diff options
Diffstat (limited to 'poky/meta')
417 files changed, 8425 insertions, 2778 deletions
diff --git a/poky/meta/classes-global/base.bbclass b/poky/meta/classes-global/base.bbclass index 8203f54519..2d0e35517e 100644 --- a/poky/meta/classes-global/base.bbclass +++ b/poky/meta/classes-global/base.bbclass @@ -139,7 +139,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): # /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc) # would return /usr/local/bin/ccache/gcc, but what we need is # /usr/bin/gcc, this code can check and fix that. - if "ccache" in srctool: + if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache': srctool = bb.utils.which(path, tool, executable=True, direction=1) if srctool: os.symlink(srctool, desttool) diff --git a/poky/meta/classes-global/devshell.bbclass b/poky/meta/classes-global/devshell.bbclass index 03af56b7a2..4c23049cf0 100644 --- a/poky/meta/classes-global/devshell.bbclass +++ b/poky/meta/classes-global/devshell.bbclass @@ -8,8 +8,6 @@ inherit terminal DEVSHELL = "${SHELL}" -PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:" - python do_devshell () { if d.getVarFlag("do_devshell", "manualfakeroot"): d.prependVar("DEVSHELL", "pseudo ") diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass index dc46857a19..df2c40c3c5 100644 --- a/poky/meta/classes-global/insane.bbclass +++ b/poky/meta/classes-global/insane.bbclass @@ -1346,7 +1346,7 @@ def unpack_check_src_uri(pn, d): for url in d.getVar("SRC_URI").split(): # Search for github and gitlab URLs that pull unstable archives (comment for future greppers) - if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url): + if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url) or "//codeload.github.com/" in url: oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d) python do_qa_unpack() { diff --git a/poky/meta/classes-global/mirrors.bbclass b/poky/meta/classes-global/mirrors.bbclass index 9643b31a23..d641c390bb 100644 --- a/poky/meta/classes-global/mirrors.bbclass +++ b/poky/meta/classes-global/mirrors.bbclass @@ -67,8 +67,7 @@ osc://.*/.* http://sources.openembedded.org/ \ https?://.*/.* http://sources.openembedded.org/ \ ftp://.*/.* http://sources.openembedded.org/ \ npm://.*/?.* http://sources.openembedded.org/ \ -${CPAN_MIRROR} http://cpan.metacpan.org/ \ -${CPAN_MIRROR} http://search.cpan.org/CPAN/ \ +${CPAN_MIRROR} https://cpan.metacpan.org/ \ https?://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \ https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \ " @@ -90,6 +89,7 @@ BB_GIT_SHALLOW:pn-binutils-cross-${TARGET_ARCH} = "1" BB_GIT_SHALLOW:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "1" BB_GIT_SHALLOW:pn-binutils-cross-testsuite = "1" BB_GIT_SHALLOW:pn-binutils-crosssdk-${SDK_SYS} = "1" +BB_GIT_SHALLOW:pn-binutils-native = "1" BB_GIT_SHALLOW:pn-glibc = "1" PREMIRRORS += "git://sourceware.org/git/glibc.git https://downloads.yoctoproject.org/mirror/sources/ \ git://sourceware.org/git/binutils-gdb.git https://downloads.yoctoproject.org/mirror/sources/" diff --git a/poky/meta/classes-global/package.bbclass b/poky/meta/classes-global/package.bbclass index 2d985d8aff..a47da14ea5 100644 --- a/poky/meta/classes-global/package.bbclass +++ b/poky/meta/classes-global/package.bbclass @@ -490,16 +490,31 @@ def inject_minidebuginfo(file, dvar, dv, d): bb.debug(1, 'ELF file {} has no debuginfo, skipping minidebuginfo injection'.format(file)) return + # minidebuginfo does not make sense to apply to ELF objects other than + # executables and shared libraries, skip applying the minidebuginfo + # generation for objects like kernel modules. + for line in subprocess.check_output([readelf, '-h', debugfile], universal_newlines=True).splitlines(): + if not line.strip().startswith("Type:"): + continue + elftype = line.split(":")[1].strip() + if not any(elftype.startswith(i) for i in ["EXEC", "DYN"]): + bb.debug(1, 'ELF file {} is not executable/shared, skipping minidebuginfo injection'.format(file)) + return + break + # Find non-allocated PROGBITS, NOTE, and NOBITS sections in the debuginfo. # We will exclude all of these from minidebuginfo to save space. remove_section_names = [] for line in subprocess.check_output([readelf, '-W', '-S', debugfile], universal_newlines=True).splitlines(): - fields = line.split() - if len(fields) < 8: + # strip the leading " [ 1]" section index to allow splitting on space + if ']' not in line: + continue + fields = line[line.index(']') + 1:].split() + if len(fields) < 7: continue name = fields[0] type = fields[1] - flags = fields[7] + flags = fields[6] # .debug_ sections will be removed by objcopy -S so no need to explicitly remove them if name.startswith('.debug_'): continue @@ -2434,6 +2449,15 @@ python do_package () { bb.build.exec_func("package_convert_pr_autoinc", d) + # Check for conflict between renamed packages and existing ones + # for each package in PACKAGES, check if it will be renamed to an existing one + for p in packages: + localdata = bb.data.createCopy(d) + localdata.setVar('OVERRIDES', p) + rename = localdata.getVar('PKG') + if (rename != None) and rename in packages: + bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists'%(p,rename,p)) + ########################################################################### # Optimisations ########################################################################### diff --git a/poky/meta/classes-global/sanity.bbclass b/poky/meta/classes-global/sanity.bbclass index 15067e78d3..8cf42036f6 100644 --- a/poky/meta/classes-global/sanity.bbclass +++ b/poky/meta/classes-global/sanity.bbclass @@ -504,6 +504,14 @@ def check_tar_version(sanity_data): version = result.split()[3] if bb.utils.vercmp_string_op(version, "1.28", "<"): return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" + + try: + result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8') + if "--xattrs" not in result: + return "Your tar doesn't support --xattrs, please use GNU tar.\n" + except subprocess.CalledProcessError as e: + return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output) + return None # We use git parameters and functionality only found in 1.7.8 or later @@ -997,13 +1005,6 @@ def check_sanity(sanity_data): if status.messages != "": raise_sanity_error(sanity_data.expand(status.messages), sanity_data, status.network_error) -# Create a copy of the datastore and finalise it to ensure appends and -# overrides are set - the datastore has yet to be finalised at ConfigParsed -def copy_data(e): - sanity_data = bb.data.createCopy(e.data) - sanity_data.finalize() - return sanity_data - addhandler config_reparse_eventhandler config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed" python config_reparse_eventhandler() { @@ -1014,13 +1015,13 @@ addhandler check_sanity_eventhandler check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck bb.event.NetworkTest" python check_sanity_eventhandler() { if bb.event.getName(e) == "SanityCheck": - sanity_data = copy_data(e) + sanity_data = bb.data.createCopy(e.data) check_sanity(sanity_data) if e.generateevents: sanity_data.setVar("SANITY_USE_EVENTS", "1") bb.event.fire(bb.event.SanityCheckPassed(), e.data) elif bb.event.getName(e) == "NetworkTest": - sanity_data = copy_data(e) + sanity_data = bb.data.createCopy(e.data) if e.generateevents: sanity_data.setVar("SANITY_USE_EVENTS", "1") bb.event.fire(bb.event.NetworkTestFailed() if check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data) diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass index 2c8e7b8cc2..2dd880bbab 100644 --- a/poky/meta/classes-global/sstate.bbclass +++ b/poky/meta/classes-global/sstate.bbclass @@ -365,8 +365,9 @@ def sstate_installpkg(ss, d): d.setVar("SSTATE_CURRTASK", ss['task']) sstatefetch = d.getVar('SSTATE_PKGNAME') sstatepkg = d.getVar('SSTATE_PKG') + verify_sig = bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False) - if not os.path.exists(sstatepkg): + if not os.path.exists(sstatepkg) or (verify_sig and not os.path.exists(sstatepkg + '.sig')): pstaging_fetch(sstatefetch, d) if not os.path.isfile(sstatepkg): @@ -377,7 +378,7 @@ def sstate_installpkg(ss, d): d.setVar('SSTATE_INSTDIR', sstateinst) - if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False): + if verify_sig: if not os.path.isfile(sstatepkg + '.sig'): bb.warn("No signature file for sstate package %s, skipping acceleration..." % sstatepkg) return False @@ -1097,7 +1098,7 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): logit("Considering setscene task: %s" % (str(taskdependees[task])), log) - directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx"] + directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_deploy_archives"] def isNativeCross(x): return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross") diff --git a/poky/meta/classes-global/staging.bbclass b/poky/meta/classes-global/staging.bbclass index 5a1f43de78..a058d344fd 100644 --- a/poky/meta/classes-global/staging.bbclass +++ b/poky/meta/classes-global/staging.bbclass @@ -275,6 +275,10 @@ python extend_recipe_sysroot() { pn = d.getVar("PN") stagingdir = d.getVar("STAGING_DIR") sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests" + # only needed by multilib cross-canadian since it redefines RECIPE_SYSROOT + manifestprefix = d.getVar("RECIPE_SYSROOT_MANIFEST_SUBDIR") + if manifestprefix: + sharedmanifests = sharedmanifests + "/" + manifestprefix recipesysroot = d.getVar("RECIPE_SYSROOT") recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE") diff --git a/poky/meta/classes-recipe/baremetal-image.bbclass b/poky/meta/classes-recipe/baremetal-image.bbclass index d3377a92fa..513155e9ae 100644 --- a/poky/meta/classes-recipe/baremetal-image.bbclass +++ b/poky/meta/classes-recipe/baremetal-image.bbclass @@ -15,15 +15,6 @@ # # See meta-skeleton for a working example. -## Emulate image.bbclass -# Handle inherits of any of the image classes we need -IMAGE_CLASSES ??= "" -IMGCLASSES = " ${IMAGE_CLASSES}" -inherit ${IMGCLASSES} -# Set defaults to satisfy IMAGE_FEATURES check -IMAGE_FEATURES ?= "" -IMAGE_FEATURES[type] = "list" -IMAGE_FEATURES[validitems] += "" # Toolchain should be baremetal or newlib based. # TCLIBC="baremetal" or TCLIBC="newlib" @@ -110,6 +101,17 @@ QB_OPT_APPEND:append:qemuriscv32 = " -bios none" CFLAGS:append:qemuriscv64 = " -mcmodel=medany" +## Emulate image.bbclass +# Handle inherits of any of the image classes we need +IMAGE_CLASSES ??= "" +IMGCLASSES = " ${IMAGE_CLASSES}" +inherit ${IMGCLASSES} +# Set defaults to satisfy IMAGE_FEATURES check +IMAGE_FEATURES ?= "" +IMAGE_FEATURES[type] = "list" +IMAGE_FEATURES[validitems] += "" + + # This next part is necessary to trick the build system into thinking # its building an image recipe so it generates the qemuboot.conf addtask do_rootfs before do_image after do_install diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass index d1e83518b5..b27eb2f209 100644 --- a/poky/meta/classes-recipe/cargo.bbclass +++ b/poky/meta/classes-recipe/cargo.bbclass @@ -39,7 +39,7 @@ MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml" RUSTFLAGS ??= "" BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}" -CARGO_BUILD_FLAGS = "-v --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}" +CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}" # This is based on the content of CARGO_BUILD_FLAGS and generally will need to # change if CARGO_BUILD_FLAGS changes. diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass index dea0fbe2f6..f503a001dd 100644 --- a/poky/meta/classes-recipe/cargo_common.bbclass +++ b/poky/meta/classes-recipe/cargo_common.bbclass @@ -56,7 +56,7 @@ cargo_common_do_configure () { [source.crates-io] replace-with = "bitbake" - local-registry = "/nonexistant" + local-registry = "/nonexistent" EOF fi @@ -103,7 +103,7 @@ cargo_common_do_configure () { cat <<- EOF >> ${CARGO_HOME}/config [build] - # Use out of tree build destination to avoid poluting the source tree + # Use out of tree build destination to avoid polluting the source tree target-dir = "${B}/target" EOF fi diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass index b79091383d..a09a042c3f 100644 --- a/poky/meta/classes-recipe/cml1.bbclass +++ b/poky/meta/classes-recipe/cml1.bbclass @@ -21,7 +21,6 @@ cml1_do_configure() { } EXPORT_FUNCTIONS do_configure -addtask configure after do_unpack do_patch before do_compile inherit terminal diff --git a/poky/meta/classes-recipe/core-image.bbclass b/poky/meta/classes-recipe/core-image.bbclass index 90d9eb9d3f..40fc15cb04 100644 --- a/poky/meta/classes-recipe/core-image.bbclass +++ b/poky/meta/classes-recipe/core-image.bbclass @@ -65,7 +65,7 @@ IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" # Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear # is installed # to avoid openssh-dropbear conflict # see [Yocto #14858] for more information -PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}" +PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', ' openssh', '' , d)}" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included diff --git a/poky/meta/classes-recipe/fs-uuid.bbclass b/poky/meta/classes-recipe/fs-uuid.bbclass index a9e7eb8c67..e215f06c80 100644 --- a/poky/meta/classes-recipe/fs-uuid.bbclass +++ b/poky/meta/classes-recipe/fs-uuid.bbclass @@ -10,7 +10,7 @@ def get_rootfs_uuid(d): import subprocess rootfs = d.getVar('ROOTFS') - output = subprocess.check_output(['tune2fs', '-l', rootfs]) + output = subprocess.check_output(['tune2fs', '-l', rootfs], text=True) for line in output.split('\n'): if line.startswith('Filesystem UUID:'): uuid = line.split()[-1] diff --git a/poky/meta/classes-recipe/gnomebase.bbclass b/poky/meta/classes-recipe/gnomebase.bbclass index 805daafa40..5e72f549a3 100644 --- a/poky/meta/classes-recipe/gnomebase.bbclass +++ b/poky/meta/classes-recipe/gnomebase.bbclass @@ -5,7 +5,7 @@ # def gnome_verdir(v): - return ".".join(v.split(".")[:-1]) + return ".".join(v.split(".")[:-1]) or v GNOME_COMPRESS_TYPE ?= "xz" diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass index e387645503..14528e664c 100644 --- a/poky/meta/classes-recipe/image.bbclass +++ b/poky/meta/classes-recipe/image.bbclass @@ -182,8 +182,7 @@ python () { IMAGE_POSTPROCESS_COMMAND ?= "" -# some default locales -IMAGE_LINGUAS ?= "de-de fr-fr en-gb" +IMAGE_LINGUAS ??= "" LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}" @@ -319,7 +318,7 @@ fakeroot python do_image_qa () { except oe.utils.ImageQAFailed as e: qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description) except Exception as e: - qamsg = qamsg + '\tImage QA function %s failed\n' % cmd + qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e) if qamsg: imgname = d.getVar('IMAGE_NAME') @@ -446,7 +445,7 @@ python () { localdata.delVar('DATE') localdata.delVar('TMPDIR') localdata.delVar('IMAGE_VERSION_SUFFIX') - vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude', True) or '').split() + vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude') or '').split() for dep in vardepsexclude: localdata.delVar(dep) diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass index 764e6a5574..e4939af459 100644 --- a/poky/meta/classes-recipe/image_types.bbclass +++ b/poky/meta/classes-recipe/image_types.bbclass @@ -157,11 +157,7 @@ UBI_VOLTYPE ?= "dynamic" UBI_IMGTYPE ?= "ubifs" write_ubi_config() { - if [ -z "$1" ]; then - local vname="" - else - local vname="_$1" - fi + local vname="$1" cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg [ubifs] @@ -183,7 +179,12 @@ multiubi_mkfs() { bbfatal "MKUBIFS_ARGS and UBINIZE_ARGS have to be set, see http://www.linux-mtd.infradead.org/faq/ubifs.html for details" fi - write_ubi_config "$3" + if [ -z "$3" ]; then + local vname="" + else + local vname="_$3" + fi + write_ubi_config "${vname}" if [ -n "$vname" ]; then mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args} @@ -208,7 +209,10 @@ multiubi_mkfs() { fi } +MULTIUBI_ARGS = "MKUBIFS_ARGS UBINIZE_ARGS" + IMAGE_CMD:multiubi () { + ${@' '.join(['%s_%s="%s";' % (arg, name, d.getVar('%s_%s' % (arg, name))) for arg in d.getVar('MULTIUBI_ARGS').split() for name in d.getVar('MULTIUBI_BUILD').split()])} # Split MKUBIFS_ARGS_<name> and UBINIZE_ARGS_<name> for name in ${MULTIUBI_BUILD}; do eval local mkubifs_args=\"\$MKUBIFS_ARGS_${name}\" diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass index 6f5d3bde6c..1531ae6cd5 100644 --- a/poky/meta/classes-recipe/kernel-arch.bbclass +++ b/poky/meta/classes-recipe/kernel-arch.bbclass @@ -70,5 +70,5 @@ HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}" KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" -TOOLCHAIN = "gcc" +TOOLCHAIN ?= "gcc" diff --git a/poky/meta/classes-recipe/kernel-fitimage.bbclass b/poky/meta/classes-recipe/kernel-fitimage.bbclass index 107914e28c..f6d82ce061 100644 --- a/poky/meta/classes-recipe/kernel-fitimage.bbclass +++ b/poky/meta/classes-recipe/kernel-fitimage.bbclass @@ -73,6 +73,9 @@ FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" +# Allow user to select the default DTB for FIT image when multiple dtb's exists. +FIT_CONF_DEFAULT_DTB ?= "" + # Keys used to sign individually image nodes. # The keys to sign image nodes must be different from those used to sign # configuration nodes, otherwise the "required" property, from @@ -375,6 +378,7 @@ fitimage_emit_section_config() { bootscr_line="" setup_line="" default_line="" + default_dtb_image="${FIT_CONF_DEFAULT_DTB}" # conf node name is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID @@ -417,7 +421,17 @@ fitimage_emit_section_config() { # default node is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then - default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + # Select default node as user specified dtb when + # multiple dtb exists. + if [ -n "$default_dtb_image" ]; then + if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then + default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" + else + bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" + fi + else + default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + fi else default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" fi @@ -496,7 +510,7 @@ fitimage_assemble() { ramdiskcount=$3 setupcount="" bootscr_id="" - rm -f $1 arch/${ARCH}/boot/$2 + rm -f $1 ${KERNEL_OUTPUT_DIR}/$2 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then bbfatal "Keys used to sign images and configuration nodes must be different." @@ -529,9 +543,9 @@ fitimage_assemble() { continue fi - DTB_PATH="arch/${ARCH}/boot/dts/$DTB" + DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB" if [ ! -e "$DTB_PATH" ]; then - DTB_PATH="arch/${ARCH}/boot/$DTB" + DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" fi DTB=$(echo "$DTB" | tr '/' '_') @@ -546,10 +560,11 @@ fitimage_assemble() { if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then dtbcount=1 - for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do + for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ + $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do DTB=$(echo "$DTB" | tr '/' '_') - # Skip DTB if we've picked it up previously + # Skip DTB/DTBO if we've picked it up previously echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue DTBS="$DTBS $DTB" @@ -574,9 +589,9 @@ fitimage_assemble() { # # Step 4: Prepare a setup section. (For x86) # - if [ -e arch/${ARCH}/boot/setup.bin ]; then + if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then setupcount=1 - fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin + fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin fi # @@ -650,7 +665,7 @@ fitimage_assemble() { ${UBOOT_MKIMAGE} \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -f $1 \ - arch/${ARCH}/boot/$2 + ${KERNEL_OUTPUT_DIR}/$2 # # Step 8: Sign the image and add public key to U-Boot dtb @@ -667,7 +682,7 @@ fitimage_assemble() { ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -F -k "${UBOOT_SIGN_KEYDIR}" \ $add_key_to_u_boot \ - -r arch/${ARCH}/boot/$2 \ + -r ${KERNEL_OUTPUT_DIR}/$2 \ ${UBOOT_MKIMAGE_SIGN_ARGS} fi } @@ -770,7 +785,7 @@ kernel_do_deploy:append() { if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." - install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" + install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" fi diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass index 8eda0dcaf3..7de99cff56 100644 --- a/poky/meta/classes-recipe/kernel-yocto.bbclass +++ b/poky/meta/classes-recipe/kernel-yocto.bbclass @@ -212,7 +212,7 @@ do_kernel_metadata() { # SRC_URI. If they were supplied, we convert them into include directives # for the update part of the process for f in ${feat_dirs}; do - if [ -d "${WORKDIR}/$f/meta" ]; then + if [ -d "${WORKDIR}/$f/kernel-meta" ]; then includes="$includes -I${WORKDIR}/$f/kernel-meta" elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then includes="$includes -I${WORKDIR}/../oe-local-files/$f" @@ -506,7 +506,7 @@ python do_config_analysis() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--blame', c], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) outfile = d.getVar( 'CONFIG_ANALYSIS_FILE' ) @@ -514,7 +514,7 @@ python do_config_analysis() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--summary', '--extended', '--sanity', c], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) outfile = d.getVar( 'CONFIG_AUDIT_FILE' ) @@ -575,7 +575,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--mismatches', extra_params], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/mismatch.txt".format( s, kmeta ) @@ -597,7 +597,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--invalid', extra_params], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/invalid.txt".format(s,kmeta) @@ -616,7 +616,7 @@ python do_kernel_configcheck() { try: analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--sanity'], cwd=s, env=env ).decode('utf-8') except subprocess.CalledProcessError as e: - bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8')) + bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8'))) if analysis: outfile = "{}/{}/cfg/redefinition.txt".format(s,kmeta) diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass index e4e69e0763..01f866f0a6 100644 --- a/poky/meta/classes-recipe/kernel.bbclass +++ b/poky/meta/classes-recipe/kernel.bbclass @@ -210,9 +210,6 @@ PACKAGES_DYNAMIC += "^${KERNEL_PACKAGE_NAME}-firmware-.*" export OS = "${TARGET_OS}" export CROSS_COMPILE = "${TARGET_PREFIX}" -export KBUILD_BUILD_VERSION = "1" -export KBUILD_BUILD_USER ?= "oe-user" -export KBUILD_BUILD_HOST ?= "oe-host" KERNEL_RELEASE ?= "${KERNEL_VERSION}" @@ -367,6 +364,10 @@ kernel_do_compile() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi # The $use_alternate_initrd is only set from # do_bundle_initramfs() This variable is specifically for the @@ -412,6 +413,10 @@ do_compile_kernelmodules() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} @@ -442,8 +447,8 @@ kernel_do_install() { oe_runmake DEPMOD=echo MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION} INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build" rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source" - # If the kernel/ directory is empty remove it to prevent QA issues - rmdir --ignore-fail-on-non-empty "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" + # Remove empty module directories to prevent QA issues + find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete else bbnote "no modules to install" fi @@ -591,12 +596,26 @@ do_shared_workdir () { cp tools/objtool/objtool ${kerneldir}/tools/objtool/ fi fi + + # When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need + # to copy the build assets generated for the randstruct seed to + # STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will + # generate those assets which will result in a different + # RANDSTRUCT_HASHED_SEED + if [ -d scripts/basic ]; then + mkdir -p ${kerneldir}/scripts + cp -r scripts/basic ${kerneldir}/scripts + fi + + if [ -d scripts/gcc-plugins ]; then + mkdir -p ${kerneldir}/scripts + cp -r scripts/gcc-plugins ${kerneldir}/scripts + fi + } # We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware -sysroot_stage_all () { - : -} +SYSROOT_DIRS = "" KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig" @@ -641,7 +660,7 @@ do_savedefconfig() { do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure -inherit cml1 +inherit cml1 pkgconfig # Need LD, HOSTLDFLAGS and more for config operations KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}" diff --git a/poky/meta/classes-recipe/libc-package.bbclass b/poky/meta/classes-recipe/libc-package.bbclass index de3d4223a8..8a99f73ae7 100644 --- a/poky/meta/classes-recipe/libc-package.bbclass +++ b/poky/meta/classes-recipe/libc-package.bbclass @@ -51,6 +51,7 @@ PACKAGE_NO_GCONV ?= "0" OVERRIDES:append = ":${TARGET_ARCH}-${TARGET_OS}" locale_base_postinst_ontarget() { +mkdir ${libdir}/locale localedef --inputfile=${datadir}/i18n/locales/%s --charmap=%s %s } diff --git a/poky/meta/classes-recipe/license_image.bbclass b/poky/meta/classes-recipe/license_image.bbclass index b60d6e44f4..8560c27e93 100644 --- a/poky/meta/classes-recipe/license_image.bbclass +++ b/poky/meta/classes-recipe/license_image.bbclass @@ -235,7 +235,7 @@ def get_deployed_dependencies(d): deploy = {} # Get all the dependencies for the current task (rootfs). taskdata = d.getVar("BB_TASKDEPDATA", False) - pn = d.getVar("PN", True) + pn = d.getVar("PN") depends = list(set([dep[0] for dep in list(taskdata.values()) if not dep[0].endswith("-native") and not dep[0] == pn])) diff --git a/poky/meta/classes-recipe/linux-kernel-base.bbclass b/poky/meta/classes-recipe/linux-kernel-base.bbclass index cb2212c948..65cc48f304 100644 --- a/poky/meta/classes-recipe/linux-kernel-base.bbclass +++ b/poky/meta/classes-recipe/linux-kernel-base.bbclass @@ -43,5 +43,9 @@ def linux_module_packages(s, d): suffix = "" return " ".join(map(lambda s: "kernel-module-%s%s" % (s.lower().replace('_', '-').replace('@', '+'), suffix), s.split())) +export KBUILD_BUILD_VERSION = "1" +export KBUILD_BUILD_USER ?= "oe-user" +export KBUILD_BUILD_HOST ?= "oe-host" + # that's all diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass index 61ad053def..1e94585f3e 100644 --- a/poky/meta/classes-recipe/native.bbclass +++ b/poky/meta/classes-recipe/native.bbclass @@ -161,7 +161,7 @@ python native_virtclass_handler () { newdeps.append(dep.replace(pn, bpn) + "-native") else: newdeps.append(dep) - d.setVar(varname, " ".join(newdeps), parsing=True) + d.setVar(varname, " ".join(newdeps)) map_dependencies("DEPENDS", e.data, selfref=False) for pkg in e.data.getVar("PACKAGES", False).split(): diff --git a/poky/meta/classes-recipe/overlayfs.bbclass b/poky/meta/classes-recipe/overlayfs.bbclass index bdc6dd9d57..53d65d7531 100644 --- a/poky/meta/classes-recipe/overlayfs.bbclass +++ b/poky/meta/classes-recipe/overlayfs.bbclass @@ -102,7 +102,11 @@ python do_create_overlayfs_units() { overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT") for mountPoint in overlayMountPoints: bb.debug(1, "Process variable flag %s" % mountPoint) - for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split(): + lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint) + if not lowerList: + bb.note("No mount points defined for %s flag, skipping" % (mountPoint)) + continue + for lower in lowerList.split(): bb.debug(1, "Prepare mount unit for %s with data mount point %s" % (lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint))) prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower) diff --git a/poky/meta/classes-recipe/populate_sdk_base.bbclass b/poky/meta/classes-recipe/populate_sdk_base.bbclass index 64a4a58bef..6286d64233 100644 --- a/poky/meta/classes-recipe/populate_sdk_base.bbclass +++ b/poky/meta/classes-recipe/populate_sdk_base.bbclass @@ -74,6 +74,8 @@ TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}" SDK_ARCHIVE_TYPE ?= "tar.xz" SDK_XZ_COMPRESSION_LEVEL ?= "-9" SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}" +SDK_ZIP_OPTIONS ?= "-y" + # To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz python () { @@ -81,7 +83,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') @@ -205,7 +207,7 @@ fakeroot python do_populate_sdk() { } SSTATETASKS += "do_populate_sdk" SSTATE_SKIP_CREATION:task-populate-sdk = '1' -do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}" +do_populate_sdk[cleandirs] += "${SDKDEPLOYDIR}" do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}" do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}" do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}" diff --git a/poky/meta/classes-recipe/populate_sdk_ext.bbclass b/poky/meta/classes-recipe/populate_sdk_ext.bbclass index 925cb313fc..1b47fbe770 100644 --- a/poky/meta/classes-recipe/populate_sdk_ext.bbclass +++ b/poky/meta/classes-recipe/populate_sdk_ext.bbclass @@ -120,7 +120,7 @@ python write_host_sdk_ext_manifest () { f.write("%s %s %s\n" % (info[1], info[2], info[3])) } -SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = "write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; " +SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = " write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; " SDK_TITLE:task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK" @@ -720,7 +720,7 @@ sdk_ext_postinst() { # A bit of another hack, but we need this in the path only for devtool # so put it at the end of $PATH. - echo "export PATH=$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH" >> $env_setup_script + echo "export PATH=\"$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH\"" >> $env_setup_script echo "printf 'SDK environment now set up; additionally you may now run devtool to perform development tasks.\nRun devtool --help for further details.\n'" >> $env_setup_script diff --git a/poky/meta/classes-recipe/qemuboot.bbclass b/poky/meta/classes-recipe/qemuboot.bbclass index 018c000ca2..5a0e50ccfc 100644 --- a/poky/meta/classes-recipe/qemuboot.bbclass +++ b/poky/meta/classes-recipe/qemuboot.bbclass @@ -13,6 +13,7 @@ # QB_OPT_APPEND: options to append to qemu, e.g., "-device usb-mouse" # # QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage" +# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1. # # QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4" # @@ -93,7 +94,7 @@ QB_MEM ?= "-m 256" QB_SMP ?= "" QB_SERIAL_OPT ?= "-serial mon:stdio -serial null" -QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}" +QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}" QB_DEFAULT_FSTYPE ?= "ext4" QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0" QB_OPT_APPEND ?= "" diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass index 93bf6c8be6..5e70007377 100644 --- a/poky/meta/classes-recipe/rust-common.bbclass +++ b/poky/meta/classes-recipe/rust-common.bbclass @@ -94,7 +94,7 @@ RUST_BUILD_ARCH = "${@oe.rust.arch_to_rust_arch(d.getVar('BUILD_ARCH'))}" # Rust additionally will use two additional cases: # - undecorated (e.g. CC) - equivalent to TARGET # - triple suffix (e.g. CC:x86_64_unknown_linux_gnu) - both -# see: https://github.com/alexcrichton/gcc-rs +# see: https://github.com/rust-lang/cc-rs # The way that Rust's internal triples and Yocto triples are mapped together # its likely best to not use the triple suffix due to potential confusion. @@ -125,12 +125,22 @@ create_wrapper_rust () { shift extras="$1" shift + crate_cc_extras="$1" + shift cat <<- EOF > "${file}" #!/usr/bin/env python3 import os, sys orig_binary = "$@" extras = "${extras}" + + # Apply a required subset of CC crate compiler flags + # when we build a target recipe for a non-bare-metal target. + # https://github.com/rust-lang/cc-rs/blob/main/src/lib.rs#L1614 + if "CRATE_CC_NO_DEFAULTS" in os.environ.keys() and \ + "TARGET" in os.environ.keys() and not "-none-" in os.environ["TARGET"]: + orig_binary += "${crate_cc_extras}" + binary = orig_binary.split()[0] args = orig_binary.split() + sys.argv[1:] if extras: @@ -154,22 +164,22 @@ do_rust_create_wrappers () { mkdir -p "${WRAPPER_DIR}" # Yocto Build / Rust Host C compiler - create_wrapper_rust "${RUST_BUILD_CC}" "" "${BUILD_CC}" + create_wrapper_rust "${RUST_BUILD_CC}" "" "${CRATE_CC_FLAGS}" "${BUILD_CC}" # Yocto Build / Rust Host C++ compiler - create_wrapper_rust "${RUST_BUILD_CXX}" "" "${BUILD_CXX}" + create_wrapper_rust "${RUST_BUILD_CXX}" "" "${CRATE_CC_FLAGS}" "${BUILD_CXX}" # Yocto Build / Rust Host linker - create_wrapper_rust "${RUST_BUILD_CCLD}" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}" + create_wrapper_rust "${RUST_BUILD_CCLD}" "" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}" # Yocto Build / Rust Host archiver - create_wrapper_rust "${RUST_BUILD_AR}" "" "${BUILD_AR}" + create_wrapper_rust "${RUST_BUILD_AR}" "" "" "${BUILD_AR}" # Yocto Target / Rust Target C compiler - create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}" + create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}" # Yocto Target / Rust Target C++ compiler - create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}" + create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}" # Yocto Target / Rust Target linker - create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}" + create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}" # Yocto Target / Rust Target archiver - create_wrapper_rust "${RUST_TARGET_AR}" "" "${WRAPPER_TARGET_AR}" + create_wrapper_rust "${RUST_TARGET_AR}" "" "" "${WRAPPER_TARGET_AR}" } diff --git a/poky/meta/classes-recipe/rust-target-config.bbclass b/poky/meta/classes-recipe/rust-target-config.bbclass index 9e1d81bf5c..876fe8fd9b 100644 --- a/poky/meta/classes-recipe/rust-target-config.bbclass +++ b/poky/meta/classes-recipe/rust-target-config.bbclass @@ -114,7 +114,7 @@ def llvm_features_from_target_fpu(d): # TARGET_FPU can be hard or soft. +soft-float tell llvm to use soft float # ABI. There is no option for hard. - fpu = d.getVar('TARGET_FPU', True) + fpu = d.getVar('TARGET_FPU') return ["+soft-float"] if fpu == "soft" else [] def llvm_features(d): @@ -231,19 +231,19 @@ TARGET_POINTER_WIDTH[powerpc64le] = "64" TARGET_C_INT_WIDTH[powerpc64le] = "64" MAX_ATOMIC_WIDTH[powerpc64le] = "64" -## riscv32-unknown-linux-{gnu, musl} -DATA_LAYOUT[riscv32] = "e-m:e-p:32:32-i64:64-n32-S128" -TARGET_ENDIAN[riscv32] = "little" -TARGET_POINTER_WIDTH[riscv32] = "32" -TARGET_C_INT_WIDTH[riscv32] = "32" -MAX_ATOMIC_WIDTH[riscv32] = "32" +## riscv32gc-unknown-linux-{gnu, musl} +DATA_LAYOUT[riscv32gc] = "e-m:e-p:32:32-i64:64-n32-S128" +TARGET_ENDIAN[riscv32gc] = "little" +TARGET_POINTER_WIDTH[riscv32gc] = "32" +TARGET_C_INT_WIDTH[riscv32gc] = "32" +MAX_ATOMIC_WIDTH[riscv32gc] = "32" -## riscv64-unknown-linux-{gnu, musl} -DATA_LAYOUT[riscv64] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128" -TARGET_ENDIAN[riscv64] = "little" -TARGET_POINTER_WIDTH[riscv64] = "64" -TARGET_C_INT_WIDTH[riscv64] = "64" -MAX_ATOMIC_WIDTH[riscv64] = "64" +## riscv64gc-unknown-linux-{gnu, musl} +DATA_LAYOUT[riscv64gc] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128" +TARGET_ENDIAN[riscv64gc] = "little" +TARGET_POINTER_WIDTH[riscv64gc] = "64" +TARGET_C_INT_WIDTH[riscv64gc] = "64" +MAX_ATOMIC_WIDTH[riscv64gc] = "64" # Convert a normal arch (HOST_ARCH, TARGET_ARCH, BUILD_ARCH, etc) to something # rust's internals won't choke on. @@ -258,9 +258,21 @@ def arch_to_rust_target_arch(arch): return "arm" elif arch == "powerpc64le": return "powerpc64" + elif arch == "riscv32gc": + return "riscv32" + elif arch == "riscv64gc": + return "riscv64" else: return arch +# Convert a rust target string to a llvm-compatible triplet +def rust_sys_to_llvm_target(sys): + if sys.startswith('riscv32gc-'): + return sys.replace('riscv32gc-', 'riscv32-', 1) + if sys.startswith('riscv64gc-'): + return sys.replace('riscv64gc-', 'riscv64-', 1) + return sys + # generates our target CPU value def llvm_cpu(d): cpu = d.getVar('PACKAGE_ARCH') @@ -334,7 +346,7 @@ def rust_gen_target(d, thing, wd, arch): # build tspec tspec = {} - tspec['llvm-target'] = rustsys + tspec['llvm-target'] = rust_sys_to_llvm_target(rustsys) tspec['data-layout'] = d.getVarFlag('DATA_LAYOUT', arch_abi) if tspec['data-layout'] is None: bb.fatal("No rust target defined for %s" % arch_abi) @@ -389,3 +401,19 @@ python do_rust_gen_targets () { addtask rust_gen_targets after do_patch before do_compile do_rust_gen_targets[dirs] += "${RUST_TARGETS_DIR}" +# For building target C dependecies use only compiler parameters defined in OE +# and ignore the CC crate defaults which conflicts with OE ones in some cases. +# https://github.com/rust-lang/cc-rs#external-configuration-via-environment-variables +# Some CC crate compiler flags are still required. +# We apply them conditionally in rust wrappers. + +CRATE_CC_FLAGS:class-native = "" +CRATE_CC_FLAGS:class-nativesdk = "" +CRATE_CC_FLAGS:class-target = " -ffunction-sections -fdata-sections -fPIC" + +do_compile:prepend:class-target() { + export CRATE_CC_NO_DEFAULTS=1 +} +do_install:prepend:class-target() { + export CRATE_CC_NO_DEFAULTS=1 +} diff --git a/poky/meta/classes-recipe/scons.bbclass b/poky/meta/classes-recipe/scons.bbclass index 5f0d4a910b..d20a78dc6e 100644 --- a/poky/meta/classes-recipe/scons.bbclass +++ b/poky/meta/classes-recipe/scons.bbclass @@ -9,7 +9,9 @@ inherit python3native DEPENDS += "python3-scons-native" EXTRA_OESCONS ?= "" - +# This value below is derived from $(getconf ARG_MAX) +SCONS_MAXLINELENGTH ?= "MAXLINELENGTH=2097152" +EXTRA_OESCONS:append = " ${SCONS_MAXLINELENGTH}" do_configure() { if [ -n "${CONFIGURESTAMPFILE}" -a "${S}" = "${B}" ]; then if [ -e "${CONFIGURESTAMPFILE}" -a "`cat ${CONFIGURESTAMPFILE}`" != "${BB_TASKHASH}" -a "${CLEANBROKEN}" != "1" ]; then @@ -31,4 +33,8 @@ scons_do_install() { die "scons install execution failed." } +do_configure[vardepsexclude] = "SCONS_MAXLINELENGTH" +do_compile[vardepsexclude] = "SCONS_MAXLINELENGTH" +do_install[vardepsexclude] = "SCONS_MAXLINELENGTH" + EXPORT_FUNCTIONS do_compile do_install diff --git a/poky/meta/classes-recipe/systemd.bbclass b/poky/meta/classes-recipe/systemd.bbclass index f6564c2b31..ce188a8113 100644 --- a/poky/meta/classes-recipe/systemd.bbclass +++ b/poky/meta/classes-recipe/systemd.bbclass @@ -152,6 +152,7 @@ python systemd_populate_packages() { def systemd_check_services(): searchpaths = [oe.path.join(d.getVar("sysconfdir"), "systemd", "system"),] searchpaths.append(d.getVar("systemd_system_unitdir")) + searchpaths.append(d.getVar("systemd_user_unitdir")) systemd_packages = d.getVar('SYSTEMD_PACKAGES') keys = 'Also' diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass index 5cc408b0c4..b48cd96575 100644 --- a/poky/meta/classes-recipe/testimage.bbclass +++ b/poky/meta/classes-recipe/testimage.bbclass @@ -98,7 +98,7 @@ TESTIMAGELOCK:qemuall = "" TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" -TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR" +TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME" testimage_dump_target () { top -bn1 @@ -236,7 +236,7 @@ def testimage_main(d): with open(tdname, "r") as f: td = json.load(f) except FileNotFoundError as err: - bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err)) + bb.fatal('File %s not found (%s).\nHave you built the image with IMAGE_CLASSES += "testimage" in the conf/local.conf?' % (tdname, err)) # Some variables need to be updates (mostly paths) with the # ones of the current environment because some tests require them. diff --git a/poky/meta/classes-recipe/toolchain-scripts.bbclass b/poky/meta/classes-recipe/toolchain-scripts.bbclass index 3cc823fe63..6bfe0b6de0 100644 --- a/poky/meta/classes-recipe/toolchain-scripts.bbclass +++ b/poky/meta/classes-recipe/toolchain-scripts.bbclass @@ -37,7 +37,7 @@ toolchain_create_sdk_env_script () { echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script echo '# Only disable this check if you are absolutely know what you are doing!' >> $script - echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script + echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script @@ -53,7 +53,7 @@ toolchain_create_sdk_env_script () { for i in ${CANADIANEXTRAOS}; do EXTRAPATH="$EXTRAPATH:$sdkpathnative$bindir/${TARGET_ARCH}${TARGET_VENDOR}-$i" done - echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':$PATH' >> $script + echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':"$PATH"' >> $script echo 'export PKG_CONFIG_SYSROOT_DIR=$SDKTARGETSYSROOT' >> $script echo 'export PKG_CONFIG_PATH=$SDKTARGETSYSROOT'"$libdir"'/pkgconfig:$SDKTARGETSYSROOT'"$prefix"'/share/pkgconfig' >> $script echo 'export CONFIG_SITE=${SDKPATH}/site-config-'"${multimach_target_sys}" >> $script diff --git a/poky/meta/classes-recipe/uboot-sign.bbclass b/poky/meta/classes-recipe/uboot-sign.bbclass index debbf23ec6..4b5912a01d 100644 --- a/poky/meta/classes-recipe/uboot-sign.bbclass +++ b/poky/meta/classes-recipe/uboot-sign.bbclass @@ -298,7 +298,7 @@ do_uboot_generate_rsa_keys() { "${UBOOT_FIT_SIGN_NUMBITS}" echo "Generating certificate for signing U-Boot fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ + openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \ -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt fi diff --git a/poky/meta/classes-recipe/update-alternatives.bbclass b/poky/meta/classes-recipe/update-alternatives.bbclass index 970d9bcd45..f34cc6bc19 100644 --- a/poky/meta/classes-recipe/update-alternatives.bbclass +++ b/poky/meta/classes-recipe/update-alternatives.bbclass @@ -5,7 +5,7 @@ # # This class is used to help the alternatives system which is useful when -# multiple sources provide same command. You can use update-alternatives +# multiple sources provide the same command. You can use update-alternatives # command directly in your recipe, but in most cases this class simplifies # that job. # @@ -35,7 +35,7 @@ # A non-default link to create for a target # ALTERNATIVE_TARGET[name] = "target" # -# This is the name of the binary as it's been install by do_install +# This is the name of the binary as it's been installed by do_install # i.e. ALTERNATIVE_TARGET[sh] = "/bin/bash" # # A package specific link for a target @@ -68,7 +68,7 @@ ALTERNATIVE_PRIORITY = "10" # We need special processing for vardeps because it can not work on # modified flag values. So we aggregate the flags into a new variable -# and include that vairable in the set. +# and include that variable in the set. UPDALTVARS = "ALTERNATIVE ALTERNATIVE_LINK_NAME ALTERNATIVE_TARGET ALTERNATIVE_PRIORITY" PACKAGE_WRITE_DEPS += "virtual/update-alternatives-native" diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 0710c1ec5e..4049694d85 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -465,7 +465,7 @@ def is_work_shared(d): pn = d.getVar('PN') return pn.startswith('gcc-source') or \ bb.data.inherits_class('kernel', d) or \ - (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR')) + (bb.data.inherits_class('kernelsrc', d) and d.expand("${TMPDIR}/work-shared") in d.getVar('S')) # Run do_unpack and do_patch python do_unpack_and_patch() { diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass index 47dd12c383..f0513af083 100644 --- a/poky/meta/classes/create-spdx.bbclass +++ b/poky/meta/classes/create-spdx.bbclass @@ -21,7 +21,6 @@ SPDX_TOOL_VERSION ??= "1.0" SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" SPDX_INCLUDE_SOURCES ??= "0" -SPDX_INCLUDE_PACKAGED ??= "0" SPDX_ARCHIVE_SOURCES ??= "0" SPDX_ARCHIVE_PACKAGED ??= "0" @@ -431,7 +430,6 @@ python do_create_spdx() { deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) spdx_workdir = Path(d.getVar("SPDXWORK")) - include_packaged = d.getVar("SPDX_INCLUDE_PACKAGED") == "1" include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" @@ -459,6 +457,7 @@ python do_create_spdx() { for s in d.getVar('SRC_URI').split(): if not s.startswith("file://"): + s = s.split(';')[0] recipe.downloadLocation = s break else: @@ -796,6 +795,7 @@ def spdx_get_src(d): bb.build.exec_func('do_unpack', d) # Copy source of kernel to spdx_workdir if is_work_shared_spdx(d): + share_src = d.getVar('WORKDIR') d.setVar('WORKDIR', spdx_workdir) d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native) src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR') @@ -803,8 +803,8 @@ def spdx_get_src(d): if bb.data.inherits_class('kernel',d): share_src = d.getVar('STAGING_KERNEL_DIR') cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/" - cmd_copy_kernel_result = os.popen(cmd_copy_share).read() - bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result) + cmd_copy_shared_res = os.popen(cmd_copy_share).read() + bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res) git_path = src_dir + "/.git" if os.path.exists(git_path): diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 4b4ea7893e..5e2da56046 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -48,8 +48,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" -CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" +CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -202,7 +202,7 @@ python cve_check_write_rootfs_manifest () { recipies.add(pkg_data["PN"]) bb.note("Writing rootfs CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") + deploy_dir = d.getVar("IMGDEPLOYDIR") link_name = d.getVar("IMAGE_LINK_NAME") json_data = {"version":"1", "package": []} @@ -260,7 +260,7 @@ def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. """ - from oe.cve_check import Version + from oe.cve_check import Version, convert_cve_version pn = d.getVar("PN") real_pv = d.getVar("PV") @@ -324,6 +324,9 @@ def check_cves(d, patched_cves): if cve in cve_ignore: ignored = True + version_start = convert_cve_version(version_start) + version_end = convert_cve_version(version_end) + if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True else: diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 06a9548a20..26c5803ee6 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -61,7 +61,7 @@ python () { if externalsrcbuild: d.setVar('B', externalsrcbuild) else: - d.setVar('B', '${WORKDIR}/${BPN}-${PV}/') + d.setVar('B', '${WORKDIR}/${BPN}-${PV}') local_srcuri = [] fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d) @@ -212,8 +212,8 @@ def srctree_hash_files(d, srcdir=None): try: git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) - top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], - stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) + top_git_dir = os.path.join(d.getVar("TOPDIR"), + subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip()) if git_dir == top_git_dir: git_dir = None except subprocess.CalledProcessError: @@ -230,7 +230,7 @@ def srctree_hash_files(d, srcdir=None): env['GIT_INDEX_FILE'] = tmp_index.name subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env) git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8") - if os.path.exists(".gitmodules"): + if os.path.exists(os.path.join(s_dir, ".gitmodules")) and os.path.getsize(os.path.join(s_dir, ".gitmodules")) > 0: submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8") for line in submodule_helper.splitlines(): module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1]) diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass index 10a4ef9c37..8a1a51aaba 100644 --- a/poky/meta/classes/multilib.bbclass +++ b/poky/meta/classes/multilib.bbclass @@ -51,6 +51,7 @@ python multilib_virtclass_handler () { e.data.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot") e.data.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot") e.data.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot") + e.data.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant) e.data.setVar("MLPREFIX", variant + "-") override = ":virtclass-multilib-" + variant e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) diff --git a/poky/meta/classes/recipe_sanity.bbclass b/poky/meta/classes/recipe_sanity.bbclass index 1c2e24c6a1..a5cc4315fb 100644 --- a/poky/meta/classes/recipe_sanity.bbclass +++ b/poky/meta/classes/recipe_sanity.bbclass @@ -16,7 +16,7 @@ def bad_runtime_vars(cfgdata, d): for var in d.getVar("__recipe_sanity_badruntimevars").split(): val = d.getVar(var, False) if val and val != cfgdata.get(var): - __note("%s should be %s_${PN}" % (var, var), d) + __note("%s should be %s:${PN}" % (var, var), d) __recipe_sanity_reqvars = "DESCRIPTION" __recipe_sanity_reqdiffvars = "" diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass index 2f692fbbcc..2b2ad56514 100644 --- a/poky/meta/classes/report-error.bbclass +++ b/poky/meta/classes/report-error.bbclass @@ -107,6 +107,31 @@ python errorreport_handler () { errorreport_savedata(e, jsondata, "error-report.txt") bb.utils.unlockfile(lock) + elif isinstance(e, bb.event.NoProvider): + bb.utils.mkdirhier(logpath) + data = {} + machine = e.data.getVar("MACHINE") + data['machine'] = machine + data['build_sys'] = e.data.getVar("BUILD_SYS") + data['nativelsb'] = nativelsb() + data['distro'] = e.data.getVar("DISTRO") + data['target_sys'] = e.data.getVar("TARGET_SYS") + data['failures'] = [] + data['component'] = str(e._item) + data['branch_commit'] = str(oe.buildcfg.detect_branch(e.data)) + ": " + str(oe.buildcfg.detect_revision(e.data)) + data['bitbake_version'] = e.data.getVar("BB_VERSION") + data['layer_version'] = get_layers_branch_rev(e.data) + data['local_conf'] = get_conf_data(e, 'local.conf') + data['auto_conf'] = get_conf_data(e, 'auto.conf') + taskdata={} + taskdata['log'] = str(e) + taskdata['package'] = str(e._item) + taskdata['task'] = "Nothing provides " + "'" + str(e._item) + "'" + data['failures'].append(taskdata) + lock = bb.utils.lockfile(datafile + '.lock') + errorreport_savedata(e, data, "error-report.txt") + bb.utils.unlockfile(lock) + elif isinstance(e, bb.event.BuildCompleted): lock = bb.utils.lockfile(datafile + '.lock') jsondata = json.loads(errorreport_getdata(e)) @@ -120,4 +145,4 @@ python errorreport_handler () { } addhandler errorreport_handler -errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed" +errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed bb.event.NoProvider" diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass index c493efff2f..8b5fe1b808 100644 --- a/poky/meta/classes/rm_work.bbclass +++ b/poky/meta/classes/rm_work.bbclass @@ -33,6 +33,13 @@ BB_SCHEDULER ?= "completion" BB_TASK_IONICE_LEVEL:task-rm_work = "3.0" do_rm_work () { + # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH + # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function + RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)" + if [ -z "${RM_BIN}" ]; then + bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data." + fi + # If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe. for p in ${RM_WORK_EXCLUDE}; do if [ "$p" = "${PN}" ]; then @@ -79,7 +86,7 @@ do_rm_work () { # sstate version since otherwise we'd need to leave 'plaindirs' around # such as 'packages' and 'packages-split' and these can be large. No end # of chain tasks depend directly on do_package anymore. - rm -f -- $i; + "${RM_BIN}" -f -- $i; ;; *_setscene*) # Skip stamps which are already setscene versions @@ -96,7 +103,7 @@ do_rm_work () { ;; esac done - rm -f -- $i + "${RM_BIN}" -f -- $i esac done @@ -106,12 +113,14 @@ do_rm_work () { # Retain only logs and other files in temp, safely ignore # failures of removing pseudo folers on NFS2/3 server. if [ $dir = 'pseudo' ]; then - rm -rf -- $dir 2> /dev/null || true + "${RM_BIN}" -rf -- $dir 2> /dev/null || true elif ! echo "$excludes" | grep -q -w "$dir"; then - rm -rf -- $dir + "${RM_BIN}" -rf -- $dir fi done } +do_rm_work[vardepsexclude] += "SSTATETASKS" + do_rm_work_all () { : } @@ -178,7 +187,7 @@ python inject_rm_work() { # other recipes and thus will typically run much later than completion of # work in the recipe itself. # In practice, addtask() here merely updates the dependencies. - bb.build.addtask('do_rm_work', 'do_build', ' '.join(deps), d) + bb.build.addtask('do_rm_work', 'do_rm_work_all do_build', ' '.join(deps), d) # Always update do_build_without_rm_work dependencies. bb.build.addtask('do_build_without_rm_work', '', ' '.join(deps), d) diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 62cdd9aa9c..a1f0f624e9 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -676,7 +676,7 @@ export PYTHONHASHSEED = "0" export PERL_HASH_SEED = "0" export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}" # A SOURCE_DATE_EPOCH of '0' might be misinterpreted as no SDE -export SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400" +SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400" REPRODUCIBLE_TIMESTAMP_ROOTFS ??= "1520598896" ################################################################## diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index 8b5f8d49b8..f5d6867ed4 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-108 CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887" # 2020 CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" + +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 +CVE_CHECK_IGNORE += "CVE-2020-27784" + # 2021 CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 +CVE_CHECK_IGNORE += "CVE-2021-3669" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 +CVE_CHECK_IGNORE += "CVE-2021-3759" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 +CVE_CHECK_IGNORE += "CVE-2021-4218" + # 2022 CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ @@ -90,6 +115,193 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ CVE-2022-29582 CVE-2022-29968" +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 +CVE_CHECK_IGNORE += "CVE-2022-0480" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d +CVE_CHECK_IGNORE += "CVE-2022-1184" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_CHECK_IGNORE += "CVE-2022-1462" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac +CVE_CHECK_IGNORE += "CVE-2022-2308" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 +CVE_CHECK_IGNORE += "CVE-2022-2327" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d +CVE_CHECK_IGNORE += "CVE-2022-2663" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd +CVE_CHECK_IGNORE += "CVE-2022-2785" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 +CVE_CHECK_IGNORE += "CVE-2022-3176" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b +CVE_CHECK_IGNORE += "CVE-2022-3526" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd +CVE_CHECK_IGNORE += "CVE-2022-3621" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 +CVE_CHECK_IGNORE += "CVE-2022-3623" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 +CVE_CHECK_IGNORE += "CVE-2022-3624" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 +CVE_CHECK_IGNORE += "CVE-2022-3625" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 +CVE_CHECK_IGNORE += "CVE-2022-3629" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b +CVE_CHECK_IGNORE += "CVE-2022-3630" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de +CVE_CHECK_IGNORE += "CVE-2022-3633" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 +CVE_CHECK_IGNORE += "CVE-2022-3635" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 +# The vulnerability has been introduced and patched in rc1 of v5.19. +CVE_CHECK_IGNORE += "CVE-2022-3636" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 +CVE_CHECK_IGNORE += "CVE-2022-3646" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 +CVE_CHECK_IGNORE += "CVE-2022-3649" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 +CVE_CHECK_IGNORE += "CVE-2022-26365" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 +CVE_CHECK_IGNORE += "CVE-2022-33740" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 +CVE_CHECK_IGNORE += "CVE-2022-33741" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 +CVE_CHECK_IGNORE += "CVE-2022-33742" + + +# Wrong CPE in NVD database +# https://nvd.nist.gov/vuln/detail/CVE-2022-3563 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3637 +# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git +CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637" # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index 56088e4e66..99929accce 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -103,7 +103,7 @@ PTESTS_SLOW = "\ " PTESTS_SLOW:remove:riscv64 = "valgrind-ptest" -PTESTS_PROBLEMS:append:riscv64 = "valgrind-ptest" +PTESTS_PROBLEMS:append:riscv64 = " valgrind-ptest" # ruby-ptest \ # Timeout # lz4-ptest \ # Needs a rewrite diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 7012db441b..8a5cab5360 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.36" -UNINATIVE_VERSION = "3.7" +UNINATIVE_MAXGLIBCVERSION = "2.37" +UNINATIVE_VERSION = "3.9" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6" -UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305" -UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570" +UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b" +UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c" +UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b" diff --git a/poky/meta/lib/bblayers/buildconf.py b/poky/meta/lib/bblayers/buildconf.py index e07fc534e1..ccab332adf 100644 --- a/poky/meta/lib/bblayers/buildconf.py +++ b/poky/meta/lib/bblayers/buildconf.py @@ -64,7 +64,7 @@ TEMPLATECONF={} . {}/oe-init-build-env build-try-{}""" oecore = None for l in layers: - if l[0] == os.path.abspath(args.layerpath): + if os.path.abspath(l[0]) == os.path.abspath(args.layerpath): targetlayer = l[0] if l[1] == 'meta': oecore = os.path.dirname(l[0]) diff --git a/poky/meta/lib/bblayers/makesetup.py b/poky/meta/lib/bblayers/makesetup.py index 22f89d81a4..5fb6f1469e 100644 --- a/poky/meta/lib/bblayers/makesetup.py +++ b/poky/meta/lib/bblayers/makesetup.py @@ -45,8 +45,15 @@ class MakeSetupPlugin(LayerPlugin): return "" return describe.strip() + def _is_submodule(self, repo_path): + # This is slightly brittle: git does not offer a way to tell whether + # a given repo dir is a submodule checkout, so we need to rely on .git + # being a file (rather than a dir like it is in standalone checkouts). + # The file typically contains a gitdir pointer to elsewhere. + return os.path.isfile(os.path.join(repo_path,".git")) + def make_repo_config(self, destdir): - """ This is a helper function for the writer plugins that discovers currently confugured layers. + """ This is a helper function for the writer plugins that discovers currently configured layers. The writers do not have to use it, but it can save a bit of work and avoid duplicated code, hence it is available here. """ repos = {} @@ -63,6 +70,9 @@ class MakeSetupPlugin(LayerPlugin): logger.error("Layer {name} in {path} has uncommitted modifications or is not in a git repository.".format(name=l_name,path=l_path)) return repo_path = self._get_repo_path(l_path) + + if self._is_submodule(repo_path): + continue if repo_path not in repos.keys(): repos[repo_path] = {'path':os.path.basename(repo_path),'git-remote':{'rev':l_rev, 'branch':l_branch, 'remotes':self._get_remotes(repo_path), 'describe':self._get_describe(repo_path)}} if repo_path == destdir_repo: diff --git a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py index f6a484b766..d5bc19a8cb 100644 --- a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py +++ b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py @@ -33,6 +33,8 @@ class OeSetupLayersWriter(): def do_write(self, parent, args): """ Writes out a python script and a json config that replicate the directory structure and revisions of the layers in a current build. """ + if not os.path.exists(args.destdir): + os.makedirs(args.destdir) repos = parent.make_repo_config(args.destdir) json = {"version":"1.0","sources":repos} if not repos: diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index 4f1d80f050..dbaa0b373a 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -179,3 +179,42 @@ def update_symlinks(target_path, link_path): if os.path.exists(os.path.realpath(link_path)): os.remove(link_path) os.symlink(os.path.basename(target_path), link_path) + + +def convert_cve_version(version): + """ + This function converts from CVE format to Yocto version format. + eg 8.3_p1 -> 8.3p1, 6.2_rc1 -> 6.2-rc1 + + Unless it is redefined using CVE_VERSION in the recipe, + cve_check uses the version in the name of the recipe (${PV}) + to check vulnerabilities against a CVE in the database downloaded from NVD. + + When the version has an update, i.e. + "p1" in OpenSSH 8.3p1, + "-rc1" in linux kernel 6.2-rc1, + the database stores the version as version_update (8.3_p1, 6.2_rc1). + Therefore, we must transform this version before comparing to the + recipe version. + + In this case, the parameter of the function is 8.3_p1. + If the version uses the Release Candidate format, "rc", + this function replaces the '_' by '-'. + If the version uses the Update format, "p", + this function removes the '_' completely. + """ + import re + + matches = re.match('^([0-9.]