diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-04 00:15:40 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-04 00:16:48 +0300 |
commit | 8c7c9f834fb9bcc6eaf21e509c7627f13086b5a7 (patch) | |
tree | 9ed47243cc39eab7060b00fe3a2423ab7a11cf67 /poky | |
parent | bcc346ef66ded507480d46242dc88c4e73ca2aa7 (diff) | |
download | openbmc-8c7c9f834fb9bcc6eaf21e509c7627f13086b5a7.tar.xz |
subtree updates
poky: da0ce760c5..14c5392fde:
Andrej Valek (1):
busybox: add tmpdir option into mktemp applet
Anuj Mittal (2):
documentation: prepare for 3.3.2 release
poky.conf: bump version for 3.3.2 hardknott release
Asfak Rahman (1):
openssh: Remove temporary keys before generating new ones
Bruce Ashfield (6):
linux-yocto/5.10: update to v5.10.47
linux-yocto/5.4: update to v5.4.129
linux-yocto/5.10: scsi-debug needs scsi-disk
linux-yocto-dev: base AUTOREV on specified version
kernel-devsrc: fix scripts/prepare for ARM64
kernel-devsrc: fix scripts prepare for powerpc
Changqing Li (2):
libconvert-asn1-perl: fix CVE-2013-7488
boost-build-native: workaround one rarely hang problem on fedora34
Florian Amstutz (1):
devtool: deploy-target: Fix preserving attributes when using --strip
Kai Kang (1):
rxvt-unicode: fix CVE-2021-33477
Khairul Rohaizzat Jamaluddin (2):
curl: Fix CVE-2021-22898
curl: Fix CVE-2021-22897
Marek Vasut (1):
linux-firmware: Package RSI 911x WiFi firmware
Mingli Yu (1):
perl: correct libpth and glibpth
Richard Purdie (9):
oeqa/selftest/runcmd: Tweal test timeouts
sstate/staging: Handle directory creation race issue
oeqa/selftest/archiver: Allow tests to ignore empty directories
runqemu: Remove potential lock races around tap device handling
glibc-testsuite: Fix build failures when directly running recipe
oeqa/selftest/multiprocesslauch: Fix test race
dwarfsrcfiles: Avoid races over debug-link files
bitbake: data_smart/parse: Allow ':' characters in variable/function names
bitbake: data_smart: Allow colon in variable expansion regex
Vinay Kumar (1):
binutils: Fix CVE-2021-20197
Wadim Egorov (1):
xserver-xorg: Fix builds without glx
wangmy (2):
go: upgrade 1.16.3 -> 1.16.4
go: upgrade 1.16.4 -> 1.16.5
zhengruoqin (1):
busybox: upgrade 1.33.0 -> 1.33.1
meta-raspberrypi: 064f5404ea..9d372828ba:
Martin Jansa (1):
python3-adafruit-*: fix branch parameter
meta-openembedded: c51e79dd85..5a4b2ab29d:
Adrian Zaharia (1):
ntp: fix ntpdate to wait for subprocesses
Akifumi Chikazawa (1):
openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
Andreas Müller (1):
mariadb: Fix configure
Armin Kuster (1):
hiawatha: fix url.
Changqing Li (1):
nginx: fix CVE-2021-23017
Gianfranco (3):
vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
vboxguestdrivers: add a fix for build failure with kernel 5.13
Joe Slater (1):
python3-pillow: fix CVE-2021-34552
Kai Kang (1):
mariadb: fix failures to start install_db.service
Khem Raj (3):
mariadb: Upgrade to 10.5.10
mariadb: Include missing sys/type.h for ssize_t
mariadb: Fix build with clang/musl
Leon Anavi (1):
python3-urllib3: Upgrade 1.26.4 -> 1.26.5
Li Wang (1):
apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641
Masaki Ambai (1):
nss: add CVE-2006-5201 to allowlist
Sam Van Den Berge (1):
libiio: fix installing libiio when python3 bindings are enabled
Tony Tascioglu (2):
redis: fix CVE-2021-29477
redis: fix CVE-2021-29478
Trevor Gamblin (1):
python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)
Zoltán Böszörményi (2):
mariadb: Use qemu to run cross-compiled binaries
mariadb: Upgrade to 10.5.11
massimo toscanelli (1):
sysbench: fix memory test
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I1321700b087985ab9b27f8f44cc89c8ef8d27e5f
Diffstat (limited to 'poky')
54 files changed, 1035 insertions, 149 deletions
diff --git a/poky/bitbake/lib/bb/data_smart.py b/poky/bitbake/lib/bb/data_smart.py index 2328c334ac..b4ed62a4e5 100644 --- a/poky/bitbake/lib/bb/data_smart.py +++ b/poky/bitbake/lib/bb/data_smart.py @@ -28,7 +28,7 @@ logger = logging.getLogger("BitBake.Data") __setvar_keyword__ = ["_append", "_prepend", "_remove"] __setvar_regexp__ = re.compile(r'(?P<base>.*?)(?P<keyword>_append|_prepend|_remove)(_(?P<add>[^A-Z]*))?$') -__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~]+?}") +__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~:]+?}") __expand_python_regexp__ = re.compile(r"\${@.+?}") __whitespace_split__ = re.compile(r'(\s)') __override_regexp__ = re.compile(r'[a-z0-9]+') @@ -481,6 +481,7 @@ class DataSmart(MutableMapping): def setVar(self, var, value, **loginfo): #print("var=" + str(var) + " val=" + str(value)) + var = var.replace(":", "_") self.expand_cache = {} parsing=False if 'parsing' in loginfo: @@ -589,6 +590,8 @@ class DataSmart(MutableMapping): """ Rename the variable key to newkey """ + key = key.replace(":", "_") + newkey = newkey.replace(":", "_") if key == newkey: bb.warn("Calling renameVar with equivalent keys (%s) is invalid" % key) return @@ -637,6 +640,7 @@ class DataSmart(MutableMapping): self.setVar(var + "_prepend", value, ignore=True, parsing=True) def delVar(self, var, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} loginfo['detail'] = "" @@ -664,6 +668,7 @@ class DataSmart(MutableMapping): override = None def setVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} if 'op' not in loginfo: @@ -687,6 +692,7 @@ class DataSmart(MutableMapping): self.dict["__exportlist"]["_content"].add(var) def getVarFlag(self, var, flag, expand=True, noweakdefault=False, parsing=False, retparser=False): + var = var.replace(":", "_") if flag == "_content": cachename = var else: @@ -814,6 +820,7 @@ class DataSmart(MutableMapping): return value def delVarFlag(self, var, flag, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} local_var, _ = self._findVar(var) @@ -831,6 +838,7 @@ class DataSmart(MutableMapping): del self.dict[var][flag] def appendVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") loginfo['op'] = 'append' loginfo['flag'] = flag self.varhistory.record(**loginfo) @@ -838,6 +846,7 @@ class DataSmart(MutableMapping): self.setVarFlag(var, flag, newvalue, ignore=True) def prependVarFlag(self, var, flag, value, **loginfo): + var = var.replace(":", "_") loginfo['op'] = 'prepend' loginfo['flag'] = flag self.varhistory.record(**loginfo) @@ -845,6 +854,7 @@ class DataSmart(MutableMapping): self.setVarFlag(var, flag, newvalue, ignore=True) def setVarFlags(self, var, flags, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} infer_caller_details(loginfo) if not var in self.dict: @@ -859,6 +869,7 @@ class DataSmart(MutableMapping): self.dict[var][i] = flags[i] def getVarFlags(self, var, expand = False, internalflags=False): + var = var.replace(":", "_") local_var, _ = self._findVar(var) flags = {} @@ -875,6 +886,7 @@ class DataSmart(MutableMapping): def delVarFlags(self, var, **loginfo): + var = var.replace(":", "_") self.expand_cache = {} if not var in self.dict: self._makeShadowCopy(var) diff --git a/poky/bitbake/lib/bb/parse/ast.py b/poky/bitbake/lib/bb/parse/ast.py index 50a88f7da7..db2bdc35ec 100644 --- a/poky/bitbake/lib/bb/parse/ast.py +++ b/poky/bitbake/lib/bb/parse/ast.py @@ -97,6 +97,7 @@ class DataNode(AstNode): def eval(self, data): groupd = self.groupd key = groupd["var"] + key = key.replace(":", "_") loginfo = { 'variable': key, 'file': self.filename, @@ -207,6 +208,7 @@ class ExportFuncsNode(AstNode): def eval(self, data): for func in self.n: + func = func.replace(":", "_") calledfunc = self.classname + "_" + func if data.getVar(func, False) and not data.getVarFlag(func, 'export_func', False): diff --git a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py index f8988b8631..152ef6ab72 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py @@ -22,7 +22,7 @@ from .ConfHandler import include, init # For compatibility bb.deprecate_import(__name__, "bb.parse", ["vars_from_file"]) -__func_start_regexp__ = re.compile(r"(((?P<py>python(?=(\s|\()))|(?P<fr>fakeroot(?=\s)))\s*)*(?P<func>[\w\.\-\+\{\}\$]+)?\s*\(\s*\)\s*{$" ) +__func_start_regexp__ = re.compile(r"(((?P<py>python(?=(\s|\()))|(?P<fr>fakeroot(?=\s)))\s*)*(?P<func>[\w\.\-\+\{\}\$:]+)?\s*\(\s*\)\s*{$" ) __inherit_regexp__ = re.compile(r"inherit\s+(.+)" ) __export_func_regexp__ = re.compile(r"EXPORT_FUNCTIONS\s+(.+)" ) __addtask_regexp__ = re.compile(r"addtask\s+(?P<func>\w+)\s*((before\s*(?P<before>((.*(?=after))|(.*))))|(after\s*(?P<after>((.*(?=before))|(.