 +27,95 @@ + #include <gst/base/gstbasesrc.h> + + static void +-pop_async_done (GstBus * bus) ++pop_async_done (GstBus * bus, gboolean * had_latency) + { + GstMessage *message; ++ GstMessageType types = GST_MESSAGE_ASYNC_DONE; ++ ++ if (!*had_latency) ++ types |= GST_MESSAGE_LATENCY; + + GST_DEBUG ("popping async-done message"); +- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1); + +- fail_unless (message && GST_MESSAGE_TYPE (message) +- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); ++ do { ++ message = gst_bus_poll (bus, types, -1); + +- gst_message_unref (message); +- GST_DEBUG ("popped message"); ++ fail_unless (message); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ ++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { ++ fail_unless (*had_latency == FALSE); ++ *had_latency = TRUE; ++ gst_clear_message (&message); ++ types &= ~GST_MESSAGE_LATENCY; ++ continue; ++ } ++ ++ fail_unless (GST_MESSAGE_TYPE (message) ++ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); ++ ++ gst_clear_message (&message); ++ break; ++ } while (TRUE); + } + + static void +-pop_latency (GstBus * bus) ++pop_latency (GstBus * bus, gboolean * had_latency) + { + GstMessage *message; + +- GST_DEBUG ("popping async-done message"); ++ if (*had_latency) ++ return; ++ ++ GST_DEBUG ("popping latency message"); + message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1); + +- fail_unless (message && GST_MESSAGE_TYPE (message) ++ fail_unless (message); ++ fail_unless (GST_MESSAGE_TYPE (message) + == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY"); + +- gst_message_unref (message); +- GST_DEBUG ("popped message"); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ gst_clear_message (&message); ++ ++ *had_latency = TRUE; + } + + static void +-pop_state_changed (GstBus * bus, int count) ++pop_state_changed (GstBus * bus, int count, gboolean * had_latency) + { + GstMessage *message; +- ++ GstMessageType types = GST_MESSAGE_STATE_CHANGED; + int i; + ++ if (!*had_latency) ++ types |= GST_MESSAGE_LATENCY; ++ + GST_DEBUG ("popping %d messages", count); + for (i = 0; i < count; ++i) { +- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1); +- +- fail_unless (message && GST_MESSAGE_TYPE (message) +- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED"); +- +- gst_message_unref (message); ++ do { ++ message = gst_bus_poll (bus, types, -1); ++ ++ fail_unless (message); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ ++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { ++ fail_unless (*had_latency == FALSE); ++ *had_latency = TRUE; ++ gst_clear_message (&message); ++ types &= ~GST_MESSAGE_LATENCY; ++ continue; ++ } ++ ++ fail_unless (GST_MESSAGE_TYPE (message) ++ == GST_MESSAGE_STATE_CHANGED, ++ "did not get GST_MESSAGE_STATE_CHANGED"); ++ ++ gst_message_unref (message); ++ break; ++ } while (TRUE); + } + GST_DEBUG ("popped %d messages", count); + } +@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children) + GstBus *bus; + GstStateChangeReturn ret; + GstState current, pending; ++ gboolean had_latency = FALSE; + + pipeline = GST_PIPELINE (gst_pipeline_new (NULL)); + fail_unless (pipeline != NULL, "Could not create pipeline"); +@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT (sink, "sink", 2); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + fail_if (gst_bus_have_pending (bus), "unexpected pending messages"); + + ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); +@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children) + * its state_change message */ + ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4); + +- pop_state_changed (bus, 3); +- pop_async_done (bus); +- pop_latency (bus); ++ pop_state_changed (bus, 3, &had_latency); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3); +@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); +@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); + +- pop_state_changed (bus, 6); ++ pop_state_changed (bus, 6, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT (src, "src", 1); +@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change) + GstElement *src, *sink, *bin; + GstBus *bus; + GstStateChangeReturn ret; ++ gboolean had_latency = FALSE; + + bin = gst_element_factory_make ("bin", NULL); + fail_unless (bin != NULL, "Could not create bin"); +@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change) + GST_CLOCK_TIME_NONE); + fail_unless (ret == GST_STATE_CHANGE_SUCCESS); + +- pop_state_changed (bus, 6); +- pop_async_done (bus); +- pop_latency (bus); ++ pop_state_changed (bus, 6, &had_latency); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + + fail_unless (gst_bus_have_pending (bus) == FALSE, + "Unexpected messages on bus"); +@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change) + ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING); + fail_unless (ret == GST_STATE_CHANGE_SUCCESS); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + ++ had_latency = FALSE; + /* this one might return either SUCCESS or ASYNC, likely SUCCESS */ + ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); + gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + if (ret == GST_STATE_CHANGE_ASYNC) { +- pop_async_done (bus); +- pop_latency (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + } + + fail_unless (gst_bus_have_pending (bus) == FALSE, +@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + GstStateChangeReturn ret; + GstState current, pending; + GstBus *bus; ++ gboolean had_latency = FALSE; + + pipeline = gst_pipeline_new (NULL); + fail_unless (pipeline != NULL, "Could not create pipeline"); +@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107); + #else + +- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ ++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ + ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, + 108); +- pop_async_done (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + #endif + /* PAUSED => PLAYING */ + GST_DEBUG ("popping PAUSED -> PLAYING messages"); +@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); + + /* TODO: do we need to check downwards state change order as well? */ +- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ +- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ + + while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) + THREAD_SWITCH (); +@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + GstStateChangeReturn ret; + GstState current, pending; + GstBus *bus; ++ gboolean had_latency = FALSE; + + /* (2) Now again, but check other code path where we don't have + * a proper sink correctly flagged as such, but a 'semi-sink' */ +@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206); + ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207); + #else +- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ ++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ + ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, + 208); +- pop_async_done (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + + /* PAUSED => PLAYING */ + GST_DEBUG ("popping PAUSED -> PLAYING messages"); +@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); + + /* TODO: do we need to check downwards state change order as well? */ +- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ +- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ + + GST_DEBUG ("waiting for pipeline to reach refcount 1"); + while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) +-- +GitLab + diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch deleted file mode 100644 index f51df6d20b..0000000000 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch +++ /dev/null @@ -1,107 +0,0 @@ -From b935abba3d8fa3ea1ce384c08e650afd8c20b78a Mon Sep 17 00:00:00 2001 -From: Claudius Heine <ch@denx.de> -Date: Wed, 2 Feb 2022 13:47:02 +0100 -Subject: [PATCH] tests: remove gstbin:test_watch_for_state_change testcase - -This testcase seems to be flaky, and upstream marked it as such: -https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/778 - -This patch removes the testcase to avoid it interfering with out ptest. - -Signed-off-by: Claudius Heine <ch@denx.de> - -Upstream-Status: Inappropriate [needs proper upstream fix] ---- - tests/check/gst/gstbin.c | 69 ------------------- - 1 file changed, 69 deletions(-) - -diff --git a/tests/check/gst/gstbin.c b/tests/check/gst/gstbin.c -index e366d5fe20..ac29d81474 100644 ---- a/tests/check/gst/gstbin.c -+++ b/tests/check/gst/gstbin.c -@@ -691,74 +691,6 @@ GST_START_TEST (test_message_state_changed_children) - - GST_END_TEST; - --GST_START_TEST (test_watch_for_state_change) --{ -- GstElement *src, *sink, *bin; -- GstBus *bus; -- GstStateChangeReturn ret; -- -- bin = gst_element_factory_make ("bin", NULL); -- fail_unless (bin != NULL, "Could not create bin"); -- -- bus = g_object_new (gst_bus_get_type (), NULL); -- gst_object_ref_sink (bus); -- gst_element_set_bus (GST_ELEMENT_CAST (bin), bus); -- -- src = gst_element_factory_make ("fakesrc", NULL); -- fail_if (src == NULL, "Could not create fakesrc"); -- sink = gst_element_factory_make ("fakesink", NULL); -- fail_if (sink == NULL, "Could not create fakesink"); -- -- gst_bin_add (GST_BIN (bin), sink); -- gst_bin_add (GST_BIN (bin), src); -- -- fail_unless (gst_element_link (src, sink), "could not link src and sink"); -- -- /* change state, spawning two times three messages */ -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); -- fail_unless (ret == GST_STATE_CHANGE_ASYNC); -- ret = -- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, -- GST_CLOCK_TIME_NONE); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- pop_state_changed (bus, 6); -- pop_async_done (bus); -- pop_latency (bus); -- -- fail_unless (gst_bus_have_pending (bus) == FALSE, -- "Unexpected messages on bus"); -- -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- pop_state_changed (bus, 3); -- -- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */ -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); -- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE); -- -- pop_state_changed (bus, 3); -- if (ret == GST_STATE_CHANGE_ASYNC) { -- pop_async_done (bus); -- pop_latency (bus); -- } -- -- fail_unless (gst_bus_have_pending (bus) == FALSE, -- "Unexpected messages on bus"); -- -- gst_bus_set_flushing (bus, TRUE); -- -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_NULL); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- /* clean up */ -- gst_object_unref (bus); -- gst_object_unref (bin); --} -- --GST_END_TEST; -- - GST_START_TEST (test_state_change_error_message) - { - GstElement *src, *sink, *bin; -@@ -1956,7 +1888,6 @@ gst_bin_suite (void) - tcase_add_test (tc_chain, test_message_state_changed); - tcase_add_test (tc_chain, test_message_state_changed_child); - tcase_add_test (tc_chain, test_message_state_changed_children); -- tcase_add_test (tc_chain, test_watch_for_state_change); - tcase_add_test (tc_chain, test_state_change_error_message); - tcase_add_test (tc_chain, test_add_linked); - tcase_add_test (tc_chain, test_add_self); --- -2.33.1 - diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb index 1f4576c3e1..ce9c1c116f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb @@ -21,9 +21,9 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \ file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ - file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \ + file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "607daf64bbbd5fb18af9d17e21c0d22c4d702fffe83b23cb22d1b1af2ca23a2a" +SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb index dc627203ef..a6c229f5cf 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib" LIBV = "16" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be" +SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" @@ -22,7 +22,9 @@ BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config" inherit autotools binconfig-disabled pkgconfig # Work around missing symbols -EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" +ARMNEON = "${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" +ARMNEON:aarch64 = "--enable-hardware-optimizations=on" +EXTRA_OECONF += "${ARMNEON}" PACKAGES =+ "${PN}-tools" diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch new file mode 100644 index 0000000000..ce72c86120 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch @@ -0,0 +1,266 @@ +CVE: CVE-2022-3599 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Tue, 30 Aug 2022 16:56:48 +0200 +Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related + TIFFTAG_NUMBEROFINKS value + +In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed: + +Behaviour for writing: + `NumberOfInks` MUST fit to the number of inks in the `InkNames` string. + `NumberOfInks` is automatically set when `InkNames` is set. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +Behaviour for reading: + When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow + +This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456. + +It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue. +--- + libtiff/tif_dir.c | 119 ++++++++++++++++++++++++----------------- + libtiff/tif_dir.h | 2 + + libtiff/tif_dirinfo.c | 2 +- + libtiff/tif_dirwrite.c | 5 ++ + libtiff/tif_print.c | 4 ++ + 5 files changed, 82 insertions(+), 50 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 793e8a79..816f7756 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v) + } + + /* +- * Confirm we have "samplesperpixel" ink names separated by \0. Returns ++ * Count ink names separated by \0. Returns + * zero if the ink names are not as expected. + */ +-static uint32_t +-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s) ++static uint16_t ++countInkNamesString(TIFF *tif, uint32_t slen, const char *s) + { +- TIFFDirectory* td = &tif->tif_dir; +- uint16_t i = td->td_samplesperpixel; ++ uint16_t i = 0; ++ const char *ep = s + slen; ++ const char *cp = s; + + if (slen > 0) { +- const char* ep = s+slen; +- const char* cp = s; +- for (; i > 0; i--) { ++ do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) + goto bad; + cp++; /* skip \0 */ +- } +- return ((uint32_t)(cp - s)); ++ i++; ++ } while (cp < ep); ++ return (i); + } + bad: + TIFFErrorExt(tif->tif_clientdata, "TIFFSetField", +- "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16, +- tif->tif_name, +- td->td_samplesperpixel, +- (uint16_t)(td->td_samplesperpixel-i)); ++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink", ++ tif->tif_name, slen, i); + return (0); + } + +@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) + _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); + break; + case TIFFTAG_INKNAMES: +- v = (uint16_t) va_arg(ap, uint16_vap); +- s = va_arg(ap, char*); +- v = checkInkNamesString(tif, v, s); +- status = v > 0; +- if( v > 0 ) { +- _TIFFsetNString(&td->td_inknames, s, v); +- td->td_inknameslen = v; ++ { ++ v = (uint16_t) va_arg(ap, uint16_vap); ++ s = va_arg(ap, char*); ++ uint16_t ninksinstring; ++ ninksinstring = countInkNamesString(tif, v, s); ++ status = ninksinstring > 0; ++ if(ninksinstring > 0 ) { ++ _TIFFsetNString(&td->td_inknames, s, v); ++ td->td_inknameslen = v; ++ /* Set NumberOfInks to the value ninksinstring */ ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (td->td_numberofinks != ninksinstring) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring); ++ td->td_numberofinks = ninksinstring; ++ } ++ } else { ++ td->td_numberofinks = ninksinstring; ++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS); ++ } ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel); ++ } ++ } ++ } ++ } ++ break; ++ case TIFFTAG_NUMBEROFINKS: ++ v = (uint16_t)va_arg(ap, uint16_vap); ++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */ ++ if (TIFFFieldSet(tif, FIELD_INKNAMES)) ++ { ++ if (v != td->td_numberofinks) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")", ++ tif->tif_name, fip->field_name, v, td->td_numberofinks); ++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */ ++ status = 0; ++ } ++ } else { ++ td->td_numberofinks = (uint16_t)v; ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel); ++ } ++ } + } + break; + case TIFFTAG_PERSAMPLE: +@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + if (fip->field_bit == FIELD_CUSTOM) { + standard_tag = 0; + } +- +- if( standard_tag == TIFFTAG_NUMBEROFINKS ) +- { +- int i; +- for (i = 0; i < td->td_customValueCount; i++) { +- uint16_t val; +- TIFFTagValue *tv = td->td_customValues + i; +- if (tv->info->field_tag != standard_tag) +- continue; +- if( tv->value == NULL ) +- return 0; +- val = *(uint16_t *)tv->value; +- /* Truncate to SamplesPerPixel, since the */ +- /* setting code for INKNAMES assume that there are SamplesPerPixel */ +- /* inknames. */ +- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ +- if( val > td->td_samplesperpixel ) +- { +- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", +- "Truncating NumberOfInks from %u to %"PRIu16, +- val, td->td_samplesperpixel); +- val = td->td_samplesperpixel; +- } +- *va_arg(ap, uint16_t*) = val; +- return 1; +- } +- return 0; +- } + + switch (standard_tag) { + case TIFFTAG_SUBFILETYPE: +@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + case TIFFTAG_INKNAMES: + *va_arg(ap, const char**) = td->td_inknames; + break; ++ case TIFFTAG_NUMBEROFINKS: ++ *va_arg(ap, uint16_t *) = td->td_numberofinks; ++ break; + default: + { + int i; +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index 09065648..0c251c9e 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -117,6 +117,7 @@ typedef struct { + /* CMYK parameters */ + int td_inknameslen; + char* td_inknames; ++ uint16_t td_numberofinks; /* number of inks in InkNames string */ + + int td_customValueCount; + TIFFTagValue *td_customValues; +@@ -174,6 +175,7 @@ typedef struct { + #define FIELD_TRANSFERFUNCTION 44 + #define FIELD_INKNAMES 46 + #define FIELD_SUBIFD 49 ++#define FIELD_NUMBEROFINKS 50 + /* FIELD_CUSTOM (see tiffio.h) 65 */ + /* end of support for well-known tags; codec-private tags follow */ + #define FIELD_CODEC 66 /* base of codec-private tags */ +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 3371cb5c..3b4bcd33 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -114,7 +114,7 @@ tiffFields[] = { + { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray }, + { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL }, + { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL }, +- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL }, ++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL }, + { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL }, + { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL }, + { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL }, +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 6c86fdca..062e4610 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff) + if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames)) + goto bad; + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks)) ++ goto bad; ++ } + if (TIFFFieldSet(tif,FIELD_SUBIFD)) + { + if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir)) +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 16ce5780..a91b9e7b 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + } + fputs("\n", fd); + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) { ++ fprintf(fd, " NumberOfInks: %d\n", ++ td->td_numberofinks); ++ } + if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { + fprintf(fd, " Thresholding: "); + switch (td->td_threshholding) { +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch new file mode 100644 index 0000000000..02642ecfbc --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch @@ -0,0 +1,36 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Sat, 20 Aug 2022 23:35:26 +0200 +Subject: [PATCH] tiffcrop -S option: Make decision simpler. + +--- + tools/tiffcrop.