diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:55:23 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:56:06 +0300 |
| commit | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (patch) | |
| tree | cd2f355c9c8ae01d490e733e8c83d86f89e92bc8 /poky/meta | |
| parent | 06a6d53090fbf4da09a79d24c2147c5d78640b0c (diff) | |
| download | openbmc-d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b.tar.xz | |
subtree updates:nanbield: Jan 11, 2024
poky: bf9f2f6f60..61a59d00a0:
Adam Johnston (1):
useradd_base: Fix sed command line for passwd-expire
Alexander Kanavin (1):
cmake: upgrade 3.27.5 -> 3.27.7
Anuj Mittal (1):
gstreamer1.0: upgrade 1.22.6 -> 1.22.7
Bastian Krause (1):
linux-firmware: add new fw file to ${PN}-rtl8821
Bruce Ashfield (25):
linux-yocto/6.1: update to v6.1.59
linux-yocto/6.1: update to v6.1.60
linux-yocto/6.5: update to v6.5.8
linux-yocto/6.5: update to v6.5.9
kern-tools: make lower context patches reproducible
kern-tools: bump SRCREV for queue processing changes
kern-tools: update SRCREV to include SECURITY.md file
kernel-yocto: improve metadata patching
linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
linux-yocto/6.1: update to v6.1.61
linux-yocto/6.1: update to v6.1.62
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
linux-yocto/6.5: update to v6.5.10
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.1: update to v6.1.68
linux-yocto/6.5: drop removed IMA option
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
Chen Qi (1):
systemd: fix DynamicUser issue
Deepthi Hemraj (1):
rust: Fix CVE-2023-40030
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Dmitry Baryshkov (9):
linux-firmware: upgrade 20230804 -> 20231030
linux-firmware: add missing depenencies on license packages
linux-firmware: add notice file to sdm845 modem firmware
linux-firmware: add audio topology symlink to the X13's audio package
linux-firmware: package firmware for Qualcomm Adreno a702
linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
linux-firmware: package Qualcomm Venus 6.0 firmware
linux-firmware: package Robotics RB5 sensors DSP firmware
meson: use correct targets for rust binaries
Fahad Arslan (1):
linux-firmware: create separate packages
Javier Tia (1):
kernel-arch: use ccache only for compiler
Jermain Horsman (2):
lib/oe/buildcfg.py: Include missing import
lib/oe/buildcfg.py: Remove unused parameter
Joakim Tjernlund (1):
sed -i destroys symlinks
Joshua Watt (1):
bitbake: asyncrpc: Add context manager API
Julien Stephan (2):
devtool: fix update-recipe dry-run mode
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
Justin Bronder (1):
contributor-guide: add License-Update tag
Khem Raj (1):
python3-urllib3: Upgrade to 2.0.7
Lee Chee Yang (10):
migration-guides: add release notes for 4.3.1
migration-guide: add release notes for 4.2.4
migration-guide: add release notes for 4.0.14
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
avahi: add CVE-2023-38473.patch to SRC_URL
grub: fix CVE-2023-4692 CVE-2023-4693
curl: fix CVE-2023-46218
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
gtk: Add rdepend on printbackend for cups
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
systemd: update LICENSE statement
Michael Opdenacker (14):
migration-guides: release 3.5 is actually 4.0
contributor-guide: fix command option
dev-manual: layers: update link to YP Compatible form
ref-manual: releases.svg: update nanbield release status
manuals: fix URL
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
test-manual: use working example
systemd-compat-units.bb: fix postinstall script
ref-manual: update tested and supported distros
Paul Barker (1):
ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults
Peter Kjellerstedt (3):
oeqa/selftest/tinfoil: Add tests that parse virtual recipes
dev-manual: Discourage the use of SRC_URI[md5sum]
bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Randy MacLeod (1):
strace: backport fix for so_peerpidfd-test
Rasmus Villemoes (1):
perf: lift TARGET_CC_ARCH modification out of security_flags.inc
Richard Purdie (7):
qemu: Upgrade 8.1.0 -> 8.1.2
sstate: Ensure sstate searches update file mtime
testimage: Exclude wtmp from target-dumper commands
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
linux/cve-exclusion6.1: Update to latest kernel point release
package_ipk: Fix Source: field variable dependency
testimage: Drop target_dumper and most of monitor_dumper
Ross Burton (6):
xwayland: upgrade to 23.2.2
linux-yocto: update CVE exclusions
linux-yocto: update CVE exclusions
lib/oe/patch: ensure os.chdir restoring always happens
tcl: skip timing-dependent tests in run-ptest
tcl: skip async and event tests in run-ptest
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (1):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
Steve Sakoman (2):
poky.conf: bump version for 4.3.2 release
build-appliance-image: Update to nanbield head revision
Sundeep KOKKONDA (2):
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (2):
lsb-release: use https for UPSTREAM_CHECK_URI
vim: upgrade 9.0.2068 -> 9.0.2130
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Vijay Anusuri (1):
avahi: backport Debian patches to fix multiple CVE's
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Vyacheslav Yurkov (1):
lib/oe/path: Deploy files can start only with a dot
Wang Mingyu (16):
base-passwd: upgrade 3.6.1 -> 3.6.2
enchant2: upgrade 2.6.1 -> 2.6.2
harfbuzz: upgrade 8.2.1 -> 8.2.2
libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
libnewt: upgrade 0.52.23 -> 0.52.24
libnsl2: upgrade 2.0.0 -> 2.0.1
msmtp: upgrade 1.8.24 -> 1.8.25
glib-2.0: upgrade 2.78.0 -> 2.78.1
xserver-xorg: upgrade 21.1.8 -> 21.1.9
ghostscript: upgrade 10.02.0 -> 10.02.1
libsolv: upgrade 0.7.25 -> 0.7.26
bind: upgrade 9.18.19 -> 9.18.20
ell: upgrade 0.59 -> 0.60
libgcrypt: upgrade 1.10.2 -> 1.10.3
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
William Lyu (1):
openssl: improve handshake test error reporting
Zoltán Böszörményi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
meta-openembedded: 1750c66ae8..2da6e1b0e4:
Alexandre Belloni (1):
poco: fix branch
Christian Eggers (1):
python3-gcovr: switch to main branch
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Edi Feschiyan (1):
libbytesize: update SRC_URI
Fabio Estevam (3):
openocd: Use https for github
python3-piccata: Use https for github
multipath-tools: Use https for github
Jeffrey Pautler (1):
apache2: add vendor to product name used for CVE checking
Jonas Gorski (1):
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Khem Raj (3):
hwdata: upgrade 0.370 -> 0.375
openvpn: upgrade 2.6.3 -> 2.6.6
python3-scapy: upgrade to latest revision
Ross Burton (1):
yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
Wang Mingyu (3):
hdf5: Fix install conflict when enable multilib.
dnf-plugin-tui: Recover BBCLASSEXTEND variants
strongswan: upgrade 5.9.11 -> 5.9.12
Zoltán Böszörményi (3):
python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
geos: Fix packaging
meta-arm: 0bd7fece41..79c52afe74:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (1):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta')
115 files changed, 2548 insertions, 549 deletions
diff --git a/poky/meta/classes-global/package_ipk.bbclass b/poky/meta/classes-global/package_ipk.bbclass index b4b7bc9ac2..64fa237c00 100644 --- a/poky/meta/classes-global/package_ipk.bbclass +++ b/poky/meta/classes-global/package_ipk.bbclass @@ -47,6 +47,10 @@ python do_package_ipk () { do_package_ipk[vardeps] += "ipk_write_pkg" do_package_ipk[vardepsexclude] = "BB_NUMBER_THREADS" +# FILE isn't included by default but we want the recipe to change if basename() changes +IPK_RECIPE_FILE = "${@os.path.basename(d.getVar('FILE'))}" +IPK_RECIPE_FILE[vardepvalue] = "${IPK_RECIPE_FILE}" + def ipk_write_pkg(pkg, d): import re, copy import subprocess @@ -62,7 +66,7 @@ def ipk_write_pkg(pkg, d): outdir = d.getVar('PKGWRITEDIRIPK') pkgdest = d.getVar('PKGDEST') - recipesource = os.path.basename(d.getVar('FILE')) + recipesource = d.getVar('IPK_RECIPE_FILE') localdata = bb.data.createCopy(d) root = "%s/%s" % (pkgdest, pkg) diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass index 2676f18e0a..5b27a1f0f9 100644 --- a/poky/meta/classes-global/sstate.bbclass +++ b/poky/meta/classes-global/sstate.bbclass @@ -937,6 +937,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, sstatefile = d.expand("${SSTATE_DIR}/" + getsstatefile(tid, siginfo, d)) if os.path.exists(sstatefile): + oe.utils.touch(sstatefile) found.add(tid) bb.debug(2, "SState: Found valid sstate file %s" % sstatefile) else: @@ -1183,16 +1184,7 @@ python sstate_eventhandler() { if not os.path.exists(siginfo): bb.siggen.dump_this_task(siginfo, d) else: - try: - os.utime(siginfo, None) - except PermissionError: - pass - except OSError as e: - # Handle read-only file systems gracefully - import errno - if e.errno != errno.EROFS: - raise e - + oe.utils.touch(siginfo) } SSTATE_PRUNE_OBSOLETEWORKDIR ?= "1" diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass index 6a50bbfd42..404f2e7061 100644 --- a/poky/meta/classes-recipe/kernel-arch.bbclass +++ b/poky/meta/classes-recipe/kernel-arch.bbclass @@ -74,8 +74,8 @@ TARGET_STRIP_KERNEL_ARCH ?= "" HOST_STRIP_KERNEL_ARCH ?= "${TARGET_STRIP_KERNEL_ARCH}" KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" -KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" -KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" -KERNEL_OBJCOPY = "${CCACHE}${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}" +KERNEL_LD = "${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" +KERNEL_AR = "${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" +KERNEL_OBJCOPY = "${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}" KERNEL_STRIP = "${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}" TOOLCHAIN ?= "gcc" diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass index 4ac977b122..4b7c0b829f 100644 --- a/poky/meta/classes-recipe/kernel-yocto.bbclass +++ b/poky/meta/classes-recipe/kernel-yocto.bbclass @@ -176,12 +176,32 @@ do_kernel_metadata() { # kernel source tree, where they'll be used later. check_git_config patches="${@" ".join(find_patches(d,'kernel-meta'))}" - for p in $patches; do + if [ -n "$patches" ]; then ( - cd ${WORKDIR}/kernel-meta - git am -s $p - ) - done + cd ${WORKDIR}/kernel-meta + + # take the SRC_URI patches, and create a series file + # this is required to support some better processing + # of issues with the patches + rm -f series + for p in $patches; do + cp $p . + echo "$(basename $p)" >> series + done + + # process the series with kgit-s2q, which is what is + # handling the rest of the kernel. This allows us + # more flexibility for handling failures or advanced + # mergeing functinoality + message=$(kgit-s2q --gen -v --patches ${WORKDIR}/kernel-meta 2>&1) + if [ $? -ne 0 ]; then + # setup to try the patch again + kgit-s2q --prev + bberror "Problem applying patches to: ${WORKDIR}/kernel-meta" + bbfatal_log "\n($message)" + fi + ) + fi fi sccs_from_src_uri="${@" ".join(find_sccs(d))}" diff --git a/poky/meta/classes-recipe/meson.bbclass b/poky/meta/classes-recipe/meson.bbclass index d08a83d555..a85d120d77 100644 --- a/poky/meta/classes-recipe/meson.bbclass +++ b/poky/meta/classes-recipe/meson.bbclass @@ -79,7 +79,7 @@ llvm-config = 'llvm-config' cups-config = 'cups-config' g-ir-scanner = '${STAGING_BINDIR}/g-ir-scanner-wrapper' g-ir-compiler = '${STAGING_BINDIR}/g-ir-compiler-wrapper' -${@rust_tool(d, "HOST_SYS")} +${@rust_tool(d, "RUST_HOST_SYS")} ${@"exe_wrapper = '${WORKDIR}/meson-qemuwrapper'" if d.getVar('EXEWRAPPER_ENABLED') == 'True' else ""} [built-in options] @@ -116,7 +116,7 @@ readelf = ${@meson_array('BUILD_READELF', d)} objcopy = ${@meson_array('BUILD_OBJCOPY', d)} llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config' pkgconfig = 'pkg-config-native' -${@rust_tool(d, "BUILD_SYS")} +${@rust_tool(d, "RUST_BUILD_SYS")} [built-in options] c_args = ${@meson_array('BUILD_CFLAGS', d)} diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass index 06388b72fb..29ee74932a 100644 --- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass @@ -241,10 +241,10 @@ read_only_rootfs_hook () { # zap_empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow + sed --follow-symlinks -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow fi if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd + sed --follow-symlinks -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd fi } diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass index 7c56fe9674..f36d941891 100644 --- a/poky/meta/classes-recipe/testimage.bbclass +++ b/poky/meta/classes-recipe/testimage.bbclass @@ -109,21 +109,6 @@ TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME" -testimage_dump_target () { - top -bn1 - ps - free - df - # The next command will export the default gateway IP - export DEFAULT_GATEWAY=$(ip route | awk '/default/ { print $3}') - ping -c3 $DEFAULT_GATEWAY - dmesg - netstat -an - ip address - # Next command will dump logs from /var/log/ - find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \; -} - testimage_dump_monitor () { query-status query-block @@ -352,7 +337,6 @@ def testimage_main(d): target_kwargs['serialcontrol_cmd'] = d.getVar("TEST_SERIALCONTROL_CMD") or None target_kwargs['serialcontrol_extra_args'] = d.getVar("TEST_SERIALCONTROL_EXTRA_ARGS") or "" target_kwargs['testimage_dump_monitor'] = d.getVar("testimage_dump_monitor") or "" - target_kwargs['testimage_dump_target'] = d.getVar("testimage_dump_target") or "" def export_ssh_agent(d): import os diff --git a/poky/meta/classes/useradd_base.bbclass b/poky/meta/classes/useradd_base.bbclass index 863cb7b76c..5e1c699118 100644 --- a/poky/meta/classes/useradd_base.bbclass +++ b/poky/meta/classes/useradd_base.bbclass @@ -160,7 +160,7 @@ perform_passwd_expire () { local username=`echo "$opts" | awk '{ print $NF }'` local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" if test "x$user_exists" != "x"; then - eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true + eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed --follow-symlinks -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`" if test "x$passwd_lastchanged" != "x0"; then bbfatal "${PN}: passwd --expire operation did not succeed." diff --git a/poky/meta/conf/distro/include/security_flags.inc b/poky/meta/conf/distro/include/security_flags.inc index 2972f05b4e..d97a6edb0f 100644 --- a/poky/meta/conf/distro/include/security_flags.inc +++ b/poky/meta/conf/distro/include/security_flags.inc @@ -69,4 +69,3 @@ SECURITY_LDFLAGS:pn-xserver-xorg = "${SECURITY_X_LDFLAGS}" TARGET_CC_ARCH:append:pn-binutils = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gcc = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gdb = " ${SELECTED_OPTIMIZATION}" -TARGET_CC_ARCH:append:pn-perf = " ${SELECTED_OPTIMIZATION}" diff --git a/poky/meta/lib/oe/buildcfg.py b/poky/meta/lib/oe/buildcfg.py index 90f5e05715..b3fe510309 100644 --- a/poky/meta/lib/oe/buildcfg.py +++ b/poky/meta/lib/oe/buildcfg.py @@ -1,26 +1,27 @@ +import os import subprocess import bb.process def detect_revision(d): path = get_scmbasepath(d) - return get_metadata_git_revision(path, d) + return get_metadata_git_revision(path) def detect_branch(d): path = get_scmbasepath(d) - return get_metadata_git_branch(path, d) + return get_metadata_git_branch(path) def get_scmbasepath(d): return os.path.join(d.getVar('COREBASE'), 'meta') -def get_metadata_git_branch(path, d): +def get_metadata_git_branch(path): try: rev, _ = bb.process.run('git rev-parse --abbrev-ref HEAD', cwd=path) except bb.process.ExecutionError: rev = '<unknown>' return rev.strip() -def get_metadata_git_revision(path, d): +def get_metadata_git_revision(path): try: rev, _ = bb.process.run('git rev-parse HEAD', cwd=path) except bb.process.ExecutionError: @@ -45,5 +46,5 @@ def get_layer_revisions(d): layers = (d.getVar("BBLAYERS") or "").split() revisions = [] for i in layers: - revisions.append((i, os.path.basename(i), get_metadata_git_branch(i, None).strip(), get_metadata_git_revision(i, None), is_layer_modified(i))) + revisions.append((i, os.path.basename(i), get_metadata_git_branch(i).strip(), get_metadata_git_revision(i), is_layer_modified(i))) return revisions diff --git a/poky/meta/lib/oe/patch.py b/poky/meta/lib/oe/patch.py index ff9afc9df9..9b480b2b28 100644 --- a/poky/meta/lib/oe/patch.py +++ b/poky/meta/lib/oe/patch.py @@ -772,8 +772,9 @@ class NOOPResolver(Resolver): self.patchset.Push() except Exception: import sys - os.chdir(olddir) raise + finally: + os.chdir(olddir) # Patch resolver which relies on the user doing all the work involved in the # resolution, with the exception of refreshing the remote copy of the patch @@ -833,9 +834,9 @@ class UserResolver(Resolver): # User did not fix the problem. Abort. raise PatchError("Patch application failed, and user did not fix and refresh the patch.") except Exception: - os.chdir(olddir) raise - os.chdir(olddir) + finally: + os.chdir(olddir) def patch_path(url, fetch, workdir, expand=True): diff --git a/poky/meta/lib/oe/path.py b/poky/meta/lib/oe/path.py index 0dc8f172d5..e2f1913a35 100644 --- a/poky/meta/lib/oe/path.py +++ b/poky/meta/lib/oe/path.py @@ -125,7 +125,8 @@ def copyhardlinktree(src, dst): if os.path.isdir(src): if len(glob.glob('%s/.??*' % src)) > 0: source = './.??