+)_((p|rc)[0-9]+)$', version) + + if not matches: + return version + + version = matches.group(1) + update = matches.group(2) + + if matches.group(3) == "rc": + return version + '-' + update + + return version + update + diff --git a/poky/meta/lib/oe/gpg_sign.py b/poky/meta/lib/oe/gpg_sign.py index 613dab8561..ede6186c84 100644 --- a/poky/meta/lib/oe/gpg_sign.py +++ b/poky/meta/lib/oe/gpg_sign.py @@ -5,11 +5,12 @@ # """Helper module for GPG signing""" -import os import bb -import subprocess +import os import shlex +import subprocess +import tempfile class LocalSigner(object): """Class for handling local (on the build host) signing""" @@ -73,8 +74,6 @@ class LocalSigner(object): cmd += ['--homedir', self.gpg_path] if armor: cmd += ['--armor'] - if output_suffix: - cmd += ['-o', input_file + "." + output_suffix] if use_sha256: cmd += ['--digest-algo', "SHA256"] @@ -83,19 +82,27 @@ class LocalSigner(object): if self.gpg_version > (2,1,): cmd += ['--pinentry-mode', 'loopback'] - cmd += [input_file] - try: if passphrase_file: with open(passphrase_file) as fobj: passphrase = fobj.readline(); - job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) - (_, stderr) = job.communicate(passphrase.encode("utf-8")) + if not output_suffix: + output_suffix = 'asc' if armor else 'sig' + output_file = input_file + "." + output_suffix + with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir: + tmp_file = os.path.join(tmp_dir, os.path.basename(output_file)) + cmd += ['-o', tmp_file] + + cmd += [input_file] + + job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) + (_, stderr) = job.communicate(passphrase.encode("utf-8")) - if job.returncode: - bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) + if job.returncode: + bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) + os.rename(tmp_file, output_file) except IOError as e: bb.error("IO error (%s): %s" % (e.errno, e.strerror)) raise Exception("Failed to sign '%s'" % input_file) diff --git a/poky/meta/lib/oe/overlayfs.py b/poky/meta/lib/oe/overlayfs.py index 8d7a047125..8b88900f71 100644 --- a/poky/meta/lib/oe/overlayfs.py +++ b/poky/meta/lib/oe/overlayfs.py @@ -40,7 +40,11 @@ def unitFileList(d): bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint) for mountPoint in overlayMountPoints: - for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split(): + mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint) + if not mountPointList: + bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint) + continue + for path in mountPointList.split(): fileList.append(mountUnitName(path)) fileList.append(helperUnitName(path)) diff --git a/poky/meta/lib/oe/package_manager/deb/__init__.py b/poky/meta/lib/oe/package_manager/deb/__init__.py index c672454072..0c23c884c1 100644 --- a/poky/meta/lib/oe/package_manager/deb/__init__.py +++ b/poky/meta/lib/oe/package_manager/deb/__init__.py @@ -82,15 +82,15 @@ class DpkgIndexer(Indexer): return oe.utils.multiprocess_launch(create_index, index_cmds, self.d) - if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': - signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) + if self.d.getVar('PACKAGE_FEED_SIGN') == '1': + signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND')) else: signer = None if signer: for f in index_sign_files: signer.detach_sign(f, - self.d.getVar('PACKAGE_FEED_GPG_NAME', True), - self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True), + self.d.getVar('PACKAGE_FEED_GPG_NAME'), + self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE'), output_suffix="gpg", use_sha256=True) diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py index 04a1810d4f..9ac75c02e3 100644 --- a/poky/meta/lib/oe/reproducible.py +++ b/poky/meta/lib/oe/reproducible.py @@ -115,7 +115,8 @@ def get_source_date_epoch_from_git(d, sourcedir): return None bb.debug(1, "git repository: %s" % gitpath) - p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE) + p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], + check=True, stdout=subprocess.PIPE) return int(p.stdout.decode('utf-8')) def get_source_date_epoch_from_youngest_file(d, sourcedir): diff --git a/poky/meta/lib/oe/rust.py b/poky/meta/lib/oe/rust.py index 1dc9cf150d..185553eeeb 100644 --- a/poky/meta/lib/oe/rust.py +++ b/poky/meta/lib/oe/rust.py @@ -8,4 +8,6 @@ def arch_to_rust_arch(arch): if arch == "ppc64le": return "powerpc64le" + if arch in ('riscv32', 'riscv64'): + return arch + 'gc' return arch diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py index fad10af539..fb4abe8241 100644 --- a/poky/meta/lib/oe/sstatesig.py +++ b/poky/meta/lib/oe/sstatesig.py @@ -32,6 +32,12 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches): depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep) mc, _ = bb.runqueue.split_mc(fn) + # We can skip the rm_work task signature to avoid running the task + # when we remove some tasks from the dependencie chain + # i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work + if task == "do_rm_work": + return False + # Keep all dependencies between SPDX tasks in the signature. SPDX documents # are linked together by hashes, which means if a dependent document changes, # all downstream documents must be re-written (even if they are "safe" @@ -463,11 +469,15 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, multilibcache): pkgarchs.append('allarch') pkgarchs.append('${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}') + searched_manifests = [] + for pkgarch in pkgarchs: manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname)) if os.path.exists(manifest): return manifest, d2 - bb.fatal("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant)) + searched_manifests.append(manifest) + bb.fatal("The sstate manifest for task '%s:%s' (multilib variant '%s') could not be found.\nThe pkgarchs considered were: %s.\nBut none of these manifests exists:\n %s" + % (taskdata, taskname, variant, d2.expand(", ".join(pkgarchs)),"\n ".join(searched_manifests))) return None, d2 def OEOuthashBasic(path, sigfile, task, d): @@ -652,6 +662,10 @@ def OEOuthashBasic(path, sigfile, task, d): if f == 'fixmepath': continue process(os.path.join(root, f)) + + for dir in dirs: + if os.path.islink(os.path.join(root, dir)): + process(os.path.join(root, dir)) finally: os.chdir(prev_dir) diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py index f956a7744f..4ab0cddb43 100644 --- a/poky/meta/lib/oeqa/core/target/ssh.py +++ b/poky/meta/lib/oeqa/core/target/ssh.py @@ -34,6 +34,8 @@ class OESSHTarget(OETarget): self.timeout = timeout self.user = user ssh_options = [ + '-o', 'ServerAliveCountMax=2', + '-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR' @@ -224,27 +226,33 @@ def SSHCall(command, logger, timeout=None, **opts): def run(): nonlocal output nonlocal process + output_raw = b'' starttime = time.time() process = subprocess.Popen(command, **options) if timeout: endtime = starttime + timeout eof = False + os.set_blocking(process.stdout.fileno(), False) while time.time() < endtime and not eof: - logger.debug('time: %s, endtime: %s' % (time.time(), endtime)) try: + logger.debug('Waiting for process output: time: %s, endtime: %s' % (time.time(), endtime)) if select.select([process.stdout], [], [], 5)[0] != []: - reader = codecs.getreader('utf-8')(process.stdout, 'ignore') - data = reader.read(1024, 4096) + # wait a bit for more data, tries to avoid reading single characters + time.sleep(0.2) + data = process.stdout.read() if not data: - process.stdout.close() eof = True else: - output += data - logger.debug('Partial data from SSH call: %s' % data) + output_raw += data + # ignore errors to capture as much as possible + logger.debug('Partial data from SSH call:\n%s' % data.decode('utf-8', errors='ignore')) endtime = time.time() + timeout except InterruptedError: + logger.debug('InterruptedError') continue + process.stdout.close() + # process hasn't returned yet if not eof: process.terminate() @@ -252,16 +260,30 @@ def SSHCall(command, logger, timeout=None, **opts): try: process.kill() except OSError: + logger.debug('OSError when killing process') pass endtime = time.time() - starttime lastline = ("\nProcess killed - no output for %d seconds. Total" " running time: %d seconds." % (timeout, endtime)) - logger.debug('Received data from SSH call %s ' % lastline) + logger.debug('Received data from SSH call:\n%s ' % lastline) output += lastline else: - output = process.communicate()[0].decode('utf-8', errors='ignore') - logger.debug('Data from SSH call: %s' % output.rstrip()) + output_raw = process.communicate()[0] + + output = output_raw.decode('utf-8', errors='ignore') + logger.debug('Data from SSH call:\n%s' % output.rstrip()) + + # timout or not, make sure process exits and is not hanging + if process.returncode == None: + try: + process.wait(timeout=5) + except TimeoutExpired: + try: + process.kill() + except OSError: + logger.debug('OSError') + pass options = { "stdout": subprocess.PIPE, @@ -290,4 +312,5 @@ def SSHCall(command, logger, timeout=None, **opts): process.kill() logger.debug('Something went wrong, killing SSH process') raise - return (process.wait(), output.rstrip()) + + return (process.returncode, output.rstrip()) diff --git a/poky/meta/lib/oeqa/core/utils/concurrencytest.py b/poky/meta/lib/oeqa/core/utils/concurrencytest.py index 383479c959..4f77589b00 100644 --- a/poky/meta/lib/oeqa/core/utils/concurrencytest.py +++ b/poky/meta/lib/oeqa/core/utils/concurrencytest.py @@ -59,6 +59,7 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult): self.outputbuf = output self.finalresult = finalresult self.finalresult.buffer = True + self.target = target def _add_result_with_semaphore(self, method, test, *args, **kwargs): self.semaphore.acquire() @@ -67,13 +68,14 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult): self.result.starttime[test.id()] = self._test_start.timestamp() self.result.threadprogress[self.threadnum].append(test.id()) totalprogress = sum(len(x) for x in self.result.threadprogress.values()) - self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % ( + self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s failed) (%s)" % ( self.threadnum, len(self.result.threadprogress[self.threadnum]), self.totalinprocess, totalprogress, self.totaltests, "{0:.2f}".format(time.time()-self._test_start.timestamp()), + self.target.failed_tests, test.id()) finally: self.semaphore.release() diff --git a/poky/meta/lib/oeqa/runtime/cases/apt.py b/poky/meta/lib/oeqa/runtime/cases/apt.py index 4e09374add..8000645843 100644 --- a/poky/meta/lib/oeqa/runtime/cases/apt.py +++ b/poky/meta/lib/oeqa/runtime/cases/apt.py @@ -39,9 +39,9 @@ class AptRepoTest(AptTest): self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s/all ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server)) def setup_source_config_for_package_install_signed(self): - apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port) + apt_get_source_server = 'http://%s:%s' % (self.tc.target.server_ip, self.repo_server.port) apt_get_sourceslist_dir = '/etc/apt/' - self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server)) + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's|\[trusted=yes\] http://bogus_ip:bogus_port|%s|g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server)) def cleanup_source_config_for_package_install(self): apt_get_sourceslist_dir = '/etc/apt/' diff --git a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py index bd3b46d9ef..3728855d24 100644 --- a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py +++ b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py @@ -29,7 +29,10 @@ class BuildCpioTest(OERuntimeTestCase): @OEHasPackage(['autoconf']) def test_cpio(self): self.project.download_archive() - self.project.run_configure('--disable-maintainer-mode', - 'sed -i -e "/char \*program_name/d" src/global.c;') + self.project.run_configure('--disable-maintainer-mode') + # This sed is needed until + # https://git.savannah.gnu.org/cgit/cpio.git/commit/src/global.c?id=641d3f489cf6238bb916368d4ba0d9325a235afb + # is in a release. + self.project._run(r'sed -i -e "/char \*program_name/d" %s/src/global.c' % self.project.targetdir) self.project.run_make() self.project.run_install() diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py index 410d456bdf..3ccb18ce83 100644 --- a/poky/meta/lib/oeqa/runtime/cases/dnf.py +++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py @@ -147,29 +147,21 @@ class DnfRepoTest(DnfTest): rootpath = '/home/root/chroot/test' #Copy necessary files to avoid errors with not yet installed tools on #installroot directory. - self.target.run('mkdir -p %s/etc' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath), 1500) - self.target.run('ln -sf -r %s/usr/bin %s/bin' % (rootpath, rootpath), 1500) - self.target.run('ln -sf -r %s/usr/sbin %s/sbin' % (rootpath, rootpath), 1500) - self.target.run('mkdir -p %s/dev' % rootpath, 1500) + self.target.run('mkdir -p %s/etc' % rootpath) + self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath)) + self.target.run('ln -sf usr/bin %s/bin' % (rootpath)) + self.target.run('ln -sf usr/sbin %s/sbin' % (rootpath)) + self.target.run('mkdir -p %s/dev' % rootpath) #Handle different architectures lib dirs - self.target.run('mkdir -p %s/usr/lib' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/libx32' % rootpath, 1500) - self.target.run('mkdir -p %s/usr/lib64' % rootpath, 1500) - self.target.run('cp /lib/libtinfo.so.5 %s/usr/lib' % rootpath, 1500) - self.target.run('cp /libx32/libtinfo.so.5 %s/usr/libx32' % rootpath, 1500) - self.target.run('cp /lib64/libtinfo.so.5 %s/usr/lib64' % rootpath, 1500) - self.target.run('ln -sf -r %s/lib %s/usr/lib' % (rootpath,rootpath), 1500) - self.target.run('ln -sf -r %s/libx32 %s/usr/libx32' % (rootpath,rootpath), 1500) - self.target.run('ln -sf -r %s/lib64 %s/usr/lib64' % (rootpath,rootpath), 1500) - self.target.run('cp -r /etc/rpm %s/etc' % rootpath, 1500) - self.target.run('cp -r /etc/dnf %s/etc' % rootpath, 1500) - self.target.run('cp /bin/sh %s/bin' % rootpath, 1500) - self.target.run('mount -o bind /dev %s/dev/' % rootpath, 1500) + self.target.run("for l in /lib*; do mkdir -p %s/usr/$l; ln -s usr/$l %s/$l; done" % (rootpath, rootpath)) + self.target.run('cp -r /etc/rpm %s/etc' % rootpath) + self.target.run('cp -r /etc/dnf %s/etc' % rootpath) + self.target.run('cp /bin/busybox %s/bin/sh' % rootpath) + self.target.run('mount -o bind /dev %s/dev/' % rootpath) self.dnf_with_repo('install --installroot=%s -v -y --rpmverbosity=debug busybox' % rootpath) - status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath, 1500) + status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath) self.assertEqual(0, status, output) - status, output = self.target.run('test -e %s/bin/busybox' % rootpath, 1500) + status, output = self.target.run('test -e %s/bin/busybox' % rootpath) self.assertEqual(0, status, output) @OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache']) diff --git a/poky/meta/lib/oeqa/runtime/cases/ping.py b/poky/meta/lib/oeqa/runtime/cases/ping.py index 967b44175f..f72460e7f3 100644 --- a/poky/meta/lib/oeqa/runtime/cases/ping.py +++ b/poky/meta/lib/oeqa/runtime/cases/ping.py @@ -5,6 +5,7 @@ # from subprocess import Popen, PIPE +from time import sleep from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.oetimeout import OETimeout @@ -16,6 +17,7 @@ class PingTest(OERuntimeTestCase): def test_ping(self): output = '' count = 0 + self.assertNotEqual(len(self.target.ip), 0, msg="No target IP address set") try: while count < 5: cmd = 'ping -c 1 %s' % self.target.ip @@ -25,6 +27,7 @@ class PingTest(OERuntimeTestCase): count += 1 else: count = 0 + sleep(1) except OEQATimeoutError: self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output)) msg = ('Expected 5 consecutive, got %d.\n' diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py index e3cd818b2b..fa86eb0537 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rpm.py +++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py @@ -51,21 +51,20 @@ class RpmBasicTest(OERuntimeTestCase): msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output) self.assertEqual(status, 0, msg=msg) - def check_no_process_for_user(u): - _, output = self.target.run(self.tc.target_cmds['ps']) - if u + ' ' in output: - return False - else: - return True + def wait_for_no_process_for_user(u, timeout = 120): + timeout_at = time.time() + timeout + while time.time() < timeout_at: + _, output = self.target.run(self.tc.target_cmds['ps']) + if u + ' ' not in output: + return + time.sleep(1) + user_pss = [ps for ps in output.split("\n") if u + ' ' in ps] + msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss)) + assertTrue(True, msg=msg) def unset_up_test_user(u): # ensure no test1 process in running - timeout = time.time() + 30 - while time.time() < timeout: - if check_no_process_for_user(u): - break - else: - time.sleep(1) + wait_for_no_process_for_user(u) status, output = self.target.run('userdel -r %s' % u) msg = 'Failed to erase user: %s' % output self.assertTrue(status == 0, msg=msg) diff --git a/poky/meta/lib/oeqa/runtime/cases/rtc.py b/poky/meta/lib/oeqa/runtime/cases/rtc.py index b2159b1134..6e45c5db4f 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rtc.py +++ b/poky/meta/lib/oeqa/runtime/cases/rtc.py @@ -5,6 +5,7 @@ # from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends +from oeqa.core.decorator.data import skipIfFeature from oeqa.runtime.decorator.package import OEHasPackage import re @@ -21,12 +22,14 @@ class RTCTest(OERuntimeTestCase): self.logger.debug('Starting systemd-timesyncd daemon') self.target.run('systemctl enable --now --runtime systemd-timesyncd') + @skipIfFeature('read-only-rootfs', + 'Test does not work with read-only-rootfs in IMAGE_FEATURES') @OETestDepends(['ssh.SSHTest.test_ssh']) @OEHasPackage(['coreutils', 'busybox']) def test_rtc(self): (status, output) = self.target.run('hwclock -r') self.assertEqual(status, 0, msg='Failed to get RTC time, output: %s' % output) - + (status, current_datetime) = self.target.run('date +"%m%d%H%M%Y"') self.assertEqual(status, 0, msg='Failed to get system current date & time, output: %s' % current_datetime) @@ -37,7 +40,6 @@ class RTCTest(OERuntimeTestCase): (status, output) = self.target.run('date %s' % current_datetime) self.assertEqual(status, 0, msg='Failed to reset system date & time, output: %s' % output) - + (status, output) = self.target.run('hwclock -w') self.assertEqual(status, 0, msg='Failed to reset RTC time, output: %s' % output) - diff --git a/poky/meta/lib/oeqa/runtime/cases/systemd.py b/poky/meta/lib/oeqa/runtime/cases/systemd.py index 720b4b517a..37f295492d 100644 --- a/poky/meta/lib/oeqa/runtime/cases/systemd.py +++ b/poky/meta/lib/oeqa/runtime/cases/systemd.py @@ -154,7 +154,7 @@ class SystemdJournalTests(SystemdTest): """ # The expression chain that uniquely identifies the time boot message. - expr_items=['Startup finished', 'kernel', 'userspace','\.$'] + expr_items=['Startup finished', 'kernel', 'userspace', r'\.$'] try: output = self.journalctl(args='-o cat --reverse') except AssertionError: diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py index 8092dd0bae..0c5d1869ab 100644 --- a/poky/meta/lib/oeqa/runtime/context.py +++ b/poky/meta/lib/oeqa/runtime/context.py @@ -67,11 +67,11 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): % self.default_target_type) runtime_group.add_argument('--target-ip', action='store', default=self.default_target_ip, - help="IP address of device under test, default: %s" \ + help="IP address and optionally ssh port (default 22) of device under test, for example '192.168.0.7:22'. Default: %s" \ % self.default_target_ip) runtime_group.add_argument('--server-ip', action='store', default=self.default_target_ip, - help="IP address of device under test, default: %s" \ + help="IP address of the test host from test target machine, default: %s" \ % self.default_server_ip) runtime_group.add_argument('--host-dumper-dir', action='store', diff --git a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py index ee515be188..147ee3e0ee 100644 --- a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py +++ b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py @@ -35,7 +35,7 @@ class EpoxyTest(OESDKTestCase): self.assertTrue(os.path.isdir(dirs["source"])) os.makedirs(dirs["build"]) - log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs)) + log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs)) # Check that Meson thinks we're doing a cross build and not a native self.assertIn("Build type: cross build", log) self._run("ninja -C {build} -v".format(**dirs)) diff --git a/poky/meta/lib/oeqa/sdkext/cases/devtool.py b/poky/meta/lib/oeqa/sdkext/cases/devtool.py index a5c6a76e02..5ffb732556 100644 --- a/poky/meta/lib/oeqa/sdkext/cases/devtool.py +++ b/poky/meta/lib/oeqa/sdkext/cases/devtool.py @@ -112,7 +112,7 @@ class SdkUpdateTest(OESDKExtTestCase): cmd = 'oe-publish-sdk %s %s' % (tcname_new, self.publish_dir) subprocess.check_output(cmd, shell=True) - self.http_service = HTTPService(self.publish_dir) + self.http_service = HTTPService(self.publish_dir, logger=self.logger) self.http_service.start() self.http_url = "http://127.0.0.1:%d" % self.http_service.port diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py index ac47af1990..9534c9775c 100644 --- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py @@ -54,6 +54,25 @@ class CVECheck(OESelftestTestCase): self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") + def test_convert_cve_version(self): + from oe.cve_check import convert_cve_version + + # Default format + self.assertEqual(convert_cve_version("8.3"), "8.3") + self.assertEqual(convert_cve_version(""), "") + + # OpenSSL format version + self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t") + + # OpenSSH format + self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1") + self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22") + + # Linux kernel format + self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8") + self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31") + + def test_recipe_report_json(self): config = """ INHERIT += "cve-check" diff --git a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py index 3c40119282..37f51760fb 100644 --- a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py +++ b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py @@ -12,6 +12,36 @@ from oeqa.utils.commands import bitbake, get_bb_var, runqemu class Debuginfod(OESelftestTestCase): + + def wait_for_debuginfod(self, port): + """ + debuginfod takes time to scan the packages and requesting too early may + result in a test failure if the right packages haven't been scanned yet. + + Request the metrics endpoint periodically and wait for there to be no + busy scanning threads. + + Returns True if debuginfod is ready, False if we timed out + """ + import time, urllib + + # Wait a minute + countdown = 6 + delay = 10 + + while countdown: + time.sleep(delay) + try: + with urllib.request.urlopen("http://localhost:%d/metrics" % port) as f: + lines = f.read().decode("ascii").splitlines() + if "thread_busy{role=\"scan\"} 0" in lines: + return True + except urllib.error.URLError as e: + self.logger.error(e) + countdown -= 1 + return False + + def test_debuginfod(self): self.write_config( """ @@ -25,29 +55,50 @@ CORE_IMAGE_EXTRA_INSTALL += "elfutils" cmd = [ os.path.join(native_sysroot, "usr", "bin", "debuginfod"), "--verbose", + # In-memory database, this is a one-shot test "--database=:memory:", + # Don't use all the host cores + "--concurrency=8", + "--connection-pool=8", + # Disable rescanning, this is a one-shot test + "--rescan-time=0", + "--groom-time=0", get_bb_var("DEPLOY_DIR"), ] - for format in get_bb_var("PACKAGE_CLASSES").split(): - if format == "package_deb": - cmd.append("--scan-deb-dir") - elif format == "package_ipk": - cmd.append("--scan-deb-dir") - elif format == "package_rpm": - cmd.append("--scan-rpm-dir") + + format = get_bb_var("PACKAGE_CLASSES").split()[0] + if format == "package_deb": + cmd.append("--scan-deb-dir") + elif format == "package_ipk": + cmd.append("--scan-deb-dir") + elif format == "package_rpm": + cmd.append("--scan-rpm-dir") + else: + self.fail("Unknown package class %s" % format) + # Find a free port with socketserver.TCPServer(("localhost", 0), None) as s: port = s.server_address[1] cmd.append("--port=%d" % port) try: - debuginfod = subprocess.Popen(cmd) + # Remove DEBUGINFOD_URLS from the environment so we don't try + # looking in the distro debuginfod + env = os.environ.copy() + if "DEBUGINFOD_URLS" in env: + del env["DEBUGINFOD_URLS"] + + self.logger.info(f"Starting server {cmd}") + debuginfod = subprocess.Popen(cmd, env=env) with runqemu("core-image-minimal", runqemuparams="nographic") as qemu: + self.assertTrue(self.wait_for_debuginfod(port)) + cmd = ( "DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/debuginfod" % (qemu.server_ip, port) ) + self.logger.info(f"Starting client {cmd}") status, output = qemu.run_serial(cmd) # This should be more comprehensive self.assertIn("/.cache/debuginfod_client/", output) diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index 142932e12f..877d77d488 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -276,6 +276,7 @@ class DevtoolBase(DevtoolTestCase): cls.sstate_conf = 'SSTATE_DIR = "%s"\n' % cls.devtool_sstate cls.sstate_conf += ('SSTATE_MIRRORS += "file://.* file:///%s/PATH"\n' % cls.original_sstate) + cls.sstate_conf += ('BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"\n') @classmethod def tearDownClass(cls): @@ -954,7 +955,7 @@ class DevtoolUpdateTests(DevtoolBase): def test_devtool_update_recipe_git(self): # Check preconditions - testrecipe = 'mtd-utils' + testrecipe = 'mtd-utils-selftest' bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe) recipefile = bb_vars['FILE'] src_uri = bb_vars['SRC_URI'] @@ -1075,7 +1076,7 @@ class DevtoolUpdateTests(DevtoolBase): def test_devtool_update_recipe_append_git(self): # Check preconditions - testrecipe = 'mtd-utils' + testrecipe = 'mtd-utils-selftest' bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe) recipefile = bb_vars['FILE'] src_uri = bb_vars['SRC_URI'] diff --git a/poky/meta/lib/oeqa/selftest/cases/externalsrc.py b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py new file mode 100644 index 0000000000..1d800dc82c --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py @@ -0,0 +1,44 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +import os +import shutil +import tempfile + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import get_bb_var, runCmd + +class ExternalSrc(OESelftestTestCase): + # test that srctree_hash_files does not crash + # we should be actually checking do_compile[file-checksums] but oeqa currently does not support it + # so we check only that a recipe with externalsrc can be parsed + def test_externalsrc_srctree_hash_files(self): + test_recipe = "git-submodule-test" + git_url = "git://git.yoctoproject.org/git-submodule-test" + externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name + + self.write_config( + """ +INHERIT += "externalsrc" +EXTERNALSRC:pn-%s = "%s" +""" % (test_recipe, externalsrc_dir) + ) + + # test with git without submodules + runCmd('git clone %s %s' % (git_url, externalsrc_dir)) + os.unlink(externalsrc_dir + "/.gitmodules") + open(".gitmodules", 'w').close() # local file .gitmodules in cwd should not affect externalsrc parsing + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") + os.unlink(".gitmodules") + + # test with git with submodules + runCmd('git checkout .gitmodules', cwd=externalsrc_dir) + runCmd('git submodule update --init --recursive', cwd=externalsrc_dir) + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") + + # test without git + shutil.rmtree(os.path.join(externalsrc_dir, ".git")) + self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC") diff --git a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py index 5897a396d9..2d0b805b90 100644 --- a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py +++ b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py @@ -28,6 +28,7 @@ LIC_FILES_CHKSUM = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" """ % (urllib.parse.quote(lic_path), urllib.parse.quote(lic_path))) result = bitbake(bitbake_cmd) + self.delete_recipeinc('emptytest') # Verify that changing a license file that has an absolute path causes @@ -53,5 +54,6 @@ SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e" f.write("data") result = bitbake(bitbake_cmd, ignore_status=True) + self.delete_recipeinc('emptytest') if error_msg not in result.output: raise AssertionError(result.output) diff --git a/poky/meta/lib/oeqa/selftest/cases/locales.py b/poky/meta/lib/oeqa/selftest/cases/locales.py new file mode 100644 index 0000000000..433991abf9 --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/locales.py @@ -0,0 +1,45 @@ +# +# SPDX-License-Identifier: MIT +# + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.core.decorator import OETestTag +from oeqa.utils.commands import bitbake, runqemu + +class LocalesTest(OESelftestTestCase): + + @OETestTag("runqemu") + def test_locales_on(self): + """ + Summary: Test the locales are generated + Expected: 1. Check the locale exist in the locale-archive + 2. Check the locale exist for the glibc + 3. Check the locale can be generated + Product: oe-core + Author: Louis Rannou <lrannou@baylibre.com> + AutomatedBy: Louis Rannou <lrannou@baylibre.com> + """ + + features = [] + features.append('EXTRA_IMAGE_FEATURES = "empty-root-password allow-empty-password allow-root-login"') + features.append('IMAGE_INSTALL:append = " glibc-utils localedef"') + features.append('GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"') + features.append('IMAGE_LINGUAS:append = " en-us fr-fr"') + features.append('ENABLE_BINARY_LOCALE_GENERATION = "1"') + self.write_config("\n".join(features)) + + # Build a core-image-minimal + bitbake('core-image-minimal') + + with runqemu("core-image-minimal", ssh=False, runqemuparams='nographic') as qemu: + cmd = "locale -a" + status, output = qemu.run_serial(cmd) + # output must includes fr_FR or fr_FR.UTF-8 + self.assertEqual(status, 1, msg='locale test command failed: output: %s' % output) + self.assertIn("fr_FR", output, msg='locale -a test failed: output: %s' % output) + + cmd = "localedef --list-archive -v" + status, output = qemu.run_serial(cmd) + # output must includes fr_FR.utf8 + self.assertEqual(status, 1, msg='localedef test command failed: output: %s' % output) + self.assertIn("fr_FR.utf8", output, msg='localedef test failed: output: %s' % output) diff --git a/poky/meta/lib/oeqa/selftest/cases/package.py b/poky/meta/lib/oeqa/selftest/cases/package.py index 2d1b48a15d..cc09a1442d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/package.py +++ b/poky/meta/lib/oeqa/selftest/cases/package.py @@ -89,6 +89,13 @@ class VersionOrdering(OESelftestTestCase): self.assertEqual(status - 100, sort, "%s %s (%d) failed" % (ver1, ver2, sort)) class PackageTests(OESelftestTestCase): + # Verify that a recipe cannot rename a package into an existing one + def test_package_name_conflict(self): + res = bitbake("packagenameconflict", ignore_status=True) + self.assertNotEqual(res.status, 0) + err = "package name already exists" + self.assertTrue(err in res.output) + # Verify that a recipe which sets up hardlink files has those preserved into split packages # Also test file sparseness is preserved def test_preserve_sparse_hardlinks(self): diff --git a/poky/meta/lib/oeqa/selftest/cases/prservice.py b/poky/meta/lib/oeqa/selftest/cases/prservice.py index cb95503c2c..9fe3b80a31 100644 --- a/poky/meta/lib/oeqa/selftest/cases/prservice.py +++ b/poky/meta/lib/oeqa/selftest/cases/prservice.py @@ -77,7 +77,7 @@ class BitbakePrTests(OESelftestTestCase): exported_db_path = os.path.join(self.builddir, 'export.inc') export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True) self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output) - self.assertTrue(os.path.exists(exported_db_path)) + self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output)) if replace_current_db: current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3') diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py index 25b06cdcf0..b193f0f5c8 100644 --- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py @@ -581,7 +581,10 @@ class RecipetoolTests(RecipetoolBase): commonlicdir = get_bb_var('COMMON_LICENSE_DIR') - d = bb.tinfoil.TinfoilDataStoreConnector + class DataConnectorCopy(bb.tinfoil.TinfoilDataStoreConnector): + pass + + d = DataConnectorCopy d.getVar = Mock(return_value=commonlicdir) srctree = tempfile.mkdtemp(prefix='recipetoolqa') diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py index f4dd779842..cd7aa8aafa 100644 --- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py @@ -292,9 +292,13 @@ class ReproducibleTests(OESelftestTestCase): self.copy_file(d.reference, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.reference)])) self.copy_file(d.test, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.test)])) - if result.missing or result.different: - fails.append("The following %s packages are missing or different and not in exclusion list: %s" % - (c, '\n'.join(r.test for r in (result.missing + result.different)))) + if result.different: + fails.append("The following %s packages are different and not in exclusion list:\n%s" % + (c, '\n'.join(r.test for r in (result.different)))) + + if result.missing and len(self.sstate_targets) == 0: + fails.append("The following %s packages are missing and not in exclusion list:\n%s" % + (c, '\n'.join(r.test for r in (result.missing)))) # Clean up empty directories if self.save_results: diff --git a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py index c2e76f1a44..efdfd98af3 100644 --- a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py +++ b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py @@ -71,7 +71,7 @@ class ResultToolTests(OESelftestTestCase): self.assertTrue('target_result1' in results['runtime/mydistro/qemux86/image'], msg="Pair not correct:%s" % results) self.assertTrue('target_result3' in results['runtime/mydistro/qemux86-64/image'], msg="Pair not correct:%s" % results) - def test_regrresion_can_get_regression_result(self): + def test_regression_can_get_regression_result(self): base_result_data = {'result': {'test1': {'status': 'PASSED'}, 'test2': {'status': 'PASSED'}, 'test3': {'status': 'FAILED'}, diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py index c1d277a095..d3eeee3b41 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py +++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py @@ -4,13 +4,13 @@ # SPDX-License-Identifier: MIT # +import os import re -import tempfile import time import oe.types from oeqa.core.decorator import OETestTag from oeqa.selftest.case import OESelftestTestCase -from oeqa.utils.commands import bitbake, runqemu, get_bb_var, runCmd +from oeqa.utils.commands import bitbake, runqemu, get_bb_var @OETestTag("runqemu") class RunqemuTests(OESelftestTestCase): @@ -57,14 +57,16 @@ SYSLINUX_TIMEOUT = "10" cmd = "%s %s ext4" % (self.cmd_common, self.machine) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('rootfs.ext4', f.read(), "Failed: %s" % cmd) + regexp = r'\nROOTFS: .*\.ext4]\n' + self.assertRegex(f.read(), regexp, "Failed to find '%s' in '%s' after running '%s'" % (regexp, qemu.qemurunnerlog, cmd)) def test_boot_machine_iso(self): """Test runqemu machine iso""" cmd = "%s %s iso" % (self.cmd_common, self.machine) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('media=cdrom', f.read(), "Failed: %s" % cmd) + text_in = 'media=cdrom' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_recipe_image(self): """Test runqemu recipe-image""" @@ -79,14 +81,16 @@ SYSLINUX_TIMEOUT = "10" cmd = "%s %s wic.vmdk" % (self.cmd_common, self.recipe) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('format=vmdk', f.read(), "Failed: %s" % cmd) + text_in = 'format=vmdk' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_recipe_image_vdi(self): """Test runqemu recipe-image vdi""" cmd = "%s %s wic.vdi" % (self.cmd_common, self.recipe) with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu: with open(qemu.qemurunnerlog) as f: - self.assertIn('format=vdi', f.read(), "Failed: %s" % cmd) + text_in = 'format=vdi' + self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd)) def test_boot_deploy(self): """Test runqemu deploy_dir_image""" diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py index fe83b248f3..533b5d7453 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -254,7 +254,8 @@ class TestImage(OESelftestTestCase): import subprocess, os distro = oe.lsb.distro_identifier() - if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or distro.startswith('almalinux')): + if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or + distro.startswith('almalinux') or distro.startswith('rocky')): self.skipTest('virgl headless cannot be tested with %s' %(distro)) render_hint = """If /dev/dri/renderD* is absent due to lack of suitable GPU, 'modprobe vgem' will create one suitable for mesa llvmpipe software renderer.""" @@ -265,7 +266,7 @@ class TestImage(OESelftestTestCase): except FileNotFoundError: self.fail("/dev/dri directory does not exist; no render nodes available on this machine. %s" %(render_hint)) try: - dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True) + dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True) except subprocess.CalledProcessError as e: self.fail("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.") qemu_distrofeatures = get_bb_var('DISTRO_FEATURES', 'qemu-system-native') diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index 0a66615fd1..dd13c20402 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -66,6 +66,20 @@ class TinfoilTests(OESelftestTestCase): localdata.setVar('PN', 'hello') self.assertEqual('hello', localdata.getVar('BPN')) + # The config_data API tp parse_recipe_file is used by: + # layerindex-web layerindex/update_layer.py + def test_parse_recipe_custom_data(self): + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=False, quiet=2) + localdata = bb.data.createCopy(tinfoil.config_data) + localdata.setVar("TESTVAR", "testval") + testrecipe = 'mdadm' + best = tinfoil.find_best_provider(testrecipe) + if not best: + self.fail('Unable to find recipe providing %s' % testrecipe) + rd = tinfoil.parse_recipe_file(best[3], config_data=localdata) + self.assertEqual("testval", rd.getVar('TESTVAR')) + def test_list_recipes(self): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=False, quiet=2) diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py index 78c7a467e2..0e3244a1c5 100644 --- a/poky/meta/lib/oeqa/selftest/context.py +++ b/poky/meta/lib/oeqa/selftest/context.py @@ -86,17 +86,27 @@ class OESelftestTestContext(OETestContext): oe.path.copytree(builddir + "/cache", newbuilddir + "/cache") oe.path.copytree(selftestdir, newselftestdir) + subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) + + # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow + subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True) + + # Relative paths in BBLAYERS only works when the new build dir share the same ascending node + if self.newbuilddir: + bblayers = subprocess.check_output("bitbake-getvar --value BBLAYERS | tail -1", cwd=builddir, shell=True, text=True) + if '..' in bblayers: + bblayers_abspath = [os.path.abspath(path) for path in bblayers.split()] + with open("%s/conf/bblayers.conf" % newbuilddir, "a") as f: + newbblayers = "# new bblayers to be used by selftest in the new build dir '%s'\n" % newbuilddir + newbblayers += 'BBLAYERS = "%s"\n' % ' '.join(bblayers_abspath) + f.write(newbblayers) + for e in os.environ: if builddir + "/" in os.environ[e]: os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/") if os.environ[e].endswith(builddir): os.environ[e] = os.environ[e].replace(builddir, newbuilddir) - subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) - - # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow - subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True) - os.chdir(newbuilddir) def patch_test(t): diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py index 1fdff82889..f5f2ce2f12 100644 --- a/poky/meta/lib/oeqa/targetcontrol.py +++ b/poky/meta/lib/oeqa/targetcontrol.py @@ -7,18 +7,14 @@ # This module is used by testimage.bbclass for setting up and controlling a target machine. import os -import shutil import subprocess import bb -import traceback -import sys import logging from oeqa.utils.sshcontrol import SSHControl from oeqa.utils.qemurunner import QemuRunner from oeqa.utils.qemutinyrunner import QemuTinyRunner from oeqa.utils.dump import TargetDumper from oeqa.utils.dump import MonitorDumper -from oeqa.controllers.testtargetloader import TestTargetLoader from abc import ABCMeta, abstractmethod class BaseTarget(object, metaclass=ABCMeta): @@ -145,7 +141,7 @@ class QemuTarget(BaseTarget): boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")), use_kvm = use_kvm, dump_dir = dump_dir, - dump_host_cmds = d.getVar("testimage_dump_host"), + dump_host_cmds = dump_host_cmds, logger = logger, tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"), serial_ports = len(d.getVar("SERIAL_CONSOLES").split())) @@ -205,7 +201,7 @@ class QemuTarget(BaseTarget): self.server_ip = self.runner.server_ip self.connection = SSHControl(ip=self.ip, logfile=self.sshlog) else: - raise RuntimError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn) + raise RuntimeError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn) def run_serial(self, command, timeout=60): return self.runner.run_serial(command, timeout=timeout) diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py index f733fcdf3c..473aa38d41 100644 --- a/poky/meta/lib/oeqa/utils/commands.py +++ b/poky/meta/lib/oeqa/utils/commands.py @@ -8,11 +8,8 @@ # This module is mainly used by scripts/oe-selftest and modules under meta/oeqa/selftest # It provides a class and methods for running commands on the host in a convienent way for tests. - - import os import sys -import signal import subprocess import threading import time @@ -21,6 +18,7 @@ from oeqa.utils import CommandError from oeqa.utils import ftools import re import contextlib +import errno # Export test doesn't require bb try: import bb @@ -85,7 +83,7 @@ class Command(object): except OSError as ex: # It's not an error when the command does not consume all # of our data. subprocess.communicate() also ignores that. - if ex.errno != EPIPE: + if ex.errno != errno.EPIPE: raise # We write in a separate thread because then we can read diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py index bcee03b576..d420b497f9 100644 --- a/poky/meta/lib/oeqa/utils/dump.py +++ b/poky/meta/lib/oeqa/utils/dump.py @@ -93,37 +93,55 @@ class HostDumper(BaseDumper): self._write_dump(cmd.split()[0], result.output) class TargetDumper(BaseDumper): - """ Class to get dumps from target, it only works with QemuRunner """ + """ Class to get dumps from target, it only works with QemuRunner. + Will give up permanently after 5 errors from running commands over + serial console. This helps to end testing when target is really dead, hanging + or unresponsive. + """ def __init__(self, cmds, parent_dir, runner): super(TargetDumper, self).__init__(cmds, parent_dir) self.runner = runner + self.errors = 0 def dump_target(self, dump_dir=""): + if self.errors >= 5: + print("Too many errors when dumping data from target, assuming it is dead! Will not dump data anymore!") + return if dump_dir: self.dump_dir = dump_dir for cmd in self.cmds: # We can continue with the testing if serial commands fail try: (status, output) = self.runner.run_serial(cmd) + if status == 0: + self.errors = self.errors + 1 self._write_dump(cmd.split()[0], output) except: + self.errors = self.errors + 1 print("Tried to dump info from target but " "serial console failed") print("Failed CMD: %s" % (cmd)) class MonitorDumper(BaseDumper): - """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner """ + """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner + Will stop completely if there are more than 5 errors when dumping monitor data. + This helps to end testing when target is really dead, hanging or unresponsive. + """ def __init__(self, cmds, parent_dir, runner): super(MonitorDumper, self).__init__(cmds, parent_dir) self.runner = runner + self.errors = 0 def dump_monitor(self, dump_dir=""): if self.runner is None: return if dump_dir: self.dump_dir = dump_dir + if self.errors >= 5: + print("Too many errors when dumping data from qemu monitor, assuming it is dead! Will not dump data anymore!") + return for cmd in self.cmds: cmd_name = cmd.split()[0] try: @@ -137,4 +155,5 @@ class MonitorDumper(BaseDumper): output = self.runner.run_monitor(cmd_name) self._write_dump(cmd_name, output) except Exception as e: + self.errors = self.errors + 1 print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e)) diff --git a/poky/meta/lib/oeqa/utils/httpserver.py b/poky/meta/lib/oeqa/utils/httpserver.py index 8ce1dd42f4..5860b0a383 100644 --- a/poky/meta/lib/oeqa/utils/httpserver.py +++ b/poky/meta/lib/oeqa/utils/httpserver.py @@ -40,6 +40,12 @@ class HTTPService(object): self.port = self.server.server_port self.process = multiprocessing.Process(target=self.server.server_start, args=[self.root_dir, self.logger]) + def handle_error(self, request, client_address): + import traceback + exception = traceback.format_exc() + self.logger.warn("Exception when handling %s: %s" % (request, exception)) + self.server.handle_error = handle_error + # The signal handler from testimage.bbclass can cause deadlocks here # if the HTTPServer is terminated before it can restore the standard #signal behaviour diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 6a85f57e49..a455b3b389 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -198,7 +198,7 @@ class QemuRunner: qmp_file = "." + next(tempfile._get_candidate_names()) qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file) qmp_port = self.tmpdir + "/" + qmp_file - # Create a second socket connection for debugging use, + # Create a second socket connection for debugging use, # note this will NOT cause qemu to block waiting for the connection qmp_file2 = "." + next(tempfile._get_candidate_names()) qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2) @@ -346,6 +346,8 @@ class QemuRunner: return False try: + # set timeout value for all QMP calls + self.qmp.settimeout(self.runqemutime) self.qmp.connect() connect_time = time.time() self.logger.info("QMP connected to QEMU at %s and took %s seconds" % @@ -463,6 +465,8 @@ class QemuRunner: socklist.remove(self.server_socket) self.logger.debug("Connection from %s:%s" % addr) else: + # try to avoid reading only a single character at a time + time.sleep(0.1) data = data + sock.recv(1024) if data: bootlog += data @@ -507,7 +511,7 @@ class QemuRunner: (status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True, timeout=120) if re.search(self.boot_patterns['search_login_succeeded'], output): self.logged = True - self.logger.debug("Logged as root in serial console") + self.logger.debug("Logged in as %s in serial console" % self.boot_patterns['send_login_user'].replace("\n", "")) if netconf: # configure guest networking cmd = "ifconfig eth0 %s netmask %s up\n" % (self.ip, self.netmask) @@ -518,7 +522,7 @@ class QemuRunner: self.logger.debug("Couldn't configure guest networking") else: self.logger.warning("Couldn't login into serial console" - " as root using blank password") + " as %s using blank password" % self.boot_patterns['send_login_user'].replace("\n", "")) self.logger.warning("The output:\n%s" % output) except: self.logger.warning("Serial console failed while trying to login") @@ -538,10 +542,13 @@ class QemuRunner: except OSError as e: if e.errno != errno.ESRCH: raise - endtime = time.time() + self.runqemutime - while self.runqemu.poll() is None and time.time() < endtime: - time.sleep(1) - if self.runqemu.poll() is None: + try: + outs, errs = self.runqemu.communicate(timeout = self.runqemutime) + if outs: + self.logger.info("Output from runqemu:\n%s", outs.decode("utf-8")) + if errs: + self.logger.info("Stderr from runqemu:\n%s", errs.decode("utf-8")) + except TimeoutExpired: self.logger.debug("Sending SIGKILL to runqemu") os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL) if not self.runqemu.stdout.closed: @@ -618,6 +625,7 @@ class QemuRunner: def run_monitor(self, command, args=None, timeout=60): if hasattr(self, 'qmp') and self.qmp: + self.qmp.settimeout(timeout) if args is not None: return self.qmp.cmd(command, args) else: @@ -645,6 +653,8 @@ class QemuRunner: except InterruptedError: continue if sread: + # try to avoid reading single character at a time + time.sleep(0.1) answer = self.server_socket.recv(1024) if answer: data += answer.decode('utf-8') diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000000..efa00a3c6c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,115 @@ +From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d09bb38..876b5b6 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8c..0d9603f 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include <grub/symbol.h> + #include <grub/types.h> + #include <grub/video.h> ++#include <grub/safemath.h> + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89b..bb0f826 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + #error gcc 5.1 or newer or clang 3.8 or newer is required + #endif diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch new file mode 100644 index 0000000000..727c509694 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch @@ -0,0 +1,85 @@ +From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang <zhangboyang.id@gmail.com> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] +CVE: CVE-2022-2601 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 876b5b6..0ff5525 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000000..5741e53f42 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -0,0 +1,86 @@ +From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 11:48:58 +0100 +Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex() + +This ports the EFI chainloader to use grub_loader_set_ex() in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader() is executed +more than once before a boot attempt is performed. + +Fixes: CVE-2022-28736 + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28736 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d1602c89b..7557eb269 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + +@@ -64,8 +63,9 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_boot_services_t *b; + grub_efi_status_t status; + grub_efi_uintn_t exit_data_size; +@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_physical_address_t address = 0; + grub_efi_uintn_t pages = 0; + grub_efi_char16_t *cmdline = NULL; ++ grub_efi_handle_t image_handle = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + return 0; + + fail: +@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + + if (image_handle != NULL) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = NULL; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch new file mode 100644 index 0000000000..853efd0486 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch @@ -0,0 +1,95 @@ +From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens <dja@axtens.net> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] +CVE: CVE-2022-3775 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 0ff5525..7b1cbde 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch new file mode 100644 index 0000000000..a2c0530f04 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch @@ -0,0 +1,168 @@ +From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:58:28 +0100 +Subject: [PATCH] commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set() a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API, grub_loader_set_ex(), which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset() before mutating their +global context. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++----- + include/grub/loader.h | 5 +++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e94..61514788e 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *context); ++static grub_err_t (*grub_loader_unload_func) (void *context); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set() fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b20864282..97f231054 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch new file mode 100644 index 0000000000..a43025d425 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch @@ -0,0 +1,129 @@ +From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:02:04 +0100 +Subject: [PATCH] loader/efi/chainloader: Simplify the loader state + +The chainloader command retains the source buffer and device path passed +to LoadImage(), requiring the unload hook passed to grub_loader_set() to +free them. It isn't required to retain this state though - they aren't +required by StartImage() or anything else in the boot hook, so clean them +up before grub_cmd_chainloader() finishes. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 2bd80f4db..d1602c89b 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; + + static grub_err_t + grub_chainloader_unload (void) + { ++ grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ + b = grub_efi_system_table->boot_services; + efi_call_1 (b->unload_image, image_handle); +- efi_call_2 (b->free_pages, address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = NULL, *file_path = NULL; + grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_physical_address_t address = 0; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- + b = grub_efi_system_table->boot_services; + + file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); +@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (file); + grub_device_close (dev); + ++ /* We're finished with the source image buffer and file path now. */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + return 0; + +@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (file) + grub_file_close (file); + ++ grub_free (cmdline); + grub_free (file_path); + + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (image_handle != NULL) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = NULL; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 2545b99b6a..bf7aba6b1c 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -34,6 +34,12 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ + file://loader-efi-chainloader-Simplify-the-loader-state.patch \ + file://commands-boot-Add-API-to-pass-context-to-loader.patch \ + file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" @@ -50,8 +56,8 @@ COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}" # Grub doesn't support hard float toolchain and won't be able to forcefully # disable it on some of the target CPUs. See 'configure.ac' for # supported/unsupported CPUs in hardfp. -COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" -COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" # configure.ac has code to set this automagically from the target tuple # but the OE freeform one (core2-foo-bar-linux) don't work with that. diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc index 5705e5835b..4a8d93f70a 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc @@ -32,7 +32,7 @@ do_savedefconfig() { } do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure - +UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}" do_compile () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk @@ -336,7 +336,7 @@ do_deploy () { if [ -n "${UBOOT_DTB}" ] then - install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/ + install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/ fi } diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9 index 968679ff7f..968679ff7f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch index aa3642acec..aa3642acec 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service index cda56ef015..cda56ef015 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb index 4ab11486bf..55a06eae5f 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb @@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" SECTION = "console/network" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408" DEPENDS = "openssl libcap zlib libuv" @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981" +SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index f07e318897..a8eaba1dd6 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -68,6 +68,8 @@ EXTRA_OECONF = "\ --without-zsh-completion-dir \ " +CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\"" + # bluez5 builds a large number of useful utilities but does not # install them. Specify which ones we want put into ${PN}-noinst-tools. NOINST_TOOLS_READLINE ??