*)))))*") diff --git a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py index f171c5c932..0834fe3f9b 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py @@ -20,7 +20,7 @@ from bb.parse import ParseError, resolve_file, ast, logger, handle __config_regexp__ = re.compile( r""" ^ (?P<exp>export\s+)? - (?P<var>[a-zA-Z0-9\-_+.${}/~]+?) + (?P<var>[a-zA-Z0-9\-_+.${}/~:]+?) (\[(?P<flag>[a-zA-Z0-9\-_+.]+)\])? \s* ( diff --git a/poky/bitbake/lib/bb/tests/codeparser.py b/poky/bitbake/lib/bb/tests/codeparser.py index 826a2d2f6d..f485204791 100644 --- a/poky/bitbake/lib/bb/tests/codeparser.py +++ b/poky/bitbake/lib/bb/tests/codeparser.py @@ -111,9 +111,9 @@ ${D}${libdir}/pkgconfig/*.pc self.assertExecs(set(["sed"])) def test_parameter_expansion_modifiers(self): - # - and + are also valid modifiers for parameter expansion, but are + # -,+ and : are also valid modifiers for parameter expansion, but are # valid characters in bitbake variable names, so are not included here - for i in ('=', ':-', ':=', '?', ':?', ':+', '#', '%', '##', '%%'): + for i in ('=', '?', '#', '%', '##', '%%'): name = "foo%sbar" % i self.parseExpression("${%s}" % name) self.assertNotIn(name, self.references) diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index a764ea4dea..ab8d3b94d1 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -16,7 +16,7 @@ import os import sys import datetime -current_version = "3.3.1" +current_version = "3.3.2" # String used in sidebar version = 'Version: ' + current_version diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index a273de3295..bf211e310a 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,12 +1,12 @@ -DISTRO : "3.3.1" +DISTRO : "3.3.2" DISTRO_NAME_NO_CAP : "hardknott" DISTRO_NAME : "Hardknott" DISTRO_NAME_NO_CAP_MINUS_ONE : "gatesgarth" DISTRO_NAME_NO_CAP_LTS : "gatesgarth" -YOCTO_DOC_VERSION : "3.3.1" +YOCTO_DOC_VERSION : "3.3.2" YOCTO_DOC_VERSION_MINUS_ONE : "3.2.4" -DISTRO_REL_TAG : "yocto-3.3.1" -POKYVERSION : "25.0.1" +DISTRO_REL_TAG : "yocto-3.3.2" +POKYVERSION : "25.0.2" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index daf8912799..08f9491300 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -10,6 +10,7 @@ - :yocto_docs:`3.3 Documentation </3.3>` - :yocto_docs:`3.3.1 Documentation </3.3.1>` +- :yocto_docs:`3.3.2 Documentation </3.3.2>` ******************************* @@ -33,6 +34,9 @@ - :yocto_docs:`3.1.4 Documentation </3.1.4>` - :yocto_docs:`3.1.5 Documentation </3.1.5>` - :yocto_docs:`3.1.6 Documentation </3.1.6>` +- :yocto_docs:`3.1.7 Documentation </3.1.7>` +- :yocto_docs:`3.1.8 Documentation </3.1.8>` +- :yocto_docs:`3.1.9 Documentation </3.1.9>` ========================== Previous Release Manuals diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index dac8f4d155..4a08f2875d 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.3.1" +DISTRO_VERSION = "3.3.2" DISTRO_CODENAME = "hardknott" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass index 30f07de4ca..d38b60f519 100644 --- a/poky/meta/classes/kernel-yocto.bbclass +++ b/poky/meta/classes/kernel-yocto.bbclass @@ -614,7 +614,31 @@ do_validate_branches() { # if SRCREV is AUTOREV it shows up as AUTOINC there's nothing to # check and we can exit early if [ "${machine_srcrev}" = "AUTOINC" ]; then + linux_yocto_dev='${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "1", "", d)}' + if [ -n "$linux_yocto_dev" ]; then + git checkout -q -f ${machine_branch} + ver=$(grep "^VERSION =" ${S}/Makefile | sed s/.*=\ *//) + patchlevel=$(grep "^PATCHLEVEL =" ${S}/Makefile | sed s/.*=\ *//) + sublevel=$(grep "^SUBLEVEL =" ${S}/Makefile | sed s/.*=\ *//) + kver="$ver.$patchlevel" + bbnote "dev kernel: performing version -> branch -> SRCREV validation" + bbnote "dev kernel: recipe version ${LINUX_VERSION}, src version: $kver" + echo "${LINUX_VERSION}" | grep -q $kver + if [ $? -ne 0 ]; then + version="$(echo ${LINUX_VERSION} | sed 's/\+.*$//g')" + versioned_branch="v$version/$machine_branch" + + machine_branch=$versioned_branch + force_srcrev="$(git rev-parse $machine_branch 2> /dev/null)" + if [ $? -ne 0 ]; then + bbfatal "kernel version mismatch detected, and no valid branch $machine_branch detected" + fi + + bbnote "dev kernel: adjusting branch to $machine_branch, srcrev to: $force_srcrev" + fi + else bbnote "SRCREV validation is not required for AUTOREV" + fi elif [ "${machine_srcrev}" = "" ]; then if [ "${SRCREV}" != "AUTOINC" ] && [ "${SRCREV}" != "INVALID" ]; then # SRCREV_machine_<MACHINE> was not set. This means that a custom recipe diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index 3ab6328f91..2b5d94dd1f 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -483,7 +483,7 @@ def sstate_clean_cachefiles(d): ss = sstate_state_fromvars(ld, task) sstate_clean_cachefile(ss, ld) -def sstate_clean_manifest(manifest, d, prefix=None): +def sstate_clean_manifest(manifest, d, canrace=False, prefix=None): import oe.path mfile = open(manifest) @@ -501,7 +501,9 @@ def sstate_clean_manifest(manifest, d, prefix=None): if entry.endswith("/"): if os.path.islink(entry[:-1]): os.remove(entry[:-1]) - elif os.path.exists(entry) and len(os.listdir(entry)) == 0: + elif os.path.exists(entry) and len(os.listdir(entry)) == 0 and not canrace: + # Removing directories whilst builds are in progress exposes a race. Only + # do it in contexts where it is safe to do so. os.rmdir(entry[:-1]) else: os.remove(entry) @@ -539,7 +541,7 @@ def sstate_clean(ss, d): for lock in ss['lockfiles']: locks.append(bb.utils.lockfile(lock)) - sstate_clean_manifest(manifest, d) + sstate_clean_manifest(manifest, d, canrace=True) for lock in locks: bb.utils.unlockfile(lock) diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass index 806a85773a..32a615c743 100644 --- a/poky/meta/classes/staging.bbclass +++ b/poky/meta/classes/staging.bbclass @@ -409,7 +409,7 @@ python extend_recipe_sysroot() { if os.path.islink(f) and not os.path.exists(f): bb.note("%s no longer exists, removing from sysroot" % f) lnk = os.readlink(f.replace(".complete", "")) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(f) os.unlink(f.replace(".complete", "")) @@ -454,7 +454,7 @@ python extend_recipe_sysroot() { fl = depdir + "/" + l bb.note("Task %s no longer depends on %s, removing from sysroot" % (mytaskname, l)) lnk = os.readlink(fl) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(fl) os.unlink(fl + ".complete") @@ -475,7 +475,7 @@ python extend_recipe_sysroot() { continue else: bb.note("%s exists in sysroot, but is stale (%s vs. %s), removing." % (c, lnk, c + "." + taskhash)) - sstate_clean_manifest(depdir + "/" + lnk, d, workdir) + sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(depdir + "/" + c) if os.path.lexists(depdir + "/" + c + ".complete"): os.unlink(depdir + "/" + c + ".complete") diff --git a/poky/meta/lib/oeqa/selftest/cases/archiver.py b/poky/meta/lib/oeqa/selftest/cases/archiver.py index ddd08ecf84..0194ae9f69 100644 --- a/poky/meta/lib/oeqa/selftest/cases/archiver.py +++ b/poky/meta/lib/oeqa/selftest/cases/archiver.py @@ -35,11 +35,11 @@ class Archiver(OESelftestTestCase): src_path = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS']) # Check that include_recipe was included - included_present = len(glob.glob(src_path + '/%s-*' % include_recipe)) + included_present = len(glob.glob(src_path + '/%s-*/*' % include_recipe)) self.assertTrue(included_present, 'Recipe %s was not included.' % include_recipe) # Check that exclude_recipe was excluded - excluded_present = len(glob.glob(src_path + '/%s-*' % exclude_recipe)) + excluded_present = len(glob.glob(src_path + '/%s-*/*' % exclude_recipe)) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % exclude_recipe) def test_archiver_filters_by_type(self): @@ -67,11 +67,11 @@ class Archiver(OESelftestTestCase): src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS']) # Check that target_recipe was included - included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipe)) + included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipe)) self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipe) # Check that native_recipe was excluded - excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipe)) + excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipe)) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipe) def test_archiver_filters_by_type_and_name(self): @@ -104,17 +104,17 @@ class Archiver(OESelftestTestCase): src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS']) # Check that target_recipe[0] and native_recipes[1] were included - included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[0])) + included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[0])) self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipes[0]) - included_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[1])) + included_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[1])) self.assertTrue(included_present, 'Recipe %s was not included.' % native_recipes[1]) # Check that native_recipes[0] and target_recipes[1] were excluded - excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[0])) + excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[0])) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipes[0]) - excluded_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[1])) + excluded_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[1])) self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % target_recipes[1]) diff --git a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py index a7214beb4c..bbf67bf9c9 100644 --- a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py +++ b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py @@ -64,7 +64,7 @@ class TestMultiprocessLaunch(TestCase): import bb def testfunction(item, d): - if item == "2" or item == "1": + if item == "2": raise KeyError("Invalid number %s" % item) return "Found %s" % item @@ -99,5 +99,4 @@ class TestMultiprocessLaunch(TestCase): # Assert the function prints exceptions with captured_output() as (out, err): self.assertRaises(bb.BBHandledException, multiprocess_launch, testfunction, ["1", "2", "3", "4", "5", "6"], d, extraargs=(d,)) - self.assertIn("KeyError: 'Invalid number 1'", out.getvalue()) self.assertIn("KeyError: 'Invalid number 2'", out.getvalue()) diff --git a/poky/meta/lib/oeqa/selftest/cases/runcmd.py b/poky/meta/lib/oeqa/selftest/cases/runcmd.py index fa6113d7fa..e9612389fe 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runcmd.py +++ b/poky/meta/lib/oeqa/selftest/cases/runcmd.py @@ -27,8 +27,8 @@ class RunCmdTests(OESelftestTestCase): # The delta is intentionally smaller than the timeout, to detect cases where # we incorrectly apply the timeout more than once. - TIMEOUT = 5 - DELTA = 3 + TIMEOUT = 10 + DELTA = 8 def test_result_okay(self): result = runCmd("true") diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7153..ef117de897 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key diff --git a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch deleted file mode 100644 index 67c9f189cc..0000000000 --- a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch +++ /dev/null @@ -1,58 +0,0 @@ -From fe791386ebc270219ca00406c9fdadc5130b64ee Mon Sep 17 00:00:00 2001 -From: Samuel Sapalski <samuel.sapalski@nokia.com> -Date: Wed, 3 Mar 2021 16:31:22 +0100 -Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt - -On certain corrupt gzip files, huft_build will set the error bit on -the result pointer. If afterwards abort_unzip is called huft_free -might run into a segmentation fault or an invalid pointer to -free(p). - -In order to mitigate this, we check in huft_free if the error bit -is set and clear it before the linked list is freed. - -Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> -Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> - -Upstream-Status: Backport -CVE: CVE-2021-28831 -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - archival/libarchive/decompress_gunzip.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c -index eb3b64930..e93cd5005 100644 ---- a/archival/libarchive/decompress_gunzip.c -+++ b/archival/libarchive/decompress_gunzip.c -@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { - * each table. - * t: table to free - */ -+#define BAD_HUFT(p) ((uintptr_t)(p) & 1) -+#define ERR_RET ((huft_t*)(uintptr_t)1) - static void huft_free(huft_t *p) - { - huft_t *q; - -+ /* -+ * If 'p' has the error bit set we have to clear it, otherwise we might run -+ * into a segmentation fault or an invalid pointer to free(p) -+ */ -+ if (BAD_HUFT(p)) { -+ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); -+ } -+ - /* Go through linked list, freeing from the malloced (t[-1]) address. */ - while (p) { - q = (--p)->v.t; -@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current - * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table - * is given: "fixed inflate" decoder feeds us such data. - */ --#define BAD_HUFT(p) ((uintptr_t)(p) & 1) --#define ERR_RET ((huft_t*)(uintptr_t)1) - static huft_t* huft_build(const unsigned *b, const unsigned n, - const unsigned s, const struct cp_ext *cp_ext, - unsigned *m) diff --git a/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch new file mode 100644 index 0000000000..4a1960dff2 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch @@ -0,0 +1,81 @@ +From ceb378209f953ea745ed93a8645567196380ce3c Mon Sep 17 00:00:00 2001 +From: Andrej Valek <andrej.valek@siemens.com> +Date: Thu, 24 Jun 2021 19:13:22 +0200 +Subject: [PATCH] mktemp: add tmpdir option + +Make mktemp more compatible with coreutils. +- add "--tmpdir" option +- add long variants for "d,q,u" options + +Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2021-June/088932.html] + +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + coreutils/mktemp.c | 26 ++++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +diff --git a/coreutils/mktemp.c b/coreutils/mktemp.c +index 5393320a5..05c6d98c6 100644 +--- a/coreutils/mktemp.c ++++ b/coreutils/mktemp.c +@@ -39,16 +39,17 @@ + //kbuild:lib-$(CONFIG_MKTEMP) += mktemp.o + + //usage:#define mktemp_trivial_usage +-//usage: "[-dt] [-p DIR] [TEMPLATE]" ++//usage: "[-dt] [-p DIR, --tmpdir[=DIR]] [TEMPLATE]" + //usage:#define mktemp_full_usage "\n\n" + //usage: "Create a temporary file with name based on TEMPLATE and print its name.\n" + //usage: "TEMPLATE must end with XXXXXX (e.g. [/dir/]nameXXXXXX).\n" + //usage: "Without TEMPLATE, -t tmp.XXXXXX is assumed.\n" +-//usage: "\n -d Make directory, not file" +-//usage: "\n -q Fail silently on errors" +-//usage: "\n -t Prepend base directory name to TEMPLATE" +-//usage: "\n -p DIR Use DIR as a base directory (implies -t)" +-//usage: "\n -u Do not create anything; print a name" ++//usage: "\n -d Make directory, not file" ++//usage: "\n -q Fail silently on errors" ++//usage: "\n -t Prepend base directory name to TEMPLATE" ++//usage: "\n -p DIR, --tmpdir[=DIR] Use DIR as a base directory (implies -t)" ++//usage: "\n For --tmpdir is a optional one." ++//usage: "\n -u Do not create anything; print a name" + //usage: "\n" + //usage: "\nBase directory is: -p DIR, else $TMPDIR, else /tmp" + //usage: +@@ -72,13 +73,22 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv) + OPT_t = 1 << 2, + OPT_p = 1 << 3, + OPT_u = 1 << 4, ++ OPT_td = 1 << 5, + }; + + path = getenv("TMPDIR"); + if (!path || path[0] == '\0') + path = "/tmp"; + +- opts = getopt32(argv, "^" "dqtp:u" "\0" "?1"/*1 arg max*/, &path); ++ opts = getopt32long(argv, "^" ++ "dqtp:u\0" ++ "?1" /* 1 arg max */, ++ "directory\0" No_argument "d" ++ "quiet\0" No_argument "q" ++ "dry-run\0" No_argument "u" ++ "tmpdir\0" Optional_argument "\xff" ++ , &path, &path ++ ); + + chp = argv[optind]; + if (!chp) { +@@ -95,7 +105,7 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv) + goto error; + } + #endif +- if (opts & (OPT_t|OPT_p)) ++ if (opts & (OPT_t|OPT_p|OPT_td)) + chp = concat_path_file(path, chp); + + if (opts & OPT_u) { +-- +2.11.0 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb b/poky/meta/recipes-core/busybox/busybox_1.33.1.bb index b2a30ba16f..4002d6a5c6 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.33.1.bb @@ -37,6 +37,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ ${@["", "file://mdev.cfg"][(d.getVar('VIRTUAL-RUNTIME_dev_manager') == 'busybox-mdev')]} \ file://syslog.cfg \ file://unicode.cfg \ + file://rev.cfg \ + file://pgrep.cfg \ file://rcS \ file://rcK \ file://makefile-libbb-race.patch \ @@ -44,11 +46,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-testsuite-use-www.example.org-for-wget-test-cases.patch \ file://0001-du-l-works-fix-to-use-145-instead-of-144.patch \ file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \ - file://rev.cfg \ - file://pgrep.cfg \ - file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ file://0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch \ + file://0001-mktemp-add-tmpdir-option.