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index c3b758ec..8fd856dc 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + } + /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ + char XY, Z, R, S; +- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); +- Z = (crop_data->crop_mode & CROP_ZONES); +- R = (crop_data->crop_mode & CROP_REGIONS); +- S = (page->mode & PAGE_MODE_ROWSCOLS); +- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0; ++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0; ++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; ++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; ++ if (XY + Z + R + S > 1) { + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); + exit(EXIT_FAILURE); + } +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch new file mode 100644 index 0000000000..3e33f4adea --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch @@ -0,0 +1,59 @@ +CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Thu, 25 Aug 2022 16:11:41 +0200 +Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options + with any PAGE_MODE_x option (fixes #411 and #413) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S. + +Code analysis: + +With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[]. +In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) . + +Execution of the else-clause often leads to buffer-overflows. + +Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows. + +The MR solves issues #411 and #413. +--- + doc/tools/tiffcrop.rst | 8 ++++++++ + tools/tiffcrop.c | 32 +++++++++++++++++++++++++------- + 2 files changed, 33 insertions(+), 7 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 8fd856dc..41a2ea36 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; + S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; + if (XY + Z + R + S > 1) { +- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); + exit(EXIT_FAILURE); + } ++ ++ /* Check for not allowed combination: ++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options ++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. ++. */ ++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { ++ TIFFError("tiffcrop input error", ++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); ++ exit(EXIT_FAILURE); ++ } ++ + } /* end process_command_opts */ + + /* Start a new output file if one has not been previously opened or +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch new file mode 100644 index 0000000000..e44b9bc57c --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch @@ -0,0 +1,653 @@ +CVE: CVE-2022-3570 CVE-2022-3598 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From afd7086090dafd3949afd172822cbcec4ed17d56 Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Thu, 13 Oct 2022 14:33:27 +0000 +Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271, + #381, #386, #388, #389, #435) + +--- + tools/tiffcrop.c | 209 ++++++++++++++++++++++++++--------------------- + 1 file changed, 118 insertions(+), 91 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 41a2ea36..deab5feb 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -212,6 +212,10 @@ static char tiffcrop_rev_date[] = "26-08-2022"; + + #define TIFF_DIR_MAX 65534 + ++/* Some conversion subroutines require image buffers, which are at least 3 bytes ++ * larger than the necessary size for the image itself. */ ++#define NUM_BUFF_OVERSIZE_BYTES 3 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32_t tmargin; +@@ -233,7 +237,7 @@ struct offset { + */ + + struct buffinfo { +- uint32_t size; /* size of this buffer */ ++ size_t size; /* size of this buffer */ + unsigned char *buffer; /* address of the allocated buffer */ + }; + +@@ -810,8 +814,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + uint32_t dst_rowsize, shift_width; + uint32_t bytes_per_sample, bytes_per_pixel; + uint32_t trailing_bits, prev_trailing_bits; +- uint32_t tile_rowsize = TIFFTileRowSize(in); +- uint32_t src_offset, dst_offset; ++ tmsize_t tile_rowsize = TIFFTileRowSize(in); ++ tmsize_t src_offset, dst_offset; + uint32_t row_offset, col_offset; + uint8_t *bufp = (uint8_t*) buf; + unsigned char *src = NULL; +@@ -861,7 +865,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); + exit(EXIT_FAILURE); + } +- tilebuf = limitMalloc(tile_buffsize + 3); ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 0; + tilebuf[tile_buffsize] = 0; +@@ -1024,7 +1028,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf, + for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++) + { + srcbuffs[sample] = NULL; +- tbuff = (unsigned char *)limitMalloc(tilesize + 8); ++ tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES); + if (!tbuff) + { + TIFFError ("readSeparateTilesIntoBuffer", +@@ -1217,7 +1221,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + rowstripsize = rowsperstrip * bytes_per_sample * (width + 1); + +- obuf = limitMalloc (rowstripsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (obuf == NULL) + return 1; + +@@ -1229,7 +1234,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + + stripsize = TIFFVStripSize(out, nrows); + src = buf + (row * rowsize); +- memset (obuf, '\0', rowstripsize); ++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump)) + { + _TIFFfree(obuf); +@@ -1237,10 +1242,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + if ((dump->outfile != NULL) && (dump->level == 1)) + { +- dump_info(dump->outfile, dump->format,"", ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } ++ dump_info(dump->outfile, dump->format,"", + "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d", +- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf); +- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf); ++ s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf); ++ dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf); + } + + if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) +@@ -1267,7 +1277,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +- uint32_t tile_rowsize = TIFFTileRowSize(out); ++ tmsize_t tile_rowsize = TIFFTileRowSize(out); + uint8_t* bufp = (uint8_t*) buf; + tsize_t tile_buffsize = 0; + tsize_t tilesize = TIFFTileSize(out); +@@ -1310,9 +1320,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + } + src_rowsize = ((imagewidth * spp * bps) + 7U) / 8; + +- tilebuf = limitMalloc(tile_buffsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 1; ++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + for (row = 0; row < imagelength; row += tl) + { + nrow = (row + tl > imagelength) ? imagelength - row : tl; +@@ -1358,7 +1370,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + uint32_t imagewidth, tsample_t spp, + struct dump_opts * dump) + { +- tdata_t obuf = limitMalloc(TIFFTileSize(out)); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +@@ -1368,6 +1381,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + + if (obuf == NULL) + return 1; ++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + + if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) || + !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) || +@@ -1793,14 +1807,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + + *opt_offset = '\0'; + /* convert option to lowercase */ +- end = strlen (opt_ptr); ++ end = (unsigned int)strlen (opt_ptr); + for (i = 0; i < end; i++) + *(opt_ptr + i) = tolower((int) *(opt_ptr + i)); + /* Look for dump format specification */ + if (strncmp(opt_ptr, "for", 3) == 0) + { + /* convert value to lowercase */ +- end = strlen (opt_offset + 1); ++ end = (unsigned int)strlen (opt_offset + 1); + for (i = 1; i <= end; i++) + *(opt_offset + i) = tolower((int) *(opt_offset + i)); + /* check dump format value */ +@@ -2273,6 +2287,8 @@ main(int argc, char* argv[]) + size_t length; + char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */ + ++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3); ++ + little_endian = *((unsigned char *)&little_endian) & '1'; + + initImageData(&image); +@@ -3227,13 +3243,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3642,13 +3658,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3825,10 +3841,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3 + static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + { + uint8_t* bufp = buf; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint32_t strip, nstrips = TIFFNumberOfStrips(in); +- uint32_t stripsize = TIFFStripSize(in); +- uint32_t rows = 0; ++ tmsize_t stripsize = TIFFStripSize(in); ++ tmsize_t rows = 0; + uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); + tsize_t scanline_size = TIFFScanlineSize(in); + +@@ -3841,11 +3857,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); + rows = bytes_read / scanline_size; + if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize)) +- TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32, ++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64, + strip + 1, bytes_read, stripsize); + + if (bytes_read < 0 && !ignore) { +- TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows", ++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows", + strip, rows); + return 0; + } +@@ -4310,13 +4326,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4359,10 +4375,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4835,13 +4851,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4884,10 +4900,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4910,7 +4926,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + { + int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; + uint32_t j; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint16_t bps = 0, planar; + uint32_t nstrips; + uint32_t strips_per_sample; +@@ -4976,7 +4992,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + srcbuffs[s] = NULL; +- buff = limitMalloc(stripsize + 3); ++ buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES); + if (!buff) + { + TIFFError ("readSeparateStripsIntoBuffer", +@@ -4999,7 +5015,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + buff = srcbuffs[s]; + strip = (s * strips_per_sample) + j; + bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize); +- rows_this_strip = bytes_read / src_rowsize; ++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize); + if (bytes_read < 0 && !ignore) + { + TIFFError(TIFFFileName(in), +@@ -6062,13 +6078,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + uint16_t input_compression = 0, input_photometric = 0; + uint16_t subsampling_horiz, subsampling_vert; + uint32_t width = 0, length = 0; +- uint32_t stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; ++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0; ++ tmsize_t scanlinesize = 0; + uint32_t tw = 0, tl = 0; /* Tile width and length */ +- uint32_t tile_rowsize = 0; ++ tmsize_t tile_rowsize = 0; + unsigned char *read_buff = NULL; + unsigned char *new_buff = NULL; + int readunit = 0; +- static uint32_t prev_readsize = 0; ++ static tmsize_t prev_readsize = 0; + + TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); +@@ -6325,6 +6342,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + /* The buffsize_check and the possible adaptation of buffsize + * has to account also for padding of each line to a byte boundary. + * This is assumed by mirrorImage() and rotateImage(). ++ * Furthermore, functions like extractContigSamplesShifted32bits() ++ * need a buffer, which is at least 3 bytes larger than the actual image. + * Otherwise buffer-overflow might occur there. + */ + buffsize_check = length * (uint32_t)(((width * spp * bps) + 7) / 8); +@@ -6376,7 +6395,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { +@@ -6387,11 +6406,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- new_buff = _TIFFrealloc(read_buff, buffsize+3); ++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (read_buff); +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + read_buff = new_buff; +@@ -6464,8 +6483,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + dump_info (dump->infile, dump->format, "", + "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp); + ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } + for (i = 0; i < length; i++) +- dump_buffer(dump->infile, dump->format, 1, scanlinesize, ++ dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize, + i, read_buff + (i * scanlinesize)); + } + return (0); +@@ -7485,13 +7509,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -7554,23 +7578,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + + if (!sect_buff) + { +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { + if (prev_sectsize < sectsize) + { +- new_buff = _TIFFrealloc(sect_buff, sectsize); ++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + _TIFFfree (sect_buff); +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + sect_buff = new_buff; +@@ -7580,7 +7604,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -7611,17 +7635,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[0].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7634,7 +7658,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[0].buffer = crop_buff; + seg_buffs[0].size = cropsize; + +@@ -7714,17 +7738,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[i].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7737,7 +7761,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[i].buffer = crop_buff; + seg_buffs[i].size = cropsize; + +@@ -7853,24 +7877,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + crop_buff = *crop_buff_ptr; + if (!crop_buff) + { +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + prev_cropsize = cropsize; + } + else + { + if (prev_cropsize < cropsize) + { +- new_buff = _TIFFrealloc(crop_buff, cropsize); ++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = new_buff; +@@ -7879,7 +7903,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -8177,13 +8201,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -8568,13 +8592,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_ + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -8643,12 +8667,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width, + return (-1); + } + +- if (!(rbuff = (unsigned char *)limitMalloc(buffsize))) ++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */ ++ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES))) + { +- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize); ++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } +- _TIFFmemset(rbuff, '\0', buffsize); ++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES); + + ibuff = *ibuff_ptr; + switch (rotation) +@@ -9176,13 +9201,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -9273,12 +9298,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + case MIRROR_BOTH: + case MIRROR_VERT: +- line_buff = (unsigned char *)limitMalloc(rowsize); ++ line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES); + if (line_buff == NULL) + { +- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize); ++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + + dst = ibuff + (rowsize * (length - 1)); + for (row = 0; row < length / 2; row++) +@@ -9310,11 +9336,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + } + else + { /* non 8 bit per sample data */ +- if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1))) ++ if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES))) + { + TIFFError("mirrorImage", "Unable to allocate mirror line buffer"); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + bytes_per_sample = (bps + 7) / 8; + bytes_per_pixel = ((bps * spp) + 7) / 8; + if (bytes_per_pixel < (bytes_per_sample + 1)) +@@ -9326,7 +9353,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + row_offset = row * rowsize; + src = ibuff + row_offset; +- _TIFFmemset (line_buff, '\0', rowsize); ++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + switch (shift_width) + { + case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff)) +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch index 98020ff92f..e673945fa3 100644 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch @@ -1,4 +1,4 @@ -CVE: CVE-2022-2053 +CVE: CVE-2022-2953 Upstream-Status: Backport Signed-off-by: Ross Burton <ross.burton@arm.com> diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch new file mode 100644 index 0000000000..b3352ba8ab --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch @@ -0,0 +1,39 @@ +From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 8 Nov 2022 15:16:58 +0100 +Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on + strips/tiles > 2 GB + +Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 +Upstream-Status: Accepted +--- + libtiff/tif_getimage.