diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-05-19 04:42:15 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-05-19 04:57:23 +0300 |
| commit | d7eca3aaccf58555fa5619465140d3b71204720c (patch) | |
| tree | 6a6088979a6e8c3ee0e6e5f18116d7efef935062 /poky | |
| parent | 2c4f2cf6b7e6860bdf024da8fdf998b97c66c39b (diff) | |
| download | openbmc-d7eca3aaccf58555fa5619465140d3b71204720c.tar.xz | |
subtree updates2.10.0-rc1
meta-raspberrypi: 8cffbf5e85..b601818301:
Changqing Li (1):
99-com.rules: fix error invalid substitution type
Khem Raj (2):
linux-firmware-rpidistro: Update to 20190114-1+rpt11
bluez-firmware-rpidistro: Update to 1.2-4+rpt8
Pierre-Jean Texier (1):
rpi-base: make SPLASH overridable from outside
SCVready (1):
rpi-config: comment updated
matt-hammond-bbc (1):
libva: Fix for when using `userland`
poky: 1203d1f24d..05a8aad57c:
Alejandro Enedino Hernandez Samaniego (2):
python3: Upgrade 3.9.2 -> 3.9.4
python3: Improve logging, syntax and update deprecated modules to create_manifest
Alexander Kanavin (6):
scripts/oe-debuginfod: correct several issues
oeqa: tear down oeqa decorators if one of them raises an exception in setup
meta/lib/oeqa/core/tests/cases/timeout.py: add a testcase for the previous fix
Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
diffoscope: add native libraries to LD_LIBRARY_PATH
linux-firmware: upgrade 20210208 -> 20210315
Anders Wallin (2):
lttng-tools: Fix missing legacy test files
lttng-tools: Fix path for test_python_looging
Anthony Bagwell (1):
systemd: upgrade 247.4 -> 247.6
Anuj Mittal (2):
qemu: fix CVE-2021-3392
lsb-release: fix reproducibility failure
Bruce Ashfield (19):
linux-yocto/5.4: update to v5.4.109
linux-yocto/5.10: update to v5.10.27
linux-yocto/5.10: BSP configuration fixes
linux-yocto/5.10: update to v5.10.29
linux-yocto/5.4: update to v5.4.111
linux-yocto/5.10: update to v5.10.30
linux-yocto-rt/5.10: update to -rt34
linux-yocto/5.4: update to v5.4.112
linux-yocto/5.4: fix arm defconfig warnings
linux-yocto/5.10: fix arm defconfig warnings
linux-yocto/5.10: aufs fixes
linux-yocto/5.10: qemuriscv32.cfg: RV32 only supports 1G physical memory
linux-yocto/5.10: update to v5.10.32
perf: fix python-audit RDEPENDS
linux-yocto/5.4: update to v5.4.114
linux-yocto/5.10: update to v5.10.34
linux-yocto/5.4: update to v5.4.116
linux-yocto/5.10: qemuppc32: reduce serial shutdown issues
linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
Changqing Li (2):
cairo: fix CVE-2020-35492
gdk-pixbuf: fix CVE-2021-20240
Chen Qi (5):
busybox: fix CVE-2021-28831
glib-2.0: fix CVE-2021-28153
weston: fix build failure due to race condition
rsync: fix CVE-2020-14387
db: update CVE_PRODUCT
Christophe Chapuis (1):
rootfs.py: find .ko.gz and .ko.xz kernel modules as well
Daniel Ammann (1):
archiver: Fix typos
Douglas Royds (2):
Revert "externalsrc: Detect code changes in submodules"
externalsrc: Detect code changes in submodules
Gavin Li (1):
kmod: do not symlink config.guess/config.sub during autoreconf
He Zhe (1):
linux-yocto-dev: add features/scsi/scsi-debug.scc features/gpio/mockup.scc to KERNEL_FEATURES
Jon Mason (1):
oeqa/runtime: space needed
Jonas Höppner (1):
ltp: fix empty ltp-dev package
Jose Quaresma (1):
ptest-runner: libgcc must be installed for pthread_cancel to work
Joshua Watt (1):
classes/image: Use xargs to set file timestamps
Kai Kang (3):
kernel-yocto.bbclass: chdir to ${WORKDIR} for do_kernel_checkout
cmake.bbclass: remove ${B} before cmake_do_configure
grub2.inc: remove '-O2' from CFLAGS
Kevin Hao (3):
modutils-initscripts: Bail out when no module is installed
sysvinit-inittab/start_getty: Check /sys for the tty device existence
Revert "inittab: Add getty launch on hvc0 for qemuppc64"
Khairul Rohaizzat Jamaluddin (1):
qemu: Fix CVE-2020-35517
Khem Raj (6):
ca-certificates: Fix openssl runtime cert dependencies
systemd: Fix build on mips/musl
go: Use dl.google.com for SRC_URI
libjpeg-turbo: Use --reproducible option for nasm
busybox: Fix reproducibility
webkitgtk: Fix reproducibility in minibrowser
Konrad Weihmann (1):
cve-update-db-native: skip on empty cpe23Uri
Michael Opdenacker (1):
sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure message
Mikko Rapeli (2):
bitbake: bitbake: tests/fetch: fix test execution without .gitconfig
bitbake: bitbake: tests/fetch: remove write protected files too
Mingli Yu (6):
groff: not ship /usr/bin/grap2graph
libtool: make sure autoheader run before automake
packagegroup-core-tools-profile: Remove valgrind for riscv32
packagegroup-core-tools-testapps.bb: Remove kexec for riscv32
libxshmfence: Build fixes for riscv32
rpm: Upgrade to 4.16.1.3
Niels Avonds (1):
bitbake: fetch/gitsm: Fix crash when using git LFS and submodules
Peter Budny (1):
lib/oe/terminal: Fix tmux new-session on older tmux versions (<1.9)
Peter Kjellerstedt (1):
libcap: Configure Make variables correctly without a horrible hack
Randy MacLeod (1):
oe-time-dd-test.sh: increase timeout to 15 sec
Reto Schneider (2):
license_image.bbclass: Detect broken symlinks
license_image.bbclass: Fix symlink to generic license files
Richard Purdie (22):
oeqa/selftest: Hardcode test assumptions about heartbeat event timings
bitbake: runqueue: Fix deferred task issues
pseudo: Upgrade to add trailing slashes ignore path fix
oeqa/selftest: Ensure packages classes are set correctly for maintainers test
sanity: Add error check for '%' in build path
runqemu: Ensure we cleanup snapshot files after image run
yocto-check-layer: Avoid bug when iterating and autoadding dependencies
patchelf: Backport fix from upstream for note section overlap error
bitbake: runqueue: Fix multiconfig deferred task sstate validity caching issue
bitbake: runqueue: Handle deferred task rehashing in multiconfig builds
patchelf: Fix note section alignment issues
patchelf: Fix alignment patch
pybootchart/draw: Avoid divide by zero error
yocto-uninative: Update to 3.1 which includes a patchelf fix
lib/package_manager: Use shutil.copy instead of bb.utils.copyfile for intercepts
oeqa/qemurunner: Improve logging thread exit handling for qemu shutdown test
oeqa/qemurunner: Fix binary vs str issue
oeqa/qemurunner: Improve handling of run_serial for shutdown commands
puzzles: Upstream changed to main branch for development
poky.conf: Bump version for 3.3.1 hardknott release
build-appliance-image: Update to hardknott head revision
documentation: prepare for 3.3.1 release
Romain Naour (1):
dejagnu: needs expect at runtime
Ross Burton (4):
bitbake: bitbake-server: ensure server timeout is a float
insane: clean up some more warning messages
glslang: strip whitespace in pkgconfig file
oe-buildenv-internal: add BitBake's library to PYTHONPATH
Sakib Sajal (10):
oe-time-dd-test.sh: make executable
oe-time-dd-test.sh: provide more information from "top"
qemu: fix CVE-2021-20181
qemu: fix CVE-2020-29443
qemu: fix CVE-2021-20221
qemu: fix CVE-2021-3409
qemu: fix CVE-2021-3416
qemu: fix CVE-2021-20257
qemu: fix CVE-2020-27821
qemu: fix CVE-2021-20263
Saul Wold (1):
pango: re-enable ptest
Stefan Ghinea (3):
wpa-supplicant: fix CVE-2021-30004
libssh2: fix build failure with option no-ecdsa
xserver-xorg: fix CVE-2021-3472
Trevor Gamblin (1):
nettle: upgrade 3.7.1 -> 3.7.2
Ulrich Ölmann (1):
arch-armv6m.inc: fix access rights
Vinícius Ossanes Aquino (1):
lttng-modules: backport patches to fix build against 5.12+ kernel
Wes Lindauer (1):
oeqa/runtime/cases: Only disable/enable for current boot
Yanfei Xu (1):
parselogs: ignore floppy error on qemu-system-x86 at boot stage
Yann Dirson (1):
linux-firmware: include all relevant files in -bcm4356
Yi Fan Yu (1):
libevent: Increase ptest timing tolerance 50 ms -> 100 ms
hongxu (1):
deb: apply postinstall on sdk
wangmy (4):
mesa: upgrade 21.0.1 -> 21.0.2
go: update SRC_URI to use https protocol
go: upgrade 1.16.2 -> 1.16.3
mesa: upgrade 21.0.2 -> 21.0.3
zhengruoqin (2):
wireless-regdb: upgrade 2020.11.20 -> 2021.04.21
ruby: upgrade 3.0.0 -> 3.0.1
meta-openembedded: 98175fd0cc..bbe3855ec7:
Aditya.Tayade (1):
neon: Add ptest
Andreas Müller (17):
udisks2: upgrade 2.9.1 -> 2.9.2 / replace '_git' by version in recipe-name
poppler: upgrade 21.02.0 -> 21.03.0
xfce4-panel: upgrade 4.16.1 -> 4.16.2
xfce4-cpugraph-plugin: upgrade 1.2.1 -> 1.2.3
xfce4-time-out-plugin: upgrade 1.1.1 -> 1.1.2
mousepad: upgrade 0.5.2 -> 0.5.3
xfce4-panel-profiles: 1.0.12 -> 1.0.13
thunar: upgrade 4.16.2 -> 4.16.4
xfce4-taskmanager: upgrade 1.4.0 -> 1.4.2
networkmanager-openvpn: Fix packageing
mousepad: upgrade 0.5.3 -> 0.5.4
xfce4-battery-plugin: upgrade 1.1.3 -> 1.1.4
gigolo: upgrade 0.5.1 -> 0.5.2
thunar: upgrade 4.16.4 -> 4.16.6
poppler: upgrade 21.03.0 -> 21.04.0
catfish: add python3-dbus to RDEPENDS
fluidsynth: upgrade 2.1.7 -> 2.2.0
Andrei Gherzan (6):
python3-pep8: Fix HOMEPAGE
python3-mccabe: Fix HOMEPAGE
python3-ifaddr: Integrate a dependency of pysonos
python3-pysonos: Integrate the SONOS control HomeAssistant module
python3-aiohue: Integrate the hue control python module
packagegroup-meta-python: Add new modules (aiohue, ifaddr, pysonos)
Andrej Valek (1):
jsoncpp: Upgrade to 1.9.4
Andrew Geissler (1):
nodejs: ppc64le machine support
Armin Kuster (3):
wireguard: update to v1.0.20210219 +1
nostromo: Blacklist and exclude from world builds
packagegroup-meta-webserver: remove nostromo from pkg grp
Awais Belal (1):
libnet-ssleay-perl: add rdep on perl-module-autoloader
Bartosz Golaszewski (11):
pystemd: satisfy runtime dependencies
python3-pythonping: new package
python3-wpa-supplicant: new package
python3-txdbus: new package
python3-wpa-supplicant: add runtime dependencies
python3-wpa-supplicant: fix importing the cli submodule
python3-wpa-supplicant: replace DESCRIPTION with SUMMARY
libgpiod: update v1.6.2 -> v1.6.3
python3-txdbus: add missing runtime dependencies
python3-jmespath: new package
python3-docutils: new package
Ben Gampe (1):
python3-h11: new package
Carlos Rafael Giani (1):
pipewire: Upgrade to 0.3.24
Changqing Li (2):
php: allow php as empty
openldap: upgrade 2.4.57 -> 2.4.58
Chen Qi (2):
tigervnc: upgrade to 1.11.0
python3-django: upgrade to 2.2.20
Clément Péron (2):
grpc: move grpc plugins to a new grpc-compiler package
nodejs: 12.20.2 -> 12.21.0
Colin McAllister (1):
python3-gpsd-py3: Added recipe
Daniel Wagenknecht (1):
gnome-keyring: set file capabilities in pkg_postinst
Denys Dmytriyenko (1):
glmark2: also depend on wayland-protocols when wayland distro feature is on
Devon Pringle (1):
python3-pastedeploy: Add recipe
Fabio Berton (1):
python3-requests: Support idna version 3.1
Hermes Zhang (1):
gpsd: backport d-bus message time patch from upstream
Hongxu Jia (1):
debootstrap: 1.0.67 -> 1.0.123
INC@Cisco) (2):
bpftool: remove recipe from blacklist
bpftool: improve reproducibility
Jan Kaisrlik (1):
abseil-cpp: reorder content of packages
Joe Hershberger (1):
strongswan: Make PACKAGECONFIG a default value
Joshua Watt (1):
classes: Add Android sparse image class
Kai Kang (9):
python3-pillow: 8.1.0 -> 8.1.2
xfce4-cpufreq-plugin: 1.2.2 -> 1.2.5
exo: 4.16.0 -> 4.16.1
xfce4-netload-plugin: 1.3.2 -> 1.4.0
xfce4-genmon-plugin: 4.1.0 -> 4.1.1
xfce4-weather-plugin: 0.10.2 -> 0.11.0
xfce4-systemload-plugin: 1.2.4 -> 1.3.0
xfce4-taskmanager: 1.4.2 -> 1.5.2
freeradius: check existence of openssl's commands in bootstrap
Kamil Dziezyk (1):
bats: upgrade 1.1.0 -> 1.3.0
Kartikey Rameshbhai Parmar (1):
fluidsynth: update SRC_URI to remove non-existing 2.1.x branch
Khem Raj (77):
nss: Disable Werror
open-vm-tools: Do not use volatile qualifier
dconf-editor: Fix build with vala 0.50.4
libbacktrace: Add recipe
libleak: Add recipe
packagegroup-meta-oe: Add libleak to packagegroup-meta-oe-extended
mongodb: Upgrade to 4.4.4
packagegroup-meta-python: Add python3-semantic-version
python3-grpcio: Upgrade to 1.36.1
python3-grpcio: Fix build on mips and musl
mpv: Link libatomic on riscv64
glog: Link with libexecinfo on musl
musl-nscd: Make lex syntax posix'y
libbpf: Depend on virtual/kernel:do_shared_workdir
waf-cross-answers: Add powerpc64le version
python3-grpcio,python3-grpcio-tools: Disable for ppc64le
openh264: Disable building for ppc64le
ufs-utils: Upgrade to 1.9
libhugetlbfs: Fix ARCH setting for ppc64 LE
nodejs: Set correct nodejs arch for ppc64le
libnma: Disbale vapi
xrdp: Upgrade to 0.9.15
ply: upgrade to latest
ply: Disable on ppc64
ltrace: Fix build on ppc64le/musl
oprofile: Fix build on musl
gperftools: Update SRCREV to point to 2.9.1 release
mongodb: Fix cross build on ppc64le
abseil-cpp: Fix build on musl and ppc64
mariadb: Fix build on musl/ppc
mongodb: Fix build on ppc64le
breakpad: Upgrade to latest
ssiapi: Disable for ppc64
kexec-tools-klibc: Use SITEINFO_BITS to construct includepath
breakpad: Exclude for ppc64
python3-grpcio,python3-grpcio-tools: Enable build on ppc64/glibc
breakpad: Do not fallback to android implementation for getcontext/setcontext on musl
oprofile: Upgrade to 1.4.0 release
vboxguestdrivers: Add __divmoddi4 builtin support
links-x11,links: Upgrade to 2.22
layers: Drop gatesgarth from LAYERSERIES_COMPAT
xxhash: Remove recipe
gsound: Use () instead of {} for makefile variable in gsound_play_VALAFLAGS
pipewire: Package systemd unit file for pipewire-media-session
packagegroup-meta-python: Add new package python3-pythonping
python3-spidev: Remove recipe for 3.2
python3-werkzeug: Clarify BSD license type
python3-werkzeug: Delete recipe for 1.0.0
python3-hexdump: Move cleanup_hexfile into install_append
cryptsetup: DEPEND on renamed util-linux-libuuid
tracker-miners: Check for commercial license to enable ffmpeg
gnome-settings-daemon: Do not generate meson.native
libb64: Add recipe
sysdig: Upgrade to 0.27.1
sysdig: Depend on system libb64
gimp: Disable vector iconn on rv32/musl
libcamera: Update the patch to upstreamed one
flashrom: Add remaining RISCV support
mpd: Check for commercial in LICENSE_FLAGS_WHITELIST
mpv: Exclude from world if commercial is not in inclusion list
sox: Exclude from world if commercial is not in inclusion list
vlc: Exclude from world if commercial is not in inclusion list
sox: Remove LICENSE_FLAGS = "commercial"
mariadb: Fix build on newer 32bit architectures
libmanette: Add recipe
pidgin-sipe: Fix build with glib-2.0 >= 2.68
gjs: Fix build with gcc11
poppler: Backport patches to fix build with glib-2.0 2.68+ and GCC11
opencv: Upgrade to 5.4.2
tbb: Fix build with musl
core-image-minimal-xfce: Use graphical.target as default
vnstat: Disable install parallism to fix a potential install race
open-vm-tools: Fix build with gcc 11
nss: Re-enable -Werror
gimp: Disable vector icon generation on mips/glibc too
tbb: Re-introduce PE
gimp: Disable vector icons on musl/x86
Leon Anavi (134):
python3-elementpath: Upgrade 2.1.4 -> 2.2.0
python3-twisted: Upgrade 20.3.0 -> 21.2.0
python3-ipython: Upgrade 7.20.0 -> 7.21.0
python3-yamlloader: Upgrade 0.5.5 -> 1.0.0
python3-astroid: Upgrade 2.5 -> 2.5.1
python3-portion: Upgrade 2.1.4 -> 2.1.5
python3-pandas: Upgrade 1.2.2 -> 1.2.3
python3-ruamel-yaml: Upgrade 0.16.12 -> 0.16.13
python3-prettytable: Upgrade 2.0.0 -> 2.1.0
python3-huey: Upgrade 2.3.0 -> 2.3.1
python3-pychromecast: Upgrade 8.1.0 -> 9.1.1
python3-incremental: Upgrade 17.5.0 -> 21.3.0
python3-waitress: Upgrade 1.4.4 -> 2.0.0
python3-pako: Upgrade 0.3.0 -> 0.3.1
python3-pyscaffold: Upgrade 3.3.1 -> 4.0
python3-croniter: Upgrade 1.0.6 -> 1.0.8
python3-prompt-toolkit: Upgrade 3.0.16 -> 3.0.17
python3-pymisp: Upgrade 2.4.138 -> 2.4.140
python3-jsonpatch: Upgrade 1.31 -> 1.32
python3-jsonpointer: Upgrade 2.0 -> 2.1
python3-configargparse: Upgrade 1.3 -> 1.4
python3-luma-core: Upgrade 2.2.0 -> 2.3.1
python3-pycodestyle: Upgrade 2.6.0 -> 2.7.0
python3-bitarray: Upgrade 1.7.0 -> 1.7.1
python3-alembic: Upgrade 1.5.5 -> 1.5.7
python3-pyflakes: Upgrade 2.2.0 -> 2.3.0
python3-autobahn: Upgrade 21.2.2 -> 21.3.1
python3-pulsectl: Upgrade 21.2.0 -> 21.3.4
python3-configparser: Upgrade 5.0.1 -> 5.0.2
python3-defusedxml: Upgrade 0.6.0 -> 0.7.1
python3-twine: Upgrade 3.3.0 -> 3.4.0
python3-socketio: Upgrade 5.0.4 -> 5.1.0
python3-soupsieve: Upgrade 2.2 -> 2.2.1
python3-cassandra-driver: Upgrade 3.24.0 -> 3.25.0
python3-urllib3: Upgrade 1.26.3 -> 1.26.4
python3-bitarray: Upgrade 1.7.1 -> 1.8.0
python3-pyscaffold: Upgrade 4.0 -> 4.0.1
python3-flask-migrate: Upgrade 2.6.0 -> 2.7.0
python3-grpcio-tools: Upgrade 1.35.0 -> 1.36.1
python3-humanize: Upgrade 3.2.0 -> 3.3.0
python3-regex: Upgrade 2020.11.13 -> 2021.3.17
python3-twine: Upgrade 3.4.0 -> 3.4.1
python3-isort: Upgrade 5.7.0 -> 5.8.0
python3-sqlalchemy: Upgrade 1.3.23 -> 1.4.2
python3-scrypt: Upgrade 0.8.6 -> 0.8.17
python3-colorlog: Upgrade 4.7.2 -> 4.8.0
python3-croniter: Upgrade 1.0.8 -> 1.0.9
python3-pyperf: Upgrade 2.1.0 -> 2.2.0
python3-lazy-object-proxy: Upgrade 1.5.2 -> 1.6.0
python3-prompt-toolkit: Upgrade 3.0.17 -> 3.0.18
python3-configshell-fb: Upgrade 1.1.28 -> 1.1.29
python3-backports-functools-lru-cache: Upgrade 1.6.1 -> 1.6.3
python3-pytest-helpers-namespace: Upgrade 2019.1.8 -> 2021.3.24
python3-elementpath: Upgrade 2.2.0 -> 2.2.1
python3-alembic: Upgrade 1.5.7 -> 1.5.8
python3-rfc3339-validator: Upgrade 0.1.2 -> 0.1.3
python3-pyflakes: Upgrade 2.3.0 -> 2.3.1
python3-pint: Upgrade 0.16.1 -> 0.17
python3-flask-sqlalchemy: Upgrade 2.4.4 -> 2.5.1
python3-django: Upgrade 3.1.1 -> 3.1.7
python3-djangorestframework: Upgrade 3.12.2 -> 3.12.3
python3-ruamel-yaml: Upgrade 0.16.13 -> 0.17.0
python3-bitarray: Upgrade 1.8.0 -> 1.8.1
python3-sqlalchemy: Upgrade 1.4.2 -> 1.4.3
python3-xmlschema: Upgrade 1.5.1 -> 1.5.3
python3-croniter: Upgrade 1.0.9 -> 1.0.10
python3-astroid: Upgrade 2.5.1 -> 2.5.2
python3-pyroute2: Upgrade 0.5.14 -> 0.5.15
python3-coverage: Upgrade 5.4 -> 5.5
python3-gunicorn: Upgrade 20.0.4 -> 20.1.0
python3-djangorestframework: Upgrade 3.12.3 -> 3.12.4
python3-ipython: Upgrade 7.21.0 -> 7.22.0
python3-openpyxl: Upgrade 3.0.6 -> 3.0.7
python3-ruamel-yaml: Upgrade 0.17.0 -> 0.17.2
python3-sqlalchemy: Upgrade 1.4.3 -> 1.4.4
python3-bitarray: Upgrade 1.8.1 -> 1.8.2
python3-httplib2: Upgrade 0.19.0 -> 0.19.1
python3-parso: Upgrade 0.8.1 -> 0.8.2
python3-matplotlib: Upgrade 3.3.4 -> 3.4.1
python3-pyroute2: Upgrade 0.5.15 -> 0.5.16
python3-h5py: Upgrade 3.1.0 -> 3.2.1
python3-cheetah: Upgrade 3.2.6 -> 3.2.6.post1
python3-google-api-python-client: Upgrade 2.0.2 -> 2.1.0
python3-xlsxwriter: Upgrade 1.3.7 -> 1.3.8
python3-pymisp: Upgrade 2.4.140 -> 2.4.141
python3-tqdm: Upgrade 4.58.0 -> 4.59.0
python3-contextlib2: Upgrade 0.6.0 -> 0.6.0.post1
python3-typeguard: Upgrade 2.11.1 -> 2.12.0
python3-decorator: Upgrade 4.4.2 -> 5.0.1
python3-pillow: Upgrade 8.1.2 -> 8.2.0
python3-aiohttp: Upgrade 3.7.4 -> 3.7.4.post0
python3-networkx: Upgrade 2.5 -> 2.5.1
python3-pysonos: Upgrade 0.0.40 -> 0.0.41
python3-docutils: Upgrade 0.16 -> 0.17
python3-bitarray: Upgrade 1.8.2 -> 1.9.0
python3-regex: Upgrade 2021.3.17 -> 2021.4.4
python3-sqlalchemy: Upgrade 1.4.4 -> 1.4.5
python3-pychromecast: Upgrade 9.1.1 -> 9.1.2
python3-decorator: Upgrade 5.0.1 -> 5.0.5
python3-pymisp: Upgrade 2.4.141 -> 2.4.141.1
python3-pyroute2: Upgrade 0.5.16 -> 0.5.17
python3-transitions: Upgrade 0.8.7 -> 0.8.8
python3-sqlalchemy: Upgrade 1.4.5 -> 1.4.6
python3-bitarray: Upgrade 1.9.0 -> 1.9.1
python3-pysonos: Upgrade 0.0.41 -> 0.0.42
python3-django: Upgrade 3.1.7 -> 3.2
python3-tqdm: Upgrade 4.59.0 -> 4.60.0
python3-xmlschema: Upgrade 1.5.3 -> 1.6.0
python3-ruamel-yaml: Upgrade 0.17.2 -> 0.17.4
python3-croniter: Upgrade 1.0.10 -> 1.0.11
python3-decorator: Upgrade 5.0.5 -> 5.0.6
python3-grpcio-tools: Upgrade 1.36.1 -> 1.37.0
python3-speedtest-cli: Upgrade 2.1.2 -> 2.1.3
python3-python-vlc: Upgrade 3.0.11115 -> 3.0.12117
python3-robotframework: Upgrade 4.0 -> 4.0.1
python3-grpcio: Upgrade 1.36.1 -> 1.37.0
python3-cerberus: Upgrade 1.3.2 -> 1.3.3
python3-humanize: Upgrade 3.3.0 -> 3.4.0
python3-monotonic: Upgrade 1.5 -> 1.6
python3-sqlalchemy: Upgrade 1.4.6 -> 1.4.7
python3-typed-ast: Upgrade 1.4.2 -> 1.4.3
python3-backports-functools-lru-cache: Upgrade 1.6.3 -> 1.6.4
python3-xmlschema: Upgrade 1.6.0 -> 1.6.1
python3-pyroute2: Upgrade 0.5.17 -> 0.5.18
python3-sympy: Upgrade 1.7.1 -> 1.8
python3-pandas: Upgrade 1.2.3 -> 1.2.4
python3-humanize: Upgrade 3.4.0 -> 3.4.1
python3-decorator: Upgrade 5.0.6 -> 5.0.7
python3-colorlog: Upgrade 4.8.0 -> 5.0.1
python3-google-api-python-client: Upgrade 2.1.0 -> 2.2.0
python3-croniter: Upgrade 1.0.11 -> 1.0.12
python3-pysonos: Upgrade 0.0.42 -> 0.0.43
python3-asttokens: Upgrade 2.0.4 -> 2.0.5
python3-hyperframe: Upgrade 6.0.0 -> 6.0.1
Luca Boccassi (3):
cryptsetup: depend on new util-linux-uuid to break cycle
dbus-broker: upgrade 26 -> 27
dbus-broker: upgrade 27 -> 28
Marius Kriegerowski (1):
tmate: add recipe version 2.4.0
Martin Jansa (25):
glog: fix searching for Libunwind
ceres-solver: prevent fetching git hook during do_configure
packagegroup-meta-oe: include abseil-cpp for all architectures
packagegroup-meta-oe: include nodejs without meta-python2 conditional
packagegroup-meta-oe: move the packages depending on meta-python2 to separate packages
mysql-python, lio-utils, openlmi-tools: add conditional PNBLACKLIST like meta-python2 does
conf/layer.conf: include .bbappend files in BBFILES_DYNAMIC
open-vm-tools: move to meta-networking
packagegroup-meta-{oe,multimedia}: move pipewire to the right packagegroup
packagegroup-meta-multimedia: include projucer only with x11 in DISTRO_FEATURES
packagegroup-meta-multimedia: include vlc only with x11 in DISTRO_FEATURES
packagegroup-meta-oe: include glfw, icewm, geis only with x11 in DISTRO_FEATURES
phonet-utils: remove
packagegroup-meta-oe: use 4 spaces for identation
telepathy-glib: respect GI_DATA_ENABLED when enabling vala-bindings
uml-utilities: fix installed-vs-shipped with usrmerge
libsmi: use /bin/sh instead of ${base_bindir}/sh to silence QA error with usrmerge
libyui: switch to libyui-old repo which still has this SRCREV
libyui(-ncurses): upgrade to 4.1.1, libyui repo was rewritten completely
android-tools: use PN instead of BPN in RDEPENDS
pidgin-sipe: fix g_memdup2 changes to be backwards compatible with glib-1.67
pidgin: upgrade to 2.14.2
opencv: fetch wechat_qrcode files used by dnn PACKAGECONFIG
opencv: link sfm module with Glog
ostree: switch from default master branch to main to fix do_fetch failure
Matteo Croce (1):
libbpf: use pkg-config
Michael Vetter (1):
jasper: upgrade 2.0.25 -> 2.0.26
Ming Liu (1):
atftp: move atftpd.init from files to atftp subdirectory
Mingli Yu (10):
geoip: Switch to use the main branch
geoip-perl: Switch to use the main branch
bridge-utils: Switch to use the main branch
netkit-telnet: Update SRC_URI
quagga: Update SRC_URI
hostapd: fix CVE-2019-5061
freeradius: Upgrade to 3.0.21
hostapd: fix CVE-2021-0326 and CVE-2021-27803
php: Upgrade to 7.4.16
python3-cryptography: Upgrade to 3.3.2
Naveen Saini (2):
tbb: upgrade 2020.3 -> 2021.2.0
ocl-icd: upgrade 2.2.14 -> 2.3.0
Nisha Parrakat (1):
neon: use pkg-config instead of xml2-config to configure
Oleksandr Kravchuk (10):
ipset: update to 7.11
libnice: update to 0.1.18
nbdkit: update to 1.25.3
python3-bitarray: update to 1.7.0
python3-google-api-python-client: update to 2.0.2
python3-jsonpatch: update to 1.31
python3-websocket-client: update to 0.58.0
python3-robotframework: update to 4.0
python3-sentry-sdk: update to 1.0.0
aom: update to 3.0.0
Peace Lee (2):
guider: Upgrade 3.9.7 -> 3.9.8
guider: Upgrade 3.9.7 -> 3.9.8
Persian Prince (1):
tinymembench: Correct PV
Philip Balister (1):
fftw: Add support for ptest.