= "" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index ab6ffe986c..579fa95df7 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -13,8 +13,13 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ + file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ + file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \ + file://0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch \ file://dhcpcd.service \ file://dhcpcd@.service \ + file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ " SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..6f90c88249 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch @@ -0,0 +1,82 @@ +From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Nov 2022 16:33:18 +0800 +Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd + +systemd's resolvconf implementation ignores the protocol part. +See https://github.com/systemd/systemd/issues/25032. + +When using 'dhcp server + dns server + dhcpcd + systemd', we +get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', +yet systemd's resolvconf treats it as eth0. This will delete the +DNS information set by 'resolvconf -a eth0.dhcp'. + +Fortunately, 20-resolv.conf has the ability to build the resolv.conf +file contents itself. We can just pass the generated contents to +systemd's resolvconf. This way, the DNS information is not incorrectly +deleted. Also, it does not cause behavior regression for dhcpcd +in other cases. + +Upstream-Status: Inappropriate [OE Specific] +This patch has been rejected by dhcpcd upstream. +See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + hooks/20-resolv.conf | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf +index 504a6c53..eb6e5845 100644 +--- a/hooks/20-resolv.conf ++++ b/hooks/20-resolv.conf +@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" + NL=" + " + : ${resolvconf:=resolvconf} ++resolvconf_from_systemd=false + if type "$resolvconf" >/dev/null 2>&1; then + have_resolvconf=true ++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then ++ resolvconf_from_systemd=true ++ fi + else + have_resolvconf=false + fi +@@ -69,8 +73,13 @@ build_resolv_conf() + else + echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" + fi +- if change_file /etc/resolv.conf "$cf"; then +- chmod 644 /etc/resolv.conf ++ if $resolvconf_from_systemd; then ++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" ++ "$resolvconf" -a "$ifname" <"$cf" ++ else ++ if change_file /etc/resolv.conf "$cf"; then ++ chmod 644 /etc/resolv.conf ++ fi + fi + rm -f "$cf" + } +@@ -170,7 +179,7 @@ add_resolv_conf() + for x in ${new_domain_name_servers}; do + conf="${conf}nameserver $x$NL" + done +- if $have_resolvconf; then ++ if $have_resolvconf && ! $resolvconf_from_systemd; then + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" + printf %s "$conf" | "$resolvconf" -a "$ifname" + return $? +@@ -186,7 +195,7 @@ add_resolv_conf() + + remove_resolv_conf() + { +- if $have_resolvconf; then ++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then + "$resolvconf" -d "$ifname" -f + else + if [ -e "$resolv_conf_dir/$ifname" ]; then +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch new file mode 100644 index 0000000000..12998aada4 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch @@ -0,0 +1,46 @@ +From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Fri, 10 Mar 2023 03:48:46 +0000 +Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. + +Error: Transaction test error: + file /usr/share/man/man8/dhcpcd.8 conflicts between attempted + installs of dhcpcd-doc-9.4.1-r0.cortexa57 and + lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon + +The differences between the two files are as follows: +@@ -821,7 +821,7 @@ + If you always use the same options, put them here. + .It Pa /usr/libexec/dhcpcd-run-hooks + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa /usr/lib64/dhcpcd/dev ++.It Pa /usr/lib/dhcpcd/dev + Linux + .Pa /dev + management modules. + +It is just a man file, there is no necessary to manage multiple +versions. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + src/dhcpcd.8.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in +index bc6b3b5..791f2ba 100644 +--- a/src/dhcpcd.8.in ++++ b/src/dhcpcd.8.in +@@ -821,7 +821,7 @@ Configuration file for dhcpcd. + If you always use the same options, put them here. + .It Pa @SCRIPT@ + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa @LIBDIR@/dhcpcd/dev ++.It Pa /usr/<libdir>/dhcpcd/dev + Linux + .Pa /dev + management modules. +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch new file mode 100644 index 0000000000..68ab93416a --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch @@ -0,0 +1,30 @@ +From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Fri, 26 Aug 2022 09:08:36 +0100 +Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc + +Fixes #120 + +Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index b238644b..479a1d82 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_getpid + SECCOMP_ALLOW(__NR_getpid), + #endif ++#ifdef __NR_getrandom ++ SECCOMP_ALLOW(__NR_getrandom), ++#endif + #ifdef __NR_getsockopt + /* For route socket overflow */ + SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET), +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch new file mode 100644 index 0000000000..1c514f9b8c --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch @@ -0,0 +1,34 @@ +From 7a2d9767585ed2c407d4985bd2d81552034fb90a Mon Sep 17 00:00:00 2001 +From: CHEN Xiangyu <xiangyu.chen@aol.com> +Date: Thu, 9 Feb 2023 18:41:52 +0800 +Subject: [PATCH] privsep-linux: fix SECCOMP_AUDIT_ARCH missing ppc64le (#181) + +when dhcpcd running on ppc64le platform, it would be killed by SIGSYS. + +Upstream-Status: Backport [7a2d9767585ed2c407d4985bd2d81552034fb90a] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + src/privsep-linux.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 7372d26b..6a301950 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -232,7 +232,11 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol, struct msghdr *msg) + #elif defined(__or1k__) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_OPENRISC + #elif defined(__powerpc64__) +-# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64 ++# if (BYTE_ORDER == LITTLE_ENDIAN) ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE ++# else ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64 ++# endif + #elif defined(__powerpc__) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC + #elif defined(__riscv) +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch new file mode 100644 index 0000000000..c5d2cba305 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch @@ -0,0 +1,31 @@ +From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Fri, 26 Aug 2022 09:24:50 +0100 +Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well + +Allows newer glibc variants to work apparently. +As reported in #84 and #89. + +Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 479a1d82..6327b1bc 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_nanosleep + SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ + #endif ++#ifdef __NR_newfstatat ++ SECCOMP_ALLOW(__NR_newfstatat), ++#endif + #ifdef __NR_ppoll + SECCOMP_ALLOW(__NR_ppoll), + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch deleted file mode 100644 index 3b07515c7b..0000000000 --- a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch +++ /dev/null @@ -1,54 +0,0 @@ -From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001 -From: Erik Auerswald <auerswal@unix-ag.uni-kl.de> -Date: Sat, 3 Sep 2022 16:58:16 +0200 -Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt - -Fix telnetd crash if the first two bytes of a new connection -are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). - -The problem was reported in: -<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>. - -* NEWS: Mention fix. -* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and -zero slctab[SLC_EL].sptr. - -CVE: CVE-2022-39028 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - telnetd/state.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/telnetd/state.c b/telnetd/state.c -index ffc6cba..c2d760f 100644 ---- a/telnetd/state.c -+++ b/telnetd/state.c -@@ -312,15 +312,21 @@ telrcv (void) - case EC: - case EL: - { -- cc_t ch; -+ cc_t ch = (cc_t) (_POSIX_VDISABLE); - - DEBUG (debug_options, 1, printoption ("td: recv IAC", c)); - ptyflush (); /* half-hearted */ - init_termbuf (); - if (c == EC) -- ch = *slctab[SLC_EC].sptr; -+ { -+ if (slctab[SLC_EC].sptr) -+ ch = *slctab[SLC_EC].sptr; -+ } - else -- ch = *slctab[SLC_EL].sptr; -+ { -+ if (slctab[SLC_EL].sptr) -+ ch = *slctab[SLC_EL].sptr; -+ } - if (ch != (cc_t) (_POSIX_VDISABLE)) - pty_output_byte ((unsigned char) ch); - break; --- -2.37.3 - diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index 2fce84374d..6519331141 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb @@ -10,7 +10,7 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI[sha256sum] = "0b01bb08e29623c4e3b940f233c961451d9af8c5066301add76a52a95d51772c" +SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ file://inetutils-1.8-0003-wchar.patch \ @@ -21,7 +21,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ - file://CVE-2022-39028.patch \ " inherit autotools gettext update-alternatives texinfo diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 78f475a495..451b409c88 100644 --- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -12,7 +12,7 @@ Subject: [PATCH] There are conflict of config files between kea and lib32-kea: Because they are all commented out, replace the expanded libdir path with '$libdir' in the config files to avoid conflict. -Upstream-Status: Pending +Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] Signed-off-by: Kai Kang <kai.kang@windriver.com> --- diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb index 4c1b8eed56..27e79276b5 100644 --- a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb +++ b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d" SRCREV = "0c1fa696aa502eb749c2c4735005f41ba00a27b8" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https" +SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 2cc92b7b47..e802bcee18 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5" -PV = "20220725" +SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f" +PV = "20221107" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb index b63ea2b137..689952e857 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb @@ -52,15 +52,12 @@ SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -PACKAGECONFIG ??= "rng-tools" +PACKAGECONFIG ??= "" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" -# Add RRECOMMENDS to rng-tools for sshd package -PACKAGECONFIG[rng-tools] = "" - EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd @@ -160,10 +157,6 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS:${PN}-sshd:append:class-target = "\ - ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ -" - # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch new file mode 100644 index 0000000000..3b94c48e8d --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch @@ -0,0 +1,225 @@ +From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001 +From: Pauli <pauli@openssl.org> +Date: Wed, 8 Mar 2023 15:28:20 +1100 +Subject: [PATCH] x509: excessive resource use verifying policy constraints + +A security vulnerability has been identified in all supported versions +of OpenSSL related to the verification of X.509 certificate chains +that include policy constraints. Attackers may be able to exploit this +vulnerability by creating a malicious certificate chain that triggers +exponential use of computational resources, leading to a denial-of-service +(DoS) attack on affected systems. + +Fixes CVE-2023-0464 + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/20568) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1] +CVE: CVE-2023-0464 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + crypto/x509/pcy_local.h | 8 +++++++- + crypto/x509/pcy_node.c | 12 +++++++++--- + crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++---------- + 3 files changed, 42 insertions(+), 14 deletions(-) + +diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h +index 18b53cc..cba107c 100644 +--- a/crypto/x509/pcy_local.h ++++ b/crypto/x509/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void ossl_policy_node_free(X509_POLICY_NODE *node); + int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c +index 9d9a7ea..450f95a 100644 +--- a/crypto/x509/pcy_node.c ++++ b/crypto/x509/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c +index fa45da5..f953a05 100644 +--- a/crypto/x509/pcy_tree.c ++++ b/crypto/x509/pcy_tree.c +@@ -14,6 +14,17 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + static void expected_print(BIO *channel, + X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) +@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + if ((data = ossl_policy_data_new(NULL, + OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { ++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { + ossl_policy_data_free(data); + goto bad_tree; + } +@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (ossl_policy_node_match(last, node, data->valid_policy)) { +- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { ++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { + ossl_policy_data_free(data); + return 0; + } +@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + /* Finally add link to anyPolicy */ + if (last->anyPolicy && + ossl_policy_level_add_node(curr, cache->anyPolicy, +- last->anyPolicy, NULL) == NULL) ++ last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; + node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, +- tree); ++ tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = ossl_policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch new file mode 100644 index 0000000000..57fd494464 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch @@ -0,0 +1,56 @@ +From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau <hlandau@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/20587) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb] +CVE: CVE-2023-0465 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + crypto/x509/x509_vfy.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 9384f1d..a0282c3 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) + goto memerr; + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + ++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) ++ cbcalled = 1; + CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, + ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch new file mode 100644 index 0000000000..a16bfe42ca --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch @@ -0,0 +1,50 @@ +From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tomas@openssl.org> +Date: Tue, 21 Mar 2023 16:15:47 +0100 +Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() + +The function was incorrectly documented as enabling policy checking. + +Fixes: CVE-2023-0466 + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Paul Dale <pauli@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/20563) + +Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908] +CVE: CVE-2023-0466 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 75a1677..43c1900 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. +-- +2.35.7 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb index 45fd1de2fd..82f3e18dd7 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb @@ -12,13 +12,16 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2023-0464.patch \ + file://CVE-2023-0465.patch \ + file://CVE-2023-0466.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e" +SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch new file mode 100644 index 0000000000..4325b1d6b0 --- /dev/null +++ b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch @@ -0,0 +1,48 @@ +From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Thu, 4 Aug 2022 12:23:08 +1000 +Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer + +This fixes a potential vulnerability where data is written to spkt.buf +and rpkt.buf without a check on the array index. To fix this, we +check the array index (pkt->cnt) before storing the byte or +incrementing the count. This also means we no longer have a potential +signed integer overflow on the increment of pkt->cnt. + +Fortunately, pppdump is not used in the normal process of setting up a +PPP connection, is not installed setuid-root, and is not invoked +automatically in any scenario that I am aware of. + +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + pppdump/pppdump.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c +index 2b815fc9..b85a8627 100644 +--- a/pppdump/pppdump.c ++++ b/pppdump/pppdump.c +@@ -297,6 +297,10 @@ dumpppp(f) + printf("%s aborted packet:\n ", dir); + q = " "; + } ++ if (pkt->cnt >= sizeof(pkt->buf)) { ++ printf("%s over-long packet truncated:\n ", dir); ++ q = " "; ++ } + nb = pkt->cnt; + p = pkt->buf; + pkt->cnt = 0; +@@ -400,7 +404,8 @@ dumpppp(f) + c ^= 0x20; + pkt->esc = 0; + } +- pkt->buf[pkt->cnt++] = c; ++ if (pkt->cnt < sizeof(pkt->buf)) ++ pkt->buf[pkt->cnt++] = c; + break; + } + } diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb index 700ece61dc..7e3ae43b58 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb @@ -25,6 +25,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://provider \ file://ppp@.service \ file://0001-ppp-fix-build-against-5.15-headers.patch \ + file://CVE-2022-4603.patch \ " SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch @@ -0,0 +1,37 @@ +From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Nov 2022 17:26:30 +0800 +Subject: [PATCH] avoid using -m option for readlink + +Use a more widely used option '-f' instead of '-m' here to +avoid dependency on coreutils. + +Looking at the git history of the resolvconf repo, the '-m' +is deliberately used. And it wants to depend on coreutils. +But in case of OE, the existence of /etc is ensured, and busybox +readlink provides '-f' option, so we can just use '-f'. In this +way, the coreutils dependency is not necessary any more. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + etc/resolvconf/update.d/libc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc +index 1c4f6bc..f75d22c 100755 +--- a/etc/resolvconf/update.d/libc ++++ b/etc/resolvconf/update.d/libc +@@ -57,7 +57,7 @@ fi + report_warning() { echo "$0: Warning: $*" >&2 ; } + + resolv_conf_is_symlinked_to_dynamic_file() { +- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] ++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] + } + + if ! resolv_conf_is_symlinked_to_dynamic_file ; then +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb index 94fd2c1a70..3f1b75d07d 100644 --- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb @@ -9,10 +9,11 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS:${PN} = "bash" +RDEPENDS:${PN} = "bash sed util-linux-flock" SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://99_resolvconf \ + file://0001-avoid-using-m-option-for-readlink.patch \ " SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1" @@ -23,8 +24,6 @@ S = "${WORKDIR}/git" # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" -inherit allarch - do_compile () { : } @@ -39,12 +38,14 @@ do_install () { fi install -d ${D}${base_libdir}/${BPN} install -d ${D}${sysconfdir}/${BPN} + install -d ${D}${nonarch_base_libdir}/${BPN} ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${sysconfdir} ${D}${base_sbindir} install -d ${D}${mandir}/man8 ${D}${docdir}/${P} cp -pPR etc/resolvconf ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir}/ install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} install -d ${D}/${sysconfdir}/network/if-up.d install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf @@ -64,4 +65,4 @@ pkg_postinst:${PN} () { fi } -FILES:${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch deleted file mode 100644 index fbfb0816dd..0000000000 --- a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch +++ /dev/null @@ -1,35 +0,0 @@ -From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Mon, 17 Jan 2022 13:21:32 +0100 -Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK - -AC_TRY_COMPILE won't error out if the function is altogether absent -(e.g. on linux musl C library), the test needs to link all the way. - -Upstream-Status: Submitted [via email to socat@dest-unreach.org] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d4acc9e..973a7f2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror) - # getprotobynumber_r() is not standardized - AC_MSG_CHECKING(for getprotobynumber_r() variant) - AC_CACHE_VAL(sc_cv_getprotobynumber_r, --[AC_TRY_COMPILE([#include <stddef.h> -+[AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);], - [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux], -- [AC_TRY_COMPILE([#include <stddef.h> -+ [AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);], - [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris], -- [AC_TRY_COMPILE([#include <stddef.h> -+ [AC_TRY_LINK([#include <stddef.h> - #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);], - [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX], - diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb index a4a0a8933e..5a379380d1 100644 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb +++ b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb @@ -9,11 +9,9 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ - file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \ - " +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2" -SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007" +SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac" inherit autotools diff --git a/poky/meta/recipes-core/base-files/base-files/hosts b/poky/meta/recipes-core/base-files/base-files/hosts index b94f414d5c..10a5b6c704 100644 --- a/poky/meta/recipes-core/base-files/base-files/hosts +++ b/poky/meta/recipes-core/base-files/base-files/hosts @@ -1,4 +1,4 @@ -127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc index 5f1c473d5e..f5d7c3f9c8 100644 --- a/poky/meta/recipes-core/busybox/busybox.inc +++ b/poky/meta/recipes-core/busybox/busybox.inc @@ -34,6 +34,7 @@ INITSCRIPT_PACKAGES = "${PN}-httpd ${PN}-syslog ${PN}-udhcpd ${PN}-mdev ${PN}-hw INITSCRIPT_NAME:${PN}-httpd = "busybox-httpd" INITSCRIPT_NAME:${PN}-hwclock = "hwclock.sh" +INITSCRIPT_PARAMS:${PN}-hwclock = "start 40 S . stop 20 0 1 6 ." INITSCRIPT_NAME:${PN}-mdev = "mdev" INITSCRIPT_PARAMS:${PN}-mdev = "start 04 S ." INITSCRIPT_NAME:${PN}-syslog = "syslog" @@ -138,19 +139,26 @@ do_configure () { do_prepare_config merge_config.sh -m .config ${@" ".join(find_cfgs(d))} cml1_do_configure + + # Save a copy of .config and autoconf.h. + cp .config .config.orig + cp include/autoconf.h include/autoconf.h.orig } do_compile() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS export KCONFIG_NOTIMESTAMP=1 + # Ensure we start do_compile with the original .config and autoconf.h. + # These files should always have matching timestamps. + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h + if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then + # Guard againt interrupted do_compile: clean temporary files. + rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + # split the .config into two parts, and make two busybox binaries - if [ -e .config.orig ]; then - # Need to guard again an interrupted do_compile - restore any backup - cp .config.orig .config - fi - cp .config .config.orig oe_runmake busybox.cfg.suid oe_runmake busybox.cfg.nosuid @@ -187,15 +195,18 @@ do_compile() { bbfatal "busybox suid binary incorrectly provides /bin/sh" fi - # copy .config.orig back to .config, because the install process may check this file - cp .config.orig .config # cleanup - rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps else oe_runmake busybox_unstripped cp busybox_unstripped busybox oe_runmake busybox.links fi + + # restore original .config and autoconf.h, because the install process + # may check these files + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h } do_install () { diff --git a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch index 354f83a4a5..d76118f85b 100644 --- a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch +++ b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch @@ -21,7 +21,7 @@ index bb42bbe..aa5a2de 100644 /* Arbitrary. Was sb->st_size, but that breaks .gz etc */ size_t len = (64*1024*1024 - 4096); -+ if (strstr(fname, ".debug") == NULL) ++ if (strstr(fname, ".debug") != NULL) + return TRUE; + if (strrstr(fname, ".ko") == NULL) diff --git a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb index 0046b9fda2..a6e18a92cb 100644 --- a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb +++ b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb @@ -6,16 +6,17 @@ SECTION = "base" inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome LICENSE = "AFL-2.1 | GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8" +LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \ + file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8 \ + " SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \ file://run-ptest \ file://tmpdir.patch \ file://dbus-1.init \ -" + " -SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4" +SRC_URI[sha256sum] = "fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b" EXTRA_OECONF = "--disable-xml-docs \ --disable-doxygen-docs \ @@ -182,3 +183,5 @@ do_install:class-nativesdk() { rm -rf ${D}${localstatedir}/run } BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT += "d-bus_project:d-bus" diff --git a/poky/meta/recipes-core/expat/expat_2.4.9.bb b/poky/meta/recipes-core/expat/expat_2.5.0.bb index 9561edd84f..aa8d439d5f 100644 --- a/poky/meta/recipes-core/expat/expat_2.4.9.bb +++ b/poky/meta/recipes-core/expat/expat_2.5.0.bb @@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" -SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a" +SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb index c71c0831c6..bb6ef06162 100644 --- a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb +++ b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb @@ -16,7 +16,6 @@ python __anonymous() { d.setVar("PACKAGES", "${PN} ${PN}-ptest") d.setVar("PROVIDES", "${PN} ${PN}-ptest") - d.setVar("RPROVIDES", "${PN} ${PN}-ptest") bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", "").strip() d.setVar("BBCLASSEXTEND", bbclassextend) @@ -29,6 +28,7 @@ python __anonymous() { RPROVIDES:${PN} = "${PN}" RRECOMMENDS:${PN} = "" RDEPENDS:${PN} = " glibc sed" +RDEPENDS:${PN}-ptest = "${PN}" DEPENDS += "sed" export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/" diff --git a/poky/meta/recipes-core/glibc/glibc.inc b/poky/meta/recipes-core/glibc/glibc.inc index fdd241d973..3b940b8ab2 100644 --- a/poky/meta/recipes-core/glibc/glibc.inc +++ b/poky/meta/recipes-core/glibc/glibc.inc @@ -1,7 +1,9 @@ require glibc-common.inc require glibc-ld.inc -DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers" +DEPENDS = "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}binutils${BUSUFFIX} libgcc-initial linux-libc-headers" +BUSUFFIX= "" +BUSUFFIX:class-nativesdk = "-crosssdk" PROVIDES = "virtual/libc" PROVIDES += "virtual/libintl virtual/libiconv" diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb index 57d4152a39..7096bc94d7 100644 --- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb +++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb @@ -16,7 +16,7 @@ SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=mast file://0001-ifupdown-skip-wrong-test-case.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \ " -SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518" +SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index f3f2bb2da1..37681331bc 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,8 +24,8 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "4f942c272d4417b5b719df25b80a6a6b54669a73" -SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ +SRCREV ?= "1516e498fed8eecdb76c60b2cea1f4c17bce9363" +SRC_URI = "git://git.yoctoproject.org/poky;branch=langdale \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb index aa3ab6e121..7662b8f685 100644 --- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb +++ b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb @@ -18,6 +18,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \ SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683" +EXTRA_OECONF = "--disable-tests" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ " diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb index ec9f9f4fa3..ec9f9f4fa3 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index 39ba2636ff..61b0381076 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \ inherit autotools pkgconfig SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" -SRCREV = "50cf2b6dd4fdf04309445f2eec8de7051d953abf" +SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175" SRCBRANCH ?= "develop" SRC_URI += "file://fix_cflags_handling.patch" diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb index 79dba2f6dc..79dba2f6dc 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch new file mode 100644 index 0000000000..346ec37a9f --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch @@ -0,0 +1,624 @@ +From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: [PATCH] CVE-2022-40303 + +Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0] +CVE: CVE-2022-40303 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + parser.c | 233 +++++++++++++++++++++++++++++-------------------------- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index 1bc3713..0f76577 100644 +--- a/parser.c ++++ b/parser.c +@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + * * + ************************************************************************/ + ++#define XML_MAX_HUGE_LENGTH 1000000000 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +- errmsg = "Name too long use XML_PARSE_HUGE option"; ++ errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3346,7 +3352,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */ + (xmlIsNameChar(ctxt, c) && (c != ':'))) { + if (count++ > XML_PARSER_CHUNK_SIZE) { +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- return(NULL); +- } + count = 0; + GROW; + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + if (c == 0) { +@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3467,7 +3473,10 @@ static const xmlChar * + xmlParseNCName(xmlParserCtxtPtr ctxt) { + const xmlChar *in, *e; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNCName++; +@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { + goto complex; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + const xmlChar *cur = *str; + int len = 0, l; + int c; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseStringName++; +@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + COPY_BUF(l,buffer,len,c); + cur += l; + c = CUR_SCHAR(cur, l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + *str = cur; + return(buffer); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNmToken++; +@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((max > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + COPY_BUF(l,buffer,len,c); + NEXTL(l); + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + return(buffer); +@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + } + if (len == 0) + return(NULL); +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); + return(NULL); + } +@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int c, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlChar stop; + xmlChar *ret = NULL; + const xmlChar *cur = NULL; +@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + GROW; + c = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED, ++ "entity value too long\n"); ++ goto error; ++ } + } + buf[len] = 0; + if (ctxt->instate == XML_PARSER_EOF) +@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + xmlChar *rep = NULL; + size_t len = 0; + size_t buf_size = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + while (((NXT(0) != limit) && /* checked */ + (IS_CHAR(c)) && (c != '<')) && + (ctxt->instate != XML_PARSER_EOF)) { +- /* +- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE +- * special option is given +- */ +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } + if (c == '&') { + in_space = 0; + if (NXT(1) == '#') { +@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } + GROW; + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue length too long\n"); ++ goto mem_error; ++ } + } + if (ctxt->instate == XML_PARSER_EOF) + goto error; +@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } else + NEXT; + +- /* +- * There we potentially risk an overflow, don't allow attribute value of +- * length more than INT_MAX it is a very reasonable assumption ! +- */ +- if (len >= INT_MAX) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } +- + if (attlen != NULL) *attlen = (int) len; + return(buf); + +@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int cur, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar stop; + int state = ctxt->instate; + int count = 0; +@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); +- xmlFree(buf); +- ctxt->instate = (xmlParserInputState) state; +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); ++ xmlFree(buf); ++ ctxt->instate = (xmlParserInputState) state; ++ return(NULL); ++ } + } + buf[len] = 0; + ctxt->instate = (xmlParserInputState) state; +@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar cur; + xmlChar stop; + int count = 0; +@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + if (len + 1 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); +- xmlFree(buf); +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR; + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); ++ xmlFree(buf); ++ return(NULL); ++ } + } + buf[len] = 0; + if (cur != stop) { +@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + int r, rl; + int cur, l; + size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int inputid; + + inputid = ctxt->input->id; +@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + if ((r == '-') && (q == '-')) { + xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL); + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, +- "Comment too big found", NULL); +- xmlFree (buf); +- return; +- } + if (len + 5 >= size) { + xmlChar *new_buf; + size_t new_size; +@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + GROW; + cur = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, ++ "Comment too big found", NULL); ++ xmlFree (buf); ++ return; ++ } + } + buf[len] = 0; + if (cur == 0) { +@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t size = XML_PARSER_BUFFER_SIZE; + size_t len = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlParserInputState state; + const xmlChar *in; + size_t nbchar = 0; +@@ -4966,8 +4983,7 @@ get_more: + buf[len] = 0; + } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, + "Comment too big found", NULL); + xmlFree (buf); +@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t len = 0; + size_t size = XML_PARSER_BUFFER_SIZE; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int cur, l; + const xmlChar *target; + xmlParserInputState state; +@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + return; + } + count = 0; +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + } + COPY_BUF(l,buf,len,cur); + NEXTL(l); +@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + GROW; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, ++ "PI %s too big found", target); ++ xmlFree(buf); ++ ctxt->instate = state; ++ return; ++ } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + buf[len] = 0; + if (cur != '?') { + xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + const xmlChar *in = NULL, *start, *end, *last; + xmlChar *ret = NULL; + int line, col; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + GROW; + in = (xmlChar *) CUR_PTR; +@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + start = in; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + if ((*in++ == 0x20) && (*in == 0x20)) break; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + last = last + delta; + } + end = ctxt->input->end; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); + } + } + } +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + col++; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + } + } + last = in; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + int s, sl; + int cur, l; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + /* Check 2.6.0 was NXT(0) not RAW */ + if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) { +@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED, +- "CData section too big found", NULL); +- xmlFree (buf); +- return; +- } + tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar)); + if (tmp == NULL) { + xmlFree(buf); +@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + } + NEXTL(l); + cur = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED, ++ "CData section too big found\n"); ++ xmlFree(buf); ++ return; ++ } + } + buf[len] = 0; + ctxt->instate = XML_PARSER_CONTENT; +-- +2.25.1 + diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch new file mode 100644 index 0000000000..b24be03315 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch @@ -0,0 +1,106 @@ +From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 31 Aug 2022 22:11:25 +0200 +Subject: [PATCH] CVE-2022-40304 + +Fix dict corruption caused by entity reference cycles + +When an entity reference cycle is detected, the entity content is +cleared by setting its first byte to zero. But the entity content might +be allocated from a dict. In this case, the dict entry becomes corrupted +leading to all kinds of logic errors, including memory errors like +double-frees. + +Stop storing entity content, orig, ExternalID and SystemID in a dict. +These values are unlikely to occur multiple times in a document, so they +shouldn't have been stored in a dict in the first place. + +Thanks to Ned Williamson and Nathan Wachholz working with Google Project +Zero for the report! + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b] +CVE: CVE-2022-40304 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + entities.c | 55 ++++++++++++++++-------------------------------------- + 1 file changed, 16 insertions(+), 39 deletions(-) + +diff --git a/entities.c b/entities.c +index 1a8f86f..ec1b9a7 100644 +--- a/entities.c ++++ b/entities.c +@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity) + if ((entity->children) && (entity->owner == 1) && + (entity == (xmlEntityPtr) entity->children->parent)) + xmlFreeNodeList(entity->children); +- if (dict != NULL) { +- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name))) +- xmlFree((char *) entity->name); +- if ((entity->ExternalID != NULL) && +- (!xmlDictOwns(dict, entity->ExternalID))) +- xmlFree((char *) entity->ExternalID); +- if ((entity->SystemID != NULL) && +- (!xmlDictOwns(dict, entity->SystemID))) +- xmlFree((char *) entity->SystemID); +- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI))) +- xmlFree((char *) entity->URI); +- if ((entity->content != NULL) +- && (!xmlDictOwns(dict, entity->content))) +- xmlFree((char *) entity->content); +- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig))) +- xmlFree((char *) entity->orig); +- } else { +- if (entity->name != NULL) +- xmlFree((char *) entity->name); +- if (entity->ExternalID != NULL) +- xmlFree((char *) entity->ExternalID); +- if (entity->SystemID != NULL) +- xmlFree((char *) entity->SystemID); +- if (entity->URI != NULL) +- xmlFree((char *) entity->URI); +- if (entity->content != NULL) +- xmlFree((char *) entity->content); +- if (entity->orig != NULL) +- xmlFree((char *) entity->orig); +- } ++ if ((entity->name != NULL) && ++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name)))) ++ xmlFree((char *) entity->name); ++ if (entity->ExternalID != NULL) ++ xmlFree((char *) entity->ExternalID); ++ if (entity->SystemID != NULL) ++ xmlFree((char *) entity->SystemID); ++ if (entity->URI != NULL) ++ xmlFree((char *) entity->URI); ++ if (entity->content != NULL) ++ xmlFree((char *) entity->content); ++ if (entity->orig != NULL) ++ xmlFree((char *) entity->orig); + xmlFree(entity); + } + +@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type, + ret->SystemID = xmlStrdup(SystemID); + } else { + ret->name = xmlDictLookup(dict, name, -1); +- if (ExternalID != NULL) +- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1); +- if (SystemID != NULL) +- ret->SystemID = xmlDictLookup(dict, SystemID, -1); ++ ret->ExternalID = xmlStrdup(ExternalID); ++ ret->SystemID = xmlStrdup(SystemID); + } + if (content != NULL) { + ret->length = xmlStrlen(content); +- if ((dict != NULL) && (ret->length < 5)) +- ret->content = (xmlChar *) +- xmlDictLookup(dict, content, ret->length); +- else +- ret->content = xmlStrndup(content, ret->length); ++ ret->content = xmlStrndup(content, ret->length); + } else { + ret->length = 0; + ret->content = NULL; +-- +2.25.1 + diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb index a2ed8d71bc..947f5b18f5 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -13,7 +13,7 @@ DEPENDS = "zlib virtual/libiconv" inherit gnomebase -SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ +SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testtar \ file://libxml-64bit.patch \ file://runtest.patch \ file://run-ptest \ @@ -23,10 +23,12 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://remove-fuzz-from-ptests.patch \ file://libxml-m4-use-pkgconfig.patch \ file://0001-Port-gentest.py-to-Python-3.patch \ + file://CVE-2022-40303.patch \ + file://CVE-2022-40304.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" -SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" +SRC_URI[testtar.sha256sum] = "9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d" BINCONFIG = "${bindir}/xml2-config" diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb index 6b59e4934d..70d740b4e0 100644 --- a/poky/meta/recipes-core/meta/buildtools-tarball.bb +++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb @@ -67,12 +67,17 @@ create_sdk_files:append () { # Generate new (mini) sdk-environment-setup file script=${1:-${SDK_OUTPUT}/${SDKPATH}/environment-setup-${SDK_SYS}} touch $script - echo 'export PATH=${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH' >> $script + echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script fi + echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script + echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script + echo 'unset HOST_PKG_PATH' toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 9b9dbbd75f..e042e67b09 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,6 +21,8 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" # Timeout for blocking socket operations, such as the connection attempt. CVE_SOCKET_TIMEOUT ?= "60" +CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -32,25 +34,15 @@ python do_fetch() { """ import bb.utils import bb.progress - import sqlite3, urllib, urllib.parse, gzip - from datetime import date + import shutil bb.utils.export_proxies(d) - YEAR_START = 2002 - db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) + db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") - cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - - if os.path.exists("{0}-journal".format(db_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_file)) - - if os.path.exists(db_file): - os.remove(db_file) + cleanup_db_download(db_file, db_tmp_file) # The NVD database changes once a day, so no need to update more frequently # Allow the user to force-update @@ -68,9 +60,60 @@ python do_fetch() { pass bb.utils.mkdirhier(db_dir) + if os.path.exists(db_file): + shutil.copy2(db_file, db_tmp_file) + + if update_db_file(db_tmp_file, d) == True: + # Update downloaded correctly, can swap files + shutil.move(db_tmp_file, db_file) + else: + # Update failed, do not modify the database + bb.note("CVE database update failed") + os.remove(db_tmp_file) +} + +do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" + +def cleanup_db_download(db_file, db_tmp_file): + """ + Cleanup the download space from possible failed downloads + """ + + # Clean up the updates done on the main file + # Remove it only if a journal file exists - it means a complete re-download + if os.path.exists("{0}-journal".format(db_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_file)) + + if os.path.exists(db_file): + os.remove(db_file) + + # Clean-up the temporary file downloads, we can remove both journal + # and the temporary database + if os.path.exists("{0}-journal".format(db_tmp_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_tmp_file)) + + if os.path.exists(db_tmp_file): + os.remove(db_tmp_file) + +def update_db_file(db_tmp_file, d): + """ + Update the given database file + """ + import bb.utils, bb.progress + from datetime import date + import urllib, gzip, sqlite3 + + YEAR_START = 2002 + cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) # Connect to database - conn = sqlite3.connect(db_file) + conn = sqlite3.connect(db_tmp_file) initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: @@ -87,8 +130,11 @@ python do_fetch() { response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) - return + bb.warn("Failed to fetch CVE data (%s)" % e) + import socket + result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) + bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) + return False if response: for l in response.read().decode("utf-8").splitlines(): @@ -98,7 +144,7 @@ python do_fetch() { break else: bb.warn("Cannot parse CVE metadata, update failed") - return + return False # Compare with current db last modified date cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) @@ -119,7 +165,7 @@ python do_fetch() { except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) - return + return False else: bb.debug(2, "Already up to date (last modified %s)" % last_modified) # Update success, set the date to cve_check file. @@ -128,11 +174,7 @@ python do_fetch() { conn.commit() conn.close() -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" + return True def initialize_db(conn): with conn: diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 89d9ffab5e..0c3df4fc44 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -10,7 +10,7 @@ tools. The BBAKE_EDK_TOOLS_PATH string is used as a pattern to be replaced with the appropriate location before building. Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> -Upstream-Status: Pending +Upstream-Status: Inappropriate [oe-core cross compile specific] --- OvmfPkg/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index f6141c8af5..2293d7e938 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -6,8 +6,13 @@ Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build using the bitbake native sysroot include and library directories. +Note from Alex: this is not appropriate for upstream submission as +the recipe already does lots of similar in-place fixups elsewhere, so +this patch shold be converted to follow that pattern. We're not going +to fight against how upstream wants to configure the build. + Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> -Upstream-Status: Pending +Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups] --- BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/poky/meta/recipes-core/psplash/files/psplash-start.service b/poky/meta/recipes-core/psplash/files/psplash-start.service index 36c2bb38e0..bec9368427 100644 --- a/poky/meta/recipes-core/psplash/files/psplash-start.service +++ b/poky/meta/recipes-core/psplash/files/psplash-start.service @@ -2,6 +2,7 @@ Description=Start psplash boot splash screen DefaultDependencies=no RequiresMountsFor=/run +ConditionFileIsExecutable=/usr/bin/psplash [Service] Type=notify diff --git a/poky/meta/recipes-core/psplash/files/psplash-systemd.service b/poky/meta/recipes-core/psplash/files/psplash-systemd.service index 082207f232..e93e3deb35 100644 --- a/poky/meta/recipes-core/psplash/files/psplash-systemd.service +++ b/poky/meta/recipes-core/psplash/files/psplash-systemd.service @@ -4,6 +4,7 @@ DefaultDependencies=no After=psplash-start.service Requires=psplash-start.service RequiresMountsFor=/run +ConditionFileIsExecutable=/usr/bin/psplash [Service] ExecStart=/usr/bin/psplash-systemd diff --git a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb index b67706b731..b67706b731 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 71eb93f23a..3bb6b0efe6 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -14,7 +14,7 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "2a674b4b66af1a050a0362b646d2fca90c90112e" +SRCREV = "ae8b249af4acb055f920134f2ac584c4cbc86e3b" SRCBRANCH = "v251-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \ " diff --git a/poky/meta/recipes-core/systemd/systemd_251.4.bb b/poky/meta/recipes-core/systemd/systemd_251.8.bb index 910ea71bf6..991da07368 100644 --- a/poky/meta/recipes-core/systemd/systemd_251.4.bb +++ b/poky/meta/recipes-core/systemd/systemd_251.8.bb @@ -144,7 +144,7 @@ PACKAGECONFIG[hostnamed] = "-Dhostnamed=true,-Dhostnamed=false" PACKAGECONFIG[idn] = "-Didn=true,-Didn=false" PACKAGECONFIG[ima] = "-Dima=true,-Dima=false" # importd requires journal-upload/xz/zlib/bzip2/gcrypt -PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false" +PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0" # Update NAT firewall rules PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables" PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl" @@ -217,7 +217,7 @@ rootlibdir ?= "${base_libdir}" rootlibexecdir = "${rootprefix}/lib" EXTRA_OEMESON += "-Dnobody-user=nobody \ - -Dnobody-group=nobody \ + -Dnobody-group=nogroup \ -Drootlibdir=${rootlibdir} \ -Drootprefix=${rootprefix} \ -Ddefault-locale=C \ @@ -395,11 +395,13 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service" USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ + udev \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ " GROUPADD_PARAM:${PN} = "-r systemd-journal;" +GROUPADD_PARAM:udev = "-r render;-r sgx;" GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" @@ -437,9 +439,9 @@ FILES:${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ ${rootlibexecdir}/systemd/systemd-binfmt \ ${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \ ${systemd_system_unitdir}/systemd-binfmt.service" -RRECOMMENDS:${PN}-binfmt = "kernel-module-binfmt-misc" +RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" -RRECOMMENDS:${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps" +RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ @@ -518,6 +520,8 @@ FILES:${PN}-extra-utils = "\ ${bindir}/systemd-path \ ${bindir}/systemd-run \ ${bindir}/systemd-cat \ + ${bindir}/systemd-creds \ + ${bindir}/systemd-cryptenroll \ ${bindir}/systemd-delta \ ${bindir}/systemd-cgls \ ${bindir}/systemd-cgtop \ diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch deleted file mode 100644 index ad5e59de04..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 30 Mar 2022 11:14:53 -0700 -Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. - -The previous releases of zlib were not sensitive to incorrect CRC -inputs with bits set above the low 32. This commit restores that -behavior, so that applications with such bugs will continue to -operate as before. - -Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2] -Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> ---- - crc32.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crc32.c b/crc32.c -index a1bdce5..451887b 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - /* Compute the CRC up to a word boundary. */ - while (len && ((z_size_t)buf & 7) != 0) { -@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - #ifdef W - -@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) - #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); - #endif /* DYNAMIC_CRC_TABLE */ -- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; -+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); - } - - /* ========================================================================= */ -@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) - uLong crc2; - uLong op; - { -- return multmodp(op, crc1) ^ crc2; -+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff); - } diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index 96ab563121..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,38 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler <fork@madler.net> -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index a0978c5f95..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler <fork@madler.net> -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/poky/meta/recipes-core/zlib/zlib/cc.patch b/poky/meta/recipes-core/zlib/zlib/cc.patch deleted file mode 100644 index 8fb974ded4..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/cc.patch +++ /dev/null @@ -1,27 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04e..3fa3e8618 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch deleted file mode 100644 index 286390665f..0000000000 --- a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch +++ /dev/null @@ -1,45 +0,0 @@ -Obey LDFLAGS for tests - -Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409] -Signed-off-by: Ross Burton <ross.burton@intel.com> - ---- zlib-1.2.8.orig/Makefile.in -+++ zlib-1.2.8/Makefile.in -@@ -26,7 +26,7 @@ CFLAGS=-O - - SFLAGS=-O - LDFLAGS= --TEST_LDFLAGS=-L. libz.a -+TEST_LDFLAGS=-L. $(LDFLAGS) - LDSHARED=$(CC) - CPP=$(CC) -E - -@@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz. - -@rmdir objs - - example$(EXE): example.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip$(EXE): minigzip.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB) - - examplesh$(EXE): example.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - minigzipsh$(EXE): minigzip.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - example64$(EXE): example64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip64$(EXE): minigzip64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB) - - install-libs: $(LIBS) - -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb index 2491cb941f..ec977a3035 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb @@ -8,17 +8,12 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 # The source tarball needs to be .gz as only the .gz ends up in fossils/ SRC_URI = "https://zlib.net/${BP}.tar.gz \ - file://cc.patch \ - file://ldflags-tests.patch \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://run-ptest \ - file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \ - file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \ - file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" -SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" +SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" # When a new release is made the previous release is moved to fossils/, so add this # to PREMIRRORS so it is also searched automatically. @@ -30,9 +25,12 @@ RDEPENDS:${PN}-ptest += "make" inherit ptest +B = "${WORKDIR}/build" + do_configure() { - LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU + LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU } +do_configure[cleandirs] += "${B}" do_compile() { oe_runmake shared diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb index 4b9f804039..ef85750b84 100644 --- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb +++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -38,8 +38,6 @@ UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/a/apt/" # is considered stable, e.g. 1.0, 1.4, 1.8, 2.2, 2.6, etc. As there is no way # to express 'divisible by 4 plus 2' in regex (that I know of), let's hardcode a few. UPSTREAM_CHECK_REGEX = "[^\d\.](?P<pver>((2\.2)|(2\.6)|(3\.0)|(3\.4)|(3\.8)|(4\.2))(\.\d+)+)\.tar" -# needs be marked as unknown until 2.6 is out -UPSTREAM_VERSION_UNKNOWN = "1" inherit cmake perlnative bash-completion useradd @@ -126,6 +124,7 @@ do_install:append:class-native() { do_install:append:class-nativesdk() { customize_apt_conf_sample + rm -rf ${D}${localstatedir}/log } do_install:append:class-target() { diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc index b040e57037..419571d56c 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc @@ -35,6 +35,7 @@ SRC_URI = "\ file://0014-CVE-2022-38128-1.patch \ file://0014-CVE-2022-38128-2.patch \ file://0014-CVE-2022-38128-3.patch \ + file://0015-CVE-2022-4285.patch \ " S = "${WORKDIR}/git" # Already in 2.39 branch diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch index 4fe5520010..9c825df5ab 100644 --- a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch +++ b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch @@ -65,7 +65,7 @@ index bfa0d54753a..0d61a3209ec 100644 info.path = NULL; info.len = info.alloc = 0; - tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf", -+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf", ++ tmppath = concat (ld_sysconfdir, "/ld.so.conf", (const char *) NULL); if (!ldelf_parse_ld_so_conf (&info, tmppath)) { diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch new file mode 100644 index 0000000000..46ec0b15a3 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch @@ -0,0 +1,37 @@ +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 19 Oct 2022 15:09:12 +0100 +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file + containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. + +Upstream-Status: Backport +[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf.c | 4 +++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch deleted file mode 100644 index 88597cf3a9..0000000000 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b6d1a1ff2de363b1b76c8c70f77ae56a4e4d4b56 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Thu, 5 Sep 2019 18:37:31 +0800 -Subject: [PATCH] bootchart2: support usrmerge - -Upstream-Status: Inappropriate [oe-specific] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 1cc2974..f988904 100644 ---- a/Makefile -+++ b/Makefile -@@ -36,7 +36,7 @@ endif - PY_SITEDIR ?= $(PY_LIBDIR)/site-packages - LIBC_A_PATH = /usr$(LIBDIR) - # Always lib, even on systems that otherwise use lib64 --SYSTEMD_UNIT_DIR = $(EARLY_PREFIX)/lib/systemd/system -+SYSTEMD_UNIT_DIR ?