diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-07-21 17:09:43 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-08-10 22:22:44 +0300 |
| commit | 8f840685fb701a268141f0fcebc1d34fcd9b01de (patch) | |
| tree | 49f7cc04f8447a72e1bb9f96fa4a1174cea7b435 /poky/meta/recipes-core | |
| parent | 5eea8d85a2b0bfced71508b4b97030e2dc9a5717 (diff) | |
| download | openbmc-8f840685fb701a268141f0fcebc1d34fcd9b01de.tar.xz | |
subtree updates july 21 2023 poky,openembedded
poky: 13b646c0e1..b398c7653e:
Adrian Freihofer (2):
runqemu-ifdown: catch up with ifup
runqemu: drop uid parameter for ifdown
Alejandro Hernandez Samaniego (3):
baremetal-helloworld: Fix race condition
runqemu: Stop using warn() since its been deprecated
runqemu: Fix automated call to runqemu-ifup
Alex Kiernan (3):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
eudev: Add group sgx to eudev package
Alexander Kanavin (27):
insane.bbclass: enable 32 bit time API check (as a warning) on affected architectures
libxcrypt: upgrade 4.4.34 -> 4.4.35
libxml2: update 2.10.4 -> 2.11.4
ovmf: update 202302 -> 202305
lua: update 5.4.4 -> 5.4.6
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
python3-cryptography: update 39.0.2 -> 41.0.1
python3-cryptography-vectors: update 39.0.2 -> 41.0.1
python3: update 3.11.3 -> 3.11.4
diffutils: update 3.9 -> 3.10
shadow: remove dependency on pam-plugin-lastlog
libpam: update 1.5.2 -> 1.5.3
librsvg: update 2.56.0 -> 2.56.1
vulkan-validation-layers: update 1.3.243 -> 1.3.250
xcb-util-cursor: add a recipe from meta-oe
weston: update 11.0.1 -> 12.0.1
libdmx: update 1.1.4 -> 1.1.5
xtrans: update 1.4.0 -> 1.5.0
libproxy: fetch from git
libproxy: update 0.4.18 -> 0.5.2
libssh2: update 1.10.0 -> 1.11.0
gstreamer1.0-plugins-base: enable glx/opengl support
webkitgtk: update 2.38.5 -> 2.40.2
python3-cryptography: update a patch to upstream's better followup fix
time64.inc: annotate and clean up recipe-specific Y2038 exceptions
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
Andrej Valek (3):
cve-check: add option to add additional patched CVEs
oeqa/selftest/cve_check: rework test to new cve status handling
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
Anuj Mittal (7):
rpm: backport fix to prevent crashes with latest sqlite
sqlite3: upgrade 3.41.2 -> 3.42.0
vte: upgrade 0.72.1 -> 0.72.2
libpng: upgrade 1.6.39 -> 1.6.40
glib-networking: upgrade 2.76.0 -> 2.76.1
bluez5: upgrade 5.66 -> 5.68
selftest/cases/glibc.py: fix the override syntax
BELOUARGA Mohamed (9):
bitbake: fetch2/npmsw: Add support for the new format of the shrinkwrap file
bitbake: fetch2/npmsw: Don't fetch dev dependencies when they are not demanded
bitbake: fetch2/npm: Remove special caracters that causes recipe tool to fail
recipetool: create: npm: Remove duplicate function to not have future conflicts
classes: npm: Handle peer dependencies for npm packages
recipetool: create: npm: Add support for the new format of the shrinkwrap file
recipetool: create: npm: Add support to handle peer dependencies
classes: npm: Add support for the new format of the shrinkwrap file
classe-recipes: npm: Add support for dependencies and devDependencies
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (19):
perf: fix buildpaths QA warning in 6.4+
linux-libc-headers: bump to 6.4
kernel: fix localversion in v6.3+
linux-yocto: introduce 6.4 reference kernel recipes
linux-yocto/6.4: update to latest
linux-yocto/6.4: aufs6 integration
linux-yocto/6.4: refresh configuration
linux-yocto-rt/6.4: integrate -rt6
linux-yocto/6.4: update to v6.4.2
linux-yocto-tiny/6.4: fix configuration warnings (HID)
linux-yocto-tiny/arm: fix configuration warnings (HID)
linux-yocto/ppc: add elfutils-native to DEPENDS
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/6.x: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.4: update to v6.4.3
kernel: set HOSTPKG_CONFIG to use pkg-config-native
linux-yocto/6.4: fix menuconfig
Changqing Li (2):
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
Denys Dmytriyenko (1):
bitbake: runqueue: convert deferral messages from bb.note to bb.debug
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
qemu: fix typo
Fabio Estevam (3):
u-boot: Update Upstream-Status
u-boot: Upgrade to 2023.07
u-boot: Upgrade to 2023.07.02
Frederic Martinsons (1):
ptest-cargo.bbclass: fix condition to detect test executable
Joe Slater (1):
ghostscript: advance to version 10.01.2
Jose Quaresma (12):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
pybootchartgui: calcule elapsed_time when starting the loop
pybootchartgui: concatenate the elapsed time with the process
pybootchartgui: fix overlapping argument in render_processes_chart
pybootchartgui: fix width max usage in draw_label_in_box
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Khem Raj (9):
ffmpeg: Fix build on riscv
libpam: Fix examples build on musl
webkitgtk: Enable JIT on RISCV64
musl: Guard fallocate64 with _LARGEFILE64_SOURCE
alsa-lib: Disable old API symbols
mesa: Fix build with upcoming LLVM 17
meson.bbclass: Point to llvm-config from native sysroot
webkitgtk: Unbreak build on platforms using pvr graphics drivers
python3-lxml: upgrade 4.9.2 -> 4.9.3
Martin Jansa (4):
selftest: multiconfig-image-packager: try to respect IMAGE_LINK_NAME
kernel-devicetree: install dtb files without -${KERNEL_DTB_NAME} suffix
image-artifact-names: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
cpio: respect MLPREFIX for PACKAGE_WRITE_DEPS
Michael Halstead (1):
resulttool/resultutils: allow index generation despite corrupt json
Mingli Yu (1):
qemu: Add qemu-user-* and qemu-system-* to PACKAGES_DYNAMIC
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-26965
Ovidiu Panait (5):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
Peter Hoyes (5):
bitbake: bitbake: tests/fetch: Mark TestTimeout as not a test suite
bitbake: bitbake: tests/fetch: Rename assertRaisesRegexp to assertRaisesRegex
bitbake: bitbake: tests/fetch: Set git config if not already set
bitbake: bitbake: tests: Use assertLogs to test logging output
bitbake: bitbake: Bootstrap pytest for self-tests
Peter Marko (4):
cve-update-nvd2-native: fix cvssV3 metrics
gcsections: apply section removal also in C++, not only in C
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
Piotr Łobacz (1):
bitbake.conf: Add acl distro native features support
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix old override syntax in comment
Richard Purdie (14):
defaultsetup: Enable largefile and 64bit time_t support systemwide for 32 bit platforms
time64: Disable CFLAGS for strace
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Update patches/tests with upstream fixes