Randy MacLeod (8):
gperftools: upgrade 2.8.1 -> 2.9.1
zabbix: upgrade 4.4.6 -> 5.2.5
nss: upgrade 3.60.1 -> 3.62
xterm: upgrade 362 -> 366
zstd: remove the recipe since it moved to oe-core
tclap: upgrade 1.2.2 -> 1.4.0
doxygen: Upgrade 1.8.20 -> 1.9.1
open-vm-tools: upgrade 11.0.1 -> 11.2.5
Ross Burton (4):
libxmlb: upgrade to 0.3.0
flashrom: recipe cleanup
openjpeg: add native/nativesdk class extension
fwts: upgrade to 21.03.00
Sakib Sajal (1):
grpc: upgrade 1.36.1 -> 1.36.2
Sam Van Den Berge (1):
libiio: fix build when python bindings are enabled
Sana Kazi (1):
mdns: Whitelisted CVE-2007-0613 for mdns
Sinan Kaya (1):
zram: add support for mem_limit
Stefan Ghinea (2):
hostapd: fix CVE-2021-30004
python3-django: fix CVE-2021-28658
Stefan Schmidt (2):
musl-rpmatch_git.bb: add new recipe to provide rpmatch() for musl libc builds
plymouth_0.9.5.bb: allow building with musl libc
Ulrich Ölmann (1):
v4l-utils: fix reproducibility
Valentin Longchamp (1):
libssh: add gcrypt to PACKAGECONFIG
Vinicius Aquino (1):
networkmanager: upgrade 1.28.0 -> 1.30.2
Vinícius Ossanes Aquino (2):
modemmanager: upgrade 1.14.10 -> 1.16.2
libqmi: upgrade 1.26.6 -> 1.28.2
Wang Mingyu (3):
czmq: Conflict resolution for sha1.h
python3-lxml: upgrade 4.6.2 -> 4.6.3
python3-zopeinterface: upgrade 5.2.0 -> 5.3.0
Yann Dirson (1):
mpv: remove explicit LICENSE_FLAGS
Yi Fan Yu (7):
librelp: update 1.6.0 -> 1.10.0
rsyslog: Fix rsyslog systemd service not starting
rsyslog: fix some of the ptests
redis: upgrade 6.0.9 -> 6.2.1
syslog-ng: upgrade 3.24.1 -> 3.31.2
syslog-ng: remove CONFIG_TLS override for arm DEBUG_BUILD
syslog-ng: Drop an obsolete patch to add --enable-libnet
Yi Zhao (3):
quagga: do not set PIDFile in service files
tclap: add pkg-config file
gvfs: rdepend on gsettings-desktop-schemas
Zang Ruochen (1):
gtkwave: upgrade 3.3.104 -> 3.3.108
akuster (1):
README: updated Maintainers list for Hardknott
hasan.men (2):
librdkafka: Add initial recipe v1.6.1
libcppkafka: Add initial recipe for cppkafka wrapper
persianpros (5):
PEP8 double aggressive E701, E70 and E502
PEP8 double aggressive E20 and E211
PEP8 double aggressive E22, E224, E241, E242 and E27
PEP8 double aggressive E301 ~ E306
PEP8 double aggressive W291 ~ W293 and W391
wangmy (2):
mariadb: upgrade 10.5.8 -> 10.5.9
uftrace: Fix error on aarch64 when binutils update to 2.35.1
zangrc (38):
dovecot: upgrade 2.3.13 -> 2.3.14
fetchmail: upgrade 6.4.16 -> 6.4.17
dialog: upgrade 1.3-20210117 -> 1.3-20210306
fio: upgrade 3.25 -> 3.26
xorriso: upgrade 1.5.3 -> 1.5.5
iscsi-initiator-utils: upgrade 2.1.3 -> 2.1.4
mosquitto: upgrade 2.0.8 -> 2.0.9
nbdkit: upgrade 1.25.3 -> 1.25.4
wireguard-tools: upgrade 1.0.20210223 -> 1.0.20210315
wireshark: upgrade 3.4.3 -> 3.4.4
live555: upgrade 20210129 -> 20210322
mg: upgrade 20200723 -> 20210314
nanopb: upgrade 0.4.4 -> 0.4.5
nss: upgrade 3.62 -> 3.63
uriparser: upgrade 0.9.4 -> 0.9.5
gnome-autoar: upgrade 0.2.4 -> 0.3.1
emacs: upgrade 27.1 -> 27.2
fbgrab: upgrade 1.4 -> 1.5
ostree: upgrade 2020.8 -> 2021.1
zabbix: upgrade 5.2.5 -> 5.2.6
libxaw: upgrade 1.0.13 -> 1.0.14
mosquitto: upgrade 2.0.9 -> 2.0.10
nbdkit: upgrade 1.25.4 -> 1.25.5
stunnel: upgrade 5.58 -> 5.59
usbredir: upgrade 0.8.0 -> 0.9.0
hwdata: upgrade 0.345 -> 0.346
live555: upgrade 20210322 -> 20210406
rabbitmq-c: upgrade 0.10.0 -> 0.11.0
xterm: upgrade 366 -> 367
fuse3: upgrade 3.10.2 -> 3.10.3
cifs-utils: upgrade 6.12 -> 6.13
dnsmasq: upgrade 2.84 -> 2.85
nbdkit: upgrade 1.25.5 -> 1.25.6
wolfssl: upgrade 4.7.0 -> 4.7.1
networkmanager: upgrade 1.30.2 -> 1.30.4
libdvdread: upgrade 6.1.1 -> 6.1.2
redis: upgrade 6.2.1 -> 6.2.2
nss: upgrade 3.63 -> 3.64
zhengruoqin (21):
phpmyadmin: upgrade 5.0.4 -> 5.1.0
uthash: upgrade 2.2.0 -> 2.3.0
gd: upgrade 2.3.1 -> 2.3.2
openocd: upgrade 0.10 -> 0.11
satyr: upgrade 0.36 -> 0.37
libcrypt-openssl-guess-perl: upgrade 0.11 -> 0.12
cryptsetup: upgrade 2.3.4 -> 2.3.5
glmark2: upgrade 20201114 -> 2021.02
grpc: upgrade 1.36.2 -> 1.36.3
dialog: upgrade 1.3-20210306 -> 1.3-20210319
grpc: upgrade 1.36.3 -> 1.36.4
libgee: upgrade 0.20.3 -> 0.20.4
fetchmail: upgrade 6.4.17 -> 6.4.18
lldpd: upgrade 1.0.4 -> 1.0.8
networkmanager-openvpn: upgrade 1.8.12 -> 1.8.14
snort: upgrade 2.9.17 -> 2.9.17.1
python3-absl: upgrade 0.10.0 -> 0.12.0
python3-astroid: upgrade 2.5.2 -> 2.5.3
python3-bitarray: upgrade 1.9.1 -> 1.9.2
irssi: upgrade 1.2.2 -> 1.2.3
librsync: upgrade 2.3.1 -> 2.3.2
meta-security: 775870980b..c6b1eec0e5:
Anton Antonov (5):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
gitlab-ci: Move all parsec builds into a separate job
Armin Kuster (25):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
kas-security-base: change branch to hardknott
kas-security-base: add hardknott local dirs
kas-security-base: Move some DISTRO_FEATURES around
*-tpm.yml: drop tpms jobs
gitlab-ci: move tpm build
.gitlab-ci: work on pipelime
gitlab-ci: cleanup after_script
gitlab-ci: add new before script
kas: cleanup some kas files
packagegroup-core-security: exclude apparmor in mips64
.gitlab-ci: use kas shell in some cases.
kas-security-base: fix feature namespace for tpm*
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I635e69c9d74af0c553cad5eadd972f26830c7add
Diffstat (limited to 'poky')
169 files changed, 4669 insertions, 309 deletions
diff --git a/poky/bitbake/bin/bitbake-server b/poky/bitbake/bin/bitbake-server index ffbc7894ef..65796be747 100755 --- a/poky/bitbake/bin/bitbake-server +++ b/poky/bitbake/bin/bitbake-server @@ -26,7 +26,7 @@ readypipeinfd = int(sys.argv[3]) logfile = sys.argv[4] lockname = sys.argv[5] sockname = sys.argv[6] -timeout = sys.argv[7] +timeout = float(sys.argv[7]) xmlrpcinterface = (sys.argv[8], int(sys.argv[9])) if xmlrpcinterface[0] == "None": xmlrpcinterface = (None, xmlrpcinterface[1]) diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py index e3ba80a3f5..cf7424ebf4 100644 --- a/poky/bitbake/lib/bb/fetch2/git.py +++ b/poky/bitbake/lib/bb/fetch2/git.py @@ -394,7 +394,7 @@ class Git(FetchMethod): tmpdir = tempfile.mkdtemp(dir=d.getVar('DL_DIR')) try: # Do the checkout. This implicitly involves a Git LFS fetch. - self.unpack(ud, tmpdir, d) + Git.unpack(self, ud, tmpdir, d) # Scoop up a copy of any stuff that Git LFS downloaded. Merge them into # the bare clonedir. diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index cd56a55472..6c41fe6d43 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -2030,8 +2030,6 @@ class RunQueueExecute: logger.debug("%s didn't become valid, skipping setscene" % nexttask) self.sq_task_failoutright(nexttask) return True - else: - self.sqdata.outrightfail.remove(nexttask) if nexttask in self.sqdata.outrightfail: logger.debug2('No package found, so skipping setscene task %s', nexttask) self.sq_task_failoutright(nexttask) @@ -2296,10 +2294,16 @@ class RunQueueExecute: self.updated_taskhash_queue.remove((tid, unihash)) if unihash != self.rqdata.runtaskentries[tid].unihash: - hashequiv_logger.verbose("Task %s unihash changed to %s" % (tid, unihash)) - self.rqdata.runtaskentries[tid].unihash = unihash - bb.parse.siggen.set_unihash(tid, unihash) - toprocess.add(tid) + # Make sure we rehash any other tasks with the same task hash that we're deferred against. + torehash = [tid] + for deftid in self.sq_deferred: + if self.sq_deferred[deftid] == tid: + torehash.append(deftid) + for hashtid in torehash: + hashequiv_logger.verbose("Task %s unihash changed to %s" % (hashtid, unihash)) + self.rqdata.runtaskentries[hashtid].unihash = unihash + bb.parse.siggen.set_unihash(hashtid, unihash) + toprocess.add(hashtid) # Work out all tasks which depend upon these total = set() @@ -2827,6 +2831,8 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s sqdata.stamppresent.remove(tid) if tid in sqdata.valid: sqdata.valid.remove(tid) + if tid in sqdata.outrightfail: + sqdata.outrightfail.remove(tid) noexec, stamppresent = check_setscene_stamps(tid, rqdata, rq, stampcache, noexecstamp=True) @@ -2845,6 +2851,7 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s sqdata.valid |= rq.validate_hashes(tocheck, cooker.data, len(sqdata.stamppresent), False, summary=summary) sqdata.hashes = {} + sqrq.sq_deferred = {} for mc in sorted(sqdata.multiconfigs): for tid in sorted(sqdata.sq_revdeps): if mc_from_tid(tid) != mc: @@ -2857,10 +2864,13 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s continue if tid in sqrq.scenequeue_notcovered: continue - sqdata.outrightfail.add(tid) + if tid in sqrq.scenequeue_covered: + continue h = pending_hash_index(tid, rqdata) if h not in sqdata.hashes: + if tid in tids: + sqdata.outrightfail.add(tid) sqdata.hashes[h] = tid else: sqrq.sq_deferred[tid] = sqdata.hashes[h] diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py index b27b4aefe0..3e99bcef8f 100644 --- a/poky/bitbake/lib/bb/server/process.py +++ b/poky/bitbake/lib/bb/server/process.py @@ -509,7 +509,7 @@ class BitBakeServer(object): os.set_inheritable(self.bitbake_lock.fileno(), True) os.set_inheritable(self.readypipein, True) serverscript = os.path.realpath(os.path.dirname(__file__) + "/../../../bin/bitbake-server") - os.execl(sys.executable, "bitbake-server", serverscript, "decafbad", str(self.bitbake_lock.fileno()), str(self.readypipein), self.logfile, self.bitbake_lock.name, self.sockname, str(self.server_timeout), str(self.xmlrpcinterface[0]), str(self.xmlrpcinterface[1])) + os.execl(sys.executable, "bitbake-server", serverscript, "decafbad", str(self.bitbake_lock.fileno()), str(self.readypipein), self.logfile, self.bitbake_lock.name, self.sockname, str(self.server_timeout or 0), str(self.xmlrpcinterface[0]), str(self.xmlrpcinterface[1])) def execServer(lockfd, readypipeinfd, lockname, sockname, server_timeout, xmlrpcinterface): diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index ddf6e97439..b921a952e4 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -390,6 +390,7 @@ class FetcherTest(unittest.TestCase): if os.environ.get("BB_TMPDIR_NOCLEAN") == "yes": print("Not cleaning up %s. Please remove manually." % self.tempdir) else: + bb.process.run('chmod u+rw -R %s' % self.tempdir) bb.utils.prunedir(self.tempdir) class MirrorUriTest(FetcherTest): @@ -679,6 +680,8 @@ class FetcherLocalTest(FetcherTest): prefix='gitfetch_localusehead_') src_dir = os.path.abspath(src_dir) bb.process.run("git init", cwd=src_dir) + bb.process.run("git config user.email 'you@example.com'", cwd=src_dir) + bb.process.run("git config user.name 'Your Name'", cwd=src_dir) bb.process.run("git commit --allow-empty -m'Dummy commit'", cwd=src_dir) # Use other branch than master @@ -705,6 +708,8 @@ class FetcherLocalTest(FetcherTest): prefix='gitfetch_localusehead_') src_dir = os.path.abspath(src_dir) bb.process.run("git init", cwd=src_dir) + bb.process.run("git config user.email 'you@example.com'", cwd=src_dir) + bb.process.run("git config user.name 'Your Name'", cwd=src_dir) bb.process.run("git commit --allow-empty -m'Dummy commit'", cwd=src_dir) # Use other branch than master @@ -1390,6 +1395,8 @@ class GitMakeShallowTest(FetcherTest): self.gitdir = os.path.join(self.tempdir, 'gitshallow') bb.utils.mkdirhier(self.gitdir) bb.process.run('git init', cwd=self.gitdir) + bb.process.run('git config user.email "you@example.com"', cwd=self.gitdir) + bb.process.run('git config user.name "Your Name"', cwd=self.gitdir) def assertRefs(self, expected_refs): actual_refs = self.git(['for-each-ref', '--format=%(refname)']).splitlines() @@ -1513,6 +1520,8 @@ class GitShallowTest(FetcherTest): bb.utils.mkdirhier(self.srcdir) self.git('init', cwd=self.srcdir) + self.git('config user.email "you@example.com"', cwd=self.srcdir) + self.git('config user.name "Your Name"', cwd=self.srcdir) self.d.setVar('WORKDIR', self.tempdir) self.d.setVar('S', self.gitdir) self.d.delVar('PREMIRRORS') @@ -1594,6 +1603,7 @@ class GitShallowTest(FetcherTest): # fetch and unpack, from the shallow tarball bb.utils.remove(self.gitdir, recurse=True) + bb.process.run('chmod u+w -R "%s"' % ud.clonedir) bb.utils.remove(ud.clonedir, recurse=True) bb.utils.remove(ud.clonedir.replace('gitsource', 'gitsubmodule'), recurse=True) @@ -1746,6 +1756,8 @@ class GitShallowTest(FetcherTest): smdir = os.path.join(self.tempdir, 'gitsubmodule') bb.utils.mkdirhier(smdir) self.git('init', cwd=smdir) + self.git('config user.email "you@example.com"', cwd=smdir) + self.git('config user.name "Your Name"', cwd=smdir) # Make this look like it was cloned from a remote... self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) @@ -1776,6 +1788,8 @@ class GitShallowTest(FetcherTest): smdir = os.path.join(self.tempdir, 'gitsubmodule') bb.utils.mkdirhier(smdir) self.git('init', cwd=smdir) + self.git('config user.email "you@example.com"', cwd=smdir) + self.git('config user.name "Your Name"', cwd=smdir) # Make this look like it was cloned from a remote... self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) @@ -1818,8 +1832,8 @@ class GitShallowTest(FetcherTest): self.git('annex init', cwd=self.srcdir) open(os.path.join(self.srcdir, 'c'), 'w').close() self.git('annex add c', cwd=self.srcdir) - self.git('commit -m annex-c -a', cwd=self.srcdir) - bb.process.run('chmod u+w -R %s' % os.path.join(self.srcdir, '.git', 'annex')) + self.git('commit --author "Foo Bar <foo@bar>" -m annex-c -a', cwd=self.srcdir) + bb.process.run('chmod u+w -R %s' % self.srcdir) uri = 'gitannex://%s;protocol=file;subdir=${S}' % self.srcdir fetcher, ud = self.fetch_shallow(uri) @@ -2094,6 +2108,8 @@ class GitLfsTest(FetcherTest): bb.utils.mkdirhier(self.srcdir) self.git('init', cwd=self.srcdir) + self.git('config user.email "you@example.com"', cwd=self.srcdir) + self.git('config user.name "Your Name"', cwd=self.srcdir) with open(os.path.join(self.srcdir, '.gitattributes'), 'wt') as attrs: attrs.write('*.mp3 filter=lfs -text') self.git(['add', '.gitattributes'], cwd=self.srcdir) diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 5a2e25f7b2..a764ea4dea 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -16,7 +16,7 @@ import os import sys import datetime -current_version = "dev" +current_version = "3.3.1" # String used in sidebar version = 'Version: ' + current_version diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index 8ccb359e0f..a273de3295 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,12 +1,12 @@ -DISTRO : "3.2.3" -DISTRO_NAME_NO_CAP : "gatesgarth" -DISTRO_NAME : "Gatesgarth" -DISTRO_NAME_NO_CAP_MINUS_ONE : "dunfell" -DISTRO_NAME_NO_CAP_LTS : "dunfell" -YOCTO_DOC_VERSION : "3.2.3" -YOCTO_DOC_VERSION_MINUS_ONE : "3.1.6" -DISTRO_REL_TAG : "yocto-3.2.3" -POKYVERSION : "24.0.3" +DISTRO : "3.3.1" +DISTRO_NAME_NO_CAP : "hardknott" +DISTRO_NAME : "Hardknott" +DISTRO_NAME_NO_CAP_MINUS_ONE : "gatesgarth" +DISTRO_NAME_NO_CAP_LTS : "gatesgarth" +YOCTO_DOC_VERSION : "3.3.1" +YOCTO_DOC_VERSION_MINUS_ONE : "3.2.4" +DISTRO_REL_TAG : "yocto-3.3.1" +POKYVERSION : "25.0.1" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index 6a65b9fb34..daf8912799 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -5,6 +5,14 @@ ========================= ******************************* +3.3 'hardknott' Release Series +******************************* + +- :yocto_docs:`3.3 Documentation </3.3>` +- :yocto_docs:`3.3.1 Documentation </3.3.1>` + + +******************************* 3.2 'gatesgarth' Release Series ******************************* @@ -12,6 +20,7 @@ - :yocto_docs:`3.2.1 Documentation </3.2.1>` - :yocto_docs:`3.2.2 Documentation </3.2.2>` - :yocto_docs:`3.2.3 Documentation </3.2.3>` +- :yocto_docs:`3.2.4 Documentation </3.2.4>` **************************** 3.1 'dunfell' Release Series diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index c098b30261..dac8f4d155 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.3" +DISTRO_VERSION = "3.3.1" DISTRO_CODENAME = "hardknott" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 858507b343..a3962306b1 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -118,7 +118,7 @@ python () { d.appendVarFlag('do_deploy_archives', 'depends', ' %s:do_ar_patched' % pn) elif ar_src == "configured": # We can't use "addtask do_ar_configured after do_configure" since it - # will cause the deptask of do_populate_sysroot to run not matter what + # will cause the deptask of do_populate_sysroot to run no matter what # archives we need, so we add the depends here. # There is a corner case with "gcc-source-${PV}" recipes, they don't have @@ -163,7 +163,7 @@ python () { d.appendVarFlag('do_package_write_rpm', 'depends', ' %s:do_ar_configured' % pn) } -# Take all the sources for a recipe and puts them in WORKDIR/archiver-work/. +# Take all the sources for a recipe and put them in WORKDIR/archiver-work/. # Files in SRC_URI are copied directly, anything that's a directory # (e.g. git repositories) is "unpacked" and then put into a tarball. python do_ar_original() { @@ -463,7 +463,7 @@ python do_unpack_and_patch() { ar_sysroot_native = d.getVar('STAGING_DIR_NATIVE') pn = d.getVar('PN') - # The kernel class functions require it to be on work-shared, so we dont change WORKDIR + # The kernel class functions require it to be on work-shared, so we don't change WORKDIR if not is_work_shared(d): # Change the WORKDIR to make do_unpack do_patch run in another dir. d.setVar('WORKDIR', ar_workdir) @@ -505,7 +505,7 @@ python do_unpack_and_patch() { # of the output file ensures that we create it each time the recipe # gets rebuilt, at least as long as a PR server is used. We also rely # on that mechanism to catch changes in the file content, because the -# file content is not part of of the task signature either. +# file content is not part of the task signature either. do_ar_recipe[vardepsexclude] += "BBINCLUDED" python do_ar_recipe () { """ diff --git a/poky/meta/classes/cmake.bbclass b/poky/meta/classes/cmake.bbclass index 8876ce5aa5..f01db7480b 100644 --- a/poky/meta/classes/cmake.bbclass +++ b/poky/meta/classes/cmake.bbclass @@ -149,16 +149,14 @@ addtask generate_toolchain_file after do_patch before do_configure CONFIGURE_FILES = "CMakeLists.txt" +do_configure[cleandirs] = "${@d.getVar('B') if d.getVar('S') != d.getVar('B') else ''}" + cmake_do_configure() { if [ "${OECMAKE_BUILDPATH}" ]; then bbnote "cmake.bbclass no longer uses OECMAKE_BUILDPATH. The default behaviour is now out-of-tree builds with B=WORKDIR/build." fi - if [ "${S}" != "${B}" ]; then - rm -rf ${B} - mkdir -p ${B} - cd ${B} - else + if [ "${S}" = "${B}" ]; then find ${B} -name CMakeFiles -or -name Makefile -or -name cmake_install.cmake -or -name CMakeCache.txt -delete fi diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 54cc7edbae..3d6b80bee2 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -217,11 +217,10 @@ def srctree_hash_files(d, srcdir=None): env['GIT_INDEX_FILE'] = tmp_index.name subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env) git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8") - submodule_helper = subprocess.check_output(['git', 'submodule', 'status'], cwd=s_dir, env=env).decode("utf-8") + submodule_helper = subprocess.check_output(['git', 'submodule--helper', 'list'], cwd=s_dir, env=env).decode("utf-8") for line in submodule_helper.splitlines(): - module_relpath = line.split()[1] - if not module_relpath.split('/')[0] == '..': - module_dir = os.path.join(s_dir, module_relpath) + module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1]) + if os.path.isdir(module_dir): proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) proc.communicate() proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL) diff --git a/poky/meta/classes/image.bbclass b/poky/meta/classes/image.bbclass index 013455f492..353cc67175 100644 --- a/poky/meta/classes/image.bbclass +++ b/poky/meta/classes/image.bbclass @@ -657,7 +657,7 @@ reproducible_final_image_task () { fi # Set mtime of all files to a reproducible value bbnote "reproducible_final_image_task: mtime set to $REPRODUCIBLE_TIMESTAMP_ROOTFS" - find ${IMAGE_ROOTFS} -exec touch -h --date=@$REPRODUCIBLE_TIMESTAMP_ROOTFS {} \; + find ${IMAGE_ROOTFS} -print0 | xargs -0 touch -h --date=@$REPRODUCIBLE_TIMESTAMP_ROOTFS fi } diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index fa05fc055b..763d5f1da2 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -176,7 +176,7 @@ def package_qa_check_useless_rpaths(file, name, d, elf, messages): if rpath_eq(rpath, libdir) or rpath_eq(rpath, base_libdir): # The dynamic linker searches both these places anyway. There is no point in # looking there again. - package_qa_add_message(messages, "useless-rpaths", "%s: %s contains probably-redundant RPATH %s" % (name, package_qa_clean_path(file, d), rpath)) + package_qa_add_message(messages, "useless-rpaths", "%s: %s contains probably-redundant RPATH %s" % (name, package_qa_clean_path(file, d, name), rpath)) QAPATHTEST[dev-so] = "package_qa_check_dev" def package_qa_check_dev(path, name, d, elf, messages): @@ -185,8 +185,8 @@ def package_qa_check_dev(path, name, d, elf, messages): """ if not name.endswith("-dev") and not name.endswith("-dbg") and not name.endswith("-ptest") and not name.startswith("nativesdk-") and path.endswith(".so") and os.path.islink(path): - package_qa_add_message(messages, "dev-so", "non -dev/-dbg/nativesdk- package contains symlink .so: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + package_qa_add_message(messages, "dev-so", "non -dev/-dbg/nativesdk- package %s contains symlink .so '%s'" % \ + (name, package_qa_clean_path(path, d, name))) QAPATHTEST[dev-elf] = "package_qa_check_dev_elf" def package_qa_check_dev_elf(path, name, d, elf, messages): @@ -196,8 +196,8 @@ def package_qa_check_dev_elf(path, name, d, elf, messages): install link-time .so files that are linker scripts. """ if name.endswith("-dev") and path.endswith(".so") and not os.path.islink(path) and elf: - package_qa_add_message(messages, "dev-elf", "-dev package contains non-symlink .so: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + package_qa_add_message(messages, "dev-elf", "-dev package %s contains non-symlink .so '%s'" % \ + (name, package_qa_clean_path(path, d, name))) QAPATHTEST[staticdev] = "package_qa_check_staticdev" def package_qa_check_staticdev(path, name, d, elf, messages): @@ -210,7 +210,7 @@ def package_qa_check_staticdev(path, name, d, elf, messages): if not name.endswith("-pic") and not name.endswith("-staticdev") and not name.endswith("-ptest") and path.endswith(".a") and not path.endswith("_nonshared.a") and not '/usr/lib/debug-static/' in path and not '/.debug-static/' in path: package_qa_add_message(messages, "staticdev", "non -staticdev package contains static .a library: %s path '%s'" % \ - (name, package_qa_clean_path(path,d))) + (name, package_qa_clean_path(path,d, name))) QAPATHTEST[mime] = "package_qa_check_mime" def package_qa_check_mime(path, name, d, elf, messages): diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass index 15c8dbb81f..30f07de4ca 100644 --- a/poky/meta/classes/kernel-yocto.bbclass +++ b/poky/meta/classes/kernel-yocto.bbclass @@ -378,7 +378,7 @@ do_kernel_checkout() { # checkout and clobber any unimportant files git checkout -f ${machine_branch} } -do_kernel_checkout[dirs] = "${S}" +do_kernel_checkout[dirs] = "${S} ${WORKDIR}" addtask kernel_checkout before do_kernel_metadata after do_symlink_kernsrc addtask kernel_metadata after do_validate_branches do_unpack before do_patch diff --git a/poky/meta/classes/license_image.bbclass b/poky/meta/classes/license_image.bbclass index c96b032ebd..73cebb4d55 100644 --- a/poky/meta/classes/license_image.bbclass +++ b/poky/meta/classes/license_image.bbclass @@ -1,3 +1,5 @@ +ROOTFS_LICENSE_DIR = "${IMAGE_ROOTFS}/usr/share/common-licenses" + python write_package_manifest() { # Get list of installed packages license_image_dir = d.expand('${LICENSE_DIRECTORY}/${IMAGE_NAME}') @@ -104,8 +106,7 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): copy_lic_manifest = d.getVar('COPY_LIC_MANIFEST') copy_lic_dirs = d.getVar('COPY_LIC_DIRS') if rootfs and copy_lic_manifest == "1": - rootfs_license_dir = os.path.join(d.getVar('IMAGE_ROOTFS'), - 'usr', 'share', 'common-licenses') + rootfs_license_dir = d.getVar('ROOTFS_LICENSE_DIR') bb.utils.mkdirhier(rootfs_license_dir) rootfs_license_manifest = os.path.join(rootfs_license_dir, os.path.split(license_manifest)[1]) @@ -143,12 +144,13 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): continue # Make sure we use only canonical name for the license file - rootfs_license = os.path.join(rootfs_license_dir, "generic_%s" % generic_lic) + generic_lic_file = "generic_%s" % generic_lic + rootfs_license = os.path.join(rootfs_license_dir, generic_lic_file) if not os.path.exists(rootfs_license): oe.path.copyhardlink(pkg_license, rootfs_license) if not os.path.exists(pkg_rootfs_license): - os.symlink(os.path.join('..', lic), pkg_rootfs_license) + os.symlink(os.path.join('..', generic_lic_file), pkg_rootfs_license) else: if (oe.license.license_ok(canonical_license(d, lic), bad_licenses) == False or @@ -267,3 +269,13 @@ python do_populate_lic_deploy() { addtask populate_lic_deploy before do_build after do_image_complete do_populate_lic_deploy[recrdeptask] += "do_populate_lic do_deploy" +python license_qa_dead_symlink() { + import os + + for root, dirs, files in os.walk(d.getVar('ROOTFS_LICENSE_DIR')): + for file in files: + full_path = root + "/" + file + if os.path.islink(full_path) and not os.path.exists(full_path): + bb.error("broken symlink: " + full_path) +} +IMAGE_QA_COMMANDS += "license_qa_dead_symlink" diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index 894f0e3107..a2ac4eeb80 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -392,9 +392,12 @@ def check_connectivity(d): msg = data.getVar('CONNECTIVITY_CHECK_MSG') or "" if len(msg) == 0: msg = "%s.\n" % err - msg += " Please ensure your host's network is configured correctly,\n" - msg += " or set BB_NO_NETWORK = \"1\" to disable network access if\n" - msg += " all required sources are on local disk.\n" + msg += " Please ensure your host's network is configured correctly.\n" + msg += " If your ISP or network is blocking the above URL,\n" + msg += " try with another domain name, for example by setting:\n" + msg += " CONNECTIVITY_CHECK_URIS = \"https://www.yoctoproject.org/\"" + msg += " You could also set BB_NO_NETWORK = \"1\" to disable network\n" + msg += " access if all required sources are on local disk.\n" retval = msg return retval @@ -887,6 +890,8 @@ def check_sanity_everybuild(status, d): status.addresult("Error, you have an invalid character (+) in your COREBASE directory path. Please move the installation to a directory which doesn't include any + characters.") if oeroot.find('@') != -1: status.addresult("Error, you have an invalid character (@) in your COREBASE directory path. Please move the installation to a directory which doesn't include any @ characters.") + if oeroot.find('%') != -1: + status.addresult("Error, you have an invalid character (%) in your COREBASE directory path which causes problems with python string formatting. Please move the installation to a directory which doesn't include any % characters.") if oeroot.find(' ') != -1: status.addresult("Error, you have a space in your COREBASE directory path. Please move the installation to a directory which doesn't include a space since autotools doesn't support this.") diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index a2a2dd18ec..05b79d14c3 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -8,7 +8,7 @@ UNINATIVE_MAXGLIBCVERSION = "2.33" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.0/" -UNINATIVE_CHECKSUM[aarch64] ?= "1c668909098c5b56132067adc69a249cb771f4560428e5822de903a12d97bf33" -UNINATIVE_CHECKSUM[i686] ?= "e6cc2fc056234cffa6a2ff084cce27d544ea3f487a62b5e253351cefd4421900" -UNINATIVE_CHECKSUM[x86_64] ?= "5ec5a9276046e7eceeac749a18b175667384e1f445cd4526300a41404d985a5b" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.1/" +UNINATIVE_CHECKSUM[aarch64] ?= "7fa12b9fe7a95934cc09beb0e8a25ff97179ef3105116015d32548eadd27b024" +UNINATIVE_CHECKSUM[i686] ?= "bbfcdd48336800b5af97e294918c6586a0a8fa903f127f813b0bd5110de8c55c" +UNINATIVE_CHECKSUM[x86_64] ?= "5d0611df544edff6428cef7d871257a91aa6ba1bd92f5365a2df8deb54b6b31e" diff --git a/poky/meta/conf/machine/include/arm/arch-armv6m.inc b/poky/meta/conf/machine/include/arm/arch-armv6m.inc index 739550d005..739550d005 100755..100644 --- a/poky/meta/conf/machine/include/arm/arch-armv6m.inc +++ b/poky/meta/conf/machine/include/arm/arch-armv6m.inc diff --git a/poky/meta/lib/oe/package_manager/__init__.py b/poky/meta/lib/oe/package_manager/__init__.py index 8e7128b195..4d22bc0296 100644 --- a/poky/meta/lib/oe/package_manager/__init__.py +++ b/poky/meta/lib/oe/package_manager/__init__.py @@ -189,7 +189,7 @@ class PackageManager(object, metaclass=ABCMeta): bb.utils.remove(self.intercepts_dir, True) bb.utils.mkdirhier(self.intercepts_dir) for intercept in postinst_intercepts: - bb.utils.copyfile(intercept, os.path.join(self.intercepts_dir, os.path.basename(intercept))) + shutil.copy(intercept, os.path.join(self.intercepts_dir, os.path.basename(intercept))) @abstractmethod def _handle_intercept_failure(self, failed_script): diff --git a/poky/meta/lib/oe/package_manager/deb/sdk.py b/poky/meta/lib/oe/package_manager/deb/sdk.py index 9859d8f32d..f4b0b6510a 100644 --- a/poky/meta/lib/oe/package_manager/deb/sdk.py +++ b/poky/meta/lib/oe/package_manager/deb/sdk.py @@ -65,6 +65,8 @@ class PkgSdk(Sdk): self.target_pm.install_complementary(self.d.getVar('SDKIMAGE_INSTALL_COMPLEMENTARY')) + self.target_pm.run_pre_post_installs() + self.target_pm.run_intercepts(populate_sdk='target') execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_TARGET_COMMAND")) @@ -78,6 +80,8 @@ class PkgSdk(Sdk): self._populate_sysroot(self.host_pm, self.host_manifest) self.install_locales(self.host_pm) + self.host_pm.run_pre_post_installs() + self.host_pm.run_intercepts(populate_sdk='host') execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND")) diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py index 5f81023040..d634adda4e 100644 --- a/poky/meta/lib/oe/rootfs.py +++ b/poky/meta/lib/oe/rootfs.py @@ -305,7 +305,7 @@ class Rootfs(object, metaclass=ABCMeta): def _check_for_kernel_modules(self, modules_dir): for root, dirs, files in os.walk(modules_dir, topdown=True): for name in files: - found_ko = name.endswith(".ko") + found_ko = name.endswith((".ko", ".ko.gz", ".ko.xz")) if found_ko: return found_ko return False diff --git a/poky/meta/lib/oe/terminal.py b/poky/meta/lib/oe/terminal.py index 61c2687ef4..59aa80de66 100644 --- a/poky/meta/lib/oe/terminal.py +++ b/poky/meta/lib/oe/terminal.py @@ -163,7 +163,12 @@ class Tmux(Terminal): # devshells, if it's already there, add a new window to it. window_name = 'devshell-%i' % os.getpid() - self.command = 'tmux new -c "{{cwd}}" -d -s {0} -n {0} "{{command}}"'.format(window_name) + self.command = 'tmux new -c "{{cwd}}" -d -s {0} -n {0} "{{command}}"' + if not check_tmux_version('1.9'): + # `tmux new-session -c` was added in 1.9; + # older versions fail with that flag + self.command = 'tmux new -d -s {0} -n {0} "{{command}}"' + self.command = self.command.format(window_name) Terminal.