= $(EARLY_PREFIX)/lib/systemd/system - COLLECTOR = \ - collector/collector.o \ - collector/output.o \ -@@ -99,7 +99,7 @@ install-chroot: - install -d $(DESTDIR)$(PKGLIBDIR)/tmpfs - - install-collector: all install-chroot -- install -m 755 -D bootchartd $(DESTDIR)$(EARLY_PREFIX)/sbin/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX) -+ install -m 755 -D bootchartd $(DESTDIR)${BASE_SBINDIR}/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX) - install -m 644 -D bootchartd.conf $(DESTDIR)/etc/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX).conf - install -m 755 -D bootchart-collector $(DESTDIR)$(PKGLIBDIR)/$(PROGRAM_PREFIX)bootchart$(PROGRAM_SUFFIX)-collector - --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index b4d5b7cd9b..297dbfb578 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -93,7 +93,6 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \ file://bootchartd_stop.sh \ file://0001-collector-Allocate-space-on-heap-for-chunks.patch \ - file://0001-bootchart2-support-usrmerge.patch \ file://0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch \ file://0001-Do-not-include-linux-fs.h.patch \ " @@ -120,12 +119,11 @@ UPDATERCPN = "bootchartd-stop-initscript" INITSCRIPT_NAME = "bootchartd_stop.sh" INITSCRIPT_PARAMS = "start 99 2 3 4 5 ." -EXTRA_OEMAKE = 'BASE_SBINDIR="${base_sbindir}"' - do_compile:prepend () { export PY_LIBDIR="${libdir}/${PYTHON_DIR}" export BINDIR="${bindir}" - export LIBDIR="${base_libdir}" + export LIBDIR="/${baselib}" + export EARLY_PREFIX="${root_prefix}" } do_install () { @@ -133,9 +131,8 @@ do_install () { export PY_LIBDIR="${libdir}/${PYTHON_DIR}" export BINDIR="${bindir}" export DESTDIR="${D}" - export LIBDIR="${base_libdir}" - export PKGLIBDIR="${base_libdir}/bootchart" - export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}" + export LIBDIR="/${baselib}" + export EARLY_PREFIX="${root_prefix}" oe_runmake install NO_PYTHON_COMPILE=1 install -d ${D}${sysconfdir}/init.d diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb index 722a486f20..bcc87eb8f2 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb @@ -32,6 +32,7 @@ CMAKE_EXTRACONF = "\ -DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \ -DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \ -DHAVE_SYS_ACL_H=0 \ + -DCURL_LIBRARIES=-lcurl \ " do_configure () { diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index d64afffdc1..1ede8eee61 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -21,7 +21,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \ " -SRC_URI[sha256sum] = "c2b61f7cdecb1576cad25f918a8f42b8685d88a832fd4b62b9e0fa32e915a658" +SRC_URI[sha256sum] = "0d9020f06f3ddf17fb537dc228e1a56c927ee506b486f55fe2dc19f69bf0c8db" UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb index bb7ed83e30..bb7ed83e30 100644 --- a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb +++ b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch new file mode 100644 index 0000000000..a249eaf5a1 --- /dev/null +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch @@ -0,0 +1,27 @@ +From 8defe6aaf91613c3fcb540df65a94cd56d377367 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 13 Jan 2023 13:21:51 -0800 +Subject: [PATCH 1/2] include rpm/rpmstring.h + +Its needed for rasprintf declaration + +Fixes +src/xml_file.c:341:36: error: call to undeclared functi +on 'rasprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] + +Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/340] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/xml_file.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/xml_file.c ++++ b/src/xml_file.c +@@ -19,6 +19,7 @@ + + #include <glib.h> + #include <glib/gstdio.h> ++#include <rpm/rpmstring.h> + #include <assert.h> + #include "xml_file.h" + #include <errno.h> diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb index d309bb895f..053198ca5e 100644 --- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \ file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ + file://0001-include-rpm-rpmstring.h.patch \ " SRCREV = "af14e164a3e4ab9dfaef1212e852b9ecebc326a2" diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch new file mode 100644 index 0000000000..f358081092 --- /dev/null +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch @@ -0,0 +1,27 @@ +From c640d9011a8330ebaad501784fb0ee1ce5e7a5ef Mon Sep 17 00:00:00 2001 +From: Rod Smith <rodsmith@rodsbooks.com> +Date: Sat, 16 Apr 2022 09:32:04 -0400 +Subject: [PATCH] Updated guid.cc to deal with minor change in libuuid + +Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/6a8416cbd12d55f882bb751993b94f72d338d96f/] +Signed-off-by: Peter Bergin <peter@berginkonsult.se> +--- + guid.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/guid.cc b/guid.cc +index 1e73ab7..d3e4fd5 100644 +--- a/guid.cc ++++ b/guid.cc +@@ -141,7 +141,7 @@ void GUIDData::Zero(void) { + void GUIDData::Randomize(void) { + int i, uuidGenerated = 0; + +-#ifdef _UUID_UUID_H ++#if defined (_UUID_UUID_H) || defined (_UL_LIBUUID_UUID_H) + uuid_generate(uuidData); + ReverseBytes(&uuidData[0], 4); + ReverseBytes(&uuidData[4], 2); +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb index e473b9cd55..2c093c20ae 100644 --- a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb +++ b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb @@ -9,6 +9,7 @@ DEPENDS = "util-linux" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${PV}/${BP}.tar.gz \ file://0001-gptcurses-correctly-include-curses.h.patch \ + file://0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch \ " SRC_URI[sha256sum] = "dafead2693faeb8e8b97832b23407f6ed5b3219bc1784f482dd855774e2d50c2" diff --git a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc index aac4b49313..03f520b093 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc @@ -9,3 +9,13 @@ SRC_URI = "" do_configure[depends] += "gcc-source-${PV}:do_preconfigure" do_populate_lic[depends] += "gcc-source-${PV}:do_unpack" +do_deploy_source_date_epoch[depends] += "gcc-source-${PV}:do_deploy_source_date_epoch" + +# Copy the SDE from the shared workdir to the recipe workdir +do_deploy_source_date_epoch () { + sde_file=${SDE_FILE} + sde_file=${sde_file#${WORKDIR}/} + mkdir -p ${SDE_DEPLOYDIR} $(dirname ${SDE_FILE}) + cp -p $(dirname ${S})/$sde_file ${SDE_DEPLOYDIR} + cp -p $(dirname ${S})/$sde_file ${SDE_FILE} +} diff --git a/poky/meta/recipes-devtools/gcc/gcc-source.inc b/poky/meta/recipes-devtools/gcc/gcc-source.inc index 224b7778ef..265bcf4bef 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-source.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-source.inc @@ -17,6 +17,13 @@ STAMPCLEAN = "${STAMPS_DIR}/work-shared/gcc-${PV}-*" INHIBIT_DEFAULT_DEPS = "1" DEPENDS = "" PACKAGES = "" +TARGET_ARCH = "allarch" +TARGET_AS_ARCH = "none" +TARGET_CC_ARCH = "none" +TARGET_LD_ARCH = "none" +TARGET_OS = "linux" +baselib = "lib" +PACKAGE_ARCH = "all" B = "${WORKDIR}/build" @@ -25,8 +32,6 @@ python do_preconfigure () { import subprocess cmd = d.expand('cd ${S} && PATH=${PATH} gnu-configize') subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) - # See 0044-gengtypes.patch, we need to regenerate this file - bb.utils.remove(d.expand("${S}/gcc/gengtype-lex.c")) cmd = d.expand("sed -i 's/BUILD_INFO=info/BUILD_INFO=/' ${S}/gcc/configure") subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) diff --git a/poky/meta/recipes-devtools/git/git_2.37.3.bb b/poky/meta/recipes-devtools/git/git_2.37.6.bb index 2eed85e807..302db215e2 100644 --- a/poky/meta/recipes-devtools/git/git_2.37.3.bb +++ b/poky/meta/recipes-devtools/git/git_2.37.6.bb @@ -31,6 +31,10 @@ CVE_PRODUCT = "git-scm:git" # in mirrored git repos. Most OE users wouldn't build the docs and # we don't see this as a major issue for our general users/usecases. CVE_CHECK_IGNORE += "CVE-2022-24975" +# This is specific to Git-for-Windows +CVE_CHECK_IGNORE += "CVE-2022-41953" +# specific to Git for Windows +CVE_CHECK_IGNORE += "CVE-2023-22743" PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" @@ -165,4 +169,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ " EXTRA_OEMAKE += "NO_GETTEXT=1" -SRC_URI[tarball.sha256sum] = "181f65587155ea48c682f63135678ec53055adf1532428752912d356e46b64a8" +SRC_URI[tarball.sha256sum] = "626e4c338f72b170e2b3afb1cb2161f6fbe4fb1d0749154f1ebfb5f0a57ec25f" diff --git a/poky/meta/recipes-devtools/go/go-1.19.inc b/poky/meta/recipes-devtools/go/go-1.19.7.inc index f733a807b4..7d76f34bdf 100644 --- a/poky/meta/recipes-devtools/go/go-1.19.inc +++ b/poky/meta/recipes-devtools/go/go-1.19.7.inc @@ -14,6 +14,5 @@ SRC_URI += "\ file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://filter-build-paths.patch \ - file://stack-protector.patch \ " -SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9" +SRC_URI[main.sha256sum] = "775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb index ca424a66b8..0e2c8f1b24 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb @@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" +# Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "464b6b66591f6cf055bc5df90a9750bf5fbc9d038722bb84a9d56a2bea974be6" -SRC_URI[go_linux_arm64.sha256sum] = "efa97fac9574fc6ef6c9ff3e3758fb85f1439b046573bf434cccb5e012bd00c8" +SRC_URI[go_linux_amd64.sha256sum] = "7a75720c9b066ae1750f6bcc7052aba70fa3813f4223199ee2a2315fd3eb533d" +SRC_URI[go_linux_arm64.sha256sum] = "071ea7bf386fdd08df524859b878d99fc359e491e7ad65c1c1cc55b67972c882" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.19.bb b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk.inc b/poky/meta/recipes-devtools/go/go-crosssdk.inc index cd23cca2fe..766938670a 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk.inc +++ b/poky/meta/recipes-devtools/go/go-crosssdk.inc @@ -4,6 +4,8 @@ DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk virtual/nativesdk-${TA PN = "go-crosssdk-${SDK_SYS}" PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk" +export GOCACHE = "${B}/.cache" + do_configure[noexec] = "1" do_compile() { diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.19.bb b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb index ddf25b2c9b..ddf25b2c9b 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb diff --git a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch index 8cbed93017..43be5cd2e8 100644 --- a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch +++ b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch @@ -1,4 +1,4 @@ -From a3db4da51df37d163ff9e8c1e1057280c648c545 Mon Sep 17 00:00:00 2001 +From fb22e586871cc6be0b7041e86d2daceee06ea568 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 28 Mar 2022 10:59:03 -0700 Subject: [PATCH] cmd/go: make content-based hash generation less pedantic @@ -32,13 +32,13 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go -index 529351d..df791b0 100644 +index 81ee859..2db3898 100644 --- a/src/cmd/go/internal/envcmd/env.go +++ b/src/cmd/go/internal/envcmd/env.go @@ -176,7 +176,7 @@ func ExtraEnvVars() []cfg.EnvVar { func ExtraEnvVarsCostly() []cfg.EnvVar { - var b work.Builder - b.Init() + b := work.NewBuilder("") + - cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}) + cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}, false) if err != nil { @@ -74,7 +74,7 @@ index c88b315..a06455c 100644 + cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p, true) - ccExe := b.ccExe() -+ ccExe := filterCompilerFlags(b.ccExe()) ++ ccExe := filterCompilerFlags(b.ccExe(), true) fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags) // Include the C compiler tool ID so that if the C // compiler changes we rebuild the package. @@ -83,7 +83,7 @@ index c88b315..a06455c 100644 } if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 { - cxxExe := b.cxxExe() -+ cxxExe := filterCompilerFlags(b.cxxExe()) ++ cxxExe := filterCompilerFlags(b.cxxExe(), true) fmt.Fprintf(h, "CXX=%q %q\n", cxxExe, cxxflags) if cxxID, err := b.gccToolID(cxxExe[0], "c++"); err == nil { fmt.Fprintf(h, "CXX ID=%q\n", cxxID) @@ -91,7 +91,7 @@ index c88b315..a06455c 100644 } if len(p.FFiles) > 0 { - fcExe := b.fcExe() -+ fcExe := filterCompilerFlags(b.fcExe()) ++ fcExe := filterCompilerFlags(b.fcExe(), true) fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags) if fcID, err := b.gccToolID(fcExe[0], "f95"); err == nil { fmt.Fprintf(h, "FC ID=%q\n", fcID) @@ -104,20 +104,22 @@ index c88b315..a06455c 100644 } // Configuration specific to compiler toolchain. -@@ -2705,8 +2707,23 @@ func envList(key, def string) []string { +@@ -2705,8 +2707,25 @@ func envList(key, def string) []string { return args } +var filterFlags = os.Getenv("CGO_PEDANTIC") == "" + -+func filterCompilerFlags(flags []string) []string { ++func filterCompilerFlags(flags []string, keepfirst bool) []string { + var newflags []string ++ var realkeepfirst bool = keepfirst + if !filterFlags { + return flags + } + for _, flag := range flags { -+ if strings.HasPrefix(flag, "-m") { ++ if strings.HasPrefix(flag, "-m") || realkeepfirst { + newflags = append(newflags, flag) ++ realkeepfirst = false + } + } + return newflags @@ -129,21 +131,21 @@ index c88b315..a06455c 100644 defaults := "-g -O2" if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil { -@@ -2724,6 +2741,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l +@@ -2724,6 +2743,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l if ldflags, err = buildFlags("LDFLAGS", defaults, p.CgoLDFLAGS, checkLinkerFlags); err != nil { return } + if filtered { -+ cppflags = filterCompilerFlags(cppflags) -+ cflags = filterCompilerFlags(cflags) -+ cxxflags = filterCompilerFlags(cxxflags) -+ fflags = filterCompilerFlags(fflags) -+ ldflags = filterCompilerFlags(ldflags) ++ cppflags = filterCompilerFlags(cppflags, false) ++ cflags = filterCompilerFlags(cflags, false) ++ cxxflags = filterCompilerFlags(cxxflags, false) ++ fflags = filterCompilerFlags(fflags, false) ++ ldflags = filterCompilerFlags(ldflags, false) + } return } -@@ -2739,7 +2763,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`) +@@ -2739,7 +2765,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`) func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) { p := a.Package @@ -152,7 +154,7 @@ index c88b315..a06455c 100644 if err != nil { return nil, nil, err } -@@ -3246,7 +3270,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) { +@@ -3246,7 +3272,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) { // Run SWIG on one SWIG input file. func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) { diff --git a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch index a1aa37c2a4..280f911a21 100644 --- a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch +++ b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch @@ -8,7 +8,8 @@ embedded in the go binary so that builds are reproducible regardless of build location. This codepath is hit for statically linked go binaries such as those on mips/ppc. -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/golang/go/pull/56410] + Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- diff --git a/poky/meta/recipes-devtools/go/go/stack-protector.patch b/poky/meta/recipes-devtools/go/go/stack-protector.patch deleted file mode 100644 index cc92a444a7..0000000000 --- a/poky/meta/recipes-devtools/go/go/stack-protector.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c537b87782293fe222f2ef5eb1ae818092118e97 Mon Sep 17 00:00:00 2001 -From: Ian Lance Taylor <iant@golang.org> -Date: Sun, 07 Aug 2022 19:21:15 -0700 -Subject: [PATCH] runtime/cgo: add -fno-stack-protector to CFLAGS - -Some compilers default to having -fstack-protector on, which breaks -when using internal linking because the linker doesn't know how to -find the support functions. - -Fixes #52919 -Fixes #54313 - -Change-Id: I6f51d5e906503f61fc768ad8e30c163bad135087 -Upstream-Status: Submitted [https://github.com/golang/go/issues/54313] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - -diff --git a/src/runtime/cgo/cgo.go b/src/runtime/cgo/cgo.go -index 298aa63..4b7046e 100644 ---- a/src/runtime/cgo/cgo.go -+++ b/src/runtime/cgo/cgo.go -@@ -23,7 +23,9 @@ - #cgo solaris LDFLAGS: -lxnet - #cgo solaris LDFLAGS: -lsocket - --#cgo CFLAGS: -Wall -Werror -+// We use -fno-stack-protector because internal linking won't find -+// the support functions. See issues #52919 and #54313. -+#cgo CFLAGS: -Wall -Werror -fno-stack-protector - - #cgo solaris CPPFLAGS: -D_POSIX_PTHREAD_SEMANTICS - diff --git a/poky/meta/recipes-devtools/go/go_1.19.bb b/poky/meta/recipes-devtools/go/go_1.19.7.bb index 98977673ee..587ee55944 100644 --- a/poky/meta/recipes-devtools/go/go_1.19.bb +++ b/poky/meta/recipes-devtools/go/go_1.19.7.bb @@ -12,7 +12,7 @@ export CXX_FOR_TARGET = "g++" # mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its # variants. python() { - if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): - d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") + if 'mips' in d.getVar('TARGET_ARCH') or 'riscv32' in d.getVar('TARGET_ARCH'): + d.appendVar('INSANE_SKIP:%s' % d.getVar('PN'), " textrel") } diff --git a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb index 62e1f67b55..75931a511f 100644 --- a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb +++ b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb @@ -6,7 +6,7 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464" SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "9e2e0e213a7e0a36244eed6204d902b6504602a578b6ecd15268b1454deadd36" +SRC_URI[sha256sum] = "4d7e4fdef2eca6afe07a2682151cea78781e0a4e8f9622142d9f70c083a2fd4f" inherit autotools diff --git a/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch new file mode 100644 index 0000000000..dd9ebc8af4 --- /dev/null +++ b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch @@ -0,0 +1,66 @@ +From 26a9647c832de15248ee649e5b77075521f3d4f0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 3 Mar 2023 08:37:35 -0800 +Subject: [PATCH] libcomps: Use Py_hash_t instead of long in PyCOMPS_hash() + +This function is used as a hashfunc callback in +_typeobject defined python3.11/cpython/object.h +compilers detect the protype mismatch for function pointers +with clang16+ + +Fixes +libcomps/src/python/src/pycomps_sequence.c:667:5: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (*)(PyObject *)' (aka 'long (*)(struct _object *)') [-Wincompatible-function-pointer-types] + &PyCOMPS_hash, /*tp_hash */ + +Upstream-Status: Submitted [https://github.com/rpm-software-management/libcomps/pull/101] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libcomps/src/python/src/pycomps_hash.c | 4 ++-- + libcomps/src/python/src/pycomps_hash.h | 2 +- + libcomps/src/python/src/pycomps_utils.h | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libcomps/src/python/src/pycomps_hash.c b/libcomps/src/python/src/pycomps_hash.c +index 474afd5..4577769 100644 +--- a/libcomps/src/python/src/pycomps_hash.c ++++ b/libcomps/src/python/src/pycomps_hash.c +@@ -20,9 +20,9 @@ + #include "pycomps_hash.h" + #include "pycomps_utils.h" + +-long PyCOMPS_hash(PyObject *self) { ++Py_hash_t PyCOMPS_hash(PyObject *self) { + char *cstr = NULL; +- long crc; ++ Py_hash_t crc; + + cstr = comps_object_tostr(((PyCompsObject*)self)->c_obj); + crc = crc32(0, cstr, strlen(cstr)); +diff --git a/libcomps/src/python/src/pycomps_hash.h b/libcomps/src/python/src/pycomps_hash.h +index b664cae..54e08d9 100644 +--- a/libcomps/src/python/src/pycomps_hash.h ++++ b/libcomps/src/python/src/pycomps_hash.h +@@ -26,6 +26,6 @@ + #include "pycomps_utils.h" + + +-long PyCOMPS_hash(PyObject *self); ++Py_hash_t PyCOMPS_hash(PyObject *self); + + #endif +diff --git a/libcomps/src/python/src/pycomps_utils.h b/libcomps/src/python/src/pycomps_utils.h +index ba9bc2f..b34e4dc 100644 +--- a/libcomps/src/python/src/pycomps_utils.h ++++ b/libcomps/src/python/src/pycomps_utils.h +@@ -137,7 +137,7 @@ COMPS_Object* __pycomps_bytes_in(PyObject *pobj); + PyObject* __pycomps_str_out(COMPS_Object *obj); + PyObject *str_to_unicode(void* str); + +-long PyCOMPS_hash(PyObject *self); ++Py_hash_t PyCOMPS_hash(PyObject *self); + + PyObject* PyCOMPSSeq_extra_get(PyObject *self, PyObject *key); + +-- +2.39.2 + diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb index fa1fbc8f0d..f8063d9400 100644 --- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb +++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb @@ -5,6 +5,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \ + file://0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch \ file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch deleted file mode 100644 index 6f8a3dcb50..0000000000 --- a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 2f7382b35d59fe08034603497e82ffb943fedef1 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 30 Jun 2021 15:31:16 +0200 -Subject: [PATCH] libdnf/dnf-context.cpp: do not try to access BDB database - -Upstream-Status: Inappropriate [upstream needs to rework this to support -sqlite] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - libdnf/dnf-context.cpp | 14 -------------- - 1 file changed, 14 deletions(-) - -diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp -index 86f71a79..9cdcf769 100644 ---- a/libdnf/dnf-context.cpp -+++ b/libdnf/dnf-context.cpp -@@ -2264,20 +2264,6 @@ dnf_context_setup(DnfContext *context, - !dnf_context_set_os_release(context, error)) - return FALSE; - -- /* setup a file monitor on the rpmdb, if we're operating on the native / */ -- if (g_strcmp0(priv->install_root, "/") == 0) { -- rpmdb_path = g_build_filename(priv->install_root, "var/lib/rpm/Packages", NULL); -- file_rpmdb = g_file_new_for_path(rpmdb_path); -- priv->monitor_rpmdb = g_file_monitor_file(file_rpmdb, -- G_FILE_MONITOR_NONE, -- NULL, -- error); -- if (priv->monitor_rpmdb == NULL) -- return FALSE; -- g_signal_connect(priv->monitor_rpmdb, "changed", -- G_CALLBACK(dnf_context_rpmdb_changed_cb), context); -- } -- - /* copy any vendor distributed cached metadata */ - if (!dnf_context_copy_vendor_cache(context, error)) - return FALSE; diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb index da2550d323..14d6a37de1 100644 --- a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb +++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb @@ -10,10 +10,9 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;p file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \ file://enable_test_data_dir_set.patch \ file://0001-drop-FindPythonInstDir.cmake.patch \ - file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \ " -SRCREV = "5c6d9cd6e5955e7038722f091396607c60fcbdd1" +SRCREV = "93759bc5cac262906e52b6a173d7b157914ec29e" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/llvm/llvm/llvm-config b/poky/meta/recipes-devtools/llvm/llvm/llvm-config index a45f38c650..5e4ded2da5 100644 --- a/poky/meta/recipes-devtools/llvm/llvm/llvm-config +++ b/poky/meta/recipes-devtools/llvm/llvm/llvm-config @@ -29,6 +29,15 @@ for arg in "$@"; do --ldflags) output="${output} ${LDFLAGS}" ;; + --shared-mode) + output="${output} shared" + ;; + --libs) + output="${output} -lLLVM" + ;; + --link-shared) + break + ;; *) remain="${remain} ${arg}" ;; diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb index 0b2e754b31..a39d888ec2 100644 --- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb @@ -57,3 +57,6 @@ do_install_ptest () { } BBCLASSEXTEND = "native nativesdk" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h" diff --git a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch b/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch deleted file mode 100644 index 7aaed8b4a3..0000000000 --- a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 18600f7a1cddf23aeabd188f86e66983f27ccfe3 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Fri, 23 Nov 2018 15:28:28 +0000 -Subject: [PATCH] meson: Disable rpath stripping at install time - -We need to allow our rpaths generated through the compiler flags to make it into -our binaries. Therefore disable the meson manipulations of these unless there -is a specific directive to do something differently in the project. - -RP 2018/11/23 - -Upstream-Status: Submitted [https://github.com/mesonbuild/meson/issues/2567] ---- - mesonbuild/minstall.py | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py -index 7d0da13..17d50db 100644 ---- a/mesonbuild/minstall.py -+++ b/mesonbuild/minstall.py -@@ -718,8 +718,11 @@ class Installer: - if file_copied: - self.did_install_something = True - try: -- self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path, -- install_name_mappings, verbose=False) -+ if install_rpath: -+ self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path, -+ install_name_mappings, verbose=False) -+ else: -+ print("RPATH changes at install time disabled") - except SystemExit as e: - if isinstance(e.code, int) and e.code == 0: - pass --- -2.20.1 - diff --git a/poky/meta/recipes-devtools/meson/meson/meson-wrapper b/poky/meta/recipes-devtools/meson/meson/meson-wrapper index c62007f507..7455985297 100755 --- a/poky/meta/recipes-devtools/meson/meson/meson-wrapper +++ b/poky/meta/recipes-devtools/meson/meson/meson-wrapper @@ -5,7 +5,7 @@ if [ -z "$OECORE_NATIVE_SYSROOT" ]; then fi if [ -z "$SSL_CERT_DIR" ]; then - export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/" + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/" fi # If these are set to a cross-compile path, meson will get confused and try to @@ -13,7 +13,19 @@ fi # config is already in meson.cross. unset CC CXX CPP LD AR NM STRIP +case "$1" in +setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;; +*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;; +esac + +if [ "$MESON_CMD" = "setup" ]; then + MESON_SETUP_OPTS=" \ + --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \ + --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \ + " + echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\" +fi + exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \ - --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \ - --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \ - "$@" + "$@" \ + $MESON_SETUP_OPTS diff --git a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb index 890faacec9..0d13448744 100644 --- a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb +++ b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb @@ -12,13 +12,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/meson-${PV}.tar.gz \ file://meson-setup.py \ file://meson-wrapper \ file://0001-python-module-do-not-manipulate-the-environment-when.patch \ - file://disable-rpath-handling.patch \ file://0001-Make-CPU-family-warnings-fatal.patch \ file://0002-Support-building-allarch-recipes-again.patch \ file://0001-is_debianlike-always-return-False.patch \ file://0001-Check-for-clang-before-guessing-gcc-or-lcc.patch \ " -SRC_URI[sha256sum] = "16222f17ef76be0542c91c07994f9676ae879f46fc21c0c786a21ef2cb518bbf" +SRC_URI[sha256sum] = "519c0932e1a8b208741f0fdce90aa5c0b528dd297cf337009bf63539846ac056" inherit python_setuptools_build_meta github-releases diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch b/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch deleted file mode 100644 index 73d4a8475f..0000000000 --- a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6fb10bd18488ed84776675bc1b2982800a51d839 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 6 Aug 2022 20:14:38 -0700 -Subject: [mtd-utils][PATCH] tests: Remove unused linux/fs.h header from includes - -This header is not needed, moreover it includes linux/mount.h which is -now in conflict[1] with glibc provided sys/mount.h from glibc 2.36 onwards - -[1] https://sourceware.org/glibc/wiki/Release/2.36 - -Upstream-Status: Submitted [https://lists.infradead.org/pipermail/linux-mtd/2022-August/094667.html] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - tests/fs-tests/lib/tests.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tests/fs-tests/lib/tests.c b/tests/fs-tests/lib/tests.c -index d1a2e0c..3db0426 100644 ---- a/tests/fs-tests/lib/tests.c -+++ b/tests/fs-tests/lib/tests.c -@@ -35,7 +35,6 @@ - #include <sys/vfs.h> - #include <sys/mount.h> - #include <sys/statvfs.h> --#include <linux/fs.h> - #include <linux/jffs2.h> - - #include "tests.h" --- -2.37.1 - diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb index 943666e529..2d76991d2f 100644 --- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -11,12 +11,10 @@ inherit autotools pkgconfig update-alternatives DEPENDS = "zlib e2fsprogs util-linux" RDEPENDS:mtd-utils-tests += "bash" -PV = "2.1.4" +PV = "2.1.5" -SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c" -SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \ - file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \ - " +SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c" +SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 8f46174a5b..2d42fa531a 100644 --- a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 3a05dc2c0acff1713dd44cef5e9f328f0706eb3e Mon Sep 17 00:00:00 2001 +From c496cad7b7a84e599f521f289648373df9fad80f Mon Sep 17 00:00:00 2001 From: Ed Bartosh <ed.bartosh@linux.intel.com> Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -12,10 +12,10 @@ Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 630f99d..07dbf53 100644 +index 8c5fa83..346048b 100644 --- a/config.c +++ b/config.c -@@ -834,14 +834,6 @@ void read_config(void) +@@ -843,14 +843,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb index 200c7c7681..29e7427a10 100644 --- a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb +++ b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "a22fca42354011dd2293a7f51f228b46ebbd802e7740b0975912afecb79d5df4" +SRC_URI[sha256sum] = "2542152264fb3eff7ed70662abf4f4eef8133bc37d0b7a686c240df2b5f80a13" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch new file mode 100644 index 0000000000..f216950002 --- /dev/null +++ b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch @@ -0,0 +1,34 @@ +From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001 +From: Charlie Johnston <charlie.johnston@ni.com> +Date: Fri, 30 Dec 2022 15:21:14 -0600 +Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls. + +The opkg-key script was always passing the --no-options +flag to gpg, which uses /dev/null as the options file. +As a result, the opkg gpg.conf file was not getting +used. This change removes that flag so that gpg.conf +in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/) +will be used if present. + +Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b] +Signed-off-by: Charlie Johnston <charlie.johnston@ni.com> +--- + utils/opkg-key | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/opkg-key b/utils/opkg-key +index e395a59..8645ebc 100755 +--- a/utils/opkg-key ++++ b/utils/opkg-key +@@ -53,7 +53,7 @@ else + exit 1 + fi + +-GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR" ++GPG="$GPGCMD --homedir $GPGHOMEDIR" + + # Gpg home dir isn't created automatically when --homedir option is used + if [ ! -e "$GPGHOMEDIR" ]; then +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb index 4cd589cd29..712f066f0e 100644 --- a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb +++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb @@ -15,10 +15,11 @@ PE = "1" SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \ file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ + file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "56844722eff237daf14aa6e681436f3245213c5590ed0cda37a79df637ff3a4c" +SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a" # This needs to be before ptest inherit, otherwise all ptest files end packaged # in libopkg package if OPKGLIBDIR == libdir, because default @@ -47,7 +48,9 @@ EXTRA_OECONF:class-native = "--localstatedir=/${@os.path.relpath('${localstatedi do_install:append () { install -d ${D}${sysconfdir}/opkg install -m 0644 ${WORKDIR}/opkg.conf ${D}${sysconfdir}/opkg/opkg.conf - echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option info_dir ${OPKGLIBDIR}/opkg/info" >>${D}${sysconfdir}/opkg/opkg.conf + echo "option status_file ${OPKGLIBDIR}/opkg/status" >>${D}${sysconfdir}/opkg/opkg.conf # We need to create the lock directory install -d ${D}${OPKGLIBDIR}/opkg diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb index 453da89c3d..ab0f371093 100644 --- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb +++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb @@ -20,7 +20,7 @@ SRC_URI = "\ file://pkg-config-native.in \ file://pkg-config-esdk.in \ " -SRC_URI[sha256sum] = "5fb355b487d54fb6d341e4f18d4e2f7e813a6622cf03a9e87affa6a40565699d" +SRC_URI[sha256sum] = "daccf1bbe5a30d149b556c7d2ffffeafd76d7b514e249271abdd501533c1d8ae" inherit autotools diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb index e3774ee621..12acfee777 100644 --- a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb +++ b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb @@ -8,7 +8,7 @@ PYPI_PACKAGE = "Mako" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "3724869b363ba630a272a5f89f68c070352137b8fd1757650017b7e06fda163f" +SRC_URI[sha256sum] = "7fde96466fcfeedb0eed94f187f20b23d85e4cb41444be0e542e2c8c65c396cd" RDEPENDS:${PN} = "${PYTHON_PN}-html \ ${PYTHON_PN}-markupsafe \ diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb index 373f7f35fa..9710242655 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb @@ -26,7 +26,7 @@ RDEPENDS:${PN}:class-target += " \ ${PYTHON_PN}-py \ ${PYTHON_PN}-setuptools \ ${PYTHON_PN}-six \ - ${PYTHON_PN}-toml \ + ${PYTHON_PN}-tomli \ ${PYTHON_PN}-wcwidth \ " diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch new file mode 100644 index 0000000000..20a13da7bc --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch @@ -0,0 +1,31 @@ +From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Mon, 9 Jan 2023 14:45:05 +0000 +Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes + #3659. + +CVE: CVE-2022-40897 + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + setuptools/package_index.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index 270e7f3..e93fcc6 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -197,7 +197,7 @@ def unique_values(func): + return wrapper + + +-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I) ++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I) + # this line is here to fix emacs' cruddy broken syntax highlighting + + +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb index 1a639ea333..d7cbb99c9d 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb @@ -9,7 +9,9 @@ inherit pypi python_setuptools_build_meta SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" SRC_URI += "file://0001-change-shebang-to-python3.patch \ - file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" + file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ + file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \ +" SRC_URI[sha256sum] = "101bf15ca723beef42c8db91a761f3748d4d697e17fae904db60c0b619d8d094" diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py index 1f4c982aed..0ca687d2eb 100644 --- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py +++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py @@ -56,7 +56,7 @@ if debug == True: try: m = importlib.import_module(current_module) # handle python packages which may not include all modules in the __init__ - if os.path.basename(m.__file__) == "__init__.py": + if hasattr(m, '__file__') and os.path.basename(m.__file__) == "__init__.py": modulepath = os.path.dirname(m.__file__) for i in os.listdir(modulepath): if i.startswith("_") or not(i.endswith(".py")): diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb index aa9e499c77..e297586bbb 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5 SRC_URI = "\ file://tunctl.c \ - file://qemu-oe-bridge-helper \ + file://qemu-oe-bridge-helper.c \ " S = "${WORKDIR}" @@ -16,13 +16,13 @@ inherit native do_compile() { ${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl + ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper } do_install() { install -d ${D}${bindir} install tunctl ${D}${bindir}/ - - install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/ + install qemu-oe-bridge-helper ${D}${bindir}/ } DEPENDS += "qemu-system-native" diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper deleted file mode 100755 index f057d4eef0..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/sh -# Copyright 2020 Garmin Ltd. or its subsidiaries -# -# SPDX-License-Identifier: GPL-2.0 -# -# Attempts to find and exec the host qemu-bridge-helper program - -# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it. -if [ -n "$QEMU_BRIDGE_HELPER" ]; then - exec "$QEMU_BRIDGE_HELPER" "$@" -fi - -# Search common paths for the helper program -BN="qemu-bridge-helper" -PATHS="/usr/libexec/ /usr/lib/qemu/" - -for p in $PATHS; do - if [ -e "$p/$BN" ]; then - exec "$p/$BN" "$@" - fi -done - -echo "$BN not found!" > /dev/stderr -exit 1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c new file mode 100644 index 0000000000..9434e1d269 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c @@ -0,0 +1,34 @@ +/* + * Copyright 2022 Garmin Ltd. or its subsidiaries + * + * SPDX-License-Identifier: GPL-2.0 + * + * Attempts to find and exec the host qemu-bridge-helper program + */ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> + +void try_program(char const* path, char** args) { + if (access(path, X_OK) == 0) { + execv(path, args); + } +} + +int main(int argc, char** argv) { + char* var; + + var = getenv("QEMU_BRIDGE_HELPER"); + if (var && var[0] != '\0') { + execvp(var, argv); + return 1; + } + + try_program("/usr/libexec/qemu-bridge-helper", argv); + try_program("/usr/lib/qemu/qemu-bridge-helper", argv); + + fprintf(stderr, "No bridge helper found\n"); + return 1; +} + diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 612abd240a..f3237971ce 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -29,6 +29,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \ file://arm-cpreg-fix.patch \ + file://CVE-2022-3165.patch \ + file://CVE-2022-4144.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" @@ -147,6 +149,7 @@ PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+" PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" +PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," PACKAGECONFIG[uring] = "--enable-linux-io-uring,--disable-linux-io-uring,liburing" @@ -198,6 +201,7 @@ PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma" PACKAGECONFIG[vde] = "--enable-vde,--disable-vde" PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp" PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" +PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack," INSANE_SKIP:${PN} = "arch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch new file mode 100644 index 0000000000..3b4a6694c2 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch @@ -0,0 +1,59 @@ +CVE: CVE-2022-3165 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella <mcascell@redhat.com> +Date: Sun, 25 Sep 2022 22:45:11 +0200 +Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in + vnc_client_cut_text_ext + +Extended ClientCutText messages start with a 4-byte header. If len < 4, +an integer underflow occurs in vnc_client_cut_text_ext. The result is +used to decompress data in a while loop in inflate_buffer, leading to +CPU consumption and denial of service. Prevent this by checking dlen in +protocol_client_msg. + +Fixes: CVE-2022-3165 +Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support") +Reported-by: TangPeng <tangpeng@qianxin.com> +Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> +Message-Id: <20220925204511.1103214-1-mcascell@redhat.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + ui/vnc.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 6a05d06147..acb3629cd8 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + if (len == 1) { + return 8; + } ++ uint32_t dlen = abs(read_s32(data, 4)); + if (len == 8) { +- uint32_t dlen = abs(read_s32(data, 4)); + if (dlen > (1 << 20)) { + error_report("vnc: client_cut_text msg payload has %u bytes" + " which exceeds our limit of 1MB.", dlen); +@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + } + + if (read_s32(data, 4) < 0) { +- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)), +- read_u32(data, 8), data + 12); ++ if (dlen < 4) { ++ error_report("vnc: malformed payload (header less than 4 bytes)" ++ " in extended clipboard pseudo-encoding."); ++ vnc_client_error(vs); ++ break; ++ } ++ vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); + break; + } + vnc_client_cut_text(vs, read_u32(data, 4), data + 8); +-- +GitLab + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch new file mode 100644 index 0000000000..96052a19e8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch @@ -0,0 +1,99 @@ +From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org> +Date: Mon, 28 Nov 2022 21:27:40 +0100 +Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt + (CVE-2022-4144) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Have qxl_get_check_slot_offset() return false if the requested +buffer size does not fit within the slot memory region. + +Similarly qxl_phys2virt() now returns NULL in such case, and +qxl_dirty_one_surface() aborts. + +This avoids buffer overrun in the host pointer returned by +memory_region_get_ram_ptr(). + +Fixes: CVE-2022-4144 (out-of-bounds read) +Reported-by: Wenxu Yin (@awxylitol) +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 + +CVE: CVE-2022-4144 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622] +Comments: Deleted patch hunk in qxl.h,as it contains change +in comments which is not present in current version of qemu + +Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> +Message-Id: <20221128202741.4945-5-philmd@linaro.org> +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + hw/display/qxl.c | 27 +++++++++++++++++++++++---- + 1 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index 231d733250..0b21626aad 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) + + /* can be also called from spice server thread context */ + static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, +- uint32_t *s, uint64_t *o) ++ uint32_t *s, uint64_t *o, ++ size_t size_requested) + { + uint64_t phys = le64_to_cpu(pqxl); + uint32_t slot = (phys >> (64 - 8)) & 0xff; + uint64_t offset = phys & 0xffffffffffff; ++ uint64_t size_available; + + if (slot >= NUM_MEMSLOTS) { + qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, +@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + slot, offset, qxl->guest_slots[slot].size); + return false; + } ++ size_available = memory_region_size(qxl->guest_slots[slot].mr); ++ if (qxl->guest_slots[slot].offset + offset >= size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n", ++ slot, qxl->guest_slots[slot].offset + offset, ++ size_available); ++ return false; ++ } ++ size_available -= qxl->guest_slots[slot].offset + offset; ++ if (size_requested > size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" size %zu: " ++ "overrun by %"PRIu64" bytes\n", ++ slot, offset, size_requested, ++ size_requested - size_available); ++ return false; ++ } + + *s = slot; + *o = offset; +@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id, + offset = le64_to_cpu(pqxl) & 0xffffffffffff; + return (void *)(intptr_t)offset; + case MEMSLOT_GROUP_GUEST: +- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { ++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { + return NULL; + } + ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); +@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + uint32_t slot; + bool rc; + +- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); +- assert(rc == true); + size = (uint64_t)height * abs(stride); ++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); ++ assert(rc == true); + trace_qxl_surfaces_dirty(qxl->id, offset, size); + qxl_set_dirty(qxl->guest_slots[slot].mr, + qxl->guest_slots[slot].offset + offset, diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc index 07611e6d85..fce81016d8 100644 --- a/poky/meta/recipes-devtools/quilt/quilt.inc +++ b/poky/meta/recipes-devtools/quilt/quilt.inc @@ -12,6 +12,8 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quilt/quilt-${PV}.tar.gz \ file://Makefile \ file://test.sh \ file://0001-tests-Allow-different-output-from-mv.patch \ + file://fix-grep-3.8.patch \ + file://faildiff-order.patch \ " SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch" diff --git a/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch new file mode 100644 index 0000000000..f22065a250 --- /dev/null +++ b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch @@ -0,0 +1,41 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 4dfe7f9e702c85243a71e4de267a13e434b6d6c2 Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Fri, 20 Jan 2023 12:56:08 +0100 +Subject: [PATCH] test: Fix a race condition + +The test suite does not differentiate between stdout and stderr. When +messages are printed to both, the order in which they will reach us +is apparently not guaranteed. Ideally this would be deterministic, but +until then, explicitly test stdout and stderr separately in the test +case itself. Otherwise the test suite fails randomly, which is a pain +for distribution package maintainers. + +This fixes bug #63651 reported by Ross Burton: +https://savannah.nongnu.org/bugs/index.php?63651 + +Signed-off-by: Jean Delvare <jdelvare@suse.de> +--- + test/faildiff.test | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/faildiff.test b/test/faildiff.test +index 5afb8e3..0444c15 100644 +--- a/test/faildiff.test ++++ b/test/faildiff.test +@@ -27,8 +27,9 @@ What happens on binary files? + > File test.bin added to patch %{P}test.diff + + $ printf "\\003\\000\\001" > test.bin +- $ quilt diff -pab --no-index ++ $ quilt diff -pab --no-index 2>/dev/null + >~ (Files|Binary files) a/test\.bin and b/test\.bin differ ++ $ quilt diff -pab --no-index >/dev/null + > Diff failed on file 'test.bin', aborting + $ echo %{?} + > 1 +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch new file mode 100644 index 0000000000..68a4b4c195 --- /dev/null +++ b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch @@ -0,0 +1,144 @@ +From f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Fri, 9 Sep 2022 10:10:37 +0200 +Subject: Avoid warnings with grep 3.8 + +GNU grep version 3.8 became more strict about needless quoting in +patterns. We have one occurrence of that in quilt, where "/" +characters are being quoted by default. There are cases where they +indeed need to be quoted (typically when used in a sed s/// command) +but most of the time they do not, and this results in the following +warning: + +grep: warning: stray \ before / + +So rename quote_bre() to quote_sed_re(), and introduce +quote_grep_re() which does not quote "/". + +Signed-off-by: Jean Delvare <jdelvare@suse.de> +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + quilt/diff.in | 2 +- + quilt/patches.in | 2 +- + quilt/scripts/patchfns.in | 20 +++++++++++++------- + quilt/upgrade.in | 4 ++-- + 4 files changed, 17 insertions(+), 11 deletions(-) + +diff --git a/quilt/diff.in b/quilt/diff.in +index e90dc33..07788ff 100644 +--- a/quilt/diff.in ++++ b/quilt/diff.in +@@ -255,7 +255,7 @@ then + # Add all files in the snapshot into the file list (they may all + # have changed). + files=( $(find $QUILT_PC/$snap_subdir -type f \ +- | sed -e "s/^$(quote_bre $QUILT_PC/$snap_subdir/)//" \ ++ | sed -e "s/^$(quote_sed_re $QUILT_PC/$snap_subdir/)//" \ + | sort) ) + printf "%s\n" "${files[@]}" >&4 + unset files +diff --git a/quilt/patches.in b/quilt/patches.in +index bb17a46..eac45a9 100644 +--- a/quilt/patches.in ++++ b/quilt/patches.in +@@ -60,7 +60,7 @@ scan_unapplied() + # Quote each file name only once + for file in "${opt_files[@]}" + do +- files_bre[${#files_bre[@]}]=$(quote_bre "$file") ++ files_bre[${#files_bre[@]}]=$(quote_grep_re "$file") + done + + # "Or" all files in a single pattern +diff --git a/quilt/scripts/patchfns.in b/quilt/scripts/patchfns.in +index c2d5f9d..1bd7233 100644 +--- a/quilt/scripts/patchfns.in ++++ b/quilt/scripts/patchfns.in +@@ -78,8 +78,14 @@ array_join() + done + } + +-# Quote a string for use in a basic regular expression. +-quote_bre() ++# Quote a string for use in a regular expression for a grep pattern. ++quote_grep_re() ++{ ++ echo "$1" | sed -e 's:\([][^$.*\\]\):\\\1:g' ++} ++ ++# Quote a string for use in a regular expression for a sed s/// command. ++quote_sed_re() + { + echo "$1" | sed -e 's:\([][^$/.*\\]\):\\\1:g' + } +@@ -215,7 +221,7 @@ patch_in_series() + + if [ -e "$SERIES" ] + then +- grep -q "^$(quote_bre $patch)\([ \t]\|$\)" "$SERIES" ++ grep -q "^$(quote_grep_re $patch)\([ \t]\|$\)" "$SERIES" + else + return 1 + fi +@@ -365,7 +371,7 @@ is_applied() + { + local patch=$1 + [ -e $DB ] || return 1 +- grep -q "^$(quote_bre $patch)\$" $DB ++ grep -q "^$(quote_grep_re $patch)\$" $DB + } + + applied_patches() +@@ -465,7 +471,7 @@ remove_from_db() + local tmpfile + if tmpfile=$(gen_tempfile) + then +- grep -v "^$(quote_bre $patch)\$" $DB > $tmpfile ++ grep -v "^$(quote_grep_re $patch)\$" $DB > $tmpfile + cat $tmpfile > $DB + rm -f $tmpfile + [ -s $DB ] || rm -f $DB +@@ -520,7 +526,7 @@ find_patch() + fi + + local patch=${1#$SUBDIR_DOWN$QUILT_PATCHES/} +- local bre=$(quote_bre "$patch") ++ local bre=$(quote_sed_re "$patch") + set -- $(sed -e "/^$bre\(\|\.patch\|\.diff\?\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.lz\)\([ "$'\t'"]\|$\)/!d" \ + -e 's/[ '$'\t''].*//' "$SERIES") + if [ $# -eq 1 ] +@@ -631,7 +637,7 @@ files_in_patch() + then + find "$path" -type f \ + -a ! -path "$(quote_glob "$path")/.timestamp" | +- sed -e "s/$(quote_bre "$path")\///" ++ sed -e "s/$(quote_sed_re "$path")\///" + fi + } + +diff --git a/quilt/upgrade.in b/quilt/upgrade.in +index dbf7d05..866aa33 100644 +--- a/quilt/upgrade.in ++++ b/quilt/upgrade.in +@@ -74,7 +74,7 @@ printf $"Converting meta-data to version %s\n" "$DB_VERSION" + + for patch in $(applied_patches) + do +- proper_name="$(grep "^$(quote_bre $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)" ++ proper_name="$(grep "^$(quote_grep_re $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)" + proper_name=${proper_name#$QUILT_PATCHES/} + proper_name=${proper_name%% *} + if [ -z "$proper_name" ] +@@ -84,7 +84,7 @@ do + fi + + if [ "$patch" != "$proper_name" -a -d $QUILT_PC/$patch ] \ +- && grep -q "^$(quote_bre $patch)\$" \ ++ && grep -q "^$(quote_grep_re $patch)\$" \ + $QUILT_PC/applied-patches + then + mv $QUILT_PC/$patch $QUILT_PC/$proper_name \ +-- +cgit v1.1 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch new file mode 100644 index 0000000000..d0e637191a --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch @@ -0,0 +1,35 @@ +From 6ef189c45b763aedac5ef57ed6a5fc125fa95b41 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 3 Mar 2023 09:54:48 -0800 +Subject: [PATCH] python: Use Py_hash_t instead of long in hdr_hash + +Fixes +python/header-py.c:744:2: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (PyObject *)' (aka 'long (struct _object *)') [-Wincompatible-function-pointer-types] +| hdr_hash, /* tp_hash */ +| ^~~~~~~~ + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2409] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + python/header-py.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/header-py.c b/python/header-py.c +index 0aed0c9267..c15503f359 100644 +--- a/python/header-py.c ++++ b/python/header-py.c +@@ -316,9 +316,9 @@ static PyObject * hdr_dsOfHeader(PyObject * s) + "(Oi)", s, RPMTAG_NEVR); + } + +-static long hdr_hash(PyObject * h) ++static Py_hash_t hdr_hash(PyObject * h) + { +- return (long) h; ++ return (Py_hash_t) h; + } + + static PyObject * hdr_reduce(hdrObject *s) +-- +2.39.2 + diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb index 5f3986d8a3..db83a8c099 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb @@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ file://fifofix.patch \ + file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \ " PE = "1" diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc deleted file mode 100644 index ebff5efd1f..0000000000 --- a/poky/meta/recipes-devtools/ruby/ruby.inc +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "An interpreter of object-oriented scripting language" -DESCRIPTION = "Ruby is an interpreted scripting language for quick \ -and easy object-oriented programming. It has many features to process \ -text files and to do system management tasks (as in Perl). \ -It is simple, straight-forward, and extensible. \ -" -HOMEPAGE = "http://www.ruby-lang.org/" -SECTION = "devel/ruby" -LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \ - file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \ - file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \ - " - -DEPENDS = "zlib openssl libyaml gdbm readline libffi" -DEPENDS:append:class-target = " ruby-native" - -SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" -SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ - file://0001-extmk-fix-cross-compilation-of-external-gems.patch \ - file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ - " -UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" - -inherit autotools ptest pkgconfig - - -# This snippet lets compiled extensions which rely on external libraries, -# such as zlib, compile properly. If we don't do this, then when extmk.rb -# runs, it uses the native libraries instead of the target libraries, and so -# none of the linking operations succeed -- which makes extconf.rb think -# that the libraries aren't available and hence that the extension can't be -# built. - -do_configure:prepend() { - sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk - rm -rf ${S}/ruby/ -} diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch deleted file mode 100644 index 5d0f8fcc09..0000000000 --- a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001 -From: Alan Wu <XrXr@users.noreply.github.com> -Date: Thu, 31 Mar 2022 17:26:28 -0400 -Subject: [PATCH] Remove dependency on libcapstone - -We have received reports of build failures due to this configuration -check modifying compile flags. Since only YJIT devs use this library -we can remove it to make Ruby easier to build for users. - -See: https://github.com/rbenv/ruby-build/discussions/1933 - -Upstream-Status: Backport ---- - configure.ac | 9 --------- - 1 file changed, 9 deletions(-) - -Index: ruby-3.1.2/configure.ac -=================================================================== ---- ruby-3.1.2.orig/configure.ac -+++ ruby-3.1.2/configure.ac -@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki - AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX - AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris - --if pkg-config --exists capstone; then -- CAPSTONE_CFLAGS=`pkg-config --cflags capstone` -- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone` -- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L" -- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS" --fi -- --AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT -- - dnl Checks for header files. - AC_HEADER_DIRENT - dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 387bfa9b44..c8454da3a9 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -1,8 +1,25 @@ -require ruby.inc - -DEPENDS:append:libc-musl = " libucontext" - -SRC_URI += " \ +SUMMARY = "An interpreter of object-oriented scripting language" +DESCRIPTION = "Ruby is an interpreted scripting language for quick \ +and easy object-oriented programming. It has many features to process \ +text files and to do system management tasks (as in Perl). \ +It is simple, straight-forward, and extensible. \ +" +HOMEPAGE = "http://www.ruby-lang.org/" +SECTION = "devel/ruby" +LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \ + file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \ + file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \ + " + +DEPENDS = "zlib openssl libyaml gdbm readline libffi" +DEPENDS:append:class-target = " ruby-native" + +SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" +SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ + file://0001-extmk-fix-cross-compilation-of-external-gems.patch \ + file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ file://remove_has_include_macros.patch \ file://run-ptest \ file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ @@ -12,10 +29,27 @@ SRC_URI += " \ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ - file://0001-Remove-dependency-on-libcapstone.patch \ " +UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" + +inherit autotools ptest pkgconfig + + +# This snippet lets compiled extensions which rely on external libraries, +# such as zlib, compile properly. If we don't do this, then when extmk.rb +# runs, it uses the native libraries instead of the target libraries, and so +# none of the linking operations succeed -- which makes extconf.rb think +# that the libraries aren't available and hence that the extension can't be +# built. + +do_configure:prepend() { + sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk + rm -rf ${S}/ruby/ +} + +DEPENDS:append:libc-musl = " libucontext" -SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" +SRC_URI[sha256sum] = "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service index 7f72f3388a..b6b81d5c1a 100644 --- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service +++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service @@ -1,7 +1,7 @@ [Unit] Description=Run pending postinsts DefaultDependencies=no -After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount +After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service Before=sysinit.target [Service] diff --git a/poky/meta/recipes-devtools/rust/rust.inc b/poky/meta/recipes-devtools/rust/rust.inc index 956301023a..7d87e8e1b2 100644 --- a/poky/meta/recipes-devtools/rust/rust.inc +++ b/poky/meta/recipes-devtools/rust/rust.inc @@ -72,7 +72,7 @@ python do_configure() { config = configparser.RawConfigParser() # [target.ARCH-poky-linux] - host_section = "target.{}".format(d.getVar('RUST_HOST_SYS', True)) + host_section = "target.{}".format(d.getVar('RUST_HOST_SYS')) config.add_section(host_section) llvm_config_target = d.expand("${RUST_ALTERNATE_EXE_PATH}") @@ -87,7 +87,7 @@ python do_configure() { # If we don't do this rust-native will compile it's own llvm for BUILD. # [target.${BUILD_ARCH}-unknown-linux-gnu] - build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS', True)) + build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS')) if build_section != host_section: config.add_section(build_section) @@ -97,7 +97,7 @@ python do_configure() { config.set(build_section, "cc", e(d.expand("${RUST_BUILD_CC}"))) config.set(build_section, "linker", e(d.expand("${RUST_BUILD_CCLD}"))) - target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS', True)) + target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS')) if target_section != host_section and target_section != build_section: config.add_section(target_section) @@ -143,26 +143,26 @@ python do_configure() { config.set("build", "vendor", e(True)) if not "targets" in locals(): - targets = [d.getVar("RUST_TARGET_SYS", True)] + targets = [d.getVar("RUST_TARGET_SYS")] config.set("build", "target", e(targets)) if not "hosts" in locals(): - hosts = [d.getVar("RUST_HOST_SYS", True)] + hosts = [d.getVar("RUST_HOST_SYS")] config.set("build", "host", e(hosts)) # We can't use BUILD_SYS since that is something the rust snapshot knows # nothing about when trying to build some stage0 tools (like fabricate) - config.set("build", "build", e(d.getVar("RUST_BUILD_SYS", True))) + config.set("build", "build", e(d.getVar("RUST_BUILD_SYS"))) # [install] config.add_section("install") # ./x.py install doesn't have any notion of "destdir" # but we can prepend ${D} to all the directories instead - config.set("install", "prefix", e(d.getVar("D", True) + d.getVar("prefix", True))) - config.set("install", "bindir", e(d.getVar("D", True) + d.getVar("bindir", True))) - config.set("install", "libdir", e(d.getVar("D", True) + d.getVar("libdir", True))) - config.set("install", "datadir", e(d.getVar("D", True) + d.getVar("datadir", True))) - config.set("install", "mandir", e(d.getVar("D", True) + d.getVar("mandir", True))) + config.set("install", "prefix", e(d.getVar("D") + d.getVar("prefix"))) + config.set("install", "bindir", e(d.getVar("D") + d.getVar("bindir"))) + config.set("install", "libdir", e(d.getVar("D") + d.getVar("libdir"))) + config.set("install", "datadir", e(d.getVar("D") + d.getVar("datadir"))) + config.set("install", "mandir", e(d.getVar("D") + d.getVar("mandir"))) with open("config.toml", "w") as f: f.write('changelog-seen = 2\n\n') diff --git a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch index 7097bb9087..31a76d9bb4 100644 --- a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch +++ b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch @@ -14,7 +14,7 @@ Someone with more rust knowledge could split up the triplets in no_atmoics.rs and compare against the architecture/processor, or replace -unknown with a glob to create a patch that upstream might accept. -Upstream-Status: Inappropriate [OE Specific tweak but could be rewritten] +Upstream-Status: Submitted [https://github.com/crossbeam-rs/crossbeam/pull/922] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Index: rustc-1.63.0-src/vendor/crossbeam-utils/build.rs diff --git a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb index 1f9dbd3cce..dbf74cec8f 100644 --- a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb +++ b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb @@ -57,7 +57,6 @@ rust_do_install:class-nativesdk() { } EXTRA_TOOLS ?= "cargo-clippy clippy-driver rustfmt" -EXTRA_TOOLS:remove:riscv32 = "rustfmt" rust_do_install:class-target() { export PSEUDO_UNLOAD=1 rust_runx install diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch index 44b2ce0a30..5a10c93a31 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch +++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch @@ -1,4 +1,4 @@ -Upstream-Status: Pending +Upstream-Status: Inappropriate [upstream does not support installed tests] Index: unix/Makefile.in =================================================================== diff --git a/poky/meta/recipes-devtools/vala/vala.inc b/poky/meta/recipes-devtools/vala/vala.inc index 974baa33f5..162e99bb03 100644 --- a/poky/meta/recipes-devtools/vala/vala.inc +++ b/poky/meta/recipes-devtools/vala/vala.inc @@ -42,20 +42,23 @@ EXTRA_OECONF += " --disable-valadoc" # Vapigen wrapper needs to be available system-wide, because it will be used # to build vapi files from all other packages with vala support do_install:append:class-target() { - install -d ${D}${bindir}/ - install ${B}/vapigen-wrapper ${D}${bindir}/ + install -d ${D}${bindir_crossscripts}/ + install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/ } # Put vapigen wrapper into target sysroot so that it can be used when building # vapi files. -SYSROOT_DIRS:append:class-target = " ${bindir}" +SYSROOT_DIRS += "${bindir_crossscripts}" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56" SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess" vapigen_sysroot_preprocess() { # Tweak the vapigen name in the vapigen pkgconfig file, so that it picks # up our wrapper. sed -i \ - -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \ + -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \ ${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc } @@ -64,5 +67,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper" PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess" vala_package_preprocess () { - sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper + rm -rf ${PKGD}${bindir_crossscripts} } diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 index 887bfd2766..432dcc916c 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 +++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 @@ -1,3 +1,4 @@ +drd/tests/boost_thread gdbserver_tests/hgtls cachegrind/tests/ann1 callgrind/tests/simwork1 diff --git a/poky/meta/recipes-extended/at/at_3.2.5.bb b/poky/meta/recipes-extended/at/at_3.2.5.bb index 87a436173f..c0c876a644 100644 --- a/poky/meta/recipes-extended/at/at_3.2.5.bb +++ b/poky/meta/recipes-extended/at/at_3.2.5.bb @@ -52,8 +52,10 @@ INITSCRIPT_PARAMS = "defaults" SYSTEMD_SERVICE:${PN} = "atd.service" -do_configure:prepend() { - cp -f ${WORKDIR}/posixtm.[ch] ${S} +do_patch[postfuncs] += "copy_posix_files" + +copy_posix_files() { + cp -f ${WORKDIR}/posixtm.[ch] ${S} } do_install () { diff --git a/poky/meta/recipes-extended/bc/bc_1.07.1.bb b/poky/meta/recipes-extended/bc/bc_1.07.1.bb index 1bec76bb2a..5a03751304 100644 --- a/poky/meta/recipes-extended/bc/bc_1.07.1.bb +++ b/poky/meta/recipes-extended/bc/bc_1.07.1.bb @@ -32,4 +32,4 @@ do_compile:prepend() { ALTERNATIVE:${PN} = "bc dc" ALTERNATIVE_PRIORITY = "100" -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch new file mode 100644 index 0000000000..4b96e4316c --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch @@ -0,0 +1,39 @@ +From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001 +From: Stefano Babic <sbabic@denx.de> +Date: Fri, 28 Jul 2017 13:20:52 +0200 +Subject: [PATCH] Wrong CRC with ASCII CRC for large files + +Due to signedness, the checksum is not computed when filesize is bigger +a 2GB. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html] +Signed-off-by: Stefano Babic <sbabic@denx.de> +--- + src/copyout.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..727aeca 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -34,13 +34,13 @@ + compute and return a checksum for them. */ + + static uint32_t +-read_for_checksum (int in_file_des, int file_size, char *file_name) ++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name) + { + uint32_t crc; + char buf[BUFSIZ]; +- int bytes_left; +- int bytes_read; +- int i; ++ unsigned int bytes_left; ++ unsigned int bytes_read; ++ unsigned int i; + + crc = 0; + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index e72a114de9..dd3541096f 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ file://CVE-2021-38185.patch \ + file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb index 786940a7e0..a3db6eb394 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -9,7 +9,7 @@ DEPENDS = "cracklib-native zlib" EXTRA_OECONF = "--without-python --libdir=${base_libdir}" -SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ +SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ file://0002-craklib-fix-testnum-and-teststr-failed.patch \ " diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index 9c920bb133..da320b1085 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -47,6 +47,7 @@ PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" +PACKAGECONFIG[webif] = "--enable-webif,--disable-webif" EXTRA_OECONF = " \ --enable-dbus \ @@ -66,7 +67,7 @@ EXTRA_OECONF = " \ EXTRA_AUTORECONF += "--exclude=autoheader" do_install () { - oe_runmake "DESTDIR=${D}" install + oe_runmake "BUILDROOT=${D}" install # Remove /var/run from package as cupsd will populate it on startup rm -fr ${D}/${localstatedir}/run @@ -74,7 +75,7 @@ do_install () { rmdir ${D}/${libexecdir}/${BPN}/driver # Fix the pam configuration file permissions - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + if ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then chmod 0644 ${D}${sysconfdir}/pam.d/cups fi @@ -92,7 +93,7 @@ do_install () { fi } -PACKAGES =+ "${PN}-lib ${PN}-libimage" +PACKAGES =+ "${PN}-lib ${PN}-libimage ${PN}-webif" RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}" FILES:${PN} += "${libexecdir}/cups/" @@ -101,13 +102,10 @@ FILES:${PN}-lib = "${libdir}/libcups.so.*" FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*" -#package the html for the webgui inside the main packages (~1MB uncompressed) +# put the html for the web interface into its own PACKAGE +FILES:${PN}-webif += "${datadir}/doc/cups/ ${datadir}/icons/" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'webif', '${PN}-webif', '', d)}" -FILES:${PN} += "${datadir}/doc/cups/images \ - ${datadir}/doc/cups/*html \ - ${datadir}/doc/cups/*.css \ - ${datadir}/icons/ \ - " CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf" MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config" diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch index aac1c43465..8b88c308f2 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch +++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch @@ -1,4 +1,4 @@ -From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001 +From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001 From: Peiran Hong <peiran.hong@windriver.com> Date: Thu, 5 Sep 2019 15:42:22 -0400 Subject: [PATCH] Skip strip-trailing-cr test case @@ -10,19 +10,21 @@ package. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Peiran Hong <peiran.hong@windriver.com> + --- tests/Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am -index 83a7c9d..04d51b5 100644 +index d98df82..757ea52 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -21,8 +21,10 @@ TESTS = \ +@@ -21,9 +21,11 @@ TESTS = \ stdin \ strcoll-0-names \ filename-quoting \ - strip-trailing-cr \ + timezone \ colors +# Skipping this test since it requires valgrind +# and thus is too heavy for diffutils package @@ -30,6 +32,3 @@ index 83a7c9d..04d51b5 100644 XFAIL_TESTS = large-subopt --- -2.21.0 - diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch deleted file mode 100644 index 4928e1eaff..0000000000 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 25 Mar 2022 13:43:19 -0700 -Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ - -This is already applied to libsigsegv upstream, hopefully next version -of grep will update its internal copy and we can drop this patch - -Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/sigsegv.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/sigsegv.c b/lib/sigsegv.c -index 998c827..b6f4841 100644 ---- a/lib/sigsegv.c -+++ b/lib/sigsegv.c -@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION; - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1] - # else /* 32-bit */ - /* both should be equivalent */ --# if 0 --# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1] -+# if ! defined __GLIBC__ -+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1] - # else - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1] - # endif --- -2.35.1 - diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb index 8889c83ee2..2bb9e6f32d 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb +++ b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb @@ -6,10 +6,9 @@ require diffutils.inc SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \ file://run-ptest \ file://0001-Skip-strip-trailing-cr-test-case.patch \ - file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \ " -SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec" +SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1" EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix" diff --git a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch index 9105da6457..c3cfc7cea8 100644 --- a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch +++ b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch @@ -3,7 +3,7 @@ From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Sat, 7 Mar 2020 00:59:13 +0000 Subject: [PATCH] Make manpages mulitlib identical -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> --- Makefile.am | 2 +- diff --git a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch index eda6a40f51..b028fa20aa 100644 --- a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch +++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch @@ -15,7 +15,7 @@ doesn't work: So replace "perl -w" with "use warnings" to make it work. -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> diff --git a/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch new file mode 100644 index 0000000000..20f9d89ed8 --- /dev/null +++ b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch @@ -0,0 +1,28 @@ +CVE: CVE-2022-46663 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. + +--- + line.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/line.c b/line.c +index 236c49ae..cba7bdd1 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } diff --git a/poky/meta/recipes-extended/less/less_608.bb b/poky/meta/recipes-extended/less/less_608.bb index f411a8fb53..f907a8159c 100644 --- a/poky/meta/recipes-extended/less/less_608.bb +++ b/poky/meta/recipes-extended/less/less_608.bb @@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ DEPENDS = "ncurses" SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ + file://CVE-2022-46663.patch \ " SRC_URI[sha256sum] = "a69abe2e0a126777e021d3b73aa3222e1b261f10e64624d41ec079685a6ac209" diff --git a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch b/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch deleted file mode 100644 index 0d21799682..0000000000 --- a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch +++ /dev/null @@ -1,47 +0,0 @@ -From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 25 Jul 2022 10:56:53 -0700 -Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is - present - -These headers are in conflict and only one is needed by -archive_read_disk_posix.c therefore include linux/fs.h if it exists -otherwise include sys/mount.h - -It also helps compiling with glibc 2.36 -where sys/mount.h conflicts with linux/mount.h see [1] - -[1] https://sourceware.org/glibc/wiki/Release/2.36 - -Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/1761] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libarchive/archive_read_disk_posix.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c -index 2b39e672..a96008db 100644 ---- a/libarchive/archive_read_disk_posix.c -+++ b/libarchive/archive_read_disk_posix.c -@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$"); - #ifdef HAVE_SYS_PARAM_H - #include <sys/param.h> - #endif --#ifdef HAVE_SYS_MOUNT_H --#include <sys/mount.h> --#endif - #ifdef HAVE_SYS_STAT_H - #include <sys/stat.h> - #endif -@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$"); - #endif - #ifdef HAVE_LINUX_FS_H - #include <linux/fs.h> -+#elif HAVE_SYS_MOUNT_H -+#include <sys/mount.h> - #endif - /* - * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. --- -2.25.1 - diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 24d7918bf9..f447035b67 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -30,14 +30,12 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls," PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," -EXTRA_OECONF += "--enable-largefile" +EXTRA_OECONF += "--enable-largefile --without-iconv" -SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ - file://0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch \ - " +SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2" +SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3" inherit autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb index 8c6c20733c..f55e0b0ed1 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -22,7 +22,7 @@ inherit autotools pkgconfig EXTRA_OECONF = "--disable-gssapi" do_install:append() { - chown root:root ${D}${sysconfdir}/netconfig + test -e ${D}${sysconfdir}/netconfig && chown root:root ${D}${sysconfdir}/netconfig } BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch deleted file mode 100644 index 284a5a3ea9..0000000000 --- a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch +++ /dev/null @@ -1,31 +0,0 @@ -CVE: CVE-2022-41556 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss <gstrauss@gluelogic.com> -Date: Sun, 11 Sep 2022 22:31:34 -0400 -Subject: [PATCH] [core] handle RDHUP when collecting chunked body - -handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked -request body (and when not streaming request body to backend) - -x-ref: - https://github.com/lighttpd/lighttpd1.4/pull/115 ---- - src/gw_backend.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gw_backend.c b/src/gw_backend.c -index df9d8217..5db56287 100644 ---- a/src/gw_backend.c -+++ b/src/gw_backend.c -@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) { - * and module is flagged to stream request body to backend) */ - return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST) - ? http_response_reqbody_read_error(r, 411) -- : HANDLER_WAIT_FOR_EVENT; -+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; - } - - if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) { diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb index 78978105b2..838881f238 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb @@ -14,13 +14,12 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ - file://CVE-2022-41556.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ " -SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" +SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358" DEPENDS = "virtual/crypt" diff --git a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb index f380de0b6b..f59fe009bb 100644 --- a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb +++ b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb @@ -19,6 +19,15 @@ SRCREV = "67d8c828e7bdc01ba93f8ff79765dd424da0c9d7" S = "${WORKDIR}/git" + +inherit update-alternatives + +ALTERNATIVE:${PN} = "lsof" +ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof" +# Make our priority higher than busybox +ALTERNATIVE_PRIORITY = "100" + + export LSOF_INCLUDE = "${STAGING_INCDIR}" do_configure () { diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch new file mode 100644 index 0000000000..186d1e76f2 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch @@ -0,0 +1,45 @@ +From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:12 -0600 +Subject: [PATCH] mdadm: Fix optional --write-behind parameter + +The commit noted below changed the behaviour of --write-behind to +require an argument. This broke the 06wrmostly test with the error: + + mdadm: Invalid value for maximum outstanding write-behind writes: (null). + Must be between 0 and 16383. + +To fix this, check if optarg is NULL before parising it, as the origial +code did. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9] + +Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.") +Cc: Mateusz Grzonka <mateusz.grzonka@intel.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + mdadm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mdadm.c b/mdadm.c +index d0c5e6de..56722ed9 100644 +--- a/mdadm.c ++++ b/mdadm.c +@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[]) + case O(BUILD, WriteBehind): + case O(CREATE, WriteBehind): + s.write_behind = DEFAULT_MAX_WRITE_BEHIND; +- if (parse_num(&s.write_behind, optarg) != 0 || +- s.write_behind < 0 || s.write_behind > 16383) { ++ if (optarg && ++ (parse_num(&s.write_behind, optarg) != 0 || ++ s.write_behind < 0 || s.write_behind > 16383)) { + pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n", + optarg); + exit(2); +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch new file mode 100644 index 0000000000..1c95834a7e --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch @@ -0,0 +1,41 @@ +From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:13 -0600 +Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout + fails for 0.9 + +329dfc28debb disallows the creation of raid0 with layouts for 0.9 +metadata. This test confirms the new behavior. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index 8bc18985..e6b21cc4 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -6,11 +6,9 @@ check raid0 + testdev $md0 3 $mdsize2_l 512 + mdadm -S $md0 + +-# now with version-0.90 superblock ++# verify raid0 with layouts fail for 0.90 + mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3 +-check raid0 +-testdev $md0 4 $mdsize0 512 +-mdadm -S $md0 ++check opposite_result + + # now with no superblock + mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4 +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch new file mode 100644 index 0000000000..c621c082e8 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch @@ -0,0 +1,39 @@ +From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 27 Jul 2022 15:52:45 -0600 +Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro + +In some recent kernel versions, 00readonly fails with: + + mdadm: failed to set readonly for /dev/md0: Device or resource busy + ERROR: array is not read-only! + +This was traced down to a race condition with udev holding a reference +to the block device at the same time as trying to set it read only. + +To fix this, call udevadm settle before setting the array read only. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26] + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jsorensen@fb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00readonly | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/00readonly b/tests/00readonly +index 39202487..afe243b3 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -12,6 +12,7 @@ do + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync + check $level ++ udevadm settle + mdadm -ro $md0 + check readonly + state=$(cat /sys/block/md0/md/array_state) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch new file mode 100644 index 0000000000..1a7104b76d --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch @@ -0,0 +1,33 @@ +From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:16 -0600 +Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration + +This fixes 02lineargrow test as prior metadata causes --add operation +to misbehave. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/02lineargrow | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/02lineargrow b/tests/02lineargrow +index e05c219d..595bf9f2 100644 +--- a/tests/02lineargrow ++++ b/tests/02lineargrow +@@ -20,4 +20,6 @@ do + testdev $md0 3 $sz 1 + + mdadm -S $md0 ++ mdadm --zero /dev/loop2 ++ mdadm --zero /dev/loop3 + done +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch new file mode 100644 index 0000000000..9098fb2540 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch @@ -0,0 +1,41 @@ +From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:15 -0600 +Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1 + +'04update-metadata' test fails with error, "specifying chunk size is +forbidden for this level" added by commit, 5b30a34aa4b5e. Hence, +correcting the test to ignore passing chunk size to raid1. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +[logang@deltatee.com: fix if/then style and dropped unrelated hunk] +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/04update-metadata | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 08c14af7..2b72a303 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3" + for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} +- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ if [[ $l == 'raid1' ]]; then ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist ++ else ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ fi + testdev $md0 $s 19904 64 + mdadm -S $md0 + mdadm -A $md0 --update=metadata $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch new file mode 100644 index 0000000000..d2e7d8ee50 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch @@ -0,0 +1,102 @@ +From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:14 -0600 +Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata + +Some of the test cases fail because raid0 creation fails with the error, +"0.90 metadata does not support layouts for RAID0" added by commit, +329dfc28debb. Fix some of the test cases by switching from raid0 to +linear level for 0.9 metadata where possible. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 4 ++-- + tests/00readonly | 4 ++++ + tests/03r0assem | 6 +++--- + tests/04r0update | 4 ++-- + tests/04update-metadata | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index e6b21cc4..9b8896cb 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -20,8 +20,8 @@ mdadm -S $md0 + # now same again with different chunk size + for chunk in 4 32 256 + do +- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2 +- check raid0 ++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2 ++ check linear + testdev $md0 3 $mdsize0 $chunk + mdadm -S $md0 + +diff --git a/tests/00readonly b/tests/00readonly +index 28b0fa13..39202487 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2 + do + for level in linear raid0 raid1 raid4 raid5 raid6 raid10 + do ++ if [[ $metadata == "0.9" && $level == "raid0" ]]; ++ then ++ continue ++ fi + mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \ + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync +diff --git a/tests/03r0assem b/tests/03r0assem +index 6744e322..44df0645 100644 +--- a/tests/03r0assem ++++ b/tests/03r0assem +@@ -68,9 +68,9 @@ mdadm -S $md2 + ### Now for version 0... + + mdadm --zero-superblock $dev0 $dev1 $dev2 +-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2 +-check raid0 +-tst="testdev $md2 3 $mdsize0 512" ++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2 ++check linear ++tst="testdev $md2 3 $mdsize0 1" + $tst + + uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'` +diff --git a/tests/04r0update b/tests/04r0update +index 73ee3b9f..b95efb06 100644 +--- a/tests/04r0update ++++ b/tests/04r0update +@@ -1,7 +1,7 @@ + + # create a raid0, re-assemble with a different super-minor +-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2 +-testdev $md0 3 $mdsize0 512 ++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2 ++testdev $md0 3 $mdsize0 1 + minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'` + mdadm -S /dev/md0 + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 232fc1ff..08c14af7 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -8,7 +8,7 @@ set -xe + + dlist="$dev0 $dev1 $dev2 $dev3" + +-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2 ++for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} + mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb index 19035caaec..4aa3737562 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -24,6 +24,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-mdadm-skip-test-11spare-migration.patch \ file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \ file://0001-Makefile-install-mdcheck.patch \ + file://0001-mdadm-Fix-optional-write-behind-parameter.patch \ + file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \ + file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \ + file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ + file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ + file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ " SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" diff --git a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch index a4b3afd959..090ed5c1c9 100644 --- a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch +++ b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch @@ -1,4 +1,4 @@ -From 58245b859ffbcb1780575bf1b0a018d55e74e434 Mon Sep 17 00:00:00 2001 +From 08ba909500412611953aea0fa2fe0d8fe76b6e24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com> Date: Wed, 21 Sep 2016 21:14:40 +0200 Subject: [PATCH] detect gold as GNU linker too @@ -9,23 +9,21 @@ Content-Transfer-Encoding: 8bit Upstream-Status: Pending Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 03e8bda..c2fce51 100644 +index 468c718..cd93f30 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ AC_CHECK_SIZEOF([void *]) AC_MSG_CHECKING([for GNU ld]) - LD=`$CC -print-prog-name=ld 2>&5` + LD=$($CC -print-prog-name=ld 2>&5) --if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld"` = 0; then -+if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU "` = 0; then +-if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld") = 0; then ++if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ") = 0; then # Not GNU_LD="" AC_MSG_RESULT([no]) --- -2.5.5 - diff --git a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch b/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch deleted file mode 100644 index ca235d5108..0000000000 --- a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f60dc1063607ca1f201ba4cbda467d8af3f78f64 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar <mlichvar@redhat.com> -Date: Tue, 1 Oct 2019 16:37:55 +0200 -Subject: [PATCH] don't ignore CFLAGS when building snack - -In addition to the flags returned by python-config --cflags, use the -user-specified CFLAGS when building the snack object. - -Upstream-Status: Backport from master -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index be5f87b..6facd5e 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -96,8 +96,8 @@ _snack.$(SOEXT): snack.c $(LIBNEWTSH) - PIFLAGS=`$$pyconfig --includes`; \ - PLDFLAGS=`$$pyconfig --ldflags`; \ - PLFLAGS=`$$pyconfig --libs`; \ -- echo $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -- $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ echo $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ - echo $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - done || : diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb index 430e481b36..cd3731cf74 100644 --- a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb @@ -21,11 +21,9 @@ SRC_URI = "https://releases.pagure.org/newt/newt-${PV}.tar.gz \ file://cross_ar.patch \ file://Makefile.in-Add-tinfo-library-to-the-linking-librari.patch \ file://0001-detect-gold-as-GNU-linker-too.patch \ - file://0002-don-t-ignore-CFLAGS-when-building-snack.patch \ " -SRC_URI[md5sum] = "a0a5fd6b53bb167a65e15996b249ebb5" -SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac5abb31" +SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a" S = "${WORKDIR}/newt-${PV}" diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch new file mode 100644 index 0000000000..e7bf03f9f7 --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch @@ -0,0 +1,205 @@ +From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <kukuk@suse.com> +Date: Thu, 24 Feb 2022 10:37:32 +0100 +Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf + +According to the manual page, the following entry is valid but does not +work: +-:root:ALL EXCEPT localhost + +See https://bugzilla.suse.com/show_bug.cgi?id=1019866 + +Patched is based on PR#226 from Josef Moellers + +Upstream-Status: Backport +CVE: CVE-2022-28321 + +Reference to upstream patch: +[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- + 1 file changed, 76 insertions(+), 19 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 277192b..bca424f 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); + } + +@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai = NULL; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- DIAG_PUSH_IGNORE_CAST_ALIGN; +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } +-- +2.37.3 + diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch new file mode 100644 index 0000000000..77dc649090 --- /dev/null +++ b/poky/meta/recipes-extended/screen/screen/signal-permission.patch @@ -0,0 +1,40 @@ +From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 +From: Alexander Naumov <alexander_naumov@opensuse.org> +Date: Mon, 30 Jan 2023 17:22:25 +0200 +Subject: fix: missing signal sending permission check on failed query messages + +Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> + +CVE: CVE-2023-24626 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/socket.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/socket.c b/src/socket.c +index 147dc54..54d8cb8 100644 +--- a/socket.c ++++ b/socket.c +@@ -1285,11 +1285,16 @@ ReceiveMsg() + else + queryflag = -1; + +- Kill(m.m.command.apid, ++ if (CheckPid(m.m.command.apid)) { ++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); ++ } ++ else { ++ Kill(m.m.command.apid, + (queryflag >= 0) + ? SIGCONT + : SIG_BYE); /* Send SIG_BYE if an error happened */ +- queryflag = -1; ++ queryflag = -1; ++ } + } + break; + case MSG_COMMAND: +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.0.bb index 77e8000bf3..235cd8c6cf 100644 --- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb +++ b/poky/meta/recipes-extended/screen/screen_4.9.0.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-Remove-more-compatibility-stuff.patch \ file://0001-configure-Add-needed-system-headers-in-checks.patch \ + file://signal-permission.patch \ " SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4" diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch new file mode 100644 index 0000000000..37ba5f3dc2 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch @@ -0,0 +1,41 @@ +commit 670cae834827a8f794e6f7464fa57790d911b63c +Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> +Date: Tue Dec 27 17:40:17 2022 +0530 + + shadow: Fix can not print full login timeout message + + Login timed out message prints only first few bytes when write is immediately followed by exit. + Calling exit from new handler provides enough time to display full message. + +Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] + +diff --git a/src/login.c b/src/login.c +index 116e2cb3..c55f4de0 100644 +--- a/src/login.c ++++ b/src/login.c +@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); + + static void init_env (void); + static void alarm_handler (int); ++static void exit_handler (int); + + /* + * usage - print login command usage and exit +@@ -391,11 +392,16 @@ static void init_env (void) + #endif /* !USE_PAM */ + } + ++static void exit_handler (unused int sig) ++{ ++ _exit (0); ++} + + static void alarm_handler (unused int sig) + { + write (STDERR_FILENO, tmsg, strlen (tmsg)); +- _exit (0); ++ signal(SIGALRM, exit_handler); ++ alarm(2); + } + + #ifdef USE_PAM diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index a87e23569b..0ed220ac5c 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -15,6 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ file://0001-shadow-use-relaxed-usernames.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://useradd \ + file://0001-Fix-can-not-print-full-login.patch \ " SRC_URI:append:class-target = " \ @@ -30,7 +31,7 @@ SRC_URI:append:class-native = " \ SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ " -SRC_URI[sha256sum] = "9fdb73b5d2b44e8ba9fcee1b4493ac75dd5040bda35b9ac8b06570cd192e7ee3" +SRC_URI[sha256sum] = "f525154adc5605e4ebf03d3e7ee8be4d7f3c7cf9df2c2244043406b6eefca2da" # Additional Policy files for PAM diff --git a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb index 40b11345c9..d1a3fd5593 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb @@ -9,3 +9,6 @@ BBCLASSEXTEND = "native nativesdk" # Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 CVE_CHECK_IGNORE += "CVE-2013-4235" + +# This is an issue for a different shadow +CVE_CHECK_IGNORE += "CVE-2016-15024" diff --git a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch index f4fc376bb8..041c717e00 100644 --- a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch +++ b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -1,4 +1,7 @@ -sudo.conf.in: fix conflict with multilib +From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 17 Nov 2020 11:13:40 +0800 +Subject: [PATCH] sudo.conf.in: fix conflict with multilib When pass ${libdir} to --libexecdir of sudo, it fails to install sudo and lib32-sudo at same time: @@ -12,12 +15,13 @@ Update the comments in sudo.conf.in to avoid the conflict. Signed-off-by: Kai Kang <kai.kang@windriver.com> Upstream-Status: Inappropriate [OE configuration specific] + --- examples/sudo.conf.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in -index 6535d3a..50afc8f 100644 +index 2187457..0908d24 100644 --- a/examples/sudo.conf.in +++ b/examples/sudo.conf.in @@ -4,7 +4,7 @@ @@ -33,8 +37,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_intercept.so file. # --#Path intercept @plugindir@/sudo_intercept.so -+#Path intercept $plugindir/sudo_intercept.so +-#Path intercept @intercept_file@ ++#Path intercept $intercept_file # # Sudo noexec: @@ -42,8 +46,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # --#Path noexec @plugindir@/sudo_noexec.so -+#Path noexec $plugindir/sudo_noexec.so +-#Path noexec @noexec_file@ ++#Path noexec $noexec_file # # Sudo plugin directory: @@ -55,7 +59,4 @@ index 6535d3a..50afc8f 100644 +#Path plugin_dir $plugindir # - # Sudo developer mode: --- -2.17.1 - + # Core dumps: diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc index 8947c46129..f22b3eab99 100644 --- a/poky/meta/recipes-extended/sudo/sudo.inc +++ b/poky/meta/recipes-extended/sudo/sudo.inc @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=16cf60b466f3a0606427a7b624a3a670 \ +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \ file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb index ba610ee2e7..2e11739470 100644 --- a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb +++ b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb @@ -8,7 +8,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ PAM_SRC_URI = "file://sudo.pam" -SRC_URI[sha256sum] = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70" +SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b" DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb index 273c5c1815..6df7bdbb83 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb +++ b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb @@ -4,4 +4,4 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" -SRC_URI[sha256sum] = "699fd948836d77f9ad0541fd5dcf75cd2505f9da4ec14df669286ad047c23d97" +SRC_URI[sha256sum] = "18ff5a4e149e2568e43385637f72437fe6bafcc1322a93d13d1981e9464a0342" diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch new file mode 100644 index 0000000000..b2f40f3e64 --- /dev/null +++ b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch @@ -0,0 +1,43 @@ +From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sat, 11 Feb 2023 11:57:39 +0200 +Subject: Fix boundary checking in base-256 decoder + +* src/list.c (from_header): Base-256 encoding is at least 2 bytes +long. + +Upstream-Status: Backport [see reference below] +CVE: CVE-2022-48303 + +Reference to upstream patch: +https://savannah.gnu.org/bugs/?62387 +https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 + +Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + src/list.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> + + +(limited to 'src/list.c') + +diff --git a/src/list.c b/src/list.c +index 9fafc42..86bcfdd 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type, + where++; + } + } +- else if (*where == '\200' /* positive base-256 */ +- || *where == '\377' /* negative base-256 */) ++ else if (where <= lim - 2 ++ && (*where == '\200' /* positive base-256 */ ++ || *where == '\377' /* negative base-256 */)) + { + /* Parse base-256 output. A nonnegative number N is + represented as (256**DIGS)/2 + N; a negative number -N is +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/tar/tar_1.34.bb b/poky/meta/recipes-extended/tar/tar_1.34.bb index 7307cd57a2..1ef5fe221e 100644 --- a/poky/meta/recipes-extended/tar/tar_1.34.bb +++ b/poky/meta/recipes-extended/tar/tar_1.34.bb @@ -6,7 +6,9 @@ SECTION = "base" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2" +SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ + file://CVE-2022-48303.patch \ +" SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index d3c78e9157..14a1ce18f3 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,14 +6,15 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022d" +PV = "2023c" -SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ - http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ +SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ + http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ " -UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +S = "${WORKDIR}/tz" -SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" -SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" +UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7" +SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c" diff --git a/poky/meta/recipes-extended/timezone/tzcode-native.bb b/poky/meta/recipes-extended/timezone/tzcode-native.bb index e3582ba674..d0b23a9d80 100644 --- a/poky/meta/recipes-extended/timezone/tzcode-native.bb +++ b/poky/meta/recipes-extended/timezone/tzcode-native.bb @@ -1,10 +1,7 @@ require timezone.inc -# SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" -S = "${WORKDIR}" - inherit native EXTRA_OEMAKE += "cc='${CC}'" diff --git a/poky/meta/recipes-extended/timezone/tzdata.bb b/poky/meta/recipes-extended/timezone/tzdata.bb index 7f4322d867..dd1960ffa7 100644 --- a/poky/meta/recipes-extended/timezone/tzdata.bb +++ b/poky/meta/recipes-extended/timezone/tzdata.bb @@ -4,8 +4,6 @@ DEPENDS = "tzcode-native" inherit allarch -S = "${WORKDIR}" - DEFAULT_TIMEZONE ?= "Universal" INSTALL_TIMEZONE_FILE ?= "1" @@ -18,17 +16,21 @@ TZONES = " \ # "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql ZIC_FMT ?= "slim" +do_configure[cleandirs] = "${B}" +B = "${WORKDIR}/build" + do_compile() { for zone in ${TZONES}; do - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} done } do_install() { - install -d ${D}$exec_prefix ${D}${datadir}/zoneinfo - cp -pPR ${WORKDIR}$exec_prefix ${D}${base_prefix} + install -d ${D}${datadir}/zoneinfo + cp -pPR ${B}/zoneinfo/* ${D}${datadir}/zoneinfo + # libc is removing zoneinfo files from package cp -pP "${S}/zone.tab" ${D}${datadir}/zoneinfo cp -pP "${S}/zone1970.tab" ${D}${datadir}/zoneinfo diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..b236030108 --- /dev/null +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch @@ -0,0 +1,145 @@ +xdg-email does not parse mailto uris properly for thunderbird + +When using thunderbird as mailto handler xdg-email translates mailto uris into an 'thunderbird -compose' argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g. + +xdg-email 'mailto:test@example.com?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt' + +translates into + +thunderbird -compose to='test@example.com,',subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt + +with working attachment and message. (And, yes, ~ expands to the home directory.) + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205] + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +CVE: CVE-2022-4055 + + +Index: xdg-utils-1.1.3/scripts/xdg-email.in +=================================================================== +--- xdg-utils-1.1.3.orig/scripts/xdg-email.in ++++ xdg-utils-1.1.3/scripts/xdg-email.in +@@ -30,53 +30,6 @@ _USAGE + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { + if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +@@ -130,15 +83,6 @@ open_kde() + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -159,13 +103,6 @@ open_gnome3() + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -231,15 +168,6 @@ open_flatpak() + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -364,21 +292,6 @@ while [ $# -gt 0 ] ; do + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 73acf6b744..4d93180535 100644 --- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ + file://CVE-2022-4055.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb index 9efd2800da..98923a3bdc 100644 --- a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb +++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb @@ -27,6 +27,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN file://0002-help-meson.build-disable-the-use-of-yelp.patch \ file://migrator.patch \ file://distributor.patch \ + file://CVE-2023-26081.patch \ " SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860" diff --git a/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch new file mode 100644 index 0000000000..af1e20bd8f --- /dev/null +++ b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch @@ -0,0 +1,90 @@ +From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Fri, 3 Feb 2023 13:07:15 -0600 +Subject: [PATCH] Don't autofill passwords in sandboxed contexts + +If using the sandbox CSP or iframe tag, the web content is supposed to +be not trusted by the main resource origin. Therefore, we'd better +disable the password manager entirely so the untrusted web content +cannot exfiltrate passwords. + +https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x + +Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275> + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd] +CVE: CVE-2023-26081 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + .../resources/js/ephy.js | 26 +++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js +index 38b806f..44d1792 100644 +--- a/embed/web-process-extension/resources/js/ephy.js ++++ b/embed/web-process-extension/resources/js/ephy.js +@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function() + } + }; + ++Ephy.isSandboxedWebContent = function() ++{ ++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x ++ return self.origin === null || self.origin === 'null'; ++}; ++ + Ephy.PasswordManager = class PasswordManager + { + constructor(pageID, frameID) +@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager + + query(origin, targetOrigin, username, usernameField, passwordField) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`); + + return new Promise((resolver, reject) => { +@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager + + save(origin, targetOrigin, username, password, usernameField, passwordField, isNew) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerSave.postMessage({ +@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager + // FIXME: Why is pageID a parameter here? + requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({ +@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager + + queryUsernames(origin) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Requesting usernames for origin=${origin}`); + + return new Promise((resolver, reject) => { +-- +2.35.5 + diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch deleted file mode 100644 index 02cc9a2a70..0000000000 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch +++ /dev/null @@ -1,173 +0,0 @@ -From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Sat, 8 May 2021 21:58:54 +0200 -Subject: [PATCH] Add use_prebuilt_tools option - -This allows using the gdk-pixbuf tools from the host to -build and install tests in a cross-compile scenarion. - -Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/119] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - gdk-pixbuf/meson.build | 11 +++++++++-- - meson.build | 6 +++--- - meson_options.txt | 4 ++++ - tests/meson.build | 16 ++++++++-------- - thumbnailer/meson.build | 24 ++++++++++++++++++------ - 5 files changed, 42 insertions(+), 19 deletions(-) - -diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build -index 54ff9dd..2e321cf 100644 ---- a/gdk-pixbuf/meson.build -+++ b/gdk-pixbuf/meson.build -@@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin - include_directories: [ root_inc, gdk_pixbuf_inc ], - c_args: common_cflags + gdk_pixbuf_cflags, - install: true) -- meson.override_find_program(bin_name, bin) -+ if not get_option('use_prebuilt_tools') -+ meson.override_find_program(bin_name, bin) -+ endif - - # Used in tests - set_variable(bin_name.underscorify(), bin) - endforeach - --if not meson.is_cross_build() -+if get_option('use_prebuilt_tools') -+ gdk_pixbuf_query_loaders = find_program('gdk-pixbuf-query-loaders', required: true) -+ gdk_pixbuf_pixdata = find_program('gdk-pixbuf-pixdata', required: true) -+endif -+ -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - # The 'loaders.cache' used for testing, so we don't accidentally - # load the installed cache; we always build it by default - loaders_cache = custom_target('loaders.cache', -diff --git a/meson.build b/meson.build -index 813bd43..a93e6f7 100644 ---- a/meson.build -+++ b/meson.build -@@ -369,18 +369,18 @@ subdir('gdk-pixbuf') - # i18n - subdir('po') - --if not meson.is_cross_build() -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - if get_option('tests') - subdir('tests') - endif -- subdir('thumbnailer') - endif -+subdir('thumbnailer') - - # Documentation - build_docs = get_option('gtk_doc') or get_option('docs') - subdir('docs') - --if not meson.is_cross_build() -+if not meson.is_cross_build() or get_option('use_prebuilt_tools') - meson.add_install_script('build-aux/post-install.py', - gdk_pixbuf_bindir, - gdk_pixbuf_libdir, -diff --git a/meson_options.txt b/meson_options.txt -index d198d99..1c899e9 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -53,4 +53,8 @@ option('gio_sniffing', - description: 'Perform file type detection using GIO (Unused on MacOS and Windows)', - type: 'boolean', - value: true) -+option('use_prebuilt_tools', -+ description: 'Use prebuilt gdk-pixbuf tools from the host for cross-compilation', -+ type: 'boolean', -+ value: false) - -diff --git a/tests/meson.build b/tests/meson.build -index 28c2525..d97c02d 100644 ---- a/tests/meson.build -+++ b/tests/meson.build -@@ -5,6 +5,12 @@ - # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with - # this problem: See https://github.com/mesonbuild/meson/issues/8266. - if enabled_loaders.contains('png') and host_system != 'windows' -+ -+ resources_deps = [loaders_cache,] -+ if not get_option('use_prebuilt_tools') -+ resources_deps += [gdk_pixbuf_pixdata,] -+ endif -+ - # Resources; we cannot use gnome.compile_resources() here, because we need to - # override the environment in order to use the utilities we just built instead - # of the system ones -@@ -21,10 +27,7 @@ if enabled_loaders.contains('png') and host_system != 'windows' - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: resources_deps, - ) - - resources_h = custom_target('resources.h', -@@ -40,10 +43,7 @@ if enabled_loaders.contains('png') and host_system != 'windows' - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: resources_deps, - ) - no_resources = false - else -diff --git a/thumbnailer/meson.build b/thumbnailer/meson.build -index b6a206d..9336c21 100644 ---- a/thumbnailer/meson.build -+++ b/thumbnailer/meson.build -@@ -6,13 +6,29 @@ bin = executable('gdk-pixbuf-thumbnailer', - ], - dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ], - install: true) --meson.override_find_program('gdk-pixbuf-thumbnailer', bin) -+if not get_option('use_prebuilt_tools') -+ meson.override_find_program('gdk-pixbuf-thumbnailer', bin) -+endif - - gdk_pixbuf_print_mime_types = executable('gdk-pixbuf-print-mime-types', - 'gdk-pixbuf-print-mime-types.c', -+ install: true, - c_args: common_cflags, - dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ]) - -+if get_option('use_prebuilt_tools') -+ gdk_pixbuf_print_mime_types = find_program('gdk-pixbuf-print-mime-types', required: true) -+endif -+ -+thumbnailer_deps = [loaders_cache,] -+ -+if not get_option('use_prebuilt_tools') -+ thumbnailer_deps += [ -+ gdk_pixbuf_print_mime_types, -+ gdk_pixbuf_pixdata, -+ ] -+endif -+ - custom_target('thumbnailer', - input: 'gdk-pixbuf-thumbnailer.thumbnailer.in', - output: 'gdk-pixbuf-thumbnailer.thumbnailer', -@@ -25,10 +41,6 @@ custom_target('thumbnailer', - '@INPUT@', - '@OUTPUT@', - ], -- depends: [ -- gdk_pixbuf_print_mime_types, -- gdk_pixbuf_pixdata, -- loaders_cache, -- ], -+ depends: thumbnailer_deps, - install: true, - install_dir: join_paths(gdk_pixbuf_datadir, 'thumbnailers')) diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch new file mode 100644 index 0000000000..7250fa3f62 --- /dev/null +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch @@ -0,0 +1,66 @@ +From 9d3b374e75692da3d1d05344a1693c85a3098f47 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Thu, 26 Jan 2023 20:29:46 +0100 +Subject: [PATCH] meson.build: allow (a subset of) tests in cross compile + settings + +There is no need to completely disable tests: most of them +do not require running target executables at build time, +and so can be built and installed. + +This requires inserting a couple of specific guards around +items that do require running target executables. + +Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/150] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + meson.build | 6 +++--- + tests/meson.build | 10 ++++++---- + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/meson.build b/meson.build +index 8a16c8f..7c8b20f 100644 +--- a/meson.build ++++ b/meson.build +@@ -369,10 +369,10 @@ subdir('gdk-pixbuf') + # i18n + subdir('po') + ++if get_option('tests') ++ subdir('tests') ++endif + if not meson.is_cross_build() +- if get_option('tests') +- subdir('tests') +- endif + subdir('thumbnailer') + endif + +diff --git a/tests/meson.build b/tests/meson.build +index 28c2525..c45e765 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -4,7 +4,7 @@ + # gdk-pixbuf-pixdata from build directory because it needs all DLL locations in + # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with + # this problem: See https://github.com/mesonbuild/meson/issues/8266. +-if enabled_loaders.contains('png') and host_system != 'windows' ++if enabled_loaders.contains('png') and host_system != 'windows' and not meson.is_cross_build() + # Resources; we cannot use gnome.compile_resources() here, because we need to + # override the environment in order to use the utilities we just built instead + # of the system ones +@@ -166,9 +166,11 @@ endif + test_deps = gdk_pixbuf_deps + [ gdkpixbuf_dep, ] + test_args = [ '-k' ] + test_env = environment() +-test_env.set('G_TEST_SRCDIR', meson.current_source_dir()) +-test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) +-test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path()) ++if not meson.is_cross_build() ++ test_env.set('G_TEST_SRCDIR', meson.current_source_dir()) ++ test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) ++ test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path()) ++endif + + foreach test_name, test_data: installed_tests + test_sources = [ test_name + '.c', 'test-common.c' ] diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb index d33718e3ea..cca89a9059 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb @@ -12,18 +12,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SECTION = "libs" -DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info" -DEPENDS:remove:class-native = "gdk-pixbuf-native" +DEPENDS = "glib-2.0 shared-mime-info" MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://run-ptest \ file://fatal-loader.patch \ - file://0001-Add-use_prebuilt_tools-option.patch \ + file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \ " -SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962" +SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b" inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package @@ -46,14 +45,6 @@ PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" EXTRA_OEMESON = "-Dman=false" -EXTRA_OEMESON:append:class-target = " \ - -Duse_prebuilt_tools=true \ -" - -EXTRA_OEMESON:append:class-nativesdk = " \ - -Duse_prebuilt_tools=true \ -" - PACKAGES =+ "${PN}-xlib" # For GIO image type sniffing @@ -115,10 +106,6 @@ do_install:append:class-native() { XDG_DATA_DIRS=${STAGING_DATADIR} \ GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ XDG_DATA_DIRS=${STAGING_DATADIR} \ GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb index fc52ae61c5..59278d1b16 100644 --- a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb +++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb @@ -56,8 +56,10 @@ CVE_CHECK_IGNORE += "CVE-2018-1000041" CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" PACKAGECONFIG ??= "gdkpixbuf" +PACKAGECONFIG:append:class-target = " ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vala', '', d)}" # The gdk-pixbuf loader PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native" +PACKAGECONFIG[vala] = "--enable-vala,--disable-vala" do_install:append() { # Loadable modules don't need .a or .la on Linux diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 5232cf70c6..a2dba6cb20 100644 --- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch @@ -1,19 +1,20 @@ -There is a potential infinite-loop in function _arc_error_normalized(). +There is an assertion in function _cairo_arc_in_direction(). CVE: CVE-2019-6461 Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..f9249dbeb 100644 +index 390397bae..1bde774a4 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); -- } while (error > tolerance); -+ } while (error > tolerance && error > __DBL_EPSILON__); +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; - return angle; - } +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..7c3209291b 100644 --- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch @@ -1,20 +1,40 @@ -There is an assertion in function _cairo_arc_in_direction(). - CVE: CVE-2019-6462 -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> +Upstream-Status: Backport +Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> + +From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <hlewin@gmx.de> +Date: Sun, 1 Aug 2021 11:16:03 +0000 +Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop + +--- + src/cairo-arc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 +index 390397bae..1c891d1a0 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; +@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + { M_PI / 11.0, 9.81410988043554039085e-09 }, + }; + int table_size = ARRAY_LENGTH (table); ++ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; + for (i = 0; i < table_size; i++) + if (table[i].error < tolerance) + return table[i].angle; - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); + ++i; ++ + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && i < max_segments); + + return angle; + } +-- +2.38.1 + diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb index 959ef68032..613d3430ce 100644 --- a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb +++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb @@ -39,7 +39,7 @@ PACKAGECONFIG[manpages] = "-Dman-pages=enabled,-Dman-pages=disabled,libxslt-nati ALLOW_EMPTY:${PN}-drivers = "1" PACKAGES =+ "${PN}-tests ${PN}-drivers ${PN}-radeon ${PN}-nouveau ${PN}-omap \ - ${PN}-intel ${PN}-exynos ${PN}-kms ${PN}-freedreno ${PN}-amdgpu \ + ${PN}-intel ${PN}-exynos ${PN}-freedreno ${PN}-amdgpu \ ${PN}-etnaviv" RRECOMMENDS:${PN}-drivers = "${PN}-radeon ${PN}-nouveau ${PN}-omap ${PN}-intel \ @@ -52,7 +52,6 @@ FILES:${PN}-nouveau = "${libdir}/libdrm_nouveau.so.