* ' - source += './*' + if len(glob.glob('%s/**' % src)) > 0: + source += './*' s_dir = src else: source = src diff --git a/poky/meta/lib/oe/utils.py b/poky/meta/lib/oe/utils.py index a3b1bb1087..14a7d07ef0 100644 --- a/poky/meta/lib/oe/utils.py +++ b/poky/meta/lib/oe/utils.py @@ -7,6 +7,7 @@ import subprocess import multiprocessing import traceback +import errno def read_file(filename): try: @@ -528,3 +529,14 @@ def directory_size(root, blocksize=4096): total += sum(roundup(getsize(os.path.join(root, name))) for name in files) total += roundup(getsize(root)) return total + +# Update the mtime of a file, skip if permission/read-only issues +def touch(filename): + try: + os.utime(filename, None) + except PermissionError: + pass + except OSError as e: + # Handle read-only file systems gracefully + if e.errno != errno.EROFS: + raise e diff --git a/poky/meta/lib/oeqa/core/target/qemu.py b/poky/meta/lib/oeqa/core/target/qemu.py index 6893d10226..d93b3ac94a 100644 --- a/poky/meta/lib/oeqa/core/target/qemu.py +++ b/poky/meta/lib/oeqa/core/target/qemu.py @@ -14,8 +14,6 @@ from collections import defaultdict from .ssh import OESSHTarget from oeqa.utils.qemurunner import QemuRunner -from oeqa.utils.dump import MonitorDumper -from oeqa.utils.dump import TargetDumper supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] @@ -47,14 +45,6 @@ class OEQemuTarget(OESSHTarget): use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, logger=logger, serial_ports=serial_ports, boot_patterns = boot_patterns, use_ovmf=ovmf, tmpfsdir=tmpfsdir) - dump_monitor_cmds = kwargs.get("testimage_dump_monitor") - self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) - if self.monitor_dumper: - self.monitor_dumper.create_dir("qmp") - - dump_target_cmds = kwargs.get("testimage_dump_target") - self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) - self.target_dumper.create_dir("qemu") def start(self, params=None, extra_bootparams=None, runqemuparams=''): if self.use_slirp and not self.server_ip: diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py index f4dd0ca417..09cdd14c75 100644 --- a/poky/meta/lib/oeqa/core/target/ssh.py +++ b/poky/meta/lib/oeqa/core/target/ssh.py @@ -48,8 +48,6 @@ class OESSHTarget(OETarget): if port: self.ssh = self.ssh + [ '-p', port ] self.scp = self.scp + [ '-P', port ] - self._monitor_dumper = None - self.target_dumper = None def start(self, **kwargs): pass @@ -57,15 +55,6 @@ class OESSHTarget(OETarget): def stop(self, **kwargs): pass - @property - def monitor_dumper(self): - return self._monitor_dumper - - @monitor_dumper.setter - def monitor_dumper(self, dumper): - self._monitor_dumper = dumper - self.monitor_dumper.dump_monitor() - def _run(self, command, timeout=None, ignore_status=True): """ Runs command in target using SSHProcess. @@ -104,14 +93,7 @@ class OESSHTarget(OETarget): status, output = self._run(sshCmd, processTimeout, ignore_status) self.logger.debug('Command: %s\nStatus: %d Output: %s\n' % (command, status, output)) - if (status == 255) and (('No route to host') in output): - if self.monitor_dumper: - self.monitor_dumper.dump_monitor() - if status == 255: - if self.target_dumper: - self.target_dumper.dump_target() - if self.monitor_dumper: - self.monitor_dumper.dump_monitor() + return (status, output) def copyTo(self, localSrc, remoteDst): diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index dd13c20402..21c8686b2a 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -48,6 +48,17 @@ class TinfoilTests(OESelftestTestCase): rd = tinfoil.parse_recipe_file(best[3]) self.assertEqual(testrecipe, rd.getVar('PN')) + def test_parse_virtual_recipe(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + testrecipe = 'nativesdk-gcc' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3]) + self.assertEqual(testrecipe, rd.getVar('PN')) + self.assertIsNotNone(rd.getVar('FILE_LAYERNAME')) + def test_parse_recipe_copy_expand(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) @@ -66,7 +77,7 @@ class TinfoilTests(OESelftestTestCase): localdata.setVar('PN', 'hello') self.assertEqual('hello', localdata.getVar('BPN')) - # The config_data API tp parse_recipe_file is used by: + # The config_data API to parse_recipe_file is used by: # layerindex-web layerindex/update_layer.py def test_parse_recipe_custom_data(self): with bb.tinfoil.Tinfoil() as tinfoil: @@ -80,6 +91,18 @@ class TinfoilTests(OESelftestTestCase): rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_parse_virtual_recipe_custom_data(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + localdata = bb.data.createCopy(tinfoil.config_data) + localdata.setVar("TESTVAR", "testval") + testrecipe = 'nativesdk-gcc' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) + self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_list_recipes(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py index e21655c979..6e8b781973 100644 --- a/poky/meta/lib/oeqa/targetcontrol.py +++ b/poky/meta/lib/oeqa/targetcontrol.py @@ -103,7 +103,6 @@ class QemuTarget(BaseTarget): self.rootfs = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("IMAGE_LINK_NAME") + '.' + self.image_fstype) self.kernel = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("KERNEL_IMAGETYPE", False) + '-' + d.getVar('MACHINE', False) + '.bin') self.qemulog = os.path.join(self.testdir, "qemu_boot_log.%s" % self.datetime) - dump_target_cmds = d.getVar("testimage_dump_target") dump_monitor_cmds = d.getVar("testimage_dump_monitor") dump_dir = d.getVar("TESTIMAGE_DUMP_DIR") if not dump_dir: @@ -144,7 +143,6 @@ class QemuTarget(BaseTarget): tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"), serial_ports = len(d.getVar("SERIAL_CONSOLES").split())) - self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) if (self.monitor_dumper): self.monitor_dumper.create_dir("qmp") diff --git a/poky/meta/lib/patchtest/tests/test_patch.py b/poky/meta/lib/patchtest/tests/test_patch.py index 65d0f930b0..d7187a0cb1 100644 --- a/poky/meta/lib/patchtest/tests/test_patch.py +++ b/poky/meta/lib/patchtest/tests/test_patch.py @@ -6,6 +6,7 @@ # import base +import os import parse_signed_off_by import parse_upstream_status import pyparsing @@ -87,7 +88,7 @@ class TestPatch(base.Base): if TestPatch.prog.search_string(payload): break else: - self.fail('A patch file has been added without a Signed-off-by tag. Sign off the added patch file (%s)' % newpatch.path) + self.fail('A patch file has been added without a Signed-off-by tag: \'%s\'' % os.path.basename(newpatch.path)) def test_cve_tag_format(self): for commit in TestPatch.commits: diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch new file mode 100644 index 0000000000..4780e35b7a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch @@ -0,0 +1,97 @@ +From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov <dfirblog@gmail.com> +Date: Thu, 16 Nov 2023 07:21:50 +0000 +Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST + attribute for the $MFT file + +When parsing an extremely fragmented $MFT file, i.e., the file described +using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer +containing bytes read from the underlying drive to store sector numbers, +which are consumed later to read data from these sectors into another buffer. + +These sectors numbers, two 32-bit integers, are always stored at predefined +offsets, 0x10 and 0x14, relative to first byte of the selected entry within +the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. + +However, when parsing a specially-crafted file system image, this may cause +the NTFS code to write these integers beyond the buffer boundary, likely +causing the GRUB memory allocator to misbehave or fail. These integers contain +values which are controlled by on-disk structures of the NTFS file system. + +Such modification and resulting misbehavior may touch a memory range not +assigned to the GRUB and owned by firmware or another EFI application/driver. + +This fix introduces checks to ensure that these sector numbers are never +written beyond the boundary. + +Fixes: CVE-2023-4692 + +Reported-by: Maxim Suhanov <dfirblog@gmail.com> +Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +CVE: CVE-2023-4692 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + grub-core/fs/ntfs.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 2f34f76..6009e49 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + if (at->attr_end) + { +- grub_uint8_t *pa; ++ grub_uint8_t *pa, *pa_end; + + at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + if (at->emft_buf == NULL) +@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + at->attr_nxt = at->edat_buf; + at->attr_end = at->edat_buf + u32at (pa, 0x30); ++ pa_end = at->edat_buf + n; + } + else + { + at->attr_nxt = at->attr_end + u16at (pa, 0x14); + at->attr_end = at->attr_end + u32at (pa, 4); ++ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + } + at->flags |= GRUB_NTFS_AF_ALST; + while (at->attr_nxt < at->attr_end) +@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + at->flags |= GRUB_NTFS_AF_GPOS; + at->attr_cur = at->attr_nxt; + pa = at->attr_cur; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + grub_set_unaligned32 ((char *) pa + 0x10, + grub_cpu_to_le32 (at->mft->data->mft_start)); + grub_set_unaligned32 ((char *) pa + 0x14, +@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + { + if (*pa != attr) + break; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + if (read_attr + (at, pa + 0x10, + u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), +-- +2.40.0 diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch new file mode 100644 index 0000000000..1b6013d86d --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch @@ -0,0 +1,62 @@ +From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov <dfirblog@gmail.com> +Date: Mon, 28 Aug 2023 16:32:33 +0300 +Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident + $DATA attribute + +When reading a file containing resident data, i.e., the file data is stored in +the $DATA attribute within the NTFS file record, not in external clusters, +there are no checks that this resident data actually fits the corresponding +file record segment. + +When parsing a specially-crafted file system image, the current NTFS code will +read the file data from an arbitrary, attacker-chosen memory offset and of +arbitrary, attacker-chosen length. + +This allows an attacker to display arbitrary chunks of memory, which could +contain sensitive information like password hashes or even plain-text, +obfuscated passwords from BS EFI variables. + +This fix implements a check to ensure that resident data is read from the +corresponding file record segment only. + +Fixes: CVE-2023-4693 + +Reported-by: Maxim Suhanov <dfirblog@gmail.com> +Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] +CVE: CVE-2023-4693 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + grub-core/fs/ntfs.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 7e43fd6..8f63c83 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, + { + if (ofs + len > u32at (pa, 0x10)) + return grub_error (GRUB_ERR_BAD_FS, "read out of range"); +- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); ++ ++ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); ++ ++ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ if (u16at (pa, 0x14) + u32at (pa, 0x10) > ++ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); + return 0; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 41839698dc..f594e7d3a4 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -42,6 +42,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-3775.patch \ file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ + file://CVE-2023-4692.patch \ + file://CVE-2023-4693.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 4c830cc058..bfd945c7ae 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -26,6 +26,15 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://handle-hup.patch \ file://local-ping.patch \ file://invalid-service.patch \ + file://CVE-2023-1981.patch \ + file://CVE-2023-38469-1.patch \ + file://CVE-2023-38469-2.patch \ + file://CVE-2023-38470-1.patch \ + file://CVE-2023-38470-2.patch \ + file://CVE-2023-38471-1.patch \ + file://CVE-2023-38471-2.patch \ + file://CVE-2023-38472.patch \ + file://CVE-2023-38473.patch \ " GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch @@ -0,0 +1,58 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] +CVE: CVE-2023-1981 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687bc..406d0b441 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..85345edc10 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch @@ -0,0 +1,48 @@ +From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Mon, 23 Oct 2023 20:29:31 +0000 +Subject: [PATCH] core: reject overly long TXT resource records + +Closes https://github.com/lathiat/avahi/issues/455 + +CVE-2023-38469 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-core/rr.c +=================================================================== +--- avahi-0.8.orig/avahi-core/rr.c ++++ avahi-0.8/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/defs.h> + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch @@ -0,0 +1,65 @@ +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 25 Oct 2023 18:15:42 +0000 +Subject: [PATCH] tests: pass overly long TXT resource records + +to make sure they don't crash avahi any more. +It reproduces https://github.com/lathiat/avahi/issues/455 + +Canonical notes: +nickgalanis> removed first hunk since there is no .github dir in this release + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -22,6 +22,7 @@ + #endif + + #include <stdio.h> ++#include <string.h> + #include <assert.h> + + #include <avahi-client/client.h> +@@ -33,6 +34,8 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/timeval.h> + ++#include <avahi-core/dns.h> ++ + static const AvahiPoll *poll_api = NULL; + static AvahiSimplePoll *simple_poll = NULL; + +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + uint32_t cookie; + struct timeval tv; + AvahiAddress a; ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; ++ AvahiStringList *txt = NULL; ++ int r; + + simple_poll = avahi_simple_poll_new(); + poll_api = avahi_simple_poll_get(simple_poll); +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ memset(rdata, 1, sizeof(rdata)); ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); ++ assert(r >= 0); ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); ++ assert(error == AVAHI_ERR_INVALID_RECORD); ++ avahi_string_list_free(txt); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..4cca81698b --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch @@ -0,0 +1,57 @@ +From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] +CVE: CVE-2023-38470 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain-test.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain-test.c ++++ avahi-0.8/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch @@ -0,0 +1,52 @@ +From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 19 Sep 2023 03:21:25 +0000 +Subject: [PATCH] [common] bail out when escaped labels can't fit into ret + +Fixes: +``` +==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 +READ of size 1110 at 0x7f9e76f14c16 thread T0 + #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) + #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 + #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 +``` +and +``` +fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. +==101571== ERROR: libFuzzer: deadly signal + #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 +``` + +It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security +CVE: CVE-2023-38470 #Follow-up patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s + } else + empty = 0; + +- avahi_escape_label(label, strlen(label), &r, &size); ++ if (!(avahi_escape_label(label, strlen(label), &r, &size))) ++ return NULL; + } + + return ret_s; diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..07cd3246e8 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch @@ -0,0 +1,73 @@ +From 894f085f402e023a98cbb6f5a3d117bd88d93b09 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Mon, 23 Oct 2023 13:38:35 +0200 +Subject: [PATCH] core: extract host name using avahi_unescape_label() + +Previously we could create invalid escape sequence when we split the +string on dot. For example, from valid host name "foo\\.bar" we have +created invalid name "foo\\" and tried to set that as the host name +which crashed the daemon. + +Fixes #453 + +CVE-2023-38471 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-1.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] +CVE: CVE-2023-38471 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch @@ -0,0 +1,52 @@ +From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 24 Oct 2023 22:04:51 +0000 +Subject: [PATCH] core: return errors from avahi_server_set_host_name properly + +It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] +CVE: CVE-2023-38471 #Follow-up Patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + ++ if (!hn) ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); ++ + h = hn; + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { + avahi_free(h); +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + } + + avahi_free(h); +@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ + h = label_escaped; + len = sizeof(label_escaped); + if (!avahi_escape_label(label, strlen(label), &h, &len)) +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ + avahi_free(s->host_name); + s->host_name = avahi_strdup(label_escaped); + if (!s->host_name) +- return AVAHI_ERR_NO_MEMORY; ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + + update_fqdn(s); + diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..5c63edb31f --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch @@ -0,0 +1,45 @@ +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Thu, 19 Oct 2023 17:36:44 +0200 +Subject: [PATCH] core: make sure there is rdata to process before parsing it + +Fixes #452 + +CVE-2023-38472 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] +CVE: CVE-2023-38472 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + assert(error == AVAHI_ERR_INVALID_RECORD); + avahi_string_list_free(txt); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +Index: avahi-0.8/avahi-daemon/dbus-entry-group.c +=================================================================== +--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c ++++ avahi-0.8/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..d7c69225b1 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch @@ -0,0 +1,109 @@ +From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 11 Oct 2023 17:45:44 +0200 +Subject: [PATCH] common: derive alternative host name from its unescaped + version + +Normalization of input makes sure we don't have to deal with special +cases like unescaped dot at the end of label. + +Fixes #451 #487 +CVE-2023-38473 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38473.