diff options
Diffstat (limited to 'poky/meta/recipes-extended')
37 files changed, 1005 insertions, 492 deletions
diff --git a/poky/meta/recipes-extended/acpica/acpica_20230331.bb b/poky/meta/recipes-extended/acpica/acpica_20230628.bb index 01b8833f50..06db99cef5 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20230331.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20230628.bb @@ -17,7 +17,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "m4-native flex-native bison-native" SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz" -SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2" +SRC_URI[sha256sum] = "86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" diff --git a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb index 4182372057..c5d3e04ed5 100644 --- a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb +++ b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb @@ -4,7 +4,7 @@ DESCRIPTION = "These are introductory examples to showcase the use of QEMU to ru LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449" -SRCREV = "ea7f59b02467ed1fb36c3b4c6d5cabe702df26ec" +SRCREV = "fc7c43d138185028b6ac14c83f6492fce26eca95" PV = "0.1+git${SRCPV}" SRC_URI = "git://github.com/ahcbb6/baremetal-helloqemu.git;protocol=https;branch=master" diff --git a/poky/meta/recipes-extended/cpio/cpio_2.14.bb b/poky/meta/recipes-extended/cpio/cpio_2.14.bb index e55fb70cb1..560038d2a6 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.14.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.14.bb @@ -16,8 +16,7 @@ SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905c inherit autotools gettext texinfo ptest -# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us -CVE_CHECK_IGNORE += "CVE-2010-4226" +CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS" EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" @@ -66,7 +65,7 @@ do_install_ptest_base:append() { # The tests need to run as a non-root user, so pull in the ptest user DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}" -PACKAGE_WRITE_DEPS += "ptest-runner" +PACKAGE_WRITE_DEPS:append:class-target = " ${MLPREFIX}ptest-runner" RDEPENDS:${PN}-ptest += "ptest-runner" diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index d77758fd3f..36feaddcf8 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -15,19 +15,15 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ - file://CVE-2023-32324.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" -# Issue only applies to MacOS -CVE_CHECK_IGNORE += "CVE-2008-1033" -# Issue affects pdfdistiller plugin used with but not part of cups -CVE_CHECK_IGNORE += "CVE-2009-0032" -# This is an Ubuntu only issue. -CVE_CHECK_IGNORE += "CVE-2018-6553" -# This is fixed in 2.4.2 but the cve-check class still reports it -CVE_CHECK_IGNORE += "CVE-2022-26691" +CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS" +CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups" +CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue" +CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it" +CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply." LEAD_SONAME = "libcupsdriver.so" @@ -115,7 +111,3 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess" cups_sysroot_preprocess () { sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:' } - -# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is -# root:root, so this doesn't apply. -CVE_CHECK_IGNORE += "CVE-2021-25317" diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch deleted file mode 100644 index 40b89c9899..0000000000 --- a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal <zdohnal@redhat.com> -Date: Thu, 1 Jun 2023 12:04:00 +0200 -Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) - -CVE: CVE-2023-32324 -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589] - -(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e) -Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> ---- - cups/string.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cups/string.c b/cups/string.c -index 93cdad19..6ef58515 100644 ---- a/cups/string.c -+++ b/cups/string.c -@@ -1,6 +1,7 @@ - /* - * String functions for CUPS. - * -+ * Copyright © 2023 by OpenPrinting. - * Copyright © 2007-2019 by Apple Inc. - * Copyright © 1997-2007 by Easy Software Products. - * -@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ - size_t srclen; /* Length of source string */ - - -+ if (size == 0) -+ return (0); -+ - /* - * Figure out how much room is needed... - */ diff --git a/poky/meta/recipes-extended/cups/cups_2.4.2.bb b/poky/meta/recipes-extended/cups/cups_2.4.6.bb index f5ca749bac..58029fdbd4 100644 --- a/poky/meta/recipes-extended/cups/cups_2.4.2.bb +++ b/poky/meta/recipes-extended/cups/cups_2.4.6.bb @@ -2,4 +2,4 @@ require cups.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908" +SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch index 8b88c308f2..32793233f9 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch +++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch @@ -1,4 +1,4 @@ -From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001 +From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001 From: Peiran Hong <peiran.hong@windriver.com> Date: Thu, 5 Sep 2019 15:42:22 -0400 Subject: [PATCH] Skip strip-trailing-cr test case @@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Peiran Hong <peiran.hong@windriver.com> --- - tests/Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + tests/Makefile.am | 1 - + 1 file changed, 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am -index d98df82..757ea52 100644 +index 79bacfb..4adb4d7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -21,9 +21,11 @@ TESTS = \ +@@ -22,7 +22,6 @@ TESTS = \ stdin \ strcoll-0-names \ filename-quoting \ - strip-trailing-cr \ timezone \ - colors -+# Skipping this test since it requires valgrind -+# and thus is too heavy for diffutils package -+# strip-trailing-cr - - XFAIL_TESTS = large-subopt - + colors \ + y2038-vs-32bit diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb index 2bb9e6f32d..08e8305612 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb +++ b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb @@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \ file://0001-Skip-strip-trailing-cr-test-case.patch \ " -SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1" +SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e" EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb index f03ebf4478..fdbdfb6502 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb @@ -18,9 +18,6 @@ DEPENDS = "tiff jpeg fontconfig cups libpng freetype zlib" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" -# We use a system libjpeg-turbo which has this fix -CVE_CHECK_IGNORE += "CVE-2013-6629" - def gs_verdir(v): return "".join(v.split(".")) @@ -30,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://avoid-host-contamination.patch \ " -SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce" +SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" diff --git a/poky/meta/recipes-extended/iputils/iputils_20221126.bb b/poky/meta/recipes-extended/iputils/iputils_20221126.bb index cd5fe9bd3e..7d94271a64 100644 --- a/poky/meta/recipes-extended/iputils/iputils_20221126.bb +++ b/poky/meta/recipes-extended/iputils/iputils_20221126.bb @@ -17,9 +17,8 @@ S = "${WORKDIR}/git" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)" -# Fixed in 2000-10-10, but the versioning of iputils -# breaks the version order. -CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214" +CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." +CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." PACKAGECONFIG ??= "libcap" PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb index d0afb3ca0a..f0e687c330 100644 --- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -13,9 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS += "libtirpc libnsl2" -PV = "3.1+git${SRCPV}" +PV = "3.2" -SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" +SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59" SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb index f55e0b0ed1..d466905426 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -14,8 +14,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3" -# Was fixed in 1.3.3rc1 so not present in 1.3.3 -CVE_CHECK_IGNORE += "CVE-2021-46828" +CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb index f0755e3ae5..10a6149abc 100644 --- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb +++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb @@ -16,8 +16,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516" -# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used -CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" +CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" +CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" +CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" diff --git a/poky/meta/recipes-extended/ltp/ltp_20230516.bb b/poky/meta/recipes-extended/ltp/ltp_20230516.bb index ddc6523e30..e9407d3148 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20230516.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20230516.bb @@ -93,6 +93,7 @@ RDEPENDS:${PN} = "\ e2fsprogs-mke2fs \ expect \ file \ + findutils \ gawk \ gdb \ gzip \ diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch new file mode 100644 index 0000000000..cea435f83b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch @@ -0,0 +1,148 @@ +From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:07 -0600 +Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container() + +Move the function up so that the function declaration is not necessary +and remove the unused arguments to the function. + +No functional changes are intended but will help with a bug fix in the +next patch. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 88 ++++++++++++++++++++++++----------------------------- + 1 file changed, 39 insertions(+), 49 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 3f304cd..65cf727 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -503,13 +503,6 @@ struct ddf_super { + static int load_super_ddf_all(struct supertype *st, int fd, + void **sbp, char *devname); + static int get_svd_state(const struct ddf_super *, const struct vcl *); +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose); + + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, +@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks, + return 1; + } + ++static int ++validate_geometry_ddf_container(struct supertype *st, ++ int level, int raiddisks, ++ unsigned long long data_offset, ++ char *dev, unsigned long long *freesize, ++ int verbose) ++{ ++ int fd; ++ unsigned long long ldsize; ++ ++ if (level != LEVEL_CONTAINER) ++ return 0; ++ if (!dev) ++ return 1; ++ ++ fd = dev_open(dev, O_RDONLY|O_EXCL); ++ if (fd < 0) { ++ if (verbose) ++ pr_err("ddf: Cannot open %s: %s\n", ++ dev, strerror(errno)); ++ return 0; ++ } ++ if (!get_dev_size(fd, dev, &ldsize)) { ++ close(fd); ++ return 0; ++ } ++ close(fd); ++ if (freesize) { ++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); ++ if (*freesize == 0) ++ return 0; ++ } ++ ++ return 1; ++} ++ + static int validate_geometry_ddf(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st, + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { + /* Must be a fresh device to add to a container */ +- return validate_geometry_ddf_container(st, level, layout, +- raiddisks, *chunk, +- size, data_offset, dev, +- freesize, +- verbose); ++ return validate_geometry_ddf_container(st, level, raiddisks, ++ data_offset, dev, ++ freesize, verbose); + } + + if (!dev) { +@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st, + return 1; + } + +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose) +-{ +- int fd; +- unsigned long long ldsize; +- +- if (level != LEVEL_CONTAINER) +- return 0; +- if (!dev) +- return 1; +- +- fd = dev_open(dev, O_RDONLY|O_EXCL); +- if (fd < 0) { +- if (verbose) +- pr_err("ddf: Cannot open %s: %s\n", +- dev, strerror(errno)); +- return 0; +- } +- if (!get_dev_size(fd, dev, &ldsize)) { +- close(fd); +- return 0; +- } +- close(fd); +- if (freesize) { +- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); +- if (*freesize == 0) +- return 0; +- } +- +- return 