__init__(self, sh_cmd, title, env, d) attach_cmd = 'tmux att -t {0}'.format(window_name) @@ -253,13 +258,18 @@ def spawn(name, sh_cmd, title=None, env=None, d=None): except OSError: return +def check_tmux_version(desired): + vernum = check_terminal_version("tmux") + if vernum and LooseVersion(vernum) < desired: + return False + return vernum + def check_tmux_pane_size(tmux): import subprocess as sub # On older tmux versions (<1.9), return false. The reason # is that there is no easy way to get the height of the active panel # on current window without nested formats (available from version 1.9) - vernum = check_terminal_version("tmux") - if vernum and LooseVersion(vernum) < '1.9': + if not check_tmux_version('1.9'): return False try: p = sub.Popen('%s list-panes -F "#{?pane_active,#{pane_height},}"' % tmux, diff --git a/poky/meta/lib/oeqa/core/case.py b/poky/meta/lib/oeqa/core/case.py index aae451fef2..bc4446a938 100644 --- a/poky/meta/lib/oeqa/core/case.py +++ b/poky/meta/lib/oeqa/core/case.py @@ -43,8 +43,13 @@ class OETestCase(unittest.TestCase): clss.tearDownClassMethod() def _oeSetUp(self): - for d in self.decorators: - d.setUpDecorator() + try: + for d in self.decorators: + d.setUpDecorator() + except: + for d in self.decorators: + d.tearDownDecorator() + raise self.setUpMethod() def _oeTearDown(self): diff --git a/poky/meta/lib/oeqa/core/decorator/oetimeout.py b/poky/meta/lib/oeqa/core/decorator/oetimeout.py index df90d1c798..5e6873ad48 100644 --- a/poky/meta/lib/oeqa/core/decorator/oetimeout.py +++ b/poky/meta/lib/oeqa/core/decorator/oetimeout.py @@ -24,5 +24,6 @@ class OETimeout(OETestDecorator): def tearDownDecorator(self): signal.alarm(0) - signal.signal(signal.SIGALRM, self.alarmSignal) - self.logger.debug("Removed SIGALRM handler") + if hasattr(self, 'alarmSignal'): + signal.signal(signal.SIGALRM, self.alarmSignal) + self.logger.debug("Removed SIGALRM handler") diff --git a/poky/meta/lib/oeqa/core/tests/cases/timeout.py b/poky/meta/lib/oeqa/core/tests/cases/timeout.py index 5dfecc7b7c..69cf969a67 100644 --- a/poky/meta/lib/oeqa/core/tests/cases/timeout.py +++ b/poky/meta/lib/oeqa/core/tests/cases/timeout.py @@ -8,6 +8,7 @@ from time import sleep from oeqa.core.case import OETestCase from oeqa.core.decorator.oetimeout import OETimeout +from oeqa.core.decorator.depends import OETestDepends class TimeoutTest(OETestCase): @@ -19,3 +20,15 @@ class TimeoutTest(OETestCase): def testTimeoutFail(self): sleep(2) self.assertTrue(True, msg='How is this possible?') + + + def testTimeoutSkip(self): + self.skipTest("This test needs to be skipped, so that testTimeoutDepends()'s OETestDepends kicks in") + + @OETestDepends(["timeout.TimeoutTest.testTimeoutSkip"]) + @OETimeout(3) + def testTimeoutDepends(self): + self.assertTrue(False, msg='How is this possible?') + + def testTimeoutUnrelated(self): + sleep(6) diff --git a/poky/meta/lib/oeqa/core/tests/test_decorators.py b/poky/meta/lib/oeqa/core/tests/test_decorators.py index b798bf7d33..5095f39948 100755 --- a/poky/meta/lib/oeqa/core/tests/test_decorators.py +++ b/poky/meta/lib/oeqa/core/tests/test_decorators.py @@ -133,5 +133,11 @@ class TestTimeoutDecorator(TestBase): msg = "OETestTimeout didn't restore SIGALRM" self.assertIs(alarm_signal, signal.getsignal(signal.SIGALRM), msg=msg) + def test_timeout_cancel(self): + tests = ['timeout.TimeoutTest.testTimeoutSkip', 'timeout.TimeoutTest.testTimeoutDepends', 'timeout.TimeoutTest.testTimeoutUnrelated'] + msg = 'Unrelated test failed to complete' + tc = self._testLoader(modules=self.modules, tests=tests) + self.assertTrue(tc.runTests().wasSuccessful(), msg=msg) + if __name__ == '__main__': unittest.main() diff --git a/poky/meta/lib/oeqa/runtime/cases/date.py b/poky/meta/lib/oeqa/runtime/cases/date.py index fdd2a6ae58..e14322911d 100644 --- a/poky/meta/lib/oeqa/runtime/cases/date.py +++ b/poky/meta/lib/oeqa/runtime/cases/date.py @@ -13,12 +13,12 @@ class DateTest(OERuntimeTestCase): def setUp(self): if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd': self.logger.debug('Stopping systemd-timesyncd daemon') - self.target.run('systemctl disable --now systemd-timesyncd') + self.target.run('systemctl disable --now --runtime systemd-timesyncd') def tearDown(self): if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd': self.logger.debug('Starting systemd-timesyncd daemon') - self.target.run('systemctl enable --now systemd-timesyncd') + self.target.run('systemctl enable --now --runtime systemd-timesyncd') @OETestDepends(['ssh.SSHTest.test_ssh']) @OEHasPackage(['coreutils', 'busybox']) diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py index 4714741aff..1bb0425521 100644 --- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py @@ -88,6 +88,8 @@ qemux86_common = [ 'tsc: HPET/PMTIMER calibration failed', "modeset(0): Failed to initialize the DRI2 extension", "glamor initialization failed", + "blk_update_request: I/O error, dev fd0, sector 0 op 0x0:(READ)", + "floppy: error", ] + common_errors ignore_errors = { diff --git a/poky/meta/lib/oeqa/runtime/cases/rtc.py b/poky/meta/lib/oeqa/runtime/cases/rtc.py index a34c101a9d..c4e6681324 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rtc.py +++ b/poky/meta/lib/oeqa/runtime/cases/rtc.py @@ -9,12 +9,12 @@ class RTCTest(OERuntimeTestCase): def setUp(self): if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd': self.logger.debug('Stopping systemd-timesyncd daemon') - self.target.run('systemctl disable --now systemd-timesyncd') + self.target.run('systemctl disable --now --runtime systemd-timesyncd') def tearDown(self): if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd': self.logger.debug('Starting systemd-timesyncd daemon') - self.target.run('systemctl enable --now systemd-timesyncd') + self.target.run('systemctl enable --now --runtime systemd-timesyncd') @OETestDepends(['ssh.SSHTest.test_ssh']) @OEHasPackage(['coreutils', 'busybox']) diff --git a/poky/meta/lib/oeqa/runtime/decorator/package.py b/poky/meta/lib/oeqa/runtime/decorator/package.py index 57178655cc..2d7e174dbf 100644 --- a/poky/meta/lib/oeqa/runtime/decorator/package.py +++ b/poky/meta/lib/oeqa/runtime/decorator/package.py @@ -45,14 +45,14 @@ class OEHasPackage(OETestDecorator): msg = 'Checking if %s is not installed' % ', '.join(unneed_pkgs) self.logger.debug(msg) if not self.case.tc.image_packages.isdisjoint(unneed_pkgs): - msg = "Test can't run with %s installed" % ', or'.join(unneed_pkgs) + msg = "Test can't run with %s installed" % ', or '.join(unneed_pkgs) self._decorator_fail(msg) if need_pkgs: msg = 'Checking if at least one of %s is installed' % ', '.join(need_pkgs) self.logger.debug(msg) if self.case.tc.image_packages.isdisjoint(need_pkgs): - msg = "Test requires %s to be installed" % ', or'.join(need_pkgs) + msg = "Test requires %s to be installed" % ', or '.join(need_pkgs) self._decorator_fail(msg) def _decorator_fail(self, msg): diff --git a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py index 20fe8ed8f6..1859d3222a 100644 --- a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py +++ b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py @@ -58,15 +58,15 @@ class ImageOptionsTests(OESelftestTestCase): class DiskMonTest(OESelftestTestCase): def test_stoptask_behavior(self): - self.write_config('BB_DISKMON_DIRS = "STOPTASKS,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "STOPTASKS,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay", ignore_status = True) self.assertTrue('ERROR: No new tasks can be executed since the disk space monitor action is "STOPTASKS"!' in res.output, msg = "Tasks should have stopped. Disk monitor is set to STOPTASK: %s" % res.output) self.assertEqual(res.status, 1, msg = "bitbake reported exit code %s. It should have been 1. Bitbake output: %s" % (str(res.status), res.output)) - self.write_config('BB_DISKMON_DIRS = "ABORT,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "ABORT,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay", ignore_status = True) self.assertTrue('ERROR: Immediately abort since the disk space monitor action is "ABORT"!' in res.output, "Tasks should have been aborted immediatelly. Disk monitor is set to ABORT: %s" % res.output) self.assertEqual(res.status, 1, msg = "bitbake reported exit code %s. It should have been 1. Bitbake output: %s" % (str(res.status), res.output)) - self.write_config('BB_DISKMON_DIRS = "WARN,${TMPDIR},100000G,100K"') + self.write_config('BB_DISKMON_DIRS = "WARN,${TMPDIR},100000G,100K"\nBB_HEARTBEAT_EVENT = "1"') res = bitbake("delay -c delay") self.assertTrue('WARNING: The free space' in res.output, msg = "A warning should have been displayed for disk monitor is set to WARN: %s" %res.output) diff --git a/poky/meta/lib/oeqa/selftest/cases/distrodata.py b/poky/meta/lib/oeqa/selftest/cases/distrodata.py index fbc0c2a98d..0ad6e1ef91 100644 --- a/poky/meta/lib/oeqa/selftest/cases/distrodata.py +++ b/poky/meta/lib/oeqa/selftest/cases/distrodata.py @@ -99,7 +99,7 @@ The following recipes do not have a DESCRIPTION. Please add an entry for DESCRIP return True return False - feature = 'require conf/distro/include/maintainers.inc\nLICENSE_FLAGS_WHITELIST += " commercial"\nPARSE_ALL_RECIPES = "1"\n' + feature = 'require conf/distro/include/maintainers.inc\nLICENSE_FLAGS_WHITELIST += " commercial"\nPARSE_ALL_RECIPES = "1"\nPACKAGE_CLASSES = "package_ipk package_deb package_rpm"\n' self.write_config(feature) with bb.tinfoil.Tinfoil() as tinfoil: diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py index 7e676bcb41..da22f77b27 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py +++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py @@ -163,12 +163,11 @@ class QemuTest(OESelftestTestCase): bitbake(cls.recipe) def _start_qemu_shutdown_check_if_shutdown_succeeded(self, qemu, timeout): + # Allow the runner's LoggingThread instance to exit without errors + # (such as the exception "Console connection closed unexpectedly") + # as qemu will disappear when we shut it down + qemu.runner.allowexit() qemu.run_serial("shutdown -h now") - # Stop thread will stop the LoggingThread instance used for logging - # qemu through serial console, stop thread will prevent this code - # from facing exception (Console connection closed unexpectedly) - # when qemu was shutdown by the above shutdown command - qemu.runner.stop_thread() time_track = 0 try: while True: diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py index a71c16ab14..024261410e 100644 --- a/poky/meta/lib/oeqa/utils/commands.py +++ b/poky/meta/lib/oeqa/utils/commands.py @@ -174,11 +174,8 @@ def runCmd(command, ignore_status=False, timeout=None, assert_error=True, sync=T if native_sysroot: extra_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin" % \ (native_sysroot, native_sysroot, native_sysroot) - extra_libpaths = "%s/lib:%s/usr/lib" % \ - (native_sysroot, native_sysroot) nenv = dict(options.get('env', os.environ)) nenv['PATH'] = extra_paths + ':' + nenv.get('PATH', '') - nenv['LD_LIBRARY_PATH'] = extra_libpaths + ':' + nenv.get('LD_LIBRARY_PATH', '') options['env'] = nenv cmd = Command(command, timeout=timeout, output_log=output_log, **options) diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 278904ba0b..a0f17d557b 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -71,6 +71,8 @@ class QemuRunner: self.monitorpipe = None self.logger = logger + # Whether we're expecting an exit and should show related errors + self.canexit = False # Enable testing other OS's # Set commands for target communication, and default to Linux ALWAYS @@ -471,6 +473,11 @@ class QemuRunner: self.thread.stop() self.thread.join() + def allowexit(self): + self.canexit = True + if self.thread: + self.thread.allowexit() + def restart(self, qemuparams = None): self.logger.warning("Restarting qemu process") if self.runqemu.poll() is None: @@ -526,7 +533,9 @@ class QemuRunner: if re.search(self.boot_patterns['search_cmd_finished'], data): break else: - raise Exception("No data on serial console socket") + if self.canexit: + return (1, "") + raise Exception("No data on serial console socket, connection closed?") if data: if raw: @@ -564,6 +573,7 @@ class LoggingThread(threading.Thread): self.logger = logger self.readsock = None self.running = False + self.canexit = False self.errorevents = select.POLLERR | select.POLLHUP | select.POLLNVAL self.readevents = select.POLLIN | select.POLLPRI @@ -597,6 +607,9 @@ class LoggingThread(threading.Thread): self.close_ignore_error(self.writepipe) self.running = False + def allowexit(self): + self.canexit = True + def eventloop(self): poll = select.poll() event_read_mask = self.errorevents | self.readevents @@ -642,7 +655,7 @@ class LoggingThread(threading.Thread): data = self.readsock.recv(count) except socket.error as e: if e.errno == errno.EAGAIN or e.errno == errno.EWOULDBLOCK: - return '' + return b'' else: raise @@ -653,7 +666,9 @@ class LoggingThread(threading.Thread): # happened. But for this code it counts as an # error since the connection shouldn't go away # until qemu exits. - raise Exception("Console connection closed unexpectedly") + if not self.canexit: + raise Exception("Console connection closed unexpectedly") + return b'' return data diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 590deb8d92..6de683ee1c 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -49,6 +49,8 @@ GRUBPLATFORM ??= "pc" inherit autotools gettext texinfo pkgconfig +CFLAGS_remove = "-O2" + EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \ --disable-grub-mkfont \ --program-prefix="" \ diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch new file mode 100644 index 0000000000..e2540fc26b --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch @@ -0,0 +1,123 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +CVE: CVE-2021-30004 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index 141ac50..e09db07 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index 1bd5aa0..bf2289f 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index 357c28634a..cddcfb6811 100644 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -32,6 +32,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ file://CVE-2021-0326.patch \ file://CVE-2021-27803.patch \ + file://CVE-2021-30004.patch \ " SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" diff --git a/poky/meta/recipes-core/busybox/busybox-inittab_1.33.0.bb b/poky/meta/recipes-core/busybox/busybox-inittab_1.33.0.bb index 0021e45511..3804f4f7b2 100644 --- a/poky/meta/recipes-core/busybox/busybox-inittab_1.33.0.bb +++ b/poky/meta/recipes-core/busybox/busybox-inittab_1.33.0.bb @@ -44,9 +44,6 @@ EOF fi } -do_install_append_qemuppc64 () { - echo "9:12345:respawn:${base_sbindir}/getty 38400 hvc0" >> ${D}${sysconfdir}/inittab -} pkg_postinst_${PN} () { # run this on host and on target diff --git a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch new file mode 100644 index 0000000000..67c9f189cc --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch @@ -0,0 +1,58 @@ +From fe791386ebc270219ca00406c9fdadc5130b64ee Mon Sep 17 00:00:00 2001 +From: Samuel Sapalski <samuel.sapalski@nokia.com> +Date: Wed, 3 Mar 2021 16:31:22 +0100 +Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt + +On certain corrupt gzip files, huft_build will set the error bit on +the result pointer. If afterwards abort_unzip is called huft_free +might run into a segmentation fault or an invalid pointer to +free(p). + +In order to mitigate this, we check in huft_free if the error bit +is set and clear it before the linked list is freed. + +Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> +Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +Upstream-Status: Backport +CVE: CVE-2021-28831 +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + archival/libarchive/decompress_gunzip.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c +index eb3b64930..e93cd5005 100644 +--- a/archival/libarchive/decompress_gunzip.c ++++ b/archival/libarchive/decompress_gunzip.c +@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { + * each table. + * t: table to free + */ ++#define BAD_HUFT(p) ((uintptr_t)(p) & 1) ++#define ERR_RET ((huft_t*)(uintptr_t)1) + static void huft_free(huft_t *p) + { + huft_t *q; + ++ /* ++ * If 'p' has the error bit set we have to clear it, otherwise we might run ++ * into a segmentation fault or an invalid pointer to free(p) ++ */ ++ if (BAD_HUFT(p)) { ++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); ++ } ++ + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + while (p) { + q = (--p)->v.t; +@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current + * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table + * is given: "fixed inflate" decoder feeds us such data. + */ +-#define BAD_HUFT(p) ((uintptr_t)(p) & 1) +-#define ERR_RET ((huft_t*)(uintptr_t)1) + static huft_t* huft_build(const unsigned *b, const unsigned n, + const unsigned s, const struct cp_ext *cp_ext, + unsigned *m) diff --git a/poky/meta/recipes-core/busybox/busybox/0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch b/poky/meta/recipes-core/busybox/busybox/0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch new file mode 100644 index 0000000000..e0a22c5bb3 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch @@ -0,0 +1,28 @@ +From bff7f16f7f41de8df67beb03722f235828ef2249 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 3 May 2021 15:48:19 -0700 +Subject: [PATCH] gen_build_files: Use C locale when calling sed on globbed files + +sort order is different based on chosen locale and also default shell +being bash or dash + +This sets the environment variable LC_ALL to the value C, which will +enforce bytewise sorting, irrespective of the shell + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + scripts/gen_build_files.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/scripts/gen_build_files.sh ++++ b/scripts/gen_build_files.sh +@@ -4,6 +4,8 @@ + # but users complain that many sed implementations + # are misinterpreting --. + ++export LC_ALL=C ++ + test $# -ge 2 || { echo "Syntax: $0 SRCTREE OBJTREE"; exit 1; } + + # cd to objtree diff --git a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb b/poky/meta/recipes-core/busybox/busybox_1.33.0.bb index 1a3f218bca..b2a30ba16f 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.33.0.bb @@ -46,7 +46,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \ file://rev.cfg \ file://pgrep.cfg \ -" + file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ + file://0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch \ + " SRC_URI_append_libc-musl = " file://musl.cfg " SRC_URI[tarball.sha256sum] = "d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd" diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfileoutputstream-Fix-a-typo-in-a-comment.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfileoutputstream-Fix-a-typo-in-a-comment.patch new file mode 100644 index 0000000000..e3def1a980 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfileoutputstream-Fix-a-typo-in-a-comment.patch @@ -0,0 +1,32 @@ +From 48dd0d030a2b5240457472d40d8691b80bf5fa78 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:33:38 +0000 +Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +CVE: CVE-2021-28153 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/issues/2325] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + gio/glocalfileoutputstream.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c +index f34c3e4..e3d31d6 100644 +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename, + mode = mode_from_flags_or_info (flags, reference_info); + + /* We only need read access to the original file if we are creating a backup. +- * We also add O_CREATE to avoid a race if the file was just removed */ ++ * We also add O_CREAT to avoid a race if the file was just removed */ + if (create_backup || readable) + open_flags = O_RDWR | O_CREAT | O_BINARY; + else +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0002-tests-Stop-using-g_test_bug_base-in-file-tests.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0002-tests-Stop-using-g_test_bug_base-in-file-tests.patch new file mode 100644 index 0000000000..d8d4d51751 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0002-tests-Stop-using-g_test_bug_base-in-file-tests.patch @@ -0,0 +1,47 @@ +From 3d7f54ae4cfdddaf1a807879d9263e16cd12ffd3 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:34:32 +0000 +Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since a following commit is going to add a new test which references +Gitlab, so it’s best to move the URI bases inside the test cases. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +CVE: CVE-2021-28153 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/issues/2325] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + gio/tests/file.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/gio/tests/file.c b/gio/tests/file.c +index d876965..39d51da 100644 +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -686,7 +686,7 @@ test_replace_cancel (void) + guint count; + GError *error = NULL; + +- g_test_bug ("629301"); ++ g_test_bug ("https://bugzilla.gnome.org/629301"); + + path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); + g_assert_no_error (error); +@@ -1785,8 +1785,6 @@ main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); + +- g_test_bug_base ("http://bugzilla.gnome.org/"); +- + g_test_add_func ("/file/basic", test_basic); + g_test_add_func ("/file/build-filename", test_build_filename); + g_test_add_func ("/file/parent", test_parent); +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0003-glocalfileoutputstream-Factor-out-a-flag-check.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0003-glocalfileoutputstream-Factor-out-a-flag-check.patch new file mode 100644 index 0000000000..425a1d402f --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0003-glocalfileoutputstream-Factor-out-a-flag-check.patch @@ -0,0 +1,60 @@ +From 8cc84a2f8c668541aaba584cb9b73c98afeb8e2d Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Mar 2021 16:05:55 +0000 +Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check + +This clarifies the code a little. It introduces no functional changes. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +CVE: CVE-2021-28153 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/issues/2325] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + gio/glocalfileoutputstream.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c +index e3d31d6..392d0b0 100644 +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -850,6 +850,7 @@ handle_overwrite_open (const char *filename, + int res; + int mode; + int errsv; ++ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); + + mode = mode_from_flags_or_info (flags, reference_info); + +@@ -960,7 +961,7 @@ handle_overwrite_open (const char *filename, + * to a backup file and rewrite the contents of the file. + */ + +- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || ++ if (replace_destination_set || + (!(_g_stat_nlink (&original_stat) > 1) && !is_symlink)) + { + char *dirname, *tmp_filename; +@@ -979,7 +980,7 @@ handle_overwrite_open (const char *filename, + + /* try to keep permissions (unless replacing) */ + +- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && ++ if (!replace_destination_set && + ( + #ifdef HAVE_FCHOWN + fchown (tmpfd, _g_stat_uid (&original_stat), _g_stat_gid (&original_stat)) == -1 || +@@ -1120,7 +1121,7 @@ handle_overwrite_open (const char *filename, + } + } + +- if (flags & G_FILE_CREATE_REPLACE_DESTINATION) ++ if (replace_destination_set) + { + g_close (fd, NULL); + +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0004-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0004-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch new file mode 100644 index 0000000000..54a9f452d6 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0004-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch @@ -0,0 +1,294 @@ +From ed8f2235da7d2a408bfa18c1003f4a07f90b05e8 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:36:07 +0000 +Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION + with symlinks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking +the destination file and re-creating it from scratch. That did +previously work, but in the process the code would call `open(O_CREAT)` +on the file. If the file was a dangling symlink, this would create the +destination file (empty). That’s not an intended side-effect, and has +security implications if the symlink is controlled by a lower-privileged +process. + +Fix that by not opening the destination file if it’s a symlink, and +adjusting the rest of the code to cope with + - the fact that `fd == -1` is not an error iff `is_symlink` is true, + - and that `original_stat` will contain the `lstat()` results for the + symlink now, rather than the `stat()` results for its target (again, + iff `is_symlink` is true). + +This means that the target of the dangling symlink is no longer created, +which was the bug. The symlink itself continues to be replaced (as +before) with the new file — this is the intended behaviour of +`g_file_replace()`. + +The behaviour for non-symlink cases, or cases where the symlink was not +dangling, should be unchanged. + +Includes a unit test. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Fixes: #2325 + +CVE: CVE-2021-28153 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/issues/2325] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + gio/glocalfileoutputstream.c | 77 ++++++++++++++++++------- + gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ + 2 files changed, 163 insertions(+), 22 deletions(-) + +diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c +index 392d0b0..a2c7e3c 100644 +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -878,16 +878,22 @@ handle_overwrite_open (const char *filename, + /* Could be a symlink, or it could be a regular ELOOP error, + * but then the next open will fail too. */ + is_symlink = TRUE; +- fd = g_open (filename, open_flags, mode); ++ if (!replace_destination_set) ++ fd = g_open (filename, open_flags, mode); + } +-#else +- fd = g_open (filename, open_flags, mode); +- errsv = errno; ++#else /* if !O_NOFOLLOW */ + /* This is racy, but we do it as soon as possible to minimize the race */ + is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); ++ ++ if (!is_symlink || !replace_destination_set) ++ { ++ fd = g_open (filename, open_flags, mode); ++ errsv = errno; ++ } + #endif + +- if (fd == -1) ++ if (fd == -1 && ++ (!is_symlink || !replace_destination_set)) + { + char *display_name = g_filename_display_name (filename); + g_set_error (error, G_IO_ERROR, +@@ -898,15 +904,30 @@ handle_overwrite_open (const char *filename, + return -1; + } + +- res = g_local_file_fstat (fd, +- G_LOCAL_FILE_STAT_FIELD_TYPE | +- G_LOCAL_FILE_STAT_FIELD_MODE | +- G_LOCAL_FILE_STAT_FIELD_UID | +- G_LOCAL_FILE_STAT_FIELD_GID | +- G_LOCAL_FILE_STAT_FIELD_MTIME | +- G_LOCAL_FILE_STAT_FIELD_NLINK, +- G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat); +- errsv = errno; ++ if (!is_symlink) ++ { ++ res = g_local_file_fstat (fd, ++ G_LOCAL_FILE_STAT_FIELD_TYPE | ++ G_LOCAL_FILE_STAT_FIELD_MODE | ++ G_LOCAL_FILE_STAT_FIELD_UID | ++ G_LOCAL_FILE_STAT_FIELD_GID | ++ G_LOCAL_FILE_STAT_FIELD_MTIME | ++ G_LOCAL_FILE_STAT_FIELD_NLINK, ++ G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat); ++ errsv = errno; ++ } ++ else ++ { ++ res = g_local_file_lstat (filename, ++ G_LOCAL_FILE_STAT_FIELD_TYPE | ++ G_LOCAL_FILE_STAT_FIELD_MODE | ++ G_LOCAL_FILE_STAT_FIELD_UID | ++ G_LOCAL_FILE_STAT_FIELD_GID | ++ G_LOCAL_FILE_STAT_FIELD_MTIME | ++ G_LOCAL_FILE_STAT_FIELD_NLINK, ++ G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat); ++ errsv = errno; ++ } + + if (res != 0) + { +@@ -923,16 +944,27 @@ handle_overwrite_open (const char *filename, + if (!S_ISREG (_g_stat_mode (&original_stat))) + { + if (S_ISDIR (_g_stat_mode (&original_stat))) +- g_set_error_literal (error, +- G_IO_ERROR, +- G_IO_ERROR_IS_DIRECTORY, +- _("Target file is a directory")); +- else +- g_set_error_literal (error, ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_IS_DIRECTORY, ++ _("Target file is a directory")); ++ goto err_out; ++ } ++ else if (!is_symlink || ++#ifdef S_ISLNK ++ !S_ISLNK (_g_stat_mode (&original_stat)) ++#else ++ FALSE ++#endif ++ ) ++ { ++ g_set_error_literal (error, + G_IO_ERROR, + G_IO_ERROR_NOT_REGULAR_FILE, + _("Target file is not a regular file")); +- goto err_out; ++ goto err_out; ++ } + } + + if (etag != NULL) +@@ -1015,7 +1047,8 @@ handle_overwrite_open (const char *filename, + } + } + +- g_close (fd, NULL); ++ if (fd >= 0) ++ g_close (fd, NULL); + *temp_filename = tmp_filename; + return tmpfd; + } +diff --git a/gio/tests/file.c b/gio/tests/file.c +index 39d51da..ddd1ffc 100644 +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -805,6 +805,113 @@ test_replace_cancel (void) + g_object_unref (tmpdir); + } + ++static void ++test_replace_symlink (void) ++{ ++#ifdef G_OS_UNIX ++ gchar *tmpdir_path = NULL; ++ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; ++ GFileOutputStream *stream = NULL; ++ const gchar *new_contents = "this is a test message which should be written to source and not target"; ++ gsize n_written; ++ GFileEnumerator *enumerator = NULL; ++ GFileInfo *info = NULL; ++ gchar *contents = NULL; ++ gsize length = 0; ++ GError *local_error = NULL; ++ ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); ++ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); ++ ++ /* Create a fresh, empty working directory. */ ++ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); ++ g_assert_no_error (local_error); ++ tmpdir = g_file_new_for_path (tmpdir_path); ++ ++ g_test_message ("Using temporary directory %s", tmpdir_path); ++ g_free (tmpdir_path); ++ ++ /* Create symlink `source` which points to `target`. */ ++ source_file = g_file_get_child (tmpdir, "source"); ++ target_file = g_file_get_child (tmpdir, "target"); ++ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ /* Ensure that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Replace the `source` symlink with a regular file using ++ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* ++ * following the symlink */ ++ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, ++ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), ++ &n_written, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpint (n_written, ==, strlen (new_contents)); ++ ++ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&stream); ++ ++ /* At this point, there should still only be one file: `source`. It should ++ * now be a regular file. `target` should not exist. */ ++ enumerator = g_file_enumerate_children (tmpdir, ++ G_FILE_ATTRIBUTE_STANDARD_NAME "," ++ G_FILE_ATTRIBUTE_STANDARD_TYPE, ++ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (info); ++ ++ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); ++ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); ++ ++ g_clear_object (&info); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_null (info); ++ ++ g_file_enumerator_close (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_clear_object (&enumerator); ++ ++ /* Double-check that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Check the content of `source`. */ ++ g_file_load_contents (source_file, ++ NULL, ++ &contents, ++ &length, ++ NULL, ++ &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpstr (contents, ==, new_contents); ++ g_assert_cmpuint (length, ==, strlen (new_contents)); ++ g_free (contents); ++ ++ /* Tidy up. */ ++ g_file_delete (source_file, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_file_delete (tmpdir, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&target_file); ++ g_clear_object (&source_file); ++ g_clear_object (&tmpdir); ++#else /* if !G_OS_UNIX */ ++ g_test_skip ("Symlink replacement tests can only be run on Unix") ++#endif ++} ++ + static void + on_file_deleted (GObject *object, + GAsyncResult *result, +@@ -1798,6 +1905,7 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); + g_test_add_func ("/file/replace-load", test_replace_load); + g_test_add_func ("/file/replace-cancel", test_replace_cancel); ++ g_test_add_func ("/file/replace-symlink", test_replace_symlink); + g_test_add_func ("/file/async-delete", test_async_delete); + g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); + g_test_add_func ("/file/measure", test_measure); +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0005-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0005-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch new file mode 100644 index 0000000000..0ab9a750ab --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0005-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch @@ -0,0 +1,60 @@ +From ab4ee65fb5778964fa3cca9b3d6749711ef9ba19 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:42:24 +0000 +Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to + replace() + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +CVE: CVE-2021-28153 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/issues/2325] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + gio/glocalfileoutputstream.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c +index a2c7e3c..4c512ea 100644 +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -63,6 +63,12 @@ + #define O_BINARY 0 + #endif + ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#else ++#define HAVE_O_CLOEXEC 1 ++#endif ++ + struct _GLocalFileOutputStreamPrivate { + char *tmp_filename; + char *original_filename; +@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename, + sync_on_close = FALSE; + + /* If the file doesn't exist, create it */ +- open_flags = O_CREAT | O_EXCL | O_BINARY; ++ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; + if (readable) + open_flags |= O_RDWR; + else +@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename, + set_error_from_open_errno (filename, error); + return NULL; + } +- +- ++#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) ++ else ++ fcntl (fd, F_SETFD, FD_CLOEXEC); ++#endif ++ + stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); + stream->priv->fd = fd; + stream->priv->sync_on_close = sync_on_close; +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb index 3909b76ddf..e5e65a4aad 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb @@ -50,6 +50,16 @@ SRC_URI += "\ file://0028-gresource-Fix-a-pointer-mismatch-with-an-atomic-load.patch \ file://0029-docs-Document-not-to-use-volatile-qualifiers.patch \ " + +# Fix CVE-2021-28153 +SRC_URI += "\ + file://0001-glocalfileoutputstream-Fix-a-typo-in-a-comment.patch \ + file://0002-tests-Stop-using-g_test_bug_base-in-file-tests.patch \ + file://0003-glocalfileoutputstream-Factor-out-a-flag-check.patch \ + file://0004-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch \ + file://0005-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch \ +" + SRC_URI_append_class-native = " file://relocate-modules.patch" SRC_URI[sha256sum] = "09f158769f6f26b31074e15b1ac80ec39b13b53102dfae66cfe826fb2cc65502" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 1aeb952db2..fe1715f2e3 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,8 +24,8 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "42514ade8bdb9502f49a56752561f6c2e9f23348" -SRC_URI = "git://git.yoctoproject.org/poky \ +SRCREV ?= "96e8fcd6a24fd732e010607be347cbb3348ef725" +SRC_URI = "git://git.yoctoproject.org/poky;branch=hardknott \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 25ec6bac71..e5822cee58 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -139,7 +139,12 @@ def parse_node_and_insert(c, node, cveId): for cpe in node.get('cpe_match', ()): if not cpe['vulnerable']: return - cpe23 = cpe['cpe23Uri'].split(':') + cpe23 = cpe.get('cpe23Uri') + if not cpe23: + return + cpe23 = cpe23.split(':') + if len(cpe23) < 6: + return vendor = cpe23[3] product = cpe23[4] version = cpe23[5] diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb index b8e2c718e6..194dca76d0 100644 --- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb +++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb @@ -57,6 +57,7 @@ VALGRIND_armv6 = "" VALGRIND_armeb = "" VALGRIND_aarch64 = "" VALGRIND_riscv64 = "" +VALGRIND_riscv32 = "" VALGRIND_powerpc = "${@bb.utils.contains('TARGET_FPU', 'soft', '', 'valgrind', d)}" VALGRIND_linux-gnux32 = "" VALGRIND_linux-gnun32 = "" diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb index a5fc152859..015810cb6b 100644 --- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb +++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb @@ -16,6 +16,7 @@ KEXECTOOLS_e5500-64b ?= "" KEXECTOOLS_microblaze ?= "" KEXECTOOLS_nios2 ?= "" KEXECTOOLS_riscv64 ?= "" +KEXECTOOLS_riscv32 ?= "" GSTEXAMPLES ?= "gst-examples" GSTEXAMPLES_riscv64 = "" diff --git a/poky/meta/recipes-core/systemd/systemd-boot_247.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_247.6.bb index 249e620f4e..249e620f4e 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_247.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_247.6.bb diff --git a/poky/meta/recipes-core/systemd/systemd-conf_247.3.bb b/poky/meta/recipes-core/systemd/systemd-conf_247.6.bb index ea35e83f4f..ea35e83f4f 100644 --- a/poky/meta/recipes-core/systemd/systemd-conf_247.3.bb +++ b/poky/meta/recipes-core/systemd/systemd-conf_247.6.bb diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 098bca98f1..7d3b3064ba 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -14,7 +14,7 @@ LICENSE = "GPLv2 & LGPLv2.1" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "069525e84a67375e27429cb490e8d28af78e673a" +SRCREV = "17472dca0160cbe7b807ca648475fd70d0d62fe5" SRCBRANCH = "v247-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" diff --git a/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch new file mode 100644 index 0000000000..bbee6e6b28 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch @@ -0,0 +1,36 @@ +From 7b32582c066549fea0f7180a6c575e7fa37a867f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 12 Apr 2021 23:44:53 -0700 +Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl + +musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64 +unlike glibc where these are provided by libc headers, therefore define +them here in case they are undefined + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/basic/missing_syscall.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h +index 0594a1b930..495d161334 100644 +--- a/src/basic/missing_syscall.h ++++ b/src/basic/missing_syscall.h +@@ -15,6 +15,12 @@ + #include <asm/sgidefs.h> + #endif + ++#ifndef _MIPS_SIM_ABI32 ++#define _MIPS_SIM_ABI32 1 ++#define _MIPS_SIM_NABI32 2 ++#define _MIPS_SIM_ABI64 3 ++#endif ++ + #if defined(__x86_64__) && defined(__ILP32__) + # define systemd_SC_arch_bias(x) ((x) | /* __X32_SYSCALL_BIT */ 0x40000000) + #elif defined(__ia64__) +-- +2.31.1 + diff --git a/poky/meta/recipes-core/systemd/systemd_247.4.bb b/poky/meta/recipes-core/systemd/systemd_247.6.bb index cd67e65abe..32afa159ec 100644 --- a/poky/meta/recipes-core/systemd/systemd_247.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_247.6.bb @@ -55,6 +55,7 @@ SRC_URI_MUSL = "\ file://0022-do-not-disable-buffer-in-writing-files.patch \ file://0025-Handle-__cpu_mask-usage.patch \ file://0026-Handle-missing-gshadow.patch \ + file://0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \ " PAM_PLUGINS = " \ diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty index dfa799adac..699a1ead1a 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty +++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty @@ -1,17 +1,4 @@ #!/bin/sh -############################################################################### -# This script is used to automatically set up the serial console(s) on startup. -# The variable SERIAL_CONSOLES can be set in meta/conf/machine/*.conf. -# Script enhancement has been done based on Bug YOCTO #10844. -# Most of the information is retrieved from /proc virtual filesystem containing -# all the runtime system information (eg. system memory, device mount, etc). -############################################################################### - -# Get active serial filename. -active_serial=$(grep "serial" /proc/tty/drivers | cut -d/ -f1 | sed "s/ *$//") - -# Rephrase input parameter from ttyS target index (ttyS1, ttyS2, ttyAMA0, etc). -runtime_tty=$(echo $2 | grep -oh '[0-9]\+') # busybox' getty does this itself, util-linux' agetty needs extra help getty="/sbin/getty" @@ -25,31 +12,6 @@ case $(readlink -f "${getty}") in ;; esac -# Backup $IFS. -DEFAULT_IFS=$IFS -# Customize Internal Field Separator. -IFS="$(printf '\n\t')" - -for line in $active_serial; do - # Check we have the file containing current active serial target index. - if [ -e "/proc/tty/driver/$line" ] - then - # Remove all unknown entries and discard the first line (desc). - activetty=$(grep -v "unknown" "/proc/tty/driver/$line" \ - | tail -n +2 | grep -oh "^\s*\S*[0-9]\+") - for active in $activetty; do - # If indexes do match then enable the serial console. - if [ $active -eq $runtime_tty ] - then - if [ -c /dev/$2 ] - then - ${setsid:-} ${getty} -L $1 $2 $3 - fi - break - fi - done - fi -done - -# Restore $IFS. -IFS=$DEFAULT_IFS +if [ -e /sys/class/tty/$2 -a -c /dev/$2 ]; then + ${setsid:-} ${getty} -L $1 $2 $3 +fi diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb index 0af116f35c..d95d1a63f5 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb +++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb @@ -53,10 +53,6 @@ EOF fi } -do_install_append_qemuppc64 () { - echo "9:12345:respawn:${base_sbindir}/getty 38400 hvc0" >> ${D}${sysconfdir}/inittab -} - pkg_postinst_${PN} () { # run this on host and on target if [ "${SERIAL_CONSOLES_CHECK}" = "" ]; then diff --git a/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb b/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb index 0a007bb2cd..ce242c3593 100644 --- a/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb +++ b/poky/meta/recipes-devtools/dejagnu/dejagnu_1.6.2.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "devel" DEPENDS += "expect-native" +RDEPENDS_${PN} = "expect" inherit autotools diff --git a/poky/meta/recipes-devtools/go/go-1.16.2.inc b/poky/meta/recipes-devtools/go/go-1.16.3.inc index e65caf8197..ebd25a5eaa 100644 --- a/poky/meta/recipes-devtools/go/go-1.16.2.inc +++ b/poky/meta/recipes-devtools/go/go-1.16.3.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.2" +PV = "1.16.3" FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,4 +17,4 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "37ca14287a23cb8ba2ac3f5c3dd8adbc1f7a54b9701a57824bf19a0b271f83ea" +SRC_URI[main.sha256sum] = "b298d29de9236ca47a023e382313bcc2d2eed31dfa706b60a04103ce83a71a25" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.2.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb index 4fb060173c..d01a2bd8f1 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "542e936b19542e62679766194364f45141fde55169db2d8d01046555ca9eb4b8" -SRC_URI[go_linux_arm64.sha256sum] = "6924601d998a0917694fd14261347e3798bd2ad6b13c4d7f2edd70c9d57f62ab" +SRC_URI[go_linux_amd64.sha256sum] = "951a3c7c6ce4e56ad883f97d9db74d3d6d80d5fec77455c6ada6c1f7ac4776d2" +SRC_URI[go_linux_arm64.sha256sum] = "566b1d6f17d2bc4ad5f81486f0df44f3088c3ed47a3bec4099d8ed9939e90d5d" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-common.inc b/poky/meta/recipes-devtools/go/go-common.inc index f18d928c70..c368b95b69 100644 --- a/poky/meta/recipes-devtools/go/go-common.inc +++ b/poky/meta/recipes-devtools/go/go-common.inc @@ -14,7 +14,7 @@ LICENSE = "BSD-3-Clause" inherit goarch -SRC_URI = "http://golang.org/dl/go${PV}.src.tar.gz;name=main" +SRC_URI = "https://dl.google.com/go/go${PV}.src.tar.gz;name=main" S = "${WORKDIR}/go" B = "${S}" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.2.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.2.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.2.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.2.bb b/poky/meta/recipes-devtools/go/go-native_1.16.3.bb index f14892cdb0..f14892cdb0 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.16.3.bb diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.2.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb diff --git a/poky/meta/recipes-devtools/go/go_1.16.2.bb b/poky/meta/recipes-devtools/go/go_1.16.3.bb index 4e9e0ebec8..4e9e0ebec8 100644 --- a/poky/meta/recipes-devtools/go/go_1.16.2.bb +++ b/poky/meta/recipes-devtools/go/go_1.16.3.bb diff --git a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc index 19a03d4733..e9225e140c 100644 --- a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc +++ b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \ file://0001-libtool-Fix-support-for-NIOS2-processor.patch \ file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \ file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \ + file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \ " SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e" diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch new file mode 100644 index 0000000000..87f8492346 --- /dev/null +++ b/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch @@ -0,0 +1,35 @@ +From e82c06584f02e3e4487aa73aa05981e2a35dc6d1 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Tue, 13 Apr 2021 07:17:29 +0000 +Subject: [PATCH] Makefile.am: make sure autoheader run before automake + +When use automake to generate Makefile.in from Makefile.am, there +comes below race: + | configure.ac:45: error: required file 'config-h.in' not found + +It is because the file config-h.in in updating process by autoheader, +so make automake run after autoheader to avoid the above race. + +Upstream-Status: Submitted [libtool-patches@gnu.org maillist] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 2752ecc..29950db 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -328,7 +328,7 @@ EXTRA_DIST += $(lt_aclocal_m4) \ + $(lt_obsolete_m4) \ + $(stamp_mk) + +-$(lt_Makefile_in): $(lt_Makefile_am) $(lt_aclocal_m4) ++$(lt_Makefile_in): $(lt_Makefile_am) $(lt_aclocal_m4) $(lt_config_h_in) + $(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(AUTOMAKE) Makefile + + # Don't let unused scripts leak into the libltdl Makefile +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/patchelf/patchelf/6edec83653ce1b5fc201ff6db93b966394766814.patch b/poky/meta/recipes-devtools/patchelf/patchelf/6edec83653ce1b5fc201ff6db93b966394766814.patch new file mode 100644 index 0000000000..ba35ec6ffc --- /dev/null +++ b/poky/meta/recipes-devtools/patchelf/patchelf/6edec83653ce1b5fc201ff6db93b966394766814.patch @@ -0,0 +1,44 @@ +From 6edec83653ce1b5fc201ff6db93b966394766814 Mon Sep 17 00:00:00 2001 +From: rmnull <rmnull@users.noreply.github.com> +Date: Tue, 18 Aug 2020 20:22:52 +0530 +Subject: [PATCH] mark phdrs synced with sections, avoid rechecking it when + syncing note sections to segments. + +This also serves as a bug fix when a previously synced note segment +overlaps with another section and creates a false alarm. + +Upstream-Status: Backport +--- + src/patchelf.cc | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/patchelf.cc b/src/patchelf.cc +index 05ec793..622f0b6 100644 +--- a/src/patchelf.cc ++++ b/src/patchelf.cc +@@ -669,6 +669,7 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff, + memset(contents + rdi(shdr.sh_offset), 'X', rdi(shdr.sh_size)); + } + ++ std::set<unsigned int> noted_phdrs = {}; + for (auto & i : replacedSections) { + std::string sectionName = i.first; + auto & shdr = findSection(sectionName); +@@ -721,7 +722,7 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff, + shdr.sh_addralign = orig_shdr.sh_addralign; + + for (unsigned int j = 0; j < phdrs.size(); ++j) +- if (rdi(phdrs[j].p_type) == PT_NOTE) { ++ if (rdi(phdrs[j].p_type) == PT_NOTE && noted_phdrs.find(j) == noted_phdrs.end()) { + Elf_Off p_start = rdi(phdrs[j].p_offset); + Elf_Off p_end = p_start + rdi(phdrs[j].p_filesz); + Elf_Off s_start = rdi(orig_shdr.sh_offset); +@@ -739,6 +740,8 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff, + phdrs[j].p_offset = shdr.sh_offset; + phdrs[j].p_vaddr = phdrs[j].p_paddr = shdr.sh_addr; + phdrs[j].p_filesz = phdrs[j].p_memsz = shdr.sh_size; ++ ++ noted_phdrs.insert(j); + } + } + diff --git a/poky/meta/recipes-devtools/patchelf/patchelf/alignmentfix.patch b/poky/meta/recipes-devtools/patchelf/patchelf/alignmentfix.patch new file mode 100644 index 0000000000..a06876e50a --- /dev/null +++ b/poky/meta/recipes-devtools/patchelf/patchelf/alignmentfix.patch @@ -0,0 +1,44 @@ +If a binary has multiple SHT_NOTE sections and corresponding PT_NOTE +headers, we can see the error: + +patchelf: cannot normalize PT_NOTE segment: non-contiguous SHT_NOTE sections + +if the SHT_NOTE sections aren't sized to end on aligned boundaries. An example +would be a binary with: + + [ 2] .note.ABI-tag NOTE 00000000000002f4 000002f4 + 0000000000000020 0000000000000000 A 0 0 4 + [ 3] .note.gnu.propert NOTE 0000000000000318 00000318 + 0000000000000030 0000000000000000 A 0 0 8 + [ 4] .note.gnu.build-i NOTE 0000000000000348 00000348 + 0000000000000024 0000000000000000 A 0 0 4 + + NOTE 0x0000000000000318 0x0000000000000318 0x0000000000000318 + 0x0000000000000030 0x0000000000000030 R 0x8 + NOTE 0x00000000000002f4 0x00000000000002f4 0x00000000000002f4 + 0x0000000000000078 0x0000000000000074 R 0x4 + +since the PT_NOTE section at 2f4 covers [2] and [3] but the code +calclates curr_off should be 314, not the 318 in the binary. This +is an alignment issue. + +To fix this, we need to round curr_off to the next section alignment. + +Upstream-Status: Submitted [https://github.com/NixOS/patchelf/pull/274] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: git/src/patchelf.cc +=================================================================== +--- git.orig/src/patchelf.cc ++++ git/src/patchelf.cc +@@ -1010,8 +1010,9 @@ void ElfFile<ElfFileParamNames>::normali + size_t size = 0; + for (const auto & shdr : shdrs) { + if (rdi(shdr.sh_type) != SHT_NOTE) continue; +- if (rdi(shdr.sh_offset) != curr_off) continue; ++ if (rdi(shdr.sh_offset) != roundUp(curr_off, rdi(shdr.sh_addralign))) continue; + size = rdi(shdr.sh_size); ++ curr_off = roundUp(curr_off, rdi(shdr.sh_addralign)); + break; + } + if (size == 0) diff --git a/poky/meta/recipes-devtools/patchelf/patchelf_0.12.bb b/poky/meta/recipes-devtools/patchelf/patchelf_0.12.bb index 95886c6d3a..7c97ea0789 100644 --- a/poky/meta/recipes-devtools/patchelf/patchelf_0.12.bb +++ b/poky/meta/recipes-devtools/patchelf/patchelf_0.12.bb @@ -6,6 +6,8 @@ LICENSE = "GPLv3" SRC_URI = "git://github.com/NixOS/patchelf;protocol=https \ file://handle-read-only-files.patch \ + file://6edec83653ce1b5fc201ff6db93b966394766814.patch \ + file://alignmentfix.patch \ " SRCREV = "8d3a16e97294e3c5521c61b4c8835499c9918264" diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index 17bd02c27c..4eab133128 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -6,7 +6,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \ file://fallback-group \ " -SRCREV = "60e25a36558f1f07dcce1a044fe976b475bec42b" +SRCREV = "ee24ebec9e5a11dd5208c9be2870f35eab3b9e20" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/poky/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch index 35b7e0c480..c3d1e06d00 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch @@ -23,24 +23,24 @@ Before this patch: Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132] + +Rebased for 3.9.4, still not accepted upstream Signed-off-by: Alejandro Hernandez <alejandro@enedino.org> + Signed-off-by: Mingli Yu <mingli.yu@windriver.com> --- Lib/test/test_locale.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py -index e2c2178..558d63c 100644 ---- a/Lib/test/test_locale.py -+++ b/Lib/test/test_locale.py -@@ -527,7 +527,7 @@ class TestMiscellaneous(unittest.TestCase): +Index: Python-3.9.4/Lib/test/test_locale.py +=================================================================== +--- Python-3.9.4.orig/Lib/test/test_locale.py ++++ Python-3.9.4/Lib/test/test_locale.py +@@ -562,7 +562,7 @@ class TestMiscellaneous(unittest.TestCas self.skipTest('test needs Turkish locale') loc = locale.getlocale(locale.LC_CTYPE) if verbose: - print('testing with %a' % (loc,), end=' ', flush=True) + print('testing with %a...' % (loc,), end=' ', flush=True) - locale.setlocale(locale.LC_CTYPE, loc) - self.assertEqual(loc, locale.getlocale(locale.LC_CTYPE)) - --- -2.7.4 - + try: + locale.setlocale(locale.LC_CTYPE, loc) + except locale.Error as exc: diff --git a/poky/meta/recipes-devtools/python/python3/create_manifest3.py b/poky/meta/recipes-devtools/python/python3/create_manifest3.py index 4da02a2991..045240ea0b 100644 --- a/poky/meta/recipes-devtools/python/python3/create_manifest3.py +++ b/poky/meta/recipes-devtools/python/python3/create_manifest3.py @@ -36,7 +36,7 @@ # Tha method to handle cached files does not work when a module includes a folder which # itself contains the pycache folder, gladly this is almost never the case. # -# Author: Alejandro Enedino Hernandez Samaniego "aehs29" <aehs29 at gmail dot com> +# Author: Alejandro Enedino Hernandez Samaniego <alejandro at enedino dot org> import sys @@ -45,6 +45,11 @@ import json import os import collections +if '-d' in sys.argv: + debugFlag = '-d' +else: + debugFlag = '' + # Get python version from ${PYTHON_MAJMIN} pyversion = str(sys.argv[1]) @@ -84,6 +89,12 @@ def prepend_comments(comments, json_manifest): manifest.seek(0, 0) manifest.write(comments + json_contents) +def print_indent(msg, offset): + for l in msg.splitlines(): + msg = ' ' * offset + l + print(msg) + + # Read existing JSON manifest with open('python3-manifest.json') as manifest: # The JSON format doesn't allow comments so we hack the call to keep the comments using a marker @@ -99,7 +110,7 @@ with open('python3-manifest.json') as manifest: # Not exactly the same so it should not be a function # -print ('Getting dependencies for package: core') +print_indent('Getting dependencies for package: core', 0) # This special call gets the core dependencies and @@ -109,7 +120,7 @@ print ('Getting dependencies for package: core') # on the new core package, they will still find them # even when checking the old_manifest -output = subprocess.check_output([sys.executable, 'get_module_deps3.py', 'python-core-package']).decode('utf8') +output = subprocess.check_output([sys.executable, 'get_module_deps3.py', 'python-core-package', '%s' % debugFlag]).decode('utf8') for coredep in output.split(): coredep = coredep.replace(pyversion,'${PYTHON_MAJMIN}') if isCached(coredep): @@ -149,17 +160,16 @@ for filedep in old_manifest['core']['files']: # Get actual module name , shouldnt be affected by libdir/bindir, etc. pymodule = os.path.splitext(os.path.basename(os.path.normpath(filedep)))[0] - # We now know that were dealing with a python module, so we can import it # and check what its dependencies are. # We launch a separate task for each module for deterministic behavior. # Each module will only import what is necessary for it to work in specific. # The output of each task will contain each module's dependencies - print ('Getting dependencies for module: %s' % pymodule) - output = subprocess.check_output([sys.executable, 'get_module_deps3.py', '%s' % pymodule]).decode('utf8') - print ('The following dependencies were found for module %s:\n' % pymodule) - print (output) + print_indent('Getting dependencies for module: %s' % pymodule, 2) + output = subprocess.check_output([sys.executable, 'get_module_deps3.py', '%s' % pymodule, '%s' % debugFlag]).decode('utf8') + print_indent('The following dependencies were found for module %s:\n' % pymodule, 4) + print_indent(output, 6) for pymodule_dep in output.split(): @@ -178,12 +188,13 @@ for filedep in old_manifest['core']['files']: # all others will use this a base. +print('\n\nChecking for directories...\n') # To improve the script speed, we check which packages contain directories # since we will be looping through (only) those later. for pypkg in old_manifest: for filedep in old_manifest[pypkg]['files']: if isFolder(filedep): - print ('%s is a folder' % filedep) + print_indent('%s is a directory' % filedep, 2) if pypkg not in hasfolders: hasfolders.append(pypkg) if filedep not in allfolders: @@ -221,14 +232,14 @@ for pypkg in old_manifest: print('\n') print('--------------------------') - print ('Handling package %s' % pypkg) + print('Handling package %s' % pypkg) print('--------------------------') # Handle special cases, we assume that when they were manually added # to the manifest we knew what we were doing. special_packages = ['misc', 'modules', 'dev', 'tests'] if pypkg in special_packages or 'staticdev' in pypkg: - print('Passing %s package directly' % pypkg) + print_indent('Passing %s package directly' % pypkg, 2) new_manifest[pypkg] = old_manifest[pypkg] continue @@ -259,7 +270,7 @@ for pypkg in old_manifest: # Get actual module name , shouldnt be affected by libdir/bindir, etc. # We need to check if the imported module comes from another (e.g. sqlite3.dump) - path,pymodule = os.path.split(filedep) + path, pymodule = os.path.split(filedep) path = os.path.basename(path) pymodule = os.path.splitext(os.path.basename(pymodule))[0] @@ -279,10 +290,10 @@ for pypkg in old_manifest: # Each module will only import what is necessary for it to work in specific. # The output of each task will contain each module's dependencies - print ('\nGetting dependencies for module: %s' % pymodule) - output = subprocess.check_output([sys.executable, 'get_module_deps3.py', '%s' % pymodule]).decode('utf8') - print ('The following dependencies were found for module %s:\n' % pymodule) - print (output) + print_indent('\nGetting dependencies for module: %s' % pymodule, 2) + output = subprocess.check_output([sys.executable, 'get_module_deps3.py', '%s' % pymodule, '%s' % debugFlag]).decode('utf8') + print_indent('The following dependencies were found for module %s:\n' % pymodule, 4) + print_indent(output, 6) reportFILES = [] reportRDEPS = [] @@ -325,7 +336,7 @@ for pypkg in old_manifest: # print('Checking folder %s on package %s' % (pymodule_dep,pypkg_with_folder)) for folder_dep in old_manifest[pypkg_with_folder]['files'] or folder_dep in old_manifest[pypkg_with_folder]['cached']: if folder_dep == folder: - print ('%s folder found in %s' % (folder, pypkg_with_folder)) + print ('%s directory found in %s' % (folder, pypkg_with_folder)) folderFound = True if pypkg_with_folder not in new_manifest[pypkg]['rdepends'] and pypkg_with_folder != pypkg: new_manifest[pypkg]['rdepends'].append(pypkg_with_folder) @@ -424,7 +435,7 @@ prepend_comments(comments,'python3-manifest.json.new') if (repeated): error_msg = '\n\nERROR:\n' - error_msg += 'The following files are repeated (contained in more than one package),\n' + error_msg += 'The following files were found in more than one package),\n' error_msg += 'this is likely to happen when new files are introduced after an upgrade,\n' error_msg += 'please check which package should get it,\n modify the manifest accordingly and re-run the create_manifest task:\n' error_msg += '\n'.join(repeated) diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py index 6806f23172..1f4c982aed 100644 --- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py +++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py @@ -3,14 +3,18 @@ # them out, the output of this execution will have all dependencies # for a specific module, which will be parsed an dealt on create_manifest.py # -# Author: Alejandro Enedino Hernandez Samaniego "aehs29" <aehs29@gmail.com> +# Author: Alejandro Enedino Hernandez Samaniego <alejandro at enedino dot org> -# We can get a log per module, for all the dependencies that were found, but its messy. -debug=False import sys import os +# We can get a log per module, for all the dependencies that were found, but its messy. +if '-d' in sys.argv: + debug = True +else: + debug = False + # We can get a list of the modules which are currently required to run python # so we run python-core and get its modules, we then import what we need # and check what modules are currently running, if we substract them from the @@ -19,13 +23,13 @@ import os # We use importlib to achieve this, so we also need to know what modules importlib needs import importlib -core_deps=set(sys.modules) +core_deps = set(sys.modules) def fix_path(dep_path): import os # We DONT want the path on our HOST system - pivot='recipe-sysroot-native' - dep_path=dep_path[dep_path.find(pivot)+len(pivot):] + pivot = 'recipe-sysroot-native' + dep_path = dep_path[dep_path.find(pivot)+len(pivot):] if '/usr/bin' in dep_path: dep_path = dep_path.replace('/usr/bin''${bindir}') @@ -46,8 +50,8 @@ def fix_path(dep_path): # Module to import was passed as an argument current_module = str(sys.argv[1]).rstrip() -if(debug==True): - log = open('log_%s' % current_module,'w') +if debug == True: + log = open('temp/log_%s' % current_module.strip('.*'),'w') log.write('Module %s generated the following dependencies:\n' % current_module) try: m = importlib.import_module(current_module) @@ -63,13 +67,13 @@ try: except: pass # ignore all import or other exceptions raised during import except ImportError as e: - if (debug==True): - log.write('Module was not found') + if debug == True: + log.write('Module was not found\n') pass # Get current module dependencies, dif will contain a list of specific deps for this module -module_deps=set(sys.modules) +module_deps = set(sys.modules) # We handle the core package (1st pass on create_manifest.py) as a special case if current_module == 'python-core-package': @@ -81,14 +85,18 @@ else: # Check where each dependency came from for item in dif: - dep_path='' + # Main module returns script filename, __main matches mp_main__ as well + if 'main__' in item: + continue + + dep_path = '' try: - if (debug==True): - log.write('Calling: sys.modules[' + '%s' % item + '].__file__\n') + if debug == True: + log.write('\nCalling: sys.modules[' + '%s' % item + '].__file__\n') dep_path = sys.modules['%s' % item].__file__ except AttributeError as e: # Deals with thread (builtin module) not having __file__ attribute - if debug==True: + if debug == True: log.write(item + ' ') log.write(str(e)) log.write('\n') @@ -96,11 +104,16 @@ for item in dif: except NameError as e: # Deals with NameError: name 'dep_path' is not defined # because module is not found (wasn't compiled?), e.g. bddsm - if (debug==True): + if debug == True: log.write(item+' ') log.write(str(e)) pass + if dep_path == '': + continue + if debug == True: + log.write('Dependency path found:\n%s\n' % dep_path) + # Site-customize is a special case since we (OpenEmbedded) put it there manually if 'sitecustomize' in dep_path: dep_path = '${libdir}/python${PYTHON_MAJMIN}/sitecustomize.py' @@ -111,52 +124,51 @@ for item in dif: dep_path = fix_path(dep_path) import sysconfig - soabi=sysconfig.get_config_var('SOABI') + soabi = sysconfig.get_config_var('SOABI') # Check if its a shared library and deconstruct it if soabi in dep_path: - if (debug==True): - log.write('Shared library found in %s' % dep_path) + if debug == True: + log.write('Shared library found in %s\n' % dep_path) dep_path = dep_path.replace(soabi,'*') print (dep_path) continue if "_sysconfigdata" in dep_path: dep_path = dep_path.replace(sysconfig._get_sysconfigdata_name(), "_sysconfigdata*") - if (debug==True): + if debug == True: log.write(dep_path+'\n') # Prints out result, which is what will be used by create_manifest print (dep_path) - import imp - cpython_tag = imp.get_tag() - cached='' + cpython_tag = sys.implementation.cache_tag + cached = '' # Theres no naive way to find *.pyc files on python3 try: - if (debug==True): - log.write('Calling: sys.modules[' + '%s' % item + '].__cached__\n') + if debug == True: + log.write('\nCalling: sys.modules[' + '%s' % item + '].__cached__\n') cached = sys.modules['%s' % item].__cached__ except AttributeError as e: # Deals with thread (builtin module) not having __cached__ attribute - if debug==True: + if debug == True: log.write(item + ' ') log.write(str(e)) log.write('\n') pass except NameError as e: # Deals with NameError: name 'cached' is not defined - if (debug==True): + if debug == True: log.write(item+' ') log.write(str(e)) pass if cached is not None: - if (debug==True): - log.write(cached) + if debug == True: + log.write(cached + '\n') cached = fix_path(cached) cached = cached.replace(cpython_tag,'*') if "_sysconfigdata" in cached: cached = cached.replace(sysconfig._get_sysconfigdata_name(), "_sysconfigdata*") print (cached) -if debug==True: +if debug == True: log.close() diff --git a/poky/meta/recipes-devtools/python/python3_3.9.2.bb b/poky/meta/recipes-devtools/python/python3_3.9.4.bb index fd1172335a..cb371ceed7 100644 --- a/poky/meta/recipes-devtools/python/python3_3.9.2.bb +++ b/poky/meta/recipes-devtools/python/python3_3.9.4.bb @@ -38,7 +38,7 @@ SRC_URI_append_class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d" +SRC_URI[sha256sum] = "4b0e6644a76f8df864ae24ac500a51bbf68bd098f6a173e27d3b61cdca9aa134" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" @@ -69,7 +69,7 @@ ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" -DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2" +DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive-native" DEPENDS_append_class-target = " python3-native" DEPENDS_append_class-nativesdk = " python3-native" diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index a625809597..8b8cecd7a0 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -31,6 +31,32 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://determinism.patch \ file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \ file://CVE-2021-20203.patch \ + file://CVE-2020-35517_1.patch \ + file://CVE-2020-35517_2.patch \ + file://CVE-2020-35517_3.patch \ + file://CVE-2021-20181.patch \ + file://CVE-2020-29443.patch \ + file://CVE-2021-20221.patch \ + file://CVE-2021-3409_1.patch \ + file://CVE-2021-3409_2.patch \ + file://CVE-2021-3409_3.patch \ + file://CVE-2021-3409_4.patch \ + file://CVE-2021-3409_5.patch \ + file://CVE-2021-3409_6.patch \ + file://CVE-2021-3416_1.patch \ + file://CVE-2021-3416_2.patch \ + file://CVE-2021-3416_3.patch \ + file://CVE-2021-3416_4.patch \ + file://CVE-2021-3416_5.patch \ + file://CVE-2021-3416_6.patch \ + file://CVE-2021-3416_7.patch \ + file://CVE-2021-3416_8.patch \ + file://CVE-2021-3416_9.patch \ + file://CVE-2021-3416_10.patch \ + file://CVE-2021-20257.patch \ + file://CVE-2020-27821.patch \ + file://CVE-2021-20263.patch \ + file://CVE-2021-3392.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch new file mode 100644 index 0000000000..58622f0487 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch @@ -0,0 +1,143 @@ +From 279f90a9ab07304f0a49fc10e4bfd1243a8cddbe Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 1 Dec 2020 09:29:56 -0500 +Subject: [PATCH 1/2] memory: clamp cached translation in case it points to an + MMIO region + +In using the address_space_translate_internal API, address_space_cache_init +forgot one piece of advice that can be found in the code for +address_space_translate_internal: + + /* MMIO registers can be expected to perform full-width accesses based only + * on their address, without considering adjacent registers that could + * decode to completely different MemoryRegions. When such registers + * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO + * regions overlap wildly. For this reason we cannot clamp the accesses + * here. + * + * If the length is small (as is the case for address_space_ldl/stl), + * everything works fine. If the incoming length is large, however, + * the caller really has to do the clamping through memory_access_size. + */ + +address_space_cache_init is exactly one such case where "the incoming length +is large", therefore we need to clamp the resulting length---not to +memory_access_size though, since we are not doing an access yet, but to +the size of the resulting section. This ensures that subsequent accesses +to the cached MemoryRegionSection will be in range. + +With this patch, the enclosed testcase notices that the used ring does +not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" +error. + +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + +Upstream-Status: Backport [4bfb024bc76973d40a359476dc0291f46e435442] +CVE: CVE-2020-27821 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + softmmu/physmem.c | 10 ++++++++ + tests/qtest/fuzz-test.c | 51 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+) + +diff --git a/softmmu/physmem.c b/softmmu/physmem.c +index 3027747c0..2cd1de4a2 100644 +--- a/softmmu/physmem.c ++++ b/softmmu/physmem.c +@@ -3255,6 +3255,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + AddressSpaceDispatch *d; + hwaddr l; + MemoryRegion *mr; ++ Int128 diff; + + assert(len > 0); + +@@ -3263,6 +3264,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + d = flatview_to_dispatch(cache->fv); + cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true); + ++ /* ++ * cache->xlat is now relative to cache->mrs.mr, not to the section itself. ++ * Take that into account to compute how many bytes are there between ++ * cache->xlat and the end of the section. ++ */ ++ diff = int128_sub(cache->mrs.size, ++ int128_make64(cache->xlat - cache->mrs.offset_within_region)); ++ l = int128_get64(int128_min(diff, int128_make64(l))); ++ + mr = cache->mrs.mr; + memory_region_ref(mr); + if (memory_access_is_direct(mr, is_write)) { +diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c +index 9cb4c42bd..28739248e 100644 +--- a/tests/qtest/fuzz-test.c ++++ b/tests/qtest/fuzz-test.c +@@ -47,6 +47,55 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) + qtest_outl(s, 0x5d02, 0xebed205d); + } + ++/* ++ * Here a MemoryRegionCache pointed to an MMIO region but had a ++ * larger size than the underlying region. ++ */ ++static void test_mmio_oob_from_memory_region_cache(void) ++{ ++ QTestState *s; ++ ++ s = qtest_init("-M pc-q35-5.2 -display none -m 512M " ++ "-device virtio-scsi,num_queues=8,addr=03.0 "); ++ ++ qtest_outl(s, 0xcf8, 0x80001811); ++ qtest_outb(s, 0xcfc, 0x6e); ++ qtest_outl(s, 0xcf8, 0x80001824); ++ qtest_outl(s, 0xcf8, 0x80001813); ++ qtest_outl(s, 0xcfc, 0xa080000); ++ qtest_outl(s, 0xcf8, 0x80001802); ++ qtest_outl(s, 0xcfc, 0x5a175a63); ++ qtest_outb(s, 0x6e08, 0x9e); ++ qtest_writeb(s, 0x9f003, 0xff); ++ qtest_writeb(s, 0x9f004, 0x01); ++ qtest_writeb(s, 0x9e012, 0x0e); ++ qtest_writeb(s, 0x9e01b, 0x0e); ++ qtest_writeb(s, 0x9f006, 0x01); ++ qtest_writeb(s, 0x9f008, 0x01); ++ qtest_writeb(s, 0x9f00a, 0x01); ++ qtest_writeb(s, 0x9f00c, 0x01); ++ qtest_writeb(s, 0x9f00e, 0x01); ++ qtest_writeb(s, 0x9f010, 0x01); ++ qtest_writeb(s, 0x9f012, 0x01); ++ qtest_writeb(s, 0x9f014, 0x01); ++ qtest_writeb(s, 0x9f016, 0x01); ++ qtest_writeb(s, 0x9f018, 0x01); ++ qtest_writeb(s, 0x9f01a, 0x01); ++ qtest_writeb(s, 0x9f01c, 0x01); ++ qtest_writeb(s, 0x9f01e, 0x01); ++ qtest_writeb(s, 0x9f020, 0x01); ++ qtest_writeb(s, 0x9f022, 0x01); ++ qtest_writeb(s, 0x9f024, 0x01); ++ qtest_writeb(s, 0x9f026, 0x01); ++ qtest_writeb(s, 0x9f028, 0x01); ++ qtest_writeb(s, 0x9f02a, 0x01); ++ qtest_writeb(s, 0x9f02c, 0x01); ++ qtest_writeb(s, 0x9f02e, 0x01); ++ qtest_writeb(s, 0x9f030, 0x01); ++ qtest_outb(s, 0x6e10, 0x00); ++ qtest_quit(s); ++} ++ + int main(int argc, char **argv) + { + const char *arch = qtest_get_arch(); +@@ -58,6 +107,8 @@ int main(int argc, char **argv) + test_lp1878263_megasas_zero_iov_cnt); + qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", + test_lp1878642_pci_bus_get_irq_level_assert); ++ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", ++ test_mmio_oob_from_memory_region_cache); + } + + return g_test_run(); +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch new file mode 100644 index 0000000000..c72324fce6 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch @@ -0,0 +1,107 @@ +From c9a71afe182be5b62bd2ccdaf861695e0ec0731a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Mon, 18 Jan 2021 17:21:30 +0530 +Subject: [PATCH] ide: atapi: check logical block address and read size + (CVE-2020-29443) + +While processing ATAPI cmd_read/cmd_read_cd commands, +Logical Block Address (LBA) maybe invalid OR closer to the last block, +leading to an OOB access issues. Add range check to avoid it. + +Fixes: CVE-2020-29443 +Reported-by: Wenxiang Qian <leonwxqian@gmail.com> +Suggested-by: Paolo Bonzini <pbonzini@redhat.com> +Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-Id: <20210118115130.457044-1-ppandit@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + +Upstream-Status: Backport [b8d7f1bc59276fec85e4d09f1567613a3e14d31e] +CVE: CVE-2020-29443 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/ide/atapi.c | 30 ++++++++++++++++++++++++------ + 1 file changed, 24 insertions(+), 6 deletions(-) + +diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c +index e79157863..b626199e3 100644 +--- a/hw/ide/atapi.c ++++ b/hw/ide/atapi.c +@@ -322,6 +322,8 @@ static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size) + static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors, + int sector_size) + { ++ assert(0 <= lba && lba < (s->nb_sectors >> 2)); ++ + s->lba = lba; + s->packet_transfer_size = nb_sectors * sector_size; + s->elementary_transfer_size = 0; +@@ -420,6 +422,8 @@ eot: + static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors, + int sector_size) + { ++ assert(0 <= lba && lba < (s->nb_sectors >> 2)); ++ + s->lba = lba; + s->packet_transfer_size = nb_sectors * sector_size; + s->io_buffer_size = 0; +@@ -973,35 +977,49 @@ static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf) + + static void cmd_read(IDEState *s, uint8_t* buf) + { +- int nb_sectors, lba; ++ unsigned int nb_sectors, lba; ++ ++ /* Total logical sectors of ATAPI_SECTOR_SIZE(=2048) bytes */ ++ uint64_t total_sectors = s->nb_sectors >> 2; + + if (buf[0] == GPCMD_READ_10) { + nb_sectors = lduw_be_p(buf + 7); + } else { + nb_sectors = ldl_be_p(buf + 6); + } +- +- lba = ldl_be_p(buf + 2); + if (nb_sectors == 0) { + ide_atapi_cmd_ok(s); + return; + } + ++ lba = ldl_be_p(buf + 2); ++ if (lba >= total_sectors || lba + nb_sectors - 1 >= total_sectors) { ++ ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); ++ return; ++ } ++ + ide_atapi_cmd_read(s, lba, nb_sectors, 2048); + } + + static void cmd_read_cd(IDEState *s, uint8_t* buf) + { +- int nb_sectors, lba, transfer_request; ++ unsigned int nb_sectors, lba, transfer_request; + +- nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; +- lba = ldl_be_p(buf + 2); ++ /* Total logical sectors of ATAPI_SECTOR_SIZE(=2048) bytes */ ++ uint64_t total_sectors = s->nb_sectors >> 2; + ++ nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; + if (nb_sectors == 0) { + ide_atapi_cmd_ok(s); + return; + } + ++ lba = ldl_be_p(buf + 2); ++ if (lba >= total_sectors || lba + nb_sectors - 1 >= total_sectors) { ++ ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); ++ return; ++ } ++ + transfer_request = buf[9] & 0xf8; + if (transfer_request == 0x00) { + /* nothing */ +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch new file mode 100644 index 0000000000..73a4cb2064 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch @@ -0,0 +1,153 @@ +From 8afaaee976965b7fb90ec225a51d60f35c5f173c Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi <stefanha@redhat.com> +Date: Thu, 4 Feb 2021 15:02:06 +0000 +Subject: [PATCH] virtiofsd: extract lo_do_open() from lo_open() + +Both lo_open() and lo_create() have similar code to open a file. Extract +a common lo_do_open() function from lo_open() that will be used by +lo_create() in a later commit. + +Since lo_do_open() does not otherwise need fuse_req_t req, convert +lo_add_fd_mapping() to use struct lo_data *lo instead. + +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> +Message-Id: <20210204150208.367837-2-stefanha@redhat.com> +Reviewed-by: Greg Kurz <groug@kaod.org> +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> + +Upstream-Status: Backport +[https://github.com/qemu/qemu/commit/8afaaee976965b7fb90ec225a51d60f35c5f173c] + +CVE: CVE-2020-35517 + +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + tools/virtiofsd/passthrough_ll.c | 73 +++++++++++++++++++++++++--------------- + 1 file changed, 46 insertions(+), 27 deletions(-) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index 5fb36d9..f14fa51 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -459,17 +459,17 @@ static void lo_map_remove(struct lo_map *map, size_t key) + } + + /* Assumes lo->mutex is held */ +-static ssize_t lo_add_fd_mapping(fuse_req_t req, int fd) ++static ssize_t lo_add_fd_mapping(struct lo_data *lo, int fd) + { + struct lo_map_elem *elem; + +- elem = lo_map_alloc_elem(&lo_data(req)->fd_map); ++ elem = lo_map_alloc_elem(&lo->fd_map); + if (!elem) { + return -1; + } + + elem->fd = fd; +- return elem - lo_data(req)->fd_map.elems; ++ return elem - lo->fd_map.elems; + } + + /* Assumes lo->mutex is held */ +@@ -1651,6 +1651,38 @@ static void update_open_flags(int writeback, int allow_direct_io, + } + } + ++static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, ++ struct fuse_file_info *fi) ++{ ++ char buf[64]; ++ ssize_t fh; ++ int fd; ++ ++ update_open_flags(lo->writeback, lo->allow_direct_io, fi); ++ ++ sprintf(buf, "%i", inode->fd); ++ fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); ++ if (fd == -1) { ++ return errno; ++ } ++ ++ pthread_mutex_lock(&lo->mutex); ++ fh = lo_add_fd_mapping(lo, fd); ++ pthread_mutex_unlock(&lo->mutex); ++ if (fh == -1) { ++ close(fd); ++ return ENOMEM; ++ } ++ ++ fi->fh = fh; ++ if (lo->cache == CACHE_NONE) { ++ fi->direct_io = 1; ++ } else if (lo->cache == CACHE_ALWAYS) { ++ fi->keep_cache = 1; ++ } ++ return 0; ++} ++ + static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, + mode_t mode, struct fuse_file_info *fi) + { +@@ -1691,7 +1723,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, + ssize_t fh; + + pthread_mutex_lock(&lo->mutex); +- fh = lo_add_fd_mapping(req, fd); ++ fh = lo_add_fd_mapping(lo, fd); + pthread_mutex_unlock(&lo->mutex); + if (fh == -1) { + close(fd); +@@ -1892,38 +1924,25 @@ static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync, + + static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) + { +- int fd; +- ssize_t fh; +- char buf[64]; + struct lo_data *lo = lo_data(req); ++ struct lo_inode *inode = lo_inode(req, ino); ++ int err; + + fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino, + fi->flags); + +- update_open_flags(lo->writeback, lo->allow_direct_io, fi); +- +- sprintf(buf, "%i", lo_fd(req, ino)); +- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); +- if (fd == -1) { +- return (void)fuse_reply_err(req, errno); +- } +- +- pthread_mutex_lock(&lo->mutex); +- fh = lo_add_fd_mapping(req, fd); +- pthread_mutex_unlock(&lo->mutex); +- if (fh == -1) { +- close(fd); +- fuse_reply_err(req, ENOMEM); ++ if (!inode) { ++ fuse_reply_err(req, EBADF); + return; + } + +- fi->fh = fh; +- if (lo->cache == CACHE_NONE) { +- fi->direct_io = 1; +- } else if (lo->cache == CACHE_ALWAYS) { +- fi->keep_cache = 1; ++ err = lo_do_open(lo, inode, fi); ++ lo_inode_put(lo, &inode); ++ if (err) { ++ fuse_reply_err(req, err); ++ } else { ++ fuse_reply_open(req, fi); + } +- fuse_reply_open(req, fi); + } + + static void lo_release(fuse_req_t req, fuse_ino_t ino, +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch new file mode 100644 index 0000000000..bf11bdb6f8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch @@ -0,0 +1,117 @@ +From 22d2ece71e533310da31f2857ebc4a00d91968b3 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi <stefanha@redhat.com> +Date: Thu, 4 Feb 2021 15:02:07 +0000 +Subject: [PATCH] virtiofsd: optionally return inode pointer from + lo_do_lookup() + +lo_do_lookup() finds an existing inode or allocates a new one. It +increments nlookup so that the inode stays alive until the client +releases it. + +Existing callers don't need the struct lo_inode so the function doesn't +return it. Extend the function to optionally return the inode. The next +commit will need it. + +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> +Reviewed-by: Greg Kurz <groug@kaod.org> +Message-Id: <20210204150208.367837-3-stefanha@redhat.com> +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> + +Upstream-Status: Backport +[https://github.com/qemu/qemu/commit/22d2ece71e533310da31f2857ebc4a00d91968b3] + +CVE: CVE-2020-35517 + +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + tools/virtiofsd/passthrough_ll.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index f14fa51..aa35fc6 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -831,11 +831,13 @@ static int do_statx(struct lo_data *lo, int dirfd, const char *pathname, + } + + /* +- * Increments nlookup and caller must release refcount using +- * lo_inode_put(&parent). ++ * Increments nlookup on the inode on success. unref_inode_lolocked() must be ++ * called eventually to decrement nlookup again. If inodep is non-NULL, the ++ * inode pointer is stored and the caller must call lo_inode_put(). + */ + static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, +- struct fuse_entry_param *e) ++ struct fuse_entry_param *e, ++ struct lo_inode **inodep) + { + int newfd; + int res; +@@ -845,6 +847,10 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, + struct lo_inode *inode = NULL; + struct lo_inode *dir = lo_inode(req, parent); + ++ if (inodep) { ++ *inodep = NULL; ++ } ++ + /* + * name_to_handle_at() and open_by_handle_at() can reach here with fuse + * mount point in guest, but we don't have its inode info in the +@@ -913,7 +919,14 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, + pthread_mutex_unlock(&lo->mutex); + } + e->ino = inode->fuse_ino; +- lo_inode_put(lo, &inode); ++ ++ /* Transfer ownership of inode pointer to caller or drop it */ ++ if (inodep) { ++ *inodep = inode; ++ } else { ++ lo_inode_put(lo, &inode); ++ } ++ + lo_inode_put(lo, &dir); + + fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n", (unsigned long long)parent, +@@ -948,7 +961,7 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) + return; + } + +- err = lo_do_lookup(req, parent, name, &e); ++ err = lo_do_lookup(req, parent, name, &e, NULL); + if (err) { + fuse_reply_err(req, err); + } else { +@@ -1056,7 +1069,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent, + goto out; + } + +- saverr = lo_do_lookup(req, parent, name, &e); ++ saverr = lo_do_lookup(req, parent, name, &e, NULL); + if (saverr) { + goto out; + } +@@ -1534,7 +1547,7 @@ static void lo_do_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, + + if (plus) { + if (!is_dot_or_dotdot(name)) { +- err = lo_do_lookup(req, ino, name, &e); ++ err = lo_do_lookup(req, ino, name, &e, NULL); + if (err) { + goto error; + } +@@ -1732,7 +1745,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, + } + + fi->fh = fh; +- err = lo_do_lookup(req, parent, name, &e); ++ err = lo_do_lookup(req, parent, name, &e, NULL); + } + if (lo->cache == CACHE_NONE) { + fi->direct_io = 1; +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch new file mode 100644 index 0000000000..f348f3f2bd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch @@ -0,0 +1,303 @@ +From a3fdbbc7f271bff7d53d0501b29d910ece0b3789 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi <stefanha@redhat.com> +Date: Thu, 4 Feb 2021 15:02:08 +0000 +Subject: [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517) + +A well-behaved FUSE client does not attempt to open special files with +FUSE_OPEN because they are handled on the client side (e.g. device nodes +are handled by client-side device drivers). + +The check to prevent virtiofsd from opening special files is missing in +a few cases, most notably FUSE_OPEN. A malicious client can cause +virtiofsd to open a device node, potentially allowing the guest to +escape. This can be exploited by a modified guest device driver. It is +not exploitable from guest userspace since the guest kernel will handle +special files inside the guest instead of sending FUSE requests. + +This patch fixes this issue by introducing the lo_inode_open() function +to check the file type before opening it. This is a short-term solution +because it does not prevent a compromised virtiofsd process from opening +device nodes on the host. + +Restructure lo_create() to try O_CREAT | O_EXCL first. Note that O_CREAT +| O_EXCL does not follow symlinks, so O_NOFOLLOW masking is not +necessary here. If the file exists and the user did not specify O_EXCL, +open it via lo_do_open(). + +Reported-by: Alex Xu <alex@alxu.ca> +Fixes: CVE-2020-35517 +Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Reviewed-by: Vivek Goyal <vgoyal@redhat.com> +Reviewed-by: Greg Kurz <groug@kaod.org> +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> +Message-Id: <20210204150208.367837-4-stefanha@redhat.com> +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> + +Upstream-Status: Backport +[https://github.com/qemu/qemu/commit/a3fdbbc7f271bff7d53d0501b29d910ece0b3789] + +CVE: CVE-2020-35517 + +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + tools/virtiofsd/passthrough_ll.c | 144 ++++++++++++++++++++----------- + 1 file changed, 92 insertions(+), 52 deletions(-) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index aa35fc6ba5a5..147b59338a18 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -555,6 +555,38 @@ static int lo_fd(fuse_req_t req, fuse_ino_t ino) + return fd; + } + ++/* ++ * Open a file descriptor for an inode. Returns -EBADF if the inode is not a ++ * regular file or a directory. ++ * ++ * Use this helper function instead of raw openat(2) to prevent security issues ++ * when a malicious client opens special files such as block device nodes. ++ * Symlink inodes are also rejected since symlinks must already have been ++ * traversed on the client side. ++ */ ++static int lo_inode_open(struct lo_data *lo, struct lo_inode *inode, ++ int open_flags) ++{ ++ g_autofree char *fd_str = g_strdup_printf("%d", inode->fd); ++ int fd; ++ ++ if (!S_ISREG(inode->filetype) && !S_ISDIR(inode->filetype)) { ++ return -EBADF; ++ } ++ ++ /* ++ * The file is a symlink so O_NOFOLLOW must be ignored. We checked earlier ++ * that the inode is not a special file but if an external process races ++ * with us then symlinks are traversed here. It is not possible to escape ++ * the shared directory since it is mounted as "/" though. ++ */ ++ fd = openat(lo->proc_self_fd, fd_str, open_flags & ~O_NOFOLLOW); ++ if (fd < 0) { ++ return -errno; ++ } ++ return fd; ++} ++ + static void lo_init(void *userdata, struct fuse_conn_info *conn) + { + struct lo_data *lo = (struct lo_data *)userdata; +@@ -684,9 +716,9 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, + if (fi) { + truncfd = fd; + } else { +- sprintf(procname, "%i", ifd); +- truncfd = openat(lo->proc_self_fd, procname, O_RDWR); ++ truncfd = lo_inode_open(lo, inode, O_RDWR); + if (truncfd < 0) { ++ errno = -truncfd; + goto out_err; + } + } +@@ -848,7 +880,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, + struct lo_inode *dir = lo_inode(req, parent); + + if (inodep) { +- *inodep = NULL; ++ *inodep = NULL; /* in case there is an error */ + } + + /* +@@ -1664,19 +1696,26 @@ static void update_open_flags(int writeback, int allow_direct_io, + } + } + ++/* ++ * Open a regular file, set up an fd mapping, and fill out the struct ++ * fuse_file_info for it. If existing_fd is not negative, use that fd instead ++ * opening a new one. Takes ownership of existing_fd. ++ * ++ * Returns 0 on success or a positive errno. ++ */ + static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, +- struct fuse_file_info *fi) ++ int existing_fd, struct fuse_file_info *fi) + { +- char buf[64]; + ssize_t fh; +- int fd; ++ int fd = existing_fd; + + update_open_flags(lo->writeback, lo->allow_direct_io, fi); + +- sprintf(buf, "%i", inode->fd); +- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); +- if (fd == -1) { +- return errno; ++ if (fd < 0) { ++ fd = lo_inode_open(lo, inode, fi->flags); ++ if (fd < 0) { ++ return -fd; ++ } + } + + pthread_mutex_lock(&lo->mutex); +@@ -1699,9 +1738,10 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, + static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, + mode_t mode, struct fuse_file_info *fi) + { +- int fd; ++ int fd = -1; + struct lo_data *lo = lo_data(req); + struct lo_inode *parent_inode; ++ struct lo_inode *inode = NULL; + struct fuse_entry_param e; + int err; + struct lo_cred old = {}; +@@ -1727,36 +1767,38 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, + + update_open_flags(lo->writeback, lo->allow_direct_io, fi); + +- fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW, +- mode); ++ /* Try to create a new file but don't open existing files */ ++ fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode); + err = fd == -1 ? errno : 0; +- lo_restore_cred(&old); + +- if (!err) { +- ssize_t fh; ++ lo_restore_cred(&old); + +- pthread_mutex_lock(&lo->mutex); +- fh = lo_add_fd_mapping(lo, fd); +- pthread_mutex_unlock(&lo->mutex); +- if (fh == -1) { +- close(fd); +- err = ENOMEM; +- goto out; +- } ++ /* Ignore the error if file exists and O_EXCL was not given */ ++ if (err && (err != EEXIST || (fi->flags & O_EXCL))) { ++ goto out; ++ } + +- fi->fh = fh; +- err = lo_do_lookup(req, parent, name, &e, NULL); ++ err = lo_do_lookup(req, parent, name, &e, &inode); ++ if (err) { ++ goto out; + } +- if (lo->cache == CACHE_NONE) { +- fi->direct_io = 1; +- } else if (lo->cache == CACHE_ALWAYS) { +- fi->keep_cache = 1; ++ ++ err = lo_do_open(lo, inode, fd, fi); ++ fd = -1; /* lo_do_open() takes ownership of fd */ ++ if (err) { ++ /* Undo lo_do_lookup() nlookup ref */ ++ unref_inode_lolocked(lo, inode, 1); + } + + out: ++ lo_inode_put(lo, &inode); + lo_inode_put(lo, &parent_inode); + + if (err) { ++ if (fd >= 0) { ++ close(fd); ++ } ++ + fuse_reply_err(req, err); + } else { + fuse_reply_create(req, &e, fi); +@@ -1770,7 +1812,6 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, + pid_t pid, int *err) + { + struct lo_inode_plock *plock; +- char procname[64]; + int fd; + + plock = +@@ -1787,12 +1828,10 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, + } + + /* Open another instance of file which can be used for ofd locks. */ +- sprintf(procname, "%i", inode->fd); +- + /* TODO: What if file is not writable? */ +- fd = openat(lo->proc_self_fd, procname, O_RDWR); +- if (fd == -1) { +- *err = errno; ++ fd = lo_inode_open(lo, inode, O_RDWR); ++ if (fd < 0) { ++ *err = -fd; + free(plock); + return NULL; + } +@@ -1949,7 +1988,7 @@ static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) + return; + } + +- err = lo_do_open(lo, inode, fi); ++ err = lo_do_open(lo, inode, -1, fi); + lo_inode_put(lo, &inode); + if (err) { + fuse_reply_err(req, err); +@@ -2014,39 +2053,40 @@ static void lo_flush(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) + static void lo_fsync(fuse_req_t req, fuse_ino_t ino, int datasync, + struct fuse_file_info *fi) + { ++ struct lo_inode *inode = lo_inode(req, ino); ++ struct lo_data *lo = lo_data(req); + int res; + int fd; +- char *buf; + + fuse_log(FUSE_LOG_DEBUG, "lo_fsync(ino=%" PRIu64 ", fi=0x%p)\n", ino, + (void *)fi); + +- if (!fi) { +- struct lo_data *lo = lo_data(req); +- +- res = asprintf(&buf, "%i", lo_fd(req, ino)); +- if (res == -1) { +- return (void)fuse_reply_err(req, errno); +- } ++ if (!inode) { ++ fuse_reply_err(req, EBADF); ++ return; ++ } + +- fd = openat(lo->proc_self_fd, buf, O_RDWR); +- free(buf); +- if (fd == -1) { +- return (void)fuse_reply_err(req, errno); ++ if (!fi) { ++ fd = lo_inode_open(lo, inode, O_RDWR); ++ if (fd < 0) { ++ res = -fd; ++ goto out; + } + } else { + fd = lo_fi_fd(req, fi); + } + + if (datasync) { +- res = fdatasync(fd); ++ res = fdatasync(fd) == -1 ? errno : 0; + } else { +- res = fsync(fd); ++ res = fsync(fd) == -1 ? errno : 0; + } + if (!fi) { + close(fd); + } +- fuse_reply_err(req, res == -1 ? errno : 0); ++out: ++ lo_inode_put(lo, &inode); ++ fuse_reply_err(req, res); + } + + static void lo_read(fuse_req_t req, fuse_ino_t ino, size_t size, off_t offset, diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch new file mode 100644 index 0000000000..1b8c77f838 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch @@ -0,0 +1,81 @@ +From c2d2d14e8deece958bbc4fc649d22c3564bc4e7e Mon Sep 17 00:00:00 2001 +From: Greg Kurz <groug@kaod.org> +Date: Thu, 14 Jan 2021 17:04:12 +0100 +Subject: [PATCH] 9pfs: Fully restart unreclaim loop (CVE-2021-20181) + +Depending on the client activity, the server can be asked to open a huge +number of file descriptors and eventually hit RLIMIT_NOFILE. This is +currently mitigated using a reclaim logic : the server closes the file +descriptors of idle fids, based on the assumption that it will be able +to re-open them later. This assumption doesn't hold of course if the +client requests the file to be unlinked. In this case, we loop on the +entire fid list and mark all related fids as unreclaimable (the reclaim +logic will just ignore them) and, of course, we open or re-open their +file descriptors if needed since we're about to unlink the file. + +This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual +opening of a file can cause the coroutine to yield, another client +request could possibly add a new fid that we may want to mark as +non-reclaimable as well. The loop is thus restarted if the re-open +request was actually transmitted to the backend. This is achieved +by keeping a reference on the first fid (head) before traversing +the list. + +This is wrong in several ways: +- a potential clunk request from the client could tear the first + fid down and cause the reference to be stale. This leads to a + use-after-free error that can be detected with ASAN, using a + custom 9p client +- fids are added at the head of the list : restarting from the + previous head will always miss fids added by a some other + potential request + +All these problems could be avoided if fids were being added at the +end of the list. This can be achieved with a QSIMPLEQ, but this is +probably too much change for a bug fix. For now let's keep it +simple and just restart the loop from the current head. + +Fixes: CVE-2021-20181 +Buglink: https://bugs.launchpad.net/qemu/+bug/1911666 +Reported-by: Zero Day Initiative <zdi-disclosures@trendmicro.com> +Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan> +Signed-off-by: Greg Kurz <groug@kaod.org> + +Upstream-Status: Backport [89fbea8737e8f7b954745a1ffc4238d377055305] +CVE: CVE-2021-20181 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/9pfs/9p.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 94df440fc..6026b51a1 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -502,9 +502,9 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) + { + int err; + V9fsState *s = pdu->s; +- V9fsFidState *fidp, head_fid; ++ V9fsFidState *fidp; + +- head_fid.next = s->fid_list; ++again: + for (fidp = s->fid_list; fidp; fidp = fidp->next) { + if (fidp->path.size != path->size) { + continue; +@@ -524,7 +524,7 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) + * switched to the worker thread + */ + if (err == 0) { +- fidp = &head_fid; ++ goto again; + } + } + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch new file mode 100644 index 0000000000..d762a51d02 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch @@ -0,0 +1,70 @@ +From e428bcfb86fb46d9773ae11e69712052dcff3d45 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> +Date: Sun, 31 Jan 2021 11:34:01 +0100 +Subject: [PATCH] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per the ARM Generic Interrupt Controller Architecture specification +(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, +not 10: + + - 4.3 Distributor register descriptions + - 4.3.15 Software Generated Interrupt Register, GICD_SG + + - Table 4-21 GICD_SGIR bit assignments + + The Interrupt ID of the SGI to forward to the specified CPU + interfaces. The value of this field is the Interrupt ID, in + the range 0-15, for example a value of 0b0011 specifies + Interrupt ID 3. + +Correct the irq mask to fix an undefined behavior (which eventually +lead to a heap-buffer-overflow, see [Buglink]): + + $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio + [I 1612088147.116987] OPENED + [R +0.278293] writel 0x8000f00 0xff4affb0 + ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' + SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 + +This fixes a security issue when running with KVM on Arm with +kernel-irqchip=off. (The default is kernel-irqchip=on, which is +unaffected, and which is also the correct choice for performance.) + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2021-20221 +Fixes: 9ee6e8bb853 ("ARMv7 support.") +Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Message-id: 20210131103401.217160-1-f4bug@amsat.org +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +Upstream-Status: Backport [edfe2eb4360cde4ed5d95bda7777edcb3510f76a] +CVE: CVE-2021-20221 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/intc/arm_gic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c +index c60dc6b5e..fbde60de0 100644 +--- a/hw/intc/arm_gic.c ++++ b/hw/intc/arm_gic.c +@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, + int target_cpu; + + cpu = gic_get_current_cpu(s); +- irq = value & 0x3ff; ++ irq = value & 0xf; + switch ((value >> 24) & 3) { + case 0: + mask = (value >> 16) & ALL_CPU_MASK; +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch new file mode 100644 index 0000000000..7175b24e99 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch @@ -0,0 +1,55 @@ +From affdf476543405045c281a7c67d1eaedbcea8135 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:45:28 +0800 +Subject: [PATCH] e1000: fail early for evil descriptor + +During procss_tx_desc(), driver can try to chain data descriptor with +legacy descriptor, when will lead underflow for the following +calculation in process_tx_desc() for bytes: + + if (tp->size + bytes > msh) + bytes = msh - tp->size; + +This will lead a infinite loop. So check and fail early if tp->size if +greater or equal to msh. + +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +Reported-by: Ruhr-University Bochum <bugs-syssec@rub.de> +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [3de46e6fc489c52c9431a8a832ad8170a7569bd8] +CVE: CVE-2021-20257 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/e1000.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index cf22c4f07..c3564c7ce 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -670,6 +670,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + msh = tp->tso_props.hdr_len + tp->tso_props.mss; + do { + bytes = split_size; ++ if (tp->size >= msh) { ++ goto eop; ++ } + if (tp->size + bytes > msh) + bytes = msh - tp->size; + +@@ -695,6 +698,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + tp->size += split_size; + } + ++eop: + if (!(txd_lower & E1000_TXD_CMD_EOP)) + return; + if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch new file mode 100644 index 0000000000..4f9a91f0c6 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch @@ -0,0 +1,214 @@ +From aaa5f8e00c2e85a893b972f1e243fb14c26b70dc Mon Sep 17 00:00:00 2001 +From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> +Date: Wed, 24 Feb 2021 19:56:25 +0000 +Subject: [PATCH 2/2] virtiofs: drop remapped security.capability xattr as + needed + +On Linux, the 'security.capability' xattr holds a set of +capabilities that can change when an executable is run, giving +a limited form of privilege escalation to those programs that +the writer of the file deemed worthy. + +Any write causes the 'security.capability' xattr to be dropped, +stopping anyone from gaining privilege by modifying a blessed +file. + +Fuse relies on the daemon to do this dropping, and in turn the +daemon relies on the host kernel to drop the xattr for it. However, +with the addition of -o xattrmap, the xattr that the guest +stores its capabilities in is now not the same as the one that +the host kernel automatically clears. + +Where the mapping changes 'security.capability', explicitly clear +the remapped name to preserve the same behaviour. + +This bug is assigned CVE-2021-20263. + +Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> +Reviewed-by: Vivek Goyal <vgoyal@redhat.com> + +Upstream-Status: Backport [e586edcb410543768ef009eaa22a2d9dd4a53846] +CVE: CVE-2021-20263 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + docs/tools/virtiofsd.rst | 4 ++ + tools/virtiofsd/passthrough_ll.c | 77 +++++++++++++++++++++++++++++++- + 2 files changed, 80 insertions(+), 1 deletion(-) + +diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst +index 866b7db3e..00554c75b 100644 +--- a/docs/tools/virtiofsd.rst ++++ b/docs/tools/virtiofsd.rst +@@ -228,6 +228,10 @@ The 'map' type adds a number of separate rules to add **prepend** as a prefix + to the matched **key** (or all attributes if **key** is empty). + There may be at most one 'map' rule and it must be the last rule in the set. + ++Note: When the 'security.capability' xattr is remapped, the daemon has to do ++extra work to remove it during many operations, which the host kernel normally ++does itself. ++ + xattr-mapping Examples + ---------------------- + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index 03c5e0d13..c9197da86 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -160,6 +160,7 @@ struct lo_data { + int posix_lock; + int xattr; + char *xattrmap; ++ char *xattr_security_capability; + char *source; + char *modcaps; + double timeout; +@@ -226,6 +227,8 @@ static __thread bool cap_loaded = 0; + + static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st, + uint64_t mnt_id); ++static int xattr_map_client(const struct lo_data *lo, const char *client_name, ++ char **out_name); + + static int is_dot_or_dotdot(const char *name) + { +@@ -365,6 +368,37 @@ out: + return ret; + } + ++/* ++ * The host kernel normally drops security.capability xattr's on ++ * any write, however if we're remapping xattr names we need to drop ++ * whatever the clients security.capability is actually stored as. ++ */ ++static int drop_security_capability(const struct lo_data *lo, int fd) ++{ ++ if (!lo->xattr_security_capability) { ++ /* We didn't remap the name, let the host kernel do it */ ++ return 0; ++ } ++ if (!fremovexattr(fd, lo->xattr_security_capability)) { ++ /* All good */ ++ return 0; ++ } ++ ++ switch (errno) { ++ case ENODATA: ++ /* Attribute didn't exist, that's fine */ ++ return 0; ++ ++ case ENOTSUP: ++ /* FS didn't support attribute anyway, also fine */ ++ return 0; ++ ++ default: ++ /* Hmm other error */ ++ return errno; ++ } ++} ++ + static void lo_map_init(struct lo_map *map) + { + map->elems = NULL; +@@ -717,6 +751,11 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, + uid_t uid = (valid & FUSE_SET_ATTR_UID) ? attr->st_uid : (uid_t)-1; + gid_t gid = (valid & FUSE_SET_ATTR_GID) ? attr->st_gid : (gid_t)-1; + ++ saverr = drop_security_capability(lo, ifd); ++ if (saverr) { ++ goto out_err; ++ } ++ + res = fchownat(ifd, "", uid, gid, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW); + if (res == -1) { + goto out_err; +@@ -735,6 +774,14 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, + } + } + ++ saverr = drop_security_capability(lo, truncfd); ++ if (saverr) { ++ if (!fi) { ++ close(truncfd); ++ } ++ goto out_err; ++ } ++ + res = ftruncate(truncfd, attr->st_size); + if (!fi) { + saverr = errno; +@@ -1726,6 +1773,13 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, + if (fd < 0) { + return -fd; + } ++ if (fi->flags & (O_TRUNC)) { ++ int err = drop_security_capability(lo, fd); ++ if (err) { ++ close(fd); ++ return err; ++ } ++ } + } + + pthread_mutex_lock(&lo->mutex); +@@ -2114,6 +2168,12 @@ static void lo_write_buf(fuse_req_t req, fuse_ino_t ino, + "lo_write_buf(ino=%" PRIu64 ", size=%zd, off=%lu)\n", ino, + out_buf.buf[0].size, (unsigned long)off); + ++ res = drop_security_capability(lo_data(req), out_buf.buf[0].fd); ++ if (res) { ++ fuse_reply_err(req, res); ++ return; ++ } ++ + /* + * If kill_priv is set, drop CAP_FSETID which should lead to kernel + * clearing setuid/setgid on file. +@@ -2353,6 +2413,7 @@ static void parse_xattrmap(struct lo_data *lo) + { + const char *map = lo->xattrmap; + const char *tmp; ++ int ret; + + lo->xattr_map_nentries = 0; + while (*map) { +@@ -2383,7 +2444,7 @@ static void parse_xattrmap(struct lo_data *lo) + * the last entry. + */ + parse_xattrmap_map(lo, map, sep); +- return; ++ break; + } else { + fuse_log(FUSE_LOG_ERR, + "%s: Unexpected type;" +@@ -2452,6 +2513,19 @@ static void parse_xattrmap(struct lo_data *lo) + fuse_log(FUSE_LOG_ERR, "Empty xattr map\n"); + exit(1); + } ++ ++ ret = xattr_map_client(lo, "security.capability", ++ &lo->xattr_security_capability); ++ if (ret) { ++ fuse_log(FUSE_LOG_ERR, "Failed to map security.capability: %s\n", ++ strerror(ret)); ++ exit(1); ++ } ++ if (!strcmp(lo->xattr_security_capability, "security.capability")) { ++ /* 1-1 mapping, don't need to do anything */ ++ free(lo->xattr_security_capability); ++ lo->xattr_security_capability = NULL; ++ } + } + + /* +@@ -3480,6 +3554,7 @@ static void fuse_lo_data_cleanup(struct lo_data *lo) + + free(lo->xattrmap); + free_xattrmap(lo); ++ free(lo->xattr_security_capability); + free(lo->source); + } + +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch new file mode 100644 index 0000000000..af94cff7e8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch @@ -0,0 +1,89 @@ +From 3791642c8d60029adf9b00bcb4e34d7d8a1aea4d Mon Sep 17 00:00:00 2001 +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Mon, 19 Apr 2021 15:42:47 +0200 +Subject: [PATCH] mptsas: Remove unused MPTSASState 'pending' field + (CVE-2021-3392) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While processing SCSI i/o requests in mptsas_process_scsi_io_request(), +the Megaraid emulator appends new MPTSASRequest object 'req' to +the 's->pending' queue. In case of an error, this same object gets +dequeued in mptsas_free_request() only if SCSIRequest object +'req->sreq' is initialised. This may lead to a use-after-free issue. + +Since s->pending is actually not used, simply remove it from +MPTSASState. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +Message-id: 20210419134247.1467982-1-f4bug@amsat.org +Message-Id: <20210416102243.1293871-1-mjt@msgid.tls.msk.ru> +Suggested-by: Paolo Bonzini <pbonzini@redhat.com> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +BugLink: https://bugs.launchpad.net/qemu/+bug/1914236 (CVE-2021-3392) +Fixes: e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device") +[PMD: Reworded description, added more tags] +Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +CVE: CVE-2021-3392 +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + hw/scsi/mptsas.c | 6 ------ + hw/scsi/mptsas.h | 1 - + 2 files changed, 7 deletions(-) + +diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c +index 7416e7870614..db3219e7d206 100644 +--- a/hw/scsi/mptsas.c ++++ b/hw/scsi/mptsas.c +@@ -251,13 +251,10 @@ static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) + + static void mptsas_free_request(MPTSASRequest *req) + { +- MPTSASState *s = req->dev; +- + if (req->sreq != NULL) { + req->sreq->hba_private = NULL; + scsi_req_unref(req->sreq); + req->sreq = NULL; +- QTAILQ_REMOVE(&s->pending, req, next); + } + qemu_sglist_destroy(&req->qsg); + g_free(req); +@@ -303,7 +300,6 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, + } + + req = g_new0(MPTSASRequest, 1); +- QTAILQ_INSERT_TAIL(&s->pending, req, next); + req->scsi_io = *scsi_io; + req->dev = s; + +@@ -1319,8 +1315,6 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) + + s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); + +- QTAILQ_INIT(&s->pending); +- + scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL); + } + +diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h +index b85ac1a5fcc7..c046497db719 100644 +--- a/hw/scsi/mptsas.h ++++ b/hw/scsi/mptsas.h +@@ -79,7 +79,6 @@ struct MPTSASState { + uint16_t reply_frame_size; + + SCSIBus bus; +- QTAILQ_HEAD(, MPTSASRequest) pending; + }; + + void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req); diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch new file mode 100644 index 0000000000..f9395add43 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch @@ -0,0 +1,56 @@ +From c01ae9a35b3c6b4a8e1f1bfa0a0caafe394f8b5c Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Tue, 16 Feb 2021 11:46:52 +0800 +Subject: [PATCH 1/6] hw/sd: sdhci: Simplify updating s->prnsts in + sdhci_sdma_transfer_multi_blocks() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +s->prnsts is updated in both branches of the if () else () statement. +Move the common bits outside so that it is cleaner. + +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Message-Id: <1613447214-81951-5-git-send-email-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [8bc1f1aa51d32c3184e7b19d5b94c35ecc06f056] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 2f8b74a84..f83c5e295 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -596,9 +596,9 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + page_aligned = true; + } + ++ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE; + if (s->trnmod & SDHC_TRNS_READ) { +- s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | +- SDHC_DAT_LINE_ACTIVE; ++ s->prnsts |= SDHC_DOING_READ; + while (s->blkcnt) { + if (s->data_count == 0) { + sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size); +@@ -625,8 +625,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + } + } + } else { +- s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT | +- SDHC_DAT_LINE_ACTIVE; ++ s->prnsts |= SDHC_DOING_WRITE; + while (s->blkcnt) { + begin = s->data_count; + if (((boundary_count + begin) < block_size) && page_aligned) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch new file mode 100644 index 0000000000..f3d2bb1375 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch @@ -0,0 +1,92 @@ +From b9bb4700798bce98888c51d7b6dbc19ec49159d5 Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Wed, 3 Mar 2021 20:26:35 +0800 +Subject: [PATCH 2/6] hw/sd: sdhci: Don't transfer any data when command time + out +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +At the end of sdhci_send_command(), it starts a data transfer if the +command register indicates data is associated. But the data transfer +should only be initiated when the command execution has succeeded. + +With this fix, the following reproducer: + +outl 0xcf8 0x80001810 +outl 0xcfc 0xe1068000 +outl 0xcf8 0x80001804 +outw 0xcfc 0x7 +write 0xe106802c 0x1 0x0f +write 0xe1068004 0xc 0x2801d10101fffffbff28a384 +write 0xe106800c 0x1f 0x9dacbbcad9e8f7061524334251606f7e8d9cabbac9d8e7f60514233241505f +write 0xe1068003 0x28 0x80d000251480d000252280d000253080d000253e80d000254c80d000255a80d000256880d0002576 +write 0xe1068003 0x1 0xfe + +cannot be reproduced with the following QEMU command line: + +$ qemu-system-x86_64 -nographic -M pc-q35-5.0 \ + -device sdhci-pci,sd-spec-version=3 \ + -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ + -device sd-card,drive=mydrive \ + -monitor none -serial none -qtest stdio + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2020-17380 +Fixes: CVE-2020-25085 +Fixes: CVE-2021-3409 +Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) +Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) +Reported-by: Simon Wörner (Ruhr-Universität Bochum) +Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 +Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 +Acked-by: Alistair Francis <alistair.francis@wdc.com> +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Message-Id: <20210303122639.20004-2-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [b263d8f928001b5cfa2a993ea43b7a5b3a1811e8] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index f83c5e295..44f8a82ea 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -326,6 +326,7 @@ static void sdhci_send_command(SDHCIState *s) + SDRequest request; + uint8_t response[16]; + int rlen; ++ bool timeout = false; + + s->errintsts = 0; + s->acmd12errsts = 0; +@@ -349,6 +350,7 @@ static void sdhci_send_command(SDHCIState *s) + trace_sdhci_response16(s->rspreg[3], s->rspreg[2], + s->rspreg[1], s->rspreg[0]); + } else { ++ timeout = true; + trace_sdhci_error("timeout waiting for command response"); + if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { + s->errintsts |= SDHC_EIS_CMDTIMEOUT; +@@ -369,7 +371,7 @@ static void sdhci_send_command(SDHCIState *s) + + sdhci_update_irq(s); + +- if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { ++ if (!timeout && s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { + s->data_count = 0; + sdhci_data_transfer(s); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch new file mode 100644 index 0000000000..c3b37ed616 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch @@ -0,0 +1,109 @@ +From 405ca416ccc8135544a4fe5732974497244128c9 Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Wed, 3 Mar 2021 20:26:36 +0800 +Subject: [PATCH 3/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when + transfer is in progress +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per "SD Host Controller Standard Specification Version 7.00" +chapter 2.2.1 SDMA System Address Register: + +This register can be accessed only if no transaction is executing +(i.e., after a transaction has stopped). + +With this fix, the following reproducer: + +outl 0xcf8 0x80001010 +outl 0xcfc 0xfbefff00 +outl 0xcf8 0x80001001 +outl 0xcfc 0x06000000 +write 0xfbefff2c 0x1 0x05 +write 0xfbefff0f 0x1 0x37 +write 0xfbefff0a 0x1 0x01 +write 0xfbefff0f 0x1 0x29 +write 0xfbefff0f 0x1 0x02 +write 0xfbefff0f 0x1 0x03 +write 0xfbefff04 0x1 0x01 +write 0xfbefff05 0x1 0x01 +write 0xfbefff07 0x1 0x02 +write 0xfbefff0c 0x1 0x33 +write 0xfbefff0e 0x1 0x20 +write 0xfbefff0f 0x1 0x00 +write 0xfbefff2a 0x1 0x01 +write 0xfbefff0c 0x1 0x00 +write 0xfbefff03 0x1 0x00 +write 0xfbefff05 0x1 0x00 +write 0xfbefff2a 0x1 0x02 +write 0xfbefff0c 0x1 0x32 +write 0xfbefff01 0x1 0x01 +write 0xfbefff02 0x1 0x01 +write 0xfbefff03 0x1 0x01 + +cannot be reproduced with the following QEMU command line: + +$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ + -nodefaults -device sdhci-pci,sd-spec-version=3 \ + -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ + -device sd-card,drive=mydrive -qtest stdio + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2020-17380 +Fixes: CVE-2020-25085 +Fixes: CVE-2021-3409 +Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) +Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) +Reported-by: Simon Wörner (Ruhr-Universität Bochum) +Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 +Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Message-Id: <20210303122639.20004-3-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [8be45cc947832b3c02144c9d52921f499f2d77fe] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 44f8a82ea..d8a46f307 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -1121,15 +1121,17 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) + + switch (offset & ~0x3) { + case SDHC_SYSAD: +- s->sdmasysad = (s->sdmasysad & mask) | value; +- MASKED_WRITE(s->sdmasysad, mask, value); +- /* Writing to last byte of sdmasysad might trigger transfer */ +- if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && +- s->blksize && SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { +- if (s->trnmod & SDHC_TRNS_MULTI) { +- sdhci_sdma_transfer_multi_blocks(s); +- } else { +- sdhci_sdma_transfer_single_block(s); ++ if (!TRANSFERRING_DATA(s->prnsts)) { ++ s->sdmasysad = (s->sdmasysad & mask) | value; ++ MASKED_WRITE(s->sdmasysad, mask, value); ++ /* Writing to last byte of sdmasysad might trigger transfer */ ++ if (!(mask & 0xFF000000) && s->blkcnt && s->blksize && ++ SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { ++ if (s->trnmod & SDHC_TRNS_MULTI) { ++ sdhci_sdma_transfer_multi_blocks(s); ++ } else { ++ sdhci_sdma_transfer_single_block(s); ++ } + } + } + break; +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch new file mode 100644 index 0000000000..d5be99759d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch @@ -0,0 +1,75 @@ +From b672bcaf5522294a4d8de3e88e0932d55585ee3b Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Wed, 3 Mar 2021 20:26:37 +0800 +Subject: [PATCH 4/6] hw/sd: sdhci: Correctly set the controller status for + ADMA +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When an ADMA transfer is started, the codes forget to set the +controller status to indicate a transfer is in progress. + +With this fix, the following 2 reproducers: + +https://paste.debian.net/plain/1185136 +https://paste.debian.net/plain/1185141 + +cannot be reproduced with the following QEMU command line: + +$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ + -nodefaults -device sdhci-pci,sd-spec-version=3 \ + -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ + -device sd-card,drive=mydrive -qtest stdio + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2020-17380 +Fixes: CVE-2020-25085 +Fixes: CVE-2021-3409 +Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) +Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) +Reported-by: Simon Wörner (Ruhr-Universität Bochum) +Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 +Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Message-Id: <20210303122639.20004-4-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [bc6f28995ff88f5d82c38afcfd65406f0ae375aa] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index d8a46f307..7de03c6dd 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -768,7 +768,9 @@ static void sdhci_do_adma(SDHCIState *s) + + switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { + case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ ++ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE; + if (s->trnmod & SDHC_TRNS_READ) { ++ s->prnsts |= SDHC_DOING_READ; + while (length) { + if (s->data_count == 0) { + sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size); +@@ -796,6 +798,7 @@ static void sdhci_do_adma(SDHCIState *s) + } + } + } else { ++ s->prnsts |= SDHC_DOING_WRITE; + while (length) { + begin = s->data_count; + if ((length + begin) < block_size) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch new file mode 100644 index 0000000000..7199056838 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch @@ -0,0 +1,56 @@ +From c2298884cf6bcf2b047b4bae5f78432b052b5729 Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Wed, 3 Mar 2021 20:26:38 +0800 +Subject: [PATCH 5/6] hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE + register is writable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The codes to limit the maximum block size is only necessary when +SDHC_BLKSIZE register is writable. + +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Message-Id: <20210303122639.20004-5-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 7de03c6dd..6c780126e 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -1142,15 +1142,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) + if (!TRANSFERRING_DATA(s->prnsts)) { + MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); + MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); +- } + +- /* Limit block size to the maximum buffer size */ +- if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { +- qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " +- "the maximum buffer 0x%x\n", __func__, s->blksize, +- s->buf_maxsz); ++ /* Limit block size to the maximum buffer size */ ++ if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " ++ "the maximum buffer 0x%x\n", __func__, s->blksize, ++ s->buf_maxsz); + +- s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); ++ s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); ++ } + } + + break; +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch new file mode 100644 index 0000000000..624c1f6496 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch @@ -0,0 +1,99 @@ +From db916870a839346767b6d5ca7d0eed3128ba5fea Mon Sep 17 00:00:00 2001 +From: Bin Meng <bmeng.cn@gmail.com> +Date: Wed, 3 Mar 2021 20:26:39 +0800 +Subject: [PATCH 6/6] hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] + when a different block size is programmed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the block size is programmed to a different value from the +previous one, reset the data pointer of s->fifo_buffer[] so that +s->fifo_buffer[] can be filled in using the new block size in +the next transfer. + +With this fix, the following reproducer: + +outl 0xcf8 0x80001010 +outl 0xcfc 0xe0000000 +outl 0xcf8 0x80001001 +outl 0xcfc 0x06000000 +write 0xe000002c 0x1 0x05 +write 0xe0000005 0x1 0x02 +write 0xe0000007 0x1 0x01 +write 0xe0000028 0x1 0x10 +write 0x0 0x1 0x23 +write 0x2 0x1 0x08 +write 0xe000000c 0x1 0x01 +write 0xe000000e 0x1 0x20 +write 0xe000000f 0x1 0x00 +write 0xe000000c 0x1 0x32 +write 0xe0000004 0x2 0x0200 +write 0xe0000028 0x1 0x00 +write 0xe0000003 0x1 0x40 + +cannot be reproduced with the following QEMU command line: + +$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ + -nodefaults -device sdhci-pci,sd-spec-version=3 \ + -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ + -device sd-card,drive=mydrive -qtest stdio + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2020-17380 +Fixes: CVE-2020-25085 +Fixes: CVE-2021-3409 +Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) +Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) +Reported-by: Simon Wörner (Ruhr-Universität Bochum) +Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 +Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Bin Meng <bmeng.cn@gmail.com> +Message-Id: <20210303122639.20004-6-bmeng.cn@gmail.com> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> + +Upstream-Status: Backport [cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9] +CVE: CVE-2021-3409 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/sd/sdhci.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 6c780126e..216842420 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -1140,6 +1140,8 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) + break; + case SDHC_BLKSIZE: + if (!TRANSFERRING_DATA(s->prnsts)) { ++ uint16_t blksize = s->blksize; ++ + MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); + MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); + +@@ -1151,6 +1153,16 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) + + s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); + } ++ ++ /* ++ * If the block size is programmed to a different value from ++ * the previous one, reset the data pointer of s->fifo_buffer[] ++ * so that s->fifo_buffer[] can be filled in using the new block ++ * size in the next transfer. ++ */ ++ if (blksize != s->blksize) { ++ s->data_count = 0; ++ } + } + + break; +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch new file mode 100644 index 0000000000..5bacd67481 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch @@ -0,0 +1,177 @@ +From 4b1988a29d67277d6c8ce1df52975f5616592913 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 11:44:36 +0800 +Subject: [PATCH 01/10] net: introduce qemu_receive_packet() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some NIC supports loopback mode and this is done by calling +nc->info->receive() directly which in fact suppresses the effort of +reentrancy check that is done in qemu_net_queue_send(). + +Unfortunately we can't use qemu_net_queue_send() here since for +loopback there's no sender as peer, so this patch introduce a +qemu_receive_packet() which is used for implementing loopback mode +for a NIC with this check. + +NIC that supports loopback mode will be converted to this helper. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [705df5466c98f3efdd2b68d3b31dad86858acad7] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + include/net/net.h | 5 +++++ + include/net/queue.h | 8 ++++++++ + net/net.c | 38 +++++++++++++++++++++++++++++++------- + net/queue.c | 22 ++++++++++++++++++++++ + 4 files changed, 66 insertions(+), 7 deletions(-) + +diff --git a/include/net/net.h b/include/net/net.h +index 778fc787c..03f058ecb 100644 +--- a/include/net/net.h ++++ b/include/net/net.h +@@ -143,12 +143,17 @@ void *qemu_get_nic_opaque(NetClientState *nc); + void qemu_del_net_client(NetClientState *nc); + typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque); + void qemu_foreach_nic(qemu_nic_foreach func, void *opaque); ++int qemu_can_receive_packet(NetClientState *nc); + int qemu_can_send_packet(NetClientState *nc); + ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov, + int iovcnt); + ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov, + int iovcnt, NetPacketSent *sent_cb); + ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size); ++ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size); ++ssize_t qemu_receive_packet_iov(NetClientState *nc, ++ const struct iovec *iov, ++ int iovcnt); + ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size); + ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf, + int size, NetPacketSent *sent_cb); +diff --git a/include/net/queue.h b/include/net/queue.h +index c0269bb1d..9f2f289d7 100644 +--- a/include/net/queue.h ++++ b/include/net/queue.h +@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue, + + void qemu_del_net_queue(NetQueue *queue); + ++ssize_t qemu_net_queue_receive(NetQueue *queue, ++ const uint8_t *data, ++ size_t size); ++ ++ssize_t qemu_net_queue_receive_iov(NetQueue *queue, ++ const struct iovec *iov, ++ int iovcnt); ++ + ssize_t qemu_net_queue_send(NetQueue *queue, + NetClientState *sender, + unsigned flags, +diff --git a/net/net.c b/net/net.c +index 6a2c3d956..5e15e5d27 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -528,6 +528,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be) + #endif + } + ++int qemu_can_receive_packet(NetClientState *nc) ++{ ++ if (nc->receive_disabled) { ++ return 0; ++ } else if (nc->info->can_receive && ++ !nc->info->can_receive(nc)) { ++ return 0; ++ } ++ return 1; ++} ++ + int qemu_can_send_packet(NetClientState *sender) + { + int vm_running = runstate_is_running(); +@@ -540,13 +551,7 @@ int qemu_can_send_packet(NetClientState *sender) + return 1; + } + +- if (sender->peer->receive_disabled) { +- return 0; +- } else if (sender->peer->info->can_receive && +- !sender->peer->info->can_receive(sender->peer)) { +- return 0; +- } +- return 1; ++ return qemu_can_receive_packet(sender->peer); + } + + static ssize_t filter_receive_iov(NetClientState *nc, +@@ -679,6 +684,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size) + return qemu_send_packet_async(nc, buf, size, NULL); + } + ++ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size) ++{ ++ if (!qemu_can_receive_packet(nc)) { ++ return 0; ++ } ++ ++ return qemu_net_queue_receive(nc->incoming_queue, buf, size); ++} ++ ++ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov, ++ int iovcnt) ++{ ++ if (!qemu_can_receive_packet(nc)) { ++ return 0; ++ } ++ ++ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt); ++} ++ + ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size) + { + return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW, +diff --git a/net/queue.c b/net/queue.c +index 19e32c80f..c872d51df 100644 +--- a/net/queue.c ++++ b/net/queue.c +@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue, + return ret; + } + ++ssize_t qemu_net_queue_receive(NetQueue *queue, ++ const uint8_t *data, ++ size_t size) ++{ ++ if (queue->delivering) { ++ return 0; ++ } ++ ++ return qemu_net_queue_deliver(queue, NULL, 0, data, size); ++} ++ ++ssize_t qemu_net_queue_receive_iov(NetQueue *queue, ++ const struct iovec *iov, ++ int iovcnt) ++{ ++ if (queue->delivering) { ++ return 0; ++ } ++ ++ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt); ++} ++ + ssize_t qemu_net_queue_send(NetQueue *queue, + NetClientState *sender, + unsigned flags, +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch new file mode 100644 index 0000000000..7deec1a347 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch @@ -0,0 +1,44 @@ +From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 14:35:30 -0500 +Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/lan9118.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c +index ab57c02c8..75f18ae2d 100644 +--- a/hw/net/lan9118.c ++++ b/hw/net/lan9118.c +@@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s) + /* FIXME: Honor TX disable, and allow queueing of packets. */ + if (s->phy_control & 0x4000) { + /* This assumes the receive routine doesn't touch the VLANClient. */ +- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } else { + qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch new file mode 100644 index 0000000000..5e53e20bac --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch @@ -0,0 +1,42 @@ +From e2a48a3c7cc33dbbe89f896e0f07462cb04ff6b5 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 12:13:22 +0800 +Subject: [PATCH 02/10] e1000: switch to use qemu_receive_packet() for loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [1caff0340f49c93d535c6558a5138d20d475315c] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/e1000.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index d7d05ae30..cf22c4f07 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -546,7 +546,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size) + + NetClientState *nc = qemu_get_queue(s->nic); + if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) { +- nc->info->receive(nc, buf, size); ++ qemu_receive_packet(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch new file mode 100644 index 0000000000..3fc469e3e3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch @@ -0,0 +1,43 @@ +From c041a4da1ff119715e0ccf2d4a7af62568f17b93 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 12:57:40 +0800 +Subject: [PATCH 03/10] dp8393x: switch to use qemu_receive_packet() for + loopback packet +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [331d2ac9ea307c990dc86e6493e8f0c48d14bb33] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/dp8393x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c +index 205c0decc..533a8304d 100644 +--- a/hw/net/dp8393x.c ++++ b/hw/net/dp8393x.c +@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) + s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; + if (nc->info->can_receive(nc)) { + s->loopback_packet = 1; +- nc->info->receive(nc, s->tx_buffer, tx_len); ++ qemu_receive_packet(nc, s->tx_buffer, tx_len); + } + } else { + /* Transmit packet */ +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch new file mode 100644 index 0000000000..e14f37735d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch @@ -0,0 +1,43 @@ +From 9ac5345344b75995bc96d171eaa5dc8d26bf0e21 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:00:01 +0800 +Subject: [PATCH 04/10] msf2-mac: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [26194a58f4eb83c5bdf4061a1628508084450ba1] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/msf2-emac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c +index 32ba9e841..3e6206044 100644 +--- a/hw/net/msf2-emac.c ++++ b/hw/net/msf2-emac.c +@@ -158,7 +158,7 @@ static void msf2_dma_tx(MSF2EmacState *s) + * R_CFG1 bit 0 is set. + */ + if (s->regs[R_CFG1] & R_CFG1_LB_EN_MASK) { +- nc->info->receive(nc, buf, size); ++ qemu_receive_packet(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch new file mode 100644 index 0000000000..c3f8f97592 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch @@ -0,0 +1,45 @@ +From d465dc79c9ee729d91ef086b993e956b1935be69 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:14:35 +0800 +Subject: [PATCH 05/10] sungem: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Alistair Francis <alistair.francis@wdc.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [8c92060d3c0248bd4d515719a35922cd2391b9b4] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/sungem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/sungem.c b/hw/net/sungem.c +index 33c3722df..3684a4d73 100644 +--- a/hw/net/sungem.c ++++ b/hw/net/sungem.c +@@ -306,7 +306,7 @@ static void sungem_send_packet(SunGEMState *s, const uint8_t *buf, + NetClientState *nc = qemu_get_queue(s->nic); + + if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) { +- nc->info->receive(nc, buf, size); ++ qemu_receive_packet(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch new file mode 100644 index 0000000000..855c6970f4 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch @@ -0,0 +1,43 @@ +From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:27:52 +0800 +Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_receive_iov() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/net_tx_pkt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c +index da262edc3..1f9aa59ec 100644 +--- a/hw/net/net_tx_pkt.c ++++ b/hw/net/net_tx_pkt.c +@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt, + NetClientState *nc, const struct iovec *iov, int iov_cnt) + { + if (pkt->is_loopback) { +- nc->info->receive_iov(nc, iov, iov_cnt); ++ qemu_receive_packet_iov(nc, iov, iov_cnt); + } else { + qemu_sendv_packet(nc, iov, iov_cnt); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch new file mode 100644 index 0000000000..4e1115de02 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch @@ -0,0 +1,45 @@ +From 64b38675c728354e4015e4bec3d975cd4cb8a981 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Fri, 26 Feb 2021 13:47:53 -0500 +Subject: [PATCH 07/10] rtl8139: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [5311fb805a4403bba024e83886fa0e7572265de4] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index ba5ace1ab..d2dd03e6a 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, + } + + DPRINTF("+++ transmit loopback mode\n"); +- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt); ++ qemu_receive_packet(qemu_get_queue(s->nic), buf, size); + + if (iov) { + g_free(buf2); +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch new file mode 100644 index 0000000000..ed716468dc --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch @@ -0,0 +1,44 @@ +From 023ce62f0a788ad3a8233c7a828554bceeafd031 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 10:33:34 -0500 +Subject: [PATCH 08/10] pcnet: switch to use qemu_receive_packet() for loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1917085 +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/pcnet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index f3f18d859..dcd3fc494 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1250,7 +1250,7 @@ txagain: + if (BCR_SWSTYLE(s) == 1) + add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); + s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; +- pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); + s->looptest = 0; + } else { + if (s->nic) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch new file mode 100644 index 0000000000..39d32b33a4 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch @@ -0,0 +1,46 @@ +From ecf7e62bb2cb02c9bd40082504ae376f3e19ffd2 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 14:33:43 -0500 +Subject: [PATCH 09/10] cadence_gem: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [e73adfbeec9d4e008630c814759052ed945c3fed] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/cadence_gem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c +index 7a534691f..43b760e3f 100644 +--- a/hw/net/cadence_gem.c ++++ b/hw/net/cadence_gem.c +@@ -1275,8 +1275,8 @@ static void gem_transmit(CadenceGEMState *s) + /* Send the packet somewhere */ + if (s->phy_loop || (s->regs[GEM_NWCTRL] & + GEM_NWCTRL_LOCALLOOP)) { +- gem_receive(qemu_get_queue(s->nic), s->tx_packet, +- total_bytes); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->tx_packet, ++ total_bytes); + } else { + qemu_send_packet(qemu_get_queue(s->nic), s->tx_packet, + total_bytes); +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 38d755205c..d8fcc16729 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 9bbe3f8564705aafcdcc5f2f033f9241a97f47c6 Mon Sep 17 00:00:00 2001 +From 7b2dd83d8fcd06af8e583b53da79ed0033793d46 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,7 +14,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 6c78568e4..76b1d40e4 100644 +index fe35a90fa..b2faec6f3 100644 --- a/configure.ac +++ b/configure.ac @@ -966,7 +966,7 @@ else @@ -40,7 +40,7 @@ index 35c8cf9df..9d8b2825c 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index cd40a16be..e6941e09f 100644 +index 8e1dc2184..3d889ec86 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index cd40a16be..e6941e09f 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 10:2:1 + rpm_version_info = 10:3:1 diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.2.bb b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb index d369c706a2..7c03b41fc8 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.2.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb @@ -43,7 +43,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x \ " PE = "1" -SRCREV = "278883a704ea36c97974d0f2d65d41abe78b0e2a" +SRCREV = "3659b8a04f5b8bacf6535e0124e7fe23f15286bd" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch b/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch new file mode 100644 index 0000000000..2d51ddf965 --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch @@ -0,0 +1,31 @@ +From fbe85634d88e82fbb439ae2a5d1aca8b8c309bea Mon Sep 17 00:00:00 2001 +From: Matt McCutchen <matt@mattmccutchen.net> +Date: Wed, 26 Aug 2020 12:16:08 -0400 +Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using + openssl. + +CVE: CVE-2020-14387 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c3f7414] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + rsync-ssl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync-ssl b/rsync-ssl +index 8101975..46701af 100755 +--- a/rsync-ssl ++++ b/rsync-ssl +@@ -129,7 +129,7 @@ function rsync_ssl_helper { + fi + + if [[ $RSYNC_SSL_TYPE == openssl ]]; then +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port + elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then + exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port + else +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb index 8b36a8ebde..cb18667755 100644 --- a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb +++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb @@ -14,6 +14,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://rsyncd.conf \ file://makefile-no-rebuild.patch \ file://determism.patch \ + file://0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch \ " SRC_URI[sha256sum] = "becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e" diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.0.0.bb b/poky/meta/recipes-devtools/ruby/ruby_3.0.1.bb index 28e12c3cd7..944cb81c1d 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.0.0.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.0.1.bb @@ -8,7 +8,7 @@ SRC_URI += " \ file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ " -SRC_URI[sha256sum] = "a13ed141a1c18eb967aac1e33f4d6ad5f21be1ac543c344e0d6feeee54af8e28" +SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/poky/meta/recipes-extended/groff/groff_1.22.4.bb b/poky/meta/recipes-extended/groff/groff_1.22.4.bb index 983cb9aea6..f0e9eb6a8a 100644 --- a/poky/meta/recipes-extended/groff/groff_1.22.4.bb +++ b/poky/meta/recipes-extended/groff/groff_1.22.4.bb @@ -62,6 +62,10 @@ do_install_append() { rm -rf ${D}${bindir}/glilypond rm -rf ${D}${libdir}/groff/glilypond rm -rf ${D}${mandir}/man1/glilypond* + + # not ship /usr/bin/grap2graph and its releated man files + rm -rf ${D}${bindir}/grap2graph + rm -rf ${D}${mandir}/man1/grap2graph* } do_install_append_class-native() { diff --git a/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch b/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch new file mode 100644 index 0000000000..f32cd18370 --- /dev/null +++ b/poky/meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch @@ -0,0 +1,27 @@ +lsb-release maintains it's own copy of help2man. Include the support +for specifying SOURCE_DATE_EPOCH from upstream. + +Upstream-Status: Pending + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +diff --git a/help2man b/help2man +index 13015c2..63439db 100755 +--- a/help2man ++++ b/help2man +@@ -173,7 +173,14 @@ my ($help_text, $version_text) = map { + or die "$this_program: can't get `--$_' info from $ARGV[0]\n" + } qw(help), $opt_version_key; + +-my $date = strftime "%B %Y", localtime; ++my $epoch_secs = time; ++if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/) ++{ ++ $epoch_secs = $1; ++ $ENV{TZ} = 'UTC0'; ++} ++ ++my $date = strftime "%B %Y", localtime $epoch_secs; + (my $program = $ARGV[0]) =~ s!.*/!!; + my $package = $program; + my $version; diff --git a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb index 3e8f7a13ec..bafc18fcc0 100644 --- a/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb +++ b/poky/meta/recipes-extended/lsb/lsb-release_1.4.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://README;md5=12da544b1a3a5a1795a21160b49471cf" SRC_URI = "${SOURCEFORGE_MIRROR}/project/lsb/lsb_release/1.4/lsb-release-1.4.tar.gz \ file://0001-fix-lsb_release-to-work-with-busybox-head-and-find.patch \ file://0001-Remove-timestamp-from-manpage.patch \ + file://help2man-reproducibility.patch \ " SRC_URI[md5sum] = "30537ef5a01e0ca94b7b8eb6a36bb1e4" diff --git a/poky/meta/recipes-extended/ltp/ltp_20210121.bb b/poky/meta/recipes-extended/ltp/ltp_20210121.bb index f58ca2eb2c..d98c9fdc25 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20210121.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20210121.bb @@ -61,7 +61,7 @@ EXTRA_OECONF += " --without-tirpc " do_install(){ install -d ${D}${prefix}/ - oe_runmake DESTDIR=${D} SKIP_IDCHECK=1 install + oe_runmake DESTDIR=${D} SKIP_IDCHECK=1 install include-install # fixup not deploy STPfailure_report.pl to avoid confusing about it fails to run # as it lacks dependency on some perl moudle such as LWP::Simple diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch new file mode 100644 index 0000000000..fe594b24bb --- /dev/null +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch @@ -0,0 +1,40 @@ +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi <ebassi@gnome.org> +Date: Wed, 1 Apr 2020 18:11:55 +0100 +Subject: [PATCH] Check the memset length argument + +Avoid overflows by using the checked multiplication macro for gsize. + +Fixes: #132 + +Upstream-Status: Backported [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e] +CVE: CVE-2021-20240 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + gdk-pixbuf/io-gif-animation.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c +index c9db3c66e..49674fd2e 100644 +--- a/gdk-pixbuf/io-gif-animation.c ++++ b/gdk-pixbuf/io-gif-animation.c +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter) + + /* If no rendered frame, render the first frame */ + if (anim->last_frame == NULL) { ++ gsize len = 0; + if (anim->last_frame_data == NULL) + anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height); + if (anim->last_frame_data == NULL) + return NULL; +- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height); ++ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height)) ++ memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len); ++ else ++ return NULL; + composite_frame (anim, g_list_nth_data (anim->frames, 0)); + } + +-- +GitLab diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb index 226e1c7b89..f01da32e71 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb @@ -26,6 +26,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \ file://missing-test-data.patch \ file://CVE-2020-29385.patch \ + file://CVE-2021-20240.patch \ " SRC_URI_append_class-target = " \ diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch new file mode 100644 index 0000000000..f8e69beb0b --- /dev/null +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch @@ -0,0 +1,121 @@ +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <heiko.lewin@worldiety.de> +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +CVE: CVE-2020-35492 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be?merge_request_iid=85] + +original patch from upstream has a binary file, it will cause +do_patch failed with "git binary diffs are not supported". + +so add do_patch_append in recipe to add this binary source. when removing +this patch, please also remove do_patch_append for this patch + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/cairo-image-compositor.c | 8 ++-- + test/Makefile.sources | 1 + + test/bug-image-compositor.c | 39 ++++++++++++++++++++ + 3 files changed, 44 insertions(+), 4 deletions(-) + create mode 100644 test/bug-image-compositor.c + +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 79ad69f68..4f8aaed99 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; +diff --git a/test/Makefile.sources b/test/Makefile.sources +index 7eb73647f..86494348d 100644 +--- a/test/Makefile.sources ++++ b/test/Makefile.sources +@@ -34,6 +34,7 @@ test_sources = \ + bug-source-cu.c \ + bug-extents.c \ + bug-seams.c \ ++ bug-image-compositor.c \ + caps.c \ + checkerboard.c \ + caps-joins.c \ +diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c +new file mode 100644 +index 000000000..fc4fd370b +--- /dev/null ++++ b/test/bug-image-compositor.c +@@ -0,0 +1,39 @@ ++#include "cairo-test.h" ++ ++static cairo_test_status_t ++draw (cairo_t *cr, int width, int height) ++{ ++ cairo_set_source_rgb (cr, 0., 0., 0.); ++ cairo_paint (cr); ++ ++ cairo_set_source_rgb (cr, 1., 1., 1.); ++ cairo_set_line_width (cr, 1.); ++ ++ cairo_pattern_t *p = cairo_pattern_create_linear (0, 0, width, height); ++ cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1); ++ cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1); ++ cairo_set_source (cr, p); ++ ++ cairo_move_to (cr, 0.5, -1); ++ for (int i = 0; i < width; i+=3) { ++ cairo_rel_line_to (cr, 2, 2); ++ cairo_rel_line_to (cr, 1, -2); ++ } ++ ++ cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE); ++ cairo_stroke (cr); ++ ++ cairo_pattern_destroy(p); ++ ++ return CAIRO_TEST_SUCCESS; ++} ++ ++ ++CAIRO_TEST (bug_image_compositor, ++ "Crash in image-compositor", ++ "stroke, stress", /* keywords */ ++ NULL, /* requirements */ ++ 10000, 1, ++ NULL, draw) ++ ++ +-- +GitLab diff --git a/poky/meta/recipes-graphics/cairo/cairo/bug-image-compositor.ref.png b/poky/meta/recipes-graphics/cairo/cairo/bug-image-compositor.ref.png Binary files differnew file mode 100644 index 0000000000..939f659d2c --- /dev/null +++ b/poky/meta/recipes-graphics/cairo/cairo/bug-image-compositor.ref.png diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 68f993d7ca..d48da1a4c7 100644 --- a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -27,6 +27,8 @@ SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://CVE-2018-19876.patch \ file://CVE-2019-6461.patch \ file://CVE-2019-6462.patch \ + file://CVE-2020-35492.patch \ + file://bug-image-compositor.ref.png \ " SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" @@ -64,6 +66,15 @@ export ac_cv_lib_bfd_bfd_openr="no" # Ensure we don't depend on LZO export ac_cv_lib_lzo2_lzo2a_decompress="no" +#for CVE-2020-35492.patch +do_patch_append() { + bb.build.exec_func('do_cp_binary_source', d) +} + +do_cp_binary_source () { + cp ${WORKDIR}/bug-image-compositor.ref.png ${S}/test/reference/ +} + do_install_append () { rm -rf ${D}${bindir}/cairo-sphinx rm -rf ${D}${libdir}/cairo/cairo-fdr* diff --git a/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch b/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch index ef092f17a1..cddd330971 100644 --- a/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch +++ b/poky/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch @@ -34,14 +34,14 @@ index 00000000..64b6882d --- /dev/null +++ b/glslang/glslang.pc.cmake.in @@ -0,0 +1,11 @@ -+ prefix=@CMAKE_INSTALL_PREFIX@ -+ exec_prefix=@CMAKE_INSTALL_PREFIX@ -+ libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@ -+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ -+ -+ Name: @PROJECT_NAME@ -+ Description: OpenGL and OpenGL ES shader front end and validator -+ Requires: -+ Version: @GLSLANG_VERSION@ -+ Libs: -L${libdir} -lglslang -lOSDependent -lHLSL -lOGLCompiler -lSPVRemapper -+ Cflags: -I${includedir} ++prefix=@CMAKE_INSTALL_PREFIX@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@ ++includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ ++ ++Name: @PROJECT_NAME@ ++Description: OpenGL and OpenGL ES shader front end and validator ++Requires: ++Version: @GLSLANG_VERSION@ ++Libs: -L${libdir} -lglslang -lOSDependent -lHLSL -lOGLCompiler -lSPVRemapper ++Cflags: -I${includedir} diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.6.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.6.bb index b6efc6bca0..0bd6af8db9 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.6.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.6.bb @@ -29,7 +29,7 @@ RCONFLICTS_${PN} += "jpeg" inherit cmake pkgconfig -export NASMENV = "--debug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" +export NASMENV = "--reproducible --debug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" # Add nasm-native dependency consistently for all build arches is hard EXTRA_OECMAKE_append_class-native = " -DWITH_SIMD=False" diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_21.0.1.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_21.0.3.bb index dff79f0be0..dff79f0be0 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-gl_21.0.1.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-gl_21.0.3.bb diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index caf3c62ad8..a85f94c75e 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -21,7 +21,7 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \ " -SRC_URI[sha256sum] = "379fc984459394f2ab2d84049efdc3a659869dc1328ce72ef0598506611712bb" +SRC_URI[sha256sum] = "565c6f4bd2d5747b919454fc1d439963024fc78ca56fd05158c3b2cde2f6912b" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/mesa/mesa_21.0.1.bb b/poky/meta/recipes-graphics/mesa/mesa_21.0.3.bb index 8c584d8e9f..8c584d8e9f 100644 --- a/poky/meta/recipes-graphics/mesa/mesa_21.0.1.bb +++ b/poky/meta/recipes-graphics/mesa/mesa_21.0.3.bb diff --git a/poky/meta/recipes-graphics/pango/pango_1.48.2.bb b/poky/meta/recipes-graphics/pango/pango_1.48.2.bb index 1dcb43b5e1..aa279bb503 100644 --- a/poky/meta/recipes-graphics/pango/pango_1.48.2.bb +++ b/poky/meta/recipes-graphics/pango/pango_1.48.2.bb @@ -18,6 +18,8 @@ inherit gnomebase gtk-doc ptest-gnome upstream-version-is-even gobject-introspec GIR_MESON_ENABLE_FLAG = "enabled" GIR_MESON_DISABLE_FLAG = "disabled" +SRC_URI += "file://run-ptest" + SRC_URI[archive.sha256sum] = "d21f8b30dc8abdfc55de25656ecb88dc1105eeeb315e5e2a980dcef8010c2c80" DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi" diff --git a/poky/meta/recipes-graphics/wayland/weston/0001-meson.build-fix-incorrect-header.patch b/poky/meta/recipes-graphics/wayland/weston/0001-meson.build-fix-incorrect-header.patch new file mode 100644 index 0000000000..06e0f7baec --- /dev/null +++ b/poky/meta/recipes-graphics/wayland/weston/0001-meson.build-fix-incorrect-header.patch @@ -0,0 +1,32 @@ +From a2ba4714a6872e547621d29d9ddcb0f374b88cf6 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 20 Apr 2021 20:42:18 -0700 +Subject: [PATCH] meson.build: fix incorrect header + +The wayland.c actually include 'xdg-shell-client-protocol.h' instead of +the server one, so fix it. Otherwise, it's possible to get build failure +due to race condition. + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + libweston/backend-wayland/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libweston/backend-wayland/meson.build b/libweston/backend-wayland/meson.build +index 7e82513..29270b5 100644 +--- a/libweston/backend-wayland/meson.build ++++ b/libweston/backend-wayland/meson.build +@@ -10,7 +10,7 @@ srcs_wlwl = [ + fullscreen_shell_unstable_v1_protocol_c, + presentation_time_protocol_c, + presentation_time_server_protocol_h, +- xdg_shell_server_protocol_h, ++ xdg_shell_client_protocol_h, + xdg_shell_protocol_c, + ] + +-- +2.30.2 + diff --git a/poky/meta/recipes-graphics/wayland/weston_9.0.0.bb b/poky/meta/recipes-graphics/wayland/weston_9.0.0.bb index 50fbfa613b..bcbac06d58 100644 --- a/poky/meta/recipes-graphics/wayland/weston_9.0.0.bb +++ b/poky/meta/recipes-graphics/wayland/weston_9.0.0.bb @@ -11,6 +11,7 @@ SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ file://xwayland.weston-start \ file://0001-weston-launch-Provide-a-default-version-that-doesn-t.patch \ file://0001-tests-include-fcntl.h-for-open-O_RDWR-O_CLOEXEC-and-.patch \ + file://0001-meson.build-fix-incorrect-header.patch \ " SRC_URI_append_libc-musl = " file://dont-use-plane-add-prop.patch " diff --git a/poky/meta/recipes-graphics/xorg-lib/libxshmfence/0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch b/poky/meta/recipes-graphics/xorg-lib/libxshmfence/0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch new file mode 100644 index 0000000000..3e87794d20 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/libxshmfence/0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch @@ -0,0 +1,39 @@ +From 5827f6389a227157958d14a687fb29223cb3a03a Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 7 Apr 2021 07:48:42 +0000 +Subject: [PATCH] xshmfence_futex.h: Define SYS_futex if it does not exist + +_NR_futex is not defines by newer architectures e.g. riscv32 as +they only have 64bit variant of time_t. Glibc defines SYS_futex +interface based on __NR_futex, since this is used in applications, +such applications start to fail to build for these newer architectures. +This patch defines a fallback to alias __NR_futex to __NR_futex_time64 +to make SYS_futex keep working. + +Reference: https://git.openembedded.org/openembedded-core/commit/?id=7a218adf9990f5e18d0b6a33eb34091969f979c7 + +Upstream-Status: Pending + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/xshmfence_futex.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/xshmfence_futex.h b/src/xshmfence_futex.h +index 673ac0e..a71efa5 100644 +--- a/src/xshmfence_futex.h ++++ b/src/xshmfence_futex.h +@@ -53,6 +53,10 @@ static inline int futex_wait(int32_t *addr, int32_t value) { + #include <sys/time.h> + #include <sys/syscall.h> + ++#if !defined(SYS_futex) && defined(SYS_futex_time64) ++#define SYS_futex SYS_futex_time64 ++#endif ++ + static inline long sys_futex(void *addr1, int op, int val1, struct timespec *timeout, void *addr2, int val3) + { + return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3); +-- +2.29.2 + diff --git a/poky/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb b/poky/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb index cc45696530..d153c7a603 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb @@ -13,7 +13,9 @@ DEPENDS += "virtual/libx11" EXTRA_OECONF += "--with-shared-memory-dir=/dev/shm" -BBCLASSEXTEND = "native nativesdk" +SRC_URI += "file://0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch" SRC_URI[md5sum] = "42dda8016943dc12aff2c03a036e0937" SRC_URI[sha256sum] = "b884300d26a14961a076fbebc762a39831cb75f92bed5ccf9836345b459220c7" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-3472.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-3472.patch new file mode 100644 index 0000000000..5480f71871 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-3472.patch @@ -0,0 +1,43 @@ +From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Sun, 21 Mar 2021 18:38:57 +0100 +Subject: [PATCH] Fix XChangeFeedbackControl() request underflow + +CVE-2021-3472 / ZDI-CAN-1259 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> + +Upstream-Status: Backport +CVE: CVE-2021-3472 + +Reference to upstream patch: +[https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + Xi/chgfctl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c +index 1de4da9..7a597e4 100644 +--- a/Xi/chgfctl.c ++++ b/Xi/chgfctl.c +@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client) + break; + case StringFeedbackClass: + { +- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]); ++ xStringFeedbackCtl *f; + ++ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq, ++ sizeof(xStringFeedbackCtl)); ++ f = ((xStringFeedbackCtl *) &stuff[1]); + if (client->swapped) { + if (len < bytes_to_int32(sizeof(xStringFeedbackCtl))) + return BadLength; +-- +2.17.1 + diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index 5c6dbac4d7..755a762a73 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -7,6 +7,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \ + file://CVE-2021-3472.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" diff --git a/poky/meta/recipes-kernel/kmod/kmod.inc b/poky/meta/recipes-kernel/kmod/kmod.inc index ccda9f2b73..ba5ec7f650 100644 --- a/poky/meta/recipes-kernel/kmod/kmod.inc +++ b/poky/meta/recipes-kernel/kmod/kmod.inc @@ -26,7 +26,6 @@ SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git \ S = "${WORKDIR}/git" -EXTRA_AUTORECONF += "--install --symlink" EXTRA_OECONF +=" --enable-tools --with-zlib" PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb index 78856cbf66..bd1f177209 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=ef0565762eac313c409567b59dff00b2 \ + file://WHENCE;md5=e21a8cbddc1612bce56f06fe154a0743 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -205,7 +205,7 @@ PE = "1" SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "1bcb1a3944c361507754a7d26ccff40ffc28d1fb93bce711d67da26b33e785b7" +SRC_URI[sha256sum] = "a2348f03492713dca9aef202496c6e58f5e63ee5bec6a7bdfcf8b18ce7155e70" inherit allarch @@ -645,8 +645,8 @@ FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio. " FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" -FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.bin \ +FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ " FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb index 8725473d1c..ee41d612fd 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -50,5 +50,7 @@ KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" KERNEL_VERSION_SANITY_SKIP = "1" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index cb34887cda..08314ea03e 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "be2935bce35f9adb6d0e735d42651e81a5094adf" -SRCREV_meta ?= "031f6c76e488a3563f35258c72ff1de3e25a512e" +SRCREV_machine ?= "400fbf5b14a0c88afb7c31d65be56fb9d6214c81" +SRCREV_meta ?= "38eb7ca3f4b59339c57a04c310f20809b198fa91" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.25" +LINUX_VERSION ?= "5.10.34" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 2ffc8ed542..f82c6b335b 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "65bbe689d98a007848008be2c8edeb5fa8066829" -SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f" +SRCREV_machine ?= "b62ae8bedb024e67e7c5cda51840454a4170c858" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.107" +LINUX_VERSION ?= "5.4.116" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 83e59b0ebb..8bd674f116 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.25" +LINUX_VERSION ?= "5.10.34" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "0f87ec9fea7a5695cd063d9d11d89751efa53ddd" -SRCREV_machine ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_meta ?= "031f6c76e488a3563f35258c72ff1de3e25a512e" +SRCREV_machine_qemuarm ?= "bf33b78f5136873b6d2ec6274908cf688341bc9e" +SRCREV_machine ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_meta ?= "38eb7ca3f4b59339c57a04c310f20809b198fa91" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 2b6e35a69c..1c3fe73ae5 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.107" +LINUX_VERSION ?= "5.4.116" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "ac3cbab1d6692d4a032dfffe0a604f39a634d18a" -SRCREV_machine ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f" +SRCREV_machine_qemuarm ?= "80bd6016a9bdaed4b66ddffffa8c8e62d7c1f8a6" +SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 026e69511a..2e7a452495 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "d8551cae1ccdbe062a5c6068ce39ea8f4e1c72db" -SRCREV_machine_qemuarm64 ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemumips ?= "7f1f1ad2f2d90b1b070c6b0a82f0add9aa492e37" -SRCREV_machine_qemuppc ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemuriscv64 ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemuriscv32 ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemux86 ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemux86-64 ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_machine_qemumips64 ?= "fd5ac097b891642eea13659bea536f3ec5910d6d" -SRCREV_machine ?= "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651" -SRCREV_meta ?= "031f6c76e488a3563f35258c72ff1de3e25a512e" +SRCREV_machine_qemuarm ?= "78e8e722eec4434024c5db3e0d59da0b128c7647" +SRCREV_machine_qemuarm64 ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemumips ?= "b5c0852a90709e77f7a3d185d1745e6a1f66b77c" +SRCREV_machine_qemuppc ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemuriscv64 ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemuriscv32 ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemux86 ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemux86-64 ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_machine_qemumips64 ?= "bf264e264d2141a4fb61d515573c27935e67ecfa" +SRCREV_machine ?= "85c17ad073e9249f261cc550e8ada89a900d7d9a" +SRCREV_meta ?= "38eb7ca3f4b59339c57a04c310f20809b198fa91" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.25" +LINUX_VERSION ?= "5.10.34" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 245c3d574b..5245530229 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "ea4097dbff5a148265018e1a998e02b5a05e3d27" -SRCREV_machine_qemuarm64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_machine_qemumips ?= "230ca33504faef6f40c5d3b24901aaacb901c9a6" -SRCREV_machine_qemuppc ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_machine_qemuriscv64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_machine_qemux86 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_machine_qemux86-64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_machine_qemumips64 ?= "84e071a893ef9cea8a8ffbcd233b47a2bc9056b5" -SRCREV_machine ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72" -SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f" +SRCREV_machine_qemuarm ?= "e71df0530eefcac1b3248329e385bcefbad6336e" +SRCREV_machine_qemuarm64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemumips ?= "07445052fdd15e60b30dc5ae9d162c2e6bba47d1" +SRCREV_machine_qemuppc ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemuriscv64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemux86 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemux86-64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_machine_qemumips64 ?= "b36d79d6f2aaf9dadec352f611e7b9becf2b9a55" +SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85" +SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.107" +LINUX_VERSION ?= "5.4.116" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0005-fix-block-add-a-disk_uevent-helper-v5.12.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0005-fix-block-add-a-disk_uevent-helper-v5.12.patch new file mode 100644 index 0000000000..3a2280ccdc --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0005-fix-block-add-a-disk_uevent-helper-v5.12.patch @@ -0,0 +1,305 @@ +From 17cd2dc91cb82ed342b0da699f2b1a70c1bf6a03 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Mon, 15 Mar 2021 14:54:02 -0400 +Subject: [PATCH 2/4] fix: block: add a disk_uevent helper (v5.12) + +See upstream commit: + + commit bc359d03c7ec1bf3b86d03bafaf6bbb21e6414fd + Author: Christoph Hellwig <hch@lst.de> + Date: Sun Jan 24 11:02:39 2021 +0100 + + block: add a disk_uevent helper + + Add a helper to call kobject_uevent for the disk and all partitions, and + unexport the disk_part_iter_* helpers that are now only used in the core + block code. + +Upstream-status: Backport [2.12.6] + +Change-Id: If6e8797049642ab382d5699660ee1dd734e92c90 +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +--- + Makefile | 1 + + lttng-statedump-impl.c | 34 +++++++++---- + src/wrapper/genhd.c | 111 +++++++++++++++++++++++++++++++++++++++++ + wrapper/genhd.h | 62 +++++++++++++++++++++++ + 4 files changed, 198 insertions(+), 10 deletions(-) + create mode 100644 src/wrapper/genhd.c + +diff --git a/Makefile b/Makefile +index a9aff3f1..34043cfb 100644 +--- a/Makefile ++++ b/Makefile +@@ -80,6 +80,7 @@ ifneq ($(KERNELRELEASE),) + wrapper/kallsyms.o \ + wrapper/irqdesc.o \ + wrapper/fdtable.o \ ++ wrapper/genhd.o \ + lttng-wrapper-impl.o + + ifneq ($(CONFIG_HAVE_SYSCALL_TRACEPOINTS),) +diff --git a/lttng-statedump-impl.c b/lttng-statedump-impl.c +index 60b937c9..5511c7e8 100644 +--- a/lttng-statedump-impl.c ++++ b/lttng-statedump-impl.c +@@ -250,13 +250,17 @@ int lttng_enumerate_block_devices(struct lttng_session *session) + struct device_type *ptr_disk_type; + struct class_dev_iter iter; + struct device *dev; ++ int ret = 0; + + ptr_block_class = wrapper_get_block_class(); +- if (!ptr_block_class) +- return -ENOSYS; ++ if (!ptr_block_class) { ++ ret = -ENOSYS; ++ goto end; ++ } + ptr_disk_type = wrapper_get_disk_type(); + if (!ptr_disk_type) { +- return -ENOSYS; ++ ret = -ENOSYS; ++ goto end; + } + class_dev_iter_init(&iter, ptr_block_class, NULL, ptr_disk_type); + while ((dev = class_dev_iter_next(&iter))) { +@@ -272,22 +276,32 @@ int lttng_enumerate_block_devices(struct lttng_session *session) + (disk->flags & GENHD_FL_SUPPRESS_PARTITION_INFO)) + continue; + +- disk_part_iter_init(&piter, disk, DISK_PITER_INCL_PART0); +- while ((part = disk_part_iter_next(&piter))) { ++ /* ++ * The original 'disk_part_iter_init' returns void, but our ++ * wrapper can fail to lookup the original symbol. ++ */ ++ if (wrapper_disk_part_iter_init(&piter, disk, DISK_PITER_INCL_PART0) < 0) { ++ ret = -ENOSYS; ++ goto iter_exit; ++ } ++ ++ while ((part = wrapper_disk_part_iter_next(&piter))) { + char name_buf[BDEVNAME_SIZE]; + + if (lttng_get_part_name(disk, part, name_buf) == -ENOSYS) { +- disk_part_iter_exit(&piter); +- class_dev_iter_exit(&iter); +- return -ENOSYS; ++ wrapper_disk_part_iter_exit(&piter); ++ ret = -ENOSYS; ++ goto iter_exit; + } + trace_lttng_statedump_block_device(session, + lttng_get_part_devt(part), name_buf); + } +- disk_part_iter_exit(&piter); ++ wrapper_disk_part_iter_exit(&piter); + } ++iter_exit: + class_dev_iter_exit(&iter); +- return 0; ++end: ++ return ret; + } + + #ifdef CONFIG_INET +diff --git a/src/wrapper/genhd.c b/src/wrapper/genhd.c +new file mode 100644 +index 00000000..a5a6c410 +--- /dev/null ++++ b/src/wrapper/genhd.c +@@ -0,0 +1,111 @@ ++/* SPDX-License-Identifier: (GPL-2.0-only OR LGPL-2.1-only) ++ * ++ * wrapper/genhd.c ++ * ++ * Wrapper around disk_part_iter_(init|next|exit). Using KALLSYMS to get the ++ * addresses when available, else we need to have a kernel that exports this ++ * function to GPL modules. This export was removed in 5.12. ++ * ++ * Copyright (C) 2021 Michael Jeanson <mjeanson@efficios.com> ++ */ ++ ++#include <lttng/kernel-version.h> ++#include <linux/module.h> ++#include <wrapper/genhd.h> ++ ++#if (defined(CONFIG_KALLSYMS) && \ ++ (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,12,0))) ++ ++#include <wrapper/kallsyms.h> ++ ++static ++void (*disk_part_iter_init_sym)(struct disk_part_iter *piter, struct gendisk *disk, ++ unsigned int flags); ++ ++static ++LTTNG_DISK_PART_TYPE *(*disk_part_iter_next_sym)(struct disk_part_iter *piter); ++ ++static ++void (*disk_part_iter_exit_sym)(struct disk_part_iter *piter); ++ ++/* ++ * This wrapper has an 'int' return type instead of the original 'void', to be ++ * able to report the symbol lookup failure to the caller. ++ * ++ * Return 0 on success, -1 on error. ++ */ ++int wrapper_disk_part_iter_init(struct disk_part_iter *piter, struct gendisk *disk, ++ unsigned int flags) ++{ ++ if (!disk_part_iter_init_sym) ++ disk_part_iter_init_sym = (void *) kallsyms_lookup_funcptr("disk_part_iter_init"); ++ ++ if (disk_part_iter_init_sym) { ++ disk_part_iter_init_sym(piter, disk, flags); ++ } else { ++ printk_once(KERN_WARNING "LTTng: disk_part_iter_init symbol lookup failed.\n"); ++ return -1; ++ } ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_init); ++ ++LTTNG_DISK_PART_TYPE *wrapper_disk_part_iter_next(struct disk_part_iter *piter) ++{ ++ if (!disk_part_iter_next_sym) ++ disk_part_iter_next_sym = (void *) kallsyms_lookup_funcptr("disk_part_iter_next"); ++ ++ if (disk_part_iter_next_sym) { ++ return disk_part_iter_next_sym(piter); ++ } else { ++ printk_once(KERN_WARNING "LTTng: disk_part_iter_next symbol lookup failed.\n"); ++ return NULL; ++ } ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_next); ++ ++/* ++ * We don't return an error on symbol lookup failure here because there is ++ * nothing the caller can do to cleanup the iterator. ++ */ ++void wrapper_disk_part_iter_exit(struct disk_part_iter *piter) ++{ ++ if (!disk_part_iter_exit_sym) ++ disk_part_iter_exit_sym = (void *) kallsyms_lookup_funcptr("disk_part_iter_exit"); ++ ++ if (disk_part_iter_exit_sym) { ++ disk_part_iter_exit_sym(piter); ++ } else { ++ printk_once(KERN_WARNING "LTTng: disk_part_iter_exit symbol lookup failed.\n"); ++ } ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_exit); ++ ++#else ++ ++/* ++ * This wrapper has an 'int' return type instead of the original 'void', so the ++ * kallsyms variant can report the symbol lookup failure to the caller. ++ * ++ * This variant always succeeds and returns 0. ++ */ ++int wrapper_disk_part_iter_init(struct disk_part_iter *piter, struct gendisk *disk, ++ unsigned int flags) ++{ ++ disk_part_iter_init(piter, disk, flags); ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_init); ++ ++LTTNG_DISK_PART_TYPE *wrapper_disk_part_iter_next(struct disk_part_iter *piter) ++{ ++ return disk_part_iter_next(piter); ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_next); ++ ++void wrapper_disk_part_iter_exit(struct disk_part_iter *piter) ++{ ++ disk_part_iter_exit(piter); ++} ++EXPORT_SYMBOL_GPL(wrapper_disk_part_iter_exit); ++#endif +diff --git a/wrapper/genhd.h b/wrapper/genhd.h +index 98feb57b..6bae239d 100644 +--- a/wrapper/genhd.h ++++ b/wrapper/genhd.h +@@ -13,6 +13,13 @@ + #define _LTTNG_WRAPPER_GENHD_H + + #include <linux/genhd.h> ++#include <lttng/kernel-version.h> ++ ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#define LTTNG_DISK_PART_TYPE struct block_device ++#else ++#define LTTNG_DISK_PART_TYPE struct hd_struct ++#endif + + #ifdef CONFIG_KALLSYMS_ALL + +@@ -94,4 +101,59 @@ struct device_type *wrapper_get_disk_type(void) + + #endif + ++/* ++ * This wrapper has an 'int' return type instead of the original 'void', to be ++ * able to report the symbol lookup failure to the caller. ++ * ++ * Return 0 on success, -1 on error. ++ */ ++int wrapper_disk_part_iter_init(struct disk_part_iter *piter, struct gendisk *disk, ++ unsigned int flags); ++LTTNG_DISK_PART_TYPE *wrapper_disk_part_iter_next(struct disk_part_iter *piter); ++void wrapper_disk_part_iter_exit(struct disk_part_iter *piter); ++ ++/* ++ * Canary function to check for 'disk_part_iter_init()' at compile time. ++ * ++ * From 'include/linux/genhd.h': ++ * ++ * extern void disk_part_iter_init(struct disk_part_iter *piter, ++ * struct gendisk *disk, unsigned int flags); ++ * ++ */ ++static inline ++void __canary__disk_part_iter_init(struct disk_part_iter *piter, struct gendisk *disk, ++ unsigned int flags) ++{ ++ disk_part_iter_init(piter, disk, flags); ++} ++ ++/* ++ * Canary function to check for 'disk_part_iter_next()' at compile time. ++ * ++ * From 'include/linux/genhd.h': ++ * ++ * struct block_device *disk_part_iter_next(struct disk_part_iter *piter); ++ * ++ */ ++static inline ++LTTNG_DISK_PART_TYPE *__canary__disk_part_iter_next(struct disk_part_iter *piter) ++{ ++ return disk_part_iter_next(piter); ++} ++ ++/* ++ * Canary function to check for 'disk_part_iter_exit()' at compile time. ++ * ++ * From 'include/linux/genhd.h': ++ * ++ * extern void disk_part_iter_exit(struct disk_part_iter *piter); ++ * ++ */ ++static inline ++void __canary__disk_part_iter_exit(struct disk_part_iter *piter) ++{ ++ return disk_part_iter_exit(piter); ++} ++ + #endif /* _LTTNG_WRAPPER_GENHD_H */ +-- +2.25.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0006-fix-backport-block-add-a-disk_uevent-helper-v5.12.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0006-fix-backport-block-add-a-disk_uevent-helper-v5.12.patch new file mode 100644 index 0000000000..e32b3e7a2e --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0006-fix-backport-block-add-a-disk_uevent-helper-v5.12.patch @@ -0,0 +1,48 @@ +From 127135b6a45d5fca828815c62308f72de97e5739 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson <mjeanson@efficios.com> +Date: Thu, 15 Apr 2021 13:56:24 -0400 +Subject: [PATCH 3/4] fix backport: block: add a disk_uevent helper (v5.12) + +Upstream-Status: Backport [2.12.6] + +Signed-off-by: Michael Jeanson <mjeanson@efficios.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +Change-Id: I717162069990577abe78e5e7fed28816f32b2c84 +--- + {src/wrapper => wrapper}/genhd.c | 2 +- + wrapper/genhd.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + rename {src/wrapper => wrapper}/genhd.c (98%) + +diff --git a/src/wrapper/genhd.c b/wrapper/genhd.c +similarity index 98% +rename from src/wrapper/genhd.c +rename to wrapper/genhd.c +index a5a6c410..cbec06f7 100644 +--- a/src/wrapper/genhd.c ++++ b/wrapper/genhd.c +@@ -9,7 +9,7 @@ + * Copyright (C) 2021 Michael Jeanson <mjeanson@efficios.com> + */ + +-#include <lttng/kernel-version.h> ++#include <lttng-kernel-version.h> + #include <linux/module.h> + #include <wrapper/genhd.h> + +diff --git a/wrapper/genhd.h b/wrapper/genhd.h +index 6bae239d..1b4a4201 100644 +--- a/wrapper/genhd.h ++++ b/wrapper/genhd.h +@@ -13,7 +13,7 @@ + #define _LTTNG_WRAPPER_GENHD_H + + #include <linux/genhd.h> +-#include <lttng/kernel-version.h> ++#include <lttng-kernel-version.h> + + #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) + #define LTTNG_DISK_PART_TYPE struct block_device +-- +2.25.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0007-fix-mm-tracing-kfree-event-name-mismatching-with-pro.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0007-fix-mm-tracing-kfree-event-name-mismatching-with-pro.patch new file mode 100644 index 0000000000..dfc9427dca --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0007-fix-mm-tracing-kfree-event-name-mismatching-with-pro.patch @@ -0,0 +1,71 @@ +From 853d5903a200d8a15b3f38780ddaea5c92fa1a03 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Mon, 19 Apr 2021 09:09:28 +0000 +Subject: [PATCH 4/4] fix: mm, tracing: kfree event name mismatching with + provider kmem (v5.12) + +a8bc8ae5c932 ("fix: mm, tracing: record slab name for kmem_cache_free() (v5.12)") +introduces the following call trace for kfree. This is caused by mismatch +between kfree event and its provider kmem. + +This patch maps kfree to kmem_kfree. + +WARNING: CPU: 2 PID: 42294 at src/lttng-probes.c:81 fixup_lazy_probes+0xb0/0x1b0 [lttng_tracer] +CPU: 2 PID: 42294 Comm: modprobe Tainted: G O 5.12.0-rc6-yoctodev-standard #1 +Hardware name: Intel Corporation JACOBSVILLE/JACOBSVILLE, BIOS JBVLCRB2.86B.0014.P20.2004020248 04/02/2020 +RIP: 0010:fixup_lazy_probes+0xb0/0x1b0 [lttng_tracer] +Code: 75 28 83 c3 01 3b 5d c4 74 22 48 8b 4d d0 48 63 + c3 4c 89 e2 4c 89 f6 48 8b 04 c1 4c 8b 38 4c 89 + ff e8 64 9f 4b de 85 c0 74 c3 <0f> 0b 48 8b 05 bf + f2 1e 00 48 8d 50 e8 48 3d f0 a0 98 c0 75 18 eb +RSP: 0018:ffffb976807bfbe0 EFLAGS: 00010286 +RAX: 00000000ffffffff RBX: 0000000000000004 RCX: 0000000000000004 +RDX: 0000000000000066 RSI: ffffffffc03c10a7 RDI: ffffffffc03c11a1 +RBP: ffffb976807bfc28 R08: 0000000000000000 R09: 0000000000000001 +R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000004 +R13: ffffffffc03c2000 R14: ffffffffc03c10a7 R15: ffffffffc03c11a1 +FS: 00007f0ef9533740(0000) GS:ffffa100faa00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000561e8f0aa000 CR3: 000000015b318000 CR4: 0000000000350ee0 +Call Trace: + lttng_probe_register+0x38/0xe0 [lttng_tracer] + ? __event_probe__module_load+0x520/0x520 [lttng_probe_module] + __lttng_events_init__module+0x15/0x20 [lttng_probe_module] + do_one_initcall+0x68/0x310 + ? kmem_cache_alloc_trace+0x2ad/0x4c0 + ? do_init_module+0x28/0x280 + do_init_module+0x62/0x280 + load_module+0x26e4/0x2920 + ? kernel_read_file+0x22e/0x290 + __do_sys_finit_module+0xb1/0xf0 + __x64_sys_finit_module+0x1a/0x20 + do_syscall_64+0x38/0x50 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Upstream-Status: Backport [2.12.6] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> +Change-Id: I00e8ee2b8c35f6f8602c88295f5113fbbd139709 +--- + instrumentation/events/lttng-module/kmem.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/instrumentation/events/lttng-module/kmem.h b/instrumentation/events/lttng-module/kmem.h +index d787ea54..c9edee61 100644 +--- a/instrumentation/events/lttng-module/kmem.h ++++ b/instrumentation/events/lttng-module/kmem.h +@@ -88,7 +88,9 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(kmem_alloc_node, kmem_cache_alloc_node, + ) + + #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,12,0)) +-LTTNG_TRACEPOINT_EVENT(kfree, ++LTTNG_TRACEPOINT_EVENT_MAP(kfree, ++ ++ kmem_kfree, + + TP_PROTO(unsigned long call_site, const void *ptr), + +-- +2.25.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.12.5.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.12.5.bb index 5b05c644a6..1a01cb0c01 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.12.5.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.12.5.bb @@ -15,6 +15,9 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-Fix-filter-interpreter-early-exits-on-uninitialized-.patch \ file://0003-fix-mm-tracing-record-slab-name-for-kmem_cache_free-.patch \ file://0004-Fix-kretprobe-null-ptr-deref-on-session-destroy.patch \ + file://0005-fix-block-add-a-disk_uevent-helper-v5.12.patch \ + file://0006-fix-backport-block-add-a-disk_uevent-helper-v5.12.patch \ + file://0007-fix-mm-tracing-kfree-event-name-mismatching-with-pro.patch \ " SRC_URI[sha256sum] = "c4d1a1b42c728e37b6b7947ae16563a011c4b297311aa04d56f9a1791fb5a30a" diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb index 7074096ee7..6132daf1a1 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb @@ -69,7 +69,7 @@ do_install_append () { } do_install_ptest () { - for f in Makefile tests/Makefile tests/utils/utils.sh tests/regression/tools/save-load/load-42*.lttng tests/regression/tools/save-load/configuration/load-42*.lttng tests/regression/tools/health/test_health.sh tests/regression/tools/metadata/utils.sh tests/regression/tools/rotation/rotate_utils.sh; do + for f in Makefile tests/Makefile tests/utils/utils.sh tests/regression/tools/save-load/*.lttng tests/regression/tools/save-load/configuration/load-42*.lttng tests/regression/tools/health/test_health.sh tests/regression/tools/metadata/utils.sh tests/regression/tools/rotation/rotate_utils.sh; do install -D "${B}/$f" "${D}${PTEST_PATH}/$f" done @@ -155,7 +155,7 @@ do_install_ptest () { -i ${D}${PTEST_PATH}/tests/unit/Makefile # Fix hardcoded build path - sed -e 's#TESTAPP_PATH=.*/tests/regression/#TESTAPP_PATH=${PTEST_PATH}/tests/regression/#' \ + sed -e 's#TESTAPP_PATH=.*/tests/regression/#TESTAPP_PATH="${PTEST_PATH}/tests/regression/#' \ -i ${D}${PTEST_PATH}/tests/regression/ust/python-logging/test_python_logging # Substitute links to installed binaries. diff --git a/poky/meta/recipes-kernel/modutils-initscripts/files/modutils.sh b/poky/meta/recipes-kernel/modutils-initscripts/files/modutils.sh index 28fe6f92d7..67e1dcd990 100755 --- a/poky/meta/recipes-kernel/modutils-initscripts/files/modutils.sh +++ b/poky/meta/recipes-kernel/modutils-initscripts/files/modutils.sh @@ -13,6 +13,7 @@ LOAD_MODULE=modprobe [ -f /proc/modules ] || exit 0 +[ -d /lib/modules/`uname -r` ] || exit 0 # Test if modules.dep exists and has a size greater than zero if [ ! -s /lib/modules/`uname -r`/modules.dep ]; then diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index b4683720aa..28d0c6a2a2 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -322,7 +322,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-archive =+ "bash" -RDEPENDS_${PN}-python =+ "bash python3 python3-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python3', '', d)}" +RDEPENDS_${PN}-python =+ "bash python3 python3-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" RDEPENDS_${PN}-tests =+ "python3 bash" diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.11.20.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb index b3567bca95..f79c0b29ea 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.11.20.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52" +SRC_URI[sha256sum] = "9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa" inherit bin_package allarch diff --git a/poky/meta/recipes-sato/puzzles/puzzles_git.bb b/poky/meta/recipes-sato/puzzles/puzzles_git.bb index 16a08585cc..a1788cf684 100644 --- a/poky/meta/recipes-sato/puzzles/puzzles_git.bb +++ b/poky/meta/recipes-sato/puzzles/puzzles_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libxt" # The libxt requires x11 in DISTRO_FEATURES REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI = "git://git.tartarus.org/simon/puzzles.git \ +SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=main \ file://fix-compiling-failure-with-option-g-O.patch \ file://0001-palisade-Fix-warnings-with-clang-on-arm.patch \ file://0001-Use-Wno-error-format-overflow-if-the-compiler-suppor.patch \ diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch new file mode 100644 index 0000000000..98d2d1ded9 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch @@ -0,0 +1,31 @@ +From dcf9ae0dc0b4510eddbeeea09e11edfb123f95af Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 2 May 2021 13:10:49 -0700 +Subject: [PATCH] MiniBrowser: Fix reproduciblity + +Do not emit references to source dir in generated sourcecode + +Upstream-Status: Submitted [https://bugs.webkit.org/show_bug.cgi?id=225283] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Tools/MiniBrowser/gtk/CMakeLists.txt | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt +index 93b62521..482d3b00 100644 +--- a/Tools/MiniBrowser/gtk/CMakeLists.txt ++++ b/Tools/MiniBrowser/gtk/CMakeLists.txt +@@ -51,8 +51,8 @@ add_custom_command( + OUTPUT ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.c + ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.h + MAIN_DEPENDENCY ${MiniBrowser_DIR}/browser-marshal.list +- COMMAND glib-genmarshal --prefix=browser_marshal ${MiniBrowser_DIR}/browser-marshal.list --body > ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.c +- COMMAND glib-genmarshal --prefix=browser_marshal ${MiniBrowser_DIR}/browser-marshal.list --header > ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.h ++ COMMAND glib-genmarshal --prefix=browser_marshal ${MiniBrowser_DIR}/browser-marshal.list --body --skip-source > ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.c ++ COMMAND glib-genmarshal --prefix=browser_marshal ${MiniBrowser_DIR}/browser-marshal.list --header --skip-source > ${MiniBrowser_DERIVED_SOURCES_DIR}/BrowserMarshal.h + VERBATIM) + + if (USE_GTK4) +-- +2.31.1 + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb index cdc3f9b584..1fefc75c49 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb @@ -20,6 +20,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://reduce-memory-overheads.patch \ file://0001-Extend-atomics-check-to-include-1-byte-CAS-test.patch \ file://musl-lower-stack-usage.patch \ + file://0001-MiniBrowser-Fix-reproduciblity.patch \ " SRC_URI[sha256sum] = "7d0dab08e3c5ae07bec80b2822ef42e952765d5724cac86eb23999bfed5a7f1f" diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb index 888a235c1a..7dcc86fdc1 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb @@ -83,8 +83,8 @@ do_install_append_class-native () { SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates } -RDEPENDS_${PN}_class-target = "openssl-bin" -RDEPENDS_${PN}_class-native = "openssl-native" -RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" +RDEPENDS_${PN}_append_class-target = " openssl-bin openssl" +RDEPENDS_${PN}_append_class-native = " openssl-native" +RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/db/db_5.3.28.bb b/poky/meta/recipes-support/db/db_5.3.28.bb index 9cb57e6a53..b2ae98f05c 100644 --- a/poky/meta/recipes-support/db/db_5.3.28.bb +++ b/poky/meta/recipes-support/db/db_5.3.28.bb @@ -15,7 +15,7 @@ HOMEPAGE = "https://www.oracle.com/database/technologies/related/berkeleydb.html LICENSE = "Sleepycat" RCONFLICTS_${PN} = "db3" -CVE_PRODUCT = "oracle_berkeley_db" +CVE_PRODUCT = "oracle_berkeley_db berkeley_db" CVE_VERSION = "11.2.${PV}" PR = "r1" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_172.bb b/poky/meta/recipes-support/diffoscope/diffoscope_172.bb index bf4726e778..86dd5d8d70 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_172.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_172.bb @@ -23,6 +23,7 @@ do_install_append_class-native() { create_wrapper ${D}${bindir}/diffoscope \ MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + LD_LIBRARY_PATH=${STAGING_LIBDIR_NATIVE} \ RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} } diff --git a/poky/meta/recipes-support/libcap/libcap_2.48.bb b/poky/meta/recipes-support/libcap/libcap_2.48.bb index a12738d63a..2f83acf966 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.48.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.48.bb @@ -20,15 +20,6 @@ UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs inherit lib_package -# do NOT pass target cflags to host compilations -# -do_configure() { - # libcap uses := for compilers, fortunately, it gives us a hint - # on what should be replaced with ?= - sed -e 's,:=,?=,g' -i Make.Rules - sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules -} - PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG_class-native ??= "" @@ -44,11 +35,15 @@ EXTRA_OEMAKE = " \ EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" -# these are present in the libcap defaults, so include in our CFLAGS too -CFLAGS += "-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" - do_compile() { - oe_runmake ${PACKAGECONFIG_CONFARGS} + unset CFLAGS BUILD_CFLAGS + oe_runmake \ + ${PACKAGECONFIG_CONFARGS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + COPTS="${CFLAGS}" \ + BUILD_COPTS="${BUILD_CFLAGS}" } do_install() { diff --git a/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch b/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch new file mode 100644 index 0000000000..0b20eda3c0 --- /dev/null +++ b/poky/meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch @@ -0,0 +1,33 @@ +From dff8fd27edb23bc1486809186c6a4fe1f75f2179 Mon Sep 17 00:00:00 2001 +From: Yi Fan Yu <yifan.yu@windriver.com> +Date: Thu, 22 Apr 2021 22:35:59 -0400 +Subject: [PATCH] test/regress.h: Increase default timeval tolerance 50 ms -> + 100 ms + +The default timeout tolerance is 50 ms, +which causes intermittent failure in many the +related tests in arm64 QEMU. + +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14163 +(The root cause seems to be a heavy load) + +Upstream-Status: Submitted [https://github.com/libevent/libevent/pull/1157] + +Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> +--- + test/regress.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/regress.h b/test/regress.h +index f06a7669..829af4a7 100644 +--- a/test/regress.h ++++ b/test/regress.h +@@ -127,7 +127,7 @@ int test_ai_eq_(const struct evutil_addrinfo *ai, const char *sockaddr_port, + tt_int_op(labs(timeval_msec_diff((tv1), (tv2)) - diff), <=, tolerance) + + #define test_timeval_diff_eq(tv1, tv2, diff) \ +- test_timeval_diff_leq((tv1), (tv2), (diff), 50) ++ test_timeval_diff_leq((tv1), (tv2), (diff), 100) + + long timeval_msec_diff(const struct timeval *start, const struct timeval *end); + diff --git a/poky/meta/recipes-support/libevent/libevent_2.1.12.bb b/poky/meta/recipes-support/libevent/libevent_2.1.12.bb index dd4533cce5..6d53fea5a8 100644 --- a/poky/meta/recipes-support/libevent/libevent_2.1.12.bb +++ b/poky/meta/recipes-support/libevent/libevent_2.1.12.bb @@ -15,6 +15,7 @@ SRC_URI = "https://github.com/libevent/libevent/releases/download/release-${PV}- file://Makefile-missing-test-dir.patch \ file://run-ptest \ file://0001-test-regress_dns.c-patch-out-tests-that-require-a-wo.patch \ + file://0002-test-regress.h-Increase-default-timeval-tolerance-50.patch \ " SRC_URI[sha256sum] = "92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb" diff --git a/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch b/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch new file mode 100644 index 0000000000..b331c1bf81 --- /dev/null +++ b/poky/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch @@ -0,0 +1,112 @@ +From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Tue, 26 Jan 2021 11:41:21 -0800 +Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550) + +File: kex.c + +Notes: +Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code. + +Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up. + +Credit: +Stefan-Ghinea + +Upstream-Status: Backport + +Reference to upstream patch: +https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/kex.c | 66 +++++++++++++++++++++++++++---------------------------- + 1 file changed, 33 insertions(+), 33 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index cb16639..19ab6ec 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange + } + + +-#if LIBSSH2_ECDSA +- +-/* kex_session_ecdh_curve_type +- * returns the EC curve type by name used in key exchange +- */ +- +-static int +-kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) +-{ +- int ret = 0; +- libssh2_curve_type type; +- +- if(name == NULL) +- return -1; +- +- if(strcmp(name, "ecdh-sha2-nistp256") == 0) +- type = LIBSSH2_EC_CURVE_NISTP256; +- else if(strcmp(name, "ecdh-sha2-nistp384") == 0) +- type = LIBSSH2_EC_CURVE_NISTP384; +- else if(strcmp(name, "ecdh-sha2-nistp521") == 0) +- type = LIBSSH2_EC_CURVE_NISTP521; +- else { +- ret = -1; +- } +- +- if(ret == 0 && out_type) { +- *out_type = type; +- } +- +- return ret; +-} +- +- + /* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY + * + * Macro that create and verifies EC SHA hash with a given digest bytes +@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) + } \ + + ++#if LIBSSH2_ECDSA ++ ++/* kex_session_ecdh_curve_type ++ * returns the EC curve type by name used in key exchange ++ */ ++ ++static int ++kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type) ++{ ++ int ret = 0; ++ libssh2_curve_type type; ++ ++ if(name == NULL) ++ return -1; ++ ++ if(strcmp(name, "ecdh-sha2-nistp256") == 0) ++ type = LIBSSH2_EC_CURVE_NISTP256; ++ else if(strcmp(name, "ecdh-sha2-nistp384") == 0) ++ type = LIBSSH2_EC_CURVE_NISTP384; ++ else if(strcmp(name, "ecdh-sha2-nistp521") == 0) ++ type = LIBSSH2_EC_CURVE_NISTP521; ++ else { ++ ret = -1; ++ } ++ ++ if(ret == 0 && out_type) { ++ *out_type = type; ++ } ++ ++ return ret; ++} ++ ++ + /* ecdh_sha2_nistp + * Elliptic Curve Diffie Hellman Key Exchange + */ +-- +2.17.1 + diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb index 0b8ccbd217..a5451628e7 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.9.0.bb @@ -11,6 +11,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://CVE-2019-17498.patch \ file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \ file://run-ptest \ + file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \ " SRC_URI_append_ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch" diff --git a/poky/meta/recipes-support/nettle/nettle_3.7.1.bb b/poky/meta/recipes-support/nettle/nettle_3.7.2.bb index 3bbcf17c7a..f8f3360086 100644 --- a/poky/meta/recipes-support/nettle/nettle_3.7.1.bb +++ b/poky/meta/recipes-support/nettle/nettle_3.7.2.bb @@ -24,7 +24,7 @@ SRC_URI_append_class-target = "\ file://dlopen-test.patch \ " -SRC_URI[sha256sum] = "156621427c7b00a75ff9b34b770b95d34f80ef7a55c3407de94b16cbf436c42e" +SRC_URI[sha256sum] = "8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162" UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb index 57a3ae005b..6bd10d2fec 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb @@ -26,3 +26,5 @@ do_compile () { do_install () { install -D -m 0755 ${S}/ptest-runner ${D}${bindir}/ptest-runner } + +RDEPENDS_${PN}_append_libc-glibc = " libgcc" diff --git a/poky/scripts/oe-buildenv-internal b/poky/scripts/oe-buildenv-internal index ba0a9b44d6..e0d920f2fc 100755 --- a/poky/scripts/oe-buildenv-internal +++ b/poky/scripts/oe-buildenv-internal @@ -88,6 +88,10 @@ if [ ! -d "$BITBAKEDIR" ]; then return 1 fi +# Add BitBake's library to PYTHONPATH +PYTHONPATH=$BITBAKEDIR/lib:$PYTHONPATH +export PYTHONPATH + # Make sure our paths are at the beginning of $PATH for newpath in "$BITBAKEDIR/bin" "$OEROOT/scripts"; do # Remove any existences of $newpath from $PATH diff --git a/poky/scripts/oe-debuginfod b/poky/scripts/oe-debuginfod index 967dd5807c..5560769888 100755 --- a/poky/scripts/oe-debuginfod +++ b/poky/scripts/oe-debuginfod @@ -20,12 +20,7 @@ if __name__ == "__main__": package_classes_var = "DEPLOY_DIR_" + tinfoil.config_data.getVar("PACKAGE_CLASSES").split()[0].replace("package_", "").upper() feed_dir = tinfoil.config_data.getVar(package_classes_var, expand=True) - try: - if package_classes_var == "DEPLOY_DIR_RPM": - subprocess.check_output(subprocess.run(['oe-run-native', 'elfutils-native', 'debuginfod', '--verbose', '-R', feed_dir])) - else: - subprocess.check_output(subprocess.run(['oe-run-native', 'elfutils-native', 'debuginfod', '--verbose', '-U', feed_dir])) - except subprocess.CalledProcessError: - print("\nTo use the debuginfod server Please ensure that this variable PACKAGECONFIG_pn-elfutils-native = \"debuginfod libdebuginfod\" is set in the local.conf") - except KeyboardInterrupt: - sys.exit(1) + subprocess.call(['bitbake', '-c', 'addto_recipe_sysroot', 'elfutils-native']) + + subprocess.call(['oe-run-native', 'elfutils-native', 'debuginfod', '--verbose', '-R', '-U', feed_dir]) + print("\nTo use the debuginfod server please ensure that this variable PACKAGECONFIG_pn-elfutils-native = \"debuginfod libdebuginfod\" is set in the local.conf") diff --git a/poky/scripts/oe-time-dd-test.sh b/poky/scripts/oe-time-dd-test.sh index 970a86dff0..459071e732 100644..100755 --- a/poky/scripts/oe-time-dd-test.sh +++ b/poky/scripts/oe-time-dd-test.sh @@ -13,11 +13,16 @@ usage() { echo "Usage: $0 <count>" } +TIMEOUT=15 + if [ $# -ne 1 ]; then usage exit 1 fi uptime -/usr/bin/time -f "%e" dd if=/dev/zero of=foo bs=1024 count=$1 conv=fsync -top -b -n 1 | grep -v "0 0 0" | grep -E ' [RSD] ' | cut -c 46-47 | sort | uniq -c +timeout ${TIMEOUT} dd if=/dev/zero of=oe-time-dd-test.dat bs=1024 count=$1 conv=fsync +if [ $? -ne 0 ]; then + echo "Timeout used: ${TIMEOUT}" + top -c -b -n1 -w 512 +fi diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py index 53324b9f8b..29eb7505bc 100644 --- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py +++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py @@ -271,7 +271,7 @@ def draw_chart(ctx, color, fill, chart_bounds, data, proc_tree, data_range): # If data_range is given, scale the chart so that the value range in # data_range matches the chart bounds exactly. # Otherwise, scale so that the actual data matches the chart bounds. - if data_range: + if data_range and (data_range[1] - data_range[0]): yscale = float(chart_bounds[3]) / (data_range[1] - data_range[0]) ybase = data_range[0] else: diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index ba0b701aff..edd17d09c4 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -145,7 +145,6 @@ class BaseConfig(object): self.qemu_opt = '' self.qemu_opt_script = '' self.qemuparams = '' - self.clean_nfs_dir = False self.nfs_server = '' self.rootfs = '' # File name(s) of a OVMF firmware file or variable store, @@ -210,6 +209,8 @@ class BaseConfig(object): self.qemupid = None # avoid cleanup twice self.cleaned = False + # Files to cleanup after run + self.cleanup_files = [] def acquire_taplock(self, error=True): logger.debug("Acquiring lockfile %s..." % self.taplock) @@ -1020,8 +1021,9 @@ class BaseConfig(object): logger.info('Running %s...' % str(cmd)) if subprocess.call(cmd) != 0: raise RunQemuError('Failed to run %s' % cmd) - self.clean_nfs_dir = True self.rootfs = dest + self.cleanup_files.append(self.rootfs) + self.cleanup_files.append('%s.pseudo_state' % self.rootfs) # Start the userspace NFS server cmd = ('runqemu-export-rootfs', 'start', self.rootfs) @@ -1204,6 +1206,7 @@ class BaseConfig(object): self.rootfs = newrootfs # Don't need a second copy now! self.snapshot = False + self.cleanup_files.append(newrootfs) qb_rootfs_opt = self.get('QB_ROOTFS_OPT') if qb_rootfs_opt: @@ -1476,10 +1479,13 @@ class BaseConfig(object): if self.saved_stty: subprocess.check_call(("stty", self.saved_stty)) - if self.clean_nfs_dir: - logger.info('Removing %s' % self.rootfs) - shutil.rmtree(self.rootfs) - shutil.rmtree('%s.pseudo_state' % self.rootfs) + if self.cleanup_files: + for ent in self.cleanup_files: + logger.info('Removing %s' % ent) + if os.path.isfile(ent): + os.remove(ent) + else: + shutil.rmtree(ent) self.cleaned = True diff --git a/poky/scripts/yocto-check-layer b/poky/scripts/yocto-check-layer index b7c83c8b54..deba3cb4f8 100755 --- a/poky/scripts/yocto-check-layer +++ b/poky/scripts/yocto-check-layer @@ -138,6 +138,9 @@ def main(): layer['type'] == LayerType.ERROR_BSP_DISTRO: continue + # Reset to a clean backup copy for each run + shutil.copyfile(bblayersconf + '.backup', bblayersconf) + if check_bblayers(bblayersconf, layer['path'], logger): logger.info("%s already in %s. To capture initial signatures, layer under test should not present " "in BBLAYERS. Please remove %s from BBLAYERS." % (layer['name'], bblayersconf, layer['name'])) |