bitbake: fetch2/npmsw: Support old and new shrinkwrap formats
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
bitbake: server/process: Show command in timeout message
bitbake: cooker: Log when parsing starts in server log
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
oeqa/selftest/rust: Various fixes to work correctly
bitbake: runqueue: Add pressure change logging
build-appliance-image: Update to master head revision
glibc-testsuite: Fix network restrictions causing test failures
Ross Burton (26):
cve-update-db-native: remove
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
ghostscript: remove CVE_CHECK_IGNORE for CVE-2013-6629
pkgconf: update SRC_URI
libjpeg-turbo: upgrade to 3.0.0
cups: upgrade to 2.4.6
tiff: upgrade to 4.5.1
linux-yocto/cve-exclusion: move entries from cve-extra-exclusions
linux-yocto/cve-exclusion: ignore more backported CVEs
python3: fix missing comma in get_module_deps3.py
python3-jsonpointer: upgrade to 2.4
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
cml1: add showconfig task to easily find the generated .config file
rootfs_rpm: don't depend on opkg-native for update-alternatives
poky: add Debian 12 to supported distribution list
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
qemuarm: pin kernel to 6.1
libdmx: remove obsolete library
linux-yocto_6.1: ignore backported CVEs
python3: ignore CVE-2023-36632
ltp: add RDEPENDS on findutils
oeqa/ltp: rewrote LTP testcase and parser
Siddharth Doshi (2):
bind: Upgrade 9.18.15 -> 9.18.16
flac: Upgrade 1.4.2 -> 1.4.3
Soumya (1):
perl: Fix CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (1):
libssh2: disable rpath to fix curl-native build
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (10):
python3-pytest-subtests: upgrade 0.10.0 -> 0.11.0
python3-urllib3: upgrade 2.0.2 -> 2.0.3
python3-typing-extensions: upgrade 4.6.3 -> 4.7.0
python3-hypothesis: upgrade 6.79.2 -> 6.80.0
python3-pygments: upgrade 2.14.0 -> 2.15.1
python3-importlib-metadata: upgrade 6.7.0 -> 6.8.0
python3-typing-extensions: upgrade 4.7.0 -> 4.7.1
python3-cryptography{-vectors}: upgrade 41.0.1 -> 41.0.2
python3-zipp: upgrade 3.15.0 -> 3.16.2
python3-hypothesis: upgrade 6.80.0 -> 6.81.2
Trevor Gamblin (15):
python3: add cgitb, zipapp ptest dependencies
qemu: upgrade 8.0.0 -> 8.0.3
python3: parallelize ptests, add test_cppext dependencies
python3-setuptools: upgrade 67.6.1 -> 68.0.0
diffoscope: upgrade 242 -> 243
p11-kit: upgrade 0.24.1 -> 0.25.0
diffoscope: add missing RDEPENDS and alphabetize
linux-firmware: upgrade 20230515 -> 20230625
python3-trove-classifiers: upgrade 2023.5.24 -> 2023.7.6
python3-cython: upgrade 0.29.35 -> 0.29.36
icu: upgrade 72-1 -> 73-2
python3-editables: add python3-io to RDEPENDS
python3: ensure ptest regression capture
diffoscope: upgrade 243 -> 244
xeyes: upgrade 1.2.0 -> 1.3.0
Wang Mingyu (51):
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
kbd: upgrade 2.5.1 -> 2.6.0
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libmd: upgrade 1.0.4 -> 1.1.0
libsdl2: upgrade 2.26.5 -> 2.28.0
libtraceevent: upgrade 1.7.2 -> 1.7.3
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
nettle: upgrade 3.9 -> 3.9.1
nghttp2: upgrade 1.53.0 -> 1.54.0
ccache: upgrade 4.8.1 -> 4.8.2
mesa: upgrade 23.1.1 -> 23.1.3
python3-numpy: upgrade 1.24.3 -> 1.25.0
python3-typing-extensions: upgrade 4.6.2 -> 4.6.3
xorgproto: upgrade 2022.2 -> 2023.2
python3-hatchling: upgrade 1.17.0 -> 1.18.0
python3-hypothesis: upgrade 6.75.7 -> 6.79.2
python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0
python3-iso8601: upgrade 1.1.0 -> 2.0.0
python3-markupsafe: upgrade 2.1.2 -> 2.1.3
python3-pluggy: upgrade 1.0.0 -> 1.2.0
python3-pycairo: upgrade 1.23.0 -> 1.24.0
python3-pyparsing: upgrade 3.0.9 -> 3.1.0
python3-pytest: upgrade 7.3.1 -> 7.4.0
python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32
python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2
xkeyboard-config: upgrade 2.38 -> 2.39
xwayland: upgrade 23.1.1 -> 23.1.2
wayland-protocols: upgrade 1.31 -> 1.32
taglib: upgrade 1.13 -> 1.13.1
libxcrypt: upgrade 4.4.35 -> 4.4.36
msmtp: upgrade 1.8.23 -> 1.8.24
libwebp: upgrade 1.3.0 -> 1.3.1
libuv: upgrade 1.45.0 -> 1.46.0
acpica: upgrade 20230331 -> 20230628
libnss-nis: upgrade 3.1 -> 3.2
harfbuzz: upgrade 7.3.0 -> 8.0.1
libproxy: upgrade 0.5.2 -> 0.5.3
nghttp2: upgrade 1.54.0 -> 1.55.1
debianutils: upgrade 5.7 -> 5.8
glib-2.0: upgrade 2.76.3 -> 2.76.4
python3-pip: upgrade 23.1.2 -> 23.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
python3-editables: upgrade 0.3 -> 0.4
python3-git: upgrade 3.1.31 -> 3.1.32
python3-numpy: upgrade 1.25.0 -> 1.25.1
repo: upgrade 2.34.1 -> 2.35
libva: upgrade to 2.19.0
Yash Shinde (1):
oeqa/selftest: Add rust selftests
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (2):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
meta-openembedded: 2638d458a5..0e3f5e5201:
Alex Kiernan (1):
ostree: Upgrade 2023.4 -> 2023.5
Archana Polampalli (1):
tcpreplay: upgrade 4.4.3 -> 4.4.4
Beniamin Sandu (1):
mbedtls: fix builds with crypto extensions
Bruce Ashfield (1):
vboxguestdrivers: fix compilation against 6.4 kernel / headers
Carlos Rafael Giani (3):
pipewire: Disable libmysofa since it is not available in OE
pipewire: Improve packageconfigs
pipewire: Add dedicated aes67 package and fix rlimits.d package assignment
Chee Yang Lee (1):
rabbitmq-c: Fix CVE-2023-35789
Jasper Orschulko (8):
python3-pytest-cov: Add initial recipe 4.1.0
python3-covdefaults: Add initial recipe 2.3.0
python3-platformdirs: Fix recipe version 3.6.0
python3-distlib: Add initial recipe 0.3.6
python3-filelock: Add initial recipe 3.12.0
python3-virtualenv: Add initial recipe 20.23.0
python3-pyproject-api: Add initial recipe 1.5.1
python3-tox: Add initial recipe 4.6.0
Joe Slater (1):
libgpiod: modify RDEPENDS for ptest
Justin Bronder (2):
python3-asyncinotify: upgrade 3.0.1 -> 4.0.2
python3-pytest-asyncio: upgrade 0.16.0 -> 0.21.1
Kai Kang (2):
libtimezonemap: rename downloaded file name
fltk-native: fix libdl link issue
Khem Raj (33):
gupnp-av: Fix build with libxml2-2.11 and newer
xcb-util-cursor: Delete recipe
pidgin-sipe: Add packageconfig to turn Werror on/off
fbida: Fix build on musl
pcp: Update to 6.0.5
geos: Upgrade to 3.12.0
ctags: Extend to build native package
libcoap: Build linker symbol file explicitly
geos: Use cmake directly
pcp: Fix build race
sblim-sfcc: Fix build with clang17
minifi-cpp: Fix build with clang 17
python3-grpcio-tools: Upgrade to 1.56.0
python3-grpcio: Upgrade to 1.56.0
python3-grpcio: Fix build on musl
python3-grpcio-tools: Fix build with musl
thin-provisioning-tools: Upgrade to 1.0.4
thin-provisioning-tools: Fix build on musl.