1; +-} +- + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch new file mode 100644 index 0000000000..fafe88b49c --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch @@ -0,0 +1,56 @@ +From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:08 -0600 +Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in + validate_geometry_ddf() + +A relatively recent patch added a call to validate_geometry() in +Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL. + +This causes some ddf tests to segfault which aborts the test suite. + +To fix this, avoid dereferencing chunk when the level is +LEVEL_CONTAINER or LEVEL_NONE. + +Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container") +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 65cf727..3ef1293 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st, + * If given BVDs, we make an SVD, changing all the GUIDs in the process. + */ + +- if (*chunk == UnSet) +- *chunk = DEFAULT_CHUNK; +- + if (level == LEVEL_NONE) + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { +@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st, + freesize, verbose); + } + ++ if (*chunk == UnSet) ++ *chunk = DEFAULT_CHUNK; ++ + if (!dev) { + mdu_array_info_t array = { + .level = level, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch new file mode 100644 index 0000000000..a954ab027a --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch @@ -0,0 +1,91 @@ +From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:09 -0600 +Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork + +The test 07reshape-grow fails most of the time. But it succeeds around +1 in 5 times. When it does succeed, it causes the tests to die because +mdadm has segfaulted. + +The segfault was caused by mdadm attempting to repoen a file +descriptor that was already closed. The backtrace of the segfault +was: + + #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 + #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956 + #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0) + at util.c:1072 + #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079 + #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244 + #5 0x000056146e329f36 in start_array (mdfd=4, + mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860, + st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0, + bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5, + sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90, + clean=1, avail=0x56146fc78720 "\001\001\001\001\001", + start_partial_ok=0, err_ok=0, was_forced=0) + at Assemble.c:1206 + #6 0x000056146e32c36e in Assemble (st=0x56146fc78660, + mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70, + devlist=0x56146fc6e2d0, c=0x7ffc55342e90) + at Assemble.c:1914 + #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238) + at mdadm.c:1510 + +The file descriptor was closed early in Grow_continue(). The noted commit +moved the close() call to close the fd above the fork which caused the +parent process to return with a closed fd. + +This meant reshape_array() and Grow_continue() would return in the parent +with the fd forked. The fd would eventually be passed to reopen_mddev() +which returned an unhandled NULL from fd2devnm() which would then be +dereferenced in devnm2devid. + +Fix this by moving the close() call below the fork. This appears to +fix the 07revert-grow test. While we're at it, switch to using +close_fd() to invalidate the file descriptor. + +Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time") +Cc: Alex Wu <alexwu@synology.com> +Cc: BingJing Chang <bingjingc@synology.com> +Cc: Danny Shih <dannyshih@synology.com> +Cc: ChangSyun Peng <allenpeng@synology.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + Grow.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Grow.c b/Grow.c +index 9c6fc95..a8e4e83 100644 +--- a/Grow.c ++++ b/Grow.c +@@ -3501,7 +3501,6 @@ started: + return 0; + } + +- close(fd); + /* Now we just need to kick off the reshape and watch, while + * handling backups of the data... + * This is all done by a forked background process. +@@ -3522,6 +3521,9 @@ started: + break; + } + ++ /* Close unused file descriptor in the forked process */ ++ close_fd(&fd); ++ + /* If another array on the same devices is busy, the + * reshape will wait for them. This would mean that + * the first section that we suspend will stay suspended +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch new file mode 100644 index 0000000000..72cb40f782 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch @@ -0,0 +1,42 @@ +From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:10 -0600 +Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks + +Not all struct superswitch implement a get_bad_blocks() function, +yet mdmon seems to call it without checking for NULL and thus +occasionally segfaults in the test 10ddf-geometry. + +Fix this by checking for NULL before calling it. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + monitor.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/monitor.c b/monitor.c +index afc3e50..8e43c0d 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi) + struct md_bb *bb; + int i; + ++ if (!ss->get_bad_blocks) ++ return -1; ++ + /* + * Get a list of bad blocks for an array, then read list of + * acknowledged bad blocks from kernel and compare it against metadata +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch new file mode 100644 index 0000000000..c55bfb125b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch @@ -0,0 +1,128 @@ +From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:18 -0600 +Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures + +Add functionality to continue if a test marked as broken fails. + +To mark a test as broken, a file with the same name but with the suffix +'.broken' should exist. The first line in the file will be printed with +a KNOWN BROKEN message; the rest of the file can describe the how the +test is broken. + +Also adds --skip-broken and --skip-always-broken to skip all the tests +that have a .broken file or to skip all tests whose .broken file's first +line contains the keyword always. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3 + +[OP: adjusted context for mdadm-4.2] +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + test | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +diff --git a/test b/test +index 8f189d9..ee8fba1 100755 +--- a/test ++++ b/test +@@ -10,6 +10,8 @@ devlist= + + savelogs=0 + exitonerror=1 ++ctrl_c_error=0 ++skipbroken=0 + prefix='[0-9][0-9]' + + # use loop devices by default if doesn't specify --dev +@@ -35,6 +37,7 @@ die() { + + ctrl_c() { + exitonerror=1 ++ ctrl_c_error=1 + } + + # mdadm always adds --quiet, and we want to see any unexpected messages +@@ -79,8 +82,21 @@ mdadm() { + do_test() { + _script=$1 + _basename=`basename $_script` ++ _broken=0 ++ + if [ -f "$_script" ] + then ++ if [ -f "${_script}.broken" ]; then ++ _broken=1 ++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n') ++ if [ "$skipbroken" == "all" ]; then ++ return ++ elif [ "$skipbroken" == "always" ] && ++ [[ "$_broken_msg" == *always* ]]; then ++ return ++ fi ++ fi ++ + rm -f $targetdir/stderr + # this might have been reset: restore the default. + echo 2000 > /proc/sys/dev/raid/speed_limit_max +@@ -97,10 +113,15 @@ do_test() { + else + save_log fail + _fail=1 ++ if [ "$_broken" == "1" ]; then ++ echo " (KNOWN BROKEN TEST: $_broken_msg)" ++ fi + fi + [ "$savelogs" == "1" ] && + mv -f $targetdir/log $logdir/$_basename.log +- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1 ++ [ "$ctrl_c_error" == "1" ] && exit 1 ++ [ "$_fail" == "1" -a "$exitonerror" == "1" \ ++ -a "$_broken" == "0" ] && exit 1 + fi + } + +@@ -117,6 +138,8 @@ do_help() { + --logdir=directory Directory to save all logfiles in + --save-logs Usually use with --logdir together + --keep-going | --no-error Don't stop on error, ie. run all tests ++ --skip-broken Skip tests that are known to be broken ++ --skip-always-broken Skip tests that are known to always fail + --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk + --disks= Provide a bunch of physical devices for test + --volgroup=name LVM volume group for LVM test +@@ -211,6 +234,12 @@ parse_args() { + --keep-going | --no-error ) + exitonerror=0 + ;; ++ --skip-broken ) ++ skipbroken=all ++ ;; ++ --skip-always-broken ) ++ skipbroken=always ++ ;; + --disable-multipath ) + unset MULTIPATH + ;; +@@ -275,7 +304,11 @@ main() { + if [ $script == "$testdir/11spare-migration" ];then + continue + fi +- do_test $script ++ case $script in ++ *.broken) ;; ++ *) ++ do_test $script ++ esac + done + fi + +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch new file mode 100644 index 0000000000..115b23bac5 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch @@ -0,0 +1,454 @@ +From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:19 -0600 +Subject: [PATCH 6/6] tests: Add broken files for all broken tests + +Each broken file contains the rough frequency of brokeness as well +as a brief explanation of what happens when it breaks. Estimates +of failure rates are not statistically significant and can vary +run to run. + +This is really just a view from my window. Tests were done on a +small VM with the default loop devices, not real hardware. We've +seen different kernel configurations can cause bugs to appear as well +(ie. different block schedulers). It may also be that different race +conditions will be seen on machines with different performance +characteristics. + +These annotations were done with the kernel currently in md/md-next: + + facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()") + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + tests/01r5integ.broken | 7 ++++ + tests/01raid6integ.broken | 7 ++++ + tests/04r5swap.broken | 7 ++++ + tests/07autoassemble.broken | 8 ++++ + tests/07autodetect.broken | 5 +++ + tests/07changelevelintr.broken | 9 +++++ + tests/07changelevels.broken | 9 +++++ + tests/07reshape5intr.broken | 45 ++++++++++++++++++++++ + tests/07revert-grow.broken | 31 +++++++++++++++ + tests/07revert-shrink.broken | 9 +++++ + tests/07testreshape5.broken | 12 ++++++ + tests/09imsm-assemble.broken | 6 +++ + tests/09imsm-create-fail-rebuild.broken | 5 +++ + tests/09imsm-overlap.broken | 7 ++++ + tests/10ddf-assemble-missing.broken | 6 +++ + tests/10ddf-fail-create-race.broken | 7 ++++ + tests/10ddf-fail-two-spares.broken | 5 +++ + tests/10ddf-incremental-wrong-order.broken | 9 +++++ + tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++ + tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++ + tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++ + tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++ + tests/19raid6auto-repair.broken | 5 +++ + tests/19raid6repair.broken | 5 +++ + 24 files changed, 226 insertions(+) + create mode 100644 tests/01r5integ.broken + create mode 100644 tests/01raid6integ.broken + create mode 100644 tests/04r5swap.broken + create mode 100644 tests/07autoassemble.broken + create mode 100644 tests/07autodetect.broken + create mode 100644 tests/07changelevelintr.broken + create mode 100644 tests/07changelevels.broken + create mode 100644 tests/07reshape5intr.broken + create mode 100644 tests/07revert-grow.broken + create mode 100644 tests/07revert-shrink.broken + create mode 100644 tests/07testreshape5.broken + create mode 100644 tests/09imsm-assemble.broken + create mode 100644 tests/09imsm-create-fail-rebuild.broken + create mode 100644 tests/09imsm-overlap.broken + create mode 100644 tests/10ddf-assemble-missing.broken + create mode 100644 tests/10ddf-fail-create-race.broken + create mode 100644 tests/10ddf-fail-two-spares.broken + create mode 100644 tests/10ddf-incremental-wrong-order.broken + create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken + create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken + create mode 100644 tests/19raid6auto-repair.broken + create mode 100644 tests/19raid6repair.broken + +diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken +new file mode 100644 +index 0000000..2073763 +--- /dev/null ++++ b/tests/01r5integ.broken +@@ -0,0 +1,7 @@ ++fails rarely ++ ++Fails about 1 in every 30 runs with a sha mismatch error: ++ ++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match ++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3 ++ missing +diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken +new file mode 100644 +index 0000000..1df735f +--- /dev/null ++++ b/tests/01raid6integ.broken +@@ -0,0 +1,7 @@ ++fails infrequently ++ ++Fails about 1 in 5 with a sha mismatch: ++ ++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match ++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and ++ /dev/loop3 missing +diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken +new file mode 100644 +index 0000000..e38987d +--- /dev/null ++++ b/tests/04r5swap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 has no superblock - assembly aborted ++ ++ ERROR: no recovery happening +diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken +new file mode 100644 +index 0000000..8be0940 +--- /dev/null ++++ b/tests/07autoassemble.broken +@@ -0,0 +1,8 @@ ++always fails ++ ++Prints lots of messages, but the array doesn't assemble. Error ++possibly related to: ++ ++ mdadm: /dev/md/1 is busy - skipping ++ mdadm: no recogniseable superblock on /dev/md/testing:0 ++ mdadm: /dev/md/2 is busy - skipping +diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken +new file mode 100644 +index 0000000..294954a +--- /dev/null ++++ b/tests/07autodetect.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ ERROR: no resync happening +diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken +new file mode 100644 +index 0000000..284b490 +--- /dev/null ++++ b/tests/07changelevelintr.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 56832 ++ ++ ERROR: no reshape happening +diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken +new file mode 100644 +index 0000000..9b930d9 +--- /dev/null ++++ b/tests/07changelevels.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata ++ ++ ERROR: /dev/md0 isn't a block device. +diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken +new file mode 100644 +index 0000000..efe52a6 +--- /dev/null ++++ b/tests/07reshape5intr.broken +@@ -0,0 +1,45 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex ++held") ++ ++The new error is simply: ++ ++ ERROR: no reshape happening ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails infrequently ++ ++Fails roughly 1 in 4 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: cannot re-read metadata from /dev/loop6 - aborting ++ ++ ERROR: no reshape happening ++ ++Also have seen a random deadlock: ++ ++ INFO: task mdadm:109702 blocked for more than 30 seconds. ++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040 ++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000 ++ Call Trace: ++ <TASK> ++ __schedule+0x67e/0x13b0 ++ schedule+0x82/0x110 ++ mddev_suspend+0x2e1/0x330 ++ suspend_lo_store+0xbd/0x140 ++ md_attr_store+0xcb/0x130 ++ sysfs_kf_write+0x89/0xb0 ++ kernfs_fop_write_iter+0x202/0x2c0 ++ new_sync_write+0x222/0x330 ++ vfs_write+0x3bc/0x4d0 ++ ksys_write+0xd9/0x180 ++ __x64_sys_write+0x43/0x50 ++ do_syscall_64+0x3b/0x90 ++ entry_SYSCALL_64_after_hwframe+0x44/0xae +diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken +new file mode 100644 +index 0000000..9b6db86 +--- /dev/null ++++ b/tests/07revert-grow.broken +@@ -0,0 +1,31 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held") ++ ++The errors are: ++ ++ mdadm: No active reshape to revert on /dev/loop0 ++ ERROR: active raid5 not found ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails rarely ++ ++Fails about 1 in every 30 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory ++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument ++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it ++ (use --run to insist). ++ ++ grep: /sys/block/md*/md/sync_action: No such file or directory ++ ++ ERROR: active raid5 not found +diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken +new file mode 100644 +index 0000000..c33c39e +--- /dev/null ++++ b/tests/07revert-shrink.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 53760 ++ ++ ERROR: active raid5 not found +diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken +new file mode 100644 +index 0000000..a8ce03e +--- /dev/null ++++ b/tests/07testreshape5.broken +@@ -0,0 +1,12 @@ ++always fails ++ ++Test seems to run 'test_stripe' at $dir directory, but $dir is never ++set. If $dir is adjusted to $PWD, the test still fails with: ++ ++ mdadm: /dev/loop2 is not suitable for this array. ++ mdadm: create aborted ++ ++ return 1 ++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile ++ ++ echo cmp failed ++ cmp failed ++ ++ exit 2 +diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken +new file mode 100644 +index 0000000..a6d4d5c +--- /dev/null ++++ b/tests/09imsm-assemble.broken +@@ -0,0 +1,6 @@ ++fails infrequently ++ ++Fails roughly 1 in 10 runs with errors: ++ ++ mdadm: /dev/loop2 is still in use, cannot remove. ++ /dev/loop2 removal from /dev/md/container should have succeeded +diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken +new file mode 100644 +index 0000000..40c4b29 +--- /dev/null ++++ b/tests/09imsm-create-fail-rebuild.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ **Error**: Array size mismatch - expected 3072, actual 16384 +diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken +new file mode 100644 +index 0000000..e7ccab7 +--- /dev/null ++++ b/tests/09imsm-overlap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ /dev/md/vol3 failed check +diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken +new file mode 100644 +index 0000000..bfd8d10 +--- /dev/null ++++ b/tests/10ddf-assemble-missing.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with errors: ++ ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 +diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken +new file mode 100644 +index 0000000..6c0df02 +--- /dev/null ++++ b/tests/10ddf-fail-create-race.broken +@@ -0,0 +1,7 @@ ++usually fails ++ ++Fails about 9 out of 10 times with many errors: ++ ++ mdadm: cannot open MISSING: No such file or directory ++ ERROR: non-degraded array found ++ ERROR: disk 0 not marked as failed in meta data +diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken +new file mode 100644 +index 0000000..eeea56d +--- /dev/null ++++ b/tests/10ddf-fail-two-spares.broken +@@ -0,0 +1,5 @@ ++fails infrequently ++ ++Fails roughly 1 in 3 with error: ++ ++ ERROR: /dev/md/vol1 should be optimal in meta data +diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken +new file mode 100644 +index 0000000..a5af3ba +--- /dev/null ++++ b/tests/10ddf-incremental-wrong-order.