diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2021-10-29 23:35:00 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2022-01-24 20:02:44 +0300 |
commit | eff27476badc5d48b544a07f9f4748a96506c8d7 (patch) | |
tree | bafd5e712e1ad4e4dc78056f73dbeb6a9ed6a618 /poky/meta/recipes-support | |
parent | 2a947d6075e017a8b50989a0498455752acb0e5d (diff) | |
download | openbmc-eff27476badc5d48b544a07f9f4748a96506c8d7.tar.xz |
subtree updates
poky: 80f2b56ad8..d78650b980:
Ahmed Hossam (1):
go.bbclass: Allow adding parameters to go ldflags
Alejandro Hernandez Samaniego (1):
baremetal-image: Fix do_image dependencies
Alexander Kanavin (153):
meson: update 0.58.1 -> 0.59.1
libcap: update 2.51 -> 2.54
lua: add a recipe from meta-oe
lua: update 5.3.6 -> 5.4.3
rpm: update 4.16.1.3 -> 4.17.0
libdnf: fix the rpm sqlite-only target setup
libsolv: disable rpm bdb format support
perl: do not build berkeley db module by default
package_rpm: use zstd instead of xz
qemu: update 6.0.0 -> 6.1.0
runqemu: correct vga-virtio option to keep virgl enabled
gnupg: update 2.3.1 -> 2.3.2
pinentry: update 1.1.1 -> 1.2.0
spirv-tools: update 2021.2 -> 2021.3
glslang: update 11.5.0 -> 11.6.0
shaderc: update 2021.1 -> 2021.2
inetutils: update 2.1 -> 2.2
systemd: update 249.3 -> 249.4
lsof: update 4.91 -> 4.94.0
libpam: update 1.5.1 -> 1.5.2
rt-tests: update 2.1 -> 2.2
libgit2: update 1.1.1 -> 1.2.0
libssh2: update 1.9.0 -> 1.10.0
libhandy: update 1.2.3 -> 1.4.0
qemu: install qmp module without hardcoding the python version in oeqa scripts
lttng-tools: replace ad hoc ptest fixup with upstream fixes
rust: drop PV from include file names
rust: update 1.54.0 -> 1.55.0
librsvg: update 2.40.21 -> 2.52.0 (transition to rust!)
librsvg: do not enable nativesdk
librsvg: add backports to fix big endian targets (e.g. mips)
librsvg: use only the target architecture to determine availability of atomic primitives
librsvg: restore reproducibility
adwaita-icon-theme: update 3.34/38 -> 41.0
gstreamer1.0-plugins-bad: disable rsvg on x32
rust/cargo: exclude UNINATIVE_LOADER from task signature
rust-common.bbclass: rewrite toolchain wrappers in (native) python
rust: do not write ar into target json definitions
rust: generate target definitions from (arch, abi), not just arch
openssl: update 1.1.1l -> 3.0.0
cryptodev-tests: do not use -Werror with openssl 3
serf: add a openssl 3 compatibility fix
ruby: disable openssl extension
glib-2.0: update 2.68.4 -> 2.70.0
glib-networking: update 2.68.2 -> 2.70.0
bison: update 3.7.6 -> 3.8.1
libdnf: update 0.63.1 -> 0.64.0
libexif: update 0.6.22 -> 0.6.23
sudo: update 1.9.7p2 -> 1.9.8p1
wget: update 1.21.1 -> 1.21.2
coreutils: update 8.32 -> 9.0
itstool: update 2.0.6 -> 2.0.7
nghttp2: add recipe from meta-oe
libsoup: add a 3.x recipe
webkitgtk: trim down DEPENDS
epiphany: trim down DEPENDS
webkitgtk: update 2.32.3 -> 2.34.0
epiphany: update 40.3 -> 41.0
python3: update 3.9.7 -> 3.10.0
libjitterentropy: update 3.1.0 -> 3.3.0
kea: update 1.8.2 -> 2.0.0
ghostscript: update 9.54.0 -> 9.55.0
lighttpd: update 1.4.59 -> 1.4.60
bluez5: update 5.61 -> 5.62
ovmf: update 202105 -> 202108
systemd: update 249.4 -> 249.5
meson: update 0.59.1 -> 0.59.2
python3-pip: update 21.2.4 -> 21.3
valgrind: update 3.17.0 -> 3.18.1
librsvg: update 2.52.0 -> 2.52.2
libva: update 2.12.0 -> 2.13.0
liberation-fonts: update 2.1.4 -> 2.1.5
ca-certificates: update 20210119 -> 20211016
curl: update 7.78.0 -> 7.79.1
libgit2: update 1.2.0 -> 1.3.0
libxcrypt: upgrade 4.4.25 -> 4.4.26
bison: upgrade 3.8.1 -> 3.8.2
cmake: update 3.21.2 -> 3.21.3
git: upgrade 2.33.0 -> 2.33.1
tzdata: upgrade 2021a -> 2021d
ofono: upgrade 1.32 -> 1.33
openssh: upgrade 8.7p1 -> 8.8p1
sysvinit: upgrade 2.99 -> 3.00
btrfs-tools: upgrade 5.13.1 -> 5.14.2
ccache: upgrade 4.4 -> 4.4.2
createrepo-c: upgrade 0.17.5 -> 0.17.6
libcomps: upgrade 0.1.17 -> 0.1.18
libedit: upgrade 20210714-3.1 -> 20210910-3.1
librepo: upgrade 1.14.1 -> 1.14.2
python3-jinja2: upgrade 3.0.1 -> 3.0.2
python3-pygobject: upgrade 3.40.1 -> 3.42.0
python3-setuptools: upgrade 58.0.4 -> 58.2.0
vala: upgrade 0.52.5 -> 0.54.2
acpica: upgrade 20210730 -> 20210930
asciidoc: upgrade 9.1.0 -> 9.1.1
libarchive: upgrade 3.5.1 -> 3.5.2
msmtp: upgrade 1.8.15 -> 1.8.17
sudo: upgrade 1.9.8p1 -> 1.9.8p2
gobject-introspection: upgrade 1.68.0 -> 1.70.0
gsettings-desktop-schemas: upgrade 40.0 -> 41.0
json-glib: upgrade 1.6.4 -> 1.6.6
libdazzle: upgrade 3.40.0 -> 3.42.0
harfbuzz: upgrade 2.9.1 -> 3.0.0
pango: upgrade 1.48.9 -> 1.48.10
libinput: upgrade 1.19.0 -> 1.19.1
linux-firmware: upgrade 20210818 -> 20210919
wireless-regdb: upgrade 2021.07.14 -> 2021.08.28
mpg123: upgrade 1.28.2 -> 1.29.0
puzzles: upgrade to latest revision
libwpe: upgrade 1.10.1 -> 1.12.0
diffoscope: upgrade 182 -> 187
fribidi: upgrade 1.0.10 -> 1.0.11
iso-codes: upgrade 4.6.0 -> 4.7.0
libatomic-ops: upgrade 7.6.10 -> 7.6.12
libcap: upgrade 2.54 -> 2.59
libmd: upgrade 1.0.3 -> 1.0.4
libsoup-2.4: upgrade 2.72.0 -> 2.74.0
gnupg: update 2.3.2 -> 2.3.3
libssh2: skip one of the ptests until openssh 8.8 compatibility is fixed
systemd: disable seccomp on mips32
waffle: convert to git, website is down
u-boot: upgrade 2021.07 -> 2021.10
psplash: upgrade to latest revision
stress-ng: convert to git, website is down
json-c: correct upstream version check
createrepo-c: upgrade 0.17.6 -> 0.17.7
python3-numpy: upgrade 1.21.2 -> 1.21.3
python3-pip: upgrade 21.3 -> 21.3.1
python3-setuptools: upgrade 58.2.0 -> 58.3.0
msmtp: upgrade 1.8.17 -> 1.8.18
gi-docgen: upgrade 2021.7 -> 2021.8
piglit: upgrade to latest revision
libinput: upgrade 1.19.1 -> 1.19.2
mpg123: upgrade 1.29.0 -> 1.29.2
puzzles: upgrade to latest revision
webkitgtk: upgrade 2.34.0 -> 2.34.1
wpebackend-fdo: upgrade 1.10.0 -> 1.12.0
diffoscope: upgrade 187 -> 188
libcap: upgrade 2.59 -> 2.60
vte: upgrade 0.64.2 -> 0.66.0
ncurses: update 6.2 -> 6.3
tzdata: update 2021d -> 2021e
asciidoc: update 9.1.1 -> 10.0.0
waffle: update 1.6.1 -> 1.7.0
virgl: skip headless test on specific older distros and fail otherwise
gptfdisk: address ncurses 6.3 compatibility
powertop: address ncurses 6.3 compatibility
systemtap: address ncurses 6.3 compatibility
igt-gpu-tools: address meson 0.60 compatibility
python3-pygobject: do not supply unknown g-i options
gstreamer1.0-python: do not supply unknown g-i options
webkitgtk: drop unnecessary SSE disabling patch
cups: exclude beta/rc versions from version check
Alexandre Belloni (5):
inetutils: drop CVE-2021-40491 patch
oeqa/selftest/sstatetests: fix typo ware -> were
maintainers.inc: fix up rust-cross entry
libevent,btrfs-tools: fix Upstream-Status tag
ruby: fix Upstream-Status
Andreas Müller (1):
webkitgtk: add gperf-native to DEPENDS to fix build
Andrei Gherzan (1):
qemu: Define libnfs PACKAGECONFIG
Andrej Valek (3):
busybox: 1.34.0 -> 1.34.1
featimage: refactor style
kernel-fitimage: use correct kernel image
Andres Beltran (1):
buildhistory: Fix package output files for SDKs
Bruce Ashfield (15):
linux-yocto/5.14: scripts/gcc-plugins: consistently use HOSTCC
linux-yocto/5.14: update to v5.14.8
linux-yocto/5.14: bsp/qemuarm*-gfx: use virtio graphics
linux-yocto/5.10: update to v5.10.69
linux-yocto/5.10: update to v5.10.70
linux-yocto/5.14: update to v5.14.9
kernel-yocto: don't apply config metadata patches twice
linux-yocto/5.14: revert: scripts/gcc-plugins: consistently use HOSTCC
linux-yocto/5.10: update to v5.10.73
linux-yocto/5.14: update to v5.14.12
linux-yocto/5.14: update to v5.14.13
linux-yocto/5.10: update to v5.10.74
linux-yocto/5.14: common-pc: enable CONFIG_ATA_PIIX as built-in
linux-yocto/5.14: update to v5.14.14
linux-yocto/5.10: update to v5.10.75
Caner Altinbasak (2):
bitbake: npmsw: Avoid race condition with multiple npm fetchers
bitbake: fetch2: Do not attempt to verify donestamp if download is not complete
Changhyeok Bae (2):
iproute2: update to 5.14.0
ethtool: update to 5.14
Changqing Li (1):
lttng-ust: fix do_compile failure for arm32 with DEBUG_BUILD enabled
Daiane Angolini (2):
machine/qemuarm*: Fix UBOOT_MACHINE value
ref-manual: Update how to set a useradd password
Daniel McGregor (3):
bison: prevent checking for textstyle.