pcp: Disable parallel build
crash: Fix build with glibc 2.38+
breakpad: Update to latest trunk
python3-requests-toolbelt: Fix ptest failures seen with urllib3 2.0
ptest-packagelists-meta-oe: Limit mcelog to x86/x86_64
graphviz: Upgrade to 8.1.0 release
emlog: Update to latest to fix build with 6.4 kernel
dlm: Upgrade to 4.2.0
mdio-tools: Update to latest on trunk
dlm: Fix build with linux kernel 6.4+
dlm: Do not pass -fcf-protection=full via Makefile
dlm: Do not use -fcf-protection=full on arm platforms
zfs: Update to 2.2.0 rc1
zfs: Disable builds on aarch64 for now
dhcp-relay: Pass cross configure flags to bind build
Luke Schaefer (1):
nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>
Marek Vasut (4):
lvgl: Factor out and unify lv-drivers configuration
lvgl: Add default input device configuration option
linux-serial-test: Update to latest git revision
libiio: enable c++ bindings
Markus Volk (10):
pipewire: upgrade 0.3.71 -> 0.3.72
pipewire: upgrade 0.3.72 -> 0.3.73
gnome-software: upgrade 44.2 -> 44.3
eog: upgrade 44.2 -> 44.3
spdlog: upgrade 1.11.0 -> 1.12.0
flatpak: update dependencies
gnome-control-center: upgrade 44.2 -> 44.3
gnome-shell: upgrade 44.2 -> 44.3
mutter: upgrade 44.2 -> 44.3
gnome-settings-daemon: upgrade 44.0 -> 44.1
Martin Jansa (4):
nodejs: use PIE for host binaries
gupnp: backport a fix not to use deprecated xmlReadMemory
pidgin-sipe: allow to build with libxml2-2.11
raptor2: backport a fix to build with libxml2-2.11
Michael Haener (1):
nginx: upgrade to 1.24.0 release
Michael Weiß (1):
pv: Show progress bar even if no terminal is set as in 1.6.6
Mingli Yu (1):
snort: Add systemd unit file
Peter Kjellerstedt (1):
cppzmq: Move the version to the recipe file name
Petr Gotthard (2):
python3-pyroute2: upgrade 0.5.19 -> 0.7.9
networkmanager: upgrade 1.42.6 -> 1.42.8
Ricardo Salveti (1):
lshw: bump to b4e0673
Ross Burton (5):
poppler: fix missing include
libpaper: remove redundant autoreconf --install
liblbxutil: remove obsolete library
xsetmode: remove obsolete utility
libxkbui: remove obsolete recipe
Tim Orling (1):
python3-argh: upgrade 0.26.2 -> 0.28.1
Trevor Gamblin (9):
python3-alembic: upgrade 1.10.4 -> 1.11.1
python3-sqlalchemy: upgrade 2.0.15 -> 2.0.19
python3-argcomplete: upgrade 3.1.0 -> 3.1.1
python3-arpeggio: upgrade 2.0.0 -> 2.0.2
python3-astroid: upgrade 2.15.5 -> 2.15.6
python3-autobahn: upgrade 23.6.1 -> 23.6.2
python3-bandit: upgrade 1.7.4 -> 1.7.5
python3-bandit: add python3-rich to RDEPENDS
python3-bitarray: upgrade 2.7.3 -> 2.7.6
Wang Mingyu (44):
cppzmq: upgrade 4.9.0 -> 4.10.0
iwd: upgrade 2.5 -> 2.6
libburn: upgrade 1.5.4 -> 1.5.6
libzip: upgrade 1.9.2 -> 1.10.0
openfortivpn: upgrade 1.20.3 -> 1.20.5
psqlodbc: upgrade 13.02.0000 -> 15.00.0000
python3-aenum: upgrade 3.1.12 -> 3.1.14
python3-can: upgrade 4.2.1 -> 4.2.2
python3-google-api-python-client: upgrade 2.89.0 -> 2.90.0
python3-h5py: upgrade 3.8.0 -> 3.9.0
python3-natsort: upgrade 8.3.1 -> 8.4.0
python3-pymodbus: upgrade 3.3.1 -> 3.3.2
python3-pymongo: upgrade 4.3.3 -> 4.4.0
python3-pyscaffold: upgrade 4.4.1 -> 4.5
python3-pyzstd: upgrade 0.15.7 -> 0.15.9
python3-requests-futures: upgrade 1.0.0 -> 1.0.1
python3-sentry-sdk: upgrade 1.25.1 -> 1.26.0
python3-zeroconf: upgrade 0.68.0 -> 0.69.0
weechat: upgrade 3.8 -> 4.0.0
python3-platformdirs: upgrade 3.6.0 -> 3.8.0
renderdoc: upgrade 1.13 -> 1.27
gegl: upgrade 0.4.44 -> 0.4.46
gvfs: upgrade 1.50.4 -> 1.51.1
weechat: upgrade 4.0.0 -> 4.0.1
avro-c: upgrade 1.11.1 -> 1.11.2
glfw: upgrade 3.3 -> 3.3.8
hwloc: upgrade 2.9.1 -> 2.9.2
minicoredumper: upgrade 2.0.3 -> 2.0.6
thingsboard-gateway: upgrade 3.2 -> 3.3
xterm: upgrade 382 -> 383
passwdqc: upgrade 2.0.2 -> 2.0.3
python3-aenum: upgrade 3.1.14 -> 3.1.15
python3-configargparse : upgrade 1.5.3 -> 1.5.5
python3-elementpath: upgrade 4.1.3 -> 4.1.4
python3-google-api-python-client: upgrade 2.90.0 -> 2.92.0
python3-google-auth: upgrade 2.20.0 -> 2.21.0
python3-joblib: upgrade 1.2.0 -> 1.3.1
python3-pillow: upgrade 9.5.0 -> 10.0.0
python3-redis: upgrade 4.5.5 -> 4.6.0
python3-tox: upgrade 4.6.0 -> 4.6.3
python3-virtualenv: upgrade 20.23.0 -> 20.23.1
python3-zeroconf: upgrade 0.69.0 -> 0.70.0
libyang: Fix install conflict when enable multilib.
php: Fix install conflict when enable multilib.
Wolfgang Meyer (4):
fbida: Switch to git fetcher
fbida: build with meson
fbida: SRC_REV bump ac9005b..eb769e3
fbida: make fbpdf build optional
Yi Zhao (6):
conntrack-tools: add systemd unit file
conntrack-tools: add required kernel modules to RRECOMMENDS
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
samba: upgrade 4.18.3 -> 4.18.4
Zoltán Böszörményi (1):
opencv: 4.8.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I48c2ba4573ee81b637b1ba890c312f491004f666
Diffstat (limited to 'poky/meta/recipes-core')
29 files changed, 143 insertions, 892 deletions
diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb index 25da988f50..ba38169f05 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb @@ -23,8 +23,8 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa" # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 -# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. -CVE_CHECK_IGNORE += "CVE-2016-2781" +# +CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue." EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname" diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb index 4327a13345..64a3c6d80c 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb @@ -19,7 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ " SRC_URI:append:class-native = " file://relocate-modules.patch" -SRC_URI[sha256sum] = "c0be444e403d7c3184d1f394f89f0b644710b5e9331b54fa4e8b5037813ad32a" +SRC_URI[sha256sum] = "5a5a191c96836e166a7771f7ea6ca2b0069c603c7da3cba1cd38d1694a395dda" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 75c031e8cd..8e7290cdbb 100644 --- a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb +++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SECTION = "libs" DEPENDS = "glib-2.0-native glib-2.0" -SRC_URI[archive.sha256sum] = "149a05a179e629a538be25662aa324b499d7c4549c5151db5373e780a1bf1b9a" +SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b" PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb index e8ad2a938b..2e076f4b0f 100644 --- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb +++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb @@ -16,6 +16,7 @@ TOOLCHAIN_TEST_HOST_USER ??= "root" TOOLCHAIN_TEST_HOST_PORT ??= "2222" do_check[nostamp] = "1" +do_check[network] = "1" do_check:append () { chmod 0755 ${WORKDIR}/check-test-wrapper diff --git a/poky/meta/recipes-core/glibc/glibc_2.37.bb b/poky/meta/recipes-core/glibc/glibc_2.37.bb index 3387441cad..851aa612b1 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.37.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.37.bb @@ -4,18 +4,19 @@ require glibc-version.inc # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 -# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. -# "this is being treated as a non-security bug and no real threat." -CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" +CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" +CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" +CVE_STATUS_RECIPE[status] = "disputed: \ +Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \ +this is being treated as a non-security bug and no real threat." # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 -# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow -# easier access for another. "ASLR bypass itself is not a vulnerability." # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 -CVE_CHECK_IGNORE += "CVE-2019-1010025" +CVE_STATUS[CVE-2019-1010025] = "disputed: \ +Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ +easier access for another. 'ASLR bypass itself is not a vulnerability.'" -# This is integrated into the 2.37 branch as of 07b9521fc6 -CVE_CHECK_IGNORE += "CVE-2023-25139" +CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6" DEPENDS += "gperf-native bison-native" diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb index 5dbd6193b8..16425ea9e4 100644 --- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb +++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb @@ -42,6 +42,11 @@ do_install () { install -m 0644 ifup.8 ${D}${mandir}/man8 install -m 0644 interfaces.5 ${D}${mandir}/man5 cd ${D}${mandir}/man8 && ln -s ifup.8 ifdown.8 + + install -d ${D}${sysconfdir}/network/if-pre-up.d + install -d ${D}${sysconfdir}/network/if-up.d + install -d ${D}${sysconfdir}/network/if-down.d + install -d ${D}${sysconfdir}/network/if-post-down.d } do_install_ptest () { diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 05148aca61..4ece229379 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "581edf20120cd383e8dea0693239629e7547bb7e" +SRCREV ?= "679b7b6700ec1355a5b15a51c90a7ee339bee97c" SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ @@ -133,9 +133,9 @@ create_bundle_files () { cd ${WORKDIR} mkdir -p Yocto_Build_Appliance cp *.vmx* Yocto_Build_Appliance - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd zip -r ${IMGDEPLOYDIR}/Yocto_Build_Appliance-${DATETIME}.zip Yocto_Build_Appliance ln -sf Yocto_Build_Appliance-${DATETIME}.zip ${IMGDEPLOYDIR}/Yocto_Build_Appliance.zip } diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb index 90c26641ba..74cf933b72 100644 --- a/poky/meta/recipes-core/images/core-image-ptest.bb +++ b/poky/meta/recipes-core/images/core-image-ptest.bb @@ -19,12 +19,14 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()] # strace-ptest in particular needs more than 500MB IMAGE_OVERHEAD_FACTOR = "1.0" IMAGE_ROOTFS_EXTRA_SPACE = "324288" +IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288" # ptests need more memory than standard to avoid the OOM killer QB_MEM = "-m 1024" QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096" +QB_MEM:virtclass-mcextend-python3 = "-m 2048" QB_MEM:virtclass-mcextend-python3-cryptography = "-m 4096" TEST_SUITES = "ping ssh parselogs ptest" diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb index 7662b8f685..9a3e0a7476 100644 --- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb +++ b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb @@ -16,7 +16,7 @@ RCONFLICTS:${PN} = "console-tools" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \ " -SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683" +SRC_URI[sha256sum] = "9c159433db5df8ef31d86b42f5b09d32311bdda2ed35107fb1926243da60b28a" EXTRA_OECONF = "--disable-tests" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb index ec9f9f4fa3..ec9f9f4fa3 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index 4d145cf3cc..ba93d91aef 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -10,19 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \ inherit autotools pkgconfig SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" -SRCREV = "e80cfde51bb4fe4bcf27585810e0b4ea3d1e4d7d" +SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf" SRCBRANCH ?= "master" SRC_URI += "file://fix_cflags_handling.patch" PROVIDES = "virtual/crypt" -FILES:${PN} = "${libdir}/libcrypt*.so.* \ - ${libdir}/libcrypt-*.so \ - ${libdir}/libowcrypt*.so.* \ - ${libdir}/libowcrypt-*.so \ -" - S = "${WORKDIR}/git" BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}" diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb index 79dba2f6dc..79dba2f6dc 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb diff --git a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch b/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch deleted file mode 100644 index 80678efcfe..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch +++ /dev/null @@ -1,222 +0,0 @@ -Backport the following patches to fix the reader2 and runsuite test cases: - -b92768cd tests: Enable "runsuite" test -0ac8c15e python/tests/reader2: use absolute paths everywhere -b9ba5e1d python/tests/reader2: always exit(1) if a test fails - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/python/tests/reader2.py b/python/tests/reader2.py -index 65cecd47..6e6353b4 100755 ---- a/python/tests/reader2.py -+++ b/python/tests/reader2.py -@@ -6,7 +6,6 @@ - import sys - import glob - import os --import string - import libxml2 - try: - import StringIO -@@ -20,103 +19,104 @@ libxml2.debugMemory(1) - - err = "" - basedir = os.path.dirname(os.path.realpath(__file__)) --dir_prefix = os.path.join(basedir, "../../test/valid/") -+dir_prefix = os.path.realpath(os.path.join(basedir, "..", "..", "test", "valid")) -+ - # This dictionary reflects the contents of the files - # ../../test/valid/*.xml.err that are not empty, except that - # the file paths in the messages start with ../../test/ - - expect = { - '766956': --"""../../test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+"""{0}/dtds/766956.dtd:2: parser error : PEReference: expecting ';' - %ä%ent; - ^ --../../test/valid/dtds/766956.dtd:2: parser error : Content error in the external subset -+{0}/dtds/766956.dtd:2: parser error : Content error in the external subset - %ä%ent; - ^ - Entity: line 1: - value - ^ --""", -+""".format(dir_prefix), - '781333': --"""../../test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+"""{0}/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got - <a/> - ^ --../../test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+{0}/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child - - ^ --""", -+""".format(dir_prefix), - 'cond_sect2': --"""../../test/valid/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity -+"""{0}/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity - %ent; - ^ - Entity: line 1: - ]]> - ^ --../../test/valid/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset -+{0}/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset - - ^ --""", -+""".format(dir_prefix), - 'rss': --"""../../test/valid/rss.xml:177: element rss: validity error : Element rss does not carry attribute version -+"""{0}/rss.xml:177: element rss: validity error : Element rss does not carry attribute version - </rss> - ^ --""", -+""".format(dir_prefix), - 't8': --"""../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+"""{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT root (middle) > - ^ --../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT middle (test) > - ^ --../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT test (#PCDATA) > - ^ --""", -+""".format(dir_prefix), - 't8a': --"""../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+"""{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT root (middle) > - ^ --../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT middle (test) > - ^ --../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT test (#PCDATA) > - ^ --""", -+""".format(dir_prefix), - 'xlink': --"""../../test/valid/xlink.xml:450: element termdef: validity error : ID dt-arc already defined -+"""{0}/xlink.xml:450: element termdef: validity error : ID dt-arc already defined - <p><termdef id="dt-arc" term="Arc">An <ter - ^ - validity error : attribute def line 199 references an unknown ID "dt-xlg" --""", -+""".format(dir_prefix), - } - - # Add prefix_dir and extension to the keys --expect = {"{}{}.xml".format(dir_prefix, key): val for key, val in expect.items()} -+expect = {os.path.join(dir_prefix, key + ".xml"): val for key, val in expect.items()} - - def callback(ctx, str): - global err -@@ -124,11 +124,12 @@ def callback(ctx, str): - libxml2.registerErrorHandler(callback, "") - - parsing_error_files = ["766956", "cond_sect2", "t8", "t8a"] --expect_parsing_error = ["{}{}.xml".format(dir_prefix, f) for f in parsing_error_files] -+expect_parsing_error = [os.path.join(dir_prefix, f + ".xml") for f in parsing_error_files] - --valid_files = glob.glob(dir_prefix + "*.x*") -+valid_files = glob.glob(os.path.join(dir_prefix, "*.x*")) - assert valid_files, "found no valid files in '{}'".format(dir_prefix) - valid_files.sort() -+failures = 0 - for file in valid_files: - err = "" - reader = libxml2.newTextReaderFilename(file) -@@ -142,9 +143,15 @@ for file in valid_files: - #sys.exit(1) - if (err): - if not(file in expect and err == expect[file]): -+ failures += 1 - print("Error: ", err) - if file in expect: - print("Expected: ", expect[file]) -+ -+if failures: -+ print("Failed %d tests" % failures) -+ sys.exit(1) -+ - # - # another separate test based on Stephane Bidoul one - # -@@ -337,9 +344,11 @@ while reader.Read() == 1: - if res != expect: - print("test5 failed: unexpected output") - print(res) -+ sys.exit(1) - if err != "": - print("test5 failed: validation error found") - print(err) -+ sys.exit(1) - - # - # cleanup -diff --git a/runsuite.c b/runsuite.c -index 483490a2..a522d24b 100644 ---- a/runsuite.c -+++ b/runsuite.c -@@ -1054,13 +1054,18 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { - old_tests = nb_tests; - old_leaks = nb_leaks; - xsdTest(); -- if ((nb_errors == old_errors) && (nb_leaks == old_leaks)) -- printf("Ran %d tests, no errors\n", nb_tests - old_tests); -- else -- printf("Ran %d tests, %d errors, %d leaks\n", -- nb_tests - old_tests, -- nb_errors - old_errors, -- nb_leaks - old_leaks); -+ printf("Ran %d tests, %d errors, %d leaks\n", -+ nb_tests - old_tests, -+ nb_errors - old_errors, -+ nb_leaks - old_leaks); -+ if (nb_errors - old_errors == 10) { -+ printf("10 errors were expected\n"); -+ nb_errors = old_errors; -+ } else { -+ printf("10 errors were expected, got %d errors\n", -+ nb_errors - old_errors); -+ nb_errors = old_errors + 1; -+ } - old_errors = nb_errors; - old_tests = nb_tests; - old_leaks = nb_leaks; diff --git a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch index b770afbeb4..14ccce5873 100644 --- a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch +++ b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch @@ -1,19 +1,19 @@ +From 3fc716357ce1372d9418dc86f24315b34d9808de Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Mon, 5 Dec 2022 17:02:32 +0000 +Subject: [PATCH] add yocto-specific install-ptest target + Add a target to install the test suite. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> -From c7809dc6947324ea506a0c2bf132ecd37156f211 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Mon, 5 Dec 2022 17:02:32 +0000 -Subject: [PATCH] add yocto-specific install-ptest target - --- Makefile.am | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 316109b1..15e100be 100644 +index 5bc4018..57d27af 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,6 +26,16 @@ check_PROGRAMS = \ @@ -32,7 +32,4 @@ index 316109b1..15e100be 100644 + bin_PROGRAMS = xmllint xmlcatalog - nodist_bin_SCRIPTS = xml2-config --- -2.34.1 - + bin_SCRIPTS = xml2-config diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch deleted file mode 100644 index fd8e469dd3..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 11 May 2019 20:26:51 +0800 -Subject: [PATCH] libxml 64bit - -Upstream-Status: Backport [from debian: bugs.debian.org/439843] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - libxml.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libxml.h b/libxml.h -index 64e30f7..4e80d90 100644 ---- a/libxml.h -+++ b/libxml.h -@@ -15,6 +15,9 @@ - #ifndef _LARGEFILE_SOURCE - #define _LARGEFILE_SOURCE - #endif -+#ifndef _LARGEFILE64_SOURCE -+#define _LARGEFILE64_SOURCE -+#endif - #ifndef _FILE_OFFSET_BITS - #define _FILE_OFFSET_BITS 64 - #endif --- -2.7.4 - diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch deleted file mode 100644 index 639c80bd6c..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ /dev/null @@ -1,212 +0,0 @@ -Change the AM_PATH_XML2 macros to use pkg-config instead of xml2-config. - -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d598d8af0913b6e3d4e61ffa62397a275b669dca] -Signed-off-by: Ross Burton <ross.burton@arm.com> - - libxml.m4 | 189 ++---------------------------------------------------- - 1 file changed, 5 insertions(+), 184 deletions(-) - -diff --git a/libxml.m4 b/libxml.m4 -index fc7790c..1c53585 100644 ---- a/libxml.m4 -+++ b/libxml.m4 -@@ -1,191 +1,12 @@ --# Configure paths for LIBXML2 --# Simon Josefsson 2020-02-12 --# Fix autoconf 2.70+ warnings --# Mike Hommey 2004-06-19 --# use CPPFLAGS instead of CFLAGS --# Toshio Kuratomi 2001-04-21 --# Adapted from: --# Configure paths for GLIB --# Owen Taylor 97-11-3 -- - dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) - dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS - dnl --AC_DEFUN([AM_PATH_XML2],[ --AC_ARG_WITH(xml-prefix, -- [ --with-xml-prefix=PFX Prefix where libxml is installed (optional)], -- xml_config_prefix="$withval", xml_config_prefix="") --AC_ARG_WITH(xml-exec-prefix, -- [ --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)], -- xml_config_exec_prefix="$withval", xml_config_exec_prefix="") --AC_ARG_ENABLE(xmltest, -- [ --disable-xmltest Do not try to compile and run a test LIBXML program],, -- enable_xmltest=yes) -- -- if test x$xml_config_exec_prefix != x ; then -- xml_config_args="$xml_config_args" -- if test x${XML2_CONFIG+set} != xset ; then -- XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config -- fi -- fi -- if test x$xml_config_prefix != x ; then -- xml_config_args="$xml_config_args --prefix=$xml_config_prefix" -- if test x${XML2_CONFIG+set} != xset ; then -- XML2_CONFIG=$xml_config_prefix/bin/xml2-config -- fi -- fi -- -- AC_PATH_PROG(XML2_CONFIG, xml2-config, no) -- min_xml_version=ifelse([$1], ,2.0.0,[$1]) -- AC_MSG_CHECKING(for libxml - version >= $min_xml_version) -- no_xml="" -- if test "$XML2_CONFIG" = "no" ; then -- no_xml=yes -- else -- XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags` -- XML_LIBS=`$XML2_CONFIG $xml_config_args --libs` -- xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'` -- xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'` -- xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'` -- if test "x$enable_xmltest" = "xyes" ; then -- ac_save_CPPFLAGS="$CPPFLAGS" -- ac_save_LIBS="$LIBS" -- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" -- LIBS="$XML_LIBS $LIBS" --dnl --dnl Now check if the installed libxml is sufficiently new. --dnl (Also sanity checks the results of xml2-config to some extent) --dnl -- rm -f conf.xmltest -- AC_RUN_IFELSE( -- [AC_LANG_SOURCE([[ --#include <stdlib.h> --#include <stdio.h> --#include <string.h> --#include <libxml/xmlversion.h> -- --int --main() --{ -- int xml_major_version, xml_minor_version, xml_micro_version; -- int major, minor, micro; -- char *tmp_version; -- -- system("touch conf.xmltest"); -- -- /* Capture xml2-config output via autoconf/configure variables */ -- /* HP/UX 9 (%@#!) writes to sscanf strings */ -- tmp_version = (char *)strdup("$min_xml_version"); -- if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { -- printf("%s, bad version string from xml2-config\n", "$min_xml_version"); -- exit(1); -- } -- free(tmp_version); -- -- /* Capture the version information from the header files */ -- tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION); -- if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) { -- printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION"); -- exit(1); -- } -- free(tmp_version); -- -- /* Compare xml2-config output to the libxml headers */ -- if ((xml_major_version != $xml_config_major_version) || -- (xml_minor_version != $xml_config_minor_version) || -- (xml_micro_version != $xml_config_micro_version)) -- { -- printf("*** libxml header files (version %d.%d.%d) do not match\n", -- xml_major_version, xml_minor_version, xml_micro_version); -- printf("*** xml2-config (version %d.%d.%d)\n", -- $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version); -- return 1; -- } --/* Compare the headers to the library to make sure we match */ -- /* Less than ideal -- doesn't provide us with return value feedback, -- * only exits if there's a serious mismatch between header and library. -- */ -- LIBXML_TEST_VERSION; -- -- /* Test that the library is greater than our minimum version */ -- if ((xml_major_version > major) || -- ((xml_major_version == major) && (xml_minor_version > minor)) || -- ((xml_major_version == major) && (xml_minor_version == minor) && -- (xml_micro_version >= micro))) -- { -- return 0; -- } -- else -- { -- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n", -- xml_major_version, xml_minor_version, xml_micro_version); -- printf("*** You need a version of libxml newer than %d.%d.%d.\n", -- major, minor, micro); -- printf("***\n"); -- printf("*** If you have already installed a sufficiently new version, this error\n"); -- printf("*** probably means that the wrong copy of the xml2-config shell script is\n"); -- printf("*** being found. The easiest way to fix this is to remove the old version\n"); -- printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n"); -- printf("*** correct copy of xml2-config. (In this case, you will have to\n"); -- printf("*** modify your LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf\n"); -- printf("*** so that the correct libraries are found at run-time))\n"); -- } -- return 1; --} --]])],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) -- CPPFLAGS="$ac_save_CPPFLAGS" -- LIBS="$ac_save_LIBS" -- fi -- fi -+AC_DEFUN([AM_PATH_XML2],[ -+ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) - -- if test "x$no_xml" = x ; then -- AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version)) -- ifelse([$2], , :, [$2]) -- else -- AC_MSG_RESULT(no) -- if test "$XML2_CONFIG" = "no" ; then -- echo "*** The xml2-config script installed by LIBXML could not be found" -- echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in" -- echo "*** your path, or set the XML2_CONFIG environment variable to the" -- echo "*** full path to xml2-config." -- else -- if test -f conf.xmltest ; then -- : -- else -- echo "*** Could not run libxml test program, checking why..." -- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" -- LIBS="$LIBS $XML_LIBS" -- AC_LINK_IFELSE( -- [AC_LANG_PROGRAM([[ --#include <libxml/xmlversion.h> --#include <stdio.h> --]], [[ LIBXML_TEST_VERSION; return 0;]])], -- [ echo "*** The test program compiled, but did not run. This usually means" -- echo "*** that the run-time linker is not finding LIBXML or finding the wrong" -- echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your" -- echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" -- echo "*** to the installed location Also, make sure you have run ldconfig if that" -- echo "*** is required on your system" -- echo "***" -- echo "*** If you have an old version installed, it is best to remove it, although" -- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], -- [ echo "*** The test program failed to compile or link. See the file config.log for the" -- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" -- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" -- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) -- CPPFLAGS="$ac_save_CPPFLAGS" -- LIBS="$ac_save_LIBS" -- fi -- fi -+ verdep=ifelse([$1], [], [], [">= $1"]) -+ PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3]) - -- XML_CPPFLAGS="" -- XML_LIBS="" -- ifelse([$3], , :, [$3]) -- fi -+ XML_CPPFLAGS=$XML_CFLAGS - AC_SUBST(XML_CPPFLAGS) -- AC_SUBST(XML_LIBS) -- rm -f conf.xmltest - ]) --- -2.34.1 - diff --git a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb index 4f3b17093e..cbf20504f8 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb @@ -15,21 +15,14 @@ inherit gnomebase SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \ file://run-ptest \ - file://libxml-64bit.patch \ - file://fix-tests.patch \ file://install-tests.patch \ - file://libxml-m4-use-pkgconfig.patch \ " -SRC_URI[archive.sha256sum] = "ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45" +SRC_URI[archive.sha256sum] = "737e1d7f8ab3f139729ca13a2494fd17bf30ddb4b7a427cf336252cab57f57f7" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" BINCONFIG = "${bindir}/xml2-config" -# Fixed since 2.9.11 via -# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f -CVE_CHECK_IGNORE += "CVE-2016-3709" - PACKAGECONFIG ??= "python \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb deleted file mode 100644 index 079f062f79..0000000000 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ /dev/null @@ -1,288 +0,0 @@ -SUMMARY = "Updates the NVD CVE database" -LICENSE = "MIT" - -INHIBIT_DEFAULT_DEPS = "1" - -inherit native - -deltask do_unpack -deltask do_patch -deltask do_configure -deltask do_compile -deltask do_install -deltask do_populate_sysroot - -NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" -# CVE database update interval, in seconds. By default: once a day (24*60*60). -# Use 0 to force the update -# Use a negative value to skip the update -CVE_DB_UPDATE_INTERVAL ?= "86400" - -# Timeout for blocking socket operations, such as the connection attempt. -CVE_SOCKET_TIMEOUT ?= "60" - -CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" - -python () { - if not bb.data.inherits_class("cve-check", d): - raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") -} - -python do_fetch() { - """ - Update NVD database with json data feed - """ - import bb.utils - import bb.progress - import shutil - - bb.utils.export_proxies(d) - - db_file = d.getVar("CVE_CHECK_DB_FILE") - db_dir = os.path.dirname(db_file) - db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") - - cleanup_db_download(db_file, db_tmp_file) - - # The NVD database changes once a day, so no need to update more frequently - # Allow the user to force-update - try: - import time - update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if update_interval < 0: - bb.note("CVE database update skipped") - return - if time.time() - os.path.getmtime(db_file) < update_interval: - bb.debug(2, "Recently updated, skipping") - return - - except OSError: - pass - - bb.utils.mkdirhier(db_dir) - if os.path.exists(db_file): - shutil.copy2(db_file, db_tmp_file) - - if update_db_file(db_tmp_file, d) == True: - # Update downloaded correctly, can swap files - shutil.move(db_tmp_file, db_file) - else: - # Update failed, do not modify the database - bb.note("CVE database update failed") - os.remove(db_tmp_file) -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" - -def cleanup_db_download(db_file, db_tmp_file): - """ - Cleanup the download space from possible failed downloads - """ - - # Clean up the updates done on the main file - # Remove it only if a journal file exists - it means a complete re-download - if os.path.exists("{0}-journal".format(db_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_file)) - - if os.path.exists(db_file): - os.remove(db_file) - - # Clean-up the temporary file downloads, we can remove both journal - # and the temporary database - if os.path.exists("{0}-journal".format(db_tmp_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_tmp_file)) - - if os.path.exists(db_tmp_file): - os.remove(db_tmp_file) - -def update_db_file(db_tmp_file, d): - """ - Update the given database file - """ - import bb.utils, bb.progress - from datetime import date - import urllib, gzip, sqlite3 - - YEAR_START = 2002 - cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - - # Connect to database - conn = sqlite3.connect(db_tmp_file) - initialize_db(conn) - - with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: - total_years = date.today().year + 1 - YEAR_START - for i, year in enumerate(range(YEAR_START, date.today().year + 1)): - bb.debug(2, "Updating %d" % year) - ph.update((float(i + 1) / total_years) * 100) - year_url = (d.getVar('NVDCVE_URL')) + str(year) - meta_url = year_url + ".meta" - json_url = year_url + ".json.gz" - - # Retrieve meta last modified date - try: - response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) - except urllib.error.URLError as e: - cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) - return False - - if response: - for l in response.read().decode("utf-8").splitlines(): - key, value = l.split(":", 1) - if key == "lastModifiedDate": - last_modified = value - break - else: - bb.warn("Cannot parse CVE metadata, update failed") - return False - - # Compare with current db last modified date - cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) - meta = cursor.fetchone() - cursor.close() - - if not meta or meta[0] != last_modified: - bb.debug(2, "Updating entries") - # Clear products table entries corresponding to current year - conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() - - # Update db with current year json file - try: - response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) - if response: - update_db(conn, gzip.decompress(response.read()).decode('utf-8')) - conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() - except urllib.error.URLError as e: - cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') - bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) - return False - else: - bb.debug(2, "Already up to date (last modified %s)" % last_modified) - # Update success, set the date to cve_check file. - if year == date.today().year: - cve_f.write('CVE database update : %s\n\n' % date.today()) - - conn.commit() - conn.close() - return True - -def initialize_db(conn): - with conn: - c = conn.cursor() - - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - - c.close() - -def parse_node_and_insert(conn, node, cveId): - # Parse children node if needed - for child in node.get('children', ()): - parse_node_and_insert(conn, child, cveId) - - def cpe_generator(): - for cpe in node.get('cpe_match', ()): - if not cpe['vulnerable']: - return - cpe23 = cpe.get('cpe23Uri') - if not cpe23: - return - cpe23 = cpe23.split(':') - if len(cpe23) < 6: - return - vendor = cpe23[3] - product = cpe23[4] - version = cpe23[5] - - if cpe23[6] == '*' or cpe23[6] == '-': - version_suffix = "" - else: - version_suffix = "_" + cpe23[6] - - if version != '*' and version != '-': - # Version is defined, this is a '=' match - yield [cveId, vendor, product, version + version_suffix, '=', '', ''] - elif version == '-': - # no version information is available - yield [cveId, vendor, product, version, '', '', ''] - else: - # Parse start version, end version and operators - op_start = '' - op_end = '' - v_start = '' - v_end = '' - - if 'versionStartIncluding' in cpe: - op_start = '>=' - v_start = cpe['versionStartIncluding'] - - if 'versionStartExcluding' in cpe: - op_start = '>' - v_start = cpe['versionStartExcluding'] - - if 'versionEndIncluding' in cpe: - op_end = '<=' - v_end = cpe['versionEndIncluding'] - - if 'versionEndExcluding' in cpe: - op_end = '<' - v_end = cpe['versionEndExcluding'] - - if op_start or op_end or v_start or v_end: - yield [cveId, vendor, product, v_start, op_start, v_end, op_end] - else: - # This is no version information, expressed differently. - # Save processing by representing as -. - yield [cveId, vendor, product, '-', '', '', ''] - - conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() - -def update_db(conn, jsondata): - import json - root = json.loads(jsondata) - - for elt in root['CVE_Items']: - if not elt['impact']: - continue - - accessVector = None - cveId = elt['cve']['CVE_data_meta']['ID'] - cveDesc = elt['cve']['description']['description_data'][0]['value'] - date = elt['lastModifiedDate'] - try: - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - except KeyError: - cvssv2 = 0.0 - try: - accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except KeyError: - accessVector = accessVector or "UNKNOWN" - cvssv3 = 0.0 - - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() - - configurations = elt['configurations']['nodes'] - for config in configurations: - parse_node_and_insert(conn, config, cveId) - - -do_fetch[nostamp] = "1" - -EXCLUDE_FROM_WORLD = "1" diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb index 2b585983ac..2f7dad7e82 100644 --- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -17,6 +17,10 @@ deltask do_populate_sysroot NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" +# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key) +# then setting this to get higher rate limits. +NVDCVE_API_KEY ?