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index a4d0c1d6..60b94d8e 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in + return( ok ); + + for( i_row = 0; i_row < read_ysize; i_row++ ) { +- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize, +- raster + (read_ysize - i_row - 1) * read_xsize, ++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, ++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize, + read_xsize * sizeof(uint32_t) ); +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize, + 0, sizeof(uint32_t) * (tile_xsize - read_xsize) ); + } + + for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) { +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, + 0, sizeof(uint32_t) * tile_xsize ); + } + +-- +2.33.0 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch new file mode 100644 index 0000000000..4f8dc35251 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch @@ -0,0 +1,26 @@ +From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Sat, 21 Jan 2023 15:58:10 +0000 +Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. + + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz] +CVE: CVE-2022-48281 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: tiff-4.2.0/tools/tiffcrop.c +=================================================================== +--- tiff-4.2.0.orig/tools/tiffcrop.c ++++ tiff-4.2.0/tools/tiffcrop.c +@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data + crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { +- prev_cropsize = seg_buffs[0].size; ++ prev_cropsize = seg_buffs[1].size; + if (prev_cropsize < cropsize) + { + next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch new file mode 100644 index 0000000000..926df680b3 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch @@ -0,0 +1,154 @@ +From: Markus Koschany <apo@debian.org> +Date: Tue, 21 Feb 2023 14:26:43 +0100 +Subject: CVE-2023-0795 + +This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, +CVE-2023-0799. + +Bug-Debian: https://bugs.debian.org/1031632 +Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + +CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 +Upstream-Status: Backport [import from ubuntu debian/patches/CVE-2023-0795.patch http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.4.0-4ubuntu3.3.debian.tar.xz ] +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++++--------------------- + 1 file changed, 30 insertions(+), 21 deletions(-) + +--- tiff-4.4.0.orig/tools/tiffcrop.c ++++ tiff-4.4.0/tools/tiffcrop.c +@@ -269,7 +269,6 @@ struct region { + uint32_t width; /* width in pixels */ + uint32_t length; /* length in pixels */ + uint32_t buffsize; /* size of buffer needed to hold the cropped region */ +- unsigned char *buffptr; /* address of start of the region */ + }; + + /* Cropping parameters from command line and image data +@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uin + static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t, + uint32_t, uint32_t, uint8_t *, uint8_t *); + static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *, +- unsigned char **); ++ unsigned char **, int); + static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, + unsigned char *); + static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, +@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps) + cps->regionlist[i].width = 0; + cps->regionlist[i].length = 0; + cps->regionlist[i].buffsize = 0; +- cps->regionlist[i].buffptr = NULL; + cps->zonelist[i].position = 0; + cps->zonelist[i].total = 0; + } +@@ -6551,8 +6549,13 @@ static int correct_orientation(struct i + (uint16_t) (image->adjustments & ROTATE_ANY)); + return (-1); + } +- +- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr)) ++ ++ /* Dummy variable in order not to switch two times the ++ * image->width,->length within rotateImage(), ++ * but switch xres, yres there. */ ++ uint32_t width = image->width; ++ uint32_t length = image->length; ++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE)) + { + TIFFError ("correct_orientation", "Unable to rotate image"); + return (-1); +@@ -6661,7 +6664,6 @@ extractCompositeRegions(struct image_dat + /* These should not be needed for composite images */ + crop->regionlist[i].width = crop_width; + crop->regionlist[i].length = crop_length; +- crop->regionlist[i].buffptr = crop_buff; + + src_rowsize = ((img_width * bps * spp) + 7) / 8; + dst_rowsize = (((crop_width * bps * count) + 7) / 8); +@@ -6900,7 +6902,6 @@ extractSeparateRegion(struct image_data + + crop->regionlist[region].width = crop_width; + crop->regionlist[region].length = crop_length; +- crop->regionlist[region].buffptr = crop_buff; + + src = read_buff; + dst = crop_buff; +@@ -7778,7 +7779,7 @@ processCropSelections(struct image_data + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, &crop_buff)) ++ &crop->combined_length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation); +@@ -7888,7 +7889,7 @@ processCropSelections(struct image_data + * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !! + */ + if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, +- &crop->regionlist[i].length, &crop_buff)) ++ &crop->regionlist[i].length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation); +@@ -8020,7 +8021,7 @@ createCroppedImage(struct image_data *im + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, crop_buff_ptr)) ++ &crop->combined_length, crop_buff_ptr, TRUE)) + { + TIFFError("createCroppedImage", + "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation); +@@ -8683,7 +8684,7 @@ rotateContigSamples32bits(uint16_t rotat + /* Rotate an image by a multiple of 90 degrees clockwise */ + static int + rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width, +- uint32_t *img_length, unsigned char **ibuff_ptr) ++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params) + { + int shift_width; + uint32_t bytes_per_pixel, bytes_per_sample; +@@ -8874,11 +8875,15 @@ rotateImage(uint16_t rotation, struct im + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + + case 270: if ((bps % 8) == 0) /* byte aligned data */ +@@ -8951,11 +8956,15 @@ rotateImage(uint16_t rotation, struct im + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + default: + break; diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch new file mode 100644 index 0000000000..8372bc35f2 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch @@ -0,0 +1,128 @@ +From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Sun, 5 Feb 2023 15:53:15 +0000 +Subject: [PATCH] tiffcrop: added check for assumption on composite images + (fixes #496) + +tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action. + +Closes #496, #497, #498, #500, #501. + +Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ] +CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 66 insertions(+), 2 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 84e26ac6..480b927c 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -5329,18 +5329,39 @@ + + crop->regionlist[i].buffsize = buffsize; + crop->bufftotal += buffsize; ++ /* For composite images with more than one region, the ++ * combined_length or combined_width always needs to be equal, ++ * respectively. ++ * Otherwise, even the first section/region copy ++ * action might cause buffer overrun. */ + if (crop->img_mode == COMPOSITE_IMAGES) + { + switch (crop->edge_ref) + { + case EDGE_LEFT: + case EDGE_RIGHT: ++ if (i > 0 && zlength != crop->combined_length) ++ { ++ TIFFError( ++ "computeInputPixelOffsets", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (-1); ++ } + crop->combined_length = zlength; + crop->combined_width += zwidth; + break; + case EDGE_BOTTOM: + case EDGE_TOP: /* width from left, length from top */ + default: ++ if (i > 0 && zwidth != crop->combined_width) ++ { ++ TIFFError("computeInputPixelOffsets", ++ "Only equal width regions can be " ++ "combined for -E " ++ "top or bottom"); ++ return (-1); ++ } + crop->combined_width = zwidth; + crop->combined_length += zlength; + break; +@@ -6546,6 +6567,46 @@ + crop->combined_width = 0; + crop->combined_length = 0; + ++ /* If there is more than one region, check beforehand whether all the width ++ * and length values of the regions are the same, respectively. */ ++ switch (crop->edge_ref) ++ { ++ default: ++ case EDGE_TOP: ++ case EDGE_BOTTOM: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_width0 = ++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; ++ uint32_t crop_width1 = ++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; ++ if (crop_width0 != crop_width1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal width regions can be combined for -E " ++ "top or bottom"); ++ return (1); ++ } ++ } ++ break; ++ case EDGE_LEFT: ++ case EDGE_RIGHT: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_length0 = ++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; ++ uint32_t crop_length1 = ++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; ++ if (crop_length0 != crop_length1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (1); ++ } ++ } ++ } ++ + for (i = 0; i < crop->selections; i++) + { + /* rows, columns, width, length are expressed in pixels */ +@@ -6570,7 +6631,8 @@ + default: + case EDGE_TOP: + case EDGE_BOTTOM: +- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) ++ if ((crop->selections > i + 1) && ++ (crop_width != crop->regionlist[i + 1].width)) + { + TIFFError ("extractCompositeRegions", + "Only equal width regions can be combined for -E top or bottom"); +@@ -6651,7 +6713,8 @@ + break; + case EDGE_LEFT: /* splice the pieces of each row together, side by side */ + case EDGE_RIGHT: +- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) ++ if ((crop->selections > i + 1) && ++ (crop_length != crop->regionlist[i + 1].length)) + { + TIFFError ("extractCompositeRegions", + "Only equal length regions can be combined for -E left or right"); diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb index caf6f60479..9df3c5a015 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb @@ -12,6 +12,14 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ file://CVE-2022-34526.patch \ file://CVE-2022-2953.patch \ + file://CVE-2022-3970.patch \ + file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \ + file://0001-tiffcrop-S-option-Make-decision-simpler.patch \ + file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \ + file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \ + file://CVE-2022-48281.patch \ + file://CVE-2023-0800_0801_0802_0803_0804.patch \ + file://CVE-2023-0795_0796_0797_0798_0799.patch \ " SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed" @@ -25,7 +33,6 @@ CVE_CHECK_IGNORE += "CVE-2015-7313" # These issues only affect libtiff post-4.3.0 but before 4.4.0, # caused by 3079627e and fixed by b4e79bfa. CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" - # Issue is in jbig which we don't enable CVE_CHECK_IGNORE += "CVE-2022-1210" @@ -41,6 +48,7 @@ PACKAGECONFIG[jbig] = "--enable-jbig,--disable-jbig,jbig," PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg," PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib," PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz," +PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp," # Convert single-strip uncompressed images to multiple strips of specified # size (default: 8192) to reduce memory usage diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb index 5f776c13e6..708201043b 100644 --- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb +++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb @@ -13,7 +13,7 @@ inherit meson features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629" +SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155" # Especially helps compiling with clang which enable this as error when # using c++11 diff --git a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch deleted file mode 100644 index 6f27876a7f..0000000000 --- a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 12 Sep 2018 17:16:36 +0800 -Subject: [PATCH] Fix error handling in gdbm - -Only check for gdbm_errno if the return value of the called gdbm_* -function says so. This fixes apr-util with gdbm 1.14, which does not -seem to always reset gdbm_errno. - -Also make the gdbm driver return error codes starting with -APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is -what the berkleydb driver already does. - -Also ensure that dsize is 0 if dptr == NULL. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1825311] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------ - 1 file changed, 29 insertions(+), 18 deletions(-) - -diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c -index 749447a..1c86327 100644 ---- a/dbm/apr_dbm_gdbm.c -+++ b/dbm/apr_dbm_gdbm.c -@@ -36,13 +36,25 @@ - static apr_status_t g2s(int gerr) - { - if (gerr == -1) { -- /* ### need to fix this */ -- return APR_EGENERAL; -+ if (gdbm_errno == GDBM_NO_ERROR) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; - } - - return APR_SUCCESS; - } - -+static apr_status_t gdat2s(datum d) -+{ -+ if (d.dptr == NULL) { -+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; -+ } -+ -+ return APR_SUCCESS; -+} -+ - static apr_status_t datum_cleanup(void *dptr) - { - if (dptr) -@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr) - - static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said) - { -- apr_status_t rv = APR_SUCCESS; - -- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */ -+ dbm->errcode = dbm_said; - -- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) { -+ if (dbm_said == APR_SUCCESS) - dbm->errmsg = NULL; -- } -- else { -- dbm->errmsg = gdbm_strerror(gdbm_errno); -- rv = APR_EGENERAL; /* ### need something better */ -- } -- -- /* captured it. clear it now. */ -- gdbm_errno = GDBM_NO_ERROR; -+ else -+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR); - -- return rv; -+ return dbm_said; - } - - /* -------------------------------------------------------------------------- -@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname, - NULL); - - if (file == NULL) -- return APR_EGENERAL; /* ### need a better error */ -+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */ - - /* we have an open database... return it */ - *pdb = apr_pcalloc(pool, sizeof(**pdb)); -@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key, - if (pvalue->dptr) - apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pvalue->dsize = 0; - - /* store the error info into DBM, and return a status code. Also, note - that *pvalue should have been cleared on error. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key, -@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) -@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data) --- -2.7.4 - diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb index b851d46351..7c6fcc699b 100644 --- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb @@ -13,11 +13,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ file://configfix.patch \ file://configure_fixes.patch \ file://run-ptest \ - file://0001-Fix-error-handling-in-gdbm.patch \ -" + " -SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f" -SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459" +SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983" EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ --without-odbc \ diff --git a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch index abff4e9331..a274f3a16e 100644 --- a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch +++ b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch @@ -1,14 +1,15 @@ -From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001 +From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001 From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Thu, 26 Mar 2020 18:30:36 +0000 Subject: [PATCH] Add option to disable timed dependant tests -The disabled tests rely on timing to pass correctly. On a virtualized +The disabled tests rely on timing to pass correctly. On a virtualized system under heavy load, these tests randomly fail because they miss a timer or other timing related issues. Upstream-Status: Pending Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> + --- configure.in | 6 ++++++ include/apr.h.in | 1 + @@ -16,10 +17,10 @@ Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in -index d9f32d6..f0c5661 100644 +index bfd488b..3663220 100644 --- a/configure.in +++ b/configure.in -@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks, +@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks, ) AC_SUBST(apr_has_timedlocks) @@ -45,10 +46,10 @@ index ee99def..c46a5f4 100644 #define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@ diff --git a/test/testlock.c b/test/testlock.c -index a43f477..6233d0b 100644 +index e3437c1..04e01b9 100644 --- a/test/testlock.c +++ b/test/testlock.c -@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite) +@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, threads_not_impl, NULL); #else abts_run_test(suite, test_thread_mutex, NULL); @@ -56,6 +57,8 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_thread_timedmutex, NULL); #endif + abts_run_test(suite, test_thread_nestedmutex, NULL); +@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, test_thread_rwlock, NULL); abts_run_test(suite, test_cond, NULL); abts_run_test(suite, test_timeoutcond, NULL); @@ -63,7 +66,4 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_timeoutmutex, NULL); #endif - #endif --- -2.23.0 - + #ifdef WIN32 diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch deleted file mode 100644 index d0a9bd9129..0000000000 --- a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 23 Aug 2022 22:42:03 -0700 -Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type - -APR's configure script uses AC_TRY_RUN to detect whether the return type -of strerror_r is int. When cross-compiling this defaults to no. - -This commit adds an AC_CACHE_CHECK so users who cross-compile APR may -influence the outcome with a configure variable. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - build/apr_common.m4 | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/build/apr_common.m4 b/build/apr_common.m4 -index cbf2a4c..42e75cf 100644 ---- a/build/apr_common.m4 -+++ b/build/apr_common.m4 -@@ -525,8 +525,9 @@ dnl string. - dnl - dnl - AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ --AC_MSG_CHECKING(for type of return code from strerror_r) --AC_TRY_RUN([ -+AC_CACHE_CHECK([whether return code from strerror_r has type int], -+[ac_cv_strerror_r_rc_int], -+[AC_TRY_RUN([ - #include <errno.h> - #include <string.h> - #include <stdio.h> -@@ -542,14 +543,10 @@ main() - }], [ - ac_cv_strerror_r_rc_int=yes ], [ - ac_cv_strerror_r_rc_int=no ], [ -- ac_cv_strerror_r_rc_int=no ] ) -+ ac_cv_strerror_r_rc_int=no ] ) ] ) - if test "x$ac_cv_strerror_r_rc_int" = xyes; then - AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) -- msg="int" --else -- msg="pointer" - fi --AC_MSG_RESULT([$msg]) - ] ) - - dnl --- -2.37.2 - diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch index fa6202da79..a78b16284f 100644 --- a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch +++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -1,4 +1,4 @@ -From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 26 Aug 2022 00:28:08 -0700 Subject: [PATCH] configure: Remove runtime test for mmap that can map @@ -10,24 +10,25 @@ mutexes Upstream-Status: Inappropriate [Cross-compile specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - configure.in | 32 -------------------------------- - 1 file changed, 32 deletions(-) + configure.in | 30 ------------------------------ + 1 file changed, 30 deletions(-) diff --git a/configure.in b/configure.in -index a99049d..f1f55c7 100644 +index 3663220..dce9789 100644 --- a/configure.in +++ b/configure.in -@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ +@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) AC_CHECK_FILE(/dev/zero) -# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. -if test "$ac_cv_func_mmap" = "yes" && -- test "$ac_cv_file__dev_zero" = "yes"; then -- AC_MSG_CHECKING(for mmap that can map /dev/zero) -- AC_TRY_RUN([ --#include <sys/types.h> +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_CACHE_CHECK([for mmap that can map /dev/zero], +- [ac_cv_mmap__dev_zero], +- [AC_TRY_RUN([#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#ifdef HAVE_SYS_MMAN_H @@ -49,14 +50,9 @@ index a99049d..f1f55c7 100644 - return 3; - } - return 0; -- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) -- -- AC_MSG_RESULT($ac_cv_file__dev_zero) +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])]) -fi - # Now we determine which one is our anonymous shmem preference. haveshmgetanon="0" havemmapzero="0" --- -2.37.2 - diff --git a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch index 72e706f966..d63423f3a1 100644 --- a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch +++ b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch @@ -1,8 +1,7 @@ -From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001 +From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Tue, 30 Jan 2018 09:39:06 +0800 -Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr - files +Subject: [PATCH] apr: Remove workdir path references from installed apr files Upstream-Status: Inappropriate [configuration] @@ -14,20 +13,23 @@ packages at target run time, the workdir path caused confusion. Rebase to 1.6.3 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + --- - apr-config.in | 26 ++------------------------ - 1 file changed, 2 insertions(+), 24 deletions(-) + apr-config.in | 32 ++------------------------------ + 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/apr-config.in b/apr-config.in -index 84b4073..bbbf651 100644 +index bed47ca..47874e5 100644 --- a/apr-config.in +++ b/apr-config.in -@@ -152,14 +152,7 @@ while test $# -gt 0; do +@@ -164,16 +164,7 @@ while test $# -gt 0; do flags="$flags $LDFLAGS" ;; --includes) - if test "$location" = "installed"; then flags="$flags -I$includedir $EXTRA_INCLUDES" +- elif test "$location" = "crosscompile"; then +- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES" - elif test "$location" = "source"; then - flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES" - else @@ -37,13 +39,15 @@ index 84b4073..bbbf651 100644 ;; --srcdir) echo $APR_SOURCE_DIR -@@ -181,29 +174,14 @@ while test $# -gt 0; do +@@ -197,33 +188,14 @@ while test $# -gt 0; do exit 0 ;; --link-ld) - if test "$location" = "installed"; then - ### avoid using -L if libdir is a "standard" location like /usr/lib - flags="$flags -L$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}" - else - ### this surely can't work since the library is in .libs? - flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}" @@ -62,6 +66,8 @@ index 84b4073..bbbf651 100644 - # Since the user is specifying they are linking with libtool, we - # *know* that -R will be recognized by libtool. - flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}" - else - flags="$flags $LA_FILE" - fi @@ -69,6 +75,3 @@ index 84b4073..bbbf651 100644 ;; --shlib-path-var) echo "$SHLIBPATH_VAR" --- -1.8.3.1 - diff --git a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch deleted file mode 100644 index 4dd53bd8eb..0000000000 --- a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Fri, 2 Feb 2018 15:51:42 +0800 -Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling - -While cross compiling, the tools/gen_test_char could not -be executed at build time, use AX_PROG_CC_FOR_BUILD to -build native tools/gen_test_char - -Upstream-Status: Submitted [https://github.com/apache/apr/pull/8] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - Makefile.in | 10 +++------- - configure.in | 3 +++ - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 5fb760e..8675f90 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@ - - CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \ - build/apr_rules.out tools/gen_test_char@EXEEXT@ \ -- tools/gen_test_char.o tools/gen_test_char.lo \ -+ tools/gen_test_char.o \ - include/private/apr_escape_test_char.h - DISTCLEAN_TARGETS = config.cache config.log config.status \ - include/apr.h include/arch/unix/apr_private.h \ -@@ -131,13 +131,9 @@ check: $(TARGET_LIB) - etags: - etags `find . -name '*.[ch]'` - --OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS) --tools/gen_test_char.lo: tools/gen_test_char.c -+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c - $(APR_MKDIR) tools -- $(LT_COMPILE) -- --tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char) -- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS) -+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@ - - include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@ - $(APR_MKDIR) include/private -diff --git a/configure.in b/configure.in -index 719f331..361120f 100644 ---- a/configure.in -+++ b/configure.in -@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a - dnl preload section from invoking the macro to get compiler info. - AC_PROG_CC - -+dnl Check build CC for gen_test_char compiling which is executed at build time. -+AX_PROG_CC_FOR_BUILD -+ - dnl AC_PROG_SED is only avaliable in recent autoconf versions. - dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present. - ifdef([AC_PROG_SED], --- -1.8.3.1 - diff --git a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch deleted file mode 100644 index d1a2ebe881..0000000000 --- a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001 -From: Dengke Du <dengke.du@windriver.com> -Date: Wed, 14 Dec 2016 18:13:08 +0800 -Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross - compiling - -In configure.in, it contains the following: - - APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) - -the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, -it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross -compiling enable. - -So it was hardcoded for cross compiling, we should detect it dynamic based on -the sysroot's glibc. We change it to the following: - - AC_CHECK_SIZEOF(off_t) - -The same for the following hardcoded types for cross compiling: - - pid_t 8 - ssize_t 8 - size_t 8 - off_t 8 - -Change the above correspondingly. - -Signed-off-by: Dengke Du <dengke.du@windriver.com> - -Upstream-Status: Pending - ---- - configure.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.in b/configure.in -index 27b8539..fb408d1 100644 ---- a/configure.in -+++ b/configure.in -@@ -1801,7 +1801,7 @@ else - socklen_t_value="int" - fi - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], pid_t, 8) -+AC_CHECK_SIZEOF(pid_t) - - if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then - pid_t_fmt='#define APR_PID_T_FMT "hd"' -@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [ - APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"]) - ]) - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], ssize_t, 8) -+AC_CHECK_SIZEOF(ssize_t) - - dnl the else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_ssize_t]) -@@ -1891,7 +1891,7 @@ fi - - ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include <stddef.h>], size_t, 8) -+AC_CHECK_SIZEOF(size_t) - - # else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_size_t]) -@@ -1909,7 +1909,7 @@ fi - - size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) -+AC_CHECK_SIZEOF(off_t) - - if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then - # Enable LFS diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch deleted file mode 100644 index 00befdacee..0000000000 --- a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch +++ /dev/null @@ -1,58 +0,0 @@ - -SECURITY: CVE-2021-35940 (cve.mitre.org) - -Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though -was addressed in 1.6.x in 1.6.3 and later via r1807976. - -The fix was merged back to 1.7.x in r1891198. - -Since this was a regression in 1.7.0, a new CVE name has been assigned -to track this, CVE-2021-35940. - -Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. - -https://svn.apache.org/viewvc?view=revision&revision=1891198 - -Upstream-Status: Backport -CVE: CVE-2021-35940 -Signed-off-by: Armin Kuster <akuster@mvista.com> - - -Index: time/unix/time.c -=================================================================== ---- a/time/unix/time.c (revision 1891197) -+++ b/time/unix/time.c (revision 1891198) -@@ -142,6 +142,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) -Index: time/win32/time.c -=================================================================== ---- a/time/win32/time.c (revision 1891197) -+++ b/time/win32/time.c (revision 1891198) -@@ -54,6 +54,9 @@ - static const int dayoffset[12] = - {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; - -+ if (tm->wMonth < 1 || tm->wMonth > 12) -+ return APR_EBADDATE; -+ - /* Note; the caller is responsible for filling in detailed tm_usec, - * tm_gmtoff and tm_isdst data when applicable. - */ -@@ -228,6 +231,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch deleted file mode 100644 index 9f7b5c624c..0000000000 --- a/poky/meta/recipes-support/apr/apr/autoconf270.patch +++ /dev/null @@ -1,22 +0,0 @@ -With autoconf 2.70 confdefs.h is already included. Including it twice generates -compiler warnings and since this macros is to error on warnings, it breaks. - -Fix by not including the file. - -Upstream-Status: Pending -RP - 2021/1/28 - -Index: apr-1.7.0/build/apr_common.m4 -=================================================================== ---- apr-1.7.0.orig/build/apr_common.m4 -+++ apr-1.7.0/build/apr_common.m4 -@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], - fi - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE( -- [#include "confdefs.h" -- ] -+ [] - [[$1]] - [int main(int argc, const char *const *argv) {] - [[$2]] diff --git a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch index 740792e6b0..80ce43caa4 100644 --- a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch +++ b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch @@ -1,6 +1,7 @@ +From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001 From: Helmut Grohne <helmut@subdivi.de> -Subject: check for libtoolize rather than libtool -Last-Update: 2014-09-19 +Date: Tue, 7 Feb 2023 07:04:00 +0000 +Subject: [PATCH] check for libtoolize rather than libtool libtool is now in package libtool-bin, but apr only needs libtoolize. @@ -8,14 +9,22 @@ Upstream-Status: Pending [ from debian: https://sources.debian.org/data/main/a/a Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- apr.orig/build/buildcheck.sh -+++ apr/build/buildcheck.sh -@@ -39,11 +39,11 @@ fi +--- + build/buildcheck.sh | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/build/buildcheck.sh b/build/buildcheck.sh +index 44921b5..08bc8a8 100755 +--- a/build/buildcheck.sh ++++ b/build/buildcheck.sh +@@ -39,13 +39,11 @@ fi # ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a # output is multiline from 1.5 onwards -# Require libtool 1.4 or newer --libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-if test -z "$libtool"; then +- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-fi -lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'` +# Require libtoolize 1.4 or newer +libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14` diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.2.bb index cb4bb936d7..c9059c9921 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.2.bb @@ -16,21 +16,15 @@ BBCLASSEXTEND = "native nativesdk" SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://run-ptest \ file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \ - file://0003-Makefile.in-configure.in-support-cross-compiling.patch \ file://0004-Fix-packet-discards-HTTP-redirect.patch \ file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \ - file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ - file://autoconf270.patch \ - file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ - file://CVE-2021-35940.patch \ " -SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea" +SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e" inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb index 78c51e7731..89b7bf2b93 100644 --- a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb +++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" +SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch new file mode 100644 index 0000000000..03a7ac513b --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch @@ -0,0 +1,27 @@ +From dd31455d46dcf9e3a1b8bd37e671af1a6af52807 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 15 Sep 2022 09:22:45 +0200 +Subject: [PATCH] setopt: when POST is set, reset the 'upload' field + +Reported-by: RobBotic1 on github +Fixes #9507 +Closes #9511 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d6] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/setopt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/setopt.c b/lib/setopt.c +index d5e3b50..b8793b4 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -696,6 +696,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + } + else + data->set.method = HTTPREQ_GET; ++ data->set.upload = FALSE; + break; + + case CURLOPT_HTTPPOST: diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch new file mode 100644 index 0000000000..a4aae69fd0 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch @@ -0,0 +1,73 @@ +From 9169e54444bdca7b5e7b44034c463fe5fc801e88 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 4 Oct 2022 14:37:24 +0200 +Subject: [PATCH] netrc: replace fgets with Curl_get_line + +Make the parser only accept complete lines and avoid problems with +overly long lines. + +Reported-by: Hiroki Kurosawa + +Closes #9789 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa86] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/curl_get_line.c | 6 +++--- + lib/netrc.c | 5 +++-- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c +index 6a26bb2..22e3705 100644 +--- a/lib/curl_get_line.c ++++ b/lib/curl_get_line.c +@@ -25,7 +25,7 @@ + #include "curl_setup.h" + + #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ +- !defined(CURL_DISABLE_HSTS) ++ !