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] +CVE: CVE-2023-38473 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +Index: avahi-0.8/avahi-common/alternative-test.c +=================================================================== +--- avahi-0.8.orig/avahi-common/alternative-test.c ++++ avahi-0.8/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +Index: avahi-0.8/avahi-common/alternative.c +=================================================================== +--- avahi-0.8.orig/avahi-common/alternative.c ++++ avahi-0.8/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb index 8124c5c591..187685eef5 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc" +SRC_URI[sha256sum] = "4b891ebf58d3f2a7ac3dd2682990f528a3448eaa1c992ddc5c141b8587a98ec5" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index e10158a6e5..a23e4e58a6 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -55,6 +55,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0004-src-shared-util.c-include-linux-limits.h.patch \ + file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch new file mode 100644 index 0000000000..d0884338db --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch @@ -0,0 +1,313 @@ +From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 10 Oct 2023 12:38:29 -0700 +Subject: [PATCH 02/40] input: Fix .device_probe failing if SDP record is not + found + +Due to changes introduced by 67a26abe53bf +("profile: Add probe_on_discover flag") profiles may get probed when +their profile UUID are discovered, rather than resolved, which means +the SDP record may not be available. + +Fixes: https://github.com/bluez/bluez/issues/614 + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb] +--- + profiles/input/device.c | 182 +++++++++++++++++++--------------------- + 1 file changed, 84 insertions(+), 98 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index e2ac6ea60..4a50ea992 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -60,7 +60,7 @@ struct input_device { + char *path; + bdaddr_t src; + bdaddr_t dst; +- uint32_t handle; ++ const sdp_record_t *rec; + GIOChannel *ctrl_io; + GIOChannel *intr_io; + guint ctrl_watch; +@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size) + } + } + +-static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) ++static int create_hid_dev_name(const sdp_record_t *rec, ++ struct hidp_connadd_req *req) + { + char sdesc[sizeof(req->name) / 2]; + +@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) + + /* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details + * on the attribute format. */ +-static int extract_hid_desc_data(sdp_record_t *rec, ++static int extract_hid_desc_data(const sdp_record_t *rec, + struct hidp_connadd_req *req) + { + sdp_data_t *d; +@@ -817,36 +818,40 @@ invalid_desc: + return -EINVAL; + } + +-static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req) ++static int extract_hid_record(struct input_device *idev, ++ struct hidp_connadd_req *req) + { + sdp_data_t *pdlist; + uint8_t attr_val; + int err; + +- err = create_hid_dev_name(rec, req); ++ if (!idev->rec) ++ return -ENOENT; ++ ++ err = create_hid_dev_name(idev->rec, req); + if (err < 0) + DBG("No valid Service Name or Service Description found"); + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION); + req->parser = pdlist ? pdlist->val.uint16 : 0x0100; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS); + req->subclass = pdlist ? pdlist->val.uint8 : 0; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE); + req->country = pdlist ? pdlist->val.uint8 : 0; + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE); + attr_val = pdlist ? pdlist->val.uint8 : 0; + if (attr_val) + req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG); + +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE); ++ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE); + attr_val = pdlist ? pdlist->val.uint8 : 0; + if (attr_val) + req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); + +- err = extract_hid_desc_data(rec, req); ++ err = extract_hid_desc_data(idev->rec, req); + if (err < 0) + return err; + +@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition, + static int hidp_add_connection(struct input_device *idev) + { + struct hidp_connadd_req *req; +- sdp_record_t *rec; +- char src_addr[18], dst_addr[18]; +- char filename[PATH_MAX]; +- GKeyFile *key_file; +- char handle[11], *str; + GError *gerr = NULL; + int err; + +@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev) + req->flags = 0; + req->idle_to = idle_timeout; + +- ba2str(&idev->src, src_addr); +- ba2str(&idev->dst, dst_addr); +- +- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr, +- dst_addr); +- sprintf(handle, "0x%8.8X", idev->handle); +- +- key_file = g_key_file_new(); +- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) { +- error("Unable to load key file from %s: (%s)", filename, +- gerr->message); +- g_clear_error(&gerr); +- } +- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL); +- g_key_file_free(key_file); +- +- if (!str) { +- error("Rejected connection from unknown device %s", dst_addr); +- err = -EPERM; +- goto cleanup; +- } +- +- rec = record_from_string(str); +- g_free(str); +- +- err = extract_hid_record(rec, req); +- sdp_record_free(rec); ++ err = extract_hid_record(idev, req); + if (err < 0) { + error("Could not parse HID SDP record: %s (%d)", strerror(-err), + -err); +@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev) + + /* Make sure the device is bonded if required */ + if (classic_bonded_only && !input_device_bonded(idev)) { +- error("Rejected connection from !bonded device %s", dst_addr); ++ error("Rejected connection from !bonded device %s", idev->path); + goto cleanup; + } + +@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags) + return ioctl_disconnect(idev, flags); + } + ++static bool is_device_sdp_disable(const sdp_record_t *rec) ++{ ++ sdp_data_t *data; ++ ++ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); ++ ++ return data && data->val.uint8; ++} ++ ++static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, ++ bool normally_connectable) ++{ ++ if (!reconnect_initiate && !normally_connectable) ++ return RECONNECT_NONE; ++ else if (!reconnect_initiate && normally_connectable) ++ return RECONNECT_HOST; ++ else if (reconnect_initiate && !normally_connectable) ++ return RECONNECT_DEVICE; ++ else /* (reconnect_initiate && normally_connectable) */ ++ return RECONNECT_ANY; ++} ++ ++static void extract_hid_props(struct input_device *idev, ++ const sdp_record_t *rec) ++{ ++ /* Extract HID connectability */ ++ bool reconnect_initiate, normally_connectable; ++ sdp_data_t *pdlist; ++ ++ /* HIDNormallyConnectable is optional and assumed FALSE if not ++ * present. ++ */ ++ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); ++ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; ++ ++ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); ++ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; ++ ++ /* Update local values */ ++ idev->reconnect_mode = ++ hid_reconnection_mode(reconnect_initiate, normally_connectable); ++} ++ ++static void input_device_update_rec(struct input_device *idev) ++{ ++ struct btd_profile *p = btd_service_get_profile(idev->service); ++ const sdp_record_t *rec; ++ ++ rec = btd_device_get_record(idev->device, p->remote_uuid); ++ if (!rec || idev->rec == rec) ++ return; ++ ++ idev->rec = rec; ++ idev->disable_sdp = is_device_sdp_disable(rec); ++ ++ /* Initialize device properties */ ++ extract_hid_props(idev, rec); ++ ++ if (idev->disable_sdp) ++ device_set_refresh_discovery(idev->device, false); ++} ++ + static int input_device_connected(struct input_device *idev) + { + int err; +@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev) + if (idev->intr_io == NULL || idev->ctrl_io == NULL) + return -ENOTCONN; + ++ /* Attempt to update SDP record if it had changed */ ++ input_device_update_rec(idev); ++ + err = hidp_add_connection(idev); + if (err < 0) + return err; +@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service) + return 0; + } + +-static bool is_device_sdp_disable(const sdp_record_t *rec) +-{ +- sdp_data_t *data; +- +- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); +- +- return data && data->val.uint8; +-} +- +-static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, +- bool normally_connectable) +-{ +- if (!reconnect_initiate && !normally_connectable) +- return RECONNECT_NONE; +- else if (!reconnect_initiate && normally_connectable) +- return RECONNECT_HOST; +- else if (reconnect_initiate && !normally_connectable) +- return RECONNECT_DEVICE; +- else /* (reconnect_initiate && normally_connectable) */ +- return RECONNECT_ANY; +-} +- +-static void extract_hid_props(struct input_device *idev, +- const sdp_record_t *rec) +-{ +- /* Extract HID connectability */ +- bool reconnect_initiate, normally_connectable; +- sdp_data_t *pdlist; +- +- /* HIDNormallyConnectable is optional and assumed FALSE +- * if not present. */ +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); +- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; +- +- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); +- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; +- +- /* Update local values */ +- idev->reconnect_mode = +- hid_reconnection_mode(reconnect_initiate, normally_connectable); +-} +- + static struct input_device *input_device_new(struct btd_service *service) + { + struct btd_device *device = btd_service_get_device(service); +- struct btd_profile *p = btd_service_get_profile(service); + const char *path = device_get_path(device); +- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid); + struct btd_adapter *adapter = device_get_adapter(device); + struct input_device *idev; + +- if (!rec) +- return NULL; +- + idev = g_new0(struct input_device, 1); + bacpy(&idev->src, btd_adapter_get_address(adapter)); + bacpy(&idev->dst, device_get_address(device)); + idev->service = btd_service_ref(service); + idev->device = btd_device_ref(device); + idev->path = g_strdup(path); +- idev->handle = rec->handle; +- idev->disable_sdp = is_device_sdp_disable(rec); +- +- /* Initialize device properties */ +- extract_hid_props(idev, rec); + +- if (idev->disable_sdp) +- device_set_refresh_discovery(device, false); ++ input_device_update_rec(idev); + + return idev; + } +-- +2.42.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -0,0 +1,374 @@ +From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From: William Lyu <William.Lyu@windriver.com> +Date: Fri, 20 Oct 2023 16:22:37 -0400 +Subject: [PATCH] Added handshake history reporting when test fails + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- + test/helpers/handshake.h | 70 +++++++++++++++++++- + test/ssl_test.c | 44 +++++++++++++ + 3 files changed, 218 insertions(+), 35 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index e0422469e4..ae2ad59dd4 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -24,6 +24,102 @@ + #include <netinet/sctp.h> + #endif + ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++/* Maps string names to various enumeration type */ ++typedef struct { ++ const char *name; ++ int value; ++} enum_name_map; ++ ++static const enum_name_map connect_phase_names[] = { ++ {"Handshake", HANDSHAKE}, ++ {"RenegAppData", RENEG_APPLICATION_DATA}, ++ {"RenegSetup", RENEG_SETUP}, ++ {"RenegHandshake", RENEG_HANDSHAKE}, ++ {"AppData", APPLICATION_DATA}, ++ {"Shutdown", SHUTDOWN}, ++ {"ConnectionDone", CONNECTION_DONE} ++}; ++ ++static const enum_name_map peer_status_names[] = { ++ {"PeerSuccess", PEER_SUCCESS}, ++ {"PeerRetry", PEER_RETRY}, ++ {"PeerError", PEER_ERROR}, ++ {"PeerWaiting", PEER_WAITING}, ++ {"PeerTestFail", PEER_TEST_FAILURE} ++}; ++ ++static const enum_name_map handshake_status_names[] = { ++ {"HandshakeSuccess", HANDSHAKE_SUCCESS}, ++ {"ClientError", CLIENT_ERROR}, ++ {"ServerError", SERVER_ERROR}, ++ {"InternalError", INTERNAL_ERROR}, ++ {"HandshakeRetry", HANDSHAKE_RETRY} ++}; ++ ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++static const char *enum_name(const enum_name_map *enums, size_t num_enums, ++ int value) ++{ ++ size_t i; ++ for (i = 0; i < num_enums; i++) { ++ if (enums[i].value == value) { ++ return enums[i].name; ++ } ++ } ++ return "InvalidValue"; ++} ++ ++const char *handshake_connect_phase_name(connect_phase_t phase) ++{ ++ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), ++ (int)phase); ++} ++ ++const char *handshake_status_name(handshake_status_t handshake_status) ++{ ++ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), ++ (int)handshake_status); ++} ++ ++const char *handshake_peer_status_name(peer_status_t peer_status) ++{ ++ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), ++ (int)peer_status); ++} ++ ++static void save_loop_history(HANDSHAKE_HISTORY *history, ++ connect_phase_t phase, ++ handshake_status_t handshake_status, ++ peer_status_t server_status, ++ peer_status_t client_status, ++ int client_turn_count, ++ int is_client_turn) ++{ ++ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; ++ ++ /* ++ * Create a new history entry for a handshake loop with statuses given in ++ * the arguments. Potentially evicting the oldest entry when the ++ * ring buffer is full. ++ */ ++ ++(history->last_idx); ++ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ ++ new_entry = &((history->entries)[history->last_idx]); ++ new_entry->phase = phase; ++ new_entry->handshake_status = handshake_status; ++ new_entry->server_status = server_status; ++ new_entry->client_status = client_status; ++ new_entry->client_turn_count = client_turn_count; ++ new_entry->is_client_turn = is_client_turn; ++ ++ /* Evict the oldest handshake loop entry when the ring buffer is full. */ ++ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { ++ ++(history->entry_count); ++ } ++} ++ + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) + { + HANDSHAKE_RESULT *ret; +@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, + SSL_set_post_handshake_auth(client, 1); + } + +-/* The status for each connection phase. */ +-typedef enum { +- PEER_SUCCESS, +- PEER_RETRY, +- PEER_ERROR, +- PEER_WAITING, +- PEER_TEST_FAILURE +-} peer_status_t; +- + /* An SSL object and associated read-write buffers. */ + typedef struct peer_st { + SSL *ssl; +@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) + } + } + +-typedef enum { +- HANDSHAKE, +- RENEG_APPLICATION_DATA, +- RENEG_SETUP, +- RENEG_HANDSHAKE, +- APPLICATION_DATA, +- SHUTDOWN, +- CONNECTION_DONE +-} connect_phase_t; +- +- + static int renegotiate_op(const SSL_TEST_CTX *test_ctx) + { + switch (test_ctx->handshake_mode) { +@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + } + } + +-typedef enum { +- /* Both parties succeeded. */ +- HANDSHAKE_SUCCESS, +- /* Client errored. */ +- CLIENT_ERROR, +- /* Server errored. */ +- SERVER_ERROR, +- /* Peers are in inconsistent state. */ +- INTERNAL_ERROR, +- /* One or both peers not done. */ +- HANDSHAKE_RETRY +-} handshake_status_t; +- + /* + * Determine the handshake outcome. + * last_status: the status of the peer to have acted last. +@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + + start = time(NULL); + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + /* + * Half-duplex handshake loop. + * Client and server speak to each other synchronously in the same process. +@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + 0 /* server went last */); + } + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + switch (status) { + case HANDSHAKE_SUCCESS: + client_turn_count = 0; +diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h +index 78b03f9f4b..b9967c2623 100644 +--- a/test/helpers/handshake.h ++++ b/test/helpers/handshake.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -12,6 +12,11 @@ + + #include "ssl_test_ctx.h" + ++#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 ++#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) ++#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ ++ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) ++ + typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; +@@ -22,6 +27,63 @@ typedef struct ctx_data_st { + char *session_ticket_app_data; + } CTX_DATA; + ++typedef enum { ++ HANDSHAKE, ++ RENEG_APPLICATION_DATA, ++ RENEG_SETUP, ++ RENEG_HANDSHAKE, ++ APPLICATION_DATA, ++ SHUTDOWN, ++ CONNECTION_DONE ++} connect_phase_t; ++ ++/* The status for each connection phase. */ ++typedef enum { ++ PEER_SUCCESS, ++ PEER_RETRY, ++ PEER_ERROR, ++ PEER_WAITING, ++ PEER_TEST_FAILURE ++} peer_status_t; ++ ++typedef enum { ++ /* Both parties succeeded. */ ++ HANDSHAKE_SUCCESS, ++ /* Client errored. */ ++ CLIENT_ERROR, ++ /* Server errored. */ ++ SERVER_ERROR, ++ /* Peers are in inconsistent state. */ ++ INTERNAL_ERROR, ++ /* One or both peers not done. */ ++ HANDSHAKE_RETRY ++} handshake_status_t; ++ ++/* Stores the various status information in a handshake loop. */ ++typedef struct handshake_history_entry_st { ++ connect_phase_t phase; ++ handshake_status_t handshake_status; ++ peer_status_t server_status; ++ peer_status_t client_status; ++ int client_turn_count; ++ int is_client_turn; ++} HANDSHAKE_HISTORY_ENTRY; ++ ++typedef struct handshake_history_st { ++ /* Implemented using ring buffer. */ ++ /* ++ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, ++ * ..., etc., going up to |entry_count| number of entries. Note that when ++ * the index into the array |entries| becomes < 0, we wrap around to ++ * the end of |entries|. ++ */ ++ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; ++ /* The number of valid entries in |entries| array. */ ++ size_t entry_count; ++ /* The index of the last valid entry in the |entries| array. */ ++ size_t last_idx; ++} HANDSHAKE_HISTORY; ++ + typedef struct handshake_result { + ssl_test_result_t result; + /* These alerts are in the 2-byte format returned by the info_callback. */ +@@ -77,6 +139,8 @@ typedef struct handshake_result { + char *cipher; + /* session ticket application data */ + char *result_session_ticket_app_data; ++ /* handshake loop history */ ++ HANDSHAKE_HISTORY history; + } HANDSHAKE_RESULT; + + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); +@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); + ++const char *handshake_connect_phase_name(connect_phase_t phase); ++const char *handshake_status_name(handshake_status_t handshake_status); ++const char *handshake_peer_status_name(peer_status_t peer_status); ++ + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ +diff --git a/test/ssl_test.c b/test/ssl_test.c +index ea608518f9..9d6b093c81 100644 +--- a/test/ssl_test.c ++++ b/test/ssl_test.c +@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; + /* Currently the section names are of the form test-<number>, e.g. test-15. */ + #define MAX_TESTCASE_NAME_LENGTH 100 + ++static void print_handshake_history(const HANDSHAKE_HISTORY *history) ++{ ++ size_t first_idx; ++ size_t i; ++ size_t cur_idx; ++ const HANDSHAKE_HISTORY_ENTRY *cur_entry; ++ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; ++ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; ++ ++ TEST_info("The following is the server/client state " ++ "in the most recent %d handshake loops.", ++ MAX_HANDSHAKE_HISTORY_ENTRY); ++ ++ TEST_note("==================================================" ++ "=================================================="); ++ TEST_note(header_template, ++ "phase", "handshake status", "server status", ++ "client status", "client turn count", "is client turn"); ++ TEST_note("+--------------+----------------+----------------" ++ "+----------------+-----------------+--------------+"); ++ ++ first_idx = (history->last_idx - history->entry_count + 1) & ++ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ for (i = 0; i < history->entry_count; ++i) { ++ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ cur_entry = &(history->entries)[cur_idx]; ++ TEST_note(body_template, ++ handshake_connect_phase_name(cur_entry->phase), ++ handshake_status_name(cur_entry->handshake_status), ++ handshake_peer_status_name(cur_entry->server_status), ++ handshake_peer_status_name(cur_entry->client_status), ++ cur_entry->client_turn_count, ++ cur_entry->is_client_turn ? "true" : "false"); ++ } ++ TEST_note("==================================================" ++ "=================================================="); ++} ++ + static const char *print_alert(int alert) + { + return alert ? SSL_alert_desc_string_long(alert) : "no alert"; +@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) + ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); + } ++ ++ /* Print handshake loop history if any check fails. */ ++ if (!ret) { ++ print_handshake_history(&(result->history)); ++ } ++ + return ret; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb index b1d5d8766f..0fe4e76808 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://fix_random_labels.patch \ + file://0001-Added-handshake-history-reporting-when-test-fails.patch \ " SRC_URI:append:class-nativesdk = " \ diff --git a/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch b/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch deleted file mode 100644 index 2cc6174e2a..0000000000 --- a/poky/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 25e3bf09bbbb04aa930ea0fd9f28809a24fb7194 Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Sun, 2 Oct 2022 17:47:29 +0200 -Subject: [PATCH] Make it possible to configure whether to use SELinux or not - -Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/396c41bb35e03c5dcc727aa9f74218a45874ac1f] -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - configure.ac | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 589df88..e46403b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -13,7 +13,18 @@ AC_SYS_LARGEFILE - - dnl Scan for things we need - AC_CHECK_FUNCS([putgrent]) --AC_CHECK_LIB([selinux], [is_selinux_enabled]) -+ -+dnl Check for SELinux -+AC_MSG_CHECKING([whether to enable SELinux support]) -+AC_ARG_ENABLE([selinux], -+ [AS_HELP_STRING([--disable-selinux], [disable support for SELinux])], -+ [], -+ [enable_selinux=yes]) -+AC_MSG_RESULT($enable_selinux) -+AS_IF([test "x$enable_selinux" != xno], -+ [AC_CHECK_LIB([selinux], [is_selinux_enabled], [], -+ [AC_MSG_ERROR( -+ [SELinux support not available (use --disable-selinux to disable)])])]) - - dnl Check for debconf - AC_MSG_CHECKING([whether to enable debconf support]) diff --git a/poky/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb index 44bcfb0199..bb4b49e6ab 100644 --- a/poky/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb +++ b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb @@ -11,12 +11,11 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ file://0005-Add-kvm-group.patch \ - file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ file://0007-Add-wheel-group.patch \ file://0001-base-passwd-Add-the-sgx-group.patch \ " -SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" +SRC_URI[sha256sum] = "06dc78352bf38a8df76ff295e15ab5654cdefe41e62368b15bfcbbab8e4ec2a0" # the package is taken from launchpad; that source is static and goes stale # so we check the latest upstream from a directory that does get updated diff --git a/poky/meta/recipes-core/ell/ell_0.59.bb b/poky/meta/recipes-core/ell/ell_0.60.bb index 0483dbe582..4e414f3b90 100644 --- a/poky/meta/recipes-core/ell/ell_0.59.bb +++ b/poky/meta/recipes-core/ell/ell_0.60.bb @@ -15,7 +15,7 @@ DEPENDS = "dbus" inherit autotools pkgconfig SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "370dc2b7c73cd57856017180a2a70a15ca1b0183bfd453b3cffe2d707c37da3d" +SRC_URI[sha256sum] = "61cec2df694b548e51afa3e7ffd1e1ad31a9fea7bedb93a3a3cc60894390c70f" do_configure:prepend () { mkdir -p ${S}/build-aux diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb index 500e4e873e..a490262112 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "44eaab8b720877ce303c5540b657b126f12dc94972d9880b52959f43fb537b30" +SRC_URI[sha256sum] = "915bc3d0f8507d650ead3832e2f8fb670fce59aac4d7754a7dab6f1e6fed78b2" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 19b98bc11a..0ef4289557 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701" +SRCREV_glibc ?= "44f757a6364a546359809d48c76b3debd26e77d4" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 2b164afc99..3a049b8e37 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "3bcf525a688a9989ac37394f44a831d54b01ba14" +SRCREV ?= "59e8c565ef9cddb4cab90017d187368aa34f361b" SRC_URI = "git://git.yoctoproject.org/poky;branch=nanbield \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb index d0321f1bb5..bfe48b27e7 100644 --- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,8 +26,8 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Timeout for blocking socket operations, such as the connection attempt. -CVE_SOCKET_TIMEOUT ?= "60" +# Number of attmepts for each http query to nvd server before giving up +CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" @@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file): if os.path.exists(db_tmp_file): os.remove(db_tmp_file) -def nvd_request_next(url, api_key, args): +def nvd_request_wait(attempt, min_wait): + return min ( ( (2 * attempt) + min_wait ) , 30) + +def nvd_request_next(url, attempts, api_key, args, min_wait): """ Request next part of the NVD dabase """ @@ -130,7 +133,7 @@ def nvd_request_next(url, api_key, args): request.add_header("apiKey", api_key) bb.note("Requesting %s" % request.full_url) - for attempt in range(5): + for attempt in range(attempts): try: r = urllib.request.urlopen(request) @@ -143,8 +146,10 @@ def nvd_request_next(url, api_key, args): r.close() except Exception as e: - bb.note("CVE database: received error (%s), retrying" % (e)) - time.sleep(6) + wait_time = nvd_request_wait(attempt, min_wait) + bb.note("CVE database: received error (%s)" % (e)) + bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts)) + time.sleep(wait_time) pass else: return raw_data @@ -186,10 +191,16 @@ def update_db_file(db_tmp_file, d, database_time): index = 0 url = d.getVar("NVDCVE_URL") api_key = d.getVar("NVDCVE_API_KEY") or None + attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS")) + + # Recommended by NVD + wait_time = 6 + if api_key: + wait_time = 2 while True: req_args['startIndex'] = index - raw_data = nvd_request_next(url, api_key, req_args) + raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time) if raw_data is None: # We haven't managed to download data return False @@ -209,7 +220,7 @@ def update_db_file(db_tmp_file, d, database_time): break # Recommended by NVD - time.sleep(6) + time.sleep(wait_time) # Update success, set the date to cve_check file. cve_f.write('CVE database update : %s\n\n' % datetime.date.today()) diff --git a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb index 4ee25ee72f..2b43ccf243 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb @@ -8,6 +8,10 @@ DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native inherit meson pkgconfig gettext inherit deploy +SRC_URI += " \ + file://0030-meson-Pass-all-static-pie-args-to-linker.patch \ + " + LDFLAGS:prepend = "${@ " ".join(d.getVar('LD').split()[1:])} " EFI_LD = "bfd" diff --git a/poky/meta/recipes-core/systemd/systemd-compat-units.bb b/poky/meta/recipes-core/systemd/systemd-compat-units.bb index 253bc9fcf1..c03d97f9c9 100644 --- a/poky/meta/recipes-core/systemd/systemd-compat-units.bb +++ b/poky/meta/recipes-core/systemd/systemd-compat-units.bb @@ -27,7 +27,8 @@ SYSTEMD_DISABLED_SYSV_SERVICES = " \ pkg_postinst:${PN} () { - cd $D${sysconfdir}/init.d || exit 0 + test -d $D${sysconfdir}/init.d || exit 0 + cd $D${sysconfdir}/init.d echo "Disabling the following sysv scripts: " diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 3ba0b5ffc5..ccc3236457 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -10,7 +10,8 @@ state, maintains mount and automount points and implements an \ elaborate transactional dependency-based service control logic. It can \ work as a drop-in replacement for sysvinit." -LICENSE = "GPL-2.0-only & LGPL-2.1-only" +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later" +LICENSE:libsystemd = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" diff --git a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch new file mode 100644 index 0000000000..8e563238ef --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch @@ -0,0 +1,35 @@ +From f85a387a67900b02c69abccb88c2ef7191c67277 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Sun, 1 Oct 2023 09:55:48 +0200 +Subject: [PATCH] meson: Pass all -static-pie args to linker + +Fixes: #29381 + +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef] +Signed-off-by: Viswanath Kraleti <quic_vkraleti@quicinc.com> +--- + src/boot/efi/meson.build | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build +index 2773eaf286..9a60a57329 100644 +--- a/src/boot/efi/meson.build ++++ b/src/boot/efi/meson.build +@@ -161,9 +161,14 @@ efi_c_ld_args = [ + '-Wl,--entry=efi_main', + '-Wl,--fatal-warnings', + +- # These flags should be passed by -static-pie, but seem to be missing sometimes. +- '-Wl,--no-dynamic-linker', +- '-z', 'text', ++ # These flags should be passed by -static-pie, but for whatever reason the flag translation ++ # is not enabled on all architectures. Not passing `-static` would just allow the linker to ++ # use dynamic libraries, (which we can't/don't use anyway). But if `-pie` is missing and the ++ # gcc build does not default to `-pie` we get a regular (no-pie) binary that will be ++ # rightfully rejected by elf2efi. Note that meson also passes `-pie` to the linker driver, ++ # but it is overridden by our `-static-pie`. We also need to pass these directly to the ++ # linker as `-static`+`-pie` seem to get translated differently. ++ '-Wl,-static,-pie,--no-dynamic-linker,-z,text', + + # EFI has 4KiB pages. + '-z', 'common-page-size=4096', diff --git a/poky/meta/recipes-core/systemd/systemd_254.4.bb b/poky/meta/recipes-core/systemd/systemd_254.4.bb index 77724eb822..285ca92e68 100644 --- a/poky/meta/recipes-core/systemd/systemd_254.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_254.4.bb @@ -178,7 +178,7 @@ PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" -PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" +PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false,,libnss-systemd" PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false" @@ -826,15 +826,31 @@ ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel" ALTERNATIVE_PRIORITY[runlevel] ?= "300" pkg_postinst:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then + sed -e 's#\(^passwd:.*\)#\1 systemd#' \ + -e 's#\(^group:.*\)#\1 systemd#' \ + -e 's#\(^shadow:.*\)#\1 systemd#' \ + -i $D${sysconfdir}/nsswitch.conf + fi } pkg_prerm:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e '/^hosts:/s/\s*myhostname//' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e '/^hosts:/s/\s*myhostname//' \ + -i $D${sysconfdir}/nsswitch.conf + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then + sed -e '/^passwd:/s#\s*systemd##' \ + -e '/^group:/s#\s*systemd##' \ + -e '/^shadow:/s#\s*systemd##' \ + -i $D${sysconfdir}/nsswitch.conf + fi } PACKAGE_WRITE_DEPS += "qemu-native" diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc index b4934c02a8..d4b239258d 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc @@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_41-branch" UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" -SRCREV ?= "cb4c3555ac4cf8aaf0935cb6e4b09e6882436d21" +SRCREV ?= "e13f70c7fcb2f4a39ddad4ccb83660dbfee2caeb" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" SRC_URI = "\ ${BINUTILS_GIT_URI} \ diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.27.7.bb index 546d117156..546d117156 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.27.7.bb diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index ef4eec5ab1..ecb0e487df 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -19,7 +19,7 @@ CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ " -SRC_URI[sha256sum] = "5175e8fe1ca9b1dd09090130db7201968bcce1595971ff9e9998c2f0765004c9" +SRC_URI[sha256sum] = "08f71a106036bf051f692760ef9558c0577c42ac39e96ba097e7662bd4158d8e" UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb b/poky/meta/recipes-devtools/cmake/cmake_3.27.7.bb index 6a9a3266df..6a9a3266df 100644 --- a/poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb +++ b/poky/meta/recipes-devtools/cmake/cmake_3.27.7.bb diff --git a/poky/meta/recipes-devtools/json-c/json-c_0.17.bb b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb index f4b7a32cea..20bcece768 100644 --- a/poky/meta/recipes-devtools/json-c/json-c_0.17.bb +++ b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb @@ -17,6 +17,9 @@ UPSTREAM_CHECK_REGEX = "json-c-(?P<pver>\d+(\.\d+)+)-\d+" RPROVIDES:${PN} = "libjson" +# Required for ICECC builds +EXTRA_OECMAKE = "-DDISABLE_WERROR=ON" + inherit cmake ptest do_install_ptest() { diff --git a/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.0.bb b/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.1.bb index e0c16d2e73..be3c787ab2 100644 --- a/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.0.bb +++ b/poky/meta/recipes-devtools/log4cplus/log4cplus_2.1.1.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=41e8e060c26822886b592ab4765c756b" SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}-stable/${PV}/${BP}.tar.gz \ " -SRC_URI[sha256sum] = "2a8eb99d71b0680c0520c7c16248cdb4195da82f396b79fea30b0d9e289c8c72" +SRC_URI[sha256sum] = "42dc435928917fd2f847046c4a0c6086b2af23664d198c7fc1b982c0bfe600c1" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/log4cplus/files/log4cplus-stable/" UPSTREAM_CHECK_REGEX = "log4cplus-stable/(?P<pver>\d+(\.\d+)+)/" diff --git a/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch b/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch deleted file mode 100644 index 4de4a5b955..0000000000 --- a/poky/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Tue, 5 Sep 2023 19:47:33 +0200 -Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions - -These started to matter in perl 5.38 where they are used to print -line numbers. - -Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - cnf/configure_pfmt.sh | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh -index 8f93da1..7bb4b6f 100644 ---- a/cnf/configure_pfmt.sh -+++ b/cnf/configure_pfmt.sh -@@ -52,3 +52,9 @@ else - define uvxformat '"lx"' - define uvXUformat '"lX"' - fi -+ -+define i32dformat 'PRId32' -+define u32uformat 'PRIu32' -+define u32oformat 'PRIo32' -+define u32xformat 'PRIx32' -+define u32XUformat 'PRIX32' diff --git a/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.bb b/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb index 7ca4977b97..b41c182fad 100644 --- a/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.bb +++ b/poky/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb @@ -15,11 +15,10 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \ file://determinism.patch \ file://0001-Makefile-check-the-file-if-patched-or-not.patch \ - file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \ " GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/" -SRC_URI[perl-cross.sha256sum] = "d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211" +SRC_URI[perl-cross.sha256sum] = "584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90" S = "${WORKDIR}/perl-cross-${PV}" diff --git a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb index 639664e355..a9d684cfc5 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb @@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517" +SRC_URI[perl.sha256sum] = "a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e" B = "${WORKDIR}/perl-${PV}-build" diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb index cd2a9dd4ef..c286838086 100644 --- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb +++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda" -SRC_URI[sha256sum] = "b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564" +SRC_URI[sha256sum] = "c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84" inherit pypi python_hatchling diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch new file mode 100644 index 0000000000..199031d42a --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch @@ -0,0 +1,32 @@ +From 013ff01fdf2aa6ca69a7c80a2a2996630877e4ea Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <tgamblin@baylibre.com> +Date: Fri, 6 Oct 2023 10:59:44 -0400 +Subject: [PATCH] test_storlines: skip due to load variability + +This is yet another test that intermittently fails on the Yocto AB when +a worker is under heavy load, so skip it during testing. + +Upstream-Status: Inappropriate [OE-Specific] + +[YOCTO #14933] + +Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> +--- + Lib/test/test_ftplib.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py +index 082a90d46b..508814d56a 100644 +--- a/Lib/test/test_ftplib.py ++++ b/Lib/test/test_ftplib.py +@@ -629,6 +629,7 @@ def test_storbinary_rest(self): + self.client.storbinary('stor', f, rest=r) + self.assertEqual(self.server.handler_instance.rest, str(r)) + ++ @unittest.skip('timing related test, dependent on load') + def test_storlines(self): + data = RETR_DATA.replace('\r\n', '\n').encode(self.client.encoding) + f = io.BytesIO(data) +-- +2.41.0 + diff --git a/poky/meta/recipes-devtools/python/python3_3.11.5.bb b/poky/meta/recipes-devtools/python/python3_3.11.5.bb index 8e023c7dfb..d375de4b19 100644 --- a/poky/meta/recipes-devtools/python/python3_3.11.5.bb +++ b/poky/meta/recipes-devtools/python/python3_3.11.5.bb @@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \ file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \ + file://0001-test_storlines-skip-due-to-load-variability.patch \ " SRC_URI:append:class-native = " \ diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb index 73a0f63f2b..73a0f63f2b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb index 558a416f7b..558a416f7b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 78c495516f..5ab2cb83b4 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -29,18 +29,15 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ - file://0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch \ - file://0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch \ file://fixedmeson.patch \ file://fixmips.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ - file://CVE-2023-42467.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "710c101198e334d4762eef65f649bc43fa8a5dd75303554b8acfec3eb25f0e55" +SRC_URI[sha256sum] = "541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087" SRC_URI:append:class-target = " file://cross.patch" SRC_URI:append:class-nativesdk = " file://cross.patch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch deleted file mode 100644 index 7380e16ab3..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc Mon Sep 17 00:00:00 2001 -From: Richard Henderson <richard.henderson@linaro.org> -Date: Fri, 25 Aug 2023 14:06:58 -0700 -Subject: [PATCH] softmmu: Assert data in bounds in iotlb_to_section -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Acked-by: Alex Bennée <alex.bennee@linaro.org> -Suggested-by: Alex Bennée <alex.bennee@linaro.org> -Signed-off-by: Richard Henderson <richard.henderson@linaro.org> - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc] ---- - softmmu/physmem.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 3df73542e1..7597dc1c39 100644 ---- a/softmmu/physmem.c -+++ b/softmmu/physmem.c -@@ -2413,9 +2413,15 @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu, - int asidx = cpu_asidx_from_attrs(cpu, attrs); - CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx]; - AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch); -- MemoryRegionSection *sections = d->map.sections; -+ int section_index = index & ~TARGET_PAGE_MASK; -+ MemoryRegionSection *ret; -+ -+ assert(section_index < d->map.sections_nb); -+ ret = d->map.sections + section_index; -+ assert(ret->mr); -+ assert(ret->mr->ops); - -- return §ions[index & ~TARGET_PAGE_MASK]; -+ return ret; - } - - static void io_mem_init(void) --- -2.34.1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch deleted file mode 100644 index 8289b45991..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 0d58c660689f6da1e3feff8a997014003d928b3b Mon Sep 17 00:00:00 2001 -From: Richard Henderson <richard.henderson@linaro.org> -Date: Fri, 25 Aug 2023 16:13:17 -0700 -Subject: [PATCH] softmmu: Use async_run_on_cpu in tcg_commit -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -After system startup, run the update to memory_dispatch -and the tlb_flush on the cpu. This eliminates a race, -wherein a running cpu sees the memory_dispatch change -but has not yet seen the tlb_flush. - -Since the update now happens on the cpu, we need not use -qatomic_rcu_read to protect the read of memory_dispatch. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1826 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1834 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1846 -Tested-by: Alex Bennée <alex.bennee@linaro.org> -Reviewed-by: Alex Bennée <alex.bennee@linaro.org> -Signed-off-by: Richard Henderson <richard.henderson@linaro.org> - -Upstream-Status: Backport [0d58c660689f6da1e3feff8a997014003d928b3b] ---- - accel/tcg/cpu-exec-common.c | 30 ---------------------------- - include/exec/cpu-common.h | 1 - - softmmu/physmem.c | 40 +++++++++++++++++++++++++++---------- - 3 files changed, 29 insertions(+), 42 deletions(-) - -Index: qemu-8.1.0/accel/tcg/cpu-exec-common.c -=================================================================== ---- qemu-8.1.0.orig/accel/tcg/cpu-exec-common.c -+++ qemu-8.1.0/accel/tcg/cpu-exec-common.c -@@ -33,36 +33,6 @@ void cpu_loop_exit_noexc(CPUState *cpu) - cpu_loop_exit(cpu); - } - --#if defined(CONFIG_SOFTMMU) --void cpu_reloading_memory_map(void) --{ -- if (qemu_in_vcpu_thread() && current_cpu->running) { -- /* The guest can in theory prolong the RCU critical section as long -- * as it feels like. The major problem with this is that because it -- * can do multiple reconfigurations of the memory map within the -- * critical section, we could potentially accumulate an unbounded -- * collection of memory data structures awaiting reclamation. -- * -- * Because the only thing we're currently protecting with RCU is the -- * memory data structures, it's sufficient to break the critical section -- * in this callback, which we know will get called every time the -- * memory map is rearranged. -- * -- * (If we add anything else in the system that uses RCU to protect -- * its data structures, we will need to implement some other mechanism -- * to force TCG CPUs to exit the critical section, at which point this -- * part of this callback might become unnecessary.) -- * -- * This pair matches cpu_exec's rcu_read_lock()/rcu_read_unlock(), which -- * only protects cpu->as->dispatch. Since we know our caller is about -- * to reload it, it's safe to split the critical section. -- */ -- rcu_read_unlock(); -- rcu_read_lock(); -- } --} --#endif -- - void cpu_loop_exit(CPUState *cpu) - { - /* Undo the setting in cpu_tb_exec. */ -Index: qemu-8.1.0/include/exec/cpu-common.h -=================================================================== ---- qemu-8.1.0.orig/include/exec/cpu-common.h -+++ qemu-8.1.0/include/exec/cpu-common.h -@@ -133,7 +133,6 @@ static inline void cpu_physical_memory_w - { - cpu_physical_memory_rw(addr, (void *)buf, len, true); - } --void cpu_reloading_memory_map(void); - void *cpu_physical_memory_map(hwaddr addr, - hwaddr *plen, - bool is_write); -Index: qemu-8.1.0/softmmu/physmem.c -=================================================================== ---- qemu-8.1.0.orig/softmmu/physmem.c -+++ qemu-8.1.0/softmmu/physmem.c -@@ -680,8 +680,7 @@ address_space_translate_for_iotlb(CPUSta - IOMMUTLBEntry iotlb; - int iommu_idx; - hwaddr addr = orig_addr; -- AddressSpaceDispatch *d = -- qatomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch); -+ AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch; - - for (;;) { - section = address_space_translate_internal(d, addr, &addr, plen, false); -@@ -2412,7 +2411,7 @@ MemoryRegionSection *iotlb_to_section(CP - { - int asidx = cpu_asidx_from_attrs(cpu, attrs); - CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx]; -- AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch); -+ AddressSpaceDispatch *d = cpuas->memory_dispatch; - int section_index = index & ~TARGET_PAGE_MASK; - MemoryRegionSection *ret; - -@@ -2487,23 +2486,42 @@ static void tcg_log_global_after_sync(Me - } - } - -+static void tcg_commit_cpu(CPUState *cpu, run_on_cpu_data data) -+{ -+ CPUAddressSpace *cpuas = data.host_ptr; -+ -+ cpuas->memory_dispatch = address_space_to_dispatch(cpuas->as); -+ tlb_flush(cpu); -+} -+ - static void tcg_commit(MemoryListener *listener) - { - CPUAddressSpace *cpuas; -- AddressSpaceDispatch *d; -+ CPUState *cpu; - - assert(tcg_enabled()); - /* since each CPU stores ram addresses in its TLB cache, we must - reset the modified entries */ - cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener); -- cpu_reloading_memory_map(); -- /* The CPU and TLB are protected by the iothread lock. -- * We reload the dispatch pointer now because cpu_reloading_memory_map() -- * may have split the RCU critical section. -+ cpu = cpuas->cpu; -+ -+ /* -+ * Defer changes to as->memory_dispatch until the cpu is quiescent. -+ * Otherwise we race between (1) other cpu threads and (2) ongoing -+ * i/o for the current cpu thread, with data cached by mmu_lookup(). -+ * -+ * In addition, queueing the work function will kick the cpu back to -+ * the main loop, which will end the RCU critical section and reclaim -+ * the memory data structures. -+ * -+ * That said, the listener is also called during realize, before -+ * all of the tcg machinery for run-on is initialized: thus halt_cond. - */ -- d = address_space_to_dispatch(cpuas->as); -- qatomic_rcu_set(&cpuas->memory_dispatch, d); -- tlb_flush(cpuas->cpu); -+ if (cpu->halt_cond) { -+ async_run_on_cpu(cpu, tcg_commit_cpu, RUN_ON_CPU_HOST_PTR(cpuas)); -+ } else { -+ tcg_commit_cpu(cpu, RUN_ON_CPU_HOST_PTR(cpuas)); -+ } - } - - static void memory_map_init(void) diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch deleted file mode 100644 index 86ab7cf81a..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7cfcc79b0ab800959716738aff9419f53fc68c9c Mon Sep 17 00:00:00 2001 -From: Thomas Huth <thuth@redhat.com> -Date: Thu, 5 Oct 2023 06:01:10 +0000 -Subject: [PATCH] hw/scsi/scsi-disk: Disallow block sizes smaller than 512 - [CVE-2023-42467] - -We are doing things like - - nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); - -in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if -the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes -with a division by 0 exception. Thus disallow block sizes of 256 -bytes to avoid this situation. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813 -CVE: 2023-42467 -Signed-off-by: Thomas Huth <thuth@redhat.com> -Message-ID: <20230925091854.49198-1-thuth@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -CVE: CVE-2023-42467 - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c] - -Signed-off-by: Yogita Urade <yogita.urade@windriver.com> ---- - hw/scsi/scsi-disk.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c -index e0d79c796..477ee2bcd 100644 ---- a/hw/scsi/scsi-disk.c -+++ b/hw/scsi/scsi-disk.c -@@ -1628,9 +1628,10 @@ static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) - * Since the existing code only checks/updates bits 8-15 of the block - * size, restrict ourselves to the same requirement for now to ensure - * that a block size set by a block descriptor and then read back by -- * a subsequent SCSI command will be the same -+ * a subsequent SCSI command will be the same. Also disallow a block -+ * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. - */ -- if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) { -+ if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { - s->qdev.blocksize = bs; - trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); - } --- -2.40.0 diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb index 84ee0bcc49..84ee0bcc49 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_8.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb diff --git a/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch new file mode 100644 index 0000000000..bf9b251226 --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch @@ -0,0 +1,412 @@ +Author: Eric Huss <eric@huss.org> +Date: Sun Jun 11 12:52:25 2023 -0700 + + Convert valid feature name warning to an error. + +Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33] +CVE: CVE-2023-40030 +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +diff --git a/src/tools/cargo/crates/resolver-tests/src/lib.rs b/src/tools/cargo/crates/resolver-tests/src/lib.rs +index 01d9b5e6d..ab34e8663 100644 +--- a/src/tools/cargo/crates/resolver-tests/src/lib.rs ++++ b/src/tools/cargo/crates/resolver-tests/src/lib.rs +@@ -179,7 +179,6 @@ pub fn resolve_with_config_raw( + used: HashSet::new(), + }; + let summary = Summary::new( +- config, + pkg_id("root"), + deps, + &BTreeMap::new(), +@@ -581,7 +580,6 @@ pub fn pkg_dep<T: ToPkgId>(name: T, dep: Vec<Dependency>) -> Summary { + None + }; + Summary::new( +- &Config::default().unwrap(), + name.to_pkgid(), + dep, + &BTreeMap::new(), +@@ -610,7 +608,6 @@ pub fn pkg_loc(name: &str, loc: &str) -> Summary { + None + }; + Summary::new( +- &Config::default().unwrap(), + pkg_id_loc(name, loc), + Vec::new(), + &BTreeMap::new(), +@@ -625,7 +622,6 @@ pub fn remove_dep(sum: &Summary, ind: usize) -> Summary { + deps.remove(ind); + // note: more things will need to be copied over in the future, but it works for now. + Summary::new( +- &Config::default().unwrap(), + sum.package_id(), + deps, + &BTreeMap::new(), +diff --git a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs +index 002f11ff8..bf26d0498 100644 +--- a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs ++++ b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs +@@ -73,7 +73,6 @@ impl VersionPreferences { + mod test { + use super::*; + use crate::core::SourceId; +- use crate::util::Config; + use std::collections::BTreeMap; + + fn pkgid(name: &str, version: &str) -> PackageId { +@@ -90,9 +89,8 @@ mod test { + + fn summ(name: &str, version: &str) -> Summary { + let pkg_id = pkgid(name, version); +- let config = Config::default().unwrap(); + let features = BTreeMap::new(); +- Summary::new(&config, pkg_id, Vec::new(), &features, None::<&String>).unwrap() ++ Summary::new(pkg_id, Vec::new(), &features, None::<&String>).unwrap() + } + + fn describe(summaries: &Vec<Summary>) -> String { + +diff --git a/src/tools/cargo/src/cargo/core/summary.rs b/src/tools/cargo/src/cargo/core/summary.rs +index 2535c4482..1883df33b 100644 +--- a/src/tools/cargo/src/cargo/core/summary.rs ++++ b/src/tools/cargo/src/cargo/core/summary.rs +@@ -1,6 +1,6 @@ + use crate::core::{Dependency, PackageId, SourceId}; + use crate::util::interning::InternedString; +-use crate::util::{CargoResult, Config}; ++use crate::util::CargoResult; + use anyhow::bail; + use semver::Version; + use std::collections::{BTreeMap, HashMap, HashSet}; +@@ -30,7 +30,6 @@ struct Inner { + + impl Summary { + pub fn new( +- config: &Config, + pkg_id: PackageId, + dependencies: Vec<Dependency>, + features: &BTreeMap<InternedString, Vec<InternedString>>, +@@ -49,7 +48,7 @@ impl Summary { + ) + } + } +- let feature_map = build_feature_map(config, pkg_id, features, &dependencies)?; ++ let feature_map = build_feature_map(pkg_id, features, &dependencies)?; + Ok(Summary { + inner: Rc::new(Inner { + package_id: pkg_id, +@@ -140,7 +139,6 @@ impl Hash for Summary { + /// Checks features for errors, bailing out a CargoResult:Err if invalid, + /// and creates FeatureValues for each feature. + fn build_feature_map( +- config: &Config, + pkg_id: PackageId, + features: &BTreeMap<InternedString, Vec<InternedString>>, + dependencies: &[Dependency], +@@ -204,7 +202,7 @@ fn build_feature_map( + feature + ); + } +- validate_feature_name(config, pkg_id, feature)?; ++ validate_feature_name(pkg_id, feature)?; + for fv in fvs { + // Find data for the referenced dependency... + let dep_data = { +@@ -431,33 +429,63 @@ impl fmt::Display for FeatureValue { + + pub type FeatureMap = BTreeMap<InternedString, Vec<FeatureValue>>; + +-fn validate_feature_name(config: &Config, pkg_id: PackageId, name: &str) -> CargoResult<()> { ++fn validate_feature_name(pkg_id: PackageId, name: &str) -> CargoResult<()> { + let mut chars = name.chars(); +- const FUTURE: &str = "This was previously accepted but is being phased out; \ +- it will become a hard error in a future release.\n\ +- For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, \ +- and please leave a comment if this will be a problem for your project."; + if let Some(ch) = chars.next() { + if !(unicode_xid::UnicodeXID::is_xid_start(ch) || ch == '_' || ch.is_digit(10)) { +- config.shell().warn(&format!( ++ bail!( + "invalid character `{}` in feature `{}` in package {}, \ + the first character must be a Unicode XID start character or digit \ +- (most letters or `_` or `0` to `9`)\n\ +- {}", +- ch, name, pkg_id, FUTURE +- ))?; ++ (most letters or `_` or `0` to `9`)", ++ ch, ++ name, ++ pkg_id ++ ); + } + } + for ch in chars { + if !(unicode_xid::UnicodeXID::is_xid_continue(ch) || ch == '-' || ch == '+' || ch == '.') { +- config.shell().warn(&format!( ++ bail!( + "invalid character `{}` in feature `{}` in package {}, \ + characters must be Unicode XID characters, `+`, or `.` \ +- (numbers, `+`, `-`, `_`, `.`, or most letters)\n\ +- {}", +- ch, name, pkg_id, FUTURE +- ))?; ++ (numbers, `+`, `-`, `_`, `.`, or most letters)", ++ ch, ++ name, ++ pkg_id ++ ); + } + } + Ok(()) + } ++ ++#[cfg(test)] ++mod tests { ++ use super::*; ++ use crate::sources::CRATES_IO_INDEX; ++ use crate::util::into_url::IntoUrl; ++ ++ use crate::core::SourceId; ++ ++ #[test] ++ fn valid_feature_names() { ++ let loc = CRATES_IO_INDEX.into_url().unwrap(); ++ let source_id = SourceId::for_registry(&loc).unwrap(); ++ let pkg_id = PackageId::new("foo", "1.0.0", source_id).unwrap(); ++ ++ assert!(validate_feature_name(pkg_id, "c++17").is_ok()); ++ assert!(validate_feature_name(pkg_id, "128bit").is_ok()); ++ assert!(validate_feature_name(pkg_id, "_foo").is_ok()); ++ assert!(validate_feature_name(pkg_id, "feat-name").is_ok()); ++ assert!(validate_feature_name(pkg_id, "feat_name").is_ok()); ++ assert!(validate_feature_name(pkg_id, "foo.bar").is_ok()); ++ ++ assert!(validate_feature_name(pkg_id, "+foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "-foo").is_err()); ++ assert!(validate_feature_name(pkg_id, ".foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "foo:bar").is_err()); ++ assert!(validate_feature_name(pkg_id, "foo?").is_err()); ++ assert!(validate_feature_name(pkg_id, "?foo").is_err()); ++ assert!(validate_feature_name(pkg_id, "ⒶⒷⒸ").is_err()); ++ assert!(validate_feature_name(pkg_id, "a¼").is_err()); ++ } ++} +diff --git a/src/tools/cargo/src/cargo/sources/registry/index.rs b/src/tools/cargo/src/cargo/sources/registry/index.rs +index aa5c2a78c..6d565da8f 100644 +--- a/src/tools/cargo/src/cargo/sources/registry/index.rs ++++ b/src/tools/cargo/src/cargo/sources/registry/index.rs +@@ -293,7 +293,6 @@ impl<'cfg> RegistryIndex<'cfg> + 'a: 'b, + { + let source_id = self.source_id; +- let config = self.config; + + // First up actually parse what summaries we have available. If Cargo + // has run previously this will parse a Cargo-specific cache file rather +@@ -312,15 +311,13 @@ impl<'cfg> RegistryIndex<'cfg> { + .versions + .iter_mut() + .filter_map(move |(k, v)| if req.matches(k) { Some(v) } else { None }) +- .filter_map( +- move |maybe| match maybe.parse(config, raw_data, source_id) { ++ .filter_map(move |maybe| match maybe.parse(raw_data, source_id) { + Ok(summary) => Some(summary), + Err(e) => { + info!("failed to parse `{}` registry package: {}", name, e); + None + } +- }, +- ) ++ }) + .filter(move |is| { + if is.v > INDEX_V_MAX { + debug!( +@@ -605,7 +602,7 @@ impl Summaries { + // allow future cargo implementations to break the + // interpretation of each line here and older cargo will simply + // ignore the new lines. +- let summary = match IndexSummary::parse(config, line, source_id) { ++ let summary = match IndexSummary::parse(line, source_id) { + Ok(summary) => summary, + Err(e) => { + // This should only happen when there is an index +@@ -793,17 +790,12 @@ impl MaybeIndexSummary { + /// Does nothing if this is already `Parsed`, and otherwise the `raw_data` + /// passed in is sliced with the bounds in `Unparsed` and then actually + /// parsed. +- fn parse( +- &mut self, +- config: &Config, +- raw_data: &[u8], +- source_id: SourceId, +- ) -> CargoResult<&IndexSummary> { ++ fn parse(&mut self, raw_data: &[u8], source_id: SourceId,) -> CargoResult<&IndexSummary> { + let (start, end) = match self { + MaybeIndexSummary::Unparsed { start, end } => (*start, *end), + MaybeIndexSummary::Parsed(summary) => return Ok(summary), + }; +- let summary = IndexSummary::parse(config, &raw_data[start..end], source_id)?; ++ let summary = IndexSummary::parse(&raw_data[start..end], source_id)?; + *self = MaybeIndexSummary::Parsed(summary); + match self { + MaybeIndexSummary::Unparsed { .. } => unreachable!(), +@@ -823,7 +815,7 @@ impl IndexSummary { + /// a package. + /// + /// The `line` provided is expected to be valid JSON. +- fn parse(config: &Config, line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> { ++ fn parse(line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> { + // ****CAUTION**** Please be extremely careful with returning errors + // from this function. Entries that error are not included in the + // index cache, and can cause cargo to get confused when switching +@@ -853,7 +845,7 @@ impl IndexSummary { + features.entry(name).or_default().extend(values); + } + } +- let mut summary = Summary::new(config, pkgid, deps, &features, links)?; ++ let mut summary = Summary::new(pkgid, deps, &features, links)?; + summary.set_checksum(cksum); + Ok(IndexSummary { + summary, + +diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs +index 1cc32dee8..a32f0384b 100644 +--- a/src/tools/cargo/src/cargo/util/toml/mod.rs ++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs +@@ -2432,7 +2432,6 @@ impl TomlManifest { + let empty_features = BTreeMap::new(); + + let summary = Summary::new( +- config, + pkgid, + deps, + me.features.as_ref().unwrap_or(&empty_features), +diff --git a/src/tools/cargo/tests/testsuite/features.rs b/src/tools/cargo/tests/testsuite/features.rs +index 848e05677..557fab14a 100644 +--- a/src/tools/cargo/tests/testsuite/features.rs ++++ b/src/tools/cargo/tests/testsuite/features.rs +@@ -1937,8 +1937,8 @@ fn nonexistent_required_features() { + } + + #[cargo_test] +-fn invalid_feature_names_warning() { +- // Warnings for more restricted feature syntax. ++fn invalid_feature_names_error() { ++ // Errors for more restricted feature syntax. + let p = project() + .file( + "Cargo.toml", +@@ -1948,72 +1948,57 @@ fn invalid_feature_names_warning() { + version = "0.1.0" + + [features] +- # Some valid, but unusual names, shouldn't warn. +- "c++17" = [] +- "128bit" = [] +- "_foo" = [] +- "feat-name" = [] +- "feat_name" = [] +- "foo.bar" = [] +- +- # Invalid names. ++ # Invalid start character. + "+foo" = [] +- "-foo" = [] +- ".foo" = [] +- "foo:bar" = [] +- "foo?" = [] +- "?foo" = [] +- "ⒶⒷⒸ" = [] +- "a¼" = [] + "#, + ) + .file("src/lib.rs", "") + .build(); + +- // Unfortunately the warnings are duplicated due to the Summary being +- // loaded twice (once in the Workspace, and once in PackageRegistry) and +- // Cargo does not have a de-duplication system. This should probably be +- // OK, since I'm not expecting this to affect anyone. + p.cargo("check") +- .with_stderr("\ +-[WARNING] invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `-` in feature `-foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `.` in feature `.foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `?` in feature `?foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `¼` in feature `a¼` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `:` in feature `foo:bar` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `?` in feature `foo?` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓐ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓑ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[WARNING] invalid character `Ⓒ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters) +-This was previously accepted but is being phased out; it will become a hard error in a future release. +-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project. +-[CHECKING] foo v0.1.0 [..] +-[FINISHED] [..] +-") ++ .with_status(101) ++ .with_stderr( ++ "\ ++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml` ++ ++Caused by: ++ invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), \ ++ the first character must be a Unicode XID start character or digit \ ++ (most letters or `_` or `0` to `9`) ++", ++ ) ++ .run(); ++ ++ p.change_file( ++ "Cargo.toml", ++ r#" ++ [package] ++ name = "foo" ++ version = "0.1.0" ++ ++ [features] ++ # Invalid continue character. ++ "a&b" = [] ++ "#, ++ ); ++ ++ p.cargo("check") ++ .with_status(101) ++ .with_stderr( ++ "\ ++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml` ++ ++Caused by: ++ invalid character `&` in feature `a&b` in package foo v0.1.0 ([ROOT]/foo), \ ++ characters must be Unicode XID characters, `+`, or `.` \ ++ (numbers, `+`, `-`, `_`, `.`, or most letters) ++", ++ ) + .run(); + } + + #[cargo_test] +-fn invalid_feature_names_error() { ++fn invalid_feature_name_slash_error() { + // Errors for more restricted feature syntax. + let p = project() + .file( diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc index 4a720e645b..086375a3c6 100644 --- a/poky/meta/recipes-devtools/rust/rust-source.inc +++ b/poky/meta/recipes-devtools/rust/rust-source.inc @@ -7,6 +7,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://zlib-off64_t.patch;patchdir=${RUSTSRC} \ file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \ file://bootstrap_fail.patch;patchdir=${RUSTSRC} \ + file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639" diff --git a/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch b/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch deleted file mode 100644 index 5c73e1f10e..0000000000 --- a/poky/meta/recipes-devtools/strace/strace/skip-test-so_peerpidfd.gen.test.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 002d9f2512245536dfc8d62db429d97e2216ec3a Mon Sep 17 00:00:00 2001 -From: Randy MacLeod <Randy.MacLeod@windriver.com> -Date: Fri, 6 Oct 2023 12:08:23 -0700 -Subject: [PATCH] skip tests/so_peerpidfd.gen.test - -Upstream-Status: Inappropriate - -Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> ---- - tests/so_peerpidfd.gen.test | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tests/so_peerpidfd.gen.test b/tests/so_peerpidfd.gen.test -index 64ad3a2..f89da9f 100755 ---- a/tests/so_peerpidfd.gen.test -+++ b/tests/so_peerpidfd.gen.test -@@ -1,4 +1,5 @@ - #!/bin/sh -efu - # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (so_peerpidfd --trace=getsockopt -y); do not edit. - . "${srcdir=.}/init.sh" -+skip_ "Test fails due to apparently trivial log format differences" - run_strace_match_diff --trace=getsockopt -y --- -2.39.0 - diff --git a/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch b/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch new file mode 100644 index 0000000000..62f73d3643 --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/tests-fix-so_peerpidfd-test.patch @@ -0,0 +1,32 @@ +From 44cf51a38cce1e90bb6c22208fa45f95cdcc8f5d Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Sat, 14 Oct 2023 08:00:00 +0000 +Subject: [PATCH] tests: fix so_peerpidfd test + +* tests/so_peerpidfd.c (print_pidfd): Fix expected output. + +Fixes: v6.5~38 "net: implement decoding of SO_PEERPIDFD socket option" +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2243631 + +Upstream-Status: Backport [https://github.com/strace/strace/commit/44cf51a38cce1e90bb6c22208fa45f95cdcc8f5d] +Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> +--- + tests/so_peerpidfd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/so_peerpidfd.c b/tests/so_peerpidfd.c +index 33988edec..dfad1c434 100644 +--- a/tests/so_peerpidfd.c ++++ b/tests/so_peerpidfd.c +@@ -37,7 +37,7 @@ print_pidfd(int *p) + if (rc < 0) + printf("%p", p); + else +- printf("%d%s", *p, pidfd_suffix); ++ printf("[%d%s]", *p, pidfd_suffix); + } + + static void +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/strace/strace_6.5.bb b/poky/meta/recipes-devtools/strace/strace_6.5.bb index d6475e8db9..d1536b1e8d 100644 --- a/poky/meta/recipes-devtools/strace/strace_6.5.bb +++ b/poky/meta/recipes-devtools/strace/strace_6.5.bb @@ -14,7 +14,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ file://skip-load.patch \ file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \ file://0002-tests-Replace-off64_t-with-off_t.patch \ - file://skip-test-so_peerpidfd.gen.test.patch \ + file://tests-fix-so_peerpidfd-test.patch \ " SRC_URI[sha256sum] = "dfb051702389e1979a151892b5901afc9e93bbc1c70d84c906ade3224ca91980" diff --git a/poky/meta/recipes-devtools/tcltk/tcl/run-ptest b/poky/meta/recipes-devtools/tcltk/tcl/run-ptest index 5b9127784e..87e025fce1 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/run-ptest +++ b/poky/meta/recipes-devtools/tcltk/tcl/run-ptest @@ -3,7 +3,11 @@ # clock.test needs a timezone to be set export TZ="Europe/London" export TCL_LIBRARY=library -SKIPPED_TESTS= + +# Some tests are overly strict with timings and fail on loaded systems. +# See bugs #14825 #14882 #15081 #15321. +SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*' + for i in `ls tests/*.test | awk -F/ '{print $2}'`; do ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1 grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index fa32c38549..4c414b6549 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -55,7 +55,7 @@ EXTRA_OECONF = " \ --enable-debug \ --disable-relro \ --enable-libusb \ - --with-system-groups=lpadmin \ + --with-system-groups=lpadmin,root,sys,wheel \ --with-cups-group=lp \ --with-domainsocket=/run/cups/cups.sock \ --with-pkgconfpath=${libdir}/pkgconfig \ diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb index 4bad0f86e1..18c296128a 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb @@ -28,7 +28,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://configure.ac-add-option-to-explicitly-disable-neon.patch \ " -SRC_URI[sha256sum] = "e54062f166708d84ca82de9f8304a04344466080f936118b88082bd55ed6dc97" +SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" diff --git a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb index 7919ef9b24..8cc1f7cec3 100644 --- a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb +++ b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb @@ -10,9 +10,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS = "libtirpc" -PV = "2.0.0" +PV = "2.0.1" -SRCREV = "82245c0c58add79a8e34ab0917358217a70e5100" +SRCREV = "d4b22e54b5e6637a69b26eab5faad2a326c9b182" SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \ " diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.26.bb index 69cb3f7996..bae7960138 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.26.bb @@ -12,7 +12,7 @@ SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \ " -SRCREV = "f1be8bf3dcc7dc14d331adbc97f337fa08e641c9" +SRCREV = "48c985375134d2443eee551613161cadc278af2f" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb index ad16554e98..00d8183a4f 100644 --- a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb +++ b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb @@ -14,10 +14,9 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/lsb/lsb_release/1.4/lsb-release-1.4.tar file://help2man-reproducibility.patch \ " -SRC_URI[md5sum] = "30537ef5a01e0ca94b7b8eb6a36bb1e4" SRC_URI[sha256sum] = "99321288f8d62e7a1d485b7c6bdccf06766fb8ca603c6195806e4457fdf17172" -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/lsb/files/lsb_release/" +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/lsb/files/lsb_release/" UPSTREAM_CHECK_REGEX = "/lsb_release/(?P<pver>(\d+[\.\-_]*)+)/" CLEANBROKEN = "1" diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.25.bb index b8c867161b..b575fad5e1 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.25.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59" +SRC_URI[sha256sum] = "2dfe1dbbb397d26fe0b0b6b2e9cd2efdf9d72dd42d18e70d7f363ada2652d738" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.24.bb index cd3731cf74..1e39a1c5ca 100644 --- a/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb +++ b/poky/meta/recipes-extended/newt/libnewt_0.52.24.bb @@ -23,7 +23,7 @@ SRC_URI = "https://releases.pagure.org/newt/newt-${PV}.tar.gz \ file://0001-detect-gold-as-GNU-linker-too.patch \ " -SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a" +SRC_URI[sha256sum] = "5ded7e221f85f642521c49b1826c8de19845aa372baf5d630a51774b544fbdbb" S = "${WORKDIR}/newt-${PV}" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index 14a1ce18f3..2774e5e730 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2023c" +PV = "2023d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7" -SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c" +SRC_URI[tzcode.sha256sum] = "e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e" +SRC_URI[tzdata.sha256sum] = "dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3" diff --git a/poky/meta/recipes-gnome/gtk+/gtk+3.inc b/poky/meta/recipes-gnome/gtk+/gtk+3.inc index 8d01e6077f..4a04c06432 100644 --- a/poky/meta/recipes-gnome/gtk+/gtk+3.inc +++ b/poky/meta/recipes-gnome/gtk+/gtk+3.inc @@ -41,7 +41,7 @@ PACKAGECONFIG[x11] = "-Dx11_backend=true,-Dx11_backend=false,at-spi2-atk fontcon # this is provided by oe-core patch that removes epoxy/gl dependency from a X11 build PACKAGECONFIG[opengl] = "-Dopengl=true,-Dopengl=false,libepoxy" PACKAGECONFIG[wayland] = "-Dwayland_backend=true,-Dwayland_backend=false,wayland wayland-protocols libxkbcommon virtual/egl virtual/libgles2 wayland-native" -PACKAGECONFIG[cups] = ",,cups,cups" +PACKAGECONFIG[cups] = ",,cups,cups gtk3-printbackend-cups" PACKAGECONFIG[colord] = "-Dcolord=yes,-Dcolord=no,colord" PACKAGECONFIG[cloudproviders] = "-Dcloudproviders=true,-Dcloudproviders=false,libcloudproviders" PACKAGECONFIG[tracker3] = "-Dtracker3=true,-Dtracker3=false,tracker,tracker-miners" diff --git a/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb b/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb index a547db8376..001b06934e 100644 --- a/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb +++ b/poky/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb @@ -66,7 +66,7 @@ PACKAGECONFIG:class-nativesdk = "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d) PACKAGECONFIG[x11] = "-Dx11-backend=true,-Dx11-backend=false,at-spi2-atk fontconfig libx11 libxext libxcursor libxi libxdamage libxrandr libxrender libxcomposite libxfixes xinerama" PACKAGECONFIG[wayland] = "-Dwayland-backend=true,-Dwayland-backend=false,wayland wayland-protocols virtual/egl virtual/libgles2 wayland-native" PACKAGECONFIG[cloudproviders] = "-Dcloudproviders=enabled,-Dcloudproviders=disabled,libcloudproviders" -PACKAGECONFIG[cups] = "-Dprint-cups=enabled,-Dprint-cups=disabled,cups,cups" +PACKAGECONFIG[cups] = "-Dprint-cups=enabled,-Dprint-cups=disabled,cups,cups gtk4-printbackend-cups" PACKAGECONFIG[colord] = "-Dcolord=enabled,-Dcolord=disabled,colord" PACKAGECONFIG[iso-codes] = ",,iso-codes,iso-codes" PACKAGECONFIG[ffmpeg] = "-Dmedia-ffmpeg=enabled,-Dmedia-ffmpeg=disabled,ffmpeg" diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.2.bb index df41af29f9..ce1a6bed65 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \ " SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0fec78f98c9c8faf228957a201c8846f809452c20f8445eb092a1ba6f22dbea5" +SRC_URI[sha256sum] = "e433ad85fbdf57f680be29479b3f964577379aaf319f557eb76569f0ecbc90f3" DEPENDS += "glib-2.0-native" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.1.bb index 146d80008c..99ed82dac4 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.1.bb @@ -10,7 +10,7 @@ DEPENDS:append:x86:class-target = " nasm-native" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa" +SRC_URI[sha256sum] = "22429507714ae147b3acacd299e82099fce5d9f456882fc28e252e4579ba2a75" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb index 19db7ea434..43c06181e3 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" +SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb index e97a921a96..9feac147db 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "eebc2692c3aa80617d78428bc6ec7b91b254a98214d2a70e997098503cd6ef90" +SRC_URI[sha256sum] = "9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 3fcfe4b4c3..941160ea9c 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "6645d3897cc2eeb1237ee0e2ff5342bd73ee0875" +SRCREV = "7160ebe8b865dd6028aef278efa219433db93f7e" PV = "0.3+git" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index 1dbe8374bc..c0394b9b3b 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -12,6 +12,7 @@ LICENSE = "\ & Firmware-amdgpu \ & Firmware-amd-ucode \ & Firmware-amlogic_vdec \ + & Firmware-amphion_vpu \ & Firmware-atheros_firmware \ & Firmware-atmel \ & Firmware-broadcom_bcm43xx \ @@ -32,6 +33,7 @@ LICENSE = "\ & Firmware-i915 \ & Firmware-ibt_firmware \ & Firmware-ice \ + & Firmware-ice_enhanced \ & Firmware-it913x \ & Firmware-iwlwifi_firmware \ & Firmware-IntcSST2 \ @@ -39,11 +41,14 @@ LICENSE = "\ & Firmware-linaro \ & Firmware-Lontium \ & Firmware-Marvell \ + & Firmware-mediatek \ + & Firmware-microchip \ & Firmware-moxa \ & Firmware-myri10ge_firmware \ & Firmware-netronome \ & Firmware-nvidia \ & Firmware-nxp \ + & Firmware-nxp_mc_firmware \ & Firmware-OLPC \ & Firmware-ath9k-htc \ & Firmware-phanfw \ @@ -78,6 +83,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \ file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ + file://LICENSE.amphion_vpu;md5=2bcdc00527b2d0542bd92b52aaec2b60 \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ @@ -99,6 +105,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ + file://LICENSE.ice_enhanced;md5=f305cfc31b64f95f774f9edd9df0224d \ file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ @@ -107,12 +114,14 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ + file://LICENCE.microchip;md5=db753b00305675dfbf120e3f24a47277 \ file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ file://LICENSE.nxp;md5=cca321ca1524d6a1e4fed87486cd82dc \ + file://LICENSE.nxp_mc_firmware;md5=9dc97e4b279b3858cae8879ae2fe5dd7 \ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ @@ -142,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd" +WHENCE_CHKSUM = "ceb5248746d24d165b603e71b288cf75" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -152,6 +161,7 @@ NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" +NO_GENERIC_LICENSE[Firmware-amphion_vpu] = "LICENSE.amphion_vpu" NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" @@ -173,6 +183,7 @@ NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" +NO_GENERIC_LICENSE[Firmware-ice_enhanced] = "LICENSE.ice_enhanced" NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" @@ -181,11 +192,13 @@ NO_GENERIC_LICENSE[Firmware-linaro] = "LICENCE.linaro" NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" +NO_GENERIC_LICENSE[Firmware-microchip] = "LICENCE.microchip" NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" NO_GENERIC_LICENSE[Firmware-nxp] = "LICENSE.nxp" +NO_GENERIC_LICENSE[Firmware-nxp_mc_firmware] = "LICENSE.nxp_mc_firmware" NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" @@ -224,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688" +SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7" inherit allarch @@ -240,14 +253,22 @@ do_install() { } -PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ +PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ + ${PN}-cw1200-license ${PN}-cw1200 \ + ${PN}-ralink-license ${PN}-ralink \ ${PN}-mt7601u-license ${PN}-mt7601u \ + ${PN}-mt7650-license ${PN}-mt7650 \ + ${PN}-mt76x2-license ${PN}-mt76x2 \ ${PN}-radeon-license ${PN}-radeon \ ${PN}-amdgpu-license ${PN}-amdgpu \ ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ + ${PN}-mediatek-license ${PN}-mediatek \ + ${PN}-microchip-license ${PN}-microchip \ + ${PN}-moxa-license ${PN}-moxa \ ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ + ${PN}-ti-keystone-license ${PN}-ti-keystone \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ @@ -291,7 +312,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-bcm43xx-hdr \ ${PN}-cirrus-license ${PN}-cirrus \ ${PN}-cnm-license ${PN}-cnm \ - ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ + ${PN}-atheros-license ${PN}-ar5523 ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ ${PN}-gplv2-license ${PN}-carl9170 \ ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ \ @@ -317,6 +338,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-ibt-misc \ ${PN}-i915-license ${PN}-i915 \ ${PN}-ice-license ${PN}-ice \ + ${PN}-ice-enhanced-license ${PN}-ice-enhanced \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ ${PN}-bnx2-mips \ ${PN}-liquidio \ @@ -333,15 +355,21 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-nxp9098-sdio \ ${PN}-nxpiw416-sdio \ ${PN}-nxpiw612-sdio \ + ${PN}-nxp-mc-license ${PN}-nxp-mc \ ${PN}-netronome-license ${PN}-netronome \ + ${PN}-olpc-license ${PN}-olpc \ + ${PN}-phanfw-license ${PN}-phanfw \ ${PN}-qat ${PN}-qat-license \ ${PN}-qcom-license ${PN}-qcom-yamato-license \ - ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 ${PN}-qcom-venus-6.0 \ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ - ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ + ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 ${PN}-qcom-adreno-a702 \ ${PN}-qcom-apq8016-modem ${PN}-qcom-apq8016-wifi \ ${PN}-qcom-apq8096-adreno ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \ + ${PN}-qcom-qcm2290-adreno ${PN}-qcom-qcm2290-audio ${PN}-qcom-qcm2290-modem ${PN}-qcom-qcm2290-wifi \ + ${PN}-qcom-qrb4210-adreno ${PN}-qcom-qrb4210-audio ${PN}-qcom-qrb4210-compute \ + ${PN}-qcom-qrb4210-modem ${PN}-qcom-qrb4210-wifi \ ${PN}-qcom-sc8280xp-lenovo-x13s-compat \ ${PN}-qcom-sc8280xp-lenovo-x13s-audio \ ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \ @@ -350,13 +378,39 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-qcom-sdm845-adreno ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ ${PN}-qcom-sdm845-thundercomm-db845c-sensors \ ${PN}-qcom-sm8250-adreno ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ + ${PN}-qcom-sm8250-thundercomm-rb5-sensors \ + ${PN}-qla2xxx ${PN}-qla2xxx-license \ ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ ${PN}-lt9611uxc ${PN}-lontium-license \ ${PN}-whence-license \ + ${PN}-wl1251-license ${PN}-wl1251 \ + ${PN}-xc4000-license ${PN}-xc4000 \ + ${PN}-xc5000-license ${PN}-xc5000 \ + ${PN}-xc5000c-license ${PN}-xc5000c \ ${PN}-license \ " +# For Amphion VPU +LICENSE:${PN}-amphion-vpu = "Firmware-amphion_vpu" +LICENSE:${PN}-amphion-vpu-license = "Firmware-amphion_vpu" + +FILES:${PN}-amphion-vpu = "${nonarch_base_libdir}/firmware/amphion/*" +FILES:${PN}-amphion-vpu-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.amphion_vpu \ +" +RDEPENDS:${PN}-amphion-vpu += "${PN}-amphion-vpu-license" + +# For cw1200 +LICENSE:${PN}-cw1200 = "Firmware-cw1200" +LICENSE:${PN}-cw1200-license = "Firmware-cw1200" + +FILES:${PN}-cw1200 = "${nonarch_base_libdir}/firmware/wsm_22.bin" +FILES:${PN}-cw1200-license = "${nonarch_base_libdir}/firmware/LICENCE.cw1200" + +RDEPENDS:${PN}-cw1200 += "${PN}-cw1200-license" + # For atheros +LICENSE:${PN}-ar5523 = "Firmware-atheros_firmware" LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware" LICENSE:${PN}-ath3k = "Firmware-atheros_firmware" LICENSE:${PN}-ath6k = "Firmware-atheros_firmware" @@ -364,6 +418,9 @@ LICENSE:${PN}-ath9k = "Firmware-atheros_firmware" LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware" FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" +FILES:${PN}-ar5523 = " \ + ${nonarch_base_libdir}/firmware/ar5523.bin \ +" FILES:${PN}-ar9170 = " \ ${nonarch_base_libdir}/firmware/ar9170*.fw \ " @@ -382,6 +439,7 @@ FILES:${PN}-ath9k = " \ ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ " +RDEPENDS:${PN}-ar5523 += "${PN}-atheros-license" RDEPENDS:${PN}-ar9170 += "${PN}-atheros-license" RDEPENDS:${PN}-ath6k += "${PN}-atheros-license" RDEPENDS:${PN}-ath9k += "${PN}-atheros-license" @@ -445,11 +503,73 @@ LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u = " \ ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \ + ${nonarch_base_libdir}/firmware/mt7601u.bin \ " - RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" +# For MediaTek Bluetooth USB driver 7650 +LICENSE:${PN}-mt7650 = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE:${PN}-mt7650-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES:${PN}-mt7650-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ +" +FILES:${PN}-mt7650 = " \ + ${nonarch_base_libdir}/firmware/mediatek/mt7650.bin \ + ${nonarch_base_libdir}/firmware/mt7650.bin \ +" +RDEPENDS:${PN}-mt7650 += "${PN}-mt7650-license" + +# For MediaTek MT76x2 Wireless MACs +LICENSE:${PN}-mt76x2 = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE:${PN}-mt76x2-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES:${PN}-mt76x2-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \ +" +FILES:${PN}-mt76x2 = " \ + ${nonarch_base_libdir}/firmware/mediatek/mt7662.bin \ + ${nonarch_base_libdir}/firmware/mt7662.bin \ + ${nonarch_base_libdir}/firmware/mediatek/mt7662_rom_patch.bin \ + ${nonarch_base_libdir}/firmware/mt7662_rom_patch.bin \ +" +RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x2-license" + +# For MediaTek +LICENSE:${PN}-mediatek = "Firmware-mediatek" +LICENSE:${PN}-mediatek-license = "Firmware-mediatek" + +FILES:${PN}-mediatek = " \ + ${nonarch_base_libdir}/firmware/mediatek/* \ + ${nonarch_base_libdir}/firmware/vpu_d.bin \ + ${nonarch_base_libdir}/firmware/vpu_p.bin \ +" +FILES:${PN}-mediatek-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.mediatek \ +" +RDEPENDS:${PN}-mediatek += "${PN}-mediatek-license" + +# For Microchip +LICENSE:${PN}-microchip = "Firmware-microchip" +LICENSE:${PN}-microchip-license = "Firmware-microchip" + +FILES:${PN}-microchip = "${nonarch_base_libdir}/firmware/microchip/*" +FILES:${PN}-microchip-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.microchip \ +" +RDEPENDS:${PN}-microchip += "${PN}-microchip-license" + +# For MOXA +LICENSE:${PN}-moxa = "Firmware-moxa" +LICENSE:${PN}-moxa-license = "Firmware-moxa" + +FILES:${PN}-moxa = "${nonarch_base_libdir}/firmware/moxa" +FILES:${PN}-moxa-license = "${nonarch_base_libdir}/firmware/LICENCE.moxa" + +RDEPENDS:${PN}-moxa += "${PN}-moxa-license" + # For radeon + LICENSE:${PN}-radeon = "Firmware-radeon" LICENSE:${PN}-radeon-license = "Firmware-radeon" @@ -604,6 +724,16 @@ RDEPENDS:${PN}-nxp9098-sdio += "${PN}-nxp9098-common" RDEPENDS:${PN}-nxpiw416-sdio += "${PN}-nxp-license" RDEPENDS:${PN}-nxpiw612-sdio += "${PN}-nxp-license" +# For nxp-mc +LICENSE:${PN}-nxp-mc = "Firmware-nxp_mc_firmware" +LICENSE:${PN}-nxp-mc-license = "Firmware-nxp_mc_firmware" + +FILES:${PN}-nxp-mc= "${nonarch_base_libdir}/firmware/dpaa2/mc/*" +FILES:${PN}-nxp-mc-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.nxp_mc_firmware \ +" +RDEPENDS:${PN}-nxp-mc += "${PN}-nxp-mc-license" + # For Nvidia LICENSE:${PN}-nvidia-gpu = "Firmware-nvidia" LICENSE:${PN}-nvidia-tegra = "Firmware-nvidia" @@ -626,6 +756,37 @@ RDEPENDS:${PN}-nvidia-gpu += "${PN}-nvidia-license" RDEPENDS:${PN}-nvidia-tegra += "${PN}-nvidia-license" RDEPENDS:${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" +# For OLPC +LICENSE:${PN}-olpc = "Firmware-OLPC" +LICENSE:${PN}-olpc-license = "Firmware-OLPC" + +FILES:${PN}-olpc = " \ + ${nonarch_base_libdir}/firmware/libertas/lbtf_sdio.bin \ + ${nonarch_base_libdir}/firmware/lbtf_usb.bin \ + ${nonarch_base_libdir}/firmware/libertas/usb8388_olpc.bin \ +" +FILES:${PN}-olpc-license = "${nonarch_base_libdir}/firmware/LICENCE.OLPC" + +RDEPENDS:${PN}-olpc += "${PN}-olpc-license" + +# For phanfw +LICENSE:${PN}-phanfw = "Firmware-phanfw" +LICENSE:${PN}-phanfw-license = "Firmware-phanfw" + +FILES:${PN}-phanfw = "${nonarch_base_libdir}/firmware/phanfw.bin" +FILES:${PN}-phanfw-license = "${nonarch_base_libdir}/firmware/LICENCE.phanfw" + +RDEPENDS:${PN}-phanfw += "${PN}-phanfw-license" + +# For qla2xxx +LICENSE:${PN}-qla2xxx = "Firmware-qla2xxx" +LICENSE:${PN}-qla2xxx-license = "Firmware-qla2xxx" + +FILES:${PN}-qla2xxx = "${nonarch_base_libdir}/firmware/ql2*" +FILES:${PN}-qla2xxx-license = "${nonarch_base_libdir}/firmware/LICENCE.qla2xxx" + +RDEPENDS:${PN}-qla2xxx += "${PN}-qla2xxx-license" + # For RSI RS911x WiFi LICENSE:${PN}-rs9113 = "WHENCE" LICENSE:${PN}-rs9116 = "WHENCE" @@ -668,6 +829,7 @@ FILES:${PN}-rtl8723 = " \ " FILES:${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ + ${nonarch_base_libdir}/firmware/rtw88/rtw8821*.bin \ " FILES:${PN}-rtl8761 = " \ ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \ @@ -691,6 +853,18 @@ RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8822 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" +# For TI wl1251 +LICENSE:${PN}-wl1251 = "Firmware-wl1251" +LICENSE:${PN}-wl1251-license = "Firmware-wl1251" + +FILES:${PN}-wl1251 = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-fw.bin \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-nvs.bin \ +" +FILES:${PN}-wl1251-license = "${nonarch_base_libdir}/firmware/LICENCE.wl1251" + +RDEPENDS:${PN}-wl1251 += "${PN}-wl1251-license" + # For ti-connectivity LICENSE:${PN}-wlcommon = "Firmware-ti-connectivity" LICENSE:${PN}-wl12xx = "Firmware-ti-connectivity" @@ -720,6 +894,16 @@ FILES:${PN}-wl18xx = " \ RDEPENDS:${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" RDEPENDS:${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" +# For ti-keystone +LICENSE:${PN}-ti-keystone = "Firmware-ti-keystone" +LICENSE:${PN}-ti-keystone-license = "Firmware-ti-keystone" + +FILES:${PN}-ti-keystone = "${nonarch_base_libdir}/firmware/ti-keystone/*" +FILES:${PN}-ti-keystone-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.ti-keystone \ +" +RDEPENDS:${PN}-ti-keystone += "${PN}-ti-keystone-license" + # For vt6656 LICENSE:${PN}-vt6656 = "Firmware-via_vt6656" LICENSE:${PN}-vt6656-license = "Firmware-via_vt6656" @@ -731,6 +915,35 @@ FILES:${PN}-vt6656 = " \ RDEPENDS:${PN}-vt6656 = "${PN}-vt6656-license" +# For xc4000 +LICENSE:${PN}-xc4000 = "Firmware-xc4000" +LICENSE:${PN}-xc4000-license = "Firmware-xc4000" + +FILES:${PN}-xc4000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc4000-1.4.1.fw" +FILES:${PN}-xc4000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc4000" + +RDEPENDS:${PN}-xc4000 += "${PN}-xc4000-license" + +# For xc5000 +LICENSE:${PN}-xc5000 = "Firmware-xc5000" +LICENSE:${PN}-xc5000-license = "Firmware-xc5000" + +FILES:${PN}-xc5000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc5000-1.6.114.fw" +FILES:${PN}-xc5000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000" + +RDEPENDS:${PN}-xc5000 += "${PN}-xc5000-license" + +# For xc5000c +LICENSE:${PN}-xc5000c = "Firmware-xc5000c" +LICENSE:${PN}-xc5000c-license = "Firmware-xc5000c" + +FILES:${PN}-xc5000c = " \ + ${nonarch_base_libdir}/firmware/dvb-fe-xc5000c-4.1.30.7.fw \ +" +FILES:${PN}-xc5000c-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000c" + +RDEPENDS:${PN}-xc5000c += "${PN}-xc5000c-license" + # For broadcom # for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u @@ -1053,10 +1266,26 @@ FILES:${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" FILES:${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" RDEPENDS:${PN}-i915 = "${PN}-i915-license" +# For ice-enhanced +LICENSE:${PN}-ice-enhanced = "Firmware-ice_enhanced" +LICENSE:${PN}-ice-enhanced-license = "Firmware-ice_enhanced" + +FILES:${PN}-ice-enhanced = " \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-comms/* \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-wireless_edge/* \ +" +FILES:${PN}-ice-enhanced-license = " \ + ${nonarch_base_libdir}/firmware/LICENSE.ice_enhanced \ +" +RDEPENDS:${PN}-ice-enhanced = "${PN}-ice-enhanced-license" + LICENSE:${PN}-ice = "Firmware-ice" LICENSE:${PN}-ice-license = "Firmware-ice" FILES:${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" -FILES:${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" +FILES:${PN}-ice = " \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp/* \ + ${nonarch_base_libdir}/firmware/intel/ice/ddp-lag/* \ +" RDEPENDS:${PN}-ice = "${PN}-ice-license" FILES:${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" @@ -1079,6 +1308,7 @@ LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom" LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-6.0 = "Firmware-qcom" LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom" LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato" @@ -1088,11 +1318,21 @@ LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom" LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a702 = "Firmware-qcom" LICENSE:${PN}-qcom-apq8016-modem = "Firmware-qcom" LICENSE:${PN}-qcom-apq8016-wifi = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qcm2290-wifi = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-qrb4210-wifi = "Firmware-qcom" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom & Firmware-linaro" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom" @@ -1105,6 +1345,7 @@ LICENSE:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-adreno = "Firmware-qcom" LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "Firmware-qcom" FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato" @@ -1112,6 +1353,7 @@ FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" +FILES:${PN}-qcom-venus-6.0 = "${nonarch_base_libdir}/firmware/qcom/venus-6.0/*" FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw" @@ -1121,29 +1363,41 @@ FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.fw*" FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.*" FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.*" FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" +FILES:${PN}-qcom-adreno-a702 = "${nonarch_base_libdir}/firmware/qcom/a702*.*" FILES:${PN}-qcom-apq8016-modem = "${nonarch_base_libdir}/firmware/qcom/apq8016/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/modem.mbn" FILES:${PN}-qcom-apq8016-wifi = "${nonarch_base_libdir}/firmware/qcom/apq8016/wcnss.