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ERROR: sha1sum of /dev/md/vol0 has changed ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8 ++ ERROR: unexpected number of online disks on /dev/loop8 ++ ERROR: sha1sum of /dev/md/vol0 has changed +diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken +new file mode 100644 +index 0000000..4ef1d40 +--- /dev/null ++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk") +diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..89cd4e5 +--- /dev/null ++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..a27399f +--- /dev/null ++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken +@@ -0,0 +1,5 @@ ++fails rarely ++ ++Fails about 1 run in 100 with message: ++ ++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0 +diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken +new file mode 100644 +index 0000000..aa1982e +--- /dev/null ++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6auto-repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/run-ptest b/poky/meta/recipes-extended/mdadm/files/run-ptest index fae8071d43..2380c322a9 100644 --- a/poky/meta/recipes-extended/mdadm/files/run-ptest +++ b/poky/meta/recipes-extended/mdadm/files/run-ptest @@ -2,6 +2,6 @@ mkdir -p /mdadm-testing-dir # make the test continue to execute even one fail -dir=. ./test --keep-going --disable-integrity +dir=. ./test --keep-going --disable-integrity --skip-broken rm -rf /mdadm-testing-dir/* diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb index 14de9d88c2..50d9548747 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -32,6 +32,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ + file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \ + file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \ + file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \ + file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \ + file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \ + file://0006-tests-Add-broken-files-for-all-broken-tests.patch \ " SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" @@ -101,10 +107,9 @@ do_install_ptest() { } RDEPENDS:${PN} += "bash" -RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs" +RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace" RRECOMMENDS:${PN}-ptest += " \ coreutils \ - util-linux \ kernel-module-loop \ kernel-module-linear \ kernel-module-raid0 \ diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb index 5e68a7ea92..b8c867161b 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "cf04c16b099b3d414db4b5b93fc5ed9d46aad564c81a352aa107a33964c356b8" +SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch new file mode 100644 index 0000000000..95c437df4f --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch @@ -0,0 +1,39 @@ +From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 1 Jul 2023 07:48:17 -0700 +Subject: [PATCH] examples: Replace use of termio.h with termios.h + +Fixes build with musl and makes it portable + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + examples/tty_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +index 23f0684..db22500 100644 +--- a/examples/tty_conv.c ++++ b/examples/tty_conv.c +@@ -6,7 +6,8 @@ + #include <string.h> + #include <errno.h> + #include <unistd.h> +-#include <termio.h> ++#include <termios.h> ++#include <sys/ioctl.h> + #include <security/pam_appl.h> + + /*************************************** +@@ -16,7 +17,7 @@ + ***************************************/ + static void echoOff(int fd, int off) + { +- struct termio tty; ++ struct termios tty; + if (ioctl(fd, TCGETA, &tty) < 0) + { + fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); +-- +2.41.0 + diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch deleted file mode 100644 index 94dcb04f0a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 -From: Per Jessen <per@jessen.ch> -Date: Fri, 22 Apr 2022 18:15:36 +0200 -Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype - -When using scandir() to look for MOTD files to display, we wrongly -relied on all filesystems providing a filetype. This is a fix to divert -to lstat() when we have no filetype. To maintain MT safety, it isn't -possible to use lstat() in the scandir() filter function, so all of the -filtering has been moved to an additional loop after scanning all the -motd dirs. -Also, remove superfluous alphasort from scandir(), we are doing -a qsort() later. - -Resolves: https://github.com/linux-pam/linux-pam/issues/455 - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] - -Signed-off-by: Per Jessen <per@jessen.ch> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index 6ac8cba2..5ca486e4 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) - } - } - --static int filter_dirents(const struct dirent *d) --{ -- return (d->d_type == DT_REG || d->d_type == DT_LNK); --} -- - static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) - { -@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - - for (i = 0; i < num_motd_dirs; i++) { - int rv; -- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), -- filter_dirents, alphasort); -+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); - if (rv < 0) { - if (errno != ENOENT || report_missing) { - pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", -@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - if (dirscans_size_total == 0) - goto out; - -+ /* filter out unwanted names, directories, and complement data with lstat() */ -+ for (i = 0; i < num_motd_dirs; i++) { -+ struct dirent **d = dirscans[i]; -+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { -+ int rc; -+ char *fullpath; -+ struct stat s; -+ -+ switch(d[j]->d_type) { /* the filetype determines how to proceed */ -+ case DT_REG: /* regular files and */ -+ case DT_LNK: /* symlinks */ -+ continue; /* are good. */ -+ case DT_UNKNOWN: /* for file systems that do not provide */ -+ /* a filetype, we use lstat() */ -+ if (join_dir_strings(&fullpath, motd_dir_path_split[i], -+ d[j]->d_name) <= 0) -+ break; -+ rc = lstat(fullpath, &s); -+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ -+ if (rc != 0) /* if the lstat() somehow failed */ -+ break; -+ -+ if (S_ISREG(s.st_mode) || /* regular files and */ -+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ -+ break; -+ case DT_DIR: /* We don't want directories */ -+ default: /* nor anything else */ -+ break; -+ } -+ _pam_drop(d[j]); /* free memory */ -+ d[j] = NULL; /* indicate this one was dropped */ -+ dirscans_size_total--; -+ } -+ } -+ - /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); -@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - unsigned int j; - - for (j = 0; j < dirscans_sizes[i]; j++) { -- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -- i_dirnames++; -+ if (NULL != dirscans[i][j]) { -+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -+ i_dirnames++; -+ } - } - } - --- -2.39.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch deleted file mode 100644 index 40040a873a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 27 Oct 2021 10:30:46 +0800 -Subject: [PATCH] run-xtests.sh: check whether files exist - -Fixes: - # ./run-xtests.sh . tst-pam_access1 - mv: cannot stat '/etc/security/opasswd': No such file or directory - PASS: tst-pam_access1 - mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory - ================== - 1 tests passed - 0 tests not run - ================== - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - xtests/run-xtests.sh | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh -index 14f585d9..ff9a4dc1 100755 ---- a/xtests/run-xtests.sh -+++ b/xtests/run-xtests.sh -@@ -18,10 +18,12 @@ all=0 - - mkdir -p /etc/security - for config in access.conf group.conf time.conf limits.conf ; do -- cp /etc/security/$config /etc/security/$config-pam-xtests -+ [ -f "/etc/security/$config" ] && -+ mv /etc/security/$config /etc/security/$config-pam-xtests - install -m 644 "${SRCDIR}"/$config /etc/security/$config - done --mv /etc/security/opasswd /etc/security/opasswd-pam-xtests -+[ -f /etc/security/opasswd ] && -+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests - - for testname in $XTESTS ; do - for cfg in "${SRCDIR}"/$testname*.pamd ; do -@@ -47,11 +49,15 @@ for testname in $XTESTS ; do - all=`expr $all + 1` - rm -f /etc/pam.d/$testname* - done --mv /etc/security/access.conf-pam-xtests /etc/security/access.conf --mv /etc/security/group.conf-pam-xtests /etc/security/group.conf --mv /etc/security/time.conf-pam-xtests /etc/security/time.conf --mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf --mv /etc/security/opasswd-pam-xtests /etc/security/opasswd -+ -+for config in access.conf group.conf time.conf limits.conf opasswd ; do -+ if [ -f "/etc/security/$config-pam-xtests" ]; then -+ mv /etc/security/$config-pam-xtests /etc/security/$config -+ else -+ rm -f /etc/security/$config -+ fi -+done -+ - if test "$failed" -ne 0; then - echo "===================" - echo "$failed of $all tests failed" --- -2.32.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch deleted file mode 100644 index e7bf03f9f7..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <kukuk@suse.com> -Date: Thu, 24 Feb 2022 10:37:32 +0100 -Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf - -According to the manual page, the following entry is valid but does not -work: --:root:ALL EXCEPT localhost - -See https://bugzilla.suse.com/show_bug.cgi?id=1019866 - -Patched is based on PR#226 from Josef Moellers - -Upstream-Status: Backport -CVE: CVE-2022-28321 - -Reference to upstream patch: -[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- - 1 file changed, 76 insertions(+), 19 deletions(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 277192b..bca424f 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - if ((str_len = strlen(string)) > tok_len - && strcasecmp(tok, string + str_len - tok_len) == 0) - return YES; -- } else if (tok[tok_len - 1] == '.') { -+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ - struct addrinfo hint; - - memset (&hint, '\0', sizeof (hint)); -@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - return NO; - } - -- /* Assume network/netmask with an IP of a host. */ -+ /* Assume network/netmask, IP address or hostname. */ - return network_netmask_match(pamh, tok, string, item); - } - -@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. -- * "NONE" token matches NULL string. -+ * "NONE" token matches NULL string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ -@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - - /* network_netmask_match - match a string against one token - * where string is a hostname or ip (v4,v6) address and tok -- * represents either a single ip (v4,v6) address or a network/netmask -+ * represents either a hostname, a single ip (v4,v6) address -+ * or a network/netmask - */ - static int - network_netmask_match (pam_handle_t *pamh, -@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, - char *netmask_ptr; - char netmask_string[MAXHOSTNAMELEN + 1]; - int addr_type; -+ struct addrinfo *ai = NULL; - - if (item->debug) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_DEBUG, - "network_netmask_match: tok=%s, item=%s", tok, string); -+ - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) - { -@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, - netmask_ptr = number_to_netmask(netmask, addr_type, - netmask_string, MAXHOSTNAMELEN); - } -- } -+ -+ /* -+ * Construct an addrinfo list from the IP address. -+ * This should not fail as the input is a correct IP address... -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) -+ { -+ return NO; -+ } -+ } - else -- /* NO, then check if it is only an addr */ -- if (isipaddr(tok, NULL, NULL) != YES) -+ { -+ /* -+ * It is either an IP address or a hostname. -+ * Let getaddrinfo sort everything out -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ - return NO; - } -+ netmask_ptr = NULL; -+ } - - if (isipaddr(string, NULL, NULL) != YES) - { -- /* Assume network/netmask with a name of a host. */ - struct addrinfo hint; - -+ /* Assume network/netmask with a name of a host. */ - memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = AI_CANONNAME; - hint.ai_family = AF_UNSPEC; - - if (item->gai_rv != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else if (!item->res && - (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else - { - struct addrinfo *runp = item->res; -+ struct addrinfo *runp1; - - while (runp != NULL) - { - char buf[INET6_ADDRSTRLEN]; - -- DIAG_PUSH_IGNORE_CAST_ALIGN; -- inet_ntop (runp->ai_family, -- runp->ai_family == AF_INET -- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr -- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, -- buf, sizeof (buf)); -- DIAG_POP_IGNORE_CAST_ALIGN; -+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } - -- if (are_addresses_equal(buf, tok, netmask_ptr)) -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) - { -- return YES; -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ if (runp->ai_family != runp1->ai_family) -+ continue; -+ -+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } -+ -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } - } - runp = runp->ai_next; - } - } - } - else -- return (are_addresses_equal(string, tok, netmask_ptr)); -+ { -+ struct addrinfo *runp1; -+ -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); -+ -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } -+ } -+ -+ freeaddrinfo(ai); - - return NO; - } --- -2.37.3 - diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb index bec47ab836..eafb5aae43 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -21,14 +21,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://pam.d/common-session-noninteractive \ file://pam.d/other \ file://libpam-xtests.patch \ - file://0001-run-xtests.sh-check-whether-files-exist.patch \ + file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \ file://run-ptest \ file://pam-volatiles.conf \ - file://CVE-2022-28321-0002.patch \ - file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \ " -SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d" +SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt" diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.3.bb index cc3420df4e..dc0e957bda 100644 --- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb +++ b/poky/meta/recipes-extended/procps/procps_4.0.3.bb @@ -72,10 +72,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } -# 'ps' isn't suitable for use as a security tool so whitelist this CVE. -# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 -CVE_CHECK_IGNORE += "CVE-2018-1121" - PROCPS_PACKAGES = "${PN}-lib \ ${PN}-ps \ ${PN}-sysctl" diff --git a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 # # /etc/login.defs - Configuration control definitions for the shadow package. # diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/login b/poky/meta/recipes-extended/shadow/files/pam.d/login index b340058539..d39e09b1ea 100644 --- a/poky/meta/recipes-extended/shadow/files/pam.d/login +++ b/poky/meta/recipes-extended/shadow/files/pam.d/login @@ -57,10 +57,6 @@ auth optional pam_group.so # (Replaces the use of /etc/limits in old login) session required pam_limits.so -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) session optional pam_motd.so diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index e05fa237a2..6580bd9166 100644 --- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" LICENSE = "BSD-3-Clause | Artistic-1.0" -LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" +LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed" DEPENDS = "base-passwd" diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index cf05a3af93..83e1a84769 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -65,14 +65,11 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-env \ pam-plugin-group \ pam-plugin-limits \ - pam-plugin-lastlog \ pam-plugin-motd \ pam-plugin-mail \ pam-plugin-shells \ pam-plugin-rootok" -PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog" - PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.13.bb index d1a3fd5593..4e55446312 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.13.bb @@ -6,9 +6,6 @@ BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" -# Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 -CVE_CHECK_IGNORE += "CVE-2013-4235" - -# This is an issue for a different shadow -CVE_CHECK_IGNORE += "CVE-2016-15024" +CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." +CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow" diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index 3051e9b5bc..a53663d086 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -39,8 +39,7 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" -# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source -CVE_CHECK_IGNORE += "CVE-2008-0888" +CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source" # exclude version 5.5.2 which triggers a false positive UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index c390fcf33c..72eb1ae067 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -18,7 +18,7 @@ SRCREV = "6a4af7786630ce48747d9687e2f18f45ea6684c4" S = "${WORKDIR}/git" # https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision -CVE_CHECK_IGNORE += "CVE-2013-4342" +CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision" inherit autotools update-rc.d systemd pkgconfig diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb index 82153131b4..3425e8eb7b 100644 --- a/poky/meta/recipes-extended/zip/zip_3.0.bb +++ b/poky/meta/recipes-extended/zip/zip_3.0.bb @@ -26,11 +26,8 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37" SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369" -# Disputed and also Debian doesn't consider a vulnerability -CVE_CHECK_IGNORE += "CVE-2018-13410" - -# Not for zip but for smart contract implementation for it -CVE_CHECK_IGNORE += "CVE-2018-13684" +CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability" +CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it" # zip.inc sets CFLAGS, but what Makefile actually uses is # CFLAGS_NOOPT. It will also force -O3 optimization, overriding |