*" FILES:${PN}-omap = "${libdir}/libdrm_omap.so.*" FILES:${PN}-intel = "${libdir}/libdrm_intel.so.*" FILES:${PN}-exynos = "${libdir}/libdrm_exynos.so.*" -FILES:${PN}-kms = "${libdir}/libkms*.so.*" FILES:${PN}-freedreno = "${libdir}/libdrm_freedreno.so.*" FILES:${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids" FILES:${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*" diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb index 69d9a0a84e..5b3b85b4ff 100644 --- a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exc LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3" SRCREV = "adbf0d3106b26daa237b10b9bf72b1af7c31092d" -SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \ +SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \ file://0001-generate-glslang-pkg-config.patch" PE = "1" UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch new file mode 100644 index 0000000000..47d2d7c270 --- /dev/null +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch @@ -0,0 +1,135 @@ +From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Mon, 6 Feb 2023 13:08:52 -0700 +Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match() + +Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324] +Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP. +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++--------------- + 1 file changed, 54 insertions(+), 40 deletions(-) + +diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh +index c77ec12..04b823e 100644 +--- a/src/hb-ot-layout-gsubgpos.hh ++++ b/src/hb-ot-layout-gsubgpos.hh +@@ -532,33 +532,52 @@ struct hb_ot_apply_context_t : + may_skip (const hb_glyph_info_t &info) const + { return matcher.may_skip (c, info); } + ++ enum match_t { ++ MATCH, ++ NOT_MATCH, ++ SKIP ++ }; ++ ++ match_t match (hb_glyph_info_t &info) ++ { ++ matcher_t::may_skip_t skip = matcher.may_skip (c, info); ++ if (unlikely (skip == matcher_t::SKIP_YES)) ++ return SKIP; ++ ++ matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); ++ if (match == matcher_t::MATCH_YES || ++ (match == matcher_t::MATCH_MAYBE && ++ skip == matcher_t::SKIP_NO)) ++ return MATCH; ++ ++ if (skip == matcher_t::SKIP_NO) ++ return NOT_MATCH; ++ ++ return SKIP; ++ } ++ + bool next (unsigned *unsafe_to = nullptr) + { + assert (num_items > 0); + while (idx + num_items < end) + { + idx++; +- hb_glyph_info_t &info = c->buffer->info[idx]; +- +- matcher_t::may_skip_t skip = matcher.may_skip (c, info); +- if (unlikely (skip == matcher_t::SKIP_YES)) +- continue; +- +- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); +- if (match == matcher_t::MATCH_YES || +- (match == matcher_t::MATCH_MAYBE && +- skip == matcher_t::SKIP_NO)) +- { +- num_items--; +- advance_glyph_data (); +- return true; +- } +- +- if (skip == matcher_t::SKIP_NO) ++ switch (match (c->buffer->info[idx])) + { +- if (unsafe_to) +- *unsafe_to = idx + 1; +- return false; ++ case MATCH: ++ { ++ num_items--; ++ advance_glyph_data (); ++ return true; ++ } ++ case NOT_MATCH: ++ { ++ if (unsafe_to) ++ *unsafe_to = idx + 1; ++ return false; ++ } ++ case SKIP: ++ continue; + } + } + if (unsafe_to) +@@ -571,27 +590,22 @@ struct hb_ot_apply_context_t : + while (idx > num_items - 1) + { + idx--; +- hb_glyph_info_t &info = c->buffer->out_info[idx]; +- +- matcher_t::may_skip_t skip = matcher.may_skip (c, info); +- if (unlikely (skip == matcher_t::SKIP_YES)) +- continue; +- +- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ()); +- if (match == matcher_t::MATCH_YES || +- (match == matcher_t::MATCH_MAYBE && +- skip == matcher_t::SKIP_NO)) +- { +- num_items--; +- advance_glyph_data (); +- return true; +- } +- +- if (skip == matcher_t::SKIP_NO) ++ switch (match (c->buffer->out_info[idx])) + { +- if (unsafe_from) +- *unsafe_from = hb_max (1u, idx) - 1u; +- return false; ++ case MATCH: ++ { ++ num_items--; ++ advance_glyph_data (); ++ return true; ++ } ++ case NOT_MATCH: ++ { ++ if (unsafe_from) ++ *unsafe_from = hb_max (1u, idx) - 1u; ++ return false; ++ } ++ case SKIP: ++ continue; + } + } + if (unsafe_from) +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch new file mode 100644 index 0000000000..f5c5cf439d --- /dev/null +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch @@ -0,0 +1,192 @@ +From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Mon, 6 Feb 2023 14:51:25 -0700 +Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment + +Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8] +Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc] causes regression and was reverted. This Patch completes the fix. +CVE: CVE-2023-25193 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> + +--- + src/OT/Layout/GPOS/MarkBasePosFormat1.hh | 76 +++++++++++++++--------- + src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 24 ++++++-- + src/hb-ot-layout-gsubgpos.hh | 5 +- + 3 files changed, 69 insertions(+), 36 deletions(-) + +diff --git a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh +index ebb8c31..73839a4 100644 +--- a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh ++++ b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh +@@ -90,6 +90,25 @@ struct MarkBasePosFormat1_2 + + const Coverage &get_coverage () const { return this+markCoverage; } + ++ static inline bool accept (hb_buffer_t *buffer, unsigned idx) ++ { ++ /* We only want to attach to the first of a MultipleSubst sequence. ++ * https://github.com/harfbuzz/harfbuzz/issues/740 ++ * Reject others... ++ * ...but stop if we find a mark in the MultipleSubst sequence: ++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */ ++ return !_hb_glyph_info_multiplied (&buffer->info[idx]) || ++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) || ++ (idx == 0 || ++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) || ++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) || ++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) != ++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) || ++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) != ++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1 ++ ); ++ } ++ + bool apply (hb_ot_apply_context_t *c) const + { + TRACE_APPLY (this); +@@ -97,48 +116,47 @@ struct MarkBasePosFormat1_2 + unsigned int mark_index = (this+markCoverage).get_coverage (buffer->cur().codepoint); + if (likely (mark_index == NOT_COVERED)) return_trace (false); + +- /* Now we search backwards for a non-mark glyph */ ++ /* Now we search backwards for a non-mark glyph. ++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */ ++ + hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input; +- skippy_iter.reset (buffer->idx, 1); + skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks); +- do { +- unsigned unsafe_from; +- if (!skippy_iter.prev (&unsafe_from)) ++ ++ unsigned j; ++ for (j = buffer->idx; j > c->last_base_until; j--) ++ { ++ auto match = skippy_iter.match (buffer->info[j - 1]); ++ if (match == skippy_iter.MATCH) + { +- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1); +- return_trace (false); ++ if (!accept (buffer, j - 1)) ++ match = skippy_iter.SKIP; + } ++ if (match == skippy_iter.MATCH) ++ { ++ c->last_base = (signed) j - 1; ++ break; ++ } ++ } ++ c->last_base_until = buffer->idx; ++ if (c->last_base == -1) ++ { ++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1); ++ return_trace (false); ++ } + +- /* We only want to attach to the first of a MultipleSubst sequence. +- * https://github.com/harfbuzz/harfbuzz/issues/740 +- * Reject others... +- * ...but stop if we find a mark in the MultipleSubst sequence: +- * https://github.com/harfbuzz/harfbuzz/issues/1020 */ +- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) || +- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) || +- (skippy_iter.idx == 0 || +- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) || +- !_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx - 1]) || +- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) != +- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) || +- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) != +- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx - 1]) + 1 +- )) +- break; +- skippy_iter.reject (); +- } while (true); ++ unsigned idx = (unsigned) c->last_base; + + /* Checking that matched glyph is actually a base glyph by GDEF is too strong; disabled */ +- //if (!_hb_glyph_info_is_base_glyph (&buffer->info[skippy_iter.idx])) { return_trace (false); } ++ //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); } + +- unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint); ++ unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint); + if (base_index == NOT_COVERED) + { +- buffer->unsafe_to_concat_from_outbuffer (skippy_iter.idx, buffer->idx + 1); ++ buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1); + return_trace (false); + } + +- return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx)); ++ return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, idx)); + } + + bool subset (hb_subset_context_t *c) const +diff --git a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh +index 1a80212..4471871 100644 +--- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh ++++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh +@@ -100,20 +100,32 @@ struct MarkLigPosFormat1_2 + if (likely (mark_index == NOT_COVERED)) return_trace (false); + + /* Now we search backwards for a non-mark glyph */ ++ + hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input; +- skippy_iter.reset (buffer->idx, 1); + skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks); +- unsigned unsafe_from; +- if (!skippy_iter.prev (&unsafe_from)) ++ ++ unsigned j; ++ for (j = buffer->idx; j > c->last_base_until; j--) + { +- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1); ++ auto match = skippy_iter.match (buffer->info[j - 1]); ++ if (match == skippy_iter.MATCH) ++ { ++ c->last_base = (signed) j - 1; ++ break; ++ } ++ } ++ c->last_base_until = buffer->idx; ++ if (c->last_base == -1) ++ { ++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1); + return_trace (false); + } + ++ j = (unsigned) c->last_base; ++ + /* Checking that matched glyph is actually a ligature by GDEF is too strong; disabled */ +- //if (!_hb_glyph_info_is_ligature (&buffer->info[skippy_iter.idx])) { return_trace (false); } ++ //if (!_hb_glyph_info_is_ligature (&buffer->info[j])) { return_trace (false); } + +- unsigned int j = skippy_iter.idx; + unsigned int lig_index = (this+ligatureCoverage).get_coverage (buffer->info[j].codepoint); + if (lig_index == NOT_COVERED) + { +diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh +index 04b823e..dc3c4b6 100644 +--- a/src/hb-ot-layout-gsubgpos.hh ++++ b/src/hb-ot-layout-gsubgpos.hh +@@ -701,6 +701,9 @@ struct hb_ot_apply_context_t : + uint32_t random_state = 1; + unsigned new_syllables = (unsigned) -1; + ++ signed last_base = -1; // GPOS uses ++ unsigned last_base_until = 0; // GPOS uses ++ + hb_ot_apply_context_t (unsigned int table_index_, + hb_font_t *font_, + hb_buffer_t *buffer_) : +@@ -738,7 +741,7 @@ struct hb_ot_apply_context_t : + iter_context.init (this, true); + } + +- void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; init_iters (); } ++ void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; last_base = -1; last_base_until = 0; init_iters (); } + void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); } + void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); } + void set_per_syllable (bool per_syllable_) { per_syllable = per_syllable_; init_iters (); } +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb index 4905e8e2ad..0d68a4bf84 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6ee0f16281694fb6aa689cca1e0fb3da \ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \ file://0001-fix-signedness-of-char-in-tests.patch \ + file://CVE-2023-25193-pre1.patch \ + file://CVE-2023-25193.patch \ " SRC_URI[sha256sum] = "2edb95db668781aaa8d60959d21be2ff80085f31b12053cdd660d9a50ce84f05" @@ -32,9 +34,9 @@ PACKAGES =+ "${PN}-icu ${PN}-icu-dev ${PN}-subset" LEAD_SONAME = "libharfbuzz.so" do_install:append() { - # If no tools are installed due to PACKAGECONFIG then this directory is - #still installed, so remove it to stop packaging wanings. - rmdir --ignore-fail-on-non-empty ${D}${bindir} + # If no tools are installed due to PACKAGECONFIG then this directory might + # still be installed, so remove it to stop packaging warnings. + [ ! -d ${D}${bindir} ] || rmdir --ignore-fail-on-non-empty ${D}${bindir} } FILES:${PN}-icu = "${libdir}/libharfbuzz-icu.so.*" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb index 1708fa97f0..e086830c02 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb @@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ file://0001-libjpeg-turbo-fix-package_qa-error.patch \ " -SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b" +SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch b/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch deleted file mode 100644 index 971a3f54e0..0000000000 --- a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7211120d1e2f059d900f3379b9790484dbcf7761 Mon Sep 17 00:00:00 2001 -From: Martin Jansa <Martin.Jansa@gmail.com> -Date: Fri, 25 Oct 2019 11:09:34 +0000 -Subject: [PATCH] dispatch_common.h: define also EGL_NO_X11 - -MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in: -https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb - -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> -Upstream-Status: Pending - ---- - src/dispatch_common.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/dispatch_common.h b/src/dispatch_common.h -index a136943..448c9b1 100644 ---- a/src/dispatch_common.h -+++ b/src/dispatch_common.h -@@ -55,6 +55,7 @@ - * as EGL_NO_X11 - */ - # define MESA_EGL_NO_X11_HEADERS 1 -+# define EGL_NO_X11 1 - # endif - #include "epoxy/egl.h" - #endif diff --git a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb index 1210f73a86..384afa6907 100644 --- a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb +++ b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb @@ -9,11 +9,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b" -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ - file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \ - " -SRC_URI[sha256sum] = "d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4" -GITHUB_BASE_URI = "https://github.com/anholt/libepoxy/releases" +SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https" +SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973" +S = "${WORKDIR}/git" inherit meson pkgconfig features_check github-releases diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch index 57bc522393..f34b870e74 100644 --- a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch +++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch @@ -1,4 +1,4 @@ -From 0234c546d86174fafe9ab280cf5f44de50b73676 Mon Sep 17 00:00:00 2001 +From 77093de6a12c24a60fc447698900d18d0a3943af Mon Sep 17 00:00:00 2001 From: Carlos Rafael Giani <crg7475@mailbox.org> Date: Fri, 18 Mar 2022 12:06:23 +0100 Subject: [PATCH] Disable libunwind in native OE builds by not looking for @@ -22,10 +22,10 @@ Upstream-Status: Inappropriate [OE specific] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 644715a..bbf2e28 100644 +index 7617205..d9b1522 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -869,7 +869,7 @@ if(SDL_LIBC) +@@ -952,7 +952,7 @@ if(SDL_LIBC) check_include_file(sys/types.h HAVE_SYS_TYPES_H) foreach(_HEADER stdio.h stdlib.h stddef.h stdarg.h malloc.h memory.h string.h limits.h float.h diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb index d5cbf73df2..ce5a8aa8f2 100644 --- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb +++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-native = " file://0001-Disable-libunwind-in-native-OE-build S = "${WORKDIR}/SDL2-${PV}" -SRC_URI[sha256sum] = "91e4c34b1768f92d399b078e171448c6af18cafda743987ed2064a28954d6d97" +SRC_URI[sha256sum] = "b35ef0a802b09d90ed3add0dcac0e95820804202914f5bb7b0feb710f1a1329f" inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even diff --git a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb index 6e9b95e1e2..12f41d75a5 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb @@ -30,7 +30,7 @@ PACKAGECONFIG[gles1] = "-Dgles1=enabled,-Dgles1=disabled,virtual/libgles1" PACKAGECONFIG[gles2] = "-Dgles2=enabled,-Dgles2=disabled,virtual/libgles2" PACKAGECONFIG[glut] = "-Dwith-glut=${STAGING_EXECPREFIXDIR},,freeglut" PACKAGECONFIG[osmesa] = "-Dosmesa=enabled,-Dosmesa=disabled," -PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native" +PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native wayland-protocols" PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libglu" do_install:append() { diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb index f2bc8f6b5b..c7c7aa7ac3 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb @@ -8,6 +8,6 @@ S = "${WORKDIR}/mesa-${PV}" # At least one DRI rendering engine is required to build mesa. # When no X11 is available, use osmesa for the rendering engine. -PACKAGECONFIG ??= "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}" -PACKAGECONFIG:class-target = "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}" +PACKAGECONFIG ??= "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}" +PACKAGECONFIG:class-target = "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}" diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index 8a74e0a80a..f9007f3187 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -19,10 +19,12 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \ file://0001-util-format-Check-for-NEON-before-using-it.patch \ - file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch \ " -SRC_URI[sha256sum] = "b1f9c8fd08f2cae3adf83355bef4d2398e8025f44947332880f2d0066bdafa8c" +# required by mesa-native on Ubuntu 18.04 with gcc 7.5 when DEBUG_BUILD enabled +SRC_URI:append:class-native = " file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch" + +SRC_URI[sha256sum] = "ee7d026f7b1991dbae0861d359b671145c3a86f2a731353b885d2ea2d5c098d6" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" @@ -52,17 +54,7 @@ ANY_OF_DISTRO_FEATURES:class-target = "opengl vulkan" PLATFORMS ??= "${@bb.utils.filter('PACKAGECONFIG', 'x11 wayland', d)}" -# By placing llvm-config in the target sysroot bindir, it will then map values -# to the target libdir magically. We can safely add to path as there are no other binaries -# there. -PATH:prepend = "${STAGING_BINDIR_CROSS}:${STAGING_BINDIR}:" MESA_LLVM_RELEASE ?= "${LLVMVERSION}" -do_configure:prepend () { - if [ -e ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ]; then - cp ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ${STAGING_BINDIR} - cp ${STAGING_BINDIR_NATIVE}/llvm-config ${STAGING_BINDIR} - fi -} # set the MESA_BUILD_TYPE to either 'release' (default) or 'debug' # by default the upstream mesa sources build a debug release @@ -179,6 +171,8 @@ PACKAGECONFIG[vulkan-beta] = "-Dvulkan-beta=true,-Dvulkan-beta=false" PACKAGECONFIG[osmesa] = "-Dosmesa=true,-Dosmesa=false" +PACKAGECONFIG[perfetto] = "-Dperfetto=true,-Dperfetto=false,libperfetto" + PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind" PACKAGECONFIG[lmsensors] = "-Dlmsensors=enabled,-Dlmsensors=disabled,lmsensors" diff --git a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb index 96e8aa38d6..96e8aa38d6 100644 --- a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb +++ b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb diff --git a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb index 03e2ca6721..e673366dc7 100644 --- a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb +++ b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb @@ -21,10 +21,10 @@ GIR_MESON_ENABLE_FLAG = "enabled" GIR_MESON_DISABLE_FLAG = "disabled" SRC_URI += "file://run-ptest \ - file://0001-Skip-running-test-layout-test.patch \ -" + file://0001-Skip-running-test-layout-test.patch \ + " -SRC_URI[archive.sha256sum] = "1b636aabf905130d806372136f5e137b6a27f26d47defd9240bf444f6a4fe610" +SRC_URI[archive.sha256sum] = "5cdcf6d761d26a3eb9412b6cb069b32bd1d9b07abf116321167d94c2189299fd" DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi" @@ -38,7 +38,7 @@ PACKAGECONFIG[thai] = ",,libthai" GIR_MESON_OPTION = 'introspection' do_configure:prepend() { - chmod +x ${S}/tests/*.py + chmod +x ${S}/tests/*.py } LEAD_SONAME = "libpango-1.0*" diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb index f758208c6b..4a4e44f685 100644 --- a/poky/meta/recipes-graphics/piglit/piglit_git.bb +++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb @@ -39,7 +39,7 @@ do_compile[dirs] =+ "${B}/temp/" PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}" PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut," PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF" -PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,opencl-icd-loader" +PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd" PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}" PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader" diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb index 94500a96ba..ce47206ac2 100644 --- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb @@ -8,7 +8,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d" SRCREV = "b2a156e1c0434bc8c99aaebba1c7be98be7ac580" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master" +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main" PE = "1" UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb index fc1074d8b8..c6fba3821b 100644 --- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb +++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb @@ -8,7 +8,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "c94501352d545e84c821ce031399e76d1af32d18" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https \ file://0001-Remove-default-copy-constructor-in-header.-4879.patch \ " PE = "1" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb index 332411b312..d5d285cd83 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a" -SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \ +SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=main;protocol=https;lfs=0 \ file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \ file://debugfix.patch \ file://0001-Qualify-move-as-std-move.patch;patchdir=third_party/spirv-cross \ diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch new file mode 100644 index 0000000000..722116c07e --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch @@ -0,0 +1,57 @@ +CVE: CVE-2022-3554 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Tue, 4 Oct 2022 18:26:17 -0400 +Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback + +Analysis: + + _XimRegisterIMInstantiateCallback() opens an XIM and closes it using + the internal function pointers, but the internal close function does + not free the pointer to the XIM (this would be done in XCloseIM()). + +Report/patch: + + Date: Mon, 03 Oct 2022 18:47:32 +0800 + From: Po Lu <luangruo@yahoo.com> + To: xorg-devel@lists.x.org + Subject: Re: Yet another leak in Xlib + + For reference, here's how I'm calling XRegisterIMInstantiateCallback: + + XSetLocaleModifiers (""); + XRegisterIMInstantiateCallback (compositor.display, + XrmGetDatabase (compositor.display), + (char *) compositor.resource_name, + (char *) compositor.app_name, + IMInstantiateCallback, NULL); + + and XMODIFIERS is: + + @im=ibus + +Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net> +--- + modules/im/ximcp/imInsClbk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c +index 95b379cb..c10e347f 100644 +--- a/modules/im/ximcp/imInsClbk.c ++++ b/modules/im/ximcp/imInsClbk.c +@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( + if( xim ) { + lock = True; + xim->methods->close( (XIM)xim ); ++ /* XIMs must be freed manually after being opened; close just ++ does the protocol to deinitialize the IM. */ ++ XFree( xim ); + lock = False; + icb->call = True; + callback( display, client_data, NULL ); +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb index 1dcc3abee9..9ff196c897 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb @@ -15,6 +15,7 @@ PE = "1" SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz" SRC_URI += "file://disable_tests.patch \ + file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \ " SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7" diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch new file mode 100644 index 0000000000..d226766d49 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch @@ -0,0 +1,33 @@ +CVE: CVE-2022-44638 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001 +From: Matt Turner <mattst88@gmail.com> +Date: Wed, 2 Nov 2022 12:07:32 -0400 +Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write + +Thanks to Maddie Stone and Google's Project Zero for discovering this +issue, providing a proof-of-concept, and a great analysis. + +Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 +--- + pixman/pixman-trap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c +index 91766fd..7560405 100644 +--- a/pixman/pixman-trap.c ++++ b/pixman/pixman-trap.c +@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y, + + if (f < Y_FRAC_FIRST (n)) + { +- if (pixman_fixed_to_int (i) == 0x8000) ++ if (pixman_fixed_to_int (i) == 0xffff8000) + { + f = 0; /* saturate */ + } +-- +GitLab + diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb index ccfe277746..c56733eefd 100644 --- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb @@ -9,6 +9,7 @@ DEPENDS = "zlib" SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \ file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \ + file://CVE-2022-44638.patch \ " SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4" SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc" diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch new file mode 100644 index 0000000000..4209139da8 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch @@ -0,0 +1,32 @@ +From fc28149b6b198042c8d29e0931415adad7ed3231 Mon Sep 17 00:00:00 2001 +From: Wang Mingyu <wangmy@fujitsu.com> +Date: Thu, 16 Mar 2023 08:03:47 +0000 +Subject: [PATCH] Fix install conflict when enable multilib. + +Automake defines pythondir in terms of libdir (rather than hardcode 'lib' or query it from python as automake upstream does) +https://git.yoctoproject.org/poky/tree/meta/recipes-devtools/automake/automake/0001-automake-Update-for-python.m4-to-respect-libdir.patch + +So libdir needs to be defined when pythondir is defined. + +Upstream-Status: Inappropriate + +Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 8b57a83..580f5bc 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,6 @@ + SUBDIRS = src xcbgen + +-pkgconfigdir = $(datarootdir)/pkgconfig ++pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = xcb-proto.pc + + EXTRA_DIST=doc xcb-proto.pc.in autogen.sh README.md +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb index 4e4472a9c1..e60e7958a7 100644 --- a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb +++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb @@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d763b081cb10c223435b01e00dc0aba7 \ SRC_URI = "https://xorg.freedesktop.org/archive/individual/proto/${BP}.tar.xz \ file://0001-xcb-proto.pc.in-reinstate-libdir.patch \ + file://0001-Fix-install-conflict-when-enable-multilib.patch \ " SRC_URI[sha256sum] = "7072beb1f680a2fe3f9e535b797c146d22528990c72f63ddb49d2f350a3653ed" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 057a1ba6ad..ecb164ddf7 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2011-4613" # impossible or difficult to exploit. There is currently no upstream patch # available for this flaw. CVE_CHECK_IGNORE += "CVE-2020-25697" +# This is specific to XQuartz, which is the macOS X server port +CVE_CHECK_IGNORE += "CVE-2022-3553" S = "${WORKDIR}/${XORG_PN}-${PV}" @@ -80,9 +82,9 @@ PACKAGES =+ "${PN}-sdl \ SUMMARY:xf86-video-modesetting = "X.Org X server -- modesetting display driver" INSANE_SKIP:${MLPREFIX}xf86-video-modesetting = "xorg-driver-abi" -XSERVER_RRECOMMENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput" -RRECOMMENDS:${PN} += "${XSERVER_RRECOMMENDS}" -RRECOMMENDS:${PN}-xwayland += "${XSERVER_RRECOMMENDS}" +XSERVER_RDEPENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput" +RDEPENDS:${PN} += "${XSERVER_RDEPENDS}" +RDEPENDS:${PN}-xwayland += "${XSERVER_RDEPENDS}" RDEPENDS:${PN}-xvfb += "xkeyboard-config" RDEPENDS:${PN}-module-exa = "${PN} (= ${EXTENDPKGV})" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch new file mode 100644 index 0000000000..fc426daba5 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch @@ -0,0 +1,46 @@ +From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Mon, 13 Mar 2023 11:08:47 +0100 +Subject: [PATCH] composite: Fix use-after-free of the COW + +ZDI-CAN-19866/CVE-2023-1393 + +If a client explicitly destroys the compositor overlay window (aka COW), +we would leave a dangling pointer to that window in the CompScreen +structure, which will trigger a use-after-free later. + +Make sure to clear the CompScreen pointer to the COW when the latter gets +destroyed explicitly by the client. + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> + +CVE: CVE-2023-1393 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + composite/compwindow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/composite/compwindow.c b/composite/compwindow.c +index 4e2494b86..b30da589e 100644 +--- a/composite/compwindow.c ++++ b/composite/compwindow.c +@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) + ret = (*pScreen->DestroyWindow) (pWin); + cs->DestroyWindow = pScreen->DestroyWindow; + pScreen->DestroyWindow = compDestroyWindow; ++ ++ /* Did we just destroy the overlay window? */ ++ if (pWin == cs->pOverlayWin) ++ cs->pOverlayWin = NULL; ++ + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ + return ret; + } +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb index b9cbc9989e..f0771cc86e 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb @@ -1,9 +1,10 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ - file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ + file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ + file://0001-composite-Fix-use-after-free-of-the-COW.patch \ " -SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587" +SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb index da1b27525d..6919ba421b 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5" +SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" @@ -23,7 +23,7 @@ OPENGL_PKGCONFIGS = "glx glamor dri3" PACKAGECONFIG ??= "${XORG_CRYPTO} \ ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \ " -PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false" +PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence" PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11" PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,libegl" PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index dea7b65a7c..12f1cf516e 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "ba600ef61a85966596126a6e8d936971905e8749" +SRCREV = "2d01f24bc78256c709728eb3f204491bce13e0e5" PV = "0.3+git${SRCPV}" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb index 45c9d0e861..bf5d4f54e6 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb @@ -45,6 +45,7 @@ LICENSE = "\ & Firmware-phanfw \ & Firmware-qat \ & Firmware-qcom \ + & Firmware-qcom-yamato \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-qualcommAthos_ar3k \ @@ -70,8 +71,8 @@ LICENSE = "\ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ - file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ + file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \ + file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ @@ -109,6 +110,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ + file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ @@ -132,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20" +WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -177,6 +179,7 @@ NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" +NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato" NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" @@ -209,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9" +SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a" inherit allarch @@ -228,6 +231,7 @@ do_install() { PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-mt7601u-license ${PN}-mt7601u \ ${PN}-radeon-license ${PN}-radeon \ + ${PN}-amdgpu-license ${PN}-amdgpu \ ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ @@ -235,6 +239,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rs9113 ${PN}-rs9116 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8761 \ ${PN}-rtl8168 \ ${PN}-cypress-license \ ${PN}-broadcom-license \ @@ -305,7 +310,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-nvidia-gpu \ ${PN}-netronome-license ${PN}-netronome \ ${PN}-qat ${PN}-qat-license \ - ${PN}-qcom-license \ + ${PN}-qcom-license ${PN}-qcom-yamato-license \ ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ @@ -428,6 +433,17 @@ FILES:${PN}-radeon = " \ RDEPENDS:${PN}-radeon += "${PN}-radeon-license" +# For amdgpu +LICENSE:${PN}-amdgpu = "Firmware-amdgpu" +LICENSE:${PN}-amdgpu-license = "Firmware-amdgpu" + +FILES:${PN}-amdgpu-license = "${nonarch_base_libdir}/firmware/LICENSE.amdgpu" +FILES:${PN}-amdgpu = " \ + ${nonarch_base_libdir}/firmware/amdgpu \ +" + +RDEPENDS:${PN}-amdgpu += "${PN}-amdgpu-license" + # For lontium LICENSE:${PN}-lt9611uxc = "Firmware-Lontium" @@ -563,6 +579,7 @@ LICENSE:${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8761 = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware" LICENSE:${PN}-rtl8168 = "WHENCE" @@ -588,6 +605,9 @@ FILES:${PN}-rtl8723 = " \ FILES:${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ " +FILES:${PN}-rtl8761 = " \ + ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \ +" FILES:${PN}-rtl8168 = " \ ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ " @@ -598,6 +618,7 @@ RDEPENDS:${PN}-rtl8192cu += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license" RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license" RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" # For ti-connectivity @@ -965,17 +986,44 @@ RDEPENDS:${PN}-qat = "${PN}-qat-license" # For QCOM VPU/GPU and SDM845 LICENSE:${PN}-qcom-license = "Firmware-qcom" +LICENSE:${PN}-qcom-yamato-license = "Firmware-qcom-yamato" +LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom" +LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom" +LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom" +LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato" +LICENSE:${PN}-qcom-adreno-a3xx = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a4xx = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom" +LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom" +LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-compute = "Firmware-qcom" +LICENSE:${PN}-qcom-sdm845-modem = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom" +LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom" + FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato" FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" -FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" +FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw" FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" -FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/a530*.*" FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" @@ -991,13 +1039,14 @@ FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/c FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" + RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license" RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license" RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" @@ -1103,3 +1152,6 @@ INSANE_SKIP = "arch" # Don't warn about already stripped files INSANE_SKIP:${PN} = "already-stripped" + +# No need to put firmware into the sysroot +SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc new file mode 100644 index 0000000000..53d5379046 --- /dev/null +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc @@ -0,0 +1,90 @@ +# CVE exclusions specific to version 5.15 of the kernel. + +# 2021 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 +CVE_CHECK_IGNORE += "CVE-2022-3435" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d +CVE_CHECK_IGNORE += "CVE-2022-3534" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde +CVE_CHECK_IGNORE += "CVE-2022-3564" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c +CVE_CHECK_IGNORE += "CVE-2022-3619" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a +CVE_CHECK_IGNORE += "CVE-2022-3640" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 +CVE_CHECK_IGNORE += "CVE-2022-4382" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 +CVE_CHECK_IGNORE += "CVE-2022-42895" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a +CVE_CHECK_IGNORE += "CVE-2022-42896" + + +# 2023 +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 +CVE_CHECK_IGNORE += "CVE-2023-0266" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 +CVE_CHECK_IGNORE += "CVE-2023-0394" + + diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb index 46d706b955..17ae744d0d 100644 --- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -308,6 +308,13 @@ do_install() { # external modules can be built touch -r $kerneldir/build/Makefile $kerneldir/build/include/generated/uapi/linux/version.h + # This fixes a warning that the compilers don't match when building a module + # Change: CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0" + # #define CONFIG_CC_VERSION_TEXT "x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0" + sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' "$kerneldir/build/.config" + sed -i 's/#define CONFIG_CC_VERSION_TEXT ".*\(gcc.*\)"/#define CONFIG_CC_VERSION_TEXT "\1"/' $kerneldir/build/include/generated/autoconf.h + sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' $kerneldir/build/include/config/auto.conf + # make sure these are at least as old as the .config, or rebuilds will trigger touch -r $kerneldir/build/.config $kerneldir/build/include/generated/autoconf.h 2>/dev/null || : touch -r $kerneldir/build/.config $kerneldir/build/include/config/auto.conf* 2>/dev/null || : diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb index b1b57beac3..f01931ddec 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -10,8 +10,6 @@ inherit kernel require recipes-kernel/linux/linux-yocto.inc -# for ncurses tests -inherit pkgconfig # provide this .inc to set specific revisions include recipes-kernel/linux/linux-yocto-dev-revisions.inc diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 6f8648e004..2117e1ffb3 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -2,6 +2,9 @@ KBRANCH ?= "v5.15/standard/preempt-rt/base" require recipes-kernel/linux/linux-yocto.inc +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + # Skip processing of this recipe if it is not explicitly specified as the # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying # to build multiple virtual/kernel providers, e.g. as dependency of @@ -11,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.68" +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb index b3e9fbae62..f4d205e613 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "bc8af638c00f28a46e77e34056079087638f6e65" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine ?= "3101c367eab8952721086b545ad37c301b2a7452" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 4f2bb48743..277a6a6c0d 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,10 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.68" +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb index 466b7063b4..95a8a46bbc 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 091003ed82..9bca0e7124 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -47,7 +47,6 @@ LINUX_VERSION_EXTENSION ??= "-yocto-${LINUX_KERNEL_TYPE}" # Pick up shared functions inherit kernel inherit kernel-yocto -inherit pkgconfig B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 2f91fb7a37..b58ca03ddb 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -2,6 +2,9 @@ KBRANCH ?= "v5.15/standard/base" require recipes-kernel/linux/linux-yocto.inc +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_5.15.inc + # board specific branches KBRANCH:qemuarm ?= "v5.15/standard/arm-versatile-926ejs" KBRANCH:qemuarm64 ?= "v5.15/standard/qemuarm64" @@ -13,24 +16,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e" -SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad" -SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a" -SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6" -SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a" -SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" -SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" +SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010" +SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5" +SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf" +SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558" +SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5" +SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a" +SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +41,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.68" +LINUX_VERSION ?= "5.15.108" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb index f882972e35..5baa0c1130 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.19/standard/base" KBRANCH:qemux86-64 ?= "v5.19/standard/base" KBRANCH:qemumips64 ?= "v5.19/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "446661f6a3b07535304497c1a51d9cab95f48f0b" -SRCREV_machine:qemuarm64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemumips ?= "98da147618fca3da29cf1c6ab9c53f24de2c587c" -SRCREV_machine:qemuppc ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemuriscv64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemuriscv32 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemux86 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemux86-64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_machine:qemumips64 ?= "53842054198d851b5deb5810afaf126156efbb54" -SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1" -SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455" +SRCREV_machine:qemuarm ?= "f30404d233fc4cc461a0800fd635f4e9650a20a5" +SRCREV_machine:qemuarm64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemumips ?= "ceaf2134635845794c24b750f15004096a597256" +SRCREV_machine:qemuppc ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemuriscv64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemuriscv32 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemux86 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemux86-64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_machine:qemumips64 ?= "acf9ebb1e7d1ceb61a89ec33ca4cc3613287630b" +SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "d1105a680e66b0482bd18048534c58ecabb5c284" +SRCREV_machine:class-devupstream ?= "2b525314c7b57eac29fe8b77a6589428e4a4f6dd" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.19/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.19.9" +LINUX_VERSION ?= "5.19.17" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb index 19601e7d1b..8e2fe4164d 100644 --- a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb +++ b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb @@ -10,7 +10,7 @@ DEPENDS = "glib-2.0 util-linux popt bison-native flex-native" SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \ file://run-ptest \ " -SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c" +SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>1(\.\d+)+)$" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch deleted file mode 100644 index 21e27ffc5e..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 10 Aug 2022 11:07:14 -0400 -Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION - -The definition of 'struct compact_control' in 'mm/internal.h' depends on -CONFIG_COMPACTION being defined. Only build the compaction probe when -this configuration option is enabled. - -Thanks to Bruce Ashfield <bruce.ashfield@gmail.com> for reporting this -issue. - -Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660] - -Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> ---- - src/probes/Kbuild | 34 ++++++++++++++++++---------------- - 1 file changed, 18 insertions(+), 16 deletions(-) - -diff --git a/src/probes/Kbuild b/src/probes/Kbuild -index 2908cf75..3e556b8e 100644 ---- a/src/probes/Kbuild -+++ b/src/probes/Kbuild -@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),) - endif # $(wildcard $(btrfs_dep)) - endif # CONFIG_BTRFS_FS - --# A dependency on internal header 'mm/internal.h' was introduced in v5.18 --compaction_dep = $(srctree)/mm/internal.h --compaction_dep_wildcard = $(wildcard $(compaction_dep)) --compaction_dep_check = $(shell \ --if [ \( $(VERSION) -ge 6 \ -- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ -- -z "$(compaction_dep_wildcard)" ] ; then \ -- echo "warn" ; \ --else \ -- echo "ok" ; \ --fi ;) --ifeq ($(compaction_dep_check),ok) -- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o --else -- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) --endif # $(wildcard $(compaction_dep)) -+ifneq ($(CONFIG_COMPACTION),) -+ # A dependency on internal header 'mm/internal.h' was introduced in v5.18 -+ compaction_dep = $(srctree)/mm/internal.h -+ compaction_dep_wildcard = $(wildcard $(compaction_dep)) -+ compaction_dep_check = $(shell \ -+ if [ \( $(VERSION) -ge 6 \ -+ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ -+ -z "$(compaction_dep_wildcard)" ] ; then \ -+ echo "warn" ; \ -+ else \ -+ echo "ok" ; \ -+ fi ;) -+ ifeq ($(compaction_dep_check),ok) -+ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o -+ else -+ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) -+ endif # $(wildcard $(compaction_dep)) -+endif # CONFIG_COMPACTION - - ifneq ($(CONFIG_EXT4_FS),) - ext4_dep = $(srctree)/fs/ext4/*.h --- -2.34.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch deleted file mode 100644 index 62376806c8..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 8 Jun 2022 12:56:36 -0400 -Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint - mm_page_alloc_zone_locked() (v5.19) - -See upstream commit : - - commit 10e0f7530205799e7e971aba699a7cb3a47456de - Author: Wonhyuk Yang <vvghjk1234@gmail.com> - Date: Thu May 19 14:08:54 2022 -0700 - - mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() - - Currently, trace point mm_page_alloc_zone_locked() doesn't show correct - information. - - First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated - from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use - requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA. - - Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages - to be stored on the per-cpu lists") percpu-list can store high order - pages. But trace point determine whether it is a refiil of percpu-list by - comparing requested order and 0. - - To handle these problems, make mm_page_alloc_zone_locked() only be called - by __rmqueue_smallest with correct migration type. With a new argument - called percpu_refill, it can show roughly whether it is a refill of - percpu-list. - -Upstream-Status: Backport - -Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++ - 1 file changed, 45 insertions(+) - -diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h -index 29c0fb7f..8c19e962 100644 ---- a/include/instrumentation/events/kmem.h -+++ b/include/instrumentation/events/kmem.h -@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) -+LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype, -+ int percpu_refill), -+ -+ TP_ARGS(page, order, migratetype, percpu_refill), -+ -+ TP_FIELDS( -+ ctf_integer_hex(struct page *, page, page) -+ ctf_integer(unsigned long, pfn, -+ page ? page_to_pfn(page) : -1UL) -+ ctf_integer(unsigned int, order, order) -+ ctf_integer(int, migratetype, migratetype) -+ ctf_integer(int, percpu_refill, percpu_refill) -+ ) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked, -+ -+ kmem_mm_page_alloc_zone_locked, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype, -+ int percpu_refill), -+ -+ TP_ARGS(page, order, migratetype, percpu_refill) -+) -+ -+LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain, -+ -+ kmem_mm_page_pcpu_drain, -+ -+ TP_PROTO(struct page *page, unsigned int order, int migratetype), -+ -+ TP_ARGS(page, order, migratetype), -+ -+ TP_FIELDS( -+ ctf_integer(unsigned long, pfn, -+ page ? page_to_pfn(page) : -1UL) -+ ctf_integer(unsigned int, order, order) -+ ctf_integer(int, migratetype, migratetype) -+ ) -+) -+#else - LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, - - TP_PROTO(struct page *page, unsigned int order, int migratetype), -@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain, - - TP_ARGS(page, order, migratetype) - ) -+#endif - - #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \ - || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \ --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch deleted file mode 100644 index ca6abea9c0..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d8254360c7f2ff9b3f945e9668d89c0b56b9bd91 Mon Sep 17 00:00:00 2001 -From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Date: Fri, 29 Jul 2022 15:37:43 -0400 -Subject: [PATCH] fix: net: skb: introduce kfree_skb_reason() (v5.15.58..v5.16) - -See upstream commit : - - commit c504e5c2f9648a1e5c2be01e8c3f59d394192bd3 - Author: Menglong Dong <imagedong@tencent.com> - Date: Sun Jan 9 14:36:26 2022 +0800 - - net: skb: introduce kfree_skb_reason() - - Introduce the interface kfree_skb_reason(), which is able to pass - the reason why the skb is dropped to 'kfree_skb' tracepoint. - - Add the 'reason' field to 'trace_kfree_skb', therefor user can get - more detail information about abnormal skb with 'drop_monitor' or - eBPF. - - All drop reasons are defined in the enum 'skb_drop_reason', and - they will be print as string in 'kfree_skb' tracepoint in format - of 'reason: XXX'. - - ( Maybe the reasons should be defined in a uapi header file, so that - user space can use them? ) - -Upstream-Status: Backport - -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Change-Id: Ib3c039207739dad10f097cf76474e0822e351273 ---- - include/instrumentation/events/skb.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/include/instrumentation/events/skb.h b/include/instrumentation/events/skb.h -index 237e54ad..186732ea 100644 ---- a/include/instrumentation/events/skb.h -+++ b/include/instrumentation/events/skb.h -@@ -13,7 +13,9 @@ - /* - * Tracepoint for free an sk_buff: - */ --#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0)) -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0) \ -+ || LTTNG_KERNEL_RANGE(5,15,58, 5,16,0)) -+ - LTTNG_TRACEPOINT_ENUM(skb_drop_reason, - TP_ENUM_VALUES( - ctf_enum_value("NOT_SPECIFIED", SKB_DROP_REASON_NOT_SPECIFIED) --- -2.17.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch deleted file mode 100644 index 84c97d5f90..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch +++ /dev/null @@ -1,76 +0,0 @@ -From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 8 Jun 2022 13:07:59 -0400 -Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin - (v5.19) - -See upstream commit : - - commit 9d6b0cd7579844761ed68926eb3073bab1dca87b - Author: Matthew Wilcox (Oracle) <willy@infradead.org> - Date: Tue Feb 22 14:31:43 2022 -0500 - - fs: Remove flags parameter from aops->write_begin - - There are no more aop flags left, so remove the parameter. - -Upstream-Status: Backport - -Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h -index 513762c0..222416ec 100644 ---- a/include/instrumentation/events/ext4.h -+++ b/include/instrumentation/events/ext4.h -@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) -+LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len), -+ -+ TP_FIELDS( -+ ctf_integer(dev_t, dev, inode->i_sb->s_dev) -+ ctf_integer(ino_t, ino, inode->i_ino) -+ ctf_integer(loff_t, pos, pos) -+ ctf_integer(unsigned int, len, len) -+ ) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len) -+) -+ -+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, -+ -+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), -+ -+ TP_ARGS(inode, pos, len) -+) -+#else - LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, - - TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, -@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, - - TP_ARGS(inode, pos, len, flags) - ) -+#endif - - LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end, - TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch deleted file mode 100644 index 63f9c40d92..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001 -From: Michael Jeanson <mjeanson@efficios.com> -Date: Wed, 15 Jun 2022 12:07:16 -0400 -Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19) - -See upstream commit : - - commit 873a400938b31a1e443c4d94b560b78300787540 - Author: Wonhyuk Yang <vvghjk1234@gmail.com> - Date: Wed May 4 11:32:03 2022 +0900 - - workqueue: Fix type of cpu in trace event - - The trace event "workqueue_queue_work" use unsigned int type for - req_cpu, cpu. This casue confusing cpu number like below log. - - $ cat /sys/kernel/debug/tracing/trace - cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295 - - So, change unsigned type to signed type in the trace event. After - applying this patch, cpu number will be printed as -1 instead of - 4294967295 as folllows. - - $ cat /sys/kernel/debug/tracing/trace - cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1 - -Upstream-Status: Backport - -Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7 -Signed-off-by: Michael Jeanson <mjeanson@efficios.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++-- - 1 file changed, 46 insertions(+), 3 deletions(-) - -diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h -index 023b65a8..5693cf89 100644 ---- a/include/instrumentation/events/workqueue.h -+++ b/include/instrumentation/events/workqueue.h -@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, - ) - ) - -+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) - /** - * workqueue_queue_work - called when a work gets queued - * @req_cpu: the requested cpu -- * @cwq: pointer to struct cpu_workqueue_struct -+ * @pwq: pointer to struct pool_workqueue -+ * @work: pointer to struct work_struct -+ * -+ * This event occurs when a work is queued immediately or once a -+ * delayed work is actually queued on a workqueue (ie: once the delay -+ * has been reached). -+ */ -+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, -+ -+ TP_PROTO(int req_cpu, struct pool_workqueue *pwq, -+ struct work_struct *work), -+ -+ TP_ARGS(req_cpu, pwq, work), -+ -+ TP_FIELDS( -+ ctf_integer_hex(void *, work, work) -+ ctf_integer_hex(void *, function, work->func) -+ ctf_integer(int, req_cpu, req_cpu) -+ ) -+) -+#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) -+/** -+ * workqueue_queue_work - called when a work gets queued -+ * @req_cpu: the requested cpu -+ * @pwq: pointer to struct pool_workqueue - * @work: pointer to struct work_struct - * - * This event occurs when a work is queued immediately or once a -@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, - */ - LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, - --#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) - TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq, - struct work_struct *work), - - TP_ARGS(req_cpu, pwq, work), -+ -+ TP_FIELDS( -+ ctf_integer_hex(void *, work, work) -+ ctf_integer_hex(void *, function, work->func) -+ ctf_integer(unsigned int, req_cpu, req_cpu) -+ ) -+) - #else -+/** -+ * workqueue_queue_work - called when a work gets queued -+ * @req_cpu: the requested cpu -+ * @cwq: pointer to struct cpu_workqueue_struct -+ * @work: pointer to struct work_struct -+ * -+ * This event occurs when a work is queued immediately or once a -+ * delayed work is actually queued on a workqueue (ie: once the delay -+ * has been reached). -+ */ -+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, -+ - TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq, - struct work_struct *work), - - TP_ARGS(req_cpu, cwq, work), --#endif - - TP_FIELDS( - ctf_integer_hex(void *, work, work) -@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, - ctf_integer(unsigned int, req_cpu, req_cpu) - ) - ) -+#endif - - /** - * workqueue_activate_work - called when a work gets activated --- -2.19.1 - diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb index f60ab3b5f5..a08386b053 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb @@ -11,17 +11,12 @@ include lttng-platforms.inc SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0009-Rename-genhd-wrapper-to-blkdev.patch \ - file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \ - file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \ - file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \ - file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \ - file://0001-fix-compaction.patch \ " # Use :append here so that the patch is applied also when using devupstream SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch" -SRC_URI[sha256sum] = "6159d00e4e1d59546eec8d4a67e1aa39c1084ceb5e5afeb666eab4b8a5b5a9ee" +SRC_URI[sha256sum] = "bf808b113544287cfe837a6382887fa66354ef5cc8216460cebbef3d27dc3581" export INSTALL_MOD_DIR="kernel/lttng-modules" diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch b/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch deleted file mode 100644 index b2ab880bd6..0000000000 --- a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch +++ /dev/null @@ -1,64 +0,0 @@ -This is a bit ugly. Specifing abs_builddir as an RPATH is plain wrong when -cross compiling. Sadly, removing the rpath makes libtool/automake do -weird things and breaks the build as shared libs are no longer generated. - -We already try and delete the RPATH at do_install with chrpath however -that does leave the path in the string table so it doesn't help us -with reproducibility. - -Instead, hack in a bogus but harmless path, then delete it later in -our do_install. Ultimately we may want to pass a specific path to use -to configure if we really do need to set an RPATH at all. It is unclear -to me whether the tests need that or not. - -Fixes reproducibility issues for lttng-tools. - -Upstream-Status: Pending [needs discussion with upstream about the correct solution] -RP 2021/3/1 - -Index: lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am -=================================================================== ---- lttng-tools-2.12.2.orig/tests/regression/ust/ust-dl/Makefile.am -+++ lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am -@@ -27,16 +27,16 @@ noinst_LTLIBRARIES = libzzz.la libbar.la - - libzzz_la_SOURCES = libzzz.c libzzz.h - libzzz_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - - libbar_la_SOURCES = libbar.c libbar.h - libbar_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - libbar_la_LIBADD = libzzz.la - - libfoo_la_SOURCES = libfoo.c libfoo.h - libfoo_la_LDFLAGS = -module -shared -avoid-version \ -- -rpath $(abs_builddir) -+ -rpath /usr/lib - libfoo_la_LIBADD = libbar.la - - CLEANFILES = libfoo.so libfoo.so.debug libbar.so libbar.so.debug \ -@@ -44,7 +44,7 @@ CLEANFILES = libfoo.so libfoo.so.debug l - - libtp_la_SOURCES = libbar-tp.h libbar-tp.c libfoo-tp.h libfoo-tp.c \ - libzzz-tp.h libzzz-tp.c --libtp_la_LDFLAGS = -module -shared -rpath $(abs_builddir) -+libtp_la_LDFLAGS = -module -shared -rpath /usr/lib - - # Extract debug symbols - libfoo.so.debug: libfoo.la -Index: lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -=================================================================== ---- lttng-tools-2.12.2.orig/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -+++ lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am -@@ -5,7 +5,7 @@ AM_CFLAGS += -O0 - noinst_LTLIBRARIES = libfoo.la - - libfoo_la_SOURCES = foo.c foo.h --libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath $(abs_builddir)/.libs/ -+libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath /usr/lib - - noinst_PROGRAMS = userspace-probe-elf-binary - userspace_probe_elf_binary_SOURCES = userspace-probe-elf-binary.c diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb index a814eb79f9..1f6929e307 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb @@ -35,11 +35,10 @@ SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \ file://0001-tests-do-not-strip-a-helper-library.patch \ file://run-ptest \ file://lttng-sessiond.service \ - file://determinism.patch \ file://disable-tests.patch \ " -SRC_URI[sha256sum] = "b1e959579b260790930b20f3c7aa7cefb8a40e0de80d4a777c2bf78c6b353dc1" +SRC_URI[sha256sum] = "8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337" inherit autotools ptest pkgconfig useradd python3-dir manpages systemd diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb index 56200ac3e1..916408bff0 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb @@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \ file://0001-Makefile.am-update-rpath-link.patch \ " -SRC_URI[sha256sum] = "698f82ec5dc56e981c0bb08c46ebabaf31c60e877c2e365b9fd6d3a9fff8b398" +SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6" CVE_PRODUCT = "ust" diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb index 9afd6714f0..38282e58f1 100644 --- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb +++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://www.yoctoproject.org/" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -inherit kernel-arch +inherit kernel-arch linux-kernel-base inherit pkgconfig PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 5b2f5956a6..691268d785 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -356,6 +356,16 @@ FILES:${PN}-python = " \ " FILES:${PN}-perl = "${libexecdir}/perf-core/scripts/perl" - -INHIBIT_PACKAGE_DEBUG_SPLIT="1" DEBUG_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized" + +PACKAGESPLITFUNCS =+ "perf_fix_sources" + +perf_fix_sources () { + for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \ + util/expr-flex.h util/expr-flex.c; do + f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f + if [ -e $f ]; then + sed -i -e 's#${S}/##g' $f + fi + done +} diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb index 357e79d7e1..ce60154f1e 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84" +SRC_URI[sha256sum] = "fe81e8a8694dc4753a45087a1c4c7e1b48dee5a59f5f796ce374ea550f0b2e73" inherit bin_package allarch diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch new file mode 100644 index 0000000000..2775a81cc8 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch @@ -0,0 +1,89 @@ +From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Sat, 12 Nov 2022 16:12:00 +0100 +Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984] + +Signed-off-by: <narpat.mali@windriver.com> + +--- + libavcodec/rpzaenc.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c +index d710eb4f82..4ced9523e2 100644 +--- a/libavcodec/rpzaenc.c ++++ b/libavcodec/rpzaenc.c +@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt + + // loop thru and compare pixels + for (y = 0; y < bi->block_height; y++) { +- for (x = 0; x < bi->block_width; x++){ ++ for (x = 0; x < bi->block_width; x++) { + // TODO: optimize + min_r = FFMIN(R(block_ptr[x]), min_r); + min_g = FFMIN(G(block_ptr[x]), min_g); +@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi, + return -1; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); + sumx += x; +@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi + int max_err = 0; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + int x_inc, lin_y, lin_x; + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); +@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels, + uint16_t *dest_pixels, + const BlockInfo *bi, int block_counter) + { +- for (int y = 0; y < 4; y++) { ++ const int y_size = FFMIN(4, bi->image_height - bi->row * 4); ++ ++ for (int y = 0; y < y_size; y++) { + memcpy(dest_pixels, src_pixels, 8); + dest_pixels += bi->rowstride; + src_pixels += bi->rowstride; +@@ -730,14 +732,15 @@ post_skip : + + if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK + uint16_t *row_ptr; +- int rgb555; ++ int y_size, rgb555; + + block_offset = get_block_info(&bi, block_counter); + + row_ptr = &src_pixels[block_offset]; ++ y_size = FFMIN(4, bi.image_height - bi.row * 4); + +- for (int y = 0; y < 4; y++) { +- for (int x = 0; x < 4; x++){ ++ for (int y = 0; y < y_size; y++) { ++ for (int x = 0; x < 4; x++) { + rgb555 = row_ptr[x] & ~0x8000; + + put_bits(&s->pb, 16, rgb555); +@@ -745,6 +748,11 @@ post_skip : + row_ptr += bi.rowstride; + } + ++ for (int y = y_size; y < 4; y++) { ++ for (int x = 0; x < 4; x++) ++ put_bits(&s->pb, 16, 0); ++ } ++ + block_counter++; + } else { // FOUR COLOR BLOCK + block_counter += encode_four_color_block(min_color, max_color, +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch new file mode 100644 index 0000000000..923fc6a9c1 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch @@ -0,0 +1,108 @@ +From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Sat, 12 Nov 2022 15:19:21 +0100 +Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd] + +Signed-off-by: <narpat.mali@windriver.com> + +--- + libavcodec/smcenc.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c +index f3d26a4e8d..33549b8ab4 100644 +--- a/libavcodec/smcenc.c ++++ b/libavcodec/smcenc.c +@@ -61,6 +61,7 @@ typedef struct SMCContext { + { \ + row_ptr += stride * 4; \ + pixel_ptr = row_ptr; \ ++ cur_y += 4; \ + } \ + } \ + } +@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0]; + uint8_t *distinct_values = s->distinct_values; + const uint8_t *pixel_ptr, *row_ptr; ++ const int height = frame->height; + const int width = frame->width; + uint8_t block_values[16]; + int block_counter = 0; +@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + int color_octet_index = 0; + int color_table_index; /* indexes to color pair, quad, or octet tables */ + int total_blocks; ++ int cur_y = 0; + + memset(s->color_pairs, 0, sizeof(s->color_pairs)); + memset(s->color_quads, 0, sizeof(s->color_quads)); + memset(s->color_octets, 0, sizeof(s->color_octets)); + + /* Number of 4x4 blocks in frame. */ +- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4); ++ total_blocks = ((width + 3) / 4) * ((height + 3) / 4); + + pixel_ptr = row_ptr = src_pixels; + +@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + int cache_index; + int distinct = 0; + int blocks = 0; ++ int frame_y = cur_y; + + while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + const ptrdiff_t offset = pixel_ptr - src_pixels; + const uint8_t *prev_pixel_ptr = prev_pixels + offset; + +@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + const ptrdiff_t offset = pixel_ptr - src_pixels; + const int sy = offset / stride; + const int sx = offset % stride; +@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride; + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4); + if (compare) + break; +@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) { +- for (int y = 0; y < 4; y++) ++ const int y_size = FFMIN(4, height - cur_y); ++ for (int y = 0; y < y_size; y++) + memcpy(block_values + y * 4, pixel_ptr + y * stride, 4); + + qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values); +@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + blocks = coded_blocks; + distinct = coded_distinct; +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch new file mode 100644 index 0000000000..95bd608a27 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch @@ -0,0 +1,34 @@ +From: Lynne <dev@lynne.ee> +Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100) +Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list +X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690 + +hwcontext_vulkan: remove optional encode/decode extensions from the list + +They're not currently used, so they don't need to be there. +Vulkan stabilized the decode extensions less than a week ago, and their +name prefixes were changed from EXT to KHR. It's a bit too soon to be +depending on it, so rather than bumping, just remove these for now. + +Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690] +--- + +diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c +index f1db1c7291..2a9b5f4aac 100644 +--- a/libavutil/hwcontext_vulkan.c ++++ b/libavutil/hwcontext_vulkan.c +@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = { + { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY }, + { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM }, + #endif +- +- /* Video encoding/decoding */ +- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, +- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, + }; + + /* Converts return values to strings */ diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb index 2306fe4a42..2ab34166df 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb @@ -22,8 +22,13 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "95bf3ff8c496511e71e958fb249e663c8c9c3de583c5bebc0f5a9745abbc0435" +SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ + file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ + file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ + file://ffmpeg-fix-vulkan.patch \ + " + +SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 ARM_INSTRUCTION_SET:armv4 = "arm" @@ -137,6 +142,8 @@ LDFLAGS:append:x86 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -f EXTRA_OEMAKE = "V=1" do_configure() { + export TMPDIR="${B}/tmp" + mkdir -p ${B}/tmp ${S}/configure ${EXTRA_OECONF} } diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb index c515e173c8..9db31c18e4 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47" +SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb index e8da49af99..e5925c6510 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "3fedd10560fcdfaa1b6462cbf79a38c4e7b57d7f390359393fc0cef6dbf27dfe" +SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb index fb48562a2b..ec5efcd408 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "8db48040bb41f09edf8d17ff6d16c54888d7777ba4501c2c69f0083350ea9a15" +SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb index 39d5e08b21..2f1793d1ce 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "7a11c13b55dd1d2386dd902219e41cbfcdda8e1e0aa3e738186c95074b35da4f" +SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch deleted file mode 100644 index 23c1048a36..0000000000 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c85a53a41d4e6bfc49c377217ece12a1f330a690 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 12 Aug 2022 22:50:06 -0700 -Subject: [PATCH] include required system headers for isspace() and sscanf() - functions - -Newer compilers ( clang 15 ) has turned stricter and errors out instead -of warning on implicit function declations -Fixes -gstssaparse.c:297:12: error: call to undeclared library function 'isspace' with type 'int (int)'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] -while (isspace(*t)) - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2879] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - gst/subparse/gstssaparse.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c -index ff802fa..5ebe678 100755 ---- a/gst/subparse/gstssaparse.c -+++ b/gst/subparse/gstssaparse.c -@@ -24,6 +24,8 @@ - #include "config.h" - #endif - -+#include <ctype.h> /* isspace() */ -+#include <stdio.h> /* sscanf() */ - #include <stdlib.h> /* atoi() */ - #include <string.h> - --- -2.37.1 - diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb index e5e346e5e9..c37b542c57 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb @@ -10,9 +10,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \ file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ - file://0001-include-required-system-headers-for-isspace-and-ssca.patch \ " -SRC_URI[sha256sum] = "7e30b3dd81a70380ff7554f998471d6996ff76bbe6fc5447096f851e24473c9f" +SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb index 0235935a4a..80aed01973 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ " -SRC_URI[sha256sum] = "f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7" +SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb index ad7b84b5ab..f765e626c9 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "8caa20789a09c304b49cf563d33cca9421b1875b84fcc187e4a385fa01d6aefd" +SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb index 57026ba73b..05e9ace276 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "db348120eae955b8cc4de3560a7ea06e36d6e1ddbaa99a7ad96b59846601cfdc" +SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb index fd4f82fcc3..c9cf42903d 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "ee402718be9b127f0e5e66ca4c1b4f42e4926ec93ba307b7ccca5dc6cc9794ca" +SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb index 6e580f9f79..716f50ebe1 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "6ee99eb316abdde9ad37002915bd8c3867918f6fdc74b7cf2ac4c1ae0d690b45" +SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch new file mode 100644 index 0000000000..f1fac2df57 --- /dev/null +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch @@ -0,0 +1,300 @@ +From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Tue, 21 Jun 2022 11:51:35 +0300 +Subject: [PATCH] bin: Fix race conditions in tests + +The latency messages are non-deterministic and can arrive before/after +async-done or during state-changes as they are posted by e.g. sinks from +their streaming thread but bins are finishing asynchronous state changes +from a secondary helper thread. + +To solve this, expect latency messages at any time and assert that we +receive one at some point during the test. + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643] +Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> +--- + .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------ + 1 file changed, 92 insertions(+), 40 deletions(-) + +diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c +index e366d5fe20f..88ff44db0c3 100644 +--- a/subprojects/gstreamer/tests/check/gst/gstbin.c ++++ b/subprojects/gstreamer/tests/check/gst/gstbin.c +@@ -27,50 +27,95 @@ + #include <gst/base/gstbasesrc.h> + + static void +-pop_async_done (GstBus * bus) ++pop_async_done (GstBus * bus, gboolean * had_latency) + { + GstMessage *message; ++ GstMessageType types = GST_MESSAGE_ASYNC_DONE; ++ ++ if (!*had_latency) ++ types |= GST_MESSAGE_LATENCY; + + GST_DEBUG ("popping async-done message"); +- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1); + +- fail_unless (message && GST_MESSAGE_TYPE (message) +- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); ++ do { ++ message = gst_bus_poll (bus, types, -1); + +- gst_message_unref (message); +- GST_DEBUG ("popped message"); ++ fail_unless (message); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ ++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { ++ fail_unless (*had_latency == FALSE); ++ *had_latency = TRUE; ++ gst_clear_message (&message); ++ types &= ~GST_MESSAGE_LATENCY; ++ continue; ++ } ++ ++ fail_unless (GST_MESSAGE_TYPE (message) ++ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); ++ ++ gst_clear_message (&message); ++ break; ++ } while (TRUE); + } + + static void +-pop_latency (GstBus * bus) ++pop_latency (GstBus * bus, gboolean * had_latency) + { + GstMessage *message; + +- GST_DEBUG ("popping async-done message"); ++ if (*had_latency) ++ return; ++ ++ GST_DEBUG ("popping latency message"); + message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1); + +- fail_unless (message && GST_MESSAGE_TYPE (message) ++ fail_unless (message); ++ fail_unless (GST_MESSAGE_TYPE (message) + == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY"); + +- gst_message_unref (message); +- GST_DEBUG ("popped message"); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ gst_clear_message (&message); ++ ++ *had_latency = TRUE; + } + + static void +-pop_state_changed (GstBus * bus, int count) ++pop_state_changed (GstBus * bus, int count, gboolean * had_latency) + { + GstMessage *message; +- ++ GstMessageType types = GST_MESSAGE_STATE_CHANGED; + int i; + ++ if (!*had_latency) ++ types |= GST_MESSAGE_LATENCY; ++ + GST_DEBUG ("popping %d messages", count); + for (i = 0; i < count; ++i) { +- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1); +- +- fail_unless (message && GST_MESSAGE_TYPE (message) +- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED"); +- +- gst_message_unref (message); ++ do { ++ message = gst_bus_poll (bus, types, -1); ++ ++ fail_unless (message); ++ GST_DEBUG ("popped message %s", ++ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); ++ ++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { ++ fail_unless (*had_latency == FALSE); ++ *had_latency = TRUE; ++ gst_clear_message (&message); ++ types &= ~GST_MESSAGE_LATENCY; ++ continue; ++ } ++ ++ fail_unless (GST_MESSAGE_TYPE (message) ++ == GST_MESSAGE_STATE_CHANGED, ++ "did not get GST_MESSAGE_STATE_CHANGED"); ++ ++ gst_message_unref (message); ++ break; ++ } while (TRUE); + } + GST_DEBUG ("popped %d messages", count); + } +@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children) + GstBus *bus; + GstStateChangeReturn ret; + GstState current, pending; ++ gboolean had_latency = FALSE; + + pipeline = GST_PIPELINE (gst_pipeline_new (NULL)); + fail_unless (pipeline != NULL, "Could not create pipeline"); +@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT (sink, "sink", 2); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + fail_if (gst_bus_have_pending (bus), "unexpected pending messages"); + + ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); +@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children) + * its state_change message */ + ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4); + +- pop_state_changed (bus, 3); +- pop_async_done (bus); +- pop_latency (bus); ++ pop_state_changed (bus, 3, &had_latency); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3); +@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); +@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children) + ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4); + ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); + +- pop_state_changed (bus, 6); ++ pop_state_changed (bus, 6, &had_latency); + fail_if ((gst_bus_pop (bus)) != NULL); + + ASSERT_OBJECT_REFCOUNT (src, "src", 1); +@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change) + GstElement *src, *sink, *bin; + GstBus *bus; + GstStateChangeReturn ret; ++ gboolean had_latency = FALSE; + + bin = gst_element_factory_make ("bin", NULL); + fail_unless (bin != NULL, "Could not create bin"); +@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change) + GST_CLOCK_TIME_NONE); + fail_unless (ret == GST_STATE_CHANGE_SUCCESS); + +- pop_state_changed (bus, 6); +- pop_async_done (bus); +- pop_latency (bus); ++ pop_state_changed (bus, 6, &had_latency); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + + fail_unless (gst_bus_have_pending (bus) == FALSE, + "Unexpected messages on bus"); +@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change) + ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING); + fail_unless (ret == GST_STATE_CHANGE_SUCCESS); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + ++ had_latency = FALSE; + /* this one might return either SUCCESS or ASYNC, likely SUCCESS */ + ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); + gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE); + +- pop_state_changed (bus, 3); ++ pop_state_changed (bus, 3, &had_latency); + if (ret == GST_STATE_CHANGE_ASYNC) { +- pop_async_done (bus); +- pop_latency (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + } + + fail_unless (gst_bus_have_pending (bus) == FALSE, +@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + GstStateChangeReturn ret; + GstState current, pending; + GstBus *bus; ++ gboolean had_latency = FALSE; + + pipeline = gst_pipeline_new (NULL); + fail_unless (pipeline != NULL, "Could not create pipeline"); +@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107); + #else + +- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ ++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ + ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, + 108); +- pop_async_done (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + #endif + /* PAUSED => PLAYING */ + GST_DEBUG ("popping PAUSED -> PLAYING messages"); +@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) + fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); + + /* TODO: do we need to check downwards state change order as well? */ +- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ +- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ + + while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) + THREAD_SWITCH (); +@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + GstStateChangeReturn ret; + GstState current, pending; + GstBus *bus; ++ gboolean had_latency = FALSE; + + /* (2) Now again, but check other code path where we don't have + * a proper sink correctly flagged as such, but a 'semi-sink' */ +@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206); + ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207); + #else +- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ ++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ + ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, + 208); +- pop_async_done (bus); ++ pop_async_done (bus, &had_latency); ++ pop_latency (bus, &had_latency); + + /* PAUSED => PLAYING */ + GST_DEBUG ("popping PAUSED -> PLAYING messages"); +@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink) + fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); + + /* TODO: do we need to check downwards state change order as well? */ +- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ +- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ ++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ + + GST_DEBUG ("waiting for pipeline to reach refcount 1"); + while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) +-- +GitLab + diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch deleted file mode 100644 index f51df6d20b..0000000000 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch +++ /dev/null @@ -1,107 +0,0 @@ -From b935abba3d8fa3ea1ce384c08e650afd8c20b78a Mon Sep 17 00:00:00 2001 -From: Claudius Heine <ch@denx.de> -Date: Wed, 2 Feb 2022 13:47:02 +0100 -Subject: [PATCH] tests: remove gstbin:test_watch_for_state_change testcase - -This testcase seems to be flaky, and upstream marked it as such: -https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/778 - -This patch removes the testcase to avoid it interfering with out ptest. - -Signed-off-by: Claudius Heine <ch@denx.de> - -Upstream-Status: Inappropriate [needs proper upstream fix] ---- - tests/check/gst/gstbin.c | 69 ------------------- - 1 file changed, 69 deletions(-) - -diff --git a/tests/check/gst/gstbin.c b/tests/check/gst/gstbin.c -index e366d5fe20..ac29d81474 100644 ---- a/tests/check/gst/gstbin.c -+++ b/tests/check/gst/gstbin.c -@@ -691,74 +691,6 @@ GST_START_TEST (test_message_state_changed_children) - - GST_END_TEST; - --GST_START_TEST (test_watch_for_state_change) --{ -- GstElement *src, *sink, *bin; -- GstBus *bus; -- GstStateChangeReturn ret; -- -- bin = gst_element_factory_make ("bin", NULL); -- fail_unless (bin != NULL, "Could not create bin"); -- -- bus = g_object_new (gst_bus_get_type (), NULL); -- gst_object_ref_sink (bus); -- gst_element_set_bus (GST_ELEMENT_CAST (bin), bus); -- -- src = gst_element_factory_make ("fakesrc", NULL); -- fail_if (src == NULL, "Could not create fakesrc"); -- sink = gst_element_factory_make ("fakesink", NULL); -- fail_if (sink == NULL, "Could not create fakesink"); -- -- gst_bin_add (GST_BIN (bin), sink); -- gst_bin_add (GST_BIN (bin), src); -- -- fail_unless (gst_element_link (src, sink), "could not link src and sink"); -- -- /* change state, spawning two times three messages */ -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); -- fail_unless (ret == GST_STATE_CHANGE_ASYNC); -- ret = -- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, -- GST_CLOCK_TIME_NONE); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- pop_state_changed (bus, 6); -- pop_async_done (bus); -- pop_latency (bus); -- -- fail_unless (gst_bus_have_pending (bus) == FALSE, -- "Unexpected messages on bus"); -- -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- pop_state_changed (bus, 3); -- -- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */ -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); -- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE); -- -- pop_state_changed (bus, 3); -- if (ret == GST_STATE_CHANGE_ASYNC) { -- pop_async_done (bus); -- pop_latency (bus); -- } -- -- fail_unless (gst_bus_have_pending (bus) == FALSE, -- "Unexpected messages on bus"); -- -- gst_bus_set_flushing (bus, TRUE); -- -- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_NULL); -- fail_unless (ret == GST_STATE_CHANGE_SUCCESS); -- -- /* clean up */ -- gst_object_unref (bus); -- gst_object_unref (bin); --} -- --GST_END_TEST; -- - GST_START_TEST (test_state_change_error_message) - { - GstElement *src, *sink, *bin; -@@ -1956,7 +1888,6 @@ gst_bin_suite (void) - tcase_add_test (tc_chain, test_message_state_changed); - tcase_add_test (tc_chain, test_message_state_changed_child); - tcase_add_test (tc_chain, test_message_state_changed_children); -- tcase_add_test (tc_chain, test_watch_for_state_change); - tcase_add_test (tc_chain, test_state_change_error_message); - tcase_add_test (tc_chain, test_add_linked); - tcase_add_test (tc_chain, test_add_self); --- -2.33.1 - diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb index 1f4576c3e1..ce9c1c116f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb @@ -21,9 +21,9 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \ file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ - file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \ + file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "607daf64bbbd5fb18af9d17e21c0d22c4d702fffe83b23cb22d1b1af2ca23a2a" +SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb index dc627203ef..a6c229f5cf 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib" LIBV = "16" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be" +SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" @@ -22,7 +22,9 @@ BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config" inherit autotools binconfig-disabled pkgconfig # Work around missing symbols -EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" +ARMNEON = "${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" +ARMNEON:aarch64 = "--enable-hardware-optimizations=on" +EXTRA_OECONF += "${ARMNEON}" PACKAGES =+ "${PN}-tools" diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch new file mode 100644 index 0000000000..ce72c86120 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch @@ -0,0 +1,266 @@ +CVE: CVE-2022-3599 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Tue, 30 Aug 2022 16:56:48 +0200 +Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related + TIFFTAG_NUMBEROFINKS value + +In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed: + +Behaviour for writing: + `NumberOfInks` MUST fit to the number of inks in the `InkNames` string. + `NumberOfInks` is automatically set when `InkNames` is set. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +Behaviour for reading: + When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow + +This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456. + +It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue. +--- + libtiff/tif_dir.c | 119 ++++++++++++++++++++++++----------------- + libtiff/tif_dir.h | 2 + + libtiff/tif_dirinfo.c | 2 +- + libtiff/tif_dirwrite.c | 5 ++ + libtiff/tif_print.c | 4 ++ + 5 files changed, 82 insertions(+), 50 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 793e8a79..816f7756 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v) + } + + /* +- * Confirm we have "samplesperpixel" ink names separated by \0. Returns ++ * Count ink names separated by \0. Returns + * zero if the ink names are not as expected. + */ +-static uint32_t +-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s) ++static uint16_t ++countInkNamesString(TIFF *tif, uint32_t slen, const char *s) + { +- TIFFDirectory* td = &tif->tif_dir; +- uint16_t i = td->td_samplesperpixel; ++ uint16_t i = 0; ++ const char *ep = s + slen; ++ const char *cp = s; + + if (slen > 0) { +- const char* ep = s+slen; +- const char* cp = s; +- for (; i > 0; i--) { ++ do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) + goto bad; + cp++; /* skip \0 */ +- } +- return ((uint32_t)(cp - s)); ++ i++; ++ } while (cp < ep); ++ return (i); + } + bad: + TIFFErrorExt(tif->tif_clientdata, "TIFFSetField", +- "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16, +- tif->tif_name, +- td->td_samplesperpixel, +- (uint16_t)(td->td_samplesperpixel-i)); ++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink", ++ tif->tif_name, slen, i); + return (0); + } + +@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) + _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); + break; + case TIFFTAG_INKNAMES: +- v = (uint16_t) va_arg(ap, uint16_vap); +- s = va_arg(ap, char*); +- v = checkInkNamesString(tif, v, s); +- status = v > 0; +- if( v > 0 ) { +- _TIFFsetNString(&td->td_inknames, s, v); +- td->td_inknameslen = v; ++ { ++ v = (uint16_t) va_arg(ap, uint16_vap); ++ s = va_arg(ap, char*); ++ uint16_t ninksinstring; ++ ninksinstring = countInkNamesString(tif, v, s); ++ status = ninksinstring > 0; ++ if(ninksinstring > 0 ) { ++ _TIFFsetNString(&td->td_inknames, s, v); ++ td->td_inknameslen = v; ++ /* Set NumberOfInks to the value ninksinstring */ ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (td->td_numberofinks != ninksinstring) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring); ++ td->td_numberofinks = ninksinstring; ++ } ++ } else { ++ td->td_numberofinks = ninksinstring; ++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS); ++ } ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel); ++ } ++ } ++ } ++ } ++ break; ++ case TIFFTAG_NUMBEROFINKS: ++ v = (uint16_t)va_arg(ap, uint16_vap); ++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */ ++ if (TIFFFieldSet(tif, FIELD_INKNAMES)) ++ { ++ if (v != td->td_numberofinks) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")", ++ tif->tif_name, fip->field_name, v, td->td_numberofinks); ++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */ ++ status = 0; ++ } ++ } else { ++ td->td_numberofinks = (uint16_t)v; ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel); ++ } ++ } + } + break; + case TIFFTAG_PERSAMPLE: +@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + if (fip->field_bit == FIELD_CUSTOM) { + standard_tag = 0; + } +- +- if( standard_tag == TIFFTAG_NUMBEROFINKS ) +- { +- int i; +- for (i = 0; i < td->td_customValueCount; i++) { +- uint16_t val; +- TIFFTagValue *tv = td->td_customValues + i; +- if (tv->info->field_tag != standard_tag) +- continue; +- if( tv->value == NULL ) +- return 0; +- val = *(uint16_t *)tv->value; +- /* Truncate to SamplesPerPixel, since the */ +- /* setting code for INKNAMES assume that there are SamplesPerPixel */ +- /* inknames. */ +- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ +- if( val > td->td_samplesperpixel ) +- { +- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", +- "Truncating NumberOfInks from %u to %"PRIu16, +- val, td->td_samplesperpixel); +- val = td->td_samplesperpixel; +- } +- *va_arg(ap, uint16_t*) = val; +- return 1; +- } +- return 0; +- } + + switch (standard_tag) { + case TIFFTAG_SUBFILETYPE: +@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + case TIFFTAG_INKNAMES: + *va_arg(ap, const char**) = td->td_inknames; + break; ++ case TIFFTAG_NUMBEROFINKS: ++ *va_arg(ap, uint16_t *) = td->td_numberofinks; ++ break; + default: + { + int i; +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index 09065648..0c251c9e 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -117,6 +117,7 @@ typedef struct { + /* CMYK parameters */ + int td_inknameslen; + char* td_inknames; ++ uint16_t td_numberofinks; /* number of inks in InkNames string */ + + int td_customValueCount; + TIFFTagValue *td_customValues; +@@ -174,6 +175,7 @@ typedef struct { + #define FIELD_TRANSFERFUNCTION 44 + #define FIELD_INKNAMES 46 + #define FIELD_SUBIFD 49 ++#define FIELD_NUMBEROFINKS 50 + /* FIELD_CUSTOM (see tiffio.h) 65 */ + /* end of support for well-known tags; codec-private tags follow */ + #define FIELD_CODEC 66 /* base of codec-private tags */ +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 3371cb5c..3b4bcd33 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -114,7 +114,7 @@ tiffFields[] = { + { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray }, + { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL }, + { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL }, +- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL }, ++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL }, + { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL }, + { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL }, + { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL }, +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 6c86fdca..062e4610 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff) + if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames)) + goto bad; + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks)) ++ goto bad; ++ } + if (TIFFFieldSet(tif,FIELD_SUBIFD)) + { + if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir)) +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 16ce5780..a91b9e7b 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + } + fputs("\n", fd); + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) { ++ fprintf(fd, " NumberOfInks: %d\n", ++ td->td_numberofinks); ++ } + if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { + fprintf(fd, " Thresholding: "); + switch (td->td_threshholding) { +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch new file mode 100644 index 0000000000..02642ecfbc --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch @@ -0,0 +1,36 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Sat, 20 Aug 2022 23:35:26 +0200 +Subject: [PATCH] tiffcrop -S option: Make decision simpler. + +--- + tools/tiffcrop.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index c3b758ec..8fd856dc 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + } + /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ + char XY, Z, R, S; +- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); +- Z = (crop_data->crop_mode & CROP_ZONES); +- R = (crop_data->crop_mode & CROP_REGIONS); +- S = (page->mode & PAGE_MODE_ROWSCOLS); +- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0; ++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0; ++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; ++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; ++ if (XY + Z + R + S > 1) { + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); + exit(EXIT_FAILURE); + } +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch new file mode 100644 index 0000000000..3e33f4adea --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch @@ -0,0 +1,59 @@ +CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001 +From: Su_Laus <sulau@freenet.de> +Date: Thu, 25 Aug 2022 16:11:41 +0200 +Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options + with any PAGE_MODE_x option (fixes #411 and #413) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S. + +Code analysis: + +With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[]. +In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) . + +Execution of the else-clause often leads to buffer-overflows. + +Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows. + +The MR solves issues #411 and #413. +--- + doc/tools/tiffcrop.rst | 8 ++++++++ + tools/tiffcrop.c | 32 +++++++++++++++++++++++++------- + 2 files changed, 33 insertions(+), 7 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 8fd856dc..41a2ea36 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; + S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; + if (XY + Z + R + S > 1) { +- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); + exit(EXIT_FAILURE); + } ++ ++ /* Check for not allowed combination: ++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options ++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. ++. */ ++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { ++ TIFFError("tiffcrop input error", ++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); ++ exit(EXIT_FAILURE); ++ } ++ + } /* end process_command_opts */ + + /* Start a new output file if one has not been previously opened or +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch new file mode 100644 index 0000000000..e44b9bc57c --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch @@ -0,0 +1,653 @@ +CVE: CVE-2022-3570 CVE-2022-3598 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From afd7086090dafd3949afd172822cbcec4ed17d56 Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Thu, 13 Oct 2022 14:33:27 +0000 +Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271, + #381, #386, #388, #389, #435) + +--- + tools/tiffcrop.c | 209 ++++++++++++++++++++++++++--------------------- + 1 file changed, 118 insertions(+), 91 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 41a2ea36..deab5feb 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -212,6 +212,10 @@ static char tiffcrop_rev_date[] = "26-08-2022"; + + #define TIFF_DIR_MAX 65534 + ++/* Some conversion subroutines require image buffers, which are at least 3 bytes ++ * larger than the necessary size for the image itself. */ ++#define NUM_BUFF_OVERSIZE_BYTES 3 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32_t tmargin; +@@ -233,7 +237,7 @@ struct offset { + */ + + struct buffinfo { +- uint32_t size; /* size of this buffer */ ++ size_t size; /* size of this buffer */ + unsigned char *buffer; /* address of the allocated buffer */ + }; + +@@ -810,8 +814,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + uint32_t dst_rowsize, shift_width; + uint32_t bytes_per_sample, bytes_per_pixel; + uint32_t trailing_bits, prev_trailing_bits; +- uint32_t tile_rowsize = TIFFTileRowSize(in); +- uint32_t src_offset, dst_offset; ++ tmsize_t tile_rowsize = TIFFTileRowSize(in); ++ tmsize_t src_offset, dst_offset; + uint32_t row_offset, col_offset; + uint8_t *bufp = (uint8_t*) buf; + unsigned char *src = NULL; +@@ -861,7 +865,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); + exit(EXIT_FAILURE); + } +- tilebuf = limitMalloc(tile_buffsize + 3); ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 0; + tilebuf[tile_buffsize] = 0; +@@ -1024,7 +1028,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf, + for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++) + { + srcbuffs[sample] = NULL; +- tbuff = (unsigned char *)limitMalloc(tilesize + 8); ++ tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES); + if (!tbuff) + { + TIFFError ("readSeparateTilesIntoBuffer", +@@ -1217,7 +1221,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + rowstripsize = rowsperstrip * bytes_per_sample * (width + 1); + +- obuf = limitMalloc (rowstripsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (obuf == NULL) + return 1; + +@@ -1229,7 +1234,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + + stripsize = TIFFVStripSize(out, nrows); + src = buf + (row * rowsize); +- memset (obuf, '\0', rowstripsize); ++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump)) + { + _TIFFfree(obuf); +@@ -1237,10 +1242,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + if ((dump->outfile != NULL) && (dump->level == 1)) + { +- dump_info(dump->outfile, dump->format,"", ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } ++ dump_info(dump->outfile, dump->format,"", + "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d", +- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf); +- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf); ++ s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf); ++ dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf); + } + + if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) +@@ -1267,7 +1277,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +- uint32_t tile_rowsize = TIFFTileRowSize(out); ++ tmsize_t tile_rowsize = TIFFTileRowSize(out); + uint8_t* bufp = (uint8_t*) buf; + tsize_t tile_buffsize = 0; + tsize_t tilesize = TIFFTileSize(out); +@@ -1310,9 +1320,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + } + src_rowsize = ((imagewidth * spp * bps) + 7U) / 8; + +- tilebuf = limitMalloc(tile_buffsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 1; ++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + for (row = 0; row < imagelength; row += tl) + { + nrow = (row + tl > imagelength) ? imagelength - row : tl; +@@ -1358,7 +1370,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + uint32_t imagewidth, tsample_t spp, + struct dump_opts * dump) + { +- tdata_t obuf = limitMalloc(TIFFTileSize(out)); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +@@ -1368,6 +1381,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + + if (obuf == NULL) + return 1; ++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + + if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) || + !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) || +@@ -1793,14 +1807,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + + *opt_offset = '\0'; + /* convert option to lowercase */ +- end = strlen (opt_ptr); ++ end = (unsigned int)strlen (opt_ptr); + for (i = 0; i < end; i++) + *(opt_ptr + i) = tolower((int) *(opt_ptr + i)); + /* Look for dump format specification */ + if (strncmp(opt_ptr, "for", 3) == 0) + { + /* convert value to lowercase */ +- end = strlen (opt_offset + 1); ++ end = (unsigned int)strlen (opt_offset + 1); + for (i = 1; i <= end; i++) + *(opt_offset + i) = tolower((int) *(opt_offset + i)); + /* check dump format value */ +@@ -2273,6 +2287,8 @@ main(int argc, char* argv[]) + size_t length; + char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */ + ++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3); ++ + little_endian = *((unsigned char *)&little_endian) & '1'; + + initImageData(&image); +@@ -3227,13 +3243,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3642,13 +3658,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3825,10 +3841,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3 + static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + { + uint8_t* bufp = buf; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint32_t strip, nstrips = TIFFNumberOfStrips(in); +- uint32_t stripsize = TIFFStripSize(in); +- uint32_t rows = 0; ++ tmsize_t stripsize = TIFFStripSize(in); ++ tmsize_t rows = 0; + uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); + tsize_t scanline_size = TIFFScanlineSize(in); + +@@ -3841,11 +3857,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); + rows = bytes_read / scanline_size; + if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize)) +- TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32, ++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64, + strip + 1, bytes_read, stripsize); + + if (bytes_read < 0 && !ignore) { +- TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows", ++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows", + strip, rows); + return 0; + } +@@ -4310,13 +4326,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4359,10 +4375,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4835,13 +4851,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4884,10 +4900,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4910,7 +4926,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + { + int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; + uint32_t j; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint16_t bps = 0, planar; + uint32_t nstrips; + uint32_t strips_per_sample; +@@ -4976,7 +4992,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + srcbuffs[s] = NULL; +- buff = limitMalloc(stripsize + 3); ++ buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES); + if (!buff) + { + TIFFError ("readSeparateStripsIntoBuffer", +@@ -4999,7 +5015,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + buff = srcbuffs[s]; + strip = (s * strips_per_sample) + j; + bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize); +- rows_this_strip = bytes_read / src_rowsize; ++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize); + if (bytes_read < 0 && !ignore) + { + TIFFError(TIFFFileName(in), +@@ -6062,13 +6078,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + uint16_t input_compression = 0, input_photometric = 0; + uint16_t subsampling_horiz, subsampling_vert; + uint32_t width = 0, length = 0; +- uint32_t stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; ++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0; ++ tmsize_t scanlinesize = 0; + uint32_t tw = 0, tl = 0; /* Tile width and length */ +- uint32_t tile_rowsize = 0; ++ tmsize_t tile_rowsize = 0; + unsigned char *read_buff = NULL; + unsigned char *new_buff = NULL; + int readunit = 0; +- static uint32_t prev_readsize = 0; ++ static tmsize_t prev_readsize = 0; + + TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); +@@ -6325,6 +6342,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + /* The buffsize_check and the possible adaptation of buffsize + * has to account also for padding of each line to a byte boundary. + * This is assumed by mirrorImage() and rotateImage(). ++ * Furthermore, functions like extractContigSamplesShifted32bits() ++ * need a buffer, which is at least 3 bytes larger than the actual image. + * Otherwise buffer-overflow might occur there. + */ + buffsize_check = length * (uint32_t)(((width * spp * bps) + 7) / 8); +@@ -6376,7 +6395,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { +@@ -6387,11 +6406,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- new_buff = _TIFFrealloc(read_buff, buffsize+3); ++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (read_buff); +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + read_buff = new_buff; +@@ -6464,8 +6483,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + dump_info (dump->infile, dump->format, "", + "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp); + ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } + for (i = 0; i < length; i++) +- dump_buffer(dump->infile, dump->format, 1, scanlinesize, ++ dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize, + i, read_buff + (i * scanlinesize)); + } + return (0); +@@ -7485,13 +7509,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -7554,23 +7578,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + + if (!sect_buff) + { +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { + if (prev_sectsize < sectsize) + { +- new_buff = _TIFFrealloc(sect_buff, sectsize); ++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + _TIFFfree (sect_buff); +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + sect_buff = new_buff; +@@ -7580,7 +7604,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -7611,17 +7635,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[0].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7634,7 +7658,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[0].buffer = crop_buff; + seg_buffs[0].size = cropsize; + +@@ -7714,17 +7738,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[i].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7737,7 +7761,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[i].buffer = crop_buff; + seg_buffs[i].size = cropsize; + +@@ -7853,24 +7877,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + crop_buff = *crop_buff_ptr; + if (!crop_buff) + { +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + prev_cropsize = cropsize; + } + else + { + if (prev_cropsize < cropsize) + { +- new_buff = _TIFFrealloc(crop_buff, cropsize); ++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = new_buff; +@@ -7879,7 +7903,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -8177,13 +8201,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -8568,13 +8592,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_ + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -8643,12 +8667,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width, + return (-1); + } + +- if (!(rbuff = (unsigned char *)limitMalloc(buffsize))) ++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */ ++ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES))) + { +- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize); ++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } +- _TIFFmemset(rbuff, '\0', buffsize); ++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES); + + ibuff = *ibuff_ptr; + switch (rotation) +@@ -9176,13 +9201,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -9273,12 +9298,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + case MIRROR_BOTH: + case MIRROR_VERT: +- line_buff = (unsigned char *)limitMalloc(rowsize); ++ line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES); + if (line_buff == NULL) + { +- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize); ++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + + dst = ibuff + (rowsize * (length - 1)); + for (row = 0; row < length / 2; row++) +@@ -9310,11 +9336,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + } + else + { /* non 8 bit per sample data */ +- if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1))) ++ if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES))) + { + TIFFError("mirrorImage", "Unable to allocate mirror line buffer"); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + bytes_per_sample = (bps + 7) / 8; + bytes_per_pixel = ((bps * spp) + 7) / 8; + if (bytes_per_pixel < (bytes_per_sample + 1)) +@@ -9326,7 +9353,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + row_offset = row * rowsize; + src = ibuff + row_offset; +- _TIFFmemset (line_buff, '\0', rowsize); ++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + switch (shift_width) + { + case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff)) +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch index 98020ff92f..e673945fa3 100644 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch @@ -1,4 +1,4 @@ -CVE: CVE-2022-2053 +CVE: CVE-2022-2953 Upstream-Status: Backport Signed-off-by: Ross Burton <ross.burton@arm.com> diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch new file mode 100644 index 0000000000..b3352ba8ab --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch @@ -0,0 +1,39 @@ +From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 8 Nov 2022 15:16:58 +0100 +Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on + strips/tiles > 2 GB + +Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 +Upstream-Status: Accepted +--- + libtiff/tif_getimage.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index a4d0c1d6..60b94d8e 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in + return( ok ); + + for( i_row = 0; i_row < read_ysize; i_row++ ) { +- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize, +- raster + (read_ysize - i_row - 1) * read_xsize, ++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, ++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize, + read_xsize * sizeof(uint32_t) ); +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize, + 0, sizeof(uint32_t) * (tile_xsize - read_xsize) ); + } + + for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) { +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, + 0, sizeof(uint32_t) * tile_xsize ); + } + +-- +2.33.0 + diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch new file mode 100644 index 0000000000..4f8dc35251 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch @@ -0,0 +1,26 @@ +From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Sat, 21 Jan 2023 15:58:10 +0000 +Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. + + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz] +CVE: CVE-2022-48281 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: tiff-4.2.0/tools/tiffcrop.c +=================================================================== +--- tiff-4.2.0.orig/tools/tiffcrop.c ++++ tiff-4.2.0/tools/tiffcrop.c +@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data + crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { +- prev_cropsize = seg_buffs[0].size; ++ prev_cropsize = seg_buffs[1].size; + if (prev_cropsize < cropsize) + { + next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch new file mode 100644 index 0000000000..926df680b3 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch @@ -0,0 +1,154 @@ +From: Markus Koschany <apo@debian.org> +Date: Tue, 21 Feb 2023 14:26:43 +0100 +Subject: CVE-2023-0795 + +This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, +CVE-2023-0799. + +Bug-Debian: https://bugs.debian.org/1031632 +Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + +CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 +Upstream-Status: Backport [import from ubuntu debian/patches/CVE-2023-0795.patch http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.4.0-4ubuntu3.3.debian.tar.xz ] +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++++--------------------- + 1 file changed, 30 insertions(+), 21 deletions(-) + +--- tiff-4.4.0.orig/tools/tiffcrop.c ++++ tiff-4.4.0/tools/tiffcrop.c +@@ -269,7 +269,6 @@ struct region { + uint32_t width; /* width in pixels */ + uint32_t length; /* length in pixels */ + uint32_t buffsize; /* size of buffer needed to hold the cropped region */ +- unsigned char *buffptr; /* address of start of the region */ + }; + + /* Cropping parameters from command line and image data +@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uin + static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t, + uint32_t, uint32_t, uint8_t *, uint8_t *); + static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *, +- unsigned char **); ++ unsigned char **, int); + static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, + unsigned char *); + static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, +@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps) + cps->regionlist[i].width = 0; + cps->regionlist[i].length = 0; + cps->regionlist[i].buffsize = 0; +- cps->regionlist[i].buffptr = NULL; + cps->zonelist[i].position = 0; + cps->zonelist[i].total = 0; + } +@@ -6551,8 +6549,13 @@ static int correct_orientation(struct i + (uint16_t) (image->adjustments & ROTATE_ANY)); + return (-1); + } +- +- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr)) ++ ++ /* Dummy variable in order not to switch two times the ++ * image->width,->length within rotateImage(), ++ * but switch xres, yres there. */ ++ uint32_t width = image->width; ++ uint32_t length = image->length; ++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE)) + { + TIFFError ("correct_orientation", "Unable to rotate image"); + return (-1); +@@ -6661,7 +6664,6 @@ extractCompositeRegions(struct image_dat + /* These should not be needed for composite images */ + crop->regionlist[i].width = crop_width; + crop->regionlist[i].length = crop_length; +- crop->regionlist[i].buffptr = crop_buff; + + src_rowsize = ((img_width * bps * spp) + 7) / 8; + dst_rowsize = (((crop_width * bps * count) + 7) / 8); +@@ -6900,7 +6902,6 @@ extractSeparateRegion(struct image_data + + crop->regionlist[region].width = crop_width; + crop->regionlist[region].length = crop_length; +- crop->regionlist[region].buffptr = crop_buff; + + src = read_buff; + dst = crop_buff; +@@ -7778,7 +7779,7 @@ processCropSelections(struct image_data + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, &crop_buff)) ++ &crop->combined_length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation); +@@ -7888,7 +7889,7 @@ processCropSelections(struct image_data + * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !! + */ + if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, +- &crop->regionlist[i].length, &crop_buff)) ++ &crop->regionlist[i].length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation); +@@ -8020,7 +8021,7 @@ createCroppedImage(struct image_data *im + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, crop_buff_ptr)) ++ &crop->combined_length, crop_buff_ptr, TRUE)) + { + TIFFError("createCroppedImage", + "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation); +@@ -8683,7 +8684,7 @@ rotateContigSamples32bits(uint16_t rotat + /* Rotate an image by a multiple of 90 degrees clockwise */ + static int + rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width, +- uint32_t *img_length, unsigned char **ibuff_ptr) ++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params) + { + int shift_width; + uint32_t bytes_per_pixel, bytes_per_sample; +@@ -8874,11 +8875,15 @@ rotateImage(uint16_t rotation, struct im + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + + case 270: if ((bps % 8) == 0) /* byte aligned data */ +@@ -8951,11 +8956,15 @@ rotateImage(uint16_t rotation, struct im + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + default: + break; diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch new file mode 100644 index 0000000000..8372bc35f2 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch @@ -0,0 +1,128 @@ +From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Sun, 5 Feb 2023 15:53:15 +0000 +Subject: [PATCH] tiffcrop: added check for assumption on composite images + (fixes #496) + +tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action. + +Closes #496, #497, #498, #500, #501. + +Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ] +CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 66 insertions(+), 2 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 84e26ac6..480b927c 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -5329,18 +5329,39 @@ + + crop->regionlist[i].buffsize = buffsize; + crop->bufftotal += buffsize; ++ /* For composite images with more than one region, the ++ * combined_length or combined_width always needs to be equal, ++ * respectively. ++ * Otherwise, even the first section/region copy ++ * action might cause buffer overrun. */ + if (crop->img_mode == COMPOSITE_IMAGES) + { + switch (crop->edge_ref) + { + case EDGE_LEFT: + case EDGE_RIGHT: ++ if (i > 0 && zlength != crop->combined_length) ++ { ++ TIFFError( ++ "computeInputPixelOffsets", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (-1); ++ } + crop->combined_length = zlength; + crop->combined_width += zwidth; + break; + case EDGE_BOTTOM: + case EDGE_TOP: /* width from left, length from top */ + default: ++ if (i > 0 && zwidth != crop->combined_width) ++ { ++ TIFFError("computeInputPixelOffsets", ++ "Only equal width regions can be " ++ "combined for -E " ++ "top or bottom"); ++ return (-1); ++ } + crop->combined_width = zwidth; + crop->combined_length += zlength; + break; +@@ -6546,6 +6567,46 @@ + crop->combined_width = 0; + crop->combined_length = 0; + ++ /* If there is more than one region, check beforehand whether all the width ++ * and length values of the regions are the same, respectively. */ ++ switch (crop->edge_ref) ++ { ++ default: ++ case EDGE_TOP: ++ case EDGE_BOTTOM: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_width0 = ++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; ++ uint32_t crop_width1 = ++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; ++ if (crop_width0 != crop_width1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal width regions can be combined for -E " ++ "top or bottom"); ++ return (1); ++ } ++ } ++ break; ++ case EDGE_LEFT: ++ case EDGE_RIGHT: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_length0 = ++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; ++ uint32_t crop_length1 = ++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; ++ if (crop_length0 != crop_length1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (1); ++ } ++ } ++ } ++ + for (i = 0; i < crop->selections; i++) + { + /* rows, columns, width, length are expressed in pixels */ +@@ -6570,7 +6631,8 @@ + default: + case EDGE_TOP: + case EDGE_BOTTOM: +- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) ++ if ((crop->selections > i + 1) && ++ (crop_width != crop->regionlist[i + 1].width)) + { + TIFFError ("extractCompositeRegions", + "Only equal width regions can be combined for -E top or bottom"); +@@ -6651,7 +6713,8 @@ + break; + case EDGE_LEFT: /* splice the pieces of each row together, side by side */ + case EDGE_RIGHT: +- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) ++ if ((crop->selections > i + 1) && ++ (crop_length != crop->regionlist[i + 1].length)) + { + TIFFError ("extractCompositeRegions", + "Only equal length regions can be combined for -E left or right"); diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb index caf6f60479..9df3c5a015 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb @@ -12,6 +12,14 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ file://CVE-2022-34526.patch \ file://CVE-2022-2953.patch \ + file://CVE-2022-3970.patch \ + file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \ + file://0001-tiffcrop-S-option-Make-decision-simpler.patch \ + file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \ + file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \ + file://CVE-2022-48281.patch \ + file://CVE-2023-0800_0801_0802_0803_0804.patch \ + file://CVE-2023-0795_0796_0797_0798_0799.patch \ " SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed" @@ -25,7 +33,6 @@ CVE_CHECK_IGNORE += "CVE-2015-7313" # These issues only affect libtiff post-4.3.0 but before 4.4.0, # caused by 3079627e and fixed by b4e79bfa. CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" - # Issue is in jbig which we don't enable CVE_CHECK_IGNORE += "CVE-2022-1210" @@ -41,6 +48,7 @@ PACKAGECONFIG[jbig] = "--enable-jbig,--disable-jbig,jbig," PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg," PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib," PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz," +PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp," # Convert single-strip uncompressed images to multiple strips of specified # size (default: 8192) to reduce memory usage diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb index 5f776c13e6..708201043b 100644 --- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb +++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb @@ -13,7 +13,7 @@ inherit meson features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629" +SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155" # Especially helps compiling with clang which enable this as error when # using c++11 diff --git a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch deleted file mode 100644 index 6f27876a7f..0000000000 --- a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 12 Sep 2018 17:16:36 +0800 -Subject: [PATCH] Fix error handling in gdbm - -Only check for gdbm_errno if the return value of the called gdbm_* -function says so. This fixes apr-util with gdbm 1.14, which does not -seem to always reset gdbm_errno. - -Also make the gdbm driver return error codes starting with -APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is -what the berkleydb driver already does. - -Also ensure that dsize is 0 if dptr == NULL. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1825311] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------ - 1 file changed, 29 insertions(+), 18 deletions(-) - -diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c -index 749447a..1c86327 100644 ---- a/dbm/apr_dbm_gdbm.c -+++ b/dbm/apr_dbm_gdbm.c -@@ -36,13 +36,25 @@ - static apr_status_t g2s(int gerr) - { - if (gerr == -1) { -- /* ### need to fix this */ -- return APR_EGENERAL; -+ if (gdbm_errno == GDBM_NO_ERROR) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; - } - - return APR_SUCCESS; - } - -+static apr_status_t gdat2s(datum d) -+{ -+ if (d.dptr == NULL) { -+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; -+ } -+ -+ return APR_SUCCESS; -+} -+ - static apr_status_t datum_cleanup(void *dptr) - { - if (dptr) -@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr) - - static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said) - { -- apr_status_t rv = APR_SUCCESS; - -- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */ -+ dbm->errcode = dbm_said; - -- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) { -+ if (dbm_said == APR_SUCCESS) - dbm->errmsg = NULL; -- } -- else { -- dbm->errmsg = gdbm_strerror(gdbm_errno); -- rv = APR_EGENERAL; /* ### need something better */ -- } -- -- /* captured it. clear it now. */ -- gdbm_errno = GDBM_NO_ERROR; -+ else -+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR); - -- return rv; -+ return dbm_said; - } - - /* -------------------------------------------------------------------------- -@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname, - NULL); - - if (file == NULL) -- return APR_EGENERAL; /* ### need a better error */ -+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */ - - /* we have an open database... return it */ - *pdb = apr_pcalloc(pool, sizeof(**pdb)); -@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key, - if (pvalue->dptr) - apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pvalue->dsize = 0; - - /* store the error info into DBM, and return a status code. Also, note - that *pvalue should have been cleared on error. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key, -@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) -@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data) --- -2.7.4 - diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb index b851d46351..7c6fcc699b 100644 --- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb @@ -13,11 +13,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ file://configfix.patch \ file://configure_fixes.patch \ file://run-ptest \ - file://0001-Fix-error-handling-in-gdbm.patch \ -" + " -SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f" -SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459" +SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983" EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ --without-odbc \ diff --git a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch index abff4e9331..a274f3a16e 100644 --- a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch +++ b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch @@ -1,14 +1,15 @@ -From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001 +From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001 From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Thu, 26 Mar 2020 18:30:36 +0000 Subject: [PATCH] Add option to disable timed dependant tests -The disabled tests rely on timing to pass correctly. On a virtualized +The disabled tests rely on timing to pass correctly. On a virtualized system under heavy load, these tests randomly fail because they miss a timer or other timing related issues. Upstream-Status: Pending Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> + --- configure.in | 6 ++++++ include/apr.h.in | 1 + @@ -16,10 +17,10 @@ Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in -index d9f32d6..f0c5661 100644 +index bfd488b..3663220 100644 --- a/configure.in +++ b/configure.in -@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks, +@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks, ) AC_SUBST(apr_has_timedlocks) @@ -45,10 +46,10 @@ index ee99def..c46a5f4 100644 #define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@ diff --git a/test/testlock.c b/test/testlock.c -index a43f477..6233d0b 100644 +index e3437c1..04e01b9 100644 --- a/test/testlock.c +++ b/test/testlock.c -@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite) +@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, threads_not_impl, NULL); #else abts_run_test(suite, test_thread_mutex, NULL); @@ -56,6 +57,8 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_thread_timedmutex, NULL); #endif + abts_run_test(suite, test_thread_nestedmutex, NULL); +@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, test_thread_rwlock, NULL); abts_run_test(suite, test_cond, NULL); abts_run_test(suite, test_timeoutcond, NULL); @@ -63,7 +66,4 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_timeoutmutex, NULL); #endif - #endif --- -2.23.0 - + #ifdef WIN32 diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch deleted file mode 100644 index d0a9bd9129..0000000000 --- a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 23 Aug 2022 22:42:03 -0700 -Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type - -APR's configure script uses AC_TRY_RUN to detect whether the return type -of strerror_r is int. When cross-compiling this defaults to no. - -This commit adds an AC_CACHE_CHECK so users who cross-compile APR may -influence the outcome with a configure variable. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - build/apr_common.m4 | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/build/apr_common.m4 b/build/apr_common.m4 -index cbf2a4c..42e75cf 100644 ---- a/build/apr_common.m4 -+++ b/build/apr_common.m4 -@@ -525,8 +525,9 @@ dnl string. - dnl - dnl - AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ --AC_MSG_CHECKING(for type of return code from strerror_r) --AC_TRY_RUN([ -+AC_CACHE_CHECK([whether return code from strerror_r has type int], -+[ac_cv_strerror_r_rc_int], -+[AC_TRY_RUN([ - #include <errno.h> - #include <string.h> - #include <stdio.h> -@@ -542,14 +543,10 @@ main() - }], [ - ac_cv_strerror_r_rc_int=yes ], [ - ac_cv_strerror_r_rc_int=no ], [ -- ac_cv_strerror_r_rc_int=no ] ) -+ ac_cv_strerror_r_rc_int=no ] ) ] ) - if test "x$ac_cv_strerror_r_rc_int" = xyes; then - AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) -- msg="int" --else -- msg="pointer" - fi --AC_MSG_RESULT([$msg]) - ] ) - - dnl --- -2.37.2 - diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch index fa6202da79..a78b16284f 100644 --- a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch +++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -1,4 +1,4 @@ -From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 26 Aug 2022 00:28:08 -0700 Subject: [PATCH] configure: Remove runtime test for mmap that can map @@ -10,24 +10,25 @@ mutexes Upstream-Status: Inappropriate [Cross-compile specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - configure.in | 32 -------------------------------- - 1 file changed, 32 deletions(-) + configure.in | 30 ------------------------------ + 1 file changed, 30 deletions(-) diff --git a/configure.in b/configure.in -index a99049d..f1f55c7 100644 +index 3663220..dce9789 100644 --- a/configure.in +++ b/configure.in -@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ +@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) AC_CHECK_FILE(/dev/zero) -# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. -if test "$ac_cv_func_mmap" = "yes" && -- test "$ac_cv_file__dev_zero" = "yes"; then -- AC_MSG_CHECKING(for mmap that can map /dev/zero) -- AC_TRY_RUN([ --#include <sys/types.h> +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_CACHE_CHECK([for mmap that can map /dev/zero], +- [ac_cv_mmap__dev_zero], +- [AC_TRY_RUN([#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#ifdef HAVE_SYS_MMAN_H @@ -49,14 +50,9 @@ index a99049d..f1f55c7 100644 - return 3; - } - return 0; -- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) -- -- AC_MSG_RESULT($ac_cv_file__dev_zero) +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])]) -fi - # Now we determine which one is our anonymous shmem preference. haveshmgetanon="0" havemmapzero="0" --- -2.37.2 - diff --git a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch index 72e706f966..d63423f3a1 100644 --- a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch +++ b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch @@ -1,8 +1,7 @@ -From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001 +From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Tue, 30 Jan 2018 09:39:06 +0800 -Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr - files +Subject: [PATCH] apr: Remove workdir path references from installed apr files Upstream-Status: Inappropriate [configuration] @@ -14,20 +13,23 @@ packages at target run time, the workdir path caused confusion. Rebase to 1.6.3 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + --- - apr-config.in | 26 ++------------------------ - 1 file changed, 2 insertions(+), 24 deletions(-) + apr-config.in | 32 ++------------------------------ + 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/apr-config.in b/apr-config.in -index 84b4073..bbbf651 100644 +index bed47ca..47874e5 100644 --- a/apr-config.in +++ b/apr-config.in -@@ -152,14 +152,7 @@ while test $# -gt 0; do +@@ -164,16 +164,7 @@ while test $# -gt 0; do flags="$flags $LDFLAGS" ;; --includes) - if test "$location" = "installed"; then flags="$flags -I$includedir $EXTRA_INCLUDES" +- elif test "$location" = "crosscompile"; then +- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES" - elif test "$location" = "source"; then - flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES" - else @@ -37,13 +39,15 @@ index 84b4073..bbbf651 100644 ;; --srcdir) echo $APR_SOURCE_DIR -@@ -181,29 +174,14 @@ while test $# -gt 0; do +@@ -197,33 +188,14 @@ while test $# -gt 0; do exit 0 ;; --link-ld) - if test "$location" = "installed"; then - ### avoid using -L if libdir is a "standard" location like /usr/lib - flags="$flags -L$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}" - else - ### this surely can't work since the library is in .libs? - flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}" @@ -62,6 +66,8 @@ index 84b4073..bbbf651 100644 - # Since the user is specifying they are linking with libtool, we - # *know* that -R will be recognized by libtool. - flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}" - else - flags="$flags $LA_FILE" - fi @@ -69,6 +75,3 @@ index 84b4073..bbbf651 100644 ;; --shlib-path-var) echo "$SHLIBPATH_VAR" --- -1.8.3.1 - diff --git a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch deleted file mode 100644 index 4dd53bd8eb..0000000000 --- a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Fri, 2 Feb 2018 15:51:42 +0800 -Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling - -While cross compiling, the tools/gen_test_char could not -be executed at build time, use AX_PROG_CC_FOR_BUILD to -build native tools/gen_test_char - -Upstream-Status: Submitted [https://github.com/apache/apr/pull/8] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - Makefile.in | 10 +++------- - configure.in | 3 +++ - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 5fb760e..8675f90 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@ - - CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \ - build/apr_rules.out tools/gen_test_char@EXEEXT@ \ -- tools/gen_test_char.o tools/gen_test_char.lo \ -+ tools/gen_test_char.o \ - include/private/apr_escape_test_char.h - DISTCLEAN_TARGETS = config.cache config.log config.status \ - include/apr.h include/arch/unix/apr_private.h \ -@@ -131,13 +131,9 @@ check: $(TARGET_LIB) - etags: - etags `find . -name '*.[ch]'` - --OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS) --tools/gen_test_char.lo: tools/gen_test_char.c -+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c - $(APR_MKDIR) tools -- $(LT_COMPILE) -- --tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char) -- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS) -+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@ - - include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@ - $(APR_MKDIR) include/private -diff --git a/configure.in b/configure.in -index 719f331..361120f 100644 ---- a/configure.in -+++ b/configure.in -@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a - dnl preload section from invoking the macro to get compiler info. - AC_PROG_CC - -+dnl Check build CC for gen_test_char compiling which is executed at build time. -+AX_PROG_CC_FOR_BUILD -+ - dnl AC_PROG_SED is only avaliable in recent autoconf versions. - dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present. - ifdef([AC_PROG_SED], --- -1.8.3.1 - diff --git a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch deleted file mode 100644 index d1a2ebe881..0000000000 --- a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001 -From: Dengke Du <dengke.du@windriver.com> -Date: Wed, 14 Dec 2016 18:13:08 +0800 -Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross - compiling - -In configure.in, it contains the following: - - APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) - -the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, -it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross -compiling enable. - -So it was hardcoded for cross compiling, we should detect it dynamic based on -the sysroot's glibc. We change it to the following: - - AC_CHECK_SIZEOF(off_t) - -The same for the following hardcoded types for cross compiling: - - pid_t 8 - ssize_t 8 - size_t 8 - off_t 8 - -Change the above correspondingly. - -Signed-off-by: Dengke Du <dengke.du@windriver.com> - -Upstream-Status: Pending - ---- - configure.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.in b/configure.in -index 27b8539..fb408d1 100644 ---- a/configure.in -+++ b/configure.in -@@ -1801,7 +1801,7 @@ else - socklen_t_value="int" - fi - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], pid_t, 8) -+AC_CHECK_SIZEOF(pid_t) - - if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then - pid_t_fmt='#define APR_PID_T_FMT "hd"' -@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [ - APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"]) - ]) - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], ssize_t, 8) -+AC_CHECK_SIZEOF(ssize_t) - - dnl the else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_ssize_t]) -@@ -1891,7 +1891,7 @@ fi - - ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include <stddef.h>], size_t, 8) -+AC_CHECK_SIZEOF(size_t) - - # else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_size_t]) -@@ -1909,7 +1909,7 @@ fi - - size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) -+AC_CHECK_SIZEOF(off_t) - - if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then - # Enable LFS diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch deleted file mode 100644 index 00befdacee..0000000000 --- a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch +++ /dev/null @@ -1,58 +0,0 @@ - -SECURITY: CVE-2021-35940 (cve.mitre.org) - -Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though -was addressed in 1.6.x in 1.6.3 and later via r1807976. - -The fix was merged back to 1.7.x in r1891198. - -Since this was a regression in 1.7.0, a new CVE name has been assigned -to track this, CVE-2021-35940. - -Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. - -https://svn.apache.org/viewvc?view=revision&revision=1891198 - -Upstream-Status: Backport -CVE: CVE-2021-35940 -Signed-off-by: Armin Kuster <akuster@mvista.com> - - -Index: time/unix/time.c -=================================================================== ---- a/time/unix/time.c (revision 1891197) -+++ b/time/unix/time.c (revision 1891198) -@@ -142,6 +142,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) -Index: time/win32/time.c -=================================================================== ---- a/time/win32/time.c (revision 1891197) -+++ b/time/win32/time.c (revision 1891198) -@@ -54,6 +54,9 @@ - static const int dayoffset[12] = - {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; - -+ if (tm->wMonth < 1 || tm->wMonth > 12) -+ return APR_EBADDATE; -+ - /* Note; the caller is responsible for filling in detailed tm_usec, - * tm_gmtoff and tm_isdst data when applicable. - */ -@@ -228,6 +231,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch deleted file mode 100644 index 9f7b5c624c..0000000000 --- a/poky/meta/recipes-support/apr/apr/autoconf270.patch +++ /dev/null @@ -1,22 +0,0 @@ -With autoconf 2.70 confdefs.h is already included. Including it twice generates -compiler warnings and since this macros is to error on warnings, it breaks. - -Fix by not including the file. - -Upstream-Status: Pending -RP - 2021/1/28 - -Index: apr-1.7.0/build/apr_common.m4 -=================================================================== ---- apr-1.7.0.orig/build/apr_common.m4 -+++ apr-1.7.0/build/apr_common.m4 -@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], - fi - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE( -- [#include "confdefs.h" -- ] -+ [] - [[$1]] - [int main(int argc, const char *const *argv) {] - [[$2]] diff --git a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch index 740792e6b0..80ce43caa4 100644 --- a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch +++ b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch @@ -1,6 +1,7 @@ +From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001 From: Helmut Grohne <helmut@subdivi.de> -Subject: check for libtoolize rather than libtool -Last-Update: 2014-09-19 +Date: Tue, 7 Feb 2023 07:04:00 +0000 +Subject: [PATCH] check for libtoolize rather than libtool libtool is now in package libtool-bin, but apr only needs libtoolize. @@ -8,14 +9,22 @@ Upstream-Status: Pending [ from debian: https://sources.debian.org/data/main/a/a Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- apr.orig/build/buildcheck.sh -+++ apr/build/buildcheck.sh -@@ -39,11 +39,11 @@ fi +--- + build/buildcheck.sh | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/build/buildcheck.sh b/build/buildcheck.sh +index 44921b5..08bc8a8 100755 +--- a/build/buildcheck.sh ++++ b/build/buildcheck.sh +@@ -39,13 +39,11 @@ fi # ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a # output is multiline from 1.5 onwards -# Require libtool 1.4 or newer --libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-if test -z "$libtool"; then +- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-fi -lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'` +# Require libtoolize 1.4 or newer +libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14` diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.2.bb index cb4bb936d7..c9059c9921 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.2.bb @@ -16,21 +16,15 @@ BBCLASSEXTEND = "native nativesdk" SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://run-ptest \ file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \ - file://0003-Makefile.in-configure.in-support-cross-compiling.patch \ file://0004-Fix-packet-discards-HTTP-redirect.patch \ file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \ - file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ - file://autoconf270.patch \ - file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ - file://CVE-2021-35940.patch \ " -SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea" +SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e" inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb index 78c51e7731..89b7bf2b93 100644 --- a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb +++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" +SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch new file mode 100644 index 0000000000..03a7ac513b --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch @@ -0,0 +1,27 @@ +From dd31455d46dcf9e3a1b8bd37e671af1a6af52807 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 15 Sep 2022 09:22:45 +0200 +Subject: [PATCH] setopt: when POST is set, reset the 'upload' field + +Reported-by: RobBotic1 on github +Fixes #9507 +Closes #9511 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d6] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/setopt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/setopt.c b/lib/setopt.c +index d5e3b50..b8793b4 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -696,6 +696,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + } + else + data->set.method = HTTPREQ_GET; ++ data->set.upload = FALSE; + break; + + case CURLOPT_HTTPPOST: diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch new file mode 100644 index 0000000000..a4aae69fd0 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch @@ -0,0 +1,73 @@ +From 9169e54444bdca7b5e7b44034c463fe5fc801e88 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 4 Oct 2022 14:37:24 +0200 +Subject: [PATCH] netrc: replace fgets with Curl_get_line + +Make the parser only accept complete lines and avoid problems with +overly long lines. + +Reported-by: Hiroki Kurosawa + +Closes #9789 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa86] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/curl_get_line.c | 6 +++--- + lib/netrc.c | 5 +++-- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c +index 6a26bb2..22e3705 100644 +--- a/lib/curl_get_line.c ++++ b/lib/curl_get_line.c +@@ -25,7 +25,7 @@ + #include "curl_setup.h" + + #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ +- !defined(CURL_DISABLE_HSTS) ++ !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC) + + #include "curl_get_line.h" + #include "curl_memory.h" +@@ -33,8 +33,8 @@ + #include "memdebug.h" + + /* +- * get_line() makes sure to only return complete whole lines that fit in 'len' +- * bytes and end with a newline. ++ * Curl_get_line() makes sure to only return complete whole lines that fit in ++ * 'len' bytes and end with a newline. + */ + char *Curl_get_line(char *buf, int len, FILE *input) + { +diff --git a/lib/netrc.c b/lib/netrc.c +index 62a6a10..5d17482 100644 +--- a/lib/netrc.c ++++ b/lib/netrc.c +@@ -33,6 +33,7 @@ + #include "netrc.h" + #include "strtok.h" + #include "strcase.h" ++#include "curl_get_line.h" + + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" +@@ -84,7 +85,7 @@ static int parsenetrc(const char *host, + char netrcbuffer[4096]; + int netrcbuffsize = (int)sizeof(netrcbuffer); + +- while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { ++ while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) { + char *tok; + char *tok_end; + bool quoted; +@@ -243,7 +244,7 @@ static int parsenetrc(const char *host, + } /* switch (state) */ + tok = ++tok_end; + } +- } /* while fgets() */ ++ } /* while Curl_get_line() */ + + out: + if(!retcode) { diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch new file mode 100644 index 0000000000..43de6e62eb --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch @@ -0,0 +1,53 @@ +From 3ede0e72aaad6447d2a5ab07dac43e1b9d7e617b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 6 Oct 2022 14:13:36 +0200 +Subject: [PATCH] http_proxy: restore the protocol pointer on error + +Reported-by: Trail of Bits + +Closes #9790 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315ce] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/http_proxy.c | 6 ++---- + lib/url.c | 9 --------- + 2 files changed, 2 insertions(+), 13 deletions(-) + +diff --git a/lib/http_proxy.c b/lib/http_proxy.c +index 1f87f6c..cc20b3a 100644 +--- a/lib/http_proxy.c ++++ b/lib/http_proxy.c +@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data) + Curl_dyn_free(&s->rcvbuf); + Curl_dyn_free(&s->req); + +- /* restore the protocol pointer, if not already done */ +- if(s->prot_save) +- data->req.p.http = s->prot_save; +- s->prot_save = NULL; ++ /* restore the protocol pointer */ ++ data->req.p.http = s->prot_save; + data->info.httpcode = 0; /* clear it as it might've been used for the + proxy */ + data->req.ignorebody = FALSE; +diff --git a/lib/url.c b/lib/url.c +index bfc784f..61c99d2 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -746,15 +746,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) + DEBUGASSERT(data); + infof(data, "Closing connection %ld", conn->connection_id); + +-#ifndef USE_HYPER +- if(conn->connect_state && conn->connect_state->prot_save) { +- /* If this was closed with a CONNECT in progress, cleanup this temporary +- struct arrangement */ +- data->req.p.http = NULL; +- Curl_safefree(conn->connect_state->prot_save); +- } +-#endif +- + /* possible left-overs from the async name resolvers */ + Curl_resolver_cancel(data); + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch new file mode 100644 index 0000000000..000af69885 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch @@ -0,0 +1,134 @@ +From 401455229a5006bed0346fedc99791ccb53e146c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 12 Oct 2022 10:47:59 +0200 +Subject: [PATCH] url: use IDN decoded names for HSTS checks + +Reported-by: Hiroki Kurosawa + +Closes #9791 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/53bcf55b4538067e6] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/url.c | 91 ++++++++++++++++++++++++++++--------------------------- + 1 file changed, 47 insertions(+), 44 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 61c99d2..6426fa7 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2024,10 +2024,56 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, + failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN); + return CURLE_URL_MALFORMAT; + } ++ hostname = data->state.up.hostname; ++ ++ if(hostname && hostname[0] == '[') { ++ /* This looks like an IPv6 address literal. See if there is an address ++ scope. */ ++ size_t hlen; ++ conn->bits.ipv6_ip = TRUE; ++ /* cut off the brackets! */ ++ hostname++; ++ hlen = strlen(hostname); ++ hostname[hlen - 1] = 0; ++ ++ zonefrom_url(uh, data, conn); ++ } ++ ++ /* make sure the connect struct gets its own copy of the host name */ ++ conn->host.rawalloc = strdup(hostname ? hostname : ""); ++ if(!conn->host.rawalloc) ++ return CURLE_OUT_OF_MEMORY; ++ conn->host.name = conn->host.rawalloc; ++ ++ /************************************************************* ++ * IDN-convert the hostnames ++ *************************************************************/ ++ result = Curl_idnconvert_hostname(data, &conn->host); ++ if(result) ++ return result; ++ if(conn->bits.conn_to_host) { ++ result = Curl_idnconvert_hostname(data, &conn->conn_to_host); ++ if(result) ++ return result; ++ } ++#ifndef CURL_DISABLE_PROXY ++ if(conn->bits.httpproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); ++ if(result) ++ return result; ++ } ++ if(conn->bits.socksproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); ++ if(result) ++ return result; ++ } ++#endif + + #ifndef CURL_DISABLE_HSTS ++ /* HSTS upgrade */ + if(data->hsts && strcasecompare("http", data->state.up.scheme)) { +- if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) { ++ /* This MUST use the IDN decoded name */ ++ if(Curl_hsts(data->hsts, conn->host.name, TRUE)) { + char *url; + Curl_safefree(data->state.up.scheme); + uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0); +@@ -2133,26 +2179,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, + + (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0); + +- hostname = data->state.up.hostname; +- if(hostname && hostname[0] == '[') { +- /* This looks like an IPv6 address literal. See if there is an address +- scope. */ +- size_t hlen; +- conn->bits.ipv6_ip = TRUE; +- /* cut off the brackets! */ +- hostname++; +- hlen = strlen(hostname); +- hostname[hlen - 1] = 0; +- +- zonefrom_url(uh, data, conn); +- } +- +- /* make sure the connect struct gets its own copy of the host name */ +- conn->host.rawalloc = strdup(hostname ? hostname : ""); +- if(!conn->host.rawalloc) +- return CURLE_OUT_OF_MEMORY; +- conn->host.name = conn->host.rawalloc; +- + #ifdef ENABLE_IPV6 + if(data->set.scope_id) + /* Override any scope that was set above. */ +@@ -3781,29 +3807,6 @@ static CURLcode create_conn(struct Curl_easy *data, + if(result) + goto out; + +- /************************************************************* +- * IDN-convert the hostnames +- *************************************************************/ +- result = Curl_idnconvert_hostname(data, &conn->host); +- if(result) +- goto out; +- if(conn->bits.conn_to_host) { +- result = Curl_idnconvert_hostname(data, &conn->conn_to_host); +- if(result) +- goto out; +- } +-#ifndef CURL_DISABLE_PROXY +- if(conn->bits.httpproxy) { +- result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); +- if(result) +- goto out; +- } +- if(conn->bits.socksproxy) { +- result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); +- if(result) +- goto out; +- } +-#endif + + /************************************************************* + * Check whether the host and the "connect to host" are equal. diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch new file mode 100644 index 0000000000..7c617ef1db --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch @@ -0,0 +1,32 @@ +From 08aa76b7b24454a89866aaef661ea90ae3d57900 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 19 Dec 2022 08:36:55 +0100 +Subject: [PATCH] http: use the IDN decoded name in HSTS checks + +Otherwise it stores the info HSTS into the persistent cache for the IDN +name which will not match when the HSTS status is later checked for +using the decoded name. + +Reported-by: Hiroki Kurosawa + +Closes #10111 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/9e71901634e276dd] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/http.c b/lib/http.c +index b0ad28e..8b18e8d 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -3654,7 +3654,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, + else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) && + (conn->handler->flags & PROTOPT_SSL)) { + CURLcode check = +- Curl_hsts_parse(data->hsts, data->state.up.hostname, ++ Curl_hsts_parse(data->hsts, conn->host.name, + headp + strlen("Strict-Transport-Security:")); + if(check) + infof(data, "Illegal STS header skipped"); diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch new file mode 100644 index 0000000000..059dad17d8 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch @@ -0,0 +1,78 @@ +From 6ae56c9c47b02106373c9482f09c510fd5c50a84 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 19 Dec 2022 08:38:37 +0100 +Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done() + +It is managed by the generic layer. + +Reported-by: Trail of Bits + +Closes #10112 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe1] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/smb.c | 14 ++------------ + lib/telnet.c | 3 --- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/lib/smb.c b/lib/smb.c +index 039d680..f682c1f 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -62,8 +62,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done); + static CURLcode smb_connection_state(struct Curl_easy *data, bool *done); + static CURLcode smb_do(struct Curl_easy *data, bool *done); + static CURLcode smb_request_state(struct Curl_easy *data, bool *done); +-static CURLcode smb_done(struct Curl_easy *data, CURLcode status, +- bool premature); + static CURLcode smb_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead); + static int smb_getsock(struct Curl_easy *data, struct connectdata *conn, +@@ -78,7 +76,7 @@ const struct Curl_handler Curl_handler_smb = { + "SMB", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -105,7 +103,7 @@ const struct Curl_handler Curl_handler_smbs = { + "SMBS", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -941,14 +939,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + return CURLE_OK; + } + +-static CURLcode smb_done(struct Curl_easy *data, CURLcode status, +- bool premature) +-{ +- (void) premature; +- Curl_safefree(data->req.p.smb); +- return status; +-} +- + static CURLcode smb_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead) + { +diff --git a/lib/telnet.c b/lib/telnet.c +index 923c7f8..48cd0d7 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data, + + curl_slist_free_all(tn->telnet_vars); + tn->telnet_vars = NULL; +- +- Curl_safefree(data->req.p.telnet); +- + return CURLE_OK; + } + diff --git a/poky/meta/recipes-support/curl/curl_7.85.0.bb b/poky/meta/recipes-support/curl/curl_7.85.0.bb index ad6a5175bc..4e05434a12 100644 --- a/poky/meta/recipes-support/curl/curl_7.85.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.85.0.bb @@ -6,13 +6,19 @@ HTTP post, SSL connections, proxy support, FTP uploads, and more!" HOMEPAGE = "https://curl.se/" BUGTRACKER = "https://github.com/curl/curl/issues" SECTION = "console/network" -LICENSE = "MIT-open-group" +LICENSE = "curl" LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238" SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ file://run-ptest \ file://disable-tests \ + file://CVE-2022-32221.patch \ + file://CVE-2022-35260.patch \ + file://CVE-2022-42915.patch \ + file://CVE-2022-42916.patch \ + file://CVE-2022-43551.patch \ + file://CVE-2022-43552.patch \ " SRC_URI[sha256sum] = "88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6" @@ -32,14 +38,16 @@ PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver ver PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +# Don't use this in production +PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" @@ -68,9 +76,7 @@ EXTRA_OECONF = " \ --enable-crypto-auth \ --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ --without-libpsl \ - --enable-debug \ --enable-optimize \ - --disable-curldebug \ ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ " diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb index c7d782e4eb..8f979a5b99 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb @@ -24,7 +24,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ " -SRC_URI[sha256sum] = "be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106" +SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb index be573981b0..f3ead5e8c1 100644 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb @@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" -SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985" +SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a" # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which # are inhibited by allarch diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch index 3f4c7e57ae..8bd2050ea5 100644 --- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch +++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -1,4 +1,4 @@ -From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001 +From a3196f3a06e7bbfde30d143c92a4325be323b3d0 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Thu, 14 Oct 2021 15:57:36 +0800 Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl diff --git a/poky/meta/recipes-support/libcap/libcap_2.65.bb b/poky/meta/recipes-support/libcap/libcap_2.66.bb index 8013d40769..c50e9d8cc7 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.65.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.66.bb @@ -20,7 +20,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ " -SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd" +SRC_URI[sha256sum] = "15c40ededb3003d70a283fe587a36b7d19c8b3b554e33f86129c059a4bb466b2" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" diff --git a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch index 5e529d1ce7..3ffcb3e128 100644 --- a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch +++ b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch @@ -1,4 +1,4 @@ -From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001 +From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Fri, 27 Nov 2020 15:28:42 +0000 Subject: [PATCH] arm/sysv: reverted clang VFP mitigation @@ -11,8 +11,9 @@ https://github.com/libffi/libffi/issues/607. Now that clang supports the LDC and SDC instructions, this mitigation has been reverted. -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747] Signed-off-by: Brett Warren <brett.warren@arm.com> + --- src/arm/sysv.S | 33 --------------------------------- 1 file changed, 33 deletions(-) @@ -99,6 +100,3 @@ index fb36213..e4272a1 100644 b call_epilogue E(ARM_TYPE_INT64) ldr r1, [r2, #4] --- -2.25.1 - diff --git a/poky/meta/recipes-support/libffi/libffi/not-win32.patch b/poky/meta/recipes-support/libffi/libffi/not-win32.patch index 62daaf4b38..38f9b0025c 100644 --- a/poky/meta/recipes-support/libffi/libffi/not-win32.patch +++ b/poky/meta/recipes-support/libffi/libffi/not-win32.patch @@ -1,4 +1,4 @@ -From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001 +From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Thu, 4 Feb 2016 16:22:50 +0000 Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc @@ -21,11 +21,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index b764368..d51ce91 100644 +index 7e8cd98..cf37e88 100644 --- a/configure.ac +++ b/configure.ac -@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory, - +@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory, + # These variables are only ever used when we cross-build to X86_WIN32. # And we only support this with GCC, so... -if test "x$GCC" = "xyes"; then diff --git a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb index 41c3cad586..15d974c83e 100644 --- a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb +++ b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb @@ -8,13 +8,13 @@ library really only provides the lowest, machine dependent layer of a fully feat A layer must exist above `libffi' that handles type conversions for values passed between the two languages." LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc" +LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BPN}-${PV}.tar.gz \ file://not-win32.patch \ file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \ " -SRC_URI[sha256sum] = "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620" +SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676" EXTRA_OECONF += "--disable-builddir --disable-exec-static-tramp" EXTRA_OECONF:class-native += "--with-gcc-arch=generic" diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb index ee4d79b11a..eb7b538ece 100644 --- a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb +++ b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb @@ -1,12 +1,12 @@ SUMMARY = "the Git linkable library" HOMEPAGE = "http://libgit2.github.com/" -LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause" +LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause & Zlib & ISC & LGPL-2.1-or-later & CC0-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https" -SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https" +SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/libical/libical_3.0.14.bb b/poky/meta/recipes-support/libical/libical_3.0.16.bb index 44030fdc9f..61599b20dd 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.14.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.16.bb @@ -15,7 +15,7 @@ SECTION = "libs" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \ " -SRC_URI[sha256sum] = "4284b780356f1dc6a01f16083e7b836e63d3815e27ed0eaaad684712357ccc8f" +SRC_URI[sha256sum] = "b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33" inherit cmake pkgconfig gobject-introspection vala github-releases diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch index af96bd57cd..bdb80ff34d 100644 --- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch +++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch @@ -1,4 +1,4 @@ -From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001 +From ca8174aa81d7bf364b33f7254a9e887735c4996d Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 3 Dec 2012 18:17:31 +0800 Subject: [PATCH] libksba: add pkgconfig support @@ -16,7 +16,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 1 file changed, 4 insertions(+), 86 deletions(-) diff --git a/src/ksba.m4 b/src/ksba.m4 -index 6b55bb8..6e7336f 100644 +index 452c245..aa96255 100644 --- a/src/ksba.m4 +++ b/src/ksba.m4 @@ -23,37 +23,6 @@ dnl with a changed API. @@ -44,7 +44,7 @@ index 6b55bb8..6e7336f 100644 - fi - - use_gpgrt_config="" -- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then +- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then - if $GPGRT_CONFIG ksba --exists; then - KSBA_CONFIG="$GPGRT_CONFIG ksba" - AC_MSG_NOTICE([Use gpgrt-config as ksba-config]) diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb index f9e83681dd..dc39693be4 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb @@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b" +SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c" do_configure:prepend () { # Else these could be used in preference to those in aclocal-copy diff --git a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb index 043fed367c..7bd66f63cf 100644 --- a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb +++ b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb @@ -7,7 +7,7 @@ SECTION = "net" DEPENDS = "file" SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb" +SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c" inherit autotools lib_package pkgconfig gettext diff --git a/poky/meta/recipes-support/libseccomp/files/run-ptest b/poky/meta/recipes-support/libseccomp/files/run-ptest index 54b4a63cd2..63c79f09c4 100644 --- a/poky/meta/recipes-support/libseccomp/files/run-ptest +++ b/poky/meta/recipes-support/libseccomp/files/run-ptest @@ -1,4 +1,7 @@ #!/bin/sh cd tests +sed -i 's/SUCCESS/PASS/g; s/FAILURE/FAIL/g; s/SKIPPED/SKIP/g' regression +sed -i 's/"Test %s result: %s\\n" "$1" "$2"/"%s: %s\\n" "$2" "$1"/g' regression +sed -i 's/"Test %s result: %s %s\\n" "$1" "$2" "$3"/"%s: %s %s\\n" "$2" "$1" "$3"/g' regression ./regression -a diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb index e89b8f7f4b..505c21917b 100644 --- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb +++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb @@ -1,5 +1,5 @@ SUMMARY = "interface to seccomp filtering mechanism" -DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." +DESCRIPTION = "The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp." HOMEPAGE = "https://github.com/seccomp/libseccomp" SECTION = "security" LICENSE = "LGPL-2.1-only" diff --git a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch deleted file mode 100644 index b1204e49eb..0000000000 --- a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001 -From: Your Name <you@example.com> -Date: Mon, 28 Dec 2020 02:08:03 +0000 -Subject: [PATCH] Don't let host enviroment to decide if a test is build - -test ssh2.sh need sshd, for cross compile, we need it on target, so -don't use SSHD on host to decide weither to build a test - -Upstream-Status: Inappropriate[oe specific] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - tests/Makefile.am | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index dc0922f..6cbc35d 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -1,16 +1,12 @@ - AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/include -I$(top_builddir)/src - LDADD = ../src/libssh2.la - --if SSHD - noinst_PROGRAMS = ssh2 - ssh2_SOURCES = ssh2.c --endif - - ctests = simple$(EXEEXT) - TESTS = $(ctests) mansyntax.sh --if SSHD - TESTS += ssh2.sh --endif - check_PROGRAMS = $(ctests) - - TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT) -@@ -38,4 +34,4 @@ if OPENSSL - # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_encrypted_ed25519_key.c - # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c - EXTRA_DIST += test_public_key_auth_succeeds_with_correct_rsa_openssh_key.c --endif -\ No newline at end of file -+endif diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch new file mode 100644 index 0000000000..ee916c42d4 --- /dev/null +++ b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch @@ -0,0 +1,23 @@ +In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, +so we need to re-enable them as a workaround for the test +suite until upstream updates the tests. + +See: https://github.com/libssh2/libssh2/issues/630 + +Upstream-Status: Backport [alternative fixes merged upstream] + +Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5 + +--- a/tests/ssh2.sh ++++ b/tests/ssh2.sh +@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host + -o 'Port 4711' \ + -o 'Protocol 2' \ + -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ +- -o 'UsePrivilegeSeparation no' \ ++ -o 'HostKeyAlgorithms +ssh-rsa' \ ++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ + -o 'StrictModes no' \ + -D \ + $libssh2_sshd_params & + diff --git a/poky/meta/recipes-support/libssh2/files/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest index 9e2fce2d24..5e7426f79d 100644 --- a/poky/meta/recipes-support/libssh2/files/run-ptest +++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest @@ -2,8 +2,7 @@ ptestdir=$(dirname "$(readlink -f "$0")") cd tests -# omit ssh2.sh until https://github.com/libssh2/libssh2/issues/630 is fixed -for test in simple mansyntax.sh +for test in simple mansyntax.sh ssh2.sh do ./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test done diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb index 072d6819c0..d5513373b0 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb @@ -8,11 +8,10 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ + file://fix-ssh2-test.patch \ file://run-ptest \ " -SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch" - SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" inherit autotools pkgconfig ptest diff --git a/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch new file mode 100644 index 0000000000..3c223e0822 --- /dev/null +++ b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch @@ -0,0 +1,46 @@ +From 95e601ce116dd46ea7915c171976b85ea0905d58 Mon Sep 17 00:00:00 2001 +From: Lonnie Abelbeck <lonnie@abelbeck.com> +Date: Sun, 8 May 2022 14:05:56 -0500 +Subject: [PATCH] configure.ac: Link with -latomic only if no atomic builtins + +Follow-up to 561dbda, a check of GCC atomic builtins needs to be done +first. + +I'm no autoconf guru, but using this: +https://github.com/mesa3d/mesa/blob/0df485c285b73c34ba9062f0c27e55c3c702930d/configure.ac#L469 +as inspiration, I created a pre-check before calling AC_SEARCH_LIBS(...) + +Fixes #1135 +Closes #1139 +Upstream-Status: Backport [https://github.com/kraj/libusb/commit/95e601ce116dd46ea7915c171976b85ea0905d58] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 16 +++++++++++++++- + libusb/version_nano.h | 2 +- + 2 files changed, 16 insertions(+), 2 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -153,7 +153,21 @@ if test "x$platform" = xposix; then + AC_SEARCH_LIBS([pthread_create], [pthread], + [test "x$ac_cv_search_pthread_create" != "xnone required" && AC_SUBST(THREAD_LIBS, [-lpthread])], + [], []) +- AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic]) ++ dnl Check for new-style atomic builtins. We first check without linking to -latomic. ++ AC_MSG_CHECKING(whether __atomic_load_n is supported) ++ AC_LINK_IFELSE([AC_LANG_SOURCE([[ ++ #include <stdint.h> ++ int main() { ++ struct { ++ uint64_t *v; ++ } x; ++ return (int)__atomic_load_n(x.v, __ATOMIC_ACQUIRE) & ++ (int)__atomic_add_fetch(x.v, (uint64_t)1, __ATOMIC_ACQ_REL); ++ }]])], GCC_ATOMIC_BUILTINS_SUPPORTED=yes, GCC_ATOMIC_BUILTINS_SUPPORTED=no) ++ AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_SUPPORTED) ++ if test "x$GCC_ATOMIC_BUILTINS_SUPPORTED" != xyes; then ++ AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic]) ++ fi + elif test "x$platform" = xwindows; then + AC_DEFINE([PLATFORM_WINDOWS], [1], [Define to 1 if compiling for a Windows platform.]) + else diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb index 7371faf017..122c3d48b4 100644 --- a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb +++ b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \ + file://0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch \ file://run-ptest \ " @@ -34,12 +35,12 @@ do_install:append() { fi } -do_compile_ptest() { - oe_runmake -C tests stress -} - -do_install_ptest() { - install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH} +do_compile_ptest() { + oe_runmake -C tests stress +} + +do_install_ptest() { + install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH} } FILES:${PN} += "${base_libdir}/*.so.*" diff --git a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb index 2121dad57c..f531a88961 100644 --- a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb +++ b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ DEPENDS = "gmp autoconf-archive" SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz" -SRC_URI[sha256sum] = "0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f" +SRC_URI[sha256sum] = "ffd195bd567dbaffc3b98b23fd00aad0537680c9896171e44fe3ff79e28ac33d" UPSTREAM_CHECK_URI = "http://www.mpfr.org/mpfr-current/" diff --git a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch index 9812ecc8b3..a7bc8d322e 100644 --- a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch +++ b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch @@ -7,6 +7,7 @@ Upstream-Status: Pending Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> --- test/regress | 6 +++--- test/regress2 | 11 +++++------ @@ -20,7 +21,7 @@ index 2ce1705..d086a47 100755 if [ $numnodes -lt 2 ] ; then echo "need at least two nodes with at least $NEEDPAGES each of" echo "free memory for mempolicy regression tests" -+ echo "FAIL: numa regress" ++ echo "SKIP: numa regress" exit 77 # Skip test fi } diff --git a/poky/meta/recipes-support/numactl/numactl/run-ptest b/poky/meta/recipes-support/numactl/numactl/run-ptest index bf269da755..e019b0d364 100755 --- a/poky/meta/recipes-support/numactl/numactl/run-ptest +++ b/poky/meta/recipes-support/numactl/numactl/run-ptest @@ -8,7 +8,11 @@ if ! numactl -s | grep -q "No NUMA support available on this system."; then if numademo -t -e 10M; then echo "PASS: numademo" else - echo "FAIL: numademo" + if [ "$?" = 77 ] ; then + echo "SKIP: numademo" + else + echo "FAIL: numademo" + fi fi else echo "SKIP: ./../test/bind_range" diff --git a/poky/meta/recipes-support/numactl/numactl_git.bb b/poky/meta/recipes-support/numactl/numactl_git.bb index 712cf0203f..23be0a3b4f 100644 --- a/poky/meta/recipes-support/numactl/numactl_git.bb +++ b/poky/meta/recipes-support/numactl/numactl_git.bb @@ -10,8 +10,8 @@ inherit autotools-brokensep ptest LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=9f34c3af4ed6f3f5df0da5f3c0835a43" -SRCREV = "01a39cb4edc0dd0f4151b7ad11e0c56d2e612a02" -PV = "2.0.15" +SRCREV = "10285f1a1bad49306839b2c463936460b604e3ea" +PV = "2.0.16" SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index cbc370100b..1e27415288 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -10,8 +10,7 @@ DEPENDS = "ncurses gettext-native" RSUGGESTS:${PN} = "diffutils" LICENSE = "Vim" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \ - file://runtime/doc/uganda.txt;md5=001ef779f422a0e9106d428c84495b4d" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99" SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ @@ -20,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0598" -SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" +PV .= ".1429" +SRCREV = "1a08a3e2a584889f19b84a27672134649b73da58" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" @@ -33,7 +32,7 @@ S = "${WORKDIR}/git" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" -inherit autotools-brokensep update-alternatives mime-xdg +inherit autotools-brokensep update-alternatives mime-xdg pkgconfig CLEANBROKEN = "1" @@ -82,6 +81,7 @@ EXTRA_OECONF = " \ --disable-netbeans \ --disable-desktop-database-update \ --with-tlib=ncurses \ + --with-modified-by='${MAINTAINER}' \ ac_cv_small_wchar_t=no \ ac_cv_path_GLIB_COMPILE_RESOURCES=no \ vim_cv_getcwd_broken=no \ |