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/WCNSS*" FILES:${PN}-qcom-apq8096-adreno = "${nonarch_base_libdir}/firmware/qcom/apq8096/a530_zap.mbn ${nonarch_base_libdir}/firmware/qcom/a530_zap.mdt" FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*" FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn" +FILES:${PN}-qcom-qcm2290-adreno = "${nonarch_base_libdir}/firmware/qcom/qcm2290/a702_zap.mbn" +FILES:${PN}-qcom-qcm2290-audio = "${nonarch_base_libdir}/firmware/qcom/qcm2290/adsp*.*" +FILES:${PN}-qcom-qcm2290-modem = "${nonarch_base_libdir}/firmware/qcom/qcm2290/modem*.*" +FILES:${PN}-qcom-qcm2290-wifi = "${nonarch_base_libdir}/firmware/qcom/qcm2290/wlanmdsp.mbn" +FILES:${PN}-qcom-qrb4210-adreno = "${nonarch_base_libdir}/firmware/qcom/qrb4210/a610_zap.mbn" +FILES:${PN}-qcom-qrb4210-audio = "${nonarch_base_libdir}/firmware/qcom/qrb4210/adsp*.*" +FILES:${PN}-qcom-qrb4210-compute = "${nonarch_base_libdir}/firmware/qcom/qrb4210/cdsp*.*" +FILES:${PN}-qcom-qrb4210-modem = "${nonarch_base_libdir}/firmware/qcom/qrb4210/modem*.*" +FILES:${PN}-qcom-qrb4210-wifi = "${nonarch_base_libdir}/firmware/qcom/qrb4210/wlanmdsp.mbn" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX" -FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin ${nonarch_base_libdir}/firmware/qcom/sc8280xp/SC8280XP-LENOVO-X13S-tplg.bin" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*" FILES:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*" FILES:${PN}-qcom-sdm845-adreno = "${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" -FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" +FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/notice.txt_wlanmdsp" FILES:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "${nonarch_base_libdir}/firmware/qcom/sdm845/Thundercomm/db845c/slpi*.*" FILES:${PN}-qcom-sm8250-adreno = "${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" +FILES:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "${nonarch_base_libdir}/firmware/qcom/sm8250/Thundercomm/RB5/slpi*.*" RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-venus-6.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license" @@ -1153,20 +1407,34 @@ RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a702 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8016-modem = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8016-wifi = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-apq8096-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qcm2290-wifi = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-qrb4210-wifi = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sdm845-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sdm845-thundercomm-db845c-sensors = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-adreno = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-audio = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-sm8250-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-thundercomm-rb5-sensors = "${PN}-qcom-license" RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index a8df51f321..1b51737c7d 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-11-03 13:24:16.070181+00:00 for version 6.1.57 +# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68 python check_kernel_cve_status_version() { - this_version = "6.1.57" + this_version = "6.1.68" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" # CVE-2022-44033 needs backporting (fixed from 6.4rc1) -# CVE-2022-44034 has no known resolution +# CVE-2022-44034 needs backporting (fixed from 6.4rc1) # CVE-2022-4543 has no known resolution @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53" CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" +CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" + +CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" + CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" # CVE-2023-4010 has no known resolution @@ -5102,7 +5106,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" -# CVE-2023-5090 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" @@ -5112,7 +5116,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" -# CVE-2023-5633 needs backporting (fixed from 6.6rc6) +CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" # CVE-2023-5717 needs backporting (fixed from 6.1.60) +# CVE-2023-5972 needs backporting (fixed from 6.6rc7) + +# CVE-2023-6039 needs backporting (fixed from 6.5rc5) + +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" + +CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" + +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" + +# CVE-2023-6238 has no known resolution + diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc index d48b0e1493..7711bcb4d6 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-11-03 13:24:25.010946+00:00 for version 6.5.7 +# Generated at 2023-12-18 14:15:23.952852+00:00 for version 6.5.13 python check_kernel_cve_status_version() { - this_version = "6.5.7" + this_version = "6.5.13" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1" CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" -# CVE-2022-44034 has no known resolution +CVE_STATUS[CVE-2022-44034] = "fixed-version: Fixed from version 6.4rc1" # CVE-2022-4543 has no known resolution @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39191] = "fixed-version: Fixed from version 6.3rc1" CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" +CVE_STATUS[CVE-2023-39197] = "fixed-version: Fixed from version 6.5rc1" + +CVE_STATUS[CVE-2023-39198] = "fixed-version: Fixed from version 6.5rc7" + CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" # CVE-2023-4010 has no known resolution @@ -5116,3 +5120,15 @@ CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1" # CVE-2023-5717 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5972] = "cpe-stable-backport: Backported in 6.5.9" + +CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" + +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" + +# CVE-2023-6121 needs backporting (fixed from 6.7rc3) + +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.5.4" + +# CVE-2023-6238 has no known resolution + diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 0272a8a59e..5cfc5a7dd8 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "a3ae026c0673c043e1fd3374e488a78b29249534" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine ?= "739b3001f20153a66d2723de81faae18cd61892b" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb index 598280c5b6..0120b9ba63 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "2aa14dbb8520e59358778a80b32d7ccf6dd6c2ac" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine ?= "3ad8578bcc3186cde9b35de8c56afc0cba68bc55" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index b05f3107af..e19b0ec132 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb index b047ab340b..cc24e3d346 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.5.inc -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "dfe7f47645429e162819c3d5690d8f5052f5b5a3" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine ?= "fc3138c70652b48a0bf3620fd7aa861fa1f14e27" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb index 062fde84a4..1329ccc958 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0ef61a389975a4019142c5f1e6608e6cc0a0df29" -SRCREV_machine:qemuarm64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuloongarch64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemumips ?= "d15ee28355bed16d59dd7d56259d2132e5c1c4ad" -SRCREV_machine:qemuppc ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuriscv64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemuriscv32 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemux86 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemux86-64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_machine:qemumips64 ?= "e740b68e38e55ca342ab3b70fa2f965c5a86758b" -SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3" -SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b" +SRCREV_machine:qemuarm ?= "85915187700314cb7ac70fd33da3e9dfd7c20063" +SRCREV_machine:qemuarm64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuloongarch64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemumips ?= "24b06ee00fc3b65a24d7e867148b08a85296e67c" +SRCREV_machine:qemuppc ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuriscv64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemuriscv32 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemux86 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemux86-64 ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_machine:qemumips64 ?= "d4659a339611a02e4ffc2861e697c1a278707d70" +SRCREV_machine ?= "db1e71dc5c31557828fae0084b0f9cc83882eacd" +SRCREV_meta ?= "991713c8765172cb5d18703d15589f3ec6e1b772" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "082280fe94a09462c727fb6e7b0c982efb36dede" +SRCREV_machine:class-devupstream ?= "ba6f5fb465114fcd48ddb2c7a7740915b2289d6b" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.57" +LINUX_VERSION ?= "6.1.68" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb index 516605c587..e7abc9784a 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.5/standard/base" KBRANCH:qemuloongarch64 ?= "v6.5/standard/base" KBRANCH:qemumips64 ?= "v6.5/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "04942abac8568705f1fae34066db171b6e2669bd" -SRCREV_machine:qemuarm64 ?= "ea4b620f18f882b3d882a53ffa33d8125ab27c83" -SRCREV_machine:qemuloongarch64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemumips ?= "3348b580e3c47da56ce97a8297a574c2e37bc410" -SRCREV_machine:qemuppc ?= "2fd47e07960edcd21455548ac6a25b19babe5c10" -SRCREV_machine:qemuriscv64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemuriscv32 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemux86 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemux86-64 ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_machine:qemumips64 ?= "6706327d870a0f246df8ed20c6a7f51ef46db1d6" -SRCREV_machine ?= "14f83e40930806c3f5c61988e69a3ca1820a1b8f" -SRCREV_meta ?= "9af846da534077c91e3c42242fceba7aef8dd784" +SRCREV_machine:qemuarm ?= "07ca2c1cc013343f9a47b5ac4f37ed60f66fd73b" +SRCREV_machine:qemuarm64 ?= "7af45f35fdcc82bbff07fa3d031620d5f5728b6b" +SRCREV_machine:qemuloongarch64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemumips ?= "e0b08aab2ccc4257f0b34e7dcb1e054ea188a43d" +SRCREV_machine:qemuppc ?= "9e609ca17604c708fdc6e7e5c9355bb2c5b73bcd" +SRCREV_machine:qemuriscv64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemuriscv32 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemux86 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemux86-64 ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_machine:qemumips64 ?= "58ffd9a4a907262daaedd9aca1e95e65d9716de3" +SRCREV_machine ?= "e53dc7514de7d2fbe0f80547a50c0542928e2d11" +SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "121c6addffd71815cbd333baf409be682e2e148f" +SRCREV_machine:class-devupstream ?= "4631960b4700dd53f5cebb4f7055fd00ccd556ce" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.5/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.5.7" +LINUX_VERSION ?= "6.5.13" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 675acfaf26..a392166e73 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -73,6 +73,15 @@ SPDX_S = "${S}/tools/perf" # supported kernel. LDFLAGS="-ldl -lutil" +# Perf's build system adds its own optimization flags for most TUs, +# overriding the flags included here. But for some, perf does not add +# any -O option, so ensure the distro's chosen optimization gets used +# for those. Since ${SELECTED_OPTIMIZATION} always includes +# ${DEBUG_FLAGS} which in turn includes ${DEBUG_PREFIX_MAP}, this also +# ensures perf is built with appropriate -f*-prefix-map options, +# avoiding the 'buildpaths' QA warning. +TARGET_CC_ARCH += "${SELECTED_OPTIMIZATION}" + EXTRA_OEMAKE = '\ V=1 \ VF=1 \ diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb index 90bbd9c733..b545f020cf 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "8928560efaf16137c30285e718708e5d0bab0777eb4ef8127e0274e120d3d86b" +SRC_URI[sha256sum] = "157cf93fb2741cf0c3dea731be3af2ffae703c9f2cd3c0c91b380fbc685eb9f9" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb index 8906556b44..7169223636 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "7789e6408388a25f23cbf948cfc5c6230d735bbcd8b7f37f4a01c9e348a1e3a7" +SRC_URI[sha256sum] = "1525b917141b895fe5cf618fe8867622b2528278a0286e9f727b5f37317daca1" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb index 2579aa3d66..ad40cf5513 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "223833c42518ad7eb1923bb4dd3726809f59a66d6e9aaaa69cb29ad0750c8758" +SRC_URI[sha256sum] = "d7a18ec47d40a472bd5cba2015e0be72b732f1699895398cec5cd8e6a3a53b44" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.7.bb index 3db7ddff5f..b7d787b611 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.7.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "b4029cd2908a089c55f1d902a565d007495c95b1442d838485dc47fb12df7137" +SRC_URI[sha256sum] = "c716f8dffa8fac3fb646941af1c6ec72fff05a045131311bf2d049fdc87bce2e" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.7.bb index 1f67ca303a..3b8923e8f2 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.7.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "50f2b4d17c02eefe430bbefa8c5cd134b1be78a53c0f60e951136d96cf49fd4b" +SRC_URI[sha256sum] = "62519e0d8f969ebf62a9a7996f2d23efdda330217a635f4a32c0bf1c71577468" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.7.bb index 6b76ba957e..b8496a1750 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.7.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" -SRC_URI[sha256sum] = "b3b07fe3f1ce7fe93aa9be7217866044548f35c4a7792280eec7e108a32f9817" +SRC_URI[sha256sum] = "b6db0e18e398b52665b7cdce301c34a8750483d5f4fbac1ede9f80b03743cd15" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.7.bb index 77f79a630a..8a67531123 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.7.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "3e31454c98cb2f7f6d2d355eceb933a892fa0f1dc09bc36c9abc930d8e29ca48" +SRC_URI[sha256sum] = "520b46bca637189ad86a298ff245b2d89375dbcac8b05d74daea910f81a9e9da" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.7.bb index addf12c427..a387031635 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.7.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "51de2d6d13b12ce095eac97c0b94ee59c2aeba3712bb7462b78c4d57dde176c5" +SRC_URI[sha256sum] = "1ef8df7608012fa469329799c950ec087737a6dabad3003c230658b58c710172" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.7.bb index fd79fe4324..af1c2ced44 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.7.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0ae33a8b50443b62f11581a9181e906b41cd3877b2d799dbea72912c3eda4bb3" +SRC_URI[sha256sum] = "f7fac001e20ad21e36d18397741c4657c5d43571eb1cc3b49f9a93ae127dc88f" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.7.bb index bf4c105057..4cad50742d 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.7.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "d9ba2fc26bef98c78e982c599f585d46bbb65fe122da89c2d7ab41f468a52c7b" +SRC_URI[sha256sum] = "0e9fff768b89de6d318b34146e4e781d82b9a0f4025dc541b2c8349c7bcb7f67" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.6.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.7.bb index a898464322..72161b272f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.6.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.7.bb @@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "f500e6cfddff55908f937711fc26a0840de28a1e9ec49621c0b6f1adbd8f818e" +SRC_URI[sha256sum] = "01e42c6352a06bdfa4456e64b06ab7d98c5c487a25557c761554631cbda64217" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch new file mode 100644 index 0000000000..de2f095664 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-46218.patch @@ -0,0 +1,52 @@ +CVE: CVE-2023-46218 +Upstream-Status: Backport [ https://github.com/curl/curl/commit/2b0994c29a721c91c57 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index 568cf537ad1b1f..9095cea3e97f22 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain, strlen(domain)); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " diff --git a/poky/meta/recipes-support/curl/curl_8.4.0.bb b/poky/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..8f1ba52692 100644 --- a/poky/meta/recipes-support/curl/curl_8.4.0.bb +++ b/poky/meta/recipes-support/curl/curl_8.4.0.bb @@ -13,6 +13,7 @@ SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ file://run-ptest \ file://disable-tests \ + file://CVE-2023-46218.patch \ " SRC_URI[sha256sum] = "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d" diff --git a/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.2.bb index a3510a8705..38d3245d20 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.6.2.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 groff-native" inherit autotools pkgconfig github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz" -SRC_URI[sha256sum] = "f24e12469137ae1d03140bb9032a47a5947c36f4d1e2f12b929061005eb15279" +SRC_URI[sha256sum] = "6686a728e56e760f8dee09a22f0fb53b46ee9dbe7d64cf9e5bb35a658bff7e1d" GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases" diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb index 524b06ca22..1c4f4d6038 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb @@ -27,7 +27,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://no-bench-slope.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" +SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa" CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.39.bb index ed5b15badd..2cc0c84bec 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.39.bb @@ -15,7 +15,7 @@ DEPENDS = "libxml2" SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz" -SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e1ecab1" +SRC_URI[sha256sum] = "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0" UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index a37310afd8..6b440d8947 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2068" -SRCREV = "9198c1f2b1ddecde22af918541e0de2a32f0f45a" +PV .= ".2130" +SRCREV = "075ad7047457debfeef13442c01e74088b461092" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" |