bitbake.conf: Add gpg-agent as a host tool
sstate: Allow validation of sstate singatures against list of keys
David Joyner (1):
rust: add support for big endian 64-bit PowerPC
Denys Dmytriyenko (2):
wayland-protocols: upgrade 1.21 -> 1.22
wayland-protocols: upgrade 1.22 -> 1.23
Fred Liu (1):
glibc: Drop libcidn package
Henry Kleynhans (1):
sstate: Switch to ZStandard compressor support
Hsia-Jun(Randy) Li (1):
meson: install native file in sdk
Ian Ray (1):
archiver: Configurable tarball compression
Jon Mason (10):
oeqa/manual: Fix no longer valid URLs
bitbake: bitbake:toaster:test: Update SSTATE URL
yocto-bsp/poky: replace http with https for URLs
bitbake: bitbake: replace http with https for URLs
documentation: update sources mirror URL
documentation: replace http with https for URLs
documentation: use YOCTO_DL_URL
dev-manual: remove errant /
runqemu: add DEPLOY_DIR_IMAGE replacement in QB_OPT_APPEND
bitbake: bitbake-user-manual: update sources mirror URL
Jose Quaresma (15):
gstreamer1.0: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-base: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-good: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-bad: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-ugly: 1.18.4 -> 1.18.5
gstreamer1.0-rtsp-server: 1.18.4 -> 1.18.5
gstreamer1.0-libav: 1.18.4 -> 1.18.5
gstreamer1.0-vaapi: 1.18.4 -> 1.18.5
gstreamer1.0-omx: 1.18.4 -> 1.18.5
gstreamer1.0-python: 1.18.4 -> 1.18.5
gst-devtools: 1.18.4 -> 1.18.5
gst-examples: 1.18.4 -> 1.18.5
patch.bbclass: when the patch fails show more info on the fatal error
sstate.bbclass: count the files on mirrors using the pre local files
sstate: fix touching files inside pseudo
Joshua Watt (4):
bitbake: async: Close sync client event loop
bitbake: hashserv: Add tests for diverging reports
bitbake: hashserv: Fix diverging report race condition
classes/populate_sdk_base: Add setscene tasks
Kai Kang (1):
sudo: update multilib patch for sudo.conf
Khem Raj (11):
pkgconfig: Update to latest
libseccomp: Upgrade to 2.5.2 and beyond
openssl: Drop riscv32 upstreamed patches
opensbi-payloads.inc: Use strings for fallback
mesa: Enable svga for x86 only
qemu: Add knob for enabling PMDK pmem support
opensbi-payloads: Add dependency on kernel if fdt is set
librsvg: Fix vendored libc to work on riscv and musl
librsvg: Bump to 2.52.0 -> 2.52.2
rust: Upgrade to 1.56.0
librsvg: Disable 64bit atomics in crossbeam for rv32
Kiran Surendran (1):
ffmpeg: fix CVE-2021-38114
Konrad Weihmann (1):
libical: fix append in DEPENDS
Lukasz Majewski (1):
glibc: Extract common code to build tests to glibc-tests.inc
Marek Vasut (1):
piglit: upgrade to latest revision
Martin Jansa (2):
webkitgtk: add PACKAGECONFIG for opengl-or-es
boost: allow searching for python310
Maximilian Blenk (1):
mount-copybind: add rootcontext mountoption for overlayfs
Michael Halstead (2):
scripts/autobuilder-worker-prereq-tests: jinja2 check
releases: update to include 3.4 honister
Michael Opdenacker (18):
manuals: font fixes
ref-manual: document DEBUG_PREFIX_MAP
manuals: replace "apt-get" by "apt"
Makefile: allow epub and latexpdf outputs to use diagrams from SVG sources
conf.py: use PNG first in EPUB output
overview-manual: SVG diagram for the git workflow
docs: add "make all" to build old types of docs (html, epub, pdf) at once
manuals: introduce 'yocto_sstate' extlink
overview-manual: simplify expression
dev-manual: correct NO_GENERIC_LICENSE section title
dev-manual: warn about license compliance issues when static libraries are used
devpyshell: rename to pydevshell
ref-manual: document TOOLCHAIN_HOST_TASK_ESDK
manuals: rename "devpyshell" to "pydevshell"
ref-manual: document SOURCE_DATE_EPOCH
ref-manual: fix description of SOURCE_DATE_EPOCH
releases.rst: fix release number for 3.3.3
docs: poky.yaml: updates for 3.4
Mike Crowe (2):
lib/oe/qa,insane: Move extra error handling functions to library
insane,license,license_image: Allow treating license problems as errors
Mingli Yu (1):
packagedata.py: silence a DeprecationWarning
Oleh Matiusha (1):
findutils: add ptest
Oleksandr Kravchuk (15):
python3: update to 3.9.7
python3-git: update to 3.1.24
python3-dbusmock: update to 0.24.0
python3-setuptools: update to 58.0.4
python3-setuptools: minor cleanup
xf86-input-libinput: update to 1.2.0
libinput: update to 1.19.0
libxi: update to 1.8
xorgproto: update to 2021.5
xkeyboard-config: update to 2.34
libxkbcommon: update to 1.3.1
mirrors.bbclass: remove dead infozip mirrors
man-pages: update to 5.13
python3-smmap: update to 5.0.0
python3-pyparsing: update to 3.0.0
Pablo Saavedra Rodi?o (1):
mesa: upgrade 21.2.1 -> 21.2.4
Paul Barker (1):
bitbake: doc: bitbake-user-manual: Document BB_GIT_SHALLOW and friends
Paul Eggleton (7):
migration-3.4: tweak overrides change section
ref-manual: remove meta class
poky.yaml: add lz4 and zstd to essential host packages
migration-3.4: add additional migration info
migration: tweak introduction section
poky.yaml: fix lz4 package name for older Ubuntu versions
migration-3.4: add some extra packaging notes
Pavel Zhukov (1):
weston: wrapper for weston modules argument
Peter Hoyes (2):
u-boot: Convert ${UBOOT_ENV}.cmd into ${UBOOT_ENV}.scr
u-boot: Fix syntax error in ${UBOOT_ENV}.scr compilation
Peter Kjellerstedt (2):
meson.bblcass: Remove empty egg-info directories before running meson
qemu.inc: Remove empty egg-info directories before running meson
Petr Vorel (1):
ltp: Update to 20210927
Pgowda (2):
Fix rust-native build issue when debug is enabled
rust-cross: Fix directory not deleted for race glibc vs. musl
Ralph Siemsen (1):
tar: filter CVEs using vendor name
Randy Li (1):
meson: move lang args to the right section
Richard Purdie (54):
sstatesig: Only apply group/other permissions to pseudo files
rpm: Deterministically set vendor macro entry
abi_version/sstate: Bump to fix rpm corruption issues
multilib: Avoid sysroot race issues when multilib enabled
bitbake: knotty/uihelper: Show setscene task progress in summary output
bitbake: bitbake-worker: Handle pseudo shutdown in Ctrl+C case
poky.conf: Update tested distros list with recent changes
bitbake: hashserv: Improve behaviour for better determinism/sstate reuse
poky.conf: Bump version for 3.4 honister release
build-appliance-image: Update to honister head revision
bitbake: bitbake: Bump to version 1.52.0
build-appliance-image: Update to honister head revision
layer.conf: Extend recipes not to install without explict dependencies
libxml2: Use python3targetconfig to fix reproducibility issue
libnewt: Use python3targetconfig to fix reproducibility issue
bootchart2: Don't compile python modules
linux-yocto-dev: Ensure DEPENDS matches recent 5.14 kernel changes
base/insane: Import oe.qa by default
base: Clean up unneeded len() calls
base: Use repr() for printing exceptions
bitbake.conf: Add BB_CURRENTTASK to BB_HASHEXCLUDE
reproducible_build: Drop obsolete sstate workaround
python: Update now reproducibile builds are the default
bitbake: bitbake-worker: Set BB_CURRENTTASK earlier
bitbake: compress: Allow to operate on file descriptor
bitbake: siggen: Change file format of siginfo files to use zstd compressed json
sstate: Fixes for eSDK generation after zstd switch
patch: Use repr() with exceptions instead of str()
reproducible_build: Drop now unneeded compiler warning
reproducible: Move class function code into library
reproducible: Move variable definitions to bitbake.conf
reproducible: Merge code into base.bbclass
kernel: Add KERNEL_DEBUG_TIMESTAMPS variable
reproducible: Drop BUILD_REPRODUCIBLE_BINARIES variable
kernel: Rework kernel make flag to variable mappings
oeqa: Update cleanup code to wait for hashserv exit
poky: Reproducible builds are now the default
bitbake: tests/runqueue: Ensure hashserv exits before deleting files
bitbake: bitbake-worker: Add debug when unpickle fails
bitbake: siggen: Fix type conversion issues
bitbake: test/fetch: Update urls to match upstream branch name changes
libtool: Update patchset to match those submitted upstream
staging: Fix autoconf-native rebuild failure
patch: Fix exception reporting with repr()
bitbake: fetch2/perforce: Fix typo
bitbake: bitbake: Bump to post release verion 1.53.0
poky.conf: Post release version bump
gcc: Merge three related patches together
gcc: Drop sdt (dtrace) header patch
gcc: Drop broken/unneeded patch
bitbake: tests/runqueue: Drop python version test decorators
gcc: Update patches submitted/merged upstream
gcc: Drop testsuite failure fix patch
gcc: Add missing patch Upstream-Status
Ross Burton (21):
bitbake: tests/utils: mark a regex as a raw string
bitbake: tests/fetch: prefix the FetcherTest temporary directory
bitbake: fetch2: clarify the command-no-found error message
bitbake: fetch2/gitsm: remove the 'nugget' SRCREV caching
linux-yocto: add libmpc-native to DEPENDS
bitbake: fetch2: document checkstatus API
curl: fix CVE-2021-22945 through -22947
oe/license: implement ast.NodeVisitor.visit_Constant
license.bbclass: implement ast.NodeVisitor.visit_Constant
bitbake: codegen: implement ast.NodeVisitor.visit_Constant
testimage: fix unclosed testdata file
oe/utils: log exceptions in ThreadedWorker functions
sstate: don't silently handle all exceptions in sstate_checkhashes
gawk: replace AR patch with upstreamed patch
gawk: reduce strictness of the time test
strace: remove obsolete patch
strace: remove TOOLCHAIN assignment
oeqa/runtime: load modules using importlib
oeqa/runtime: search sys.path explicitly for modules
testimage: remove target_modules_path
strace: show test suite log on failure
Sakib Sajal (1):
go: upgrade 1.16.7 -> 1.16.8
Saul Wold (3):
spdx.py: Add annotation to relationship
create-spdx: add create_annotation function
create-spdx: cross recipes are native also
Stefan Herbrechtsmeier (17):
bitbake: fetch2: npm: Support npm archives with missing search directory mode
bitbake: fetch2: npm: Create config npmrc in environment instantiation
bitbake: fetch2: npmsw: Add support for local tarball and link sources
npm: Add support for EXTRA_OENPM arguments
recipetool: Move license md5sums into CSV files
recipetool: Skip common source files in guess_license
recipetool: Change default paramter fallback_licenses of function split_pkg_licenses from None to []
recipetool: ignore empty license files
recipetool: Add logger info for missing license entries
recipetool: Add support for linenumbers to licenses.csv
recipetool: npm: Do not add package.json files to LIC_FILES_CHKSUM
recipetool: npm: Use README as license fallback
npm: Add variable NPM_NODEDIR with default value
npm: Use configs for npm environment and args for npm run command
recipetool: Rework crunch_license to recognize more variants
recipetool: Simplify common source files skip in guess_license
npm: Remove unnecessary configs argument from npm run command
Teoh Jay Shen (1):
oeqa/runtime/parselogs: modified drm error in common errors list
Thomas Perrot (1):
image_types: allow the creation of block devices on top of UBI volumes
Tim Orling (17):
ptest-runner: install -collect-system-data script
python3-hypothesis: upgrade 6.15.0 -> 6.23.2
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1
python3-more-itertools: upgrade 8.9.0 -> 8.10.0
python3-zipp: upgrade 3.5.0 -> 3.6.0
libconvert-asn1-perl: upgrade 0.31 -> 0.33
python3-pytest: upgrade 6.2.4 -> 6.2.5
at-spi2-core: upgrade 2.40.3 -> 2.42.0
python3-packaging: DEPENDS on python3-setuptools-native
python3-packaging: BBCLASSEXTEND nativesdk
python3-tomli: add recipe for 1.2.1
python3-setuptools-scm: upgrade 6.0.1 -> 6.3.2
python3-setuptools: _distutils/sysconfig fix
python3-pyyaml: upgrade 5.4.1 -> 6.0
python3-manifest: -pprint RDEPENDS on -profile
python3-hypothesis: upgrade 6.23.2 -> 6.24.0
python3-tomli: upgrade 1.2.1 -> 1.2.2
Tobias Kaufmann (1):
mount-copybind: add SELinux support
Yureka (1):
systemd: add missing include for musl
Zoltán Böszörményi (1):
libpam: Fix build with DISTRO_FEATURES usrmerge
hongxu (1):
libcap: fix nativesdk-libcap relocate failure
wangmy (20):
diffoscope: upgrade 181 -> 182
cmake: upgrade 3.21.1 -> 3.21.2
gzip: upgrade 1.10 -> 1.11
harfbuzz: upgrade 2.9.0 -> 2.9.1
vulkan-headers: upgrade 1.2.182 -> 1.2.191
vulkan-loader: upgrade 1.2.182 -> 1.2.191
vulkan-tools: upgrade 1.2.182 -> 1.2.191
help2man: upgrade 1.48.4 -> 1.48.5
python3-more-itertools: upgrade 8.8.0 -> 8.9.0
acpid: upgrade 2.0.32 -> 2.0.33
bind: upgrade 9.16.20 -> 9.16.21
createrepo-c: upgrade 0.17.4 -> 0.17.5
dnf: upgrade 4.8.0 -> 4.9.0
ell: upgrade 0.43 -> 0.44
libical: upgrade 3.0.10 -> 3.0.11
dhcpcd: upgrade 9.4.0 -> 9.4.1
dnf: upgrade 4.9.0 -> 4.10.0
file: upgrade 5.40 -> 5.41
libdnf: upgrade 0.64.0 -> 0.65.0
lttng-tools: upgrade 2.13.0 -> 2.13.1
zhengruoqin (2):
libsolv: upgrade 0.7.19 -> 0.7.20
python3-pycryptodome: upgrade 3.10.1 -> 3.11.0
meta-security: a85fbe980e..e81c15f851:
Armin Kuster (1):
python3-fail2ban: fix build failure and cleanup
Kai Kang (1):
sssd: re-package to fix QA issues
Kristian Klausen (1):
swtpm: update to 0.6.1
Liwei Song (1):
recipes-security/chipsec: platform security assessment framework
meta-openembedded: 23dc4f060f..2f6797d8d6:
Alexander Kanavin (23):
python3-yappi: add python 3.10 fix
python3-gmpy2: update 2.0.8 -> 2.1.0rc1
python3-m2crypto: address build failure with openssl 3.x
lua: remove recipe as it is now in oe-core
nghttp2: remove recipe as it is now in oe-core
kronosnet: update 1.20 -> 1.22
polkit: update 0.116 -> 0.119
openflow: disable openssl PACKAGECONFIG
openipmi: add a python 3.10 compatibility patch
strongswan: disable openssl PACKAGECONFIG
pkcs11-helper: backport a openssl 3.x patch
nodejs: use -fpermissive
nodejs: add a python 3.10 compatibility patch
php: disable openssl PACKAGECONFIG
libsigrokdecode: add a python 3.10 compatibility patch
freerdp: backport openssl 3.x patches
opensc: do not use -Werror
cfengine: blacklist due to openssl 3.x incompatibility
netplan: do not use -Werror
boinc-client: blacklist due to openssl 3.x incompatibility
ldns: blacklist due to openssl 3.x incompatibility
surf: add a webkit 2.34 compatibility patch
mozjs: update 60.9.0 -> 91.1.0
Alexander Thoma (1):
keyutils: fix install path
Armin Kuster (1):
Apache: Several CVE fixes
Chen Qi (1):
ntfs-3g-ntfsprogs: upgrade to 2021.8.22
Gianfranco (2):
vboxguestdrivers: upgrade 6.1.26 -> 6.1.28
vboxguestdrivers: Fix build failure due to the last update.