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -SRC_URI[tarball.sha256sum] = "d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd" +SRC_URI[tarball.sha256sum] = "12cec6bd2b16d8a9446dd16130f2b92982f1819f6e1c5f5887b6db03f5660d28" diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb index d887aeff79..659d3132fa 100644 --- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb +++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb @@ -61,3 +61,4 @@ addtask do_check after do_compile inherit nopackages deltask do_stash_locale deltask do_install +deltask do_populate_sysroot diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.36.inc b/poky/meta/recipes-devtools/binutils/binutils-2.36.inc index 2968291889..9d770db5a8 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.36.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.36.inc @@ -41,5 +41,8 @@ SRC_URI = "\ file://0014-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch \ file://0015-sync-with-OE-libtool-changes.patch \ file://0016-Check-for-clang-before-checking-gcc-version.patch \ + file://0001-CVE-2021-20197.patch \ + file://0002-CVE-2021-20197.patch \ + file://0003-CVE-2021-20197.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch new file mode 100644 index 0000000000..2b4eaba26d --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch @@ -0,0 +1,201 @@ +From 8e03235147a9e774d3ba084e93c2da1aa94d1cec Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar <siddhesh@gotplt.org> +Date: Mon, 22 Feb 2021 20:45:50 +0530 +Subject: [PATCH] binutils: Avoid renaming over existing files + +Renaming over existing files needs additional care to restore +permissions and ownership, which may not always succeed. +Additionally, other properties of the file such as extended attributes +may be lost, making the operation flaky. + +For predictable results, resort to rename() only if the file does not +exist, otherwise copy the file contents into the existing file. This +ensures that no additional tricks are needed to retain file +properties. + +This also allows dropping of the redundant set_times on the tmpfile in +objcopy/strip since now we no longer rename over existing files. + +binutils/ + + * ar.c (write_archive): Adjust call to SMART_RENAME. + * arsup.c (ar_save): Likewise. + * objcopy (strip_main): Don't set times on temporary file and + adjust call to SMART_RENAME. + (copy_main): Likewise. + * rename.c [!S_ISLNK]: Remove definitions. + (try_preserve_permissions): Remove function. + (smart_rename): Replace PRESERVE_DATES argument with + TARGET_STAT. Use rename system call only if TO does not exist. + * bucomm.h (smart_rename): Adjust declaration. + +(cherry picked from commit 3685de750e6a091663a0abe42528cad29e960e35) + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8e03235147a9e774d3ba084e93c2da1aa94d1cec] +CVE: CVE-2021-20197 +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + binutils/ar.c | 2 +- + binutils/arsup.c | 2 +- + binutils/bucomm.h | 3 ++- + binutils/objcopy.c | 8 ++----- + binutils/rename.c | 55 +++++++++------------------------------------- + 6 files changed, 29 insertions(+), 54 deletions(-) + +diff --git a/binutils/ar.c b/binutils/ar.c +index 45a34e3a6cf..3a91708b51c 100644 +--- a/binutils/ar.c ++++ b/binutils/ar.c +@@ -1308,7 +1308,7 @@ write_archive (bfd *iarch) + /* We don't care if this fails; we might be creating the archive. */ + bfd_close (iarch); + +- if (smart_rename (new_name, old_name, 0) != 0) ++ if (smart_rename (new_name, old_name, NULL) != 0) + xexit (1); + free (old_name); + free (new_name); +diff --git a/binutils/arsup.c b/binutils/arsup.c +index 5403a0c5d74..0a1f63f6456 100644 +--- a/binutils/arsup.c ++++ b/binutils/arsup.c +@@ -351,7 +351,7 @@ ar_save (void) + + bfd_close (obfd); + +- smart_rename (ofilename, real_name, 0); ++ smart_rename (ofilename, real_name, NULL); + obfd = 0; + free (ofilename); + } +diff --git a/binutils/bucomm.h b/binutils/bucomm.h +index 91f6a5b228f..aa7e33d8cd1 100644 +--- a/binutils/bucomm.h ++++ b/binutils/bucomm.h +@@ -71,7 +71,8 @@ extern void print_version (const char *); + /* In rename.c. */ + extern void set_times (const char *, const struct stat *); + +-extern int smart_rename (const char *, const char *, int); ++extern int smart_rename (const char *, const char *, struct stat *); ++ + + /* In libiberty. */ + void *xmalloc (size_t); +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index eab3b6db585..07a872b5a80 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4861,12 +4861,10 @@ strip_main (int argc, char *argv[]) + output_target, NULL); + if (status == 0) + { +- if (preserve_dates) +- set_times (tmpname, &statbuf); + if (output_file != tmpname) + status = (smart_rename (tmpname, + output_file ? output_file : argv[i], +- preserve_dates) != 0); ++ preserve_dates ? &statbuf : NULL) != 0); + if (status == 0) + status = hold_status; + } +@@ -5931,11 +5929,9 @@ copy_main (int argc, char *argv[]) + output_target, input_arch); + if (status == 0) + { +- if (preserve_dates) +- set_times (tmpname, &statbuf); + if (tmpname != output_filename) + status = (smart_rename (tmpname, input_filename, +- preserve_dates) != 0); ++ preserve_dates ? &statbuf : NULL) != 0); + } + else + unlink_if_ordinary (tmpname); +diff --git a/binutils/rename.c b/binutils/rename.c +index 65ad5bf52c4..f471b45fd3f 100644 +--- a/binutils/rename.c ++++ b/binutils/rename.c +@@ -122,20 +122,13 @@ set_times (const char *destination, const struct stat *statbuf) + non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno)); + } + +-#ifndef S_ISLNK +-#ifdef S_IFLNK +-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) +-#else +-#define S_ISLNK(m) 0 +-#define lstat stat +-#endif +-#endif +- +-/* Rename FROM to TO, copying if TO is a link. +- Return 0 if ok, -1 if error. */ ++/* Rename FROM to TO, copying if TO exists. TARGET_STAT has the file status ++ that, if non-NULL, is used to fix up timestamps after rename. Return 0 if ++ ok, -1 if error. */ + + int +-smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNUSED) ++smart_rename (const char *from, const char *to, ++ struct stat *target_stat ATTRIBUTE_UNUSED) + { + bfd_boolean exists; + struct stat s; +@@ -158,38 +151,10 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU + unlink (from); + } + #else +- /* Use rename only if TO is not a symbolic link and has +- only one hard link, and we have permission to write to it. */ +- if (! exists +- || (!S_ISLNK (s.st_mode) +- && S_ISREG (s.st_mode) +- && (s.st_mode & S_IWUSR) +- && s.st_nlink == 1) +- ) ++ /* Avoid a full copy and use rename if TO does not exist. */ ++ if (!exists) + { +- ret = rename (from, to); +- if (ret == 0) +- { +- if (exists) +- { +- /* Try to preserve the permission bits and ownership of +- TO. First get the mode right except for the setuid +- bit. Then change the ownership. Then fix the setuid +- bit. We do the chmod before the chown because if the +- chown succeeds, and we are a normal user, we won't be +- able to do the chmod afterward. We don't bother to +- fix the setuid bit first because that might introduce +- a fleeting security problem, and because the chown +- will clear the setuid bit anyhow. We only fix the +- setuid bit if the chown succeeds, because we don't +- want to introduce an unexpected setuid file owned by +- the user running objcopy. */ +- chmod (to, s.st_mode & 0777); +- if (chown (to, s.st_uid, s.st_gid) >= 0) +- chmod (to, s.st_mode & 07777); +- } +- } +- else ++ if ((ret = rename (from, to)) != 0) + { + /* We have to clean up here. */ + non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno)); +@@ -202,8 +167,8 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU + if (ret != 0) + non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno)); + +- if (preserve_dates) +- set_times (to, &s); ++ if (target_stat != NULL) ++ set_times (to, target_stat); + unlink (from); + } + #endif /* _WIN32 && !