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC) + + #include "curl_get_line.h" + #include "curl_memory.h" +@@ -33,8 +33,8 @@ + #include "memdebug.h" + + /* +- * get_line() makes sure to only return complete whole lines that fit in 'len' +- * bytes and end with a newline. ++ * Curl_get_line() makes sure to only return complete whole lines that fit in ++ * 'len' bytes and end with a newline. + */ + char *Curl_get_line(char *buf, int len, FILE *input) + { +diff --git a/lib/netrc.c b/lib/netrc.c +index 62a6a10..5d17482 100644 +--- a/lib/netrc.c ++++ b/lib/netrc.c +@@ -33,6 +33,7 @@ + #include "netrc.h" + #include "strtok.h" + #include "strcase.h" ++#include "curl_get_line.h" + + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" +@@ -84,7 +85,7 @@ static int parsenetrc(const char *host, + char netrcbuffer[4096]; + int netrcbuffsize = (int)sizeof(netrcbuffer); + +- while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { ++ while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) { + char *tok; + char *tok_end; + bool quoted; +@@ -243,7 +244,7 @@ static int parsenetrc(const char *host, + } /* switch (state) */ + tok = ++tok_end; + } +- } /* while fgets() */ ++ } /* while Curl_get_line() */ + + out: + if(!retcode) { diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch new file mode 100644 index 0000000000..43de6e62eb --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch @@ -0,0 +1,53 @@ +From 3ede0e72aaad6447d2a5ab07dac43e1b9d7e617b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 6 Oct 2022 14:13:36 +0200 +Subject: [PATCH] http_proxy: restore the protocol pointer on error + +Reported-by: Trail of Bits + +Closes #9790 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315ce] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/http_proxy.c | 6 ++---- + lib/url.c | 9 --------- + 2 files changed, 2 insertions(+), 13 deletions(-) + +diff --git a/lib/http_proxy.c b/lib/http_proxy.c +index 1f87f6c..cc20b3a 100644 +--- a/lib/http_proxy.c ++++ b/lib/http_proxy.c +@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data) + Curl_dyn_free(&s->rcvbuf); + Curl_dyn_free(&s->req); + +- /* restore the protocol pointer, if not already done */ +- if(s->prot_save) +- data->req.p.http = s->prot_save; +- s->prot_save = NULL; ++ /* restore the protocol pointer */ ++ data->req.p.http = s->prot_save; + data->info.httpcode = 0; /* clear it as it might've been used for the + proxy */ + data->req.ignorebody = FALSE; +diff --git a/lib/url.c b/lib/url.c +index bfc784f..61c99d2 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -746,15 +746,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) + DEBUGASSERT(data); + infof(data, "Closing connection %ld", conn->connection_id); + +-#ifndef USE_HYPER +- if(conn->connect_state && conn->connect_state->prot_save) { +- /* If this was closed with a CONNECT in progress, cleanup this temporary +- struct arrangement */ +- data->req.p.http = NULL; +- Curl_safefree(conn->connect_state->prot_save); +- } +-#endif +- + /* possible left-overs from the async name resolvers */ + Curl_resolver_cancel(data); + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch new file mode 100644 index 0000000000..000af69885 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch @@ -0,0 +1,134 @@ +From 401455229a5006bed0346fedc99791ccb53e146c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 12 Oct 2022 10:47:59 +0200 +Subject: [PATCH] url: use IDN decoded names for HSTS checks + +Reported-by: Hiroki Kurosawa + +Closes #9791 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/53bcf55b4538067e6] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/url.c | 91 ++++++++++++++++++++++++++++--------------------------- + 1 file changed, 47 insertions(+), 44 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 61c99d2..6426fa7 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2024,10 +2024,56 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, + failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN); + return CURLE_URL_MALFORMAT; + } ++ hostname = data->state.up.hostname; ++ ++ if(hostname && hostname[0] == '[') { ++ /* This looks like an IPv6 address literal. See if there is an address ++ scope. */ ++ size_t hlen; ++ conn->bits.ipv6_ip = TRUE; ++ /* cut off the brackets! */ ++ hostname++; ++ hlen = strlen(hostname); ++ hostname[hlen - 1] = 0; ++ ++ zonefrom_url(uh, data, conn); ++ } ++ ++ /* make sure the connect struct gets its own copy of the host name */ ++ conn->host.rawalloc = strdup(hostname ? hostname : ""); ++ if(!conn->host.rawalloc) ++ return CURLE_OUT_OF_MEMORY; ++ conn->host.name = conn->host.rawalloc; ++ ++ /************************************************************* ++ * IDN-convert the hostnames ++ *************************************************************/ ++ result = Curl_idnconvert_hostname(data, &conn->host); ++ if(result) ++ return result; ++ if(conn->bits.conn_to_host) { ++ result = Curl_idnconvert_hostname(data, &conn->conn_to_host); ++ if(result) ++ return result; ++ } ++#ifndef CURL_DISABLE_PROXY ++ if(conn->bits.httpproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); ++ if(result) ++ return result; ++ } ++ if(conn->bits.socksproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); ++ if(result) ++ return result; ++ } ++#endif + + #ifndef CURL_DISABLE_HSTS ++ /* HSTS upgrade */ + if(data->hsts && strcasecompare("http", data->state.up.scheme)) { +- if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) { ++ /* This MUST use the IDN decoded name */ ++ if(Curl_hsts(data->hsts, conn->host.name, TRUE)) { + char *url; + Curl_safefree(data->state.up.scheme); + uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0); +@@ -2133,26 +2179,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, + + (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0); + +- hostname = data->state.up.hostname; +- if(hostname && hostname[0] == '[') { +- /* This looks like an IPv6 address literal. See if there is an address +- scope. */ +- size_t hlen; +- conn->bits.ipv6_ip = TRUE; +- /* cut off the brackets! */ +- hostname++; +- hlen = strlen(hostname); +- hostname[hlen - 1] = 0; +- +- zonefrom_url(uh, data, conn); +- } +- +- /* make sure the connect struct gets its own copy of the host name */ +- conn->host.rawalloc = strdup(hostname ? hostname : ""); +- if(!conn->host.rawalloc) +- return CURLE_OUT_OF_MEMORY; +- conn->host.name = conn->host.rawalloc; +- + #ifdef ENABLE_IPV6 + if(data->set.scope_id) + /* Override any scope that was set above. */ +@@ -3781,29 +3807,6 @@ static CURLcode create_conn(struct Curl_easy *data, + if(result) + goto out; + +- /************************************************************* +- * IDN-convert the hostnames +- *************************************************************/ +- result = Curl_idnconvert_hostname(data, &conn->host); +- if(result) +- goto out; +- if(conn->bits.conn_to_host) { +- result = Curl_idnconvert_hostname(data, &conn->conn_to_host); +- if(result) +- goto out; +- } +-#ifndef CURL_DISABLE_PROXY +- if(conn->bits.httpproxy) { +- result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); +- if(result) +- goto out; +- } +- if(conn->bits.socksproxy) { +- result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); +- if(result) +- goto out; +- } +-#endif + + /************************************************************* + * Check whether the host and the "connect to host" are equal. diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch new file mode 100644 index 0000000000..7c617ef1db --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch @@ -0,0 +1,32 @@ +From 08aa76b7b24454a89866aaef661ea90ae3d57900 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 19 Dec 2022 08:36:55 +0100 +Subject: [PATCH] http: use the IDN decoded name in HSTS checks + +Otherwise it stores the info HSTS into the persistent cache for the IDN +name which will not match when the HSTS status is later checked for +using the decoded name. + +Reported-by: Hiroki Kurosawa + +Closes #10111 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/9e71901634e276dd] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/http.c b/lib/http.c +index b0ad28e..8b18e8d 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -3654,7 +3654,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, + else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) && + (conn->handler->flags & PROTOPT_SSL)) { + CURLcode check = +- Curl_hsts_parse(data->hsts, data->state.up.hostname, ++ Curl_hsts_parse(data->hsts, conn->host.name, + headp + strlen("Strict-Transport-Security:")); + if(check) + infof(data, "Illegal STS header skipped"); diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch new file mode 100644 index 0000000000..059dad17d8 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch @@ -0,0 +1,78 @@ +From 6ae56c9c47b02106373c9482f09c510fd5c50a84 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 19 Dec 2022 08:38:37 +0100 +Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done() + +It is managed by the generic layer. + +Reported-by: Trail of Bits + +Closes #10112 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe1] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/smb.c | 14 ++------------ + lib/telnet.c | 3 --- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/lib/smb.c b/lib/smb.c +index 039d680..f682c1f 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -62,8 +62,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done); + static CURLcode smb_connection_state(struct Curl_easy *data, bool *done); + static CURLcode smb_do(struct Curl_easy *data, bool *done); + static CURLcode smb_request_state(struct Curl_easy *data, bool *done); +-static CURLcode smb_done(struct Curl_easy *data, CURLcode status, +- bool premature); + static CURLcode smb_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead); + static int smb_getsock(struct Curl_easy *data, struct connectdata *conn, +@@ -78,7 +76,7 @@ const struct Curl_handler Curl_handler_smb = { + "SMB", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -105,7 +103,7 @@ const struct Curl_handler Curl_handler_smbs = { + "SMBS", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -941,14 +939,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + return CURLE_OK; + } + +-static CURLcode smb_done(struct Curl_easy *data, CURLcode status, +- bool premature) +-{ +- (void) premature; +- Curl_safefree(data->req.p.smb); +- return status; +-} +- + static CURLcode smb_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead) + { +diff --git a/lib/telnet.c b/lib/telnet.c +index 923c7f8..48cd0d7 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data, + + curl_slist_free_all(tn->telnet_vars); + tn->telnet_vars = NULL; +- +- Curl_safefree(data->req.p.telnet); +- + return CURLE_OK; + } + diff --git a/poky/meta/recipes-support/curl/curl_7.85.0.bb b/poky/meta/recipes-support/curl/curl_7.85.0.bb index ad6a5175bc..4e05434a12 100644 --- a/poky/meta/recipes-support/curl/curl_7.85.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.85.0.bb @@ -6,13 +6,19 @@ HTTP post, SSL connections, proxy support, FTP uploads, and more!" HOMEPAGE = "https://curl.se/" BUGTRACKER = "https://github.com/curl/curl/issues" SECTION = "console/network" -LICENSE = "MIT-open-group" +LICENSE = "curl" LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238" SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ file://run-ptest \ file://disable-tests \ + file://CVE-2022-32221.patch \ + file://CVE-2022-35260.patch \ + file://CVE-2022-42915.patch \ + file://CVE-2022-42916.patch \ + file://CVE-2022-43551.patch \ + file://CVE-2022-43552.patch \ " SRC_URI[sha256sum] = "88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6" @@ -32,14 +38,16 @@ PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver ver PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +# Don't use this in production +PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" @@ -68,9 +76,7 @@ EXTRA_OECONF = " \ --enable-crypto-auth \ --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ --without-libpsl \ - --enable-debug \ --enable-optimize \ - --disable-curldebug \ ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ " diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb index c7d782e4eb..8f979a5b99 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb @@ -24,7 +24,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ " -SRC_URI[sha256sum] = "be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106" +SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb index be573981b0..f3ead5e8c1 100644 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb @@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" -SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985" +SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a" # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which # are inhibited by allarch diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch index 3f4c7e57ae..8bd2050ea5 100644 --- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch +++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -1,4 +1,4 @@ -From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001 +From a3196f3a06e7bbfde30d143c92a4325be323b3d0 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Thu, 14 Oct 2021 15:57:36 +0800 Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl diff --git a/poky/meta/recipes-support/libcap/libcap_2.65.bb b/poky/meta/recipes-support/libcap/libcap_2.66.bb index 8013d40769..c50e9d8cc7 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.65.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.66.bb @@ -20,7 +20,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ " -SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd" +SRC_URI[sha256sum] = "15c40ededb3003d70a283fe587a36b7d19c8b3b554e33f86129c059a4bb466b2" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" diff --git a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch index 5e529d1ce7..3ffcb3e128 100644 --- a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch +++ b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch @@ -1,4 +1,4 @@ -From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001 +From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Fri, 27 Nov 2020 15:28:42 +0000 Subject: [PATCH] arm/sysv: reverted clang VFP mitigation @@ -11,8 +11,9 @@ https://github.com/libffi/libffi/issues/607. Now that clang supports the LDC and SDC instructions, this mitigation has been reverted. -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747] Signed-off-by: Brett Warren <brett.warren@arm.com> + --- src/arm/sysv.S | 33 --------------------------------- 1 file changed, 33 deletions(-) @@ -99,6 +100,3 @@ index fb36213..e4272a1 100644 b call_epilogue E(ARM_TYPE_INT64) ldr r1, [r2, #4] --- -2.25.1 - diff --git a/poky/meta/recipes-support/libffi/libffi/not-win32.patch b/poky/meta/recipes-support/libffi/libffi/not-win32.patch index 62daaf4b38..38f9b0025c 100644 --- a/poky/meta/recipes-support/libffi/libffi/not-win32.patch +++ b/poky/meta/recipes-support/libffi/libffi/not-win32.patch @@ -1,4 +1,4 @@ -From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001 +From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 4 Feb 2016 16:22:50 +0000 Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc @@ -21,11 +21,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index b764368..d51ce91 100644 +index 7e8cd98..cf37e88 100644 --- a/configure.ac +++ b/configure.ac -@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory, - +@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory, + # These variables are only ever used when we cross-build to X86_WIN32. # And we only support this with GCC, so... -if test "x$GCC" = "xyes"; then diff --git a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb index 41c3cad586..15d974c83e 100644 --- a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb +++ b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb @@ -8,13 +8,13 @@ library really only provides the lowest, machine dependent layer of a fully feat A layer must exist above `libffi' that handles type conversions for values passed between the two languages." LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc" +LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BPN}-${PV}.tar.gz \ file://not-win32.patch \ file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \ " -SRC_URI[sha256sum] = "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620" +SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676" EXTRA_OECONF += "--disable-builddir --disable-exec-static-tramp" EXTRA_OECONF:class-native += "--with-gcc-arch=generic" diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb index ee4d79b11a..eb7b538ece 100644 --- a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb +++ b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb @@ -1,12 +1,12 @@ SUMMARY = "the Git linkable library" HOMEPAGE = "http://libgit2.github.com/" -LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause" +LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause & Zlib & ISC & LGPL-2.1-or-later & CC0-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https" -SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https" +SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/libical/libical_3.0.14.bb b/poky/meta/recipes-support/libical/libical_3.0.16.bb index 44030fdc9f..61599b20dd 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.14.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.16.bb @@ -15,7 +15,7 @@ SECTION = "libs" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \ " -SRC_URI[sha256sum] = "4284b780356f1dc6a01f16083e7b836e63d3815e27ed0eaaad684712357ccc8f" +SRC_URI[sha256sum] = "b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33" inherit cmake pkgconfig gobject-introspection vala github-releases diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch index af96bd57cd..bdb80ff34d 100644 --- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch +++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch @@ -1,4 +1,4 @@ -From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001 +From ca8174aa81d7bf364b33f7254a9e887735c4996d Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 3 Dec 2012 18:17:31 +0800 Subject: [PATCH] libksba: add pkgconfig support @@ -16,7 +16,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 4 insertions(+), 86 deletions(-) diff --git a/src/ksba.m4 b/src/ksba.m4 -index 6b55bb8..6e7336f 100644 +index 452c245..aa96255 100644 --- a/src/ksba.m4 +++ b/src/ksba.m4 @@ -23,37 +23,6 @@ dnl with a changed API. @@ -44,7 +44,7 @@ index 6b55bb8..6e7336f 100644 - fi - - use_gpgrt_config="" -- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then +- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then - if $GPGRT_CONFIG ksba --exists; then - KSBA_CONFIG="$GPGRT_CONFIG ksba" - AC_MSG_NOTICE([Use gpgrt-config as ksba-config]) diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb index f9e83681dd..dc39693be4 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb @@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b" +SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c" do_configure:prepend () { # Else these could be used in preference to those in aclocal-copy diff --git a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb index 043fed367c..7bd66f63cf 100644 --- a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb +++ b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb @@ -7,7 +7,7 @@ SECTION = "net" DEPENDS = "file" SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb" +SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c" inherit autotools lib_package pkgconfig gettext diff --git a/poky/meta/recipes-support/libseccomp/files/run-ptest b/poky/meta/recipes-support/libseccomp/files/run-ptest index 54b4a63cd2..63c79f09c4 100644 --- a/poky/meta/recipes-support/libseccomp/files/run-ptest +++ b/poky/meta/recipes-support/libseccomp/files/run-ptest @@ -1,4 +1,7 @@ #!