Ivan Maidanski (1):
bdwgc: upgrade 8.0.4 -> 8.0.6
Jeremy Kerr (1):
mctp: Add MCTP control utilities
Joshua Watt (2):
colord-native: Inherit pkgconfig
mutter: Move gsettings to a separate package
Justin Bronder (2):
python3-mccabe: fix LICENSE and RDEPENDS
python3-pyflakes: fix LICENSE, HOMEPAGE and RDEPENDS
Khem Raj (44):
packagegroup-meta-oe: Add lv-drivers and lvgl
python3-pystache: Remove need for python2x
python3-behave: Switch to using github src_uri
python3-simpleeval: Remove use_2to3
python3-parse-type: Do not ask for 2to3
python3-anyjson: Do not enable 2to3
python3-pybluez: Do not set 2to3
packagegroup-meta-networking: Remove nghttp2
packagegroup-meta-oe: Remove lua
gjs: Inherit pkgconfig
luaposix: Use lua 5.4
devilspie2: Switch to using github repo
devilspie2: Add missing dependency on libxinerama
kronosnet: Correct path to poll.h
luaposix: Upgrade to 35.1
xfce.bbclass: Mark string as raw in a regexp
nodejs: add -fpermissive BUILD_CXXFLAGS
pcimem: Add riscv64 into COMPATIBLE_HOST
luaposix: Depend on libxcrypt-native
libcrypt-openssl-rsa-perl: Upgrade to 0.32
xrdp: Upgrade to 0.9.17
yelp,yelp-xsl,yelp-tools: Upgrade to 41 release
mozjs: Disable JIT on mips
libcrypt-openssl-rsa-perl: Fix build with openssl3+
nodejs: Upgrade to 14.18.1
librest: Use master with libsoup3 support
gnome-online-accounts: Upgrade to 3.43.1
iwd: Fix build with musl
xrdp: Exclude from builds
xorgxrdp: Add to exclusion list for now
bluepy: Set PV and correct syntax for RDEPENDS
python3-kivy: Use new override syntax in RDEPENDS
bluepy: Fix permissions on tarball
nodejs: Upgrade to 16.11.1
mozjs: Fix build on mips/musl
mozjs: Fix musl miscompiles with HAVE_THREAD_TLS_KEYWORD
luaposix: Use virtual/crypt instread of hardcoding libxcrypt
packagegroup-meta-oe: Add libjs-jquery-globalize and libjs-jquery-cookie
mozjs: Add riscv32 support
driverctl: Rename to have PV in recipe name
tbb: Link with libatomic when using clang compiler on rv32
gimp: Disable vector icons on mips/rv32 using clang
mozjs: Update to 91.2.0
mozjs: Fix build for 32bit systems disabling JIT
Kurt Kiefer (2):
mozjs: move large static library into staticdev package
gyp: fix for compatibility with Python 3.10
Leon Anavi (6):
python3-aiohue: Upgrade 2.6.1 -> 2.6.3
python3-paho-mqtt: Upgrade 1.5.1 -> 1.6.1
python3-thrift: Upgrade 0.13.0 -> 0.15.0
python3-prompt-toolkit: Upgrade 3.0.19 -> 3.0.21
python3-traitlets: Upgrade 5.1.0 -> 5.1.1
python3-prettytable: Upgrade 2.1.0 -> 2.2.1
LiweiSong (1):
Revert "chipsec: platform security assessment framework"
Marco Cavallini (1):
bluepy_git.bb: Added recipe for BluePy Python interface to Bluetooth LE on Linux (v2)
Marek Vasut (3):
apitrace: Upgrade to latest version
apitrace: Conditionally enable X11 support
yavta: Upgrade to latest version and drop downstream patch
Martin Jansa (4):
protobuf: import a patch from meta-webosose to fix building protobuf-c with gold linker
grpc: revert GRPCPP_ABSEIL_SYNC change from 1.40.0 to fix undefined references to absl::lts_20210324::Mutex::~Mutex()
luaposix: depend on target libxcrypt instead of native
lv-lib-png: add wayland to REQUIRED_DISTRO_FEATURES
Matthias Klein (1):
gpsd: Install also the generated parts of the Python library
Matthias Schiffer (1):
byacc: switch to official HTTPS mirror
Mingli Yu (1):
opencv: remove setup_vars_opencv4.sh
Oleksandr Kravchuk (72):
iwd: update to 1.18
nano: update to 5.9
ostree: update to 2021.5
pegtl: update to 3.2.1
pmdk: update to 1.11.1
protobuf-c: update to 1.4.0
thingsboard-gateway: update to 2.8
libbpf: fix PV
libcdio-paranoia: update to 10.2+2.0.1
ttf-abyssinica: update to 2.100
ttf-dejavu: add UPSTREAM_CHECK_URI
ttf-vlgothic: update to 20200720
networkmanager: update to 1.32.12
nng: update to 1.4.0
opensaf: update to 5.21.09
python3-absl: update 0.14.1
python3-alembic: update to 1.7.4
python3-astroid: update to 2.8.2
python3-cantools: update to 36.4.0
python3-certifi: update to 2021.10.8
python3-cffi: update to 1.15.0
python3-colorlog: update to 6.5.0
python3-coverage: update to 6.0.2
python3-cryptography-vectors: update to 35.0.0
python3-dateparser: update to 1.1.0
python3-elementpath: update to 2.3.2
python3-eventlet: update to 0.32.0
python3-google-api-core: update to 2.1.1
python3-google-api-python-client: update to 2.26.1
python3-google-auth: update to 2.3.0
python3-grpcio-tools: update to 1.41.0
python3-grpcio: update to 1.41.0
python3-h2: update to 4.1.0
python3-haversine: update to 2.5.1
python3-httplib2: update to 0.20.1
python3-idna: update to 3.3
python3-iso3166: update to 2.0.2
python3-joblib: update to 1.1.0
python3-jsonrpcserver: update to 5.0.3
python3-paramiko: update to 2.8.0
python3-portion: update to 2.2.0
python3-protobuf: update to 3.18.1
python3-pulsectl: update to 21.10.4
python3-pycodestyle: update to 2.8.0
python3-pyephem: update to 4.1
python3-pyflakes: update to 2.4.0
python3-pyjwt: update to 2.2.0
python3-pykickstart: update to 3.34
python3-pyopenssl: update to 21.0.0
python3-pyperf: update to 2.3.0
python3-pytest-timeout: update 2.0.1
python3-pytz: update to 2021.3
python3-regex: update to 2021.10.8
python3-sentry-sdk: update to 1.4.3
python3-sympy: udpate to 1.9
python3-twitter: update to 4.1.0
python3-uritemplate: update to 4.1.1
python3-websockets: update to 10.0
python3-wrapt: update to 1.13.2
python3-xlsxwriter: update to 3.0.1
python3-xmlschema: update to 1.8.0
python3-yarl: update to 1.7.0
python3-typeguard: update to 2.13.0
python3-pyatspi: update to 2.38.1
python3-h5py: update to 3.5.0
python3-pybind11-json: update to 0.2.11
python3-pychromecast: update to 9.3.1
python3-tzlocal: update to 4.0.1
python3-zeroconf: update to 0.36.9
leptonica: update to 1.82.0
redis-plus-plus: update to 1.3.2
hiredis: update to 1.0.2
Peter Bergin (3):
pipewire: remove manpages class
pipewire: also handle pipewire-media-session in systemd class
pipewire: rework PACKAGECONFIG for systemd service files
Philippe Coval (5):
lvgl: Add recipe for Lightweight Graphics Library
lv-drivers: Add recipe for lvgl lib
lv-lib-png: Add recipe for LVGL for handling PNG format
lvgl: Add lv_lib_png to packagegroup
lvgl: Lint recipe
Roland Hieber (1):
rapidjson: override hard-coded lib install dir
Shiping Ji (1):
Add recipe for driverctl
Tim Orling (6):
unicode-ucd: upgrade 12.1.0 -> 14.0.0
gnome-screenshot: add recipe for 40.0
libgweather: upgrade 3.36.2 -> 40.0
colord: inherit pkgconfig
gfbgraph: patch to build with latest rest
gnome-calendar: upgrade 3.38.1 -> 41.0
Trevor Gamblin (3):
python3-posix-ipc: Add recipe for version 1.0.5
python3-pyinotify: Add fcntl, logging to RDEPENDS
python3-cvxopt: upgrade 1.2.6 -> 1.2.7
Vyacheslav Yurkov (3):
grpc: fix cross-compilation of grpc applications
grpc: fix cross-compilation of grpc applications
grpc: upgrade 1.38.1 -> 1.41.0
Wang Mingyu (1):
poppler: upgrade 21.09.0 -> 21.10.0
Yi Zhao (3):
samba: upgrade 4.14.7 -> 4.14.8
audit: upgrade 3.0.5 -> 3.0.6
strongswan: upgrade 5.9.3 -> 5.9.4
Zoltán Böszörményi (1):
python3-jsmin: Upgrade to version 3.0.0
wangmy (11):
openvpn: upgrade 2.5.3 -> 2.5.4
redis: upgrade 6.2.5 -> 6.2.6
span-lite: upgrade 0.10.1 -> 0.10.3
bdwgc: upgrade 8.0.6 -> 8.2.0
icewm: upgrade 2.7.0 -> 2.8.0
ifenslave: upgrade 2.12 -> 2.13
asio: upgrade 1.18.1.bb -> 1.20.0
libgusb: upgrade 0.3.7 -> 0.3.8
libxmlb: upgrade 0.3.2 -> 0.3.3
xdebug: upgrade 2.9.5 -> 3.1.1
cryptsetup: upgrade 2.3.6 -> 2.4.1
zangrc (25):
python3-ipython: upgrade 7.27.0 -> 7.28.0
python3-jdatetime: upgrade 3.6.2 -> 3.6.4
python3-multidict: upgrade 5.1.0 -> 5.2.0
python3-openpyxl: upgrade 3.0.8 -> 3.0.9
python3-pyscaffold: upgrade 4.0.2 -> 4.1
python3-transitions: upgrade 0.8.9 -> 0.8.10
networkmanager-openvpn: upgrade 1.8.14 -> 1.8.16
ser2net: upgrade 4.3.3 -> 4.3.4
python3-humanize: upgrade 3.11.0 -> 3.12.0
python3-nmap: upgrade 1.5.0 -> 1.5.1
libjs-jquery-cookie: Add recipe
libjs-jquery-globalize: Add recipe
python3-cachetools: upgrade 4.2.2 -> 4.2.4
python3-cbor2: upgrade 5.4.1 -> 5.4.2
python3-click: upgrade 8.0.1 -> 8.0.3
python3-configargparse : upgrade 1.5.2 -> 1.5.3
python3-flask: upgrade 2.0.1 -> 2.0.2
python3-pyscaffold: upgrade 4.1 -> 4.1.1
python3-werkzeug: upgrade 2.0.1 -> 2.0.2
python3-absl: upgrade 0.14.1 -> 0.15.0
python3-pandas: upgrade 1.3.3 -> 1.3.4
python3-pulsectl: upgrade 21.10.4 -> 21.10.5
python3-pyjwt: upgrade 2.2.0 -> 2.3.0
python3-pytest-asyncio: upgrade 0.15.1 -> 0.16.0
python3-robotframework: upgrade 4.1.1 -> 4.1.2
zhengruoqin (15):
python3-ujson: upgrade 4.1.0 -> 4.2.0
python3-urllib3: upgrade 1.26.6 -> 1.26.7
python3-watchdog: upgrade 2.1.5 -> 2.1.6
gensio: upgrade 2.2.9 -> 2.3.1
nlohmann-json: upgrade 3.10.2 -> 3.10.4
libencode-perl: upgrade 3.12 -> 3.16
python3-socketio: upgrade 5.4.0 -> 5.4.1
python3-sqlalchemy: upgrade 1.4.23 -> 1.4.26
python3-stevedore: upgrade 3.4.0 -> 3.5.0
autofs: upgrade 5.1.7 -> 5.1.8
links: upgrade 2.22 -> 2.25
atftp: upgrade 0.7.4 -> 0.7.5
python3-gmqtt: upgrade 0.6.10 -> 0.6.11
python3-google-api-python-client: upgrade 2.26.1 -> 2.27.0
python3-greenlet: upgrade 1.1.1 -> 1.1.2
meta-raspberrypi: 9eb4879cf4..90b3ac6fb3:
Zygmunt Krynicki (1):
rpi-config: warn on config.txt lines exceeding 80 bytes
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I9e75d5bd606a913fbe69e6735c9ecafc436441ba
Diffstat (limited to 'poky/meta/recipes-support')
55 files changed, 709 insertions, 810 deletions
diff --git a/poky/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch b/poky/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch new file mode 100644 index 0000000000..4a9bbbcbb1 --- /dev/null +++ b/poky/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch @@ -0,0 +1,33 @@ +From 9e726133319298a835f724904c80e5adf78f475f Mon Sep 17 00:00:00 2001 +From: Tim Orling <timothy.t.orling@intel.com> +Date: Fri, 15 Oct 2021 18:00:04 +0000 +Subject: [PATCH] Ensure x11_dep is defined + +bus/meson.build checks if x11_dep.found(), but this fails when +-Dx11=no + +Upstream-Status: Submitted +[https://gitlab.gnome.org/GNOME/at-spi2-core/-/merge_requests/60] + +References: + https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/42 + https://mesonbuild.com/howtox.html#get-a-default-notfound-dependency + +Signed-off-by: Tim Orling <timothy.t.orling@intel.com> +--- + meson.build | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/meson.build b/meson.build +index b5104c8..85d7a0e 100644 +--- a/meson.build ++++ b/meson.build +@@ -62,6 +62,8 @@ endif + + x11_deps = [] + x11_option = get_option('x11') ++# ensure x11_dep is defined for use in bus/meson.build ++x11_dep = dependency('', required: false) + if x11_option != 'no' + x11_dep = dependency('x11', required: false) + diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.40.3.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.42.0.bb index 427ea7c165..e09c74ac7f 100644 --- a/poky/meta/recipes-support/atk/at-spi2-core_2.40.3.bb +++ b/poky/meta/recipes-support/atk/at-spi2-core_2.42.0.bb @@ -9,9 +9,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" -SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz" +SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ + file://0001-Ensure-x11_dep-is-defined.patch \ + " -SRC_URI[sha256sum] = "e49837c2ad30d71e1f29ca8e0968a54b95030272f7ff40b89b48968653f37a5c" +SRC_URI[sha256sum] = "4b5da10e94fa3c6195f95222438f63a0234b99ef9df772c7640e82baeaa6e386" X11DEPENDS = "virtual/libx11 libxi libxtst" diff --git a/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch b/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch new file mode 100644 index 0000000000..0a9ee2cc95 --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch @@ -0,0 +1,50 @@ +From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Tue, 19 Oct 2021 12:24:31 +0000 +Subject: [PATCH] BoostConfig.cmake: allow searching for python310 + +* accept double digits in Python3_VERSION_MINOR + +* if someone is using e.g.: + find_package(Python3 REQUIRED) + find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR}) + + with python-3.10 then it currently fails with: + + -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0") + -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter + CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package): + Could not find a package configuration file provided by "boost_python310" + (requested version 1.77.0) with any of the following names: + + boost_python310Config.cmake + boost_python310-config.cmake + + Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or + set "boost_python310_DIR" to a directory containing one of the above files. + If "boost_python310" provides a separate development package or SDK, be + sure it has been installed. + Call Stack (most recent call first): + /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component) + /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package) + CMakeLists.txt:18 (find_package) + +Upstream-Status: Submitted [https://github.com/boostorg/boost_install/pull/53] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + tools/boost_install/BoostConfig.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/boost_install/BoostConfig.cmake b/tools/boost_install/BoostConfig.cmake +index fd17821..5dffa58 100644 +--- a/tools/boost_install/BoostConfig.cmake ++++ b/tools/boost_install/BoostConfig.cmake +@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet) + set(_BOOST_REQUIRED REQUIRED) + endif() + +- if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$") ++ if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$") + + # handle pythonXY and numpyXY versioned components for compatibility + diff --git a/poky/meta/recipes-support/boost/boost_1.77.0.bb b/poky/meta/recipes-support/boost/boost_1.77.0.bb index df8e08ad76..ba60281950 100644 --- a/poky/meta/recipes-support/boost/boost_1.77.0.bb +++ b/poky/meta/recipes-support/boost/boost_1.77.0.bb @@ -6,4 +6,5 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \ + file://0001-BoostConfig.cmake-allow-searching-for-python310.patch \ " diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch new file mode 100644 index 0000000000..5c4a32f526 --- /dev/null +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch @@ -0,0 +1,80 @@ +From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 18 Oct 2021 12:05:49 +0200 +Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired + certificates." + +This avoids a dependency on python3-cryptography, and only checks +for expired certs (which is upstream concern, but not ours). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + debian/changelog | 1 - + debian/control | 2 +- + mozilla/certdata2pem.py | 11 ----------- + 3 files changed, 1 insertion(+), 13 deletions(-) + +diff --git a/debian/changelog b/debian/changelog +index 531e4d0..4006509 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) +- * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +diff --git a/debian/control b/debian/control +index 4434b7a..5c6ba24 100644 +--- a/debian/control ++++ b/debian/control +@@ -3,7 +3,7 @@ Section: misc + Priority: optional + Maintainer: Julien Cristau <jcristau@debian.org> + Build-Depends: debhelper-compat (= 13), po-debconf +-Build-Depends-Indep: python3, openssl, python3-cryptography ++Build-Depends-Indep: python3, openssl + Standards-Version: 4.5.0.2 + Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git + Vcs-Browser: https://salsa.debian.org/debian/ca-certificates +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py +index ede23d4..7d796f1 100644 +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -21,16 +21,12 @@ + # USA. + + import base64 +-import datetime + import os.path + import re + import sys + import textwrap + import io + +-from cryptography import x509 +- +- + objects = [] + + # Dirty file parser. +@@ -121,13 +117,6 @@ for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue +- +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ +-- +2.20.1 + diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch deleted file mode 100644 index f343ebf16e..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -sbin/Makefile: Allow the sbin path to be configurable - -Some project sharing ca-certificates from Debian allow configuration -of the installation location. Make the sbin location configurable. - -Also ensure the target directory exists - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - ---- ca-certificates-20130119.orig/sbin/Makefile -+++ ca-certificates-20130119/sbin/Makefile -@@ -3,9 +3,12 @@ - # - # - -+SBINDIR = /usr/sbin -+ - all: - - clean: - - install: -- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ -+ install -d $(DESTDIR)$(SBINDIR) -+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch deleted file mode 100644 index f78790923c..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch +++ /dev/null @@ -1,33 +0,0 @@ -update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir - -According to coreutils docs, mktemp -t is deprecated, switch to the ---tmpdir option instead. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - -[This was originally for compatibility with toybox but toybox now -supports -t] ---- - sbin/update-ca-certificates | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 79c41bb..ae9e3f1 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -113,9 +113,9 @@ trap cleanup 0 - - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) --TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" --ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" -+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")" -+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the --- -2.1.4 diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index 363203854f..0bb192cf0d 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb @@ -14,15 +14,14 @@ DEPENDS:class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" +SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/poky/meta/recipes-support/curl/curl_7.78.0.bb b/poky/meta/recipes-support/curl/curl_7.79.1.bb index dece0babb2..919777ce36 100644 --- a/poky/meta/recipes-support/curl/curl_7.78.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.79.1.bb @@ -11,9 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b" SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ -" + " -SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a" +SRC_URI[sha256sum] = "de62c4ab9a9316393962e8b94777a570bb9f71feb580fb4475e412f2f9387851" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_181.bb b/poky/meta/recipes-support/diffoscope/diffoscope_188.bb index 8b2f3cc826..d4fd112e37 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_181.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_188.bb @@ -12,7 +12,7 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[sha256sum] = "a295024acf713c58693c152f9a43fae268c08078f60ba502a7947b7840ece5d7" +SRC_URI[sha256sum] = "cdbc401c78d59779ad8ebbb8e2008166f912e77c7ed3be8dc788d36948712ff5" RDEPENDS:${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic python3-rpm" diff --git a/poky/meta/recipes-support/fribidi/fribidi_1.0.10.bb b/poky/meta/recipes-support/fribidi/fribidi_1.0.11.bb index b2ef77349a..7e4f29497b 100644 --- a/poky/meta/recipes-support/fribidi/fribidi_1.0.10.bb +++ b/poky/meta/recipes-support/fribidi/fribidi_1.0.11.bb @@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ " -SRC_URI[md5sum] = "97c87da9930e8e70fbfc8e2bcd031554" -SRC_URI[sha256sum] = "7f1c687c7831499bcacae5e8675945a39bacbad16ecaa945e9454a32df653c01" +SRC_URI[sha256sum] = "30f93e9c63ee627d1a2cedcf59ac34d45bf30240982f99e44c6e015466b4e73d" UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index ecd6263626..b58fbfe6f5 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 52ba9d34cd9317145ee8a93afd5d73dd0cbf3182 Mon Sep 17 00:00:00 2001 +From bdde1faa774753e29d582d79186e08a38597de9e Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 7a2d410..14a7203 100644 +index 5cdd316..e5f2d6a 100644 --- a/configure.ac +++ b/configure.ac -@@ -1841,7 +1841,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1962,7 +1962,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch index 9b0f0a8ce0..53679bf1d9 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From d6992692d1c36983b709fe1ff049cc91ef2c408a Mon Sep 17 00:00:00 2001 +From 766d37fe9acd9fdaaff9c094635e06b50c5902d7 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its @@ -7,83 +7,78 @@ Subject: [PATCH] Allow the environment to override where gnupg looks for its Upstream-Status: Inappropriate [OE-specific] Signed-off-by: Ross Burton <ross.burton@intel.com> +Signed-off-by: Alexander Kanavin <alex@linutronix.de> --- - common/homedir.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) + common/homedir.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common/homedir.c b/common/homedir.c -index 85e09c4..e1410e2 100644 +index 455c188..55049db 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -788,7 +788,7 @@ gnupg_socketdir (void) +@@ -1155,7 +1155,7 @@ gnupg_socketdir (void) if (!name) { unsigned int dummy; - name = _gnupg_socketdir_internal (0, &dummy); + name = getenv("GNUPG_SOCKETDIR") ?: _gnupg_socketdir_internal (0, &dummy); + gpgrt_annotate_leaked_object (name); } - return name; -@@ -814,7 +814,7 @@ gnupg_sysconfdir (void) - } - return name; - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_SYSCONFDIR; -+ return getenv("GNUPG_SYSCONFDIR") ?: GNUPG_SYSCONFDIR; - #endif /*!HAVE_W32_SYSTEM*/ - } - -@@ -843,7 +843,7 @@ gnupg_bindir (void) +@@ -1187,7 +1187,7 @@ gnupg_sysconfdir (void) + if (dir) + return dir; else - return rdir; - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_BINDIR; -+ return getenv("GNUPG_BINDIR") ?: GNUPG_BINDIR; +- return GNUPG_SYSCONFDIR; ++ return getenv("GNUPG_SYSCONFDIR") ?: GNUPG_SYSCONFDIR; #endif /*!HAVE_W32_SYSTEM*/ } -@@ -856,7 +856,7 @@ gnupg_libexecdir (void) - #ifdef HAVE_W32_SYSTEM - return gnupg_bindir (); - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_LIBEXECDIR; -+ return getenv("GNUPG_LIBEXECDIR") ?: GNUPG_LIBEXECDIR; +@@ -1223,7 +1223,7 @@ gnupg_bindir (void) + return name; + } + else +- return GNUPG_BINDIR; ++ return getenv("GNUPG_BINDIR") ?: GNUPG_BINDIR; #endif /*!HAVE_W32_SYSTEM*/ } -@@ -870,7 +870,7 @@ gnupg_libdir (void) - name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL); - return name; - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_LIBDIR; -+ return getenv("GNUPG_LIBDIR") ?: GNUPG_LIBDIR; +@@ -1250,7 +1250,7 @@ gnupg_libexecdir (void) + return name; + } + else +- return GNUPG_LIBEXECDIR; ++ return getenv("GNUPG_LIBEXECDIR") ?: GNUPG_LIBEXECDIR; #endif /*!HAVE_W32_SYSTEM*/ } -@@ -884,7 +884,7 @@ gnupg_datadir (void) - name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL); - return name; - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_DATADIR; -+ return getenv("GNUPG_DATADIR") ?: GNUPG_DATADIR; +@@ -1280,7 +1280,7 @@ gnupg_libdir (void) + return name; + } + else +- return GNUPG_LIBDIR; ++ return getenv("GNUPG_LIBDIR") ?: GNUPG_LIBDIR; #endif /*!HAVE_W32_SYSTEM*/ } -@@ -900,7 +900,7 @@ gnupg_localedir (void) - NULL); - return name; - #else /*!HAVE_W32_SYSTEM*/ -- return LOCALEDIR; -+ return getenv("LOCALEDIR") ?: LOCALEDIR; +@@ -1311,7 +1311,7 @@ gnupg_datadir (void) + return name; + } + else +- return GNUPG_DATADIR; ++ return getenv("GNUPG_DATADIR") ?: GNUPG_DATADIR; #endif /*!HAVE_W32_SYSTEM*/ } -@@ -971,7 +971,7 @@ gnupg_cachedir (void) +@@ -1343,7 +1343,7 @@ gnupg_localedir (void) + return name; } - return dir; - #else /*!HAVE_W32_SYSTEM*/ -- return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME; -+ return getenv("GNUPG_LOCALSTATEDIR") ?: GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME; + else +- return LOCALEDIR; ++ return getenv("LOCALEDIR") ?: LOCALEDIR; #endif /*!HAVE_W32_SYSTEM*/ } +-- +2.20.1 + diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.3.1.bb b/poky/meta/recipes-support/gnupg/gnupg_2.3.3.bb index 411ea9579d..5614ac6473 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.3.1.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.3.3.bb @@ -24,7 +24,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "c498db346a9b9a4b399e514c8f56dfc0a888ce8f327f10376ff984452cd154ec" +SRC_URI[sha256sum] = "5789b86da6a1a6752efb38598f16a77af51170a8494039c3842b085032e8e937" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.7.0.bb index 6dd9bfa24c..46988a7e80 100644 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.7.0.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" -SRCREV = "3c012d266acaeda93d3e61ec11b8c18c1964fce1" +SRCREV = "59767ed869f3952575f7d0f639a290a4c4b315e5" # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which # are inhibited by allarch diff --git a/poky/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch b/poky/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch index 19a858bd75..fdcbe46fed 100644 --- a/poky/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch +++ b/poky/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch @@ -1,4 +1,4 @@ -From 335ef14fc801c9dfbe7e5692dc71cfbe72049d2b Mon Sep 17 00:00:00 2001 +From c47820450ce7f55d22c672cf94d20a5f9fd208bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com> Date: Sun, 27 Oct 2019 16:38:52 +0100 Subject: [PATCH] Native: Don't use build time hardcoded python binary path. @@ -16,12 +16,13 @@ don't support it [2] Upstream-Status: Inappropriate [OE specific] Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> + --- itstool.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/itstool.in b/itstool.in -index e64cd34..05d264f 100755 +index c21ad4b..daea177 100755 --- a/itstool.in +++ b/itstool.in @@ -1,4 +1,4 @@ @@ -30,6 +31,3 @@ index e64cd34..05d264f 100755 # # Copyright (c) 2010-2018 Shaun McCance <shaunm@gnome.org> # --- -2.21.0 - diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.7.bb index eba53e728d..2416835d37 100644 --- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb +++ b/poky/meta/recipes-support/itstool/itstool_2.0.7.bb @@ -11,13 +11,13 @@ inherit autotools python3native DEPENDS = "libxml2-native" -SRC_URI = "http://files.itstool.org/${BPN}/${BPN}-${PV}.tar.bz2" +SRC_URI = "http://files.itstool.org/${BPN}/${BPN}-${PV}.tar.bz2 \ + " SRC_URI:append:class-native = " file://0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch" SRC_URI:append:class-nativesdk = " file://0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch" SRC_URI:append:class-target = " file://0002-Don-t-use-build-time-hardcoded-python-binary-path.patch" -SRC_URI[md5sum] = "4306eeba4f4aee6b393d14f9c3c57ca1" -SRC_URI[sha256sum] = "6233cc22726a9a5a83664bf67d1af79549a298c23185d926c3677afa917b92a9" +SRC_URI[sha256sum] = "6b9a7cd29a12bb95598f5750e8763cee78836a1a207f85b74d8b3275b27e87ca" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb index 74afe9c92f..d7aecc706c 100644 --- a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.10.bb +++ b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb @@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz" UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases" -SRC_URI[md5sum] = "90a78a84d9c28ce11f331c25289bfbd0" -SRC_URI[sha256sum] = "587edf60817f56daf1e1ab38a4b3c729b8e846ff67b4f62a6157183708f099af" +SRC_URI[sha256sum] = "f0ab566e25fce08b560e1feab6a3db01db4a38e5bc687804334ef3920c549f3e" S = "${WORKDIR}/libatomic_ops-${PV}" diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch new file mode 100644 index 0000000000..89f6bcd65f --- /dev/null +++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -0,0 +1,34 @@ +From 42b3e19d4e584fb9b47fb471e02bb25de90ac641 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 14 Oct 2021 15:57:36 +0800 +Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl + paths + +This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings +and lengths as well as ld.so.cache path in the dynamic loader to specific +sections in memory. The sections that contain paths have been allocated a 4096 +byte section, which is the maximum path length in linux. This will allow the +relocating script to parse the ELF binary, detect the section and easily replace +the strings in a certain path. + +Upstream-Status: Inappropriate [SDK specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + libcap/execable.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcap/execable.h b/libcap/execable.h +index 0bcc5d4..6e2a080 100644 +--- a/libcap/execable.h ++++ b/libcap/execable.h +@@ -23,7 +23,7 @@ + #endif + #define __EXECABLE_H + +-const char __execable_dl_loader[] __attribute((section(".interp"))) = ++const char __execable_dl_loader[4096] __attribute((section(".interp"))) = + SHARED_LOADER ; + + static void __execable_parse_args(int *argc_p, char ***argv_p) diff --git a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch deleted file mode 100644 index 55872aa8fa..0000000000 --- a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 897900f3f9084c5542097851323bba3f2691df20 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 15 Jan 2020 17:16:28 +0100 -Subject: [PATCH] tests: do not statically link a test - -This fails on e.g. centos 7 - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - progs/Makefile | 2 +- - tests/Makefile | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/progs/Makefile b/progs/Makefile -index 3e82862..48533f3 100644 ---- a/progs/Makefile -+++ b/progs/Makefile -@@ -49,7 +49,7 @@ capsh: capsh.c capshdoc.h.cf $(DEPS) - $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) - - tcapsh-static: capsh.c capshdoc.h.cf $(DEPS) -- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static -+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) - - uns_test: ../tests/uns_test.c - $(MAKE) -C ../tests uns_test -diff --git a/tests/Makefile b/tests/Makefile -index 4a5f2f9..4266d86 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes) - DEPS += ../libcap/libpsx.so - endif - else --LDFLAGS += --static -+LDFLAGS += - DEPS=../libcap/libcap.a - ifeq ($(PTHREADS),yes) - DEPS += ../libcap/libpsx.a -@@ -113,7 +113,7 @@ noexploit: exploit.o $(DEPS) - - # This one runs in a chroot with no shared library files. - noop: noop.c -- $(CC) $(CFLAGS) $< -o $@ --static -+ $(CC) $(CFLAGS) $< -o $@ - - clean: - rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~ --- -2.25.1 - diff --git a/poky/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/poky/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch index 69287152eb..20346cf2fb 100644 --- a/poky/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch +++ b/poky/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch @@ -1,4 +1,4 @@ -From 652071e430d5eea758965176b7648e79ad404daa Mon Sep 17 00:00:00 2001 +From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 20 Dec 2019 16:54:05 +0100 Subject: [PATCH] tests: do not run target executables @@ -11,20 +11,20 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile -index fc39fee..3431df9 100644 +index ecb7d1b..8950c73 100644 --- a/tests/Makefile +++ b/tests/Makefile -@@ -59,13 +59,11 @@ endif +@@ -61,13 +61,11 @@ endif # unprivileged run_psx_test: psx_test - ./psx_test psx_test: psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) run_libcap_psx_test: libcap_psx_test - ./libcap_psx_test libcap_psx_test: libcap_psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) diff --git a/poky/meta/recipes-support/libcap/libcap_2.51.bb b/poky/meta/recipes-support/libcap/libcap_2.60.bb index c9c30fb05f..030198c41b 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.51.