__CYGWIN32__ */ +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch new file mode 100644 index 0000000000..3771f571eb --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch @@ -0,0 +1,170 @@ +From d3edaa91d4cf7202ec14342410194841e2f67f12 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 26 Feb 2021 11:30:32 +1030 +Subject: [PATCH] Reinstate various pieces backed out from smart_rename changes + +In the interests of a stable release various last minute smart_rename +patches were backed out of the 2.36 branch. The main reason to +reinstate some of those backed out changes here is to make necessary +followup fixes to commit 8e03235147a9 simple cherry-picks from +mainline. A secondary reason is that ar -M support isn't fixed for +pr26945 without this patch. + + PR 26945 + * ar.c: Don't include libbfd.h. + (write_archive): Replace xmalloc+strcpy with xstrdup. + * arsup.c (temp_name, real_ofd): New static variables. + (ar_open): Use make_tempname and bfd_fdopenw. + (ar_save): Adjust to suit ar_open changes. + * objcopy.c: Don't include libbfd.h. + * rename.c: Rename and reorder variables. + +(cherry picked from commit 95b91a043aeaeb546d2fea556d84a2de1e917770) + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d3edaa91d4cf7202ec14342410194841e2f67f12] +CVE: CVE-2021-20197 +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + binutils/ar.c | 4 +--- + binutils/arsup.c | 37 +++++++++++++++++++++++++------------ + binutils/objcopy.c | 1 - + binutils/rename.c | 6 +++--- + 5 files changed, 42 insertions(+), 19 deletions(-) + +diff --git a/binutils/ar.c b/binutils/ar.c +index 3a91708b51c..44df48c5c67 100644 +--- a/binutils/ar.c ++++ b/binutils/ar.c +@@ -25,7 +25,6 @@ + + #include "sysdep.h" + #include "bfd.h" +-#include "libbfd.h" + #include "libiberty.h" + #include "progress.h" + #include "getopt.h" +@@ -1255,8 +1254,7 @@ write_archive (bfd *iarch) + bfd *contents_head = iarch->archive_next; + int ofd = -1; + +- old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1); +- strcpy (old_name, bfd_get_filename (iarch)); ++ old_name = xstrdup (bfd_get_filename (iarch)); + new_name = make_tempname (old_name, &ofd); + + if (new_name == NULL) +diff --git a/binutils/arsup.c b/binutils/arsup.c +index 0a1f63f6456..f7ce8f0bc82 100644 +--- a/binutils/arsup.c ++++ b/binutils/arsup.c +@@ -42,6 +42,8 @@ extern int deterministic; + + static bfd *obfd; + static char *real_name; ++static char *temp_name; ++static int real_ofd; + static FILE *outfile; + + static void +@@ -149,27 +151,24 @@ maybequit (void) + void + ar_open (char *name, int t) + { +- char *tname; +- const char *bname = lbasename (name); +- real_name = name; ++ real_name = xstrdup (name); ++ temp_name = make_tempname (real_name, &real_ofd); + +- /* Prepend tmp- to the beginning, to avoid file-name clashes after +- truncation on filesystems with limited namespaces (DOS). */ +- if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1) ++ if (temp_name == NULL) + { +- fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"), ++ fprintf (stderr, _("%s: Can't open temporary file (%s)\n"), + program_name, strerror(errno)); + maybequit (); + return; + } + +- obfd = bfd_openw (tname, NULL); ++ obfd = bfd_fdopenw (temp_name, NULL, real_ofd); + + if (!obfd) + { + fprintf (stderr, + _("%s: Can't open output archive %s\n"), +- program_name, tname); ++ program_name, temp_name); + + maybequit (); + } +@@ -344,16 +343,30 @@ ar_save (void) + } + else + { +- char *ofilename = xstrdup (bfd_get_filename (obfd)); ++ struct stat target_stat; + + if (deterministic > 0) + obfd->flags |= BFD_DETERMINISTIC_OUTPUT; + + bfd_close (obfd); + +- smart_rename (ofilename, real_name, NULL); ++ if (stat (real_name, &target_stat) != 0) ++ { ++ /* The temp file created in ar_open has mode 0600 as per mkstemp. ++ Create the real empty output file here so smart_rename will ++ update the mode according to the process umask. */ ++ obfd = bfd_openw (real_name, NULL); ++ if (obfd != NULL) ++ { ++ bfd_set_format (obfd, bfd_archive); ++ bfd_close (obfd); ++ } ++ } ++ ++ smart_rename (temp_name, real_name, NULL); + obfd = 0; +- free (ofilename); ++ free (temp_name); ++ free (real_name); + } + } + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 07a872b5a80..73aa8bc2514 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -20,7 +20,6 @@ + + #include "sysdep.h" + #include "bfd.h" +-#include "libbfd.h" + #include "progress.h" + #include "getopt.h" + #include "libiberty.h" +diff --git a/binutils/rename.c b/binutils/rename.c +index f471b45fd3f..2ff092ee22b 100644 +--- a/binutils/rename.c ++++ b/binutils/rename.c +@@ -130,11 +130,11 @@ int + smart_rename (const char *from, const char *to, + struct stat *target_stat ATTRIBUTE_UNUSED) + { +- bfd_boolean exists; +- struct stat s; + int ret = 0; ++ struct stat to_stat; ++ bfd_boolean exists; + +- exists = lstat (to, &s) == 0; ++ exists = lstat (to, &to_stat) == 0; + + #if defined (_WIN32) && !defined (__CYGWIN32__) + /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch new file mode 100644 index 0000000000..082b28b29c --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch @@ -0,0 +1,171 @@ +From 8b69e61d4be276bb862698aaafddc3e779d23c8f Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 23 Feb 2021 09:37:39 +1030 +Subject: [PATCH] PR27456, lstat in rename.c on MinGW + + PR 27456 + * rename.c: Tidy throughout. + (smart_rename): Always copy. Remove windows specific code. + +(cherry picked from commit cca8873dd5a6015d5557ea44bc1ea9c252435a29) + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b69e61d4be276bb862698aaafddc3e779d23c8f] +CVE: CVE-2021-20197 +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + binutils/rename.c | 111 ++++++++++++++------------------------------- + 2 files changed, 40 insertions(+), 76 deletions(-) + +diff --git a/binutils/rename.c b/binutils/rename.c +index 2ff092ee22b..72a9323d72c 100644 +--- a/binutils/rename.c ++++ b/binutils/rename.c +@@ -24,14 +24,9 @@ + + #ifdef HAVE_GOOD_UTIME_H + #include <utime.h> +-#else /* ! HAVE_GOOD_UTIME_H */ +-#ifdef HAVE_UTIMES ++#elif defined HAVE_UTIMES + #include <sys/time.h> +-#endif /* HAVE_UTIMES */ +-#endif /* ! HAVE_GOOD_UTIME_H */ +- +-#if ! defined (_WIN32) || defined (__CYGWIN32__) +-static int simple_copy (const char *, const char *); ++#endif + + /* The number of bytes to copy at once. */ + #define COPY_BUF 8192 +@@ -82,7 +77,6 @@ simple_copy (const char *from, const char *to) + } + return 0; + } +-#endif /* __CYGWIN32__ or not _WIN32 */ + + /* Set the times of the file DESTINATION to be the same as those in + STATBUF. */ +@@ -91,87 +85,52 @@ void + set_times (const char *destination, const struct stat *statbuf) + { + int result; +- +- { + #ifdef HAVE_GOOD_UTIME_H +- struct utimbuf tb; +- +- tb.actime = statbuf->st_atime; +- tb.modtime = statbuf->st_mtime; +- result = utime (destination, &tb); +-#else /* ! HAVE_GOOD_UTIME_H */ +-#ifndef HAVE_UTIMES +- long tb[2]; +- +- tb[0] = statbuf->st_atime; +- tb[1] = statbuf->st_mtime; +- result = utime (destination, tb); +-#else /* HAVE_UTIMES */ +- struct timeval tv[2]; +- +- tv[0].tv_sec = statbuf->st_atime; +- tv[0].tv_usec = 0; +- tv[1].tv_sec = statbuf->st_mtime; +- tv[1].tv_usec = 0; +- result = utimes (destination, tv); +-#endif /* HAVE_UTIMES */ +-#endif /* ! HAVE_GOOD_UTIME_H */ +- } ++ struct utimbuf tb; ++ ++ tb.actime = statbuf->st_atime; ++ tb.modtime = statbuf->st_mtime; ++ result = utime (destination, &tb); ++#elif defined HAVE_UTIMES ++ struct timeval tv[2]; ++ ++ tv[0].tv_sec = statbuf->st_atime; ++ tv[0].tv_usec = 0; ++ tv[1].tv_sec = statbuf->st_mtime; ++ tv[1].tv_usec = 0; ++ result = utimes (destination, tv); ++#else ++ long tb[2]; ++ ++ tb[0] = statbuf->st_atime; ++ tb[1] = statbuf->st_mtime; ++ result = utime (destination, tb); ++#endif + + if (result != 0) + non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno)); + } + +-/* Rename FROM to TO, copying if TO exists. TARGET_STAT has the file status +- that, if non-NULL, is used to fix up timestamps after rename. Return 0 if +- ok, -1 if error. */ ++/* Copy FROM to TO. TARGET_STAT has the file status that, if non-NULL, ++ is used to fix up timestamps. Return 0 if ok, -1 if error. ++ At one time this function renamed files, but file permissions are ++ tricky to update given the number of different schemes used by ++ various systems. So now we just copy. */ + + int + smart_rename (const char *from, const char *to, +- struct stat *target_stat ATTRIBUTE_UNUSED) ++ struct stat *target_stat) + { +- int ret = 0; +- struct stat to_stat; +- bfd_boolean exists; +- +- exists = lstat (to, &to_stat) == 0; +- +-#if defined (_WIN32) && !defined (__CYGWIN32__) +- /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but +- fail instead. Also, chown is not present. */ +- +- if (exists) +- remove (to); ++ int ret; + +- ret = rename (from, to); ++ ret = simple_copy (from, to); + if (ret != 0) +- { +- /* We have to clean up here. */ +- non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno)); +- unlink (from); +- } +-#else +- /* Avoid a full copy and use rename if TO does not exist. */ +- if (!exists) +- { +- if ((ret = rename (from, to)) != 0) +- { +- /* We have to clean up here. */ +- non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno)); +- unlink (from); +- } +- } +- else +- { +- ret = simple_copy (from, to); +- if (ret != 0) +- non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno)); ++ non_fatal (_("unable to copy file '%s'; reason: %s"), ++ to, strerror (errno)); + +- if (target_stat != NULL) +- set_times (to, target_stat); +- unlink (from); +- } +-#endif /* _WIN32 && !__CYGWIN32__ */ ++ if (target_stat != NULL) ++ set_times (to, target_stat); ++ unlink (from); + + return ret; + } +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c index af7af524eb..9eb5ca807a 100644 --- a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c +++ b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c @@ -9,6 +9,7 @@ #include <argp.h> #include <stdio.h> +#include <stdlib.h> #include <dwarf.h> #include <elfutils/libdw.h> @@ -83,13 +84,15 @@ process_cu (Dwarf_Die *cu_die) int main (int argc, char **argv) { - char* args[3]; + char* args[5]; int res = 0; Dwfl *dwfl; Dwarf_Addr bias; - if (argc != 2) + if (argc != 2) { fprintf(stderr, "Usage %s <file>", argv[0]); + exit(EXIT_FAILURE); + } // Pretend "dwarfsrcfiles -e <file>" was given, so we can use standard // dwfl argp parser to open the file for us and get our Dwfl. Useful @@ -98,8 +101,12 @@ main (int argc, char **argv) args[0] = argv[0]; args[1] = "-e"; args[2] = argv[1]; + // We don't want to follow debug linked files due to the way OE processes + // files, could race against changes in the linked binary (e.g. objcopy on it) + args[3] = "--debuginfo-path"; + args[4] = "/not/exist"; - argp_parse (dwfl_standard_argp (), 3, args, 0, NULL, &dwfl); + argp_parse (dwfl_standard_argp (), 5, args, 0, NULL, &dwfl); Dwarf_Die *cu = NULL; while ((cu = dwfl_nextcu (dwfl, cu, &bias)) != NULL) diff --git a/poky/meta/recipes-devtools/go/go-1.16.3.inc b/poky/meta/recipes-devtools/go/go-1.16.5.inc index ebd25a5eaa..bd928e44f8 100644 --- a/poky/meta/recipes-devtools/go/go-1.16.3.inc +++ b/poky/meta/recipes-devtools/go/go-1.16.5.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.3" +PV = "1.16.5" FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,4 +17,4 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "b298d29de9236ca47a023e382313bcc2d2eed31dfa706b60a04103ce83a71a25" +SRC_URI[main.sha256sum] = "7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.5.bb index d01a2bd8f1..b3e2b6a60e 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.16.5.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "951a3c7c6ce4e56ad883f97d9db74d3d6d80d5fec77455c6ada6c1f7ac4776d2" -SRC_URI[go_linux_arm64.sha256sum] = "566b1d6f17d2bc4ad5f81486f0df44f3088c3ed47a3bec4099d8ed9939e90d5d" +SRC_URI[go_linux_amd64.sha256sum] = "b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061" +SRC_URI[go_linux_arm64.sha256sum] = "d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.5.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.16.5.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.5.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.5.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.3.bb b/poky/meta/recipes-devtools/go/go-native_1.16.5.bb index f14892cdb0..f14892cdb0 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.16.5.bb diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.5.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.16.5.bb diff --git a/poky/meta/recipes-devtools/go/go_1.16.3.bb b/poky/meta/recipes-devtools/go/go_1.16.5.bb index 4e9e0ebec8..4e9e0ebec8 100644 --- a/poky/meta/recipes-devtools/go/go_1.16.3.bb +++ b/poky/meta/recipes-devtools/go/go_1.16.5.bb diff --git a/poky/meta/recipes-devtools/perl/perl_5.32.1.bb b/poky/meta/recipes-devtools/perl/perl_5.32.1.bb index b28040c7fb..f8893af3e2 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.32.1.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.32.1.bb @@ -62,6 +62,8 @@ do_configure_class-target() { -Dsoname=libperl.so.5 \ -Dvendorprefix=${prefix} \ -Darchlibexp=${STAGING_LIBDIR}/perl5/${PV}/${TARGET_ARCH}-linux \ + -Dlibpth='${libdir} ${base_libdir}' \ + -Dglibpth='${libdir} ${base_libdir}' \ ${PACKAGECONFIG_CONFARGS} #perl.c uses an ARCHLIB_EXP define to generate compile-time code that diff --git a/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch b/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch new file mode 100644 index 0000000000..d0aca65393 --- /dev/null +++ b/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch @@ -0,0 +1,35 @@ +From 8070c6a4931801b6550c79c5766dfd3a99976036 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 8 Jul 2021 14:48:36 +0800 +Subject: [PATCH] Merge pull request #15 from danaj/danaj/unsafe-decoding + +Upstream-Status: Backport[https://github.com/gbarr/perl-Convert-ASN1/commit/108e784417db7893f348c381c837537c3bd39373] +CVE: CVE-2013-7488 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + lib/Convert/ASN1/_decode.pm | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm +index cd173f9..495e1bf 100644 +--- a/lib/Convert/ASN1/_decode.pm ++++ b/lib/Convert/ASN1/_decode.pm +@@ -683,12 +683,14 @@ sub _scan_indef { + $pos += 2; + next; + } ++ return if $pos >= $end; + + my $tag = substr($_[0], $pos++, 1); + + if((unpack("C",$tag) & 0x1f) == 0x1f) { + my $b; + do { ++ return if $pos >= $end; + $tag .= substr($_[0],$pos++,1); + $b = ord substr($tag,-1); + } while($b & 0x80); +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb index 409a8f3896..8ec96860ad 100644 --- a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb +++ b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb @@ -5,7 +5,8 @@ DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data using LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f" -SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz" +SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz \ + file://CVE-2013-7488.patch" SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c" SRC_URI[sha256sum] = "74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch new file mode 100644 index 0000000000..4c9cb0ebb2 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch @@ -0,0 +1,46 @@ +From 836f93de99b35050d78d61d3654f7c5655184144 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine <fontaine.fabrice@gmail.com> +Date: Fri, 19 Apr 2019 10:19:50 +0200 +Subject: [PATCH] hw/xwayland/Makefile.am: fix build without glx + +Commit d8ec33fe0542141aed1d9016d2ecaf52da944b4b added libglxvnd.la to +Xwayland_LDFLAGS but GLX can be disabled through --disable-glx. +In this case, build fails on: + +make[3]: *** No rule to make target '../../glx/libglxvnd.la', needed by 'Xwayland'. Stop. +make[3]: *** Waiting for unfinished jobs.... + +Fixes: + - http://autobuild.buildroot.org/results/397f8098c57fc6c88aa12dc8d35ebb1b933d52ef + +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/836f93de99b35050d78d61d3654f7c5655184144] +Signed-off-by: Wadim Egorov <w.egorov@phytec.de> +--- + hw/xwayland/Makefile.am | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/hw/xwayland/Makefile.am b/hw/xwayland/Makefile.am +index bc1cb8506..502879e2a 100644 +--- a/hw/xwayland/Makefile.am ++++ b/hw/xwayland/Makefile.am +@@ -21,10 +21,14 @@ Xwayland_SOURCES = \ + $(top_srcdir)/Xi/stubs.c \ + $(top_srcdir)/mi/miinitext.c + ++if GLX ++GLXVND_LIB = $(top_builddir)/glx/libglxvnd.la ++endif ++ + Xwayland_LDADD = \ + $(glamor_lib) \ + $(XWAYLAND_LIBS) \ +- $(top_builddir)/glx/libglxvnd.la \ ++ $(GLXVND_LIB) \ + $(XWAYLAND_SYS_LIBS) \ + $(top_builddir)/Xext/libXvidmode.la \ + $(XSERVER_SYS_LIBS) +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index 755a762a73..e0551fa999 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -8,6 +8,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \ file://CVE-2021-3472.patch \ + file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb index ed6e78175a..26091fba70 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb @@ -229,6 +229,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ ${PN}-vt6656-license ${PN}-vt6656 \ + ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ ${PN}-rtl8168 \ ${PN}-cypress-license \ @@ -529,6 +530,16 @@ RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license" RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license" RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" +# For RSI RS911x WiFi +LICENSE_${PN}-rs9113 = "WHENCE" +LICENSE_${PN}-rs9116 = "WHENCE" + +FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " +FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " + +RDEPENDS_${PN}-rs9113 += "${PN}-whence-license" +RDEPENDS_${PN}-rs9116 += "${PN}-whence-license" + # For rtl LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb index 84e99233e6..92076ac8b0 100644 --- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -112,6 +112,9 @@ do_install() { if [ "${ARCH}" = "arm64" ]; then cp -a --parents arch/arm64/kernel/vdso/vdso.lds $kerneldir/build/ fi + if [ "${ARCH}" = "powerpc" ]; then + cp -a --parents arch/powerpc/kernel/vdso32/vdso32.lds $kerneldir/build 2>/dev/null || : + fi cp -a include $kerneldir/build/include @@ -163,6 +166,14 @@ do_install() { cp -a --parents arch/arm64/kernel/vdso/gen_vdso_offsets.sh $kerneldir/build/ cp -a --parents arch/arm64/kernel/module.lds $kerneldir/build/ 2>/dev/null || : + + # 5.13+ needs these tools + cp -a --parents arch/arm64/tools/gen-cpucaps.awk $kerneldir/build/ 2>/dev/null || : + cp -a --parents arch/arm64/tools/cpucaps $kerneldir/build/ 2>/dev/null || : + + if [ -e $kerneldir/build/arch/arm64/tools/gen-cpucaps.awk ]; then + sed -i -e "s,#!.*awk.*,#!${USRBINPATH}/env awk," $kerneldir/build/arch/arm64/tools/gen-cpucaps.awk + fi fi if [ "${ARCH}" = "powerpc" ]; then @@ -170,6 +181,7 @@ do_install() { cp -a --parents arch/${ARCH}/kernel/syscalls/syscall.tbl $kerneldir/build/ 2>/dev/null || : cp -a --parents arch/${ARCH}/kernel/syscalls/syscalltbl.sh $kerneldir/build/ 2>/dev/null || : cp -a --parents arch/${ARCH}/kernel/syscalls/syscallhdr.sh $kerneldir/build/ 2>/dev/null || : + cp -a --parents arch/${ARCH}/kernel/vdso32/* $kerneldir/build/ 2>/dev/null || : fi # include the machine specific headers for ARM variants, if available. @@ -273,7 +285,11 @@ do_install() { sed -i 's/ifneq "$(LD)" ".*-linux-.*ld.bfd.*$/ifneq "$(LD)" "ld"/' "$kerneldir/build/include/config/auto.conf.cmd" sed -i 's/ifneq "$(AR)" ".*-linux-.*ar.*$/ifneq "$(AR)" "ar"/' "$kerneldir/build/include/config/auto.conf.cmd" sed -i 's/ifneq "$(OBJCOPY)" ".*-linux-.*objcopy.*$/ifneq "$(OBJCOPY)" "objcopy"/' "$kerneldir/build/include/config/auto.conf.cmd" - sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm"/' "$kerneldir/build/include/config/auto.conf.cmd" + if [ "${ARCH}" = "powerpc" ]; then + sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm --synthetic"/' "$kerneldir/build/include/config/auto.conf.cmd" + else + sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm"/' "$kerneldir/build/include/config/auto.conf.cmd" + fi sed -i 's/ifneq "$(HOSTCXX)" ".*$/ifneq "$(HOSTCXX)" "g++"/' "$kerneldir/build/include/config/auto.conf.cmd" sed -i 's/ifneq "$(HOSTCC)" ".*$/ifneq "$(HOSTCC)" "gcc"/' "$kerneldir/build/include/config/auto.conf.cmd" sed -i 's/ifneq "$(CC_VERSION_TEXT)".*\(gcc.*\)"/ifneq "$(CC_VERSION_TEXT)" "\1"/' "$kerneldir/build/include/config/auto.conf.cmd" @@ -307,3 +323,7 @@ RDEPENDS_${PN} += "openssl-dev util-linux" RDEPENDS_${PN} += "${@bb.utils.contains('ARCH', 'x86', 'elfutils', '', d)}" # 5.8+ needs gcc-plugins libmpc-dev RDEPENDS_${PN} += "gcc-plugins libmpc-dev" +# 5.13+ needs awk for arm64 +RDEPENDS_${PN}_append_aarch64 = " gawk" +# 5.13+ needs grep for powerpc +RDEPENDS_${PN}_append_powerpc = " grep" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index f511f233b6..e0d8280128 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "4a59bc57b2be77da9394b10eb37067da7d63b7a4" -SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3" +SRCREV_machine ?= "42032770803ba26765376967cef09945f48abe04" +SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.46" +LINUX_VERSION ?= "5.10.47" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 3e97058f68..7a4267531f 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "f3ac47f313e4ce608b3567c006f61d1d8b820ae2" -SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880" +SRCREV_machine ?= "c86c4081f4764f57bbb26df8a9202c01799c3771" +SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.128" +LINUX_VERSION ?= "5.4.129" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index f5ade2992c..6b71573a39 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.46" +LINUX_VERSION ?= "5.10.47" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "dd1f9602f3e4e9dc177421ba12ce073ad2099a58" -SRCREV_machine ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3" +SRCREV_machine_qemuarm ?= "eaad1adbc817d996edf44fdd520da4810e57e66d" +SRCREV_machine ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 2eb5ebdbbd..5d487ac23f 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.128" +LINUX_VERSION ?= "5.4.129" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "987d6fd6c916297cde5cc7e988c28ef1e458f1cf" -SRCREV_machine ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880" +SRCREV_machine_qemuarm ?= "ca636d1a2ccbb2626c4eacbdb0da2c30654b108c" +SRCREV_machine ?= "d46f8ecb3f81bdba8131b90dc90174ecb36a1b78" +SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb index dd4aef7f89..0315808989 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "17e89ca08f67fdcbaf0a3ae4c429602f76463923" -SRCREV_machine_qemuarm64 ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemumips ?= "bdcaaee7b7ce0e865670a2cee55b1974eb67357b" -SRCREV_machine_qemuppc ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemuriscv64 ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemuriscv32 ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemux86 ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemux86-64 ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_machine_qemumips64 ?= "2f11a726a60ad9e8a48de6bc2101a993b461e8d1" -SRCREV_machine ?= "139fe7d68413054f850e206ab749f97a968867a8" -SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3" +SRCREV_machine_qemuarm ?= "8950bba5dc5b6139af3711cf82b6c35ea3ef873f" +SRCREV_machine_qemuarm64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemumips ?= "271e6f3b206246da2937788d83c3b4e57cb33da0" +SRCREV_machine_qemuppc ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemuriscv64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemuriscv32 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemux86 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemux86-64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_machine_qemumips64 ?= "1112c8f8594df02dd6f2bd1cf13848536ca3f536" +SRCREV_machine ?= "52bcc5b2342739bbfc8fc385d151616883c4425c" +SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.46" +LINUX_VERSION ?= "5.10.47" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 5a7e9f0a35..94605b3942 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "69874edb0838e4d26002a8d30e14a5e1b355e397" -SRCREV_machine_qemuarm64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_machine_qemumips ?= "1bfafb3ce048d4a30aca35e847168855980f5dbc" -SRCREV_machine_qemuppc ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_machine_qemuriscv64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_machine_qemux86 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_machine_qemux86-64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_machine_qemumips64 ?= "2a0ea1bced3f4b8ebebb19debc19b7930a4924a8" -SRCREV_machine ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011" -SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880" +SRCREV_machine_qemuarm ?= "dfb964733268c1e6f932900a384a793a0ca8de34" +SRCREV_machine_qemuarm64 ?= "7d3eac73a6edc8fdcd701bbb0aa8c21030eb2027" +SRCREV_machine_qemumips ?= "a40b68f2f4be601dfe020940ad29ac894cc31298" +SRCREV_machine_qemuppc ?= "a3258c8b1690ecfa620eae9552a75cec9224ecd4" +SRCREV_machine_qemuriscv64 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778" +SRCREV_machine_qemux86 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778" +SRCREV_machine_qemux86-64 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778" +SRCREV_machine_qemumips64 ?= "dded4f6e58cd90c7333b5257c9327e5e30f78e26" +SRCREV_machine ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778" +SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.128" +LINUX_VERSION ?