/bin/sh cd tests +sed -i 's/SUCCESS/PASS/g; s/FAILURE/FAIL/g; s/SKIPPED/SKIP/g' regression +sed -i 's/"Test %s result: %s\\n" "$1" "$2"/"%s: %s\\n" "$2" "$1"/g' regression +sed -i 's/"Test %s result: %s %s\\n" "$1" "$2" "$3"/"%s: %s %s\\n" "$2" "$1" "$3"/g' regression ./regression -a diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb index e89b8f7f4b..505c21917b 100644 --- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb +++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb @@ -1,5 +1,5 @@ SUMMARY = "interface to seccomp filtering mechanism" -DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." +DESCRIPTION = "The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp." HOMEPAGE = "https://github.com/seccomp/libseccomp" SECTION = "security" LICENSE = "LGPL-2.1-only" diff --git a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch deleted file mode 100644 index b1204e49eb..0000000000 --- a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001 -From: Your Name <you@example.com> -Date: Mon, 28 Dec 2020 02:08:03 +0000 -Subject: [PATCH] Don't let host enviroment to decide if a test is build - -test ssh2.sh need sshd, for cross compile, we need it on target, so -don't use SSHD on host to decide weither to build a test - -Upstream-Status: Inappropriate[oe specific] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - tests/Makefile.am | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index dc0922f..6cbc35d 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -1,16 +1,12 @@ - AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/include -I$(top_builddir)/src - LDADD = ../src/libssh2.la - --if SSHD - noinst_PROGRAMS = ssh2 - ssh2_SOURCES = ssh2.c --endif - - ctests = simple$(EXEEXT) - TESTS = $(ctests) mansyntax.sh --if SSHD - TESTS += ssh2.sh --endif - check_PROGRAMS = $(ctests) - - TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT) -@@ -38,4 +34,4 @@ if OPENSSL - # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_encrypted_ed25519_key.c - # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c - EXTRA_DIST += test_public_key_auth_succeeds_with_correct_rsa_openssh_key.c --endif -\ No newline at end of file -+endif diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch new file mode 100644 index 0000000000..ee916c42d4 --- /dev/null +++ b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch @@ -0,0 +1,23 @@ +In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, +so we need to re-enable them as a workaround for the test +suite until upstream updates the tests. + +See: https://github.com/libssh2/libssh2/issues/630 + +Upstream-Status: Backport [alternative fixes merged upstream] + +Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5 + +--- a/tests/ssh2.sh ++++ b/tests/ssh2.sh +@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host + -o 'Port 4711' \ + -o 'Protocol 2' \ + -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ +- -o 'UsePrivilegeSeparation no' \ ++ -o 'HostKeyAlgorithms +ssh-rsa' \ ++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ + -o 'StrictModes no' \ + -D \ + $libssh2_sshd_params & + diff --git a/poky/meta/recipes-support/libssh2/files/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest index 9e2fce2d24..5e7426f79d 100644 --- a/poky/meta/recipes-support/libssh2/files/run-ptest +++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest @@ -2,8 +2,7 @@ ptestdir=$(dirname "$(readlink -f "$0")") cd tests -# omit ssh2.sh until https://github.com/libssh2/libssh2/issues/630 is fixed -for test in simple mansyntax.sh +for test in simple mansyntax.sh ssh2.sh do ./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test done diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb index 072d6819c0..d5513373b0 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb @@ -8,11 +8,10 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ + file://fix-ssh2-test.patch \ file://run-ptest \ " -SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch" - SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" inherit autotools pkgconfig ptest diff --git a/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch new file mode 100644 index 0000000000..3c223e0822 --- /dev/null +++ b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch @@ -0,0 +1,46 @@ +From 95e601ce116dd46ea7915c171976b85ea0905d58 Mon Sep 17 00:00:00 2001 +From: Lonnie Abelbeck <lonnie@abelbeck.com> +Date: Sun, 8 May 2022 14:05:56 -0500 +Subject: [PATCH] configure.ac: Link with -latomic only if no atomic builtins + +Follow-up to 561dbda, a check of GCC atomic builtins needs to be done +first. + +I'm no autoconf guru, but using this: +https://github.com/mesa3d/mesa/blob/0df485c285b73c34ba9062f0c27e55c3c702930d/configure.ac#L469 +as inspiration, I created a pre-check before calling AC_SEARCH_LIBS(...) + +Fixes #1135 +Closes #1139 +Upstream-Status: Backport [https://github.com/kraj/libusb/commit/95e601ce116dd46ea7915c171976b85ea0905d58] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 16 +++++++++++++++- + libusb/version_nano.h | 2 +- + 2 files changed, 16 insertions(+), 2 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -153,7 +153,21 @@ if test "x$platform" = xposix; then + AC_SEARCH_LIBS([pthread_create], [pthread], + [test "x$ac_cv_search_pthread_create" != "xnone required" && AC_SUBST(THREAD_LIBS, [-lpthread])], + [], []) +- AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic]) ++ dnl Check for new-style atomic builtins. We first check without linking to -latomic. ++ AC_MSG_CHECKING(whether __atomic_load_n is supported) ++ AC_LINK_IFELSE([AC_LANG_SOURCE([[ ++ #include <stdint.h> ++ int main() { ++ struct { ++ uint64_t *v; ++ } x; ++ return (int)__atomic_load_n(x.v, __ATOMIC_ACQUIRE) & ++ (int)__atomic_add_fetch(x.v, (uint64_t)1, __ATOMIC_ACQ_REL); ++ }]])], GCC_ATOMIC_BUILTINS_SUPPORTED=yes, GCC_ATOMIC_BUILTINS_SUPPORTED=no) ++ AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_SUPPORTED) ++ if test "x$GCC_ATOMIC_BUILTINS_SUPPORTED" != xyes; then ++ AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic]) ++ fi + elif test "x$platform" = xwindows; then + AC_DEFINE([PLATFORM_WINDOWS], [1], [Define to 1 if compiling for a Windows platform.]) + else diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb index 7371faf017..122c3d48b4 100644 --- a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb +++ b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \ + file://0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch \ file://run-ptest \ " @@ -34,12 +35,12 @@ do_install:append() { fi } -do_compile_ptest() { - oe_runmake -C tests stress -} - -do_install_ptest() { - install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH} +do_compile_ptest() { + oe_runmake -C tests stress +} + +do_install_ptest() { + install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH} } FILES:${PN} += "${base_libdir}/*.so.*" diff --git a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb index 2121dad57c..f531a88961 100644 --- a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb +++ b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ DEPENDS = "gmp autoconf-archive" SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz" -SRC_URI[sha256sum] = "0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f" +SRC_URI[sha256sum] = "ffd195bd567dbaffc3b98b23fd00aad0537680c9896171e44fe3ff79e28ac33d" UPSTREAM_CHECK_URI = "http://www.mpfr.org/mpfr-current/" diff --git a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch index 9812ecc8b3..a7bc8d322e 100644 --- a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch +++ b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch @@ -7,6 +7,7 @@ Upstream-Status: Pending Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> --- test/regress | 6 +++--- test/regress2 | 11 +++++------ @@ -20,7 +21,7 @@ index 2ce1705..d086a47 100755 if [ $numnodes -lt 2 ] ; then echo "need at least two nodes with at least $NEEDPAGES each of" echo "free memory for mempolicy regression tests" -+ echo "FAIL: numa regress" ++ echo "SKIP: numa regress" exit 77 # Skip test fi } diff --git a/poky/meta/recipes-support/numactl/numactl/run-ptest b/poky/meta/recipes-support/numactl/numactl/run-ptest index bf269da755..e019b0d364 100755 --- a/poky/meta/recipes-support/numactl/numactl/run-ptest +++ b/poky/meta/recipes-support/numactl/numactl/run-ptest @@ -8,7 +8,11 @@ if ! numactl -s | grep -q "No NUMA support available on this system."; then if numademo -t -e 10M; then echo "PASS: numademo" else - echo "FAIL: numademo" + if [ "$?" = 77 ] ; then + echo "SKIP: numademo" + else + echo "FAIL: numademo" + fi fi else echo "SKIP: ./../test/bind_range" diff --git a/poky/meta/recipes-support/numactl/numactl_git.bb b/poky/meta/recipes-support/numactl/numactl_git.bb index 712cf0203f..23be0a3b4f 100644 --- a/poky/meta/recipes-support/numactl/numactl_git.bb +++ b/poky/meta/recipes-support/numactl/numactl_git.bb @@ -10,8 +10,8 @@ inherit autotools-brokensep ptest LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=9f34c3af4ed6f3f5df0da5f3c0835a43" -SRCREV = "01a39cb4edc0dd0f4151b7ad11e0c56d2e612a02" -PV = "2.0.15" +SRCREV = "10285f1a1bad49306839b2c463936460b604e3ea" +PV = "2.0.16" SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index cbc370100b..1e27415288 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -10,8 +10,7 @@ DEPENDS = "ncurses gettext-native" RSUGGESTS:${PN} = "diffutils" LICENSE = "Vim" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \ - file://runtime/doc/uganda.txt;md5=001ef779f422a0e9106d428c84495b4d" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99" SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ @@ -20,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0598" -SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" +PV .= ".1429" +SRCREV = "1a08a3e2a584889f19b84a27672134649b73da58" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" @@ -33,7 +32,7 @@ S = "${WORKDIR}/git" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" -inherit autotools-brokensep update-alternatives mime-xdg +inherit autotools-brokensep update-alternatives mime-xdg pkgconfig CLEANBROKEN = "1" @@ -82,6 +81,7 @@ EXTRA_OECONF = " \ --disable-netbeans \ --disable-desktop-database-update \ --with-tlib=ncurses \ + --with-modified-by='${MAINTAINER}' \ ac_cv_small_wchar_t=no \ ac_cv_path_GLIB_COMPILE_RESOURCES=no \ vim_cv_getcwd_broken=no \ diff --git a/poky/scripts/combo-layer b/poky/scripts/combo-layer index 045de65642..7f2020fca7 100755 --- a/poky/scripts/combo-layer +++ b/poky/scripts/combo-layer @@ -21,7 +21,6 @@ import re import copy import pipes import shutil -from collections import OrderedDict from string import Template from functools import reduce @@ -192,6 +191,23 @@ def runcmd(cmd,destdir=None,printerr=True,out=None,env=None): logger.debug("output: %s" % output.replace(chr(0), '\\0')) return output +def action_sync_revs(conf, args): + """ + Update the last_revision config option for each repo with the latest + revision in the remote's branch. Useful if multiple people are using + combo-layer. + """ + repos = get_repos(conf, args[1:]) + + for name in repos: + repo = conf.repos[name] + ldir = repo['local_repo_dir'] + branch = repo.get('branch', "master") + runcmd("git fetch", ldir) + lastrev = runcmd('git rev-parse origin/%s' % branch, ldir).strip() + print("Updating %s to %s" % (name, lastrev)) + conf.update(name, "last_revision", lastrev) + def action_init(conf, args): """ Clone component repositories @@ -508,7 +524,7 @@ def check_patch(patchfile): f.close() if of: of.close() - bb.utils.rename(patchfile + '.tmp', patchfile) + os.rename(of.name, patchfile) def drop_to_shell(workdir=None): if not sys.stdin.isatty(): @@ -1302,6 +1318,7 @@ actions = { "update": action_update, "pull": action_pull, "splitpatch": action_splitpatch, + "sync-revs": action_sync_revs, } def main(): @@ -1312,10 +1329,11 @@ def main(): Create and update a combination layer repository from multiple component repositories. Action: - init initialise the combo layer repo - update [components] get patches from component repos and apply them to the combo repo - pull [components] just pull component repos only - splitpatch [commit] generate commit patch and split per component, default commit is HEAD""") + init initialise the combo layer repo + update [components] get patches from component repos and apply them to the combo repo + pull [components] just pull component repos only + sync-revs [components] update the config file's last_revision for each repository + splitpatch [commit] generate commit patch and split per component, default commit is HEAD""") parser.add_option("-c", "--conf", help = "specify the config file (conf/combo-layer.conf is the default).", action = "store", dest = "conffile", default = "conf/combo-layer.conf") diff --git a/poky/scripts/contrib/convert-overrides.py b/poky/scripts/contrib/convert-overrides.py index 4d41a4c475..1939757f1b 100755 --- a/poky/scripts/contrib/convert-overrides.py +++ b/poky/scripts/contrib/convert-overrides.py @@ -22,50 +22,62 @@ import sys import tempfile import shutil import mimetypes +import argparse -if len(sys.argv) < 2: - print("Please specify a directory to run the conversion script against.") - sys.exit(1) +parser = argparse.ArgumentParser(description="Convert override syntax") +parser.add_argument("--override", "-o", action="append", default=[], help="Add additional strings to consider as an override (e.g. custom machines/distros") +parser.add_argument("--skip", "-s", action="append", default=[], help="Add additional string to skip and not consider an override") +parser.add_argument("--skip-ext", "-e", action="append", default=[], help="Additional file suffixes to skip when processing (e.g. '.foo')") +parser.add_argument("--package-vars", action="append", default=[], help="Additional variables to treat as package variables") +parser.add_argument("--image-vars", action="append", default=[], help="Additional variables to treat as image variables") +parser.add_argument("--short-override", action="append", default=[], help="Additional strings to treat as short overrides") +parser.add_argument("path", nargs="+", help="Paths to convert") + +args = parser.parse_args() # List of strings to treat as overrides -vars = ["append", "prepend", "remove"] -vars = vars + ["qemuarm", "qemux86", "qemumips", "qemuppc", "qemuriscv", "qemuall"] -vars = vars + ["genericx86", "edgerouter", "beaglebone-yocto"] -vars = vars + ["armeb", "arm", "armv5", "armv6", "armv4", "powerpc64", "aarch64", "riscv32", "riscv64", "x86", "mips64", "powerpc"] -vars = vars + ["mipsarch", "x86-x32", "mips16e", "microblaze", "e5500-64b", "mipsisa32", "mipsisa64"] -vars = vars + ["class-native", "class-target", "class-cross-canadian", "class-cross", "class-devupstream"] -vars = vars + ["tune-", "pn-", "forcevariable"] -vars = vars + ["libc-musl", "libc-glibc", "libc-newlib","libc-baremetal"] -vars = vars + ["task-configure", "task-compile", "task-install", "task-clean", "task-image-qa", "task-rm_work", "task-image-complete", "task-populate-sdk"] -vars = vars + ["toolchain-clang", "mydistro", "nios2", "sdkmingw32", "overrideone", "overridetwo"] -vars = vars + ["linux-gnux32", "linux-muslx32", "linux-gnun32", "mingw32", "poky", "darwin", "linuxstdbase"] -vars = vars + ["linux-gnueabi", "eabi"] -vars = vars + ["virtclass-multilib", "virtclass-mcextend"] +vars = args.override +vars += ["append", "prepend", "remove"] +vars += ["qemuarm", "qemux86", "qemumips", "qemuppc", "qemuriscv", "qemuall"] +vars += ["genericx86", "edgerouter", "beaglebone-yocto"] +vars += ["armeb", "arm", "armv5", "armv6", "armv4", "powerpc64", "aarch64", "riscv32", "riscv64", "x86", "mips64", "powerpc"] +vars += ["mipsarch", "x86-x32", "mips16e", "microblaze", "e5500-64b", "mipsisa32", "mipsisa64"] +vars += ["class-native", "class-target", "class-cross-canadian", "class-cross", "class-devupstream"] +vars += ["tune-", "pn-", "forcevariable"] +vars += ["libc-musl", "libc-glibc", "libc-newlib","libc-baremetal"] +vars += ["task-configure", "task-compile", "task-install", "task-clean", "task-image-qa", "task-rm_work", "task-image-complete", "task-populate-sdk"] +vars += ["toolchain-clang", "mydistro", "nios2", "sdkmingw32", "overrideone", "overridetwo"] +vars += ["linux-gnux32", "linux-muslx32", "linux-gnun32", "mingw32", "poky", "darwin", "linuxstdbase"] +vars += ["linux-gnueabi", "eabi"] +vars += ["virtclass-multilib", "virtclass-mcextend"] # List of strings to treat as overrides but only with whitespace following or another override (more restricted matching). # Handles issues with arc matching arch. -shortvars = ["arc", "mips", "mipsel", "sh4"] +shortvars = ["arc", "mips", "mipsel", "sh4"] + args.short_override # Variables which take packagenames as an override packagevars = ["FILES", "RDEPENDS", "RRECOMMENDS", "SUMMARY", "DESCRIPTION", "RSUGGESTS", "RPROVIDES", "RCONFLICTS", "PKG", "ALLOW_EMPTY", "pkg_postrm", "pkg_postinst_ontarget", "pkg_postinst", "INITSCRIPT_NAME", "INITSCRIPT_PARAMS", "DEBIAN_NOAUTONAME", "ALTERNATIVE", "PKGE", "PKGV", "PKGR", "USERADD_PARAM", "GROUPADD_PARAM", "CONFFILES", "SYSTEMD_SERVICE", "LICENSE", "SECTION", "pkg_preinst", "pkg_prerm", "RREPLACES", "GROUPMEMS_PARAM", "SYSTEMD_AUTO_ENABLE", "SKIP_FILEDEPS", "PRIVATE_LIBS", "PACKAGE_ADD_METADATA", - "INSANE_SKIP", "DEBIANNAME", "SYSTEMD_SERVICE_ESCAPED"] + "INSANE_SKIP", "DEBIANNAME", "SYSTEMD_SERVICE_ESCAPED"] + args.package_vars # Expressions to skip if encountered, these are not overrides -skips = ["parser_append", "recipe_to_append", "extra_append", "to_remove", "show_appends", "applied_appends", "file_appends", "handle_remove"] -skips = skips + ["expanded_removes", "color_remove", "test_remove", "empty_remove", "toaster_prepend", "num_removed", "licfiles_append", "_write_append"] -skips = skips + ["no_report_remove", "test_prepend", "test_append", "multiple_append", "test_remove", "shallow_remove", "do_remove_layer", "first_append"] -skips = skips + ["parser_remove", "to_append", "no_remove", "bblayers_add_remove", "bblayers_remove", "apply_append", "is_x86", "base_dep_prepend"] -skips = skips + ["autotools_dep_prepend", "go_map_arm", "alt_remove_links", "systemd_append_file", "file_append", "process_file_darwin"] -skips = skips + ["run_loaddata_poky", "determine_if_poky_env", "do_populate_poky_src", "libc_cv_include_x86_isa_level", "test_rpm_remove", "do_install_armmultilib"] -skips = skips + ["get_appends_for_files", "test_doubleref_remove", "test_bitbakelayers_add_remove", "elf32_x86_64", "colour_remove", "revmap_remove"] -skips = skips + ["test_rpm_remove", "test_bitbakelayers_add_remove", "recipe_append_file", "log_data_removed", "recipe_append", "systemd_machine_unit_append"] -skips = skips + ["recipetool_append", "changetype_remove", "try_appendfile_wc", "test_qemux86_directdisk", "test_layer_appends", "tgz_removed"] - -imagevars = ["IMAGE_CMD", "EXTRA_IMAGECMD", "IMAGE_TYPEDEP", "CONVERSION_CMD", "COMPRESS_CMD"] -packagevars = packagevars + imagevars +skips = args.skip +skips += ["parser_append", "recipe_to_append", "extra_append", "to_remove", "show_appends", "applied_appends", "file_appends", "handle_remove"] +skips += ["expanded_removes", "color_remove", "test_remove", "empty_remove", "toaster_prepend", "num_removed", "licfiles_append", "_write_append"] +skips += ["no_report_remove", "test_prepend", "test_append", "multiple_append", "test_remove", "shallow_remove", "do_remove_layer", "first_append"] +skips += ["parser_remove", "to_append", "no_remove", "bblayers_add_remove", "bblayers_remove", "apply_append", "is_x86", "base_dep_prepend"] +skips += ["autotools_dep_prepend", "go_map_arm", "alt_remove_links", "systemd_append_file", "file_append", "process_file_darwin"] +skips += ["run_loaddata_poky", "determine_if_poky_env", "do_populate_poky_src", "libc_cv_include_x86_isa_level", "test_rpm_remove", "do_install_armmultilib"] +skips += ["get_appends_for_files", "test_doubleref_remove", "test_bitbakelayers_add_remove", "elf32_x86_64", "colour_remove", "revmap_remove"] +skips += ["test_rpm_remove", "test_bitbakelayers_add_remove", "recipe_append_file", "log_data_removed", "recipe_append", "systemd_machine_unit_append"] +skips += ["recipetool_append", "changetype_remove", "try_appendfile_wc", "test_qemux86_directdisk", "test_layer_appends", "tgz_removed"] + +imagevars = ["IMAGE_CMD", "EXTRA_IMAGECMD", "IMAGE_TYPEDEP", "CONVERSION_CMD", "COMPRESS_CMD"] + args.image_vars +packagevars += imagevars + +skip_ext = [".html", ".patch", ".m4", ".diff"] + args.skip_ext vars_re = {} for exp in vars: @@ -124,21 +136,20 @@ def processfile(fn): ourname = os.path.basename(sys.argv[0]) ourversion = "0.9.3" -if os.path.isfile(sys.argv[1]): - processfile(sys.argv[1]) - sys.exit(0) - -for targetdir in sys.argv[1:]: - print("processing directory '%s'" % targetdir) - for root, dirs, files in os.walk(targetdir): - for name in files: - if name == ourname: - continue - fn = os.path.join(root, name) - if os.path.islink(fn): - continue - if "/.git/" in fn or fn.endswith(".html") or fn.endswith(".patch") or fn.endswith(".m4") or fn.endswith(".diff"): - continue - processfile(fn) +for p in args.path: + if os.path.isfile(p): + processfile(p) + else: + print("processing directory '%s'" % p) + for root, dirs, files in os.walk(p): + for name in files: + if name == ourname: + continue + fn = os.path.join(root, name) + if os.path.islink(fn): + continue + if "/.git/" in fn or any(fn.endswith(ext) for ext in skip_ext): + continue + processfile(fn) print("All files processed with version %s" % ourversion) diff --git a/poky/scripts/contrib/image-manifest b/poky/scripts/contrib/image-manifest index 3c07a73a4e..4d65a99258 100755 --- a/poky/scripts/contrib/image-manifest +++ b/poky/scripts/contrib/image-manifest @@ -392,7 +392,7 @@ def export_manifest_info(args): for key in rd.getVarFlags('PACKAGECONFIG').keys(): if key == 'doc': continue - rvalues[pn]['packageconfig_opts'][key] = rd.getVarFlag('PACKAGECONFIG', key, True) + rvalues[pn]['packageconfig_opts'][key] = rd.getVarFlag('PACKAGECONFIG', key) if config['patches'] == 'yes': patches = oe.recipeutils.get_recipe_patches(rd) diff --git a/poky/scripts/lib/buildstats.py b/poky/scripts/lib/buildstats.py index c69b5bf4d7..6db60d5bcf 100644 --- a/poky/scripts/lib/buildstats.py +++ b/poky/scripts/lib/buildstats.py @@ -8,7 +8,7 @@ import json import logging import os import re -from collections import namedtuple,OrderedDict +from collections import namedtuple from statistics import mean @@ -79,8 +79,8 @@ class BSTask(dict): return self['rusage']['ru_oublock'] @classmethod - def from_file(cls, buildstat_file): - """Read buildstat text file""" + def from_file(cls, buildstat_file, fallback_end=0): + """Read buildstat text file. fallback_end is an optional end time for tasks that are not recorded as finishing.""" bs_task = cls() log.debug("Reading task buildstats from %s", buildstat_file) end_time = None @@ -108,7 +108,10 @@ class BSTask(dict): bs_task[ru_type][ru_key] = val elif key == 'Status': bs_task['status'] = val - if end_time is not None and start_time is not None: + # If the task didn't finish, fill in the fallback end time if specified + if start_time and not end_time and fallback_end: + end_time = fallback_end + if start_time and end_time: bs_task['elapsed_time'] = end_time - start_time else: raise BSError("{} looks like a invalid buildstats file".format(buildstat_file)) @@ -226,25 +229,44 @@ class BuildStats(dict): epoch = match.group('epoch') return name, epoch, version, revision + @staticmethod + def parse_top_build_stats(path): + """ + Parse the top-level build_stats file for build-wide start and duration. + """ + start = elapsed = 0 + with open(path) as fobj: + for line in fobj.readlines(): + key, val = line.split(':', 1) + val = val.strip() + if key == 'Build Started': + start = float(val) + elif key == "Elapsed time": + elapsed = float(val.split()[0]) + return start, elapsed + @classmethod def from_dir(cls, path): """Load buildstats from a buildstats directory""" - if not os.path.isfile(os.path.join(path, 'build_stats')): + top_stats = os.path.join(path, 'build_stats') + if not os.path.isfile(top_stats): raise BSError("{} does not look like a buildstats directory".format(path)) log.debug("Reading buildstats directory %s", path) - buildstats = cls() + build_started, build_elapsed = buildstats.parse_top_build_stats(top_stats) + build_end = build_started + build_elapsed + subdirs = os.listdir(path) for dirname in subdirs: recipe_dir = os.path.join(path, dirname) - if not os.path.isdir(recipe_dir): + if dirname == "reduced_proc_pressure" or not os.path.isdir(recipe_dir): continue name, epoch, version, revision = cls.split_nevr(dirname) bsrecipe = BSRecipe(name, epoch, version, revision) for task in os.listdir(recipe_dir): bsrecipe.tasks[task] = BSTask.from_file( - os.path.join(recipe_dir, task)) + os.path.join(recipe_dir, task), build_end) if name in buildstats: raise BSError("Cannot handle multiple versions of the same " "package ({})".format(name)) diff --git a/poky/scripts/lib/checklayer/__init__.py b/poky/scripts/lib/checklayer/__init__.py index aa946f3036..938805289e 100644 --- a/poky/scripts/lib/checklayer/__init__.py +++ b/poky/scripts/lib/checklayer/__init__.py @@ -16,6 +16,7 @@ class LayerType(Enum): BSP = 0 DISTRO = 1 SOFTWARE = 2 + CORE = 3 ERROR_NO_LAYER_CONF = 98 ERROR_BSP_DISTRO = 99 @@ -106,7 +107,13 @@ def _detect_layer(layer_path): if distros: is_distro = True - if is_bsp and is_distro: + layer['collections'] = _get_layer_collections(layer['path']) + + if layer_name == "meta" and "core" in layer['collections']: + layer['type'] = LayerType.CORE + layer['conf']['machines'] = machines + layer['conf']['distros'] = distros + elif is_bsp and is_distro: layer['type'] = LayerType.ERROR_BSP_DISTRO elif is_bsp: layer['type'] = LayerType.BSP @@ -117,8 +124,6 @@ def _detect_layer(layer_path): else: layer['type'] = LayerType.SOFTWARE - layer['collections'] = _get_layer_collections(layer['path']) - return layer def detect_layers(layer_directories, no_auto): diff --git a/poky/scripts/lib/checklayer/cases/bsp.py b/poky/scripts/lib/checklayer/cases/bsp.py index a80a5844da..b76163fb56 100644 --- a/poky/scripts/lib/checklayer/cases/bsp.py +++ b/poky/scripts/lib/checklayer/cases/bsp.py @@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase class BSPCheckLayer(OECheckLayerTestCase): @classmethod def setUpClass(self): - if self.tc.layer['type'] != LayerType.BSP: + if self.tc.layer['type'] not in (LayerType.BSP, LayerType.CORE): raise unittest.SkipTest("BSPCheckLayer: Layer %s isn't BSP one." %\ self.tc.layer['name']) diff --git a/poky/scripts/lib/checklayer/cases/common.py b/poky/scripts/lib/checklayer/cases/common.py index 491a13953c..722d3cf638 100644 --- a/poky/scripts/lib/checklayer/cases/common.py +++ b/poky/scripts/lib/checklayer/cases/common.py @@ -12,6 +12,9 @@ from checklayer.case import OECheckLayerTestCase class CommonCheckLayer(OECheckLayerTestCase): def test_readme(self): + if self.tc.layer['type'] == LayerType.CORE: + raise unittest.SkipTest("Core layer's README is top level") + # The top-level README file may have a suffix (like README.rst or README.txt). readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*')) self.assertTrue(len(readme_files) > 0, diff --git a/poky/scripts/lib/checklayer/cases/distro.py b/poky/scripts/lib/checklayer/cases/distro.py index f0bee5493c..a35332451c 100644 --- a/poky/scripts/lib/checklayer/cases/distro.py +++ b/poky/scripts/lib/checklayer/cases/distro.py @@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase class DistroCheckLayer(OECheckLayerTestCase): @classmethod def setUpClass(self): - if self.tc.layer['type'] != LayerType.DISTRO: + if self.tc.layer['type'] not in (LayerType.DISTRO, LayerType.CORE): raise unittest.SkipTest("DistroCheckLayer: Layer %s isn't Distro one." %\ self.tc.layer['name']) diff --git a/poky/scripts/lib/devtool/menuconfig.py b/poky/scripts/lib/devtool/menuconfig.py index d87a01e7a9..18daef30c3 100644 --- a/poky/scripts/lib/devtool/menuconfig.py +++ b/poky/scripts/lib/devtool/menuconfig.py @@ -45,7 +45,7 @@ def menuconfig(args, config, basepath, workspace): return 1 check_workspace_recipe(workspace, args.component) - pn = rd.getVar('PN', True) + pn = rd.getVar('PN') if not rd.getVarFlag('do_menuconfig','task'): raise DevtoolError("This recipe does not support menuconfig option") diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py index e3b74ab8f0..d64e18e179 100644 --- a/poky/scripts/lib/devtool/standard.py +++ b/poky/scripts/lib/devtool/standard.py @@ -765,6 +765,16 @@ def get_staging_kbranch(srcdir): staging_kbranch = "".join(branch.split('\n')[0]) return staging_kbranch +def get_real_srctree(srctree, s, workdir): + # Check that recipe isn't using a shared workdir + s = os.path.abspath(s) + workdir = os.path.abspath(workdir) + if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir: + # Handle if S is set to a subdirectory of the source + srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1] + srctree = os.path.join(srctree, srcsubdir) + return srctree + def modify(args, config, basepath, workspace): """Entry point for the devtool 'modify' subcommand""" import bb @@ -923,14 +933,7 @@ def modify(args, config, basepath, workspace): # Need to grab this here in case the source is within a subdirectory srctreebase = srctree - - # Check that recipe isn't using a shared workdir - s = os.path.abspath(rd.getVar('S')) - workdir = os.path.abspath(rd.getVar('WORKDIR')) - if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir: - # Handle if S is set to a subdirectory of the source - srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1] - srctree = os.path.join(srctree, srcsubdir) + srctree = get_real_srctree(srctree, rd.getVar('S'), rd.getVar('WORKDIR')) bb.utils.mkdirhier(os.path.dirname(appendfile)) with open(appendfile, 'w') as f: @@ -1406,6 +1409,18 @@ def _export_local_files(srctree, rd, destdir, srctreebase): updated = OrderedDict() added = OrderedDict() removed = OrderedDict() + + # Get current branch and return early with empty lists + # if on one of the override branches + # (local files are provided only for the main branch and processing + # them against lists from recipe overrides will result in mismatches + # and broken modifications to recipes). + stdout, _ = bb.process.run('git rev-parse --abbrev-ref HEAD', + cwd=srctree) + branchname = stdout.rstrip() + if branchname.startswith(override_branch_prefix): + return (updated, added, removed) + local_files_dir = os.path.join(srctreebase, 'oe-local-files') git_files = _git_ls_tree(srctree) if 'oe-local-files' in git_files: @@ -1635,31 +1650,25 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil tempdir = tempfile.mkdtemp(prefix='devtool') try: local_files_dir = tempfile.mkdtemp(dir=tempdir) - if filter_patches: - upd_f = {} - new_f = {} - del_f = {} - else: - upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase) - - remove_files = [] - if not no_remove: - # Get all patches from source tree and check if any should be removed - all_patches_dir = tempfile.mkdtemp(dir=tempdir) - _, _, del_p = _export_patches(srctree, rd, initial_rev, - all_patches_dir) - # Remove deleted local files and patches - remove_files = list(del_f.values()) + list(del_p.values()) + upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase) # Get updated patches from source tree patches_dir = tempfile.mkdtemp(dir=tempdir) upd_p, new_p, _ = _export_patches(srctree, rd, update_rev, patches_dir, changed_revs) + # Get all patches from source tree and check if any should be removed + all_patches_dir = tempfile.mkdtemp(dir=tempdir) + _, _, del_p = _export_patches(srctree, rd, initial_rev, + all_patches_dir) logger.debug('Pre-filtering: update: %s, new: %s' % (dict(upd_p), dict(new_p))) if filter_patches: new_p = OrderedDict() upd_p = OrderedDict((k,v) for k,v in upd_p.items() if k in filter_patches) - remove_files = [f for f in remove_files if f in filter_patches] + del_p = OrderedDict((k,v) for k,v in del_p.items() if k in filter_patches) + remove_files = [] + if not no_remove: + # Remove deleted local files and patches + remove_files = list(del_f.values()) + list(del_p.values()) updatefiles = False updaterecipe = False destpath = None diff --git a/poky/scripts/lib/devtool/upgrade.py b/poky/scripts/lib/devtool/upgrade.py index 39a1910a49..6c4a62b558 100644 --- a/poky/scripts/lib/devtool/upgrade.py +++ b/poky/scripts/lib/devtool/upgrade.py @@ -88,7 +88,7 @@ def _rename_recipe_files(oldrecipe, bpn, oldpv, newpv, path): _rename_recipe_dirs(oldpv, newpv, path) return _rename_recipe_file(oldrecipe, bpn, oldpv, newpv, path) -def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d): +def _write_append(rc, srctreebase, srctree, same_dir, no_same_dir, rev, copied, workspace, d): """Writes an append file""" if not os.path.exists(rc): raise DevtoolError("bbappend not created because %s does not exist" % rc) @@ -104,6 +104,11 @@ def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d) af = os.path.join(appendpath, '%s.bbappend' % brf) with open(af, 'w') as f: f.write('FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"\n\n') + # Local files can be modified/tracked in separate subdir under srctree + # Mostly useful for packages with S != WORKDIR + f.write('FILESPATH:prepend := "%s:"\n' % + os.path.join(srctreebase, 'oe-local-files')) + f.write('# srctreebase: %s\n' % srctreebase) f.write('inherit externalsrc\n') f.write(('# NOTE: We use pn- overrides here to avoid affecting' 'multiple variants in the case where the recipe uses BBCLASSEXTEND\n')) @@ -120,11 +125,8 @@ def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d) return af def _cleanup_on_error(rd, srctree): - rdp = os.path.split(rd)[0] # recipes folder if os.path.exists(rd): shutil.rmtree(rd) - if not len(os.listdir(rdp)): - os.rmdir(rdp) srctree = os.path.abspath(srctree) if os.path.exists(srctree): shutil.rmtree(srctree) @@ -524,14 +526,7 @@ def upgrade(args, config, basepath, workspace): else: srctree = standard.get_default_srctree(config, pn) - # Check that recipe isn't using a shared workdir - s = os.path.abspath(rd.getVar('S')) - workdir = os.path.abspath(rd.getVar('WORKDIR')) - srctree_s = srctree - if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir: - # Handle if S is set to a subdirectory of the source - srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1] - srctree_s = os.path.join(srctree, srcsubdir) + srctree_s = standard.get_real_srctree(srctree, rd.getVar('S'), rd.getVar('WORKDIR')) # try to automatically discover latest version and revision if not provided on command line if not args.version and not args.srcrev: @@ -575,7 +570,7 @@ def upgrade(args, config, basepath, workspace): _upgrade_error(e, recipedir, srctree, args.keep_failure) standard._add_md5(config, pn, os.path.dirname(rf)) - af = _write_append(rf, srctree_s, args.same_dir, args.no_same_dir, rev2, + af = _write_append(rf, srctree, srctree_s, args.same_dir, args.no_same_dir, rev2, copied, config.workspace_path, rd) standard._add_md5(config, pn, af) diff --git a/poky/scripts/lib/resulttool/resultutils.py b/poky/scripts/lib/resulttool/resultutils.py index 8917022d36..7666331ba2 100644 --- a/poky/scripts/lib/resulttool/resultutils.py +++ b/poky/scripts/lib/resulttool/resultutils.py @@ -142,7 +142,7 @@ def generic_get_log(sectionname, results, section): return decode_log(ptest['log']) def ptestresult_get_log(results, section): - return generic_get_log('ptestresuls.sections', results, section) + return generic_get_log('ptestresult.sections', results, section) def generic_get_rawlogs(sectname, results): if sectname not in results: diff --git a/poky/scripts/lib/wic/filemap.py b/poky/scripts/lib/wic/filemap.py index 4d9da28172..85b39d5d74 100644 --- a/poky/scripts/lib/wic/filemap.py +++ b/poky/scripts/lib/wic/filemap.py @@ -46,6 +46,13 @@ def get_block_size(file_obj): bsize = stat.st_blksize else: raise IOError("Unable to determine block size") + + # The logic in this script only supports a maximum of a 4KB + # block size + max_block_size = 4 * 1024 + if bsize > max_block_size: + bsize = max_block_size + return bsize class ErrorNotSupp(Exception): diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py index e50871b8d7..382afa44bc 100644 --- a/poky/scripts/lib/wic/partition.py +++ b/poky/scripts/lib/wic/partition.py @@ -133,6 +133,8 @@ class Partition(): self.update_fstab_in_rootfs = True if not self.source: + if self.fstype == "none": + return if not self.size and not self.fixed_size: raise WicError("The %s partition has a size of zero. Please " "specify a non-zero --size/--fixed-size for that " @@ -300,6 +302,30 @@ class Partition(): mkfs_cmd = "fsck.%s -pvfD %s" % (self.fstype, rootfs) exec_native_cmd(mkfs_cmd, native_sysroot, pseudo=pseudo) + if os.getenv('SOURCE_DATE_EPOCH'): + sde_time = hex(int(os.getenv('SOURCE_DATE_EPOCH'))) + debugfs_script_path = os.path.join(cr_workdir, "debugfs_script") + files = [] + for root, dirs, others in os.walk(rootfs_dir): + base = root.replace(rootfs_dir, "").rstrip(os.sep) + files += [ "/" if base == "" else base ] + files += [ base + "/" + n for n in dirs + others ] + with open(debugfs_script_path, "w") as f: + f.write("set_current_time %s\n" % (sde_time)) + if self.updated_fstab_path and self.has_fstab and not self.no_fstab_update: + f.write("set_inode_field /etc/fstab mtime %s\n" % (sde_time)) + f.write("set_inode_field /etc/fstab mtime_extra 0\n") + for file in set(files): + for time in ["atime", "ctime", "crtime"]: + f.write("set_inode_field \"%s\" %s %s\n" % (file, time, sde_time)) + f.write("set_inode_field \"%s\" %s_extra 0\n" % (file, time)) + for time in ["wtime", "mkfs_time", "lastcheck"]: + f.write("set_super_value %s %s\n" % (time, sde_time)) + for time in ["mtime", "first_error_time", "last_error_time"]: + f.write("set_super_value %s 0\n" % (time)) + debugfs_cmd = "debugfs -w -f %s %s" % (debugfs_script_path, rootfs) + exec_native_cmd(debugfs_cmd, native_sysroot) + self.check_for_Y2038_problem(rootfs, native_sysroot) def prepare_rootfs_btrfs(self, rootfs, cr_workdir, oe_builddir, rootfs_dir, @@ -353,7 +379,7 @@ class Partition(): exec_native_cmd(mcopy_cmd, native_sysroot) if self.updated_fstab_path and self.has_fstab and not self.no_fstab_update: - mcopy_cmd = "mcopy -i %s %s ::/etc/fstab" % (rootfs, self.updated_fstab_path) + mcopy_cmd = "mcopy -m -i %s %s ::/etc/fstab" % (rootfs, self.updated_fstab_path) exec_native_cmd(mcopy_cmd, native_sysroot) chmod_cmd = "chmod 644 %s" % rootfs @@ -381,6 +407,9 @@ class Partition(): (extraopts, self.fsuuid, rootfs, rootfs_dir) exec_native_cmd(erofs_cmd, native_sysroot, pseudo=pseudo) + def prepare_empty_partition_none(self, rootfs, oe_builddir, native_sysroot): + pass + def prepare_empty_partition_ext(self, rootfs, oe_builddir, native_sysroot): """ diff --git a/poky/scripts/lib/wic/plugins/imager/direct.py b/poky/scripts/lib/wic/plugins/imager/direct.py index da483daed5..67dc56d4ff 100644 --- a/poky/scripts/lib/wic/plugins/imager/direct.py +++ b/poky/scripts/lib/wic/plugins/imager/direct.py @@ -117,7 +117,7 @@ class DirectPlugin(ImagerPlugin): updated = False for part in self.parts: if not part.realnum or not part.mountpoint \ - or part.mountpoint == "/" or not part.mountpoint.startswith('/'): + or part.mountpoint == "/" or not (part.mountpoint.startswith('/') or part.mountpoint == "swap"): continue if part.use_uuid: @@ -149,6 +149,9 @@ class DirectPlugin(ImagerPlugin): self.updated_fstab_path = os.path.join(self.workdir, "fstab") with open(self.updated_fstab_path, "w") as f: f.writelines(fstab_lines) + if os.getenv('SOURCE_DATE_EPOCH'): + fstab_time = int(os.getenv('SOURCE_DATE_EPOCH')) + os.utime(self.updated_fstab_path, (fstab_time, fstab_time)) def _full_path(self, path, name, extention): """ Construct full file path to a file we generate. """ diff --git a/poky/scripts/lib/wic/plugins/source/rootfs.py b/poky/scripts/lib/wic/plugins/source/rootfs.py index fc06312ee4..e29f3a4c2f 100644 --- a/poky/scripts/lib/wic/plugins/source/rootfs.py +++ b/poky/scripts/lib/wic/plugins/source/rootfs.py @@ -224,7 +224,7 @@ class RootfsPlugin(SourcePlugin): if part.update_fstab_in_rootfs and part.has_fstab and not part.no_fstab_update: fstab_path = os.path.join(new_rootfs, "etc/fstab") # Assume that fstab should always be owned by root with fixed permissions - install_cmd = "install -m 0644 %s %s" % (part.updated_fstab_path, fstab_path) + install_cmd = "install -m 0644 -p %s %s" % (part.updated_fstab_path, fstab_path) if new_pseudo: pseudo = cls.__get_pseudo(native_sysroot, new_rootfs, new_pseudo) else: diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py index 4326361426..6d445aad4f 100644 --- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py +++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py @@ -356,6 +356,12 @@ def extents(options, xscale, trace): h += 30 + bar_h if trace.disk_stats: h += 30 + bar_h + if trace.cpu_pressure: + h += 30 + bar_h + if trace.io_pressure: + h += 30 + bar_h + if trace.mem_pressure: + h += 30 + bar_h if trace.monitor_disk: h += 30 + bar_h if trace.mem_stats: diff --git a/poky/scripts/pybootchartgui/pybootchartgui/parsing.py b/poky/scripts/pybootchartgui/pybootchartgui/parsing.py index 362d5153e8..63a53b6b88 100644 --- a/poky/scripts/pybootchartgui/pybootchartgui/parsing.py +++ b/poky/scripts/pybootchartgui/pybootchartgui/parsing.py @@ -131,7 +131,7 @@ class Trace: def compile(self, writer): def find_parent_id_for(pid): - if pid is 0: + if pid == 0: return 0 ppid = self.parent_map.get(pid) if ppid: diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index 983f7514c7..9a3c9d2ce4 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -210,7 +210,8 @@ class BaseConfig(object): self.mac_tap = "52:54:00:12:34:" self.mac_slirp = "52:54:00:12:35:" # pid of the actual qemu process - self.qemupid = None + self.qemu_environ = os.environ.copy() + self.qemuprocess = None # avoid cleanup twice self.cleaned = False # Files to cleanup after run @@ -380,13 +381,19 @@ class BaseConfig(object): fst = m.group(1) if fst: self.check_arg_fstype(fst) - qb = re.sub('\.' + fst + "$", '', self.rootfs) - qb = '%s%s' % (re.sub('\.rootfs$', '', qb), '.qemuboot.conf') + qb = re.sub('\.' + fst + "$", '.qemuboot.conf', self.rootfs) if os.path.exists(qb): self.qemuboot = qb self.qbconfload = True else: - logger.warning("%s doesn't exist" % qb) + logger.warning("%s doesn't exist, will try to remove '.rootfs' from filename" % qb) + # They to remove .rootfs (IMAGE_NAME_SUFFIX) as well + qb = re.sub('\.rootfs.qemuboot.conf$', '.qemuboot.conf', qb) + if os.path.exists(qb): + self.qemuboot = qb + self.qbconfload = True + else: + logger.warning("%s doesn't exist" % qb) else: raise RunQemuError("Can't find FSTYPE from: %s" % p) @@ -420,6 +427,7 @@ class BaseConfig(object): # are there other scenarios in which we need to support being # invoked by bitbake? deploy = self.get('DEPLOY_DIR_IMAGE') + image_link_name = self.get('IMAGE_LINK_NAME') bbchild = deploy and self.get('OE_TMPDIR') if bbchild: self.set_machine_deploy_dir(arg, deploy) @@ -444,23 +452,30 @@ class BaseConfig(object): else: logger.error("%s not a directory valid DEPLOY_DIR_IMAGE" % deploy_dir_image) self.set("MACHINE", arg) + if not image_link_name: + s = re.search('^IMAGE_LINK_NAME="(.*)"', self.bitbake_e, re.M) + if s: + image_link_name = s.group(1) + self.set("IMAGE_LINK_NAME", image_link_name) + logger.debug('Using IMAGE_LINK_NAME = "%s"' % image_link_name) def set_dri_path(self): # As runqemu can be run within bitbake (when using testimage, for example), # we need to ensure that we run host pkg-config, and that it does not # get mis-directed to native build paths set by bitbake. + env = os.environ.copy() try: - del os.environ['PKG_CONFIG_PATH'] - del os.environ['PKG_CONFIG_DIR'] - del os.environ['PKG_CONFIG_LIBDIR'] - del os.environ['PKG_CONFIG_SYSROOT_DIR'] + del env['PKG_CONFIG_PATH'] + del env['PKG_CONFIG_DIR'] + del env['PKG_CONFIG_LIBDIR'] + del env['PKG_CONFIG_SYSROOT_DIR'] except KeyError: pass try: - dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True) + dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True, env=env) except subprocess.CalledProcessError as e: raise RunQemuError("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.") - os.environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip() + self.qemu_environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip() # This preloads uninative libc pieces and therefore ensures that RPATH/RUNPATH # in host mesa drivers doesn't trick uninative into loading host libc. @@ -468,7 +483,7 @@ class BaseConfig(object): uninative_path = os.path.dirname(self.get("UNINATIVE_LOADER")) if os.path.exists(uninative_path): preload_paths = [os.path.join(uninative_path, i) for i in preload_items] - os.environ['LD_PRELOAD'] = " ".join(preload_paths) + self.qemu_environ['LD_PRELOAD'] = " ".join(preload_paths) def check_args(self): for debug in ("-d", "--debug"): @@ -482,8 +497,8 @@ class BaseConfig(object): sys.argv.remove(quiet) if 'gl' not in sys.argv[1:] and 'gl-es' not in sys.argv[1:]: - os.environ['SDL_RENDER_DRIVER'] = 'software' - os.environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false' + self.qemu_environ['SDL_RENDER_DRIVER'] = 'software' + self.qemu_environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false' unknown_arg = "" for arg in sys.argv[1:]: @@ -497,7 +512,7 @@ class BaseConfig(object): self.gtk = True elif arg == 'gl': self.gl = True - elif 'gl-es' in sys.argv[1:]: + elif arg == 'gl-es': self.gl_es = True elif arg == 'egl-headless': self.egl_headless = True @@ -555,11 +570,18 @@ class BaseConfig(object): self.check_arg_machine(unknown_arg) if not (self.get('DEPLOY_DIR_IMAGE') or self.qbconfload): - self.load_bitbake_env() + self.load_bitbake_env(target=self.rootfs) s = re.search('^DEPLOY_DIR_IMAGE="(.*)"', self.bitbake_e, re.M) if s: self.set("DEPLOY_DIR_IMAGE", s.group(1)) + if not self.get('IMAGE_LINK_NAME') and self.rootfs: + s = re.search('^IMAGE_LINK_NAME="(.*)"', self.bitbake_e, re.M) + if s: + image_link_name = s.group(1) + self.set("IMAGE_LINK_NAME", image_link_name) + logger.debug('Using IMAGE_LINK_NAME = "%s"' % image_link_name) + def check_kvm(self): """Check kvm and kvm-host""" if not (self.kvm_enabled or self.vhost_enabled): @@ -589,11 +611,6 @@ class BaseConfig(object): if os.access(dev_kvm, os.W_OK|os.R_OK): self.qemu_opt_script += ' -enable-kvm' - if self.get('MACHINE') == "qemux86": - # Workaround for broken APIC window on pre 4.15 host kernels which causes boot hangs - # See YOCTO #12301 - # On 64 bit we use x2apic - self.kernel_cmdline_script += " clocksource=kvm-clock hpet=disable noapic nolapic" else: logger.error("You have no read or write permission on /dev/kvm.") logger.error("Please change the ownership of this file as described at:") @@ -670,8 +687,8 @@ class BaseConfig(object): if self.rootfs and not os.path.exists(self.rootfs): # Lazy rootfs - self.rootfs = "%s/%s-%s.%s" % (self.get('DEPLOY_DIR_IMAGE'), - self.rootfs, self.get('MACHINE'), + self.rootfs = "%s/%s.%s" % (self.get('DEPLOY_DIR_IMAGE'), + self.get('IMAGE_LINK_NAME'), self.fstype) elif not self.rootfs: cmd_name = '%s/%s*.%s' % (self.get('DEPLOY_DIR_IMAGE'), self.get('IMAGE_NAME'), self.fstype) @@ -875,8 +892,10 @@ class BaseConfig(object): machine = self.get('MACHINE') if not machine: machine = os.path.basename(deploy_dir_image) - self.qemuboot = "%s/%s-%s.qemuboot.conf" % (deploy_dir_image, - self.rootfs, machine) + if not self.get('IMAGE_LINK_NAME'): + raise RunQemuError("IMAGE_LINK_NAME wasn't set to find corresponding .qemuboot.conf file") + self.qemuboot = "%s/%s.qemuboot.conf" % (deploy_dir_image, + self.get('IMAGE_LINK_NAME')) else: cmd = 'ls -t %s/*.qemuboot.conf' % deploy_dir_image logger.debug('Running %s...' % cmd) @@ -1369,7 +1388,7 @@ class BaseConfig(object): # need our font setup and show-cusor below so we need to see what qemu --help says # is supported so we can pass our correct config in. if not self.nographic and not self.sdl and not self.gtk and not self.publicvnc and not self.egl_headless == True: - output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True) + output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True, env=self.qemu_environ) if "-display gtk" in output: self.gtk = True elif "-display sdl" in output: @@ -1393,7 +1412,7 @@ class BaseConfig(object): if self.sdl == True: self.qemu_opt += 'sdl,' elif self.gtk == True: - os.environ['FONTCONFIG_PATH'] = '/etc/fonts' + self.qemu_environ['FONTCONFIG_PATH'] = '/etc/fonts' self.qemu_opt += 'gtk,' if self.gl == True: @@ -1514,8 +1533,8 @@ class BaseConfig(object): if len(self.portlocks): for descriptor in self.portlocks.values(): pass_fds.append(descriptor.fileno()) - process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds) - self.qemupid = process.pid + process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds, env=self.qemu_environ) + self.qemuprocess = process retcode = process.wait() if retcode: if retcode == -signal.SIGTERM: @@ -1531,6 +1550,15 @@ class BaseConfig(object): signal.signal(signal.SIGTERM, signal.SIG_IGN) logger.info("Cleaning up") + + if self.qemuprocess: + try: + # give it some time to shut down, ignore return values and output + self.qemuprocess.send_signal(signal.SIGTERM) + self.qemuprocess.communicate(timeout=5) + except subprocess.TimeoutExpired: + self.qemuprocess.kill() + with open('/proc/uptime', 'r') as f: uptime_seconds = f.readline().split()[0] logger.info('Host uptime: %s\n' % uptime_seconds) @@ -1558,9 +1586,12 @@ class BaseConfig(object): else: shutil.rmtree(ent) + # Deliberately ignore the return code of 'tput smam'. + subprocess.call(["tput", "smam"]) + self.cleaned = True - def run_bitbake_env(self, mach=None): + def run_bitbake_env(self, mach=None, target=''): bitbake = shutil.which('bitbake') if not bitbake: return @@ -1573,22 +1604,33 @@ class BaseConfig(object): multiconfig = "mc:%s" % multiconfig if mach: - cmd = 'MACHINE=%s bitbake -e %s' % (mach, multiconfig) + cmd = 'MACHINE=%s bitbake -e %s %s' % (mach, multiconfig, target) else: - cmd = 'bitbake -e %s' % multiconfig + cmd = 'bitbake -e %s %s' % (multiconfig, target) logger.info('Running %s...' % cmd) - return subprocess.check_output(cmd, shell=True).decode('utf-8') + try: + return subprocess.check_output(cmd, shell=True).decode('utf-8') + except subprocess.CalledProcessError as err: + logger.warning("Couldn't run '%s' to gather environment information, maybe the target wasn't an image name, will retry with virtual/kernel as a target:\n%s" % (cmd, err.output.decode('utf-8'))) + # need something with IMAGE_NAME_SUFFIX/IMAGE_LINK_NAME defined (kernel also inherits image-artifact-names.bbclass) + target = 'virtual/kernel' + if mach: + cmd = 'MACHINE=%s bitbake -e %s %s' % (mach, multiconfig, target) + else: + cmd = 'bitbake -e %s %s' % (multiconfig, target) + try: + return subprocess.check_output(cmd, shell=True).decode('utf-8') + except subprocess.CalledProcessError as err: + logger.warning("Couldn't run '%s' to gather environment information, giving up with 'bitbake -e':\n%s" % (cmd, err.output.decode('utf-8'))) + return '' - def load_bitbake_env(self, mach=None): + + def load_bitbake_env(self, mach=None, target=None): if self.bitbake_e: return - try: - self.bitbake_e = self.run_bitbake_env(mach=mach) - except subprocess.CalledProcessError as err: - self.bitbake_e = '' - logger.warning("Couldn't run 'bitbake -e' to gather environment information:\n%s" % err.output.decode('utf-8')) + self.bitbake_e = self.run_bitbake_env(mach=mach, target=target) def validate_combos(self): if (self.fstype in self.vmtypes) and self.kernel: @@ -1634,12 +1676,8 @@ def main(): subprocess.check_call([renice, str(os.getpid())]) def sigterm_handler(signum, frame): - logger.info("SIGTERM received") - if config.qemupid: - os.kill(config.qemupid, signal.SIGTERM) + logger.info("Received signal: %s" % (signum)) config.cleanup() - # Deliberately ignore the return code of 'tput smam'. - subprocess.call(["tput", "smam"]) signal.signal(signal.SIGTERM, sigterm_handler) config.check_args() @@ -1661,8 +1699,6 @@ def main(): return 1 finally: config.cleanup() - # Deliberately ignore the return code of 'tput smam'. - subprocess.call(["tput", "smam"]) if __name__ == "__main__": sys.exit(main()) diff --git a/poky/scripts/yocto-check-layer b/poky/scripts/yocto-check-layer index 0e5b75b1f7..67cc71950f 100755 --- a/poky/scripts/yocto-check-layer +++ b/poky/scripts/yocto-check-layer @@ -168,14 +168,13 @@ def main(): layers_tested = 0 for layer in layers: - if layer['type'] == LayerType.ERROR_NO_LAYER_CONF or \ - layer['type'] == LayerType.ERROR_BSP_DISTRO: + if layer['type'] in (LayerType.ERROR_NO_LAYER_CONF, LayerType.ERROR_BSP_DISTRO): continue # Reset to a clean backup copy for each run shutil.copyfile(bblayersconf + '.backup', bblayersconf) - if check_bblayers(bblayersconf, layer['path'], logger): + if layer['type'] not in (LayerType.CORE, ) and check_bblayers(bblayersconf, layer['path'], logger): logger.info("%s already in %s. To capture initial signatures, layer under test should not present " "in BBLAYERS. Please remove %s from BBLAYERS." % (layer['name'], bblayersconf, layer['name'])) results[layer['name']] = None |