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.60.bb @@ -12,9 +12,11 @@ DEPENDS = "hostperl-runtime-native gperf-native" SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ file://0002-tests-do-not-run-target-executables.patch \ - file://0001-tests-do-not-statically-link-a-test.patch \ " -SRC_URI[sha256sum] = "6609f3ab7aebcc8f9277f53a577c657d9f3056d1352ea623da7fd7c0f00890f9" +SRC_URI:append:class-nativesdk = " \ + file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ + " +SRC_URI[sha256sum] = "06a92076ce39a78bd28089e32085f1bde7f3bfa448fad37d895c2358f760b2eb" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" @@ -42,6 +44,7 @@ do_compile() { AR="${AR}" \ CC="${CC}" \ RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ COPTS="${CFLAGS}" \ BUILD_COPTS="${BUILD_CFLAGS}" } diff --git a/poky/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch b/poky/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch index 8a2c78983e..ddc19c495f 100644 --- a/poky/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch +++ b/poky/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch @@ -5,7 +5,7 @@ Subject: [PATCH] test: mark util/monotonic_prc_fallback as retriable Refs: #1193 -Upstream-status: Backported +Upstream-Status: Backport --- test/regress_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch b/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch index ae7db0b7aa..ea17e876ea 100644 --- a/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch +++ b/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch @@ -6,7 +6,7 @@ Subject: [PATCH] test: retriable tests are marked failed only when all Fixes: #1193 -Upstream-status: Pending +Upstream-Status: Accepted Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> --- diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch deleted file mode 100644 index 2a48844cb2..0000000000 --- a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch +++ /dev/null @@ -1,66 +0,0 @@ -From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 30 Dec 2020 10:22:47 +0800 -Subject: [PATCH] fixed another unsigned integer overflow - -first fixed by google in android fork, -https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 - -(use a more generic overflow check method, also check second overflow instance.) - -https://security-tracker.debian.org/tracker/CVE-2020-0198 - -Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c] -CVE: CVE-2020-0198 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - libexif/exif-data.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index 8b280d3..34d58fc 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -47,6 +47,8 @@ - #undef JPEG_MARKER_APP1 - #define JPEG_MARKER_APP1 0xe1 - -+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) -+ - static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; - - struct _ExifDataPrivate -@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); - return; - } -- if (s > ds - o) { -+ if (CHECKOVERFLOW(o,ds,s)) { - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); - return; - } -@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - } - - /* Read the number of entries */ -- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { -+ if (CHECKOVERFLOW(offset, ds, 2)) { - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", -- "Tag data past end of buffer (%u > %u)", offset+2, ds); -+ "Tag data past end of buffer (%u+2 > %u)", offset, ds); - return; - } - n = exif_get_short (d + offset, data->priv->order); -@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - offset += 2; - - /* Check if we have enough data. */ -- if (offset + 12 * n > ds) { -+ if (CHECKOVERFLOW(offset, ds, 12*n)) { - n = (ds - offset) / 12; - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "Short data; only loading %hu entries...", n); --- -2.17.1 - diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch deleted file mode 100644 index a117b8b369..0000000000 --- a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 30 Dec 2020 10:18:51 +0800 -Subject: [PATCH] fixed a incorrect overflow check that could be optimized - away. - -inspired by: -https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b - -https://source.android.com/security/bulletin/2020-11-01 - -CVE-2020-0452 - -Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06] -CVE: CVE-2020-0452 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - libexif/exif-entry.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c -index 5de215f..3a6ce84 100644 ---- a/libexif/exif-entry.c -+++ b/libexif/exif-entry.c -@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) - { - unsigned char *utf16; - -- /* Sanity check the size to prevent overflow */ -- if (e->size+sizeof(uint16_t)+1 < e->size) break; -+ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */ -+ if (e->size >= 65536 - sizeof(uint16_t)*2) break; - - /* The tag may not be U+0000-terminated , so make a local - U+0000-terminated copy before converting it */ --- -2.17.1 - diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.23.bb index 9ca96d548c..b33522dfc4 100644 --- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb +++ b/poky/meta/recipes-support/libexif/libexif_0.6.23.bb @@ -10,12 +10,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" def version_underscore(v): return "_".join(v.split(".")) -SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \ - file://CVE-2020-0198.patch \ - file://CVE-2020-0452.patch \ +SRC_URI = "https://github.com/libexif/libexif/releases/download/v${PV}/libexif-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56" +SRC_URI[sha256sum] = "a740a99920eb81ae0aa802bb46e683ce6e0cde061c210f5d5bde5b8572380431" UPSTREAM_CHECK_URI = "https://github.com/libexif/libexif/releases/" diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb b/poky/meta/recipes-support/libgit2/libgit2_1.3.0.bb index ae30a7a100..bf625c325d 100644 --- a/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb +++ b/poky/meta/recipes-support/libgit2/libgit2_1.3.0.bb @@ -1,12 +1,12 @@ SUMMARY = "the Git linkable library" HOMEPAGE = "http://libgit2.github.com/" -LICENSE = "GPL-2.0-with-GCC-exception & MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e" +LICENSE = "GPL-2.0-with-GCC-exception & MIT & openssl" +LIC_FILES_CHKSUM = "file://COPYING;md5=73fa96e40ce64f79bab087c7e1deeacd" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1" -SRCREV = "8a0dc6783c340e61a44c179c48f832165ad2053c" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main" +SRCREV = "b7bad55e4bb0a285b073ba5e02b01d3f522fc95d" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/libical/libical_3.0.10.bb b/poky/meta/recipes-support/libical/libical_3.0.11.bb index aa5f11e817..b16081e9e2 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.10.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.11.bb @@ -14,12 +14,12 @@ SECTION = "libs" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ " -SRC_URI[sha256sum] = "f933b3e6cf9d56a35bb5625e8e4a9c3a50239a85aea05ed842932c1a1dc336b4" +SRC_URI[sha256sum] = "1e6c5e10c5a48f7a40c68958055f0e2759d9ab3563aca17273fe35a5df7dbbf1" UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases" inherit cmake pkgconfig -DEPENDS:append:class-target = "libical-native" +DEPENDS:append:class-target = " libical-native" PACKAGECONFIG ??= "icu glib" PACKAGECONFIG[bdb] = ",-DCMAKE_DISABLE_FIND_PACKAGE_BDB=True,db" diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch b/poky/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch deleted file mode 100644 index 3290ff7b18..0000000000 --- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 905333229103510e9dee2fec29b261ccedb031d0 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Fri, 20 Aug 2021 19:37:04 +0000 -Subject: [PATCH] Makefile: restore build reproducibility - -wildcards result in an unpredictable order, and thus different binary outputs -in otherwise identical builds. - -Upstream-Status: Submitted [https://github.com/smuellerDD/jitterentropy-library/pull/67] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 42932d8..dfb96a8 100644 ---- a/Makefile -+++ b/Makefile -@@ -36,7 +36,7 @@ LIBMINOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MINVERS - LIBPATCH=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep PATCHLEVEL | awk '{print $$3}') - LIBVERSION := $(LIBMAJOR).$(LIBMINOR).$(LIBPATCH) - --C_SRCS := $(wildcard $(SRCDIR)/*.c) -+C_SRCS := $(sort $(wildcard $(SRCDIR)/*.c)) - C_OBJS := ${C_SRCS:.c=.o} - OBJS := $(C_OBJS) - diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.3.0.bb index d9fbb5e9d6..dae2fb1791 100644 --- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb +++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.3.0.bb @@ -9,14 +9,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \ file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \ - file://0001-Makefile-restore-build-reproducibility.patch \ - " -SRCREV = "409828cfccf4b3b07edc40a7840a821ce074e2c3" +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git" +SRCREV = "418c1e64231255aec2167cbb20aab62a0863415d" S = "${WORKDIR}/git" # remove at next version upgrade or when output changes -PR = "r1" HASHEQUIV_HASH_VERSION .= ".2" do_configure[noexec] = "1" diff --git a/poky/meta/recipes-support/libmd/libmd_1.0.3.bb b/poky/meta/recipes-support/libmd/libmd_1.0.4.bb index 2e6762e490..b93dc2d78d 100644 --- a/poky/meta/recipes-support/libmd/libmd_1.0.3.bb +++ b/poky/meta/recipes-support/libmd/libmd_1.0.4.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=0436d4fb62a71f661d6e8b7812f9e1df" SRC_URI = "https://archive.hadrons.org/software/libmd/libmd-${PV}.tar.xz" -SRC_URI[sha256sum] = "5a02097f95cc250a3f1001865e4dbba5f1d15554120f95693c0541923c52af4a" +SRC_URI[sha256sum] = "f51c921042e34beddeded4b75557656559cf5b1f2448033b4c1eec11c07e530f" inherit autotools diff --git a/poky/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch b/poky/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch index 62bd61fb56..2fd22b1aa2 100644 --- a/poky/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch +++ b/poky/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch @@ -1,18 +1,18 @@ -From 6d127a0463ea2d7bb5021562678324e28e0407e5 Mon Sep 17 00:00:00 2001 +From e99b00a78acaf80236cba8b3fabaebdb3ef1987b Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 8 Jun 2021 19:45:34 -0700 -Subject: [PATCH 1/2] arch: Add riscv32 architecture support +Subject: [PATCH 1/4] arch: Add riscv32 architecture support Support for rv32 was upstreamed into 5.4+ kernel - Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327] + Signed-off-by: Khem Raj <raj.khem@gmail.com> --- CREDITS | 1 + README.md | 1 + doc/man/man1/scmp_sys_resolver.1 | 2 +- doc/man/man3/seccomp_arch_add.3 | 1 + - include/seccomp-syscalls.h | 31 ++++++++++++++++++ + include/seccomp-syscalls.h | 32 +++++++++++++++++++ include/seccomp.h.in | 9 ++++++ src/Makefile.am | 1 + src/arch-riscv32.c | 31 ++++++++++++++++++ @@ -24,7 +24,6 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> src/python/libseccomp.pxd | 1 + src/python/seccomp.pyx | 2 ++ src/syscalls.c | 1 + - src/syscalls.csv | 2 +- src/syscalls.h | 2 ++ src/system.c | 1 + tests/15-basic-resolver.c | 1 + @@ -40,12 +39,12 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> tools/scmp_bpf_sim.c | 2 ++ tools/util.c | 6 +++- tools/util.h | 7 ++++ - 32 files changed, 208 insertions(+), 7 deletions(-) + 31 files changed, 208 insertions(+), 6 deletions(-) create mode 100644 src/arch-riscv32.c create mode 100644 src/arch-riscv32.h diff --git a/CREDITS b/CREDITS -index d6bbc2a..ad2f7e0 100644 +index b685712..c1ffdb3 100644 --- a/CREDITS +++ b/CREDITS @@ -33,6 +33,7 @@ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> @@ -55,9 +54,9 @@ index d6bbc2a..ad2f7e0 100644 +Khem Raj <raj.khem@gmail.com> Kyle R. Conway <kyle.r.conway@gmail.com> Kenta Tada <Kenta.Tada@sony.com> - Luca Bruno <lucab@debian.org> + Kir Kolyshkin <kolyshkin@gmail.com> diff --git a/README.md b/README.md -index ba02186..2cd718f 100644 +index 579f226..8199a71 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ The libseccomp library currently supports the architectures listed below: @@ -67,7 +66,7 @@ index ba02186..2cd718f 100644 +* 32-bit RISC-V (riscv32) * 32-bit SuperH big endian (sheb) * 32-bit SuperH (sh) - + diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1 index 267187b..fc68d18 100644 --- a/doc/man/man1/scmp_sys_resolver.1 @@ -94,93 +93,94 @@ index 7baa21e..8966b3a 100644 .sp .BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");" diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h -index c694db1..c6ea5ca 100644 +index 476f953..4ff814c 100644 --- a/include/seccomp-syscalls.h +++ b/include/seccomp-syscalls.h -@@ -275,6 +275,13 @@ - #define __PNR_ppoll -10241 +@@ -276,6 +276,14 @@ #define __PNR_renameat -10242 #define __PNR_riscv_flush_icache -10243 -+#define __PNR_fstat -10244 -+#define __PNR_futex -10245 -+#define __PNR_nanosleep -10246 -+#define __PNR_lseek -10247 -+#define __PNR_clock_gettime -10248 -+#define __PNR_clock_nanosleep -10249 -+#define __PNR_gettimeofday -10250 - + #define __PNR_memfd_secret -10244 ++#define __PNR_fstat -10245 ++#define __PNR_futex -10246 ++#define __PNR_nanosleep -10247 ++#define __PNR_lseek -10248 ++#define __PNR_clock_gettime -10249 ++#define __PNR_clock_nanosleep -10250 ++#define __PNR_gettimeofday -10251 ++#define __PNR_fcntl -10252 + /* * libseccomp syscall definitions -@@ -442,7 +449,11 @@ +@@ -443,7 +451,11 @@ #define __SNR_clock_getres_time64 __PNR_clock_getres_time64 #endif - + +#ifdef __NR_clock_gettime #define __SNR_clock_gettime __NR_clock_gettime +#else +#define __SNR_clock_gettime __PNR_clock_gettime +#endif - + #ifdef __NR_clock_gettime64 #define __SNR_clock_gettime64 __NR_clock_gettime64 -@@ -450,7 +461,11 @@ +@@ -451,7 +463,11 @@ #define __SNR_clock_gettime64 __PNR_clock_gettime64 #endif - + +#ifdef __NR_clock_nanosleep #define __SNR_clock_nanosleep __NR_clock_nanosleep +#else +#define __SNR_clock_nanosleep __PNR_clock_nanosleep +#endif - + #ifdef __NR_clock_nanosleep_time64 #define __SNR_clock_nanosleep_time64 __NR_clock_nanosleep_time64 -@@ -710,7 +725,11 @@ +@@ -713,7 +729,11 @@ #define __SNR_ftruncate64 __PNR_ftruncate64 #endif - + +#ifdef __NR_futex #define __SNR_futex __NR_futex +#else +#define __SNR_futex __PNR_futex +#endif - + #ifdef __NR_futex_time64 #define __SNR_futex_time64 __NR_futex_time64 -@@ -896,7 +915,11 @@ - +@@ -899,7 +919,11 @@ + #define __SNR_gettid __NR_gettid - + +#ifdef __NR_gettimeofday #define __SNR_gettimeofday __NR_gettimeofday +#else +#define __SNR_gettimeofday __PNR_gettimeofday +#endif - + #ifdef __NR_getuid #define __SNR_getuid __NR_getuid -@@ -1046,7 +1069,11 @@ - +@@ -1049,7 +1073,11 @@ + #define __SNR_lremovexattr __NR_lremovexattr - + +#ifdef __NR_lseek #define __SNR_lseek __NR_lseek +#else +#define __SNR_lseek __PNR_lseek +#endif - + #define __SNR_lsetxattr __NR_lsetxattr - -@@ -1218,7 +1245,11 @@ - + +@@ -1227,7 +1255,11 @@ + #define __SNR_name_to_handle_at __NR_name_to_handle_at - + +#ifdef __NR_nanosleep #define __SNR_nanosleep __NR_nanosleep +#else +#define __SNR_nanosleep __PNR_nanosleep +#endif - + #ifdef __NR_newfstatat #define __SNR_newfstatat __NR_newfstatat diff --git a/include/seccomp.h.in b/include/seccomp.h.in @@ -201,14 +201,14 @@ index 333a89c..2e911db 100644 + #define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64 +#define SCMP_ARCH_RISCV32 AUDIT_ARCH_RISCV32 - + /** * The SuperH architecture tokens diff --git a/src/Makefile.am b/src/Makefile.am -index 7b59810..7961925 100644 +index 04e7ba5..a30bbc0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am -@@ -44,6 +44,7 @@ SOURCES_ALL = \ +@@ -40,6 +40,7 @@ SOURCES_ALL = \ arch-ppc.h arch-ppc.c \ arch-ppc64.h arch-ppc64.c \ arch-riscv64.h arch-riscv64.c \ @@ -218,7 +218,7 @@ index 7b59810..7961925 100644 arch-sh.h arch-sh.c \ diff --git a/src/arch-riscv32.c b/src/arch-riscv32.c new file mode 100644 -index 0000000..53b3126 +index 0000000..10418f4 --- /dev/null +++ b/src/arch-riscv32.c @@ -0,0 +1,31 @@ @@ -248,8 +248,8 @@ index 0000000..53b3126 + .token_bpf = AUDIT_ARCH_RISCV32, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_LITTLE, -+ .syscall_resolve_name = riscv32_syscall_resolve_name, -+ .syscall_resolve_num = riscv32_syscall_resolve_num, ++ .syscall_resolve_name_raw = riscv32_syscall_resolve_name, ++ .syscall_resolve_num_raw = riscv32_syscall_resolve_num, + .syscall_rewrite = NULL, + .rule_add = NULL, +}; @@ -310,7 +310,7 @@ index 68bebef..85c7f3d 100755 @@ -519,6 +519,49 @@ function dump_lib_riscv64() { dump_lib_arch riscv64 | mangle_lib_syscall riscv64 } - + +# +# Dump the riscv32 system syscall table +# @@ -385,9 +385,9 @@ index 68bebef..85c7f3d 100755 + abi_list+=" riscv32 riscv64" abi_list+=" s390 s390x" abi_list+=" sh" - + diff --git a/src/arch.c b/src/arch.c -index 6ab922f..acf80af 100644 +index 921e455..07935a9 100644 --- a/src/arch.c +++ b/src/arch.c @@ -43,6 +43,7 @@ @@ -453,10 +453,10 @@ index 0629bf1..000d503 100644 SCMP_ARCH_S390X + SCMP_ARCH_RISCV32 SCMP_ARCH_RISCV64 - + cdef enum scmp_filter_attr: diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx -index 1a9eb24..c94ad1d 100644 +index 2eeabc1..2895d78 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -214,6 +214,7 @@ cdef class Arch: @@ -466,36 +466,29 @@ index 1a9eb24..c94ad1d 100644 + RISCV32 - 32-bit RISC-V RISCV64 - 64-bit RISC-V """ - + @@ -238,6 +239,7 @@ cdef class Arch: PPC64LE = libseccomp.SCMP_ARCH_PPC64LE S390 = libseccomp.SCMP_ARCH_S390 S390X = libseccomp.SCMP_ARCH_S390X + RISCV32 = libseccomp.SCMP_ARCH_RISCV32 RISCV64 = libseccomp.SCMP_ARCH_RISCV64 - + def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE): diff --git a/src/syscalls.c b/src/syscalls.c -index ddb84fa..34e08d9 100644 +index faddff0..15952ce 100644 --- a/src/syscalls.c +++ b/src/syscalls.c -@@ -55,3 +55,4 @@ ARCH_DEF(sh) +@@ -59,6 +59,7 @@ ARCH_DEF(sh) ARCH_DEF(x32) ARCH_DEF(x86) ARCH_DEF(riscv64) +ARCH_DEF(riscv32) -diff --git a/src/syscalls.csv b/src/syscalls.csv -index fbd1058..0ee6c15 100644 ---- a/src/syscalls.csv -+++ b/src/syscalls.csv -@@ -1,4 +1,4 @@ --#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x,sh -+#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh - accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,PNR,PNR,344 - accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,364,364,358 - access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,33,33,33 + + /** + * Resolve a syscall name to a number diff --git a/src/syscalls.h b/src/syscalls.h -index 4f959af..49887ba 100644 +index 58a788c..c6b5db5 100644 --- a/src/syscalls.h +++ b/src/syscalls.h @@ -28,6 +28,7 @@ @@ -503,7 +496,7 @@ index 4f959af..49887ba 100644 #include "arch-x86.h" #include "arch-riscv64.h" +#include "arch-riscv32.h" - + /* NOTE: changes to the arch_syscall_table layout may require changes to the * generate_syscalls_perf.sh and arch-syscall-validate scripts */ @@ -49,6 +50,7 @@ struct arch_syscall_table { @@ -527,7 +520,7 @@ index ae445bf..063e6be 100644 break; default: diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c -index 2679270..57092f3 100644 +index c759dd1..fd94dbf 100644 --- a/tests/15-basic-resolver.c +++ b/tests/15-basic-resolver.c @@ -45,6 +45,7 @@ unsigned int arch_list[] = { @@ -536,8 +529,8 @@ index 2679270..57092f3 100644 SCMP_ARCH_PARISC64, + SCMP_ARCH_RISCV32, SCMP_ARCH_RISCV64, + SCMP_ARCH_SH, -1 - }; diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c index 4fcbb5c..662e081 100644 --- a/tests/16-sim-arch_basic.c @@ -587,7 +580,7 @@ index 08f030c..ec73224 100644 + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv32")); if (rc != 0) goto out; - + diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py index 12bb243..1eebc20 100755 --- a/tests/23-sim-arch_all_le_basic.py @@ -622,10 +615,10 @@ index 77a5b89..2e860bf 100755 "ppc64le", + "riscv32", "riscv64"] - + def test_arch(arch, init): diff --git a/tests/regression b/tests/regression -index 53dab75..2869629 100755 +index d28b848..057ff67 100755 --- a/tests/regression +++ b/tests/regression @@ -26,7 +26,7 @@ GLBL_ARCH_LE_SUPPORT=" \ @@ -644,9 +637,9 @@ index 53dab75..2869629 100755 + riscv32 \ s390 \ sheb sh" - -@@ -785,7 +786,7 @@ function run_test_live() { - + +@@ -801,7 +802,7 @@ function run_test_live() { + # setup the arch specific return values case "$arch" in - x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb) @@ -669,10 +662,10 @@ index b6bd2bb..7789970 100644 printf("unknown\n"); } diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c -index b95cdeb..49a89c7 100644 +index b682de7..4f759fc 100644 --- a/tools/scmp_bpf_disasm.c +++ b/tools/scmp_bpf_disasm.c -@@ -510,6 +510,8 @@ int main(int argc, char *argv[]) +@@ -508,6 +508,8 @@ int main(int argc, char *argv[]) arch = AUDIT_ARCH_S390X; else if (strcmp(optarg, "riscv64") == 0) arch = AUDIT_ARCH_RISCV64; @@ -719,7 +712,7 @@ index 6c2ca33..4d16e38 100644 @@ -79,6 +79,13 @@ #define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #endif /* AUDIT_ARCH_RISCV64 */ - + +#ifndef AUDIT_ARCH_RISCV32 +#ifndef EM_RISCV +#define EM_RISCV 243 @@ -728,7 +721,8 @@ index 6c2ca33..4d16e38 100644 +#endif /* AUDIT_ARCH_RISCV32 */ + extern uint32_t arch; - + uint16_t ttoh16(uint32_t arch, uint16_t val); --- -2.32.0 +-- +2.33.0 + diff --git a/poky/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch b/poky/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch new file mode 100644 index 0000000000..511d4576fc --- /dev/null +++ b/poky/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch @@ -0,0 +1,28 @@ +From e016ce3949caf34ee0f8fc6d976c52eb2fb019ce Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 28 Jul 2021 11:03:24 -0700 +Subject: [PATCH 2/4] man: Add RISCV64 to arch list + +Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + doc/man/man1/scmp_sys_resolver.1 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1 +index fc68d18..74d8a8a 100644 +--- a/doc/man/man1/scmp_sys_resolver.1 ++++ b/doc/man/man1/scmp_sys_resolver.1 +@@ -36,7 +36,7 @@ The architecture to use for resolving the system call. Valid + .I ARCH + values are "x86", "x86_64", "x32", "arm", "aarch64", "mips", "mipsel", "mips64", + "mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64", +-"ppc64le", "riscv32", "s390", "s390x", "sheb" and "sh". ++"ppc64le", "riscv64", "riscv32", "s390", "s390x", "sheb" and "sh". + .TP + .B \-t + If necessary, translate the system call name to the proper system call number, +-- +2.33.0 + diff --git a/poky/meta/recipes-support/libseccomp/files/0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch b/poky/meta/recipes-support/libseccomp/files/0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch index 7ca861a7b2..150d9bd3a7 100644 --- a/poky/meta/recipes-support/libseccomp/files/0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch +++ b/poky/meta/recipes-support/libseccomp/files/0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch @@ -1,46 +1,22 @@ -From ee4aba3f59b4bf52a74cb3917e64c704250de8ef Mon Sep 17 00:00:00 2001 +From 54d8136679f4a1238397f7b7a8b3e8cf4626f018 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 8 Jun 2021 20:42:19 -0700 -Subject: [PATCH 2/2] Regenerate syscall cvs file from 5.13-rc5 kernel +Date: Thu, 30 Sep 2021 21:35:15 -0700 +Subject: [PATCH 3/4] syscalls: update the syscall defs for Linux v5.15.0-rc3 +Include RISCV32 arch as well Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327] + Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - include/seccomp-syscalls.h | 7 + - src/syscalls.csv | 952 +++++++++++++++++++------------------ - 2 files changed, 485 insertions(+), 474 deletions(-) - -diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h -index c6ea5ca..b7651bf 100644 ---- a/include/seccomp-syscalls.h -+++ b/include/seccomp-syscalls.h -@@ -282,6 +282,7 @@ - #define __PNR_clock_gettime -10248 - #define __PNR_clock_nanosleep -10249 - #define __PNR_gettimeofday -10250 -+#define __PNR_quotactl_path -10251 + src/syscalls.csv | 959 ++++++++++++++++++++++++----------------------- + 1 file changed, 480 insertions(+), 479 deletions(-) - /* - * libseccomp syscall definitions -@@ -1547,6 +1548,12 @@ - #define __SNR_riscv_flush_icache __PNR_riscv_flush_icache - #endif - -+#ifdef __NR_quotactl_path -+#define __SNR_quotactl_path __NR_quotactl_path -+#else -+#define __SNR_quotactl_path __PNR_quotactl_path -+#endif -+ - #ifdef __NR_rmdir - #define __SNR_rmdir __NR_rmdir - #else diff --git a/src/syscalls.csv b/src/syscalls.csv -index 0ee6c15..eec8d21 100644 +index 5bd0c9f..37ddb3d 100644 --- a/src/syscalls.csv +++ b/src/syscalls.csv -@@ -1,474 +1,478 @@ --#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh +@@ -1,479 +1,480 @@ +-#syscall (v5.14.0-rc7 2021-08-23),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x,sh -accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,PNR,PNR,344 -accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,364,364,358 -access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,33,33,33 @@ -210,6 +186,9 @@ index 0ee6c15..eec8d21 100644 -kexec_load,283,246,528,347,104,311,270,274,300,300,268,268,104,277,277,283 -keyctl,288,250,250,311,219,282,241,245,266,266,271,271,219,280,280,287 -kill,37,62,62,37,129,37,60,60,37,37,37,37,129,37,37,37 +-landlock_add_rule,445,445,445,445,445,445,445,445,445,445,445,445,445,445,445,445 +-landlock_create_ruleset,444,444,444,444,444,444,444,444,444,444,444,444,444,444,444,444 +-landlock_restrict_self,446,446,446,446,446,446,446,446,446,446,446,446,446,446,446,446 -lchown,16,94,94,16,PNR,16,92,92,16,16,16,16,PNR,16,198,16 -lchown32,198,PNR,PNR,198,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,198,PNR,198 -lgetxattr,230,192,192,230,9,228,184,184,242,242,213,213,9,228,228,230 @@ -230,6 +209,7 @@ index 0ee6c15..eec8d21 100644 -mbind,274,237,237,319,235,268,227,231,260,260,259,259,235,268,268,274 -membarrier,375,324,324,389,283,358,318,322,343,343,365,365,283,356,356,378 -memfd_create,356,319,319,385,279,354,314,318,340,340,360,360,279,350,350,374 +-memfd_secret,447,447,447,PNR,447,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR -migrate_pages,294,256,256,400,238,287,246,250,272,272,258,258,238,287,287,294 -mincore,218,27,27,219,232,217,26,26,72,72,206,206,232,218,218,218 -mkdir,39,83,83,39,PNR,39,81,81,39,39,39,39,PNR,39,39,39 @@ -319,6 +299,7 @@ index 0ee6c15..eec8d21 100644 -pwritev2,379,328,547,393,287,362,322,326,348,348,381,381,287,377,377,382 -query_module,167,178,PNR,PNR,PNR,187,171,171,PNR,PNR,166,166,PNR,167,167,PNR -quotactl,131,179,179,131,60,131,172,172,131,131,131,131,60,131,131,131 +-quotactl_fd,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443 -read,3,0,0,3,63,3,0,0,3,3,3,3,63,3,3,3 -readahead,225,187,187,225,213,223,179,179,207,207,191,191,213,222,222,225 -readdir,89,PNR,PNR,PNR,PNR,89,PNR,PNR,PNR,PNR,89,89,PNR,89,89,89 @@ -514,7 +495,7 @@ index 0ee6c15..eec8d21 100644 -waitpid,7,PNR,PNR,PNR,PNR,7,PNR,PNR,7,7,7,7,PNR,PNR,PNR,7 -write,4,1,1,4,64,4,1,1,4,4,4,4,64,4,4,4 -writev,146,20,516,146,66,146,19,19,146,146,146,146,66,146,146,146 -+#syscall (v5.13.0-rc5 2021-06-09),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh ++#syscall (v5.15.0-rc3 2021-10-01),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh +accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,202,PNR,PNR,344 +accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,242,364,364,358 +access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,PNR,33,33,33 @@ -707,6 +688,7 @@ index 0ee6c15..eec8d21 100644 +mbind,274,237,237,319,235,268,227,231,260,260,259,259,235,235,268,268,274 +membarrier,375,324,324,389,283,358,318,322,343,343,365,365,283,283,356,356,378 +memfd_create,356,319,319,385,279,354,314,318,340,340,360,360,279,279,350,350,374 ++memfd_secret,447,447,447,PNR,447,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR +migrate_pages,294,256,256,400,238,287,246,250,272,272,258,258,238,238,287,287,294 +mincore,218,27,27,219,232,217,26,26,72,72,206,206,232,232,218,218,218 +mkdir,39,83,83,39,PNR,39,81,81,39,39,39,39,PNR,PNR,39,39,39 @@ -783,6 +765,7 @@ index 0ee6c15..eec8d21 100644 +preadv2,378,327,546,392,286,361,321,325,347,347,380,380,286,286,376,376,381 +prlimit64,340,302,302,369,261,338,297,302,321,321,325,325,261,261,334,334,339 +process_madvise,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440 ++process_mrelease,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448 +process_vm_readv,347,310,539,376,270,345,304,309,330,330,351,351,270,270,340,340,365 +process_vm_writev,348,311,540,377,271,346,305,310,331,331,352,352,271,271,341,341,366 +prof,44,PNR,PNR,PNR,PNR,44,PNR,PNR,PNR,PNR,44,44,PNR,PNR,PNR,PNR,PNR @@ -796,7 +779,7 @@ index 0ee6c15..eec8d21 100644 +pwritev2,379,328,547,393,287,362,322,326,348,348,381,381,287,287,377,377,382 +query_module,167,178,PNR,PNR,PNR,187,171,171,PNR,PNR,166,166,PNR,PNR,167,167,PNR +quotactl,131,179,179,131,60,131,172,172,131,131,131,131,60,60,131,131,131 -+quotactl_path,PNR,PNR,PNR,PNR,443,PNR,PNR,PNR,PNR,PNR,PNR,PNR,443,443,PNR,PNR,PNR ++quotactl_fd,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443 +read,3,0,0,3,63,3,0,0,3,3,3,3,63,63,3,3,3 +readahead,225,187,187,225,213,223,179,179,207,207,191,191,213,213,222,222,225 +readdir,89,PNR,PNR,PNR,PNR,89,PNR,PNR,PNR,PNR,89,89,PNR,PNR,89,89,89 @@ -992,5 +975,6 @@ index 0ee6c15..eec8d21 100644 +waitpid,7,PNR,PNR,PNR,PNR,7,PNR,PNR,7,7,7,7,PNR,PNR,PNR,PNR,7 +write,4,1,1,4,64,4,1,1,4,4,4,4,64,64,4,4,4 +writev,146,20,516,146,66,146,19,19,146,146,146,146,66,66,146,146,146 --- -2.32.0 +-- +2.33.0 + diff --git a/poky/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch b/poky/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch new file mode 100644 index 0000000000..bedf74844e --- /dev/null +++ b/poky/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch @@ -0,0 +1,40 @@ +From d59e03b5a82b3e0debc3a3c77270bd160f4309f9 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 8 Jun 2021 20:42:19 -0700 +Subject: [PATCH 4/4] syscalls: Add quotactl_path + +Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + include/seccomp-syscalls.