= "" + # CVE database update interval, in seconds. By default: once a day (24*60*60). # Use 0 to force the update # Use a negative value to skip the update @@ -119,18 +123,16 @@ def nvd_request_next(url, api_key, args): import urllib.parse import gzip import http + import time - headers = {} + request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args)) if api_key: - headers['apiKey'] = api_key - - data = urllib.parse.urlencode(args) - - full_request = url + '?' + data + request.add_header("apiKey", api_key) + bb.note("Requesting %s" % request.full_url) - for attempt in range(3): + for attempt in range(5): try: - r = urllib.request.urlopen(full_request) + r = urllib.request.urlopen(request) if (r.headers['content-encoding'] == 'gzip'): buf = r.read() @@ -140,13 +142,9 @@ def nvd_request_next(url, api_key, args): r.close() - except UnicodeDecodeError: - # Received garbage, retry - bb.debug(2, "CVE database: received malformed data, retrying (request: %s)" %(full_request)) - pass - except http.client.IncompleteRead: - # Read incomplete, let's try again - bb.debug(2, "CVE database: received incomplete data, retrying (request: %s)" %(full_request)) + except Exception as e: + bb.note("CVE database: received error (%s), retrying" % (e)) + time.sleep(6) pass else: return raw_data @@ -172,11 +170,11 @@ def update_db_file(db_tmp_file, d, database_time): # The maximum range for time is 120 days # Force a complete update if our range is longer if (database_time != 0): - database_date = datetime.datetime.combine(datetime.date.fromtimestamp(database_time), datetime.time()) - today_date = datetime.datetime.combine(datetime.date.today(), datetime.time()) + database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) + today_date = datetime.datetime.now(tz=datetime.timezone.utc) delta = today_date - database_date if delta.days < 120: - bb.debug(2, "CVE database: performing partial update") + bb.note("CVE database: performing partial update") req_args['lastModStartDate'] = database_date.isoformat() req_args['lastModEndDate'] = today_date.isoformat() else: @@ -184,12 +182,14 @@ def update_db_file(db_tmp_file, d, database_time): with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: - bb.debug(2, "Updating entries") + bb.note("Updating entries") index = 0 url = d.getVar("NVDCVE_URL") + api_key = d.getVar("NVDCVE_API_KEY") or None + while True: req_args['startIndex'] = index - raw_data = nvd_request_next(url, None, req_args) + raw_data = nvd_request_next(url, api_key, req_args) if raw_data is None: # We haven't managed to download data return False @@ -199,7 +199,7 @@ def update_db_file(db_tmp_file, d, database_time): index = data["startIndex"] total = data["totalResults"] per_page = data["resultsPerPage"] - + bb.note("Got %d entries" % per_page) for cve in data["vulnerabilities"]: update_db(conn, cve) @@ -312,22 +312,30 @@ def update_db(conn, elt): cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] except KeyError: cvssv2 = 0.0 + cvssv3 = None try: - accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] + accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] + cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] except KeyError: - accessVector = accessVector or "UNKNOWN" - cvssv3 = 0.0 + pass + try: + accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] + cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] + except KeyError: + pass + accessVector = accessVector or "UNKNOWN" + cvssv3 = cvssv3 or 0.0 conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() try: - configurations = elt['cve']['configurations'][0]['nodes'] - for config in configurations: - parse_node_and_insert(conn, config, cveId) + for config in elt['cve']['configurations']: + # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing + for node in config["nodes"]: + parse_node_and_insert(conn, node, cveId) except KeyError: - bb.debug(2, "Entry without a configuration") + bb.note("CVE %s has no configurations" % cveId) do_fetch[nostamp] = "1" diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb index 7c8434f23f..b4c2b1f898 100644 --- a/poky/meta/recipes-core/musl/musl_git.bb +++ b/poky/meta/recipes-core/musl/musl_git.bb @@ -4,7 +4,7 @@ require musl.inc inherit linuxloader -SRCREV = "f5f55d6589940fd2c2188d76686efe3a530e64e0" +SRCREV = "718f363bc2067b6487900eddc9180c84e7739f80" BASEVER = "1.2.4" diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 0c3df4fc44..490d9e8046 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -1,7 +1,7 @@ -From 1125f5a02c2f327aeffe2d6b66a9d816ad2eeec0 Mon Sep 17 00:00:00 2001 +From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Thu, 9 Jun 2016 02:23:01 -0700 -Subject: [PATCH 1/6] ovmf: update path to native BaseTools +Subject: [PATCH 1/4] ovmf: update path to native BaseTools BaseTools is a set of utilities to build EDK-based firmware. These utilities are used during the build process. Thus, they need to be built natively. @@ -16,7 +16,7 @@ Upstream-Status: Inappropriate [oe-core cross compile specific] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh -index 91b1442ade..1858dae31a 100755 +index b0334fb76e..094f86f096 100755 --- a/OvmfPkg/build.sh +++ b/OvmfPkg/build.sh @@ -24,7 +24,7 @@ then @@ -29,5 +29,5 @@ index 91b1442ade..1858dae31a 100755 source edksetup.sh BaseTools else -- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index 2293d7e938..efabc8febc 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -1,7 +1,7 @@ -From 19d4c7f9812062a683b3ba60b35aac0461190456 Mon Sep 17 00:00:00 2001 +From 7675a67b8bb207de38ff5a9dc416e8b1028eb8ce Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Fri, 26 Jul 2019 17:34:26 -0400 -Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake +Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build using the bitbake native sysroot include and library directories. @@ -14,58 +14,56 @@ to fight against how upstream wants to configure the build. Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups] --- - BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) + BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 0df728f327..1299d47c87 100644 +index 1bf003523b..28757aed63 100644 --- a/BaseTools/Source/C/Makefiles/header.makefile +++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -75,35 +75,36 @@ $(error Bad HOST_ARCH) +@@ -82,35 +82,34 @@ $(error Bad HOST_ARCH) endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE)
-+BUILD_CPPFLAGS += $(INCLUDE)
+-CPPFLAGS = $(INCLUDE)
++CPPFLAGS += $(INCLUDE)
# keep EXTRA_OPTFLAGS last
BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
- ifeq ($(CXX), llvm)
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ ifneq ($(CLANG),)
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif
endif
- ifeq ($(CXX), llvm)
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-deprecated-register -Wno-unused-result
+ ifneq ($(CLANG),)
+-LDFLAGS =
+-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14
++CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14
else
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-unused-result
+-LDFLAGS =
+-CXXFLAGS = -Wno-unused-result
++CXXFLAGS += -Wno-unused-result
endif
+
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
-- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch index 7adc45465c..c0c763c1cf 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch @@ -1,7 +1,7 @@ -From cf6361f27cd6318622fd58ab6c0a9407cc633b1e Mon Sep 17 00:00:00 2001 +From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 14 Jun 2021 19:56:28 +0200 -Subject: [PATCH] debug prefix map +Subject: [PATCH 3/4] debug prefix map We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in --debug-prefix-map to nasm (we carry a patch to nasm for this). The @@ -22,10 +22,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 471eb67c0c..a16fb5c9f1 100755 +index 503a6687c1..10ac38ef9e 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -1849,7 +1849,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N +@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_ *_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
@@ -34,7 +34,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-@@ -1869,8 +1869,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere +@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
-@@ -2022,7 +2022,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF( +@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF( *_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2050,7 +2050,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set +@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set *_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2159,7 +2159,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s +@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s *_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2187,7 +2187,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set +@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set *_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2302,7 +2302,7 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 +@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 *_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
-@@ -2334,7 +2334,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, +@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, *_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch index 846f408012..c3fdc3d863 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch @@ -1,7 +1,7 @@ -From 27ed9962f5cb3afcc44d6c96c53277132a999712 Mon Sep 17 00:00:00 2001 +From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 14 Jun 2021 19:57:30 +0200 -Subject: [PATCH 6/6] reproducible +Subject: [PATCH 4/4] reproducible This patch fixes various things which make the build more reproducible. Some changes here only change intermediate artefacts but that means when you have two build trees @@ -35,10 +35,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c -index d097db8632..a87ae6f3d0 100644 +index 9c17c90b16..fcc7864141 100644 --- a/BaseTools/Source/C/GenFw/Elf64Convert.c +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c -@@ -14,6 +14,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef __GNUC__
#include <windows.h>
#include <io.h>
@@ -47,35 +47,35 @@ index d097db8632..a87ae6f3d0 100644 #endif
#include <assert.h>
#include <stdio.h>
-@@ -769,7 +771,7 @@ ScanSections64 ( +@@ -990,7 +992,7 @@ ScanSections64 ( }
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
- strlen(mInImageName) + 1;
+ strlen(basename(mInImageName)) + 1;
- mCoffOffset = CoffAlign(mCoffOffset);
- if (SectionCount == 0) {
-@@ -1608,7 +1610,7 @@ WriteDebug64 ( - EFI_IMAGE_DEBUG_DIRECTORY_ENTRY *Dir;
- EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ //
+ // Add more space in the .debug data region for the DllCharacteristicsEx
+@@ -2261,7 +2263,7 @@ WriteDebug64 ( + EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
- Len = strlen(mInImageName) + 1;
+ Len = strlen(basename(mInImageName)) + 1;
- Dir = (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY*)(mCoffFile + mDebugOffset);
- Dir->Type = EFI_IMAGE_DEBUG_TYPE_CODEVIEW;
-@@ -1618,7 +1620,7 @@ WriteDebug64 ( + NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
+@@ -2294,7 +2296,7 @@ WriteDebug64 ( Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
- strcpy ((char *)(Nb10 + 1), mInImageName);
+ strcpy ((char *)(Nb10 + 1), basename(mInImageName));
+ }
-
- NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py -index 722fead75a..8f1c236970 100644 +index 752a1a1f6a..02054cccf8 100644 --- a/BaseTools/Source/Python/AutoGen/BuildEngine.py +++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py @@ -70,6 +70,9 @@ class TargetDescBlock(object): @@ -89,7 +89,7 @@ index 722fead75a..8f1c236970 100644 if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py -index 961b2ab1c3..23c1592025 100755 +index daec9c6d54..0e8cc20efe 100755 --- a/BaseTools/Source/Python/AutoGen/GenMake.py +++ b/BaseTools/Source/Python/AutoGen/GenMake.py @@ -575,7 +575,7 @@ cleanlib: @@ -153,10 +153,10 @@ index 961b2ab1c3..23c1592025 100755 if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py -index d70b0d7ae8..25dca9a6df 100755 +index d05410b329..99b3f64aba 100755 --- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py +++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py -@@ -1484,6 +1484,9 @@ class ModuleAutoGen(AutoGen): +@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen): for File in Files:
if File.lower().endswith('.pdb'):
AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)
@@ -166,7 +166,7 @@ index d70b0d7ae8..25dca9a6df 100755 HeaderComments = self.Module.HeaderComments
StartPos = 0
for Index in range(len(HeaderComments)):
-@@ -1759,7 +1762,7 @@ class ModuleAutoGen(AutoGen): +@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen): if os.path.exists (self.TimeStampPath):
os.remove (self.TimeStampPath)
@@ -176,5 +176,5 @@ index d70b0d7ae8..25dca9a6df 100755 # Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
-- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb index bd92c5d43d..761c265453 100644 --- a/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -22,12 +22,12 @@ BUILD_CFLAGS += "-Wno-error=stringop-overflow" SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-ovmf-update-path-to-native-BaseTools.patch \ file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ - file://0005-debug-prefix-map.patch \ - file://0006-reproducible.patch \ + file://0003-debug-prefix-map.patch \ + file://0004-reproducible.patch \ " -PV = "edk2-stable202302" -SRCREV = "f80f052277c88a67c55e107b550f504eeea947d3" +PV = "edk2-stable202305" +SRCREV = "ba91d0292e593df8528b66f99c1b0b14fadc8e16" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" inherit deploy diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl index 514f747fe6..7fe751b397 100755 --- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -202,7 +202,7 @@ class SystemdUnit(): try: for dependent in config.get('Install', prop): # expand any %i to instance (ignoring escape sequence %%) - dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent) + dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent) wants = systemdir / "{}.{}".format(dependent, dirstem) / service add_link(wants, target) diff --git a/poky/meta/recipes-core/systemd/systemd_253.3.bb b/poky/meta/recipes-core/systemd/systemd_253.3.bb index 87fbf6f785..cf0e17ff00 100644 --- a/poky/meta/recipes-core/systemd/systemd_253.3.bb +++ b/poky/meta/recipes-core/systemd/systemd_253.3.bb @@ -834,6 +834,3 @@ pkg_postinst:udev-hwdb () { pkg_prerm:udev-hwdb () { rm -f $D${sysconfdir}/udev/hwdb.bin } - -# This was also fixed in 252.4 with 9b75a3d0 -CVE_CHECK_IGNORE += "CVE-2022-4415" diff --git a/poky/meta/recipes-core/udev/eudev_3.2.12.bb b/poky/meta/recipes-core/udev/eudev_3.2.12.bb index 572ccecafd..4268bcc2c5 100644 --- a/poky/meta/recipes-core/udev/eudev_3.2.12.bb +++ b/poky/meta/recipes-core/udev/eudev_3.2.12.bb @@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "ccdd64ec3c381d3c3ed0e99d2e70d1f62988c7763de89ca7bdffafa5ea GITHUB_BASE_URI = "https://github.com/eudev-project/eudev/releases" -inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases +inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases useradd CONFLICT_DISTRO_FEATURES = "systemd" @@ -85,3 +85,6 @@ pkg_postinst:${PN}-hwdb () { pkg_prerm:${PN}-hwdb () { rm -f $D${sysconfdir}/udev/hwdb.bin } + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "-r sgx" diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb index 9ea7a04e8a..c81405533c 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb @@ -234,6 +234,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty" ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump" ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock" ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice" +ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm" +ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs" ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill" ALTERNATIVE:${PN}-last = "last lastb" ALTERNATIVE_LINK_NAME[last] = "${bindir}/last" |