= "5.4.129" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch new file mode 100644 index 0000000000..6c3590c311 --- /dev/null +++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch @@ -0,0 +1,33 @@ +Backport patch to fix CVE-2021-33477. + +CVE: CVE-2021-33477 + +Upstream-Status: Backport [http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + src/command.C | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/command.C b/src/command.C +index 7b79f51..2f7de60 100644 +--- a/src/command.C ++++ b/src/command.C +@@ -2725,7 +2725,7 @@ rxvt_term::process_escape_seq () + /* kidnapped escape sequence: Should be 8.3.48 */ + case C1_ESA: /* ESC G */ + // used by original rxvt for rob nations own graphics mode +- if (cmd_getc () == 'Q') ++ if (cmd_getc () == 'Q' && option (Opt_insecure)) + tt_printf ("\033G0\012"); /* query graphics - no graphics */ + break; + +@@ -2944,7 +2944,7 @@ rxvt_term::process_csi_seq () + break; + + case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ +- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ ++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ + #ifdef ISO6429 + arg[0] = -arg[0]; + #else /* emulate common DEC VTs */ diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb index 283e8d7751..dee549cc78 100644 --- a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb +++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb @@ -4,7 +4,9 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6" -SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch" +SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch \ + file://rxvt-unicode-fix-CVE-2021-33477.patch \ + " SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd" diff --git a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb index 19e991e65f..00f3a86dd6 100644 --- a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb +++ b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb @@ -20,7 +20,7 @@ do_compile() { } do_install() { - ./b2 install --prefix=${prefix} staging-prefix=${D}${prefix} + HOME=/var/run ./b2 install --prefix=${prefix} staging-prefix=${D}${prefix} } # The build is either release mode (pre-stripped) or debug (-O0). diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch new file mode 100644 index 0000000000..fcd11b7674 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch @@ -0,0 +1,72 @@ +From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 23 Apr 2021 10:54:10 +0200 +Subject: [PATCH] schannel: don't use static to store selected ciphers + +CVE-2021-22897 + +Bug: https://curl.se/docs/CVE-2021-22897.html + +Upstream-Status: Backport +[https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511] + +CVE: CVE-2021-22897 + +Signed-off-by: Daniel Stenberg <daniel@haxx.se> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + lib/vtls/schannel.c | 9 +++++---- + lib/vtls/schannel.h | 3 +++ + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c +index 8c25ac5dd5a5..dba7072273a9 100644 +--- a/lib/vtls/schannel.c ++++ b/lib/vtls/schannel.c +@@ -328,12 +328,12 @@ get_alg_id_by_name(char *name) + } + + static CURLcode +-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) ++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, ++ int *algIds) + { + char *startCur = ciphers; + int algCount = 0; +- static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ +- while(startCur && (0 != *startCur) && (algCount < 45)) { ++ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) { + long alg = strtol(startCur, 0, 0); + if(!alg) + alg = get_alg_id_by_name(startCur); +@@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, + } + + if(SSL_CONN_CONFIG(cipher_list)) { +- result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); ++ result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list), ++ BACKEND->algIds); + if(CURLE_OK != result) { + failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); + return result; +diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h +index 2952caa1a5a1..77853aa30f96 100644 +--- a/lib/vtls/schannel.h ++++ b/lib/vtls/schannel.h +@@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, + #endif + #endif + ++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ ++ + struct Curl_schannel_cred { + CredHandle cred_handle; + TimeStamp time_stamp; +@@ -102,6 +104,7 @@ struct ssl_backend_data { + #ifdef HAS_MANUAL_VERIFY_API + bool use_manual_cred_validation; /* true if manual cred validation is used */ + #endif ++ ALG_ID algIds[NUMOF_CIPHERS]; + }; + #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch new file mode 100644 index 0000000000..1a9cd7289e --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch @@ -0,0 +1,32 @@ +From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001 +From: Harry Sintonen <sintonen@iki.fi> +Date: Fri, 7 May 2021 13:09:57 +0200 +Subject: [PATCH] telnet: check sscanf() for correct number of matches + +CVE-2021-22898 + +Bug: https://curl.se/docs/CVE-2021-22898.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde] + +CVE: CVE-2021-22898 + +Signed-off-by: Harry Sintonen <sintonen@iki.fi> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + lib/telnet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/telnet.c b/lib/telnet.c +index 26e0658ba9cc..fdd137fb0c04 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data) + size_t tmplen = (strlen(v->data) + 1); + /* Add the variable only if it fits */ + if(len + tmplen < (int)sizeof(temp)-6) { +- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { ++ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { + msnprintf((char *)&temp[len], sizeof(temp) - len, + "%c%s%c%s", CURL_NEW_ENV_VAR, varname, + CURL_NEW_ENV_VALUE, varval); diff --git a/poky/meta/recipes-support/curl/curl_7.75.0.bb b/poky/meta/recipes-support/curl/curl_7.75.0.bb index f7a8202bc9..42be2eb0b5 100644 --- a/poky/meta/recipes-support/curl/curl_7.75.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.75.0.bb @@ -15,6 +15,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0002-transfer-strip-credentials-from-the-auto-referer-hea.patch \ file://vtls-fix-addsessionid.patch \ file://vtls-fix-warning.patch \ + file://CVE-2021-22898.patch \ + file://CVE-2021-22897.patch \ " SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026" diff --git a/poky/scripts/lib/devtool/deploy.py b/poky/scripts/lib/devtool/deploy.py index e5af2c95ae..833322571f 100644 --- a/poky/scripts/lib/devtool/deploy.py +++ b/poky/scripts/lib/devtool/deploy.py @@ -168,7 +168,7 @@ def deploy(args, config, basepath, workspace): if args.strip and not args.dry_run: # Fakeroot copy to new destination srcdir = recipe_outdir - recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'deploy-target-stripped') + recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'devtool-deploy-target-stripped') if os.path.isdir(recipe_outdir): bb.utils.remove(recipe_outdir, True) exec_fakeroot(rd, "cp -af %s %s" % (os.path.join(srcdir, '.'), recipe_outdir), shell=True) diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index edd17d09c4..c985f4e75a 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -232,9 +232,12 @@ class BaseConfig(object): def release_taplock(self): if self.taplock_descriptor: logger.debug("Releasing lockfile for tap device '%s'" % self.tap) - fcntl.flock(self.taplock_descriptor, fcntl.LOCK_UN) + # We pass the fd to the qemu process and if we unlock here, it would unlock for + # that too. Therefore don't unlock, just close + # fcntl.flock(self.taplock_descriptor, fcntl.LOCK_UN) self.taplock_descriptor.close() - os.remove(self.taplock) + # Removing the file is a potential race, don't do that either + # os.remove(self.taplock) self.taplock_descriptor = None def check_free_port(self, host, port, lockdir): @@ -272,17 +275,23 @@ class BaseConfig(object): def release_portlock(self, lockfile=None): if lockfile != None: - logger.debug("Releasing lockfile '%s'" % lockfile) - fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_UN) - self.portlocks[lockfile].close() - os.remove(lockfile) - del self.portlocks[lockfile] + logger.debug("Releasing lockfile '%s'" % lockfile) + # We pass the fd to the qemu process and if we unlock here, it would unlock for + # that too. Therefore don't unlock, just close + # fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_UN) + self.portlocks[lockfile].close() + # Removing the file is a potential race, don't do that either + # os.remove(lockfile) + del self.portlocks[lockfile] elif len(self.portlocks): for lockfile, descriptor in self.portlocks.items(): logger.debug("Releasing lockfile '%s'" % lockfile) - fcntl.flock(descriptor, fcntl.LOCK_UN) + # We pass the fd to the qemu process and if we unlock here, it would unlock for + # that too. Therefore don't unlock, just close + # fcntl.flock(descriptor, fcntl.LOCK_UN) descriptor.close() - os.remove(lockfile) + # Removing the file is a potential race, don't do that either + # os.remove(lockfile) self.portlocks = {} def get(self, key): |