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h +index 4ff814c..dd347d3 100644 +--- a/include/seccomp-syscalls.h ++++ b/include/seccomp-syscalls.h +@@ -284,6 +284,7 @@ + #define __PNR_clock_nanosleep -10250 + #define __PNR_gettimeofday -10251 + #define __PNR_fcntl -10252 ++#define __PNR_quotactl_path -10253 + + /* + * libseccomp syscall definitions +@@ -1557,6 +1558,12 @@ + #define __SNR_riscv_flush_icache __PNR_riscv_flush_icache + #endif + ++#ifdef __NR_quotactl_path ++#define __SNR_quotactl_path __NR_quotactl_path ++#else ++#define __SNR_quotactl_path __PNR_quotactl_path ++#endif ++ + #ifdef __NR_rmdir + #define __SNR_rmdir __NR_rmdir + #else +-- +2.33.0 + diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.2.bb index 74bface4a1..3ec6f135c5 100644 --- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb +++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.2.bb @@ -8,12 +8,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357c DEPENDS += "gperf-native" PV .= "+git${SRCPV}" -SRCREV = "5822e50c2920ce597d038077dea4a0eedf193f86" +SRCREV = "2457dec1a90101d720e89e8027376742e2f3c327" SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main \ file://0001-configure.ac-Bump-version-to-2.5.99.patch \ file://0001-arch-Add-riscv32-architecture-support.patch \ - file://0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch \ + file://0002-man-Add-RISCV64-to-arch-list.patch \ + file://0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch \ + file://0004-syscalls-Add-quotactl_path.patch \ file://run-ptest \ " diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.0.bb index e888202b77..ea34373a67 100644 --- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb +++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.0.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl" SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz" -SRC_URI[sha256sum] = "170c3f8446b0f65f8e4b93603349172b1085fb8917c181d10962f02bb85f5387" +SRC_URI[sha256sum] = "33b1d4e0d639456c675c227877e94a8078d731233e2d57689c11abcef7d3c48e" CVE_PRODUCT = "libsoup" @@ -20,6 +20,8 @@ S = "${WORKDIR}/libsoup-${PV}" inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc +UPSTREAM_CHECK_REGEX = "libsoup-(?P<pver>2(\.(?!99)\d+)+)\.tar" + GIR_MESON_ENABLE_FLAG = 'enabled' GIR_MESON_DISABLE_FLAG = 'disabled' diff --git a/poky/meta/recipes-support/libsoup/libsoup_3.0.1.bb b/poky/meta/recipes-support/libsoup/libsoup_3.0.1.bb new file mode 100644 index 0000000000..1e4d3b272b --- /dev/null +++ b/poky/meta/recipes-support/libsoup/libsoup_3.0.1.bb @@ -0,0 +1,44 @@ +SUMMARY = "An HTTP library implementation in C" +DESCRIPTION = "libsoup is an HTTP client/server library for GNOME. It uses GObjects \ +and the glib main loop, to integrate well with GNOME applications." +HOMEPAGE = "https://wiki.gnome.org/Projects/libsoup" +BUGTRACKER = "https://bugzilla.gnome.org/" +SECTION = "x11/gnome/libs" +LICENSE = "LGPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2" + +SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" + +SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz" +SRC_URI[sha256sum] = "6f0c316d10f8458b96f564c7644be3c2011bd75ad5054c8db26afb0c9a91bc47" + +PROVIDES = "libsoup-3.0" +CVE_PRODUCT = "libsoup" + +S = "${WORKDIR}/libsoup-${PV}" + +inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc + +GIR_MESON_ENABLE_FLAG = 'enabled' +GIR_MESON_DISABLE_FLAG = 'disabled' + +# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable by default. +PACKAGECONFIG ??= "" +PACKAGECONFIG[gssapi] = "-Dgssapi=enabled,-Dgssapi=disabled,krb5" + +EXTRA_OEMESON:append = " -Dvapi=disabled -Dtls_check=false" + +GTKDOC_MESON_OPTION = "gtk_doc" + +# When built without gnome support, libsoup will contain only one shared lib +# and will therefore become subject to renaming by debian.bbclass. Prevent +# renaming in order to keep the package name consistent regardless of whether +# gnome support is enabled or disabled. +DEBIAN_NOAUTONAME:${PN} = "1" + +# glib-networking is needed for SSL, proxies, etc. +RRECOMMENDS:${PN} = "glib-networking" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch index 5ff9bf8462..b1204e49eb 100644 --- a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch +++ b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch @@ -1,4 +1,4 @@ -From f9e3e2ee7b18ba5bb8efe083171f3e701eb0a663 Mon Sep 17 00:00:00 2001 +From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001 From: Your Name <you@example.com> Date: Mon, 28 Dec 2020 02:08:03 +0000 Subject: [PATCH] Don't let host enviroment to decide if a test is build @@ -9,6 +9,7 @@ don't use SSHD on host to decide weither to build a test Upstream-Status: Inappropriate[oe specific] Signed-off-by: Changqing Li <changqing.li@windriver.com> + --- tests/Makefile.am | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) @@ -41,6 +42,3 @@ index dc0922f..6cbc35d 100644 -endif \ No newline at end of file +endif --- -2.20.1 - diff --git a/poky/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch b/poky/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch deleted file mode 100644 index 1128c7ea0c..0000000000 --- a/poky/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch +++ /dev/null @@ -1,30 +0,0 @@ -From efe7101786193eaddb749c0583af6b54aec6f289 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 2 Feb 2021 18:45:16 -0800 -Subject: [PATCH] configure: Conditionally undefine backend m4 macro - -Unlike the M4 builtin, this macro fails if macro is not defined -therefore recover the behavior of the builtin. - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index fe5054a..758f8c2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -127,7 +127,7 @@ fi - m4_set_foreach([crypto_backends], [backend], - [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")] - ) --m4_undefine([backend]) -+m4_ifdef([backend], [m4_undefine([backend])]) - - - # libz --- -2.30.0 - diff --git a/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch b/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch deleted file mode 100644 index b331c1bf81..0000000000 --- a/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Tue, 26 Jan 2021 11:41:21 -0800 -Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550) - -File: kex.c - -Notes: -Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code. - -Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up. - -Credit: -Stefan-Ghinea - -Upstream-Status: Backport - -Reference to upstream patch: -https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - src/kex.c | 66 +++++++++++++++++++++++++++---------------------------- - 1 file changed, 33 insertions(+), 33 deletions(-) - -diff --git a/src/kex.c b/src/kex.c -index cb16639..19ab6ec 100644 ---- a/src/kex.c -+++ b/src/kex.c -@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange - } - - --#if LIBSSH2_ECDSA -- --/* kex_session_ecdh_curve_type -- * returns the EC curve type by name used in key exchange -- */ -- --static int --kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) --{ -- int ret = 0; -- libssh2_curve_type type; -- -- if(name == NULL) -- return -1; -- -- if(strcmp(name, "ecdh-sha2-nistp256") == 0) -- type = LIBSSH2_EC_CURVE_NISTP256; -- else if(strcmp(name, "ecdh-sha2-nistp384") == 0) -- type = LIBSSH2_EC_CURVE_NISTP384; -- else if(strcmp(name, "ecdh-sha2-nistp521") == 0) -- type = LIBSSH2_EC_CURVE_NISTP521; -- else { -- ret = -1; -- } -- -- if(ret == 0 && out_type) { -- *out_type = type; -- } -- -- return ret; --} -- -- - /* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY - * - * Macro that create and verifies EC SHA hash with a given digest bytes -@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) - } \ - - -+#if LIBSSH2_ECDSA -+ -+/* kex_session_ecdh_curve_type -+ * returns the EC curve type by name used in key exchange -+ */ -+ -+static int -+kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) -+{ -+ int ret = 0; -+ libssh2_curve_type type; -+ -+ if(name == NULL) -+ return -1; -+ -+ if(strcmp(name, "ecdh-sha2-nistp256") == 0) -+ type = LIBSSH2_EC_CURVE_NISTP256; -+ else if(strcmp(name, "ecdh-sha2-nistp384") == 0) -+ type = LIBSSH2_EC_CURVE_NISTP384; -+ else if(strcmp(name, "ecdh-sha2-nistp521") == 0) -+ type = LIBSSH2_EC_CURVE_NISTP521; -+ else { -+ ret = -1; -+ } -+ -+ if(ret == 0 && out_type) { -+ *out_type = type; -+ } -+ -+ return ret; -+} -+ -+ - /* ecdh_sha2_nistp - * Elliptic Curve Diffie Hellman Key Exchange - */ --- -2.17.1 - diff --git a/poky/meta/recipes-support/libssh2/files/CVE-2019-17498.patch b/poky/meta/recipes-support/libssh2/files/CVE-2019-17498.patch deleted file mode 100644 index 001080072b..0000000000 --- a/poky/meta/recipes-support/libssh2/files/CVE-2019-17498.patch +++ /dev/null @@ -1,131 +0,0 @@ -From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Fri, 30 Aug 2019 09:57:38 -0700 -Subject: [PATCH] packet.c: improve message parsing (#402) - -* packet.c: improve parsing of packets - -file: packet.c - -notes: -Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST. - -Upstream-Status: Backport -CVE: CVE-2019-17498 -Signed-off-by: Li Zhou <li.zhou@windriver.com> ---- - src/packet.c | 68 ++++++++++++++++++++++------------------------------ - 1 file changed, 29 insertions(+), 39 deletions(-) - -diff --git a/src/packet.c b/src/packet.c -index 38ab629..2e01bfc 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - size_t datalen, int macstate) - { - int rc = 0; -- char *message = NULL; -- char *language = NULL; -+ unsigned char *message = NULL; -+ unsigned char *language = NULL; - size_t message_len = 0; - size_t language_len = 0; - LIBSSH2_CHANNEL *channelp = NULL; -@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - - case SSH_MSG_DISCONNECT: - if(datalen >= 5) { -- size_t reason = _libssh2_ntohu32(data + 1); -+ uint32_t reason = 0; -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr++; /* advance past type */ - -- if(datalen >= 9) { -- message_len = _libssh2_ntohu32(data + 5); -+ _libssh2_get_u32(&buf, &reason); -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - -- if(message_len < datalen-13) { -- /* 9 = packet_type(1) + reason(4) + message_len(4) */ -- message = (char *) data + 9; -- -- language_len = -- _libssh2_ntohu32(data + 9 + message_len); -- language = (char *) data + 9 + message_len + 4; -- -- if(language_len > (datalen-13-message_len)) { -- /* bad input, clear info */ -- language = message = NULL; -- language_len = message_len = 0; -- } -- } -- else -- /* bad size, clear it */ -- message_len = 0; -- } - if(session->ssh_msg_disconnect) { -- LIBSSH2_DISCONNECT(session, reason, message, -- message_len, language, language_len); -+ LIBSSH2_DISCONNECT(session, reason, (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } -+ - _libssh2_debug(session, LIBSSH2_TRACE_TRANS, - "Disconnect(%d): %s(%s)", reason, - message, language); -@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - int always_display = data[1]; - - if(datalen >= 6) { -- message_len = _libssh2_ntohu32(data + 2); -- -- if(message_len <= (datalen - 10)) { -- /* 6 = packet_type(1) + display(1) + message_len(4) */ -- message = (char *) data + 6; -- language_len = _libssh2_ntohu32(data + 6 + -- message_len); -- -- if(language_len <= (datalen - 10 - message_len)) -- language = (char *) data + 10 + message_len; -- } -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr += 2; /* advance past type & always display */ -+ -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - } - - if(session->ssh_msg_debug) { -- LIBSSH2_DEBUG(session, always_display, message, -- message_len, language, language_len); -+ LIBSSH2_DEBUG(session, always_display, -+ (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } - } -+ - /* - * _libssh2_debug will actually truncate this for us so - * that it's not an inordinate about of data -@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - uint32_t len = 0; - unsigned char want_reply = 0; - len = _libssh2_ntohu32(data + 1); -- if(datalen >= (6 + len)) { -+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { - want_reply = data[5 + len]; - _libssh2_debug(session, - LIBSSH2_TRACE_CONN, --- -2.17.1 - diff --git a/poky/meta/recipes-support/libssh2/files/run-ptest b/poky/meta/recipes-support/libssh2/files/run-ptest index 5fd7ec65f6..9e2fce2d24 100644 --- a/poky/meta/recipes-support/libssh2/files/run-ptest +++ b/poky/meta/recipes-support/libssh2/files/run-ptest @@ -2,7 +2,8 @@ ptestdir=$(dirname "$(readlink -f "$0")") cd tests -for test in simple ssh2.sh mansyntax.sh +# omit ssh2.sh until https://github.com/libssh2/libssh2/issues/630 is fixed +for test in simple mansyntax.sh do ./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test done diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb index a0cbb6af6b..072d6819c0 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb @@ -5,19 +5,15 @@ SECTION = "libs" DEPENDS = "zlib" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=c5cf34fc0acb44b082ef50ef5e4354ca" +LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ - file://CVE-2019-17498.patch \ - file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \ file://run-ptest \ - file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \ -" + " SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch" -SRC_URI[md5sum] = "1beefafe8963982adc84b408b2959927" -SRC_URI[sha256sum] = "d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd" +SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" inherit autotools pkgconfig ptest diff --git a/poky/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch b/poky/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch new file mode 100644 index 0000000000..e4db09638f --- /dev/null +++ b/poky/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch @@ -0,0 +1,27 @@ +From 73ec79432fc557a8be4f1500982b1c0f5fdf12a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> +Date: Thu, 7 Nov 2019 09:58:52 +0000 +Subject: [PATCH] fetch-ocsp-response: use python3 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: André Draszik <git@andred.net> +--- + script/fetch-ocsp-response | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/script/fetch-ocsp-response b/script/fetch-ocsp-response +index 0ff7461..185116b 100755 +--- a/script/fetch-ocsp-response ++++ b/script/fetch-ocsp-response +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # -*- coding: utf-8 -*- + + # nghttp2 - HTTP/2 C Library +-- +2.23.0.rc1 + diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb new file mode 100644 index 0000000000..3de509a27c --- /dev/null +++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb @@ -0,0 +1,35 @@ +SUMMARY = "HTTP/2 C Library and tools" +HOMEPAGE = "https://nghttp2.org/" +SECTION = "libs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=764abdf30b2eadd37ce47dcbce0ea1ec" + +UPSTREAM_CHECK_URI = "https://github.com/nghttp2/nghttp2/releases" + +SRC_URI = "\ + https://github.com/nghttp2/nghttp2/releases/download/v${PV}/nghttp2-${PV}.tar.xz \ + file://0001-fetch-ocsp-response-use-python3.patch \ +" +SRC_URI[sha256sum] = "abdc4addccadbc7d89abe27c4d6427d78e57d139f69c1f45749227393c68bf79" + +inherit cmake manpages python3native +PACKAGECONFIG[manpages] = "" + +# examples are never installed, and don't need to be built in the +# first place +EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=OFF -DENABLE_HPACK_TOOLS=OFF" + +PACKAGES =+ "lib${PN} ${PN}-client ${PN}-proxy ${PN}-server" + +RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server (>= ${PV})" +RDEPENDS:${PN}:class-native = "" +RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell" + +ALLOW_EMPTY:${PN} = "1" +FILES:${PN} = "" +FILES:lib${PN} = "${libdir}/*${SOLIBS}" +FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp" +FILES:${PN}-proxy = "${bindir}/nghttpx ${datadir}/${BPN}/fetch-ocsp-response" +FILES:${PN}-server = "${bindir}/nghttpd" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/pinentry/pinentry-1.1.1/gpg-error_pkconf.patch b/poky/meta/recipes-support/pinentry/pinentry-1.2.0/gpg-error_pkconf.patch index 537735dba8..507c0c3917 100644 --- a/poky/meta/recipes-support/pinentry/pinentry-1.1.1/gpg-error_pkconf.patch +++ b/poky/meta/recipes-support/pinentry/pinentry-1.2.0/gpg-error_pkconf.patch @@ -1,4 +1,4 @@ -From 7b60f1563ecdb7020c145de8a96cae1c0a66c595 Mon Sep 17 00:00:00 2001 +From 54a4c9d3e5f1897ed4b978d5cdee646ca7a4f637 Mon Sep 17 00:00:00 2001 From: Armin Kuster <akuster@mvista.com> Date: Fri, 2 Sep 2005 11:50:01 +0000 Subject: [PATCH] Add gtk+, avahi, dbus-0.34 (.36 coming soon) and @@ -11,14 +11,14 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Armin Kuster <akuster@mvista.com> --- - m4/gpg-error.m4 | 141 ++---------------------------------------------- - 1 file changed, 4 insertions(+), 137 deletions(-) + m4/gpg-error.m4 | 159 ++---------------------------------------------- + 1 file changed, 4 insertions(+), 155 deletions(-) diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 -index c9b235f..a4fd41c 100644 +index 56a5d07..c0bec1f 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 -@@ -25,141 +25,12 @@ dnl config script does not match the host specification the script +@@ -26,159 +26,12 @@ dnl config script does not match the host specification the script dnl is added to the gpg_config_script_warn variable. dnl AC_DEFUN([AM_PATH_GPG_ERROR], @@ -61,45 +61,79 @@ index c9b235f..a4fd41c 100644 - min_gpg_error_version=ifelse([$1], ,1.33,$1) - ok=no - -- if test "$prefix" = NONE ; then -- prefix_option_expanded=/usr/local -- else -- prefix_option_expanded="$prefix" -- fi -- if test "$exec_prefix" = NONE ; then -- exec_prefix_option_expanded=$prefix_option_expanded -- else -- exec_prefix_option_expanded=$(prefix=$prefix_option_expanded eval echo $exec_prefix) -- fi -- libdir_option_expanded=$(prefix=$prefix_option_expanded exec_prefix=$exec_prefix_option_expanded eval echo $libdir) +- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no, [$prefix/bin:$PATH]) +- if test "$GPGRT_CONFIG" != "no"; then +- # Determine gpgrt_libdir +- # +- # Get the prefix of gpgrt-config assuming it's something like: +- # <PREFIX>/bin/gpgrt-config +- gpgrt_prefix=${GPGRT_CONFIG%/*/*} +- possible_libdir1=${gpgrt_prefix}/lib +- # Determine by using system libdir-format with CC, it's like: +- # Normal style: /usr/lib +- # GNU cross style: /usr/<triplet>/lib +- # Debian style: /usr/lib/<multiarch-name> +- # Fedora/openSUSE style: /usr/lib, /usr/lib32 or /usr/lib64 +- # It is assumed that CC is specified to the one of host on cross build. +- if libdir_candidates=$(${CC:-cc} -print-search-dirs | \ +- sed -n -e "/^libraries/{s/libraries: =//;s/:/\\ +-/g;p;}"); then +- # From the output of -print-search-dirs, select valid pkgconfig dirs. +- libdir_candidates=$(for dir in $libdir_candidates; do +- if p=$(cd $dir 2>/dev/null && pwd); then +- test -d "$p/pkgconfig" && echo $p; +- fi +- done) - -- if test -f $libdir_option_expanded/pkgconfig/gpg-error.pc; then -- gpgrt_libdir=$libdir_option_expanded -- else -- if crt1_path=$(${CC:-cc} -print-file-name=crt1.o 2>/dev/null); then -- if possible_libdir=$(cd ${crt1_path%/*} && pwd 2>/dev/null); then -- if test -f $possible_libdir/pkgconfig/gpg-error.pc; then -- gpgrt_libdir=$possible_libdir +- for possible_libdir0 in $libdir_candidates; do +- # possible_libdir0: +- # Fallback candidate, the one of system-installed (by $CC) +- # (/usr/<triplet>/lib, /usr/lib/<multiarch-name> or /usr/lib32) +- # possible_libdir1: +- # Another candidate, user-locally-installed +- # (<gpgrt_prefix>/lib) +- # possible_libdir2 +- # Most preferred +- # (<gpgrt_prefix>/<triplet>/lib, +- # <gpgrt_prefix>/lib/<multiarch-name> or <gpgrt_prefix>/lib32) +- if test "${possible_libdir0##*/}" = "lib"; then +- possible_prefix0=${possible_libdir0%/lib} +- possible_prefix0_triplet=${possible_prefix0##*/} +- if test -z "$possible_prefix0_triplet"; then +- continue +- fi +- possible_libdir2=${gpgrt_prefix}/$possible_prefix0_triplet/lib +- else +- possible_prefix0=${possible_libdir0%%/lib*} +- possible_libdir2=${gpgrt_prefix}${possible_libdir0#$possible_prefix0} +- fi +- if test -f ${possible_libdir2}/pkgconfig/gpg-error.pc; then +- gpgrt_libdir=${possible_libdir2} +- elif test -f ${possible_libdir1}/pkgconfig/gpg-error.pc; then +- gpgrt_libdir=${possible_libdir1} +- elif test -f ${possible_libdir0}/pkgconfig/gpg-error.pc; then +- gpgrt_libdir=${possible_libdir0} - fi -- fi +- if test -n "$gpgrt_libdir"; then break; fi +- done +- else +- # When we cannot determine system libdir-format, use this: +- gpgrt_libdir=${possible_libdir1} - fi +- else +- unset GPGRT_CONFIG - fi - -- if test "$GPG_ERROR_CONFIG" = "no" -a -n "$gpgrt_libdir"; then -- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no) -- if test "$GPGRT_CONFIG" = "no"; then -- unset GPGRT_CONFIG +- if test -n "$gpgrt_libdir"; then +- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir" +- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then +- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error" +- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config]) +- gpg_error_config_version=`$GPG_ERROR_CONFIG --modversion` - else -- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir" -- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then -- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error" -- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config]) -- gpg_error_config_version=`$GPG_ERROR_CONFIG --modversion` -- else -- unset GPGRT_CONFIG -- fi +- unset GPGRT_CONFIG - fi -- else +- elif test "$GPG_ERROR_CONFIG" != "no"; then - gpg_error_config_version=`$GPG_ERROR_CONFIG --version` - fi - if test "$GPG_ERROR_CONFIG" != "no"; then @@ -120,22 +154,6 @@ index c9b235f..a4fd41c 100644 - fi - fi - fi -- if test -z "$GPGRT_CONFIG" -a -n "$gpgrt_libdir"; then -- if test "$major" -gt 1 -o "$major" -eq 1 -a "$minor" -ge 33; then -- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no) -- if test "$GPGRT_CONFIG" = "no"; then -- unset GPGRT_CONFIG -- else -- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir" -- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then -- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error" -- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config]) -- else -- unset GPGRT_CONFIG -- fi -- fi -- fi -- fi - fi - AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) +[ @@ -164,7 +182,7 @@ index c9b235f..a4fd41c 100644 if test x"$gpg_error_config_host" != xnone ; then if test x"$gpg_error_config_host" != x"$host" ; then AC_MSG_WARN([[ -@@ -174,10 +45,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR], +@@ -193,10 +46,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR], fi fi else diff --git a/poky/meta/recipes-support/pinentry/pinentry-1.1.1/libassuan_pkgconf.patch b/poky/meta/recipes-support/pinentry/pinentry-1.2.0/libassuan_pkgconf.patch index f4aec2d1c3..f4aec2d1c3 100644 --- a/poky/meta/recipes-support/pinentry/pinentry-1.1.1/libassuan_pkgconf.patch +++ b/poky/meta/recipes-support/pinentry/pinentry-1.2.0/libassuan_pkgconf.patch diff --git a/poky/meta/recipes-support/pinentry/pinentry_1.1.1.bb b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb index 98577fe3ef..504ba3b5cc 100644 --- a/poky/meta/recipes-support/pinentry/pinentry_1.1.1.bb +++ b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://gpg-error_pkconf.patch \ " -SRC_URI[sha256sum] = "cd12a064013ed18e2ee8475e669b9f58db1b225a0144debdb85a68cecddba57f" +SRC_URI[sha256sum] = "10072045a3e043d0581f91cd5676fcac7ffee957a16636adedaa4f583a616470" inherit autotools pkgconfig diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index 1d3c24a177..23ab48ba2b 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -15,7 +15,7 @@ SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ S = "${WORKDIR}/git" -FILES:${PN} = "${bindir}/ptest-runner" +FILES:${PN} = "${bindir}/ptest-runner ${bindir}/ptest-runner-collect-system-data" EXTRA_OEMAKE = "-e MAKEFLAGS= CFLAGS="${CFLAGS} -DDEFAULT_DIRECTORY=\\\"${libdir}\\\""" @@ -25,6 +25,10 @@ do_compile () { do_install () { install -D -m 0755 ${S}/ptest-runner ${D}${bindir}/ptest-runner + install -D -m 0755 ${S}/ptest-runner-collect-system-data ${D}${bindir}/ptest-runner-collect-system-data } RDEPENDS:${PN}:append:libc-glibc = " libgcc" + +# pstree is called by ptest-runner-collect-system-data +RDEPENDS:${PN}:append = " pstree" diff --git a/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch b/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch new file mode 100644 index 0000000000..e6172ef5aa --- /dev/null +++ b/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch @@ -0,0 +1,28 @@ +From 2f45711a66ff99886b6e4a5708e2db01a63e5af4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Fri, 10 Sep 2021 11:05:10 +0200 +Subject: [PATCH] buckets/ssl_buckets.c: do not use ERR_GET_FUNC + +Upstream removed it in +https://github.com/openssl/openssl/pull/16004 + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + buckets/ssl_buckets.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c +index b01e535..9801f87 100644 +--- a/buckets/ssl_buckets.c ++++ b/buckets/ssl_buckets.c +@@ -1325,8 +1325,7 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) + return 0; + } + else { +- printf("OpenSSL cert error: %d %d %d\n", ERR_GET_LIB(err), +- ERR_GET_FUNC(err), ++ printf("OpenSSL cert error: %d %d\n", ERR_GET_LIB(err), + ERR_GET_REASON(err)); + PKCS12_free(p12); + bio_meth_free(biom); diff --git a/poky/meta/recipes-support/serf/serf_1.3.9.bb b/poky/meta/recipes-support/serf/serf_1.3.9.bb index 21515866a9..669f42b8e7 100644 --- a/poky/meta/recipes-support/serf/serf_1.3.9.bb +++ b/poky/meta/recipes-support/serf/serf_1.3.9.bb @@ -12,6 +12,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0003-gen_def.patch \ file://0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch \ file://SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch \ + file://0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch \ " SRC_URI[md5sum] = "370a6340ff20366ab088012cd13f2b57" diff --git a/poky/meta/recipes-support/vte/vte/0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch b/poky/meta/recipes-support/vte/vte/0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch new file mode 100644 index 0000000000..c69a52e5d0 --- /dev/null +++ b/poky/meta/recipes-support/vte/vte/0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch @@ -0,0 +1,24 @@ +From daa30d0039397a735d49ea535305ed0bc5f9d73b Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 26 Oct 2021 09:38:42 +0200 +Subject: [PATCH] Makefile.docs: correctly substitute gtkdoc qemu wrapper + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + doc/reference/Makefile.docs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/reference/Makefile.docs b/doc/reference/Makefile.docs +index b18f0a4..da18440 100644 +--- a/doc/reference/Makefile.docs ++++ b/doc/reference/Makefile.docs +@@ -233,7 +233,7 @@ INSTALL_DATA = $(INSTALL) -m 644 + + GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(CPPFLAGS) $(CFLAGS) + GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(CFLAGS) $(LDFLAGS) +-GTKDOC_RUN = ++GTKDOC_RUN = $(top_builddir)/gtkdoc-qemuwrapper + + GTKDOC_CHECK_PATH = gtkdoc-check + GTKDOC_REBASE = gtkdoc-rebase diff --git a/poky/meta/recipes-support/vte/vte_0.64.2.bb b/poky/meta/recipes-support/vte/vte_0.66.0.bb index a79f2e4451..6676b7feeb 100644 --- a/poky/meta/recipes-support/vte/vte_0.64.2.bb +++ b/poky/meta/recipes-support/vte/vte_0.66.0.bb @@ -19,8 +19,9 @@ GIR_MESON_OPTION = 'gir' inherit gnomebase gtk-doc features_check upstream-version-is-even gobject-introspection # vapigen.m4 is required when vala is not present (but the one from vala should be used normally) -SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch" -SRC_URI[archive.sha256sum] = "2b3c820b65a667c1d8859ba20478be626d1519cc3159dac25f703330c6d07e18" +SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ + file://0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch" +SRC_URI[archive.sha256sum] = "d0813ac00fb1d74d88851e765f755d496c83